Papercuts like this are why I moved away from macOS.
I will say, I don't love the use of LLMs to write these bug reports. It's probably fine if reviewed, but at least review for things like "worked on macOS 25", which obviously didn't exist. If that wasn't caught, how sure are you that the rest of the report is accurate? We all want the bugs fixed, but people are going to start throwing out the obviously LLM written reports rather than have to validate each claim, since the author probably didn't.
Its my strong belief that using AI in any capacity which does not upfront state "the following content was generated by artificial intelligence" is never acceptable. In most situations, allowing an AI to wield your name gives off the scent of "My time is more valuable than yours, so I've automated writing to you." It is quite disgraceful. If your use-case would be materially harmed by an upfront disclosure of AI generated content, then you need to take a good, hard think on what that means for what you're doing (then again, maybe you're not interested in thinking anymore and that's how you got to this point in your life).
I'm used to papercuts on every OS, but at least with a Linux box I can roll it back. Usually it's as easy as picking the previous boot menu entry (with NixOS, the whole system rolls back that way). I find macOS acceptable enough for my laptop, but I'm doing most of my real work in Linux containers anyway.
Yes, for the time being the final report should probably come from us (but endless opportunity along the way to clarify thinking and understand industry standard terms).
Using LLMs for any kind of writing is unethical, with the narrow exception of translation. If you didn't take the time to compose your words thoughtfully then you aren't owed the time to read them.
The LLM presents a perverse incentive here - It is used for perceived efficiency gains, most of which would be consumed by the act of rewriting and redrafting. The alienness of the thoughts in the document is also non-condusive to this; Reading a long document about something you think you know but did not write is exhausting and mentally painful - This is why code review has such relatively poor results.
Quite frankly, while having an LLM draft and rewriting it would be okay, I do not believe it is reasonable to expect that to ever happen. It will be either like high school paper plagarism (Just change around some of the sentences and rephrase it bro), or it will simply not even get that much. It is unreasonable with what we know about human psychology to expect that "Human-Rewrites of LLM drafts", at the level that the human contributes something, are maintainable and scalable; Most people psychologically can't put in that effort.
at this point I really think its better to read broken english than have to read some clanker slop. it immediately makes me want to just ignore whatever text i'm reading, its just a waste of time
I do wonder, we had pretty good (by some measure of good) machine translations before LLMs. Even better, the artifacts in the old models were easily recognized as machine translation errors, and what was better, the mistranslation artifacts broke spectacularly, sometimes you could even see the source in the translation and your brain could guess the intended meaning through the error.
With LLMs this is less clear, you don’t get the old school artifacts, instead you get hallucinations, and very subtle errors that completely alter the meaning while leaving the sentence intact enough that your reader might not know this is a machine translation error.
> If you didn't take the time to compose your words thoughtfully then you aren't owed the time to read them.
Apply this argument to code, to art, to law, to medicine.
It fails spectacularly.
Blaming the tool for the failure of the person is how you get outrageous arguments that photography cant be art, that use of photoshop makes it not art...
Do you blame the hammer or the nail gun when the house falls down, or is it the fault of the person who built it?
If you dont know what you're doing, it isnt the tools fault.
Still wishing for the day apple is split into the hardware and the software company. I want their silicon, but I will never use their (arguably terrible) operating system. If I can't run my own kernel and kernel modules then it's a device that I don't own. Firmware is alright in some cases, but my laptop next to me is running core boot just to prove a point.
Maybe Apple Hardware would write Linux drivers to sell their hardware for servers. Intel contributes to Linux kernel. AMD contributes to Linux kernel. Nvidia contributes to Linux kernel. A lot of hardware manufacturers support Linux to some extent. It's no longer reverse-engineered wild west.
According to this report, if you're just simply using /etc/hosts in conjunction with .local or .internal or other overrides, that is not broken:
Workaround
The only reliable workaround is to add entries manually to /etc/hosts...
However the impact reported is if you do something fancier (and apparently long recommended and in practices), e.g.:
Impact
This breaks the standard local development DNS workflow...Any developer using dnsmasq + /etc/resolver/ for *.test, *.local, *.internal, or other private TLDs...Docker...Kubernetes...
So if we stay away from dnsmasq, and stay away from custom local domains via Docker/Kubernetes/otehr, we may be not hit by this.
