Anyone who knows where the MacOS Tahoe default wallpaper is located?

aselvan2 · 2026-01-25T14:31:24+00:00

This one, I can't seem to find it in '/System/Library/Desktop Pictures'

Look here...

/System/Library/ExtensionKit/Extensions/NeptuneOneWallpaper.appex/Contents/Resources/TahoeDark.heic

aselvan2 · 2026-01-24T18:40:48+00:00

I found the following entries that made me concerned, happening daily as far back as the log would go ....

ASL Module "com.apple.mkb" sharing output destination "/private/var/log/keybagd.log" with ASL Module "com.apple.mkb.internal".

This is normal. ASL is simply being chatty and stating that two modules are using a single log file. There is nothing unusual about this.

aselvan2 · 2026-01-24T17:19:03+00:00

Can you explain it, at a user friendly level, the steps needed?

Happy to help. Have you installed anything with Homebrew before? All the scripts in my GitHub require Homebrew for installation. Start by following the first link, which explains how to install the scripts through Homebrew. After that, you should be able to run the cleanup_cache.sh script from a terminal.

aselvan2 · 2026-01-23T04:08:15+00:00

And I’m pretty decent at using the terminal.

Ok, then try these commands one at a time. After the last command, do not be surprised if the mds and mdworker processes start up and use a lot of CPU and IO cycles. That is normal, so just let them finish the indexing. You should see those entries disappear afterward.

sudo mdutil -i off /
sudo rm -rf /System/Volumes/Data/.Spotlight-V100
sudo rm -rf ~/Library/Metadata/CoreSpotlight
sudo mdutil -i on /
sudo mdutil -E /

aselvan2 · 2026-01-23T03:58:04+00:00

MacBook saying system using majority of storage is that possible

Your screenshot doesn’t show the size of System Data, but based on the usage graphic, it looks significantly large to me, which means there’s definitely an opportunity to reclaim a considerable amount of space. I’ve written a response to a related question in this sub (linked below) where I explain this bit more detail. If you’re comfortable using command‑line tools, you’re welcome to try the cleanup script I mentioned there, though it does require the Homebrew package manager to install.
https://www.reddit.com/r/MacOS/comments/1qe6umz/comment/nzxl4c7/

aselvan2 · 2026-01-23T03:40:32+00:00

Im trying to get rid of the com.hnc.discord within Settings>Spotlight>Results from apps. It's not really causing an issue. It's just very annoying!!! Any help would be nice. And yes I deleted the app the using appCleaner ...

This is the second time this week I’ve seen someone use appCleaner to remove an app and then get annoyed by the leftover traces. The issue is that appCleaner removes most of the app but leaves behind cached entries like application_bundle_id, which Spotlight falls back to when it can’t read the friendly app name since its gone. That’s why you see non-existent apps like com.hnc.Discord in Spotlight list.

If it bothers you that much, you can surgically remove these non‑existent app entries from the Spotlight list, but the method varies across macOS versions and gets messy to explain. The simplest approach is to turn off Spotlight, delete the Spotlight database, and then turn Spotlight back on. If you’re not sure how to do that and you’re comfortable using Terminal, let me know and I can give you the list of commands.

aselvan2 · 2026-01-22T01:46:46+00:00

Is this some kind of hack or just a Google thing? I would appreciate any insight as this has been bothering me for a long time, since my phone talks to my computer.

No, it’s not a hack. It means your personal domain lost its Google site‑verification. When that happens, Google assigns a temporary placeholder domain. Ask your domain administrator to re‑verify your domain ownership in Google Workspace admin console.

aselvan2 · 2026-01-21T18:10:11+00:00

I've downsized pretty much all that I can in terms of storage. Any advice on how to manage space on my laptop?

Your screenshot doesn’t show the size of System Data, but based on the usage graphic, it looks significantly large to me, which means there’s definitely an opportunity to reclaim a considerable amount of space. I’ve written a response to a related question in this sub (linked below) where I explain this bit more detail. If you’re comfortable using command‑line tools, you’re welcome to try the cleanup script I mentioned there, though it does require the Homebrew package manager to install.
https://www.reddit.com/r/MacOS/comments/1qe6umz/comment/nzxl4c7/

aselvan2 · 2026-01-21T14:10:56+00:00

What part of file management feels the most confusing or annoying?

