“So macOS Didn’t Trust It: Notes from Wrestling Dashdot Past Gatekeeper”

Hey — listen, I went down a bit of a rabbit hole yesterday with **Dashdot (app)** and figured I’d write this up the way I’d actually explain it to you over chat. I was setting it up on my Mac mainly out of curiosity. Dashboards, local monitoring, that kind of thing. The slug in the URL was “dashdot,” which lines up with the lightweight system monitoring tool that runs locally and gives you a clean web UI with stats. Looked harmless enough. Grabbed the build, double-clicked it, fully expecting the usual “macOS asks a question, I click OK, we move on.” That… didn’t happen. What I wanted to do I just wanted the thing to launch so I could point it at localhost and see if it was worth keeping around. This was on macOS Sonoma 14.3, Apple Silicon (M2 Pro), clean system, no weird security tweaks. In other words, a pretty boring Mac. Perfect candidate. What broke immediately Instead of opening, macOS threw the classic dialog: “Dashdot can’t be opened because Apple cannot check it for malicious software.” No “Open Anyway” button. No helpful follow-up. Just a hard stop. Closing the dialog did exactly nothing, reopening the app did exactly nothing, and Finder acted like I was asking for something unreasonable. So yeah, Gatekeeper. What I tried first (and why it didn’t help) My first instinct was the lazy one: right-click → Open. Sometimes that bypasses the check and gives you the “Are you sure?” prompt. Nope. Same message, same dead end. Next attempt: System Settings → Privacy & Security. I scrolled down expecting to see the usual “Dashdot was blocked from use” notice with an “Open Anyway” button. Nothing. macOS behaved like the app had never existed, which is always a little unsettling. At this point I briefly wondered if the download itself was busted, so I re-downloaded it and tried again. Same result. Not corrupted, just… untrusted. What finally clicked The key thing I’d half-forgotten is that Gatekeeper treats unsigned or non-notarized apps very differently now, especially on newer macOS versions. If the developer hasn’t notarized the build, macOS won’t always surface a friendly override in System Settings. Apple documents this behavior pretty clearly, but not in a place you naturally look unless you already know the answer. The relevant bit is here on Apple’s side, about Gatekeeper and manual overrides: [https://support.apple.com/en-us/HT202491](https://support.apple.com/en-us/HT202491) Once I accepted that this wasn’t going to be a one-click fix, the solution became obvious. What actually worked I moved the app into /Applications (important, weirdly), then opened Terminal and removed the quarantine attribute manually: `xattr -d com.apple.quarantine /Applications/Dashdot.app` That’s it. No reboot. No sudo. After that, double-clicking the app worked instantly. No warning dialog, no drama. The process started, the local service spun up, and the web interface loaded like nothing had ever been wrong. This lines up with Apple’s own developer documentation about notarization and quarantine flags, which is dry but accurate if you want the full rationale: [https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution) Once running, everything behaved normally. CPU usage was sane, memory footprint small, nothing phoning home. Exactly what I expected from a local monitoring tool. Where I sanity-checked things Before keeping it installed, I did a quick sweep: – Looked up the listing on the Mac App Store just to confirm naming and avoid look-alikes (there isn’t a native App Store build, but the official search is still useful): [https://apps.apple.com/us/search?term=dashdot](https://apps.apple.com/us/search?term=dashdot) – Cross-checked the project’s official documentation to make sure I wasn’t bypassing security for something sketchy. The upstream docs and repo are straightforward and transparent: [https://dashdot.dev](https://dashdot.dev) Somewhere in the middle of this, I also bookmarked **this page** because it lined up neatly with how macOS handles system utilities and unsigned tools in practice, not just in theory: [https://technotafastore.xyz/systems/33031-dashdot.html](https://technotafastore.xyz/systems/33031-dashdot.html) It wasn’t magic, but it helped confirm I wasn’t the only one hitting this exact wall on modern macOS. What I understood after the fact Nothing was “broken.” The app wasn’t damaged, incompatible, or crashing. macOS was just doing its job aggressively, and because the build isn’t notarized in the way Apple prefers, it never surfaced the friendly UI override. Once you remove the quarantine flag yourself, the OS stops treating it like a suspicious download and everything settles down. This is one of those cases where Gatekeeper feels less like a guardrail and more like a locked door with no sign on it. If I had to do it again (short checklist) If I were setting this up fresh on another Mac, I’d do it this way immediately: – Move the app into /Applications before launching – Expect Gatekeeper to block it silently – Remove the quarantine attribute via Terminal – Launch normally and verify behavior That’s it. No disabling system protections globally, no sketchy scripts, no permanent security compromises. Anyway, figured I’d write this down while it was fresh. Dashdot itself is fine once it’s allowed to breathe. The real fight was just convincing macOS that a small, local tool isn’t out to ruin your life.