Which is not quite as bad as the (currently) blanket title "macOS 26 breaks custom DNS settings including .internal".
More like, "macOS 26 breaks some uses of custom DNS settings including .internal"
I run a setup like that on my (outdated) Yosemite machine to provide multiple private TLDs for local deployment/development needs.
I set that up in like 2014? Even back then it was known already that the quick /etc/resolver way was the deprecated way to do things. So I guess they finally killed that feature off?
The proper (more awkward) way is to use scutil directly (which then stores the settings in some binary plist somewhere, I assume).
Maybe try this and see if it still works afterwards?
It's not quite the same, but I've moved to using *.localhost for all my local web dev work. All modern browsers will resolve *.localhost to 127.0.0.1 internally. No need to setup any DNS resolvers or edit your hosts file.
But that only really helps you when you're dealing with websites in a browser, and when you want the address to resolve back to your local machine. So it wont help you with other programs like python/wget/etc or any calls you make to getaddrinfo()
A couple iOS versions ago, Apple broke self-signed certificates... crippling mobile development by preventing the use of HTTPS to communicate with a local server.
It makes you wonder why they were messing around in these areas at all at this point.
I am not familiar with dnsmasq at all (is this machine-local?), but absolutely love my PiHole hardware — you can even create rules which intercept hard-coded-IP DNS request and/or httpsDNS. You can also hard-code/intercept .TLD to local service IPs.
Programs like LittleSnitch never really seem like "enough" for me, because the computer has to boot before DNS filtering comes online. It also has the design error (IMHO) of pre-resolving IP addresses before clicking Accept/Deny(all).
A great blockrule for your personal firewalls would be to ban (at top level) icloud.com, apple.com, &c; system updates can then be performed manually using guides like <http://www.mrmacintosh.com>. Of course: this breaks everything (in exactly the way I prefer to compute).
Bit off-topic. I mostly use Linux and I'm of the opinion that it's miles better than Windows, but I don't fully understand why people say MacOS looks bad?
Ignoring the current Tahoe mess, MacOS felt relatively polished. I'm purely talking about UX here, as the OS is evidently buggy. The most popular Gnome themes are a re-impl of MacOS, so I can't be the only one.
It's incredibly bloated. I don't want AI engine in my OS. I don't want Spotlight in my OS. I don't want my OS to load CPU for 10 minutes after boot for who knows what. I don't want my OS to ship with Chess app and lots of other irrelevant software. I don't want my OS to ship with Music app and bother me with subscription offers. I don't want my OS to ship with iCloud app.
They also do strange choices regarding shipped software. For example they ship ancient bash 3, apparently because they hate GPLv3 or something like that. I like GPLv3 and this choice makes macos user-hostile.
There's very valid reasons to have issues with Tahoe's changes. The dock being liquid glass is fine. But curving the windows to look like iPad apps, and not even adjusting the grab target appropriately for resizing the window is bad. Getting rid of the title bar so it's not clear where you can grab a window is bad. Apple Music hiding the volume slider behind another click is bad.
I'm glad that it's working well for you, but from the moment some users with M-series SoCs report laggy animations, something somewhere has to be wrong.
Has anyone found a working workaround yet? I use dnsmasq for .local dev routing and held off updating after seeing this but curious if there is a viable path forward short of waiting for Apple to patch it.
Apple container is officially supported on MacOS 26 only. So you are running .local on Apple container, how are you doing that not on MacOS 26? Are you doing that on previous MacOS with a DIY .local resolver conf?
No, it does not. It’ll bug the shit out of you to upgrade, but it won’t automatically do a major version upgrade. By default it will automatically do minor version upgrades (that can be turned off).
That’s what makes the LLM bug report make no sense in light of OP’s report here. Bug says it’s a regression from 25.x (which doesn’t exist), so maybe they mean 15.x? But OP says they “woke up” and it was upgraded and broken. So which is it?
Apple container CLI configures internal domains (`container system dns`) by adding an internal resolver and it worked for me when I specified an actual domain previously handled by external DNS and it showed up as a custom resolver.
If you have ScreenTime turned on. Port :8080 is occupied and your ubuntu apt-get in a docker build gets hash mismatch because they obviously modified packets. Let alone I am having another issue of unable to delete a private key in Keychain Access.