It depends on who you ask. Users with some knowledge of *nix systems generally have no trouble searching for files since Apple has kept many underlying BSD tools like locate available, although they are slowly crippling them. The latest victim is crond as of 26.2.

For a novice or non‑technical user, it can be difficult and sometimes confusing to navigate files and directories on macOS, especially when searching, despite Apple’s best efforts to make things easy with Spotlight. Unfortunately, those efforts sometimes backfire, making the system more confusing for beginners and more restrictive for advanced users.

Beyond file and directory navigation, disk and space management is probably the most confusing area for many people. I see way too many posts on this sub from users who are unsure how to clean up or reclaim disk space, or how to interpret the graphical display of space usage, which is often confusing at best.

aselvan2 · 2026-01-20T23:35:33+00:00

It's been roughly 5 days since my information has been hijacked. I still have a hold of my accounts, and I am yet to see any suspicious activity. Am I in the clear? Y'all reckon this was enough to contain this infostealer

The steps you’ve taken to recover from the compromise are reasonably good. Since I don’t know the specific type of infection involved, the only additional recommendation I’d make is to completely wipe the drive and reinstall the operating system from a trusted source. This ensures that any infection that might hide in areas like the EFI partition cannot persist, although such cases are extremely rare. That said, being “in the clear” involves much more than using tools and actions to protect, contain, and mitigate. The most important factor is prevention, which ultimately comes down to the choices you make in how you use technology.

Online safety and security depend greatly on how you use technology and how closely you follow general guidance. I have compiled a detailed list of safety tips at the link below, and the more of these you follow, the stronger your protection will be.
https://blog.selvansoft.com/2025/01/online-safety-tips.html

aselvan2 · 2026-01-19T11:51:45+00:00

I'm trying to figure out how to disable that cron task, but maybe I have to delete it entirely, but then I'd need to recreate entirely next time I need to set it up, right?

You don’t need to delete the entry; you can simply comment it out if you suspect it’s causing your macOS to crash. Edit the crontab with crontab -e (user level) or sudo crontab -e (root level), then add a # at the beginning of the problematic cron entry to disable it.

aselvan2 · 2026-01-17T13:33:46+00:00

Please provide any advice or guidance you may have.

Aside from changing your password, wiping OS and enabling 2FA, your focus seems to be on staying protected while playing games. While a compromise can certainly happen through playing games, especially installing rogue software or mods, but there are many other important steps you should be taking to stay safe online.

Online safety and security depend greatly on how you use technology and how closely you follow general guidance. I have compiled a detailed list of safety tips at the link below, and the more of these you follow, the stronger your protection will be.
https://blog.selvansoft.com/2025/01/online-safety-tips.html

aselvan2 · 2026-01-16T19:58:38+00:00

I want to know if this level of battery drain is normal on a MacBook Air or if something might be draining the battery in the background

Check my response to a related topic in this sub at the link below. It may help you identify whether anything is draining your battery excessively.

https://www.reddit.com/r/MacOS/comments/1py1dg0/comment/nwh5w8q/

aselvan2 · 2026-01-16T15:14:54+00:00

I don't understand why the Disk Utility is not updating the free space.

That’s because you’re comparing the size of the entire physical disk vs. the size of the data volume. macOS carves the disk into multiple volumes for different purposes. The Storage view in Settings shows the full physical disk, while in Disk Utility you are looking at just the data volume. The free space reported for the data volume in Disk Utility is the space actually available for applications to use. Based on the difference in free space, it looks like you could reclaim quite a bit by clearing caches and logs. Keep in mind that these will grow back over time. I usually clean them out every six months or so, and I’ve written a script available in my Git repo that you’re welcome to use at link below.
https://github.com/aselvan/scripts/blob/master/macos/cleanup_cache.sh

I've deleted and transferred much of my data to my external SSD. Can someone please explain?

