Sandbox-exec, c'est un utilitaire en ligne de commande dont pas grand monde ne parle mais qui est intégré à macOS et qui permet de lancer n'importe quel programme dans un bac à sable sécurisé, avec des restrictions sur mesure. Apple l'a déprécié, mais ça marche toujours... et c'est franchement pratique.
Avec ce truc, il suffit de créer un petit fichier de profil (extension .sb) et vous lancez votre commande avec sandbox-exec -f profil.sb votre_commande. En faisant ça, le programme de votre choix tournera dans un environnement verrouillé où il ne pourra accéder qu'à ce que vous autorisez explicitement.
Ensuite, vous avez deux philosophies. Soit vous bloquez tout par défaut et vous n'autorisez que le strict nécessaire, c'est à dire l'approche parano parfaite pour tester du code louche. Soit vous autorisez tout et vous ne bloquez que ce qui craint. La première est plus sûre, la seconde plus rapide à mettre en place.
Voici un exemple concret pour avoir un terminal coupé du réseau. Suffit de 3 lignes de profil (c'est du LISP) :
(version 1)
(allow default)
(deny network*)
Et là, sandbox-exec -f no-network.sb zsh vous donnera un shell qui peut tout faire sauf se connecter à Internet. Sympa donc pour lancer un script dont vous n'êtes pas sûr à 100% ! Par contre, pour les apps GUI c'est plus capricieux... en testant la même chose avec Firefox, le navigateur arrive quand même à se connecter (il passe probablement par un autre mécanisme réseau). Du coup, pour les applications graphiques, faudra tester au cas par cas.
D'ailleurs, macOS embarque déjà plein de profils dans /System/Library/Sandbox/Profiles/. Ce sont ceux qu'Apple utilise pour ses propres services et certains sont bien commentés, ce qui en fait une super base pour créer les vôtres (Votre IA personnelle en sera ravie ^^).
Côté debug, si un programme plante dans le bac à sable sans explication, la commande log stream --predicate 'sender=="Sandbox"' affichera en temps réel toutes les opérations bloquées. Comme ça, vous voyez exactement ce qui coince et vous ajustez votre profil en conséquence.
Après comme je vous le disais en intro, Apple a officiellement déprécié sandbox-exec car elle préfère pousser son App Sandbox via Xcode, pensé pour les apps du Mac App Store. Mais bon pour isoler rapidement un script en ligne de commande, l'App Sandbox ne sert à rien. Du coup, cet utilitaire CLI reste le seul moyen natif de faire du sandboxing à la volée sur Mac.
Et avec les agents IA qui exécutent du code YOLO partout sur nos machines, avoir un outil comme celui-ci pour isoler un process sans rien installer, c'est plutôt cool je pense ! Si vous utilisez déjà
des outils comme Opcode
(une GUI pour Claude Code) qui intègrent déjà du sandboxing, c'est exactement cette couche en dessous. Il s'agit de Seatbelt, le framework de sandboxing kernel de macOS, qui fait tout le boulot au niveau OS.
Bref, si la sécurité de votre Mac vous préoccupe, allez gratouiller un peu ça. Tous les profils sont déjà sur votre machine, y'a plus qu'à jouer avec !
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp.
The activity, which was observed between March and April
The Synology BeeStation BST151-4T is a 4 TB single drive personal cloud device that sits somewhere between an external hard drive and a traditional NAS, targeting users who want centralized storage, photo backup, file syncing, and remote access without dealing with a conventional multi bay server setup. It follows the original BST150-4T BeeStation, first released in February 2024, and appears to be a light refresh of that earlier model rather than a full redesign. As with the first version, the focus is on quick deployment, simple management, and a more consumer friendly software experience, using Synology’s BeeStation platform instead of the broader and more configurable DSM system found on the company’s standard NAS lineup.
At a hardware level, the BST151-4T remains a very compact single bay network storage appliance with a fixed 4 TB hard drive, built around the Realtek RTD1619B platform and a 1GbE network connection. Physical connectivity is unchanged from the earlier BeeStation, with 1 x USB-A 3.2 Gen 1 port, 1 x USB-C 3.2 Gen 1 port, and 1 x RJ-45 LAN port, all housed in the same 148.0 x 62.6 x 196.3 mm enclosure weighing 820 g.
That hardware profile makes clear where the BeeStation sits in Synology’s lineup. This is not a flexible NAS chassis with room for drive upgrades, SSD cache, multi bay expansion, or faster networking. The internal disk is part of the appliance design, so there is no meaningful path to RAID redundancy, easier drive level recovery, or long term capacity scaling in the way there is on a conventional 2 bay or 4 bay NAS.
Power and thermals are also modest, which is consistent with a low power, always on personal cloud device. Synology lists power consumption at about 7.85 W during access and 1.65 W in HDD hibernation, with a 36 W external power adapter. The system continues to use a single HAT3300-4T drive, and Synology’s current 4 TB HAT3300 model is a 5400 RPM class disk rather than a faster 7200 RPM unit.
The one specification that requires care is memory. Synology’s March 30, 2026 product specification PDF and the current BeeStation comparison page both list the BST151-4T with 1 GB DDR4, but Synology’s newer BST151-4T datasheet, published later in March 2026 and mirrored across multiple regional versions, lists 2 GB DDR4 instead. On balance, the later datasheet appears to reflect the intended refresh specification, but Synology’s own published material is not yet fully consistent. (UPDATE – RAM on the BST151-4T is CONFIRMED as 2GB)
Assuming the 2 GB figure in the later datasheet is the correct final spec, the BST151-4T is best understood as a minimal revision of the BST150-4T rather than a new hardware generation. The enclosure, CPU, ports, networking, and drive class are effectively the same, while the main change is the move from the predecessor’s 1 GB memory configuration to 2 GB. That could simply reflect practical component economics as much as performance tuning, since lower density memory packages can become less cost effective over time as supply shifts. In either case, this still appears to be fixed onboard memory, not a user upgradeable SO-DIMM arrangement, so the platform remains closed in the same way as the original model.