# should be placed in /etc/unbound/conf.d
# bind to a specified IP address, allow access
server:
interface: 10.53.0.1
interface: fd53:fd53:fd53::1
access-control: 10.53.0.1/32 allow
access-control: fd53:fd53:fd53::1/128 allow
91-allow-docker-containers.conf
# allow queries from the Docker "bridge"
server:
access-control: 172.18.0.1/16 allow
Thanks for sharing your report, it's frustrating to see things like this break in minor patch updates. Small tip for GitHub Gist: set the file format to markdown (give it a .md extension) so that the markdown will be rendered and won't require horizontal scrolling :)
It also seemingly broke removing Safari cookies on a per website basis, something I often used to stop Google's scummy tracking across all their services if you just want to sign into YouTube.
Papercuts like this are why I moved away from macOS.
I will say, I don't love the use of LLMs to write these bug reports. It's probably fine if reviewed, but at least review for things like "worked on macOS 25", which obviously didn't exist. If that wasn't caught, how sure are you that the rest of the report is accurate? We all want the bugs fixed, but people are going to start throwing out the obviously LLM written reports rather than have to validate each claim, since the author probably didn't.
Its my strong belief that using AI in any capacity which does not upfront state "the following content was generated by artificial intelligence" is never acceptable. In most situations, allowing an AI to wield your name gives off the scent of "My time is more valuable than yours, so I've automated writing to you." It is quite disgraceful. If your use-case would be materially harmed by an upfront disclosure of AI generated content, then you need to take a good, hard think on what that means for what you're doing (then again, maybe you're not interested in thinking anymore and that's how you got to this point in your life).
I'm used to papercuts on every OS, but at least with a Linux box I can roll it back. Usually it's as easy as picking the previous boot menu entry (with NixOS, the whole system rolls back that way). I find macOS acceptable enough for my laptop, but I'm doing most of my real work in Linux containers anyway.
Yes, for the time being the final report should probably come from us (but endless opportunity along the way to clarify thinking and understand industry standard terms).
Using LLMs for any kind of writing is unethical, with the narrow exception of translation. If you didn't take the time to compose your words thoughtfully then you aren't owed the time to read them.
Using LLM is perfect for writing documentation which is something I always had problems with it.
There is a huge difference between using an llm and just blindly dumping it's output on someone verbatim.
I think it's fine to have an llm write a first or second draft of something, then go through and reword most of it to be in your own voice.
The LLM presents a perverse incentive here - It is used for perceived efficiency gains, most of which would be consumed by the act of rewriting and redrafting. The alienness of the thoughts in the document is also non-condusive to this; Reading a long document about something you think you know but did not write is exhausting and mentally painful - This is why code review has such relatively poor results.
Quite frankly, while having an LLM draft and rewriting it would be okay, I do not believe it is reasonable to expect that to ever happen. It will be either like high school paper plagarism (Just change around some of the sentences and rephrase it bro), or it will simply not even get that much. It is unreasonable with what we know about human psychology to expect that "Human-Rewrites of LLM drafts", at the level that the human contributes something, are maintainable and scalable; Most people psychologically can't put in that effort.
at this point I really think its better to read broken english than have to read some clanker slop. it immediately makes me want to just ignore whatever text i'm reading, its just a waste of time
I do wonder, we had pretty good (by some measure of good) machine translations before LLMs. Even better, the artifacts in the old models were easily recognized as machine translation errors, and what was better, the mistranslation artifacts broke spectacularly, sometimes you could even see the source in the translation and your brain could guess the intended meaning through the error.
With LLMs this is less clear, you don’t get the old school artifacts, instead you get hallucinations, and very subtle errors that completely alter the meaning while leaving the sentence intact enough that your reader might not know this is a machine translation error.
That's very elitist and unfair to people who previously struggled to form their words but now have a better chance at doing so.
Unless you pay me, you aren't owed anything.
> If you didn't take the time to compose your words thoughtfully then you aren't owed the time to read them.
Apply this argument to code, to art, to law, to medicine.
It fails spectacularly.
Blaming the tool for the failure of the person is how you get outrageous arguments that photography cant be art, that use of photoshop makes it not art...
Do you blame the hammer or the nail gun when the house falls down, or is it the fault of the person who built it?
If you dont know what you're doing, it isnt the tools fault.
I of course expect my lawyer and doctor to thoughtfully apply their knowledge to help me. Why should they be any different?