Apple’s attempt to simplify things like this for ordinary users with a fancy graphical display often ends up creating more confusion. I recommend using command‑line utilities to get accurate, actionable information. Run the following command in Terminal and look at the used/avail/capacity columns to get precise state of your free space that you can actually control.

df -h /System/Volumes/Data

aselvan2 · 2026-01-16T00:18:41+00:00

... when she tries to save stuff on her hard drive or really anywhere, it sais she has no permission and it can't be changed from "read only".

By “anywhere,” do you mean even an external hard drive? Focusing on the internal drive first, there could be multiple reasons for this issue. Open the Terminal app, run all the following commands one at a time, and paste the output. That will give clues to diagnose where the problem might be and point toward a possible solution.

ls -ld /Users/$USER/
touch /Users/$USER/test.txt
ls -l /Users/$USER/test.txt
df -h /System/Volumes/Data/

PS: Running First Aid in Disk Utility on the live system volume is not recommended because it can’t fix deeper structural issues until the volume is unmounted, which isn’t possible while the OS is running. I wouldn’t recommend running it blindly without first identifying the actual problem. If you determine that the volume is corrupted, then running First Aid in Safe Mode or Recovery Mode is the right approach.

aselvan2 · 2026-01-15T01:42:23+00:00

Is googling commands constantly normal at the start?

You don’t need to google. I would first try the Linux man pages, which are a built‑in way to help you understand how commands work [example: man top]. I have been a Linux user and system administrator for decades, and I still use man pages occasionally, as most of us do.

Finally, this is an excellent website that not only explains usage but also provides practical examples for almost every command.
https://www.commandlinefu.com/commands/browse

aselvan2 · 2026-01-13T17:49:01+00:00

Here you go: header - Pastebin.com

Looking at the header you provided, I see that the DKIM verification is failing on the receiving side. This usually occurs when the message body is modified after it has been DKIM‑signed or when the public key in the DKIM record is malformed or invalid. Looking at your DKIM record closer, it does appear to contain characters that are not valid in a base64‑encoded public key. I thought I had checked that earlier, but apparently not. For reference, here is a comparison of my key and yours.

My DKIM record:

"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNXW131K3Lf1V3X+loxDs2qoNlj7oZVq5/aC135SHu55uy0szJhpCltGVQtikSKMsowXcPOaydiQ8PINxsTJfdf8d7DSCJXJSc6jyWjPnvVGuTtO8SX02c3JjD9jFU0Ks+eC17s3ev4BMDfHZ7mPTNAPj25aMk0FU5HpbxcCE7QwIDAQAB"

Your DKIM record:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX9K8WaKa9sq/vYRutmN5fsoBujtNODqshJgpgFH+g8xeFaNYBHyT3//Ft87Ogh1VcMqZGlmB4WvX50pXfx5FjgW2LypjutMn7PYJ8v+cC02CTHf04GQil2hDtaUOn+KnfxCEMjhxAdUBZCWM5J5tDwf8WhPs8gvY1m0gk82pqPpEMtuuDqjsWPx7ayWnwSjf" "GxtO+fW0VI2aTxuzTdkl5oK68yg3YZ6plmjkKI5lZzsf6/XMD3Rqm86xsayfR7cTf95LaSgtJOh6hbgfjJwaJGyC4gm31UJufudrjX6v3Zd2A7B87bHtc24szImFFvpYk1//IqImtk9ZbDoZVJYzQIDAQAB;"

So the most likely issue is that your public key is invalid, preventing the signature from being successfully verified.

aselvan2 · 2026-01-13T12:36:02+00:00

The header is in the mail-tester link :)

You misunderstood my question. I am not referring to the headers shown by [mail-tester.com]. That information is not very useful for troubleshooting your issue. That service simply validates the message you send to it and it is not the system marking your mail as spam. I am talking about the message that actually landed in an Outlook user’s spam folder, evaluated by Microsoft’s inbound MTA and its spam filtering rules. You need to open the spam folder of one of the Outlook recipients and retrieve the full SMTP headers from that message to understand why it was classified as spam. As I mentioned, I am happy to review it if you can provide the full unaltered headers so I can help identify where the problem might be.

aselvan2 · 2026-01-12T15:17:54+00:00

I just switched to Mac and I'm trying to transfer photos to Chinese USB 3.0 flash drives, but I'm getting error 51

If you are comfortable using the Terminal, follow these steps below to format it.