Specification
Synology BeeStation BST151-4T
Capacity
4 TB
Drive type
Synology HAT3300-4T
Processor
Realtek RTD1619B
Memory
2 GB DDR4 listed in the newer datasheet; 1 GB DDR4 still appears on some Synology product spec pages
LAN
1 x 1GbE RJ-45
USB
1 x USB-A 3.2 Gen 1, 1 x USB-C 3.2 Gen 1
Dimensions
148.0 x 62.6 x 196.3 mm
Weight
820 g
Power adapter
36 W
Power consumption
7.85 W access, 1.65 W HDD hibernation
Operating temperature
0°C to 35°C
Warranty
3 years
Synology BeeStation in 2026 – What can it do?
In 2026, the BeeStation platform is no longer limited to basic remote file access. Synology positions it as a consumer focused private cloud for storing, syncing, and sharing files and photos, with web, desktop, and mobile access, support for sign in via Google Account, Apple ID, or Synology Account, and shared access for up to 8 users on a single device. It is designed to pull together data from phones, computers, external drives, and selected cloud services into one managed location rather than acting only as a simple networked hard drive.
Photo handling is one of the more developed parts of the platform. Synology states that BeeStation can back up mobile photos, import content from sources such as Google Photos and iCloud Photos, and organize images with local AI based recognition for people, subjects, and places. The software also supports timeline and map based browsing, album creation, and controlled photo sharing, which places the BST151-4T closer to a private cloud photo hub than to a basic USB backup box.
Its data protection features have also expanded since launch. BeeStation now supports internal restore points based on snapshots, backups to BeeProtect, Synology NAS, and external drives, plus a 3 year Acronis True Image Essentials license for 1 computer. BeeStation OS 1.5 also added BeeCamera support, but Synology limits that feature to BeeStation Plus models rather than the standard 4 TB unit, so the BST151-4T does not currently gain the surveillance role that the higher tier model has started to take on.
Where the BeeStation still differs from a DSM based NAS such as the DS124 or DS223 is in breadth and flexibility. Synology’s DS124 and DS223 product pages explicitly advertise broader DSM functions including Synology Drive based private cloud workflows, Btrfs snapshot features, ShareSync between Synology systems, full Surveillance Station support, and the wider DSM application platform. By contrast, BeeStation remains a curated appliance with a narrower software stack, no general DSM Package Center environment, no broad package driven expansion path, and on the standard 4 TB model no BeeCamera surveillance support either. In other words, it can cover the main personal cloud tasks, but it still does not replace the wider role of even Synology’s entry level DSM NAS systems.
The BST151-4T looks like a modest revision of the original BeeStation rather than a substantially new product. Its appeal remains the same: a preconfigured, low friction private cloud for users who want basic file storage, photo backup, syncing, sharing, and remote access without moving into a full DSM based NAS environment. The hardware envelope is still narrow, with a fixed internal 4 TB drive, 1GbE networking, and no real upgrade path for storage expansion or RAID style redundancy, but that is consistent with its role as an entry level turnkey appliance rather than a general purpose NAS. Synology’s own later datasheet points to 2 GB of RAM on the new model, which would make the BST151-4T a small but practical refresh of the BST150-4T rather than a platform shift. Pricing is the main unknown at the time of writing. Synology’s support status page already lists the BST151-4T as generally available, but public retail pricing is still not clearly established. On that basis, the safest expectation is that it will land close to the earlier 4 TB BeeStation, which launched around $199 in the US and about £209 in the UK, while more recent BST150-4T retail listings have also appeared higher depending on seller and region, sat around $309 without TAX. That likely places the BST151-4T will land in excess of $300 and maybe closer to $350 when factoring the RAM increase.
This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below
Need Advice on Data Storage from an Expert?
Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you.Need Help?
Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry.
[contact-form-7]
TRY CHAT Terms and Conditions
If you like this service, please consider supporting us.
We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you.Anything you purchase on the day you click on our links will generate a small commission which isused to run the website. Here is a link for Amazon and B&H.You can also get me a Ko-fi or old school Paypal. Thanks!To find out more about how to support this advice service checkHEREIf you need to fix or configure a NAS, check FiverHave you thought about helping others with your knowledge? Find Instructions Here
Or support us by using our affiliate links on Amazon UK and Amazon US
Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.
Un document soumis à l'IETF le 14 avril 2026 évoque l'IPv8, avec une rétrocompatibilité complète avec IPv4. Découvrez ce draft qui repense la gestion réseau.
Zorin OS 18.1 est officiellement disponible ! Cette mise à jour apporte son lot de nouveautés et le retour d'une version Lite. Voici l'essentiel à savoir.
OpenAI vient de dévoiler GPT-5.4-Cyber, une déclinaison optimisée pour la cybersécurité défensive et plus permissive. À quoi sert-il ? Peut-on en profiter ?
Les pirates ont pu récupérer les détails des réservations des clients, forçant Booking.com à reset les codes PIN. Voici ce que l'on sait sur cet incident.
Un audit californien publié en mars 2026 montre que Google, Microsoft et Meta continuent de déposer des cookies de suivi après un refus explicite des utilisateurs, car payer les amendes leur revient moins cher que de se conformer aux règles.
Les réclamations sous