Still wishing for the day apple is split into the hardware and the software company. I want their silicon, but I will never use their (arguably terrible) operating system. If I can't run my own kernel and kernel modules then it's a device that I don't own. Firmware is alright in some cases, but my laptop next to me is running core boot just to prove a point.
But you can run your own kernel on Macs, no? Isn‘t driver support the issue?
Maybe Apple Hardware would write Linux drivers to sell their hardware for servers. Intel contributes to Linux kernel. AMD contributes to Linux kernel. Nvidia contributes to Linux kernel. A lot of hardware manufacturers support Linux to some extent. It's no longer reverse-engineered wild west.
(arguably terrible) operating system
macOS has made some arguably poor design choices, but it makes it hard to take someone seriously when they state the whole OS is terrible.
It's the worst OS we have.. except for all the others.
macOS is not perfect but I don't think anyone could seriously argue that it is terrible.
According to this report, if you're just simply using /etc/hosts in conjunction with .local or .internal or other overrides, that is not broken:
However the impact reported is if you do something fancier (and apparently long recommended and in practices), e.g.: So if we stay away from dnsmasq, and stay away from custom local domains via Docker/Kubernetes/otehr, we may be not hit by this.Which is not quite as bad as the (currently) blanket title "macOS 26 breaks custom DNS settings including .internal".
More like, "macOS 26 breaks some uses of custom DNS settings including .internal"
I run a setup like that on my (outdated) Yosemite machine to provide multiple private TLDs for local deployment/development needs.
I set that up in like 2014? Even back then it was known already that the quick /etc/resolver way was the deprecated way to do things. So I guess they finally killed that feature off?
The proper (more awkward) way is to use scutil directly (which then stores the settings in some binary plist somewhere, I assume).
Maybe try this and see if it still works afterwards?
It's not quite the same, but I've moved to using *.localhost for all my local web dev work. All modern browsers will resolve *.localhost to 127.0.0.1 internally. No need to setup any DNS resolvers or edit your hosts file.
But that only really helps you when you're dealing with websites in a browser, and when you want the address to resolve back to your local machine. So it wont help you with other programs like python/wget/etc or any calls you make to getaddrinfo()
we have dev.our-root-domain.com in public DNS pointing to 127.0.0.1
Honest question: How would this affect me and the vast majority of macOS users who use the device for media consumption and productivity applications?
Next question: what reason would Apple have to make a change that would interfere with developers using their operating system?
Your “next question” seems very leading. Can you make your point more clear? What’s your answer to that question?
A couple iOS versions ago, Apple broke self-signed certificates... crippling mobile development by preventing the use of HTTPS to communicate with a local server.
It makes you wonder why they were messing around in these areas at all at this point.
Because they can and sheeple will still line up around the block at their next iphone launch.
*.localhost works out of the box doesn’t it? You don’t need dnsmasq at all to have multiple hostnames pointing to 127.0.0.1.
You often have internal private IPs you want to resolve to things that aren't localhost
I am not familiar with dnsmasq at all (is this machine-local?), but absolutely love my PiHole hardware — you can even create rules which intercept hard-coded-IP DNS request and/or httpsDNS. You can also hard-code/intercept .TLD to local service IPs.
Programs like LittleSnitch never really seem like "enough" for me, because the computer has to boot before DNS filtering comes online. It also has the design error (IMHO) of pre-resolving IP addresses before clicking Accept/Deny(all).
A great blockrule for your personal firewalls would be to ban (at top level) icloud.com, apple.com, &c; system updates can then be performed manually using guides like <http://www.mrmacintosh.com>. Of course: this breaks everything (in exactly the way I prefer to compute).
This works great (and I use it) internally but when you want things like your docker domains to work when you're on the go, it's annoying.
I have setup a VM running DNS on my laptop before ...
Bit off-topic. I mostly use Linux and I'm of the opinion that it's miles better than Windows, but I don't fully understand why people say MacOS looks bad?
Ignoring the current Tahoe mess, MacOS felt relatively polished. I'm purely talking about UX here, as the OS is evidently buggy. The most popular Gnome themes are a re-impl of MacOS, so I can't be the only one.
It’s selection bias; the people who complain are the most visible online. Especially HN.
I'm with you, pre Tahoe I've never had an issue with iOS aesthetically, other than lack of customisation.
Then again I never understood the trend to remember fondly windows 98 and those kind of interfaces, maybe it's generational.
It's incredibly bloated. I don't want AI engine in my OS. I don't want Spotlight in my OS. I don't want my OS to load CPU for 10 minutes after boot for who knows what. I don't want my OS to ship with Chess app and lots of other irrelevant software. I don't want my OS to ship with Music app and bother me with subscription offers. I don't want my OS to ship with iCloud app.
They also do strange choices regarding shipped software. For example they ship ancient bash 3, apparently because they hate GPLv3 or something like that. I like GPLv3 and this choice makes macos user-hostile.
There’s no “Tahoe mess”. I’ve used it since 26.0 and it’s good. Different indeed, but good. People love complaining.
There's very valid reasons to have issues with Tahoe's changes. The dock being liquid glass is fine. But curving the windows to look like iPad apps, and not even adjusting the grab target appropriately for resizing the window is bad. Getting rid of the title bar so it's not clear where you can grab a window is bad. Apple Music hiding the volume slider behind another click is bad.
It straight up broke some interfaces too
https://lapcatsoftware.com/articles/2026/1/4.html
I'm glad that it's working well for you, but from the moment some users with M-series SoCs report laggy animations, something somewhere has to be wrong.
I've been using macOS since OS X Tiger and I wasn't aware of this feature.
Has anyone found a working workaround yet? I use dnsmasq for .local dev routing and held off updating after seeing this but curious if there is a viable path forward short of waiting for Apple to patch it.
What I'd suggest is using lvh.me, which always resolves to localhost, as do all it's subdomains. If you need a specific IP you can use nip.io.
If you want valid certs you can generate them with mkcert and add them to your system trust store.
Wouldn’t the workaround just be to have your local dns server enable recursive lookups, and point all your DNS queries to it?
holding off update seems like reasonable step till the patch comes. I also run a .local for apple containers though not docker.
Apple container is officially supported on MacOS 26 only. So you are running .local on Apple container, how are you doing that not on MacOS 26? Are you doing that on previous MacOS with a DIY .local resolver conf?
FYI the phrase is "lo and behold"
Thank you for the heads up.
> Ah, the joys of waking up to find the Mac's done an overnight upgrade
Wait, it does that (from 15 to 26) without user interaction?
No, it does not. It’ll bug the shit out of you to upgrade, but it won’t automatically do a major version upgrade. By default it will automatically do minor version upgrades (that can be turned off).
That’s what makes the LLM bug report make no sense in light of OP’s report here. Bug says it’s a regression from 25.x (which doesn’t exist), so maybe they mean 15.x? But OP says they “woke up” and it was upgraded and broken. So which is it?
No.
Apple container CLI configures internal domains (`container system dns`) by adding an internal resolver and it worked for me when I specified an actual domain previously handled by external DNS and it showed up as a custom resolver.
Here’s a GitHub comment showing someone on MacOS 26 with a `.test` domain, which you claim is broken: https://github.com/apple/container/issues/856#issuecomment-3... —- maybe you are configuring it incorrectly.
If you have ScreenTime turned on. Port :8080 is occupied and your ubuntu apt-get in a docker build gets hash mismatch because they obviously modified packets. Let alone I am having another issue of unable to delete a private key in Keychain Access.
The whole macOS thing is amateur
Why does macOS use ports above 1024 by default? There is a reason it is reserved to be used by OS services.
Port 5000 is also ocupied on macOS.
> https://feedbackassistant.apple.com/feedback/22280434 (that seems to need a login?).
All Feedbacks that you file are private to your own Apple Account.
Solved this type of shenanigans some years ago with this.
New-UnboundInterface.sh - linux/rhel-like specific
00-localinterface.conf 91-allow-docker-containers.confBefore others jump in: I already use Linux (and used to run FreeBSD as my desktop operating system).
Thanks for sharing your report, it's frustrating to see things like this break in minor patch updates. Small tip for GitHub Gist: set the file format to markdown (give it a .md extension) so that the markdown will be rendered and won't require horizontal scrolling :)
It also seemingly broke removing Safari cookies on a per website basis, something I often used to stop Google's scummy tracking across all their services if you just want to sign into YouTube.
Firefox + Google Container extension.
Why use Apple's browser when they don't actually care about your privacy?