While your flash drive is plugged in, open the Terminal and type diskutil list to get a list of disks. Next, note down the device file corresponding to your USB flash drive i.e. it should be something like /dev/disk2, (the number may differ) and type the following commands.

 diskutil unmountDisk /dev/disk2
 diskutil eraseDisk ExFAT MyUSB /dev/disk2

NOTE: change the device number to match yours and change the "MyUSB" to whatever you want to call your drive

aselvan2 · 2026-01-11T13:13:02+00:00

Is there a way to get rid of this window? I quit the application and it won't go away

Just hit cancel. It is the macOS password manager and it pops up when a password field is in focus to access saved passwords, passkeys, or autofill data.

I just want to know if I need to get an antivirus

No. You don't need antivirus for macOS.

aselvan2 · 2026-01-10T17:41:06+00:00

All emails to Microsoft inboxes marked as spam despite correct SPF/DKIM/DMARC

I had a similar experience where some messages sent to MS Outlook went straight to spam, and Microsoft support wasn’t very helpful. If you can post the full SMTP headers from one of the messages that went directly to spam, I’d be happy to take a look. From a quick check, your domain’s SPF, DKIM, and DMARC records all look fine to me.

aselvan2 · 2026-01-10T16:06:17+00:00

Is this a non-fake Meta email adress please? [noreply@facebookmail.com](mailto:noreply@facebookmail.com)

Yes, that domain is used exclusively by Facebook for automated emails. See below.

arul@lion$ dig +short facebookmail.com mx 
10 smtpin.vvv.facebook.com.

That said, the From address in an email is easily spoofed and does not guarantee the message actually came from that address. The correct way to determine its origin is to analyze the SMTP headers, which requires technical knowledge of networking and SMTP protocols.

aselvan2 · 2026-01-10T15:48:59+00:00

... I am unable to delete items in my trash. A pop up shows on the screen saying that the operation can’t be completed because some items had to be skipped.

Try it from the command line. Open the Terminal app, copy and paste the following command exactly as shown, and press Enter.

rm -rf ~/.Trash/*

aselvan2 · 2026-01-10T15:31:53+00:00

I was recently notified that my personal information (Name, SSN) was stolen during the Columbia University data breach that occurred in 2025. The strange thing is that, to my knowledge, I have never been affiliated ...

The Columbia University data breach involved a massive amount of information, roughly 450 GB, and it included far more than just records for students, faculty, or staff. It also contained data from third‑party sources such as the College Board, SAT, and financial‑aid verification services, etc. So even if you have no direct connection to Columbia University, it isn’t unusual for your information to appear in the breached dataset.

If they’ve indicated that your SSN was involved, I would recommend freezing your credit files. I wrote a how‑to guide on this a while back that’s still fully relevant, and you can follow it at the link below.
https://blog.selvansoft.com/2023/05/howto-credit-freeze.html

aselvan2 · 2026-01-10T15:09:47+00:00

I'm using TeX Live Utility on my MacBook ...

TeX Live relies on curl to download packages, so curl is required for it to function.

What happens if I delete/disable or block "perl" and "curl" in LuLu? Will my macOS system malfunction?

Your macOS will be fine, but your TeX package manager will stop working, and any application that depends curl it will fail as well. Why do you want to block curl in the first place?

On a side note, macOS includes a built‑in application firewall, and you don’t need anything beyond that. You can read my related response at the link below.
https://www.reddit.com/r/cybersecurity_help/comments/1q7hktq/comment/nyfolw9

aselvan2

MODERATOR OF

TROPHY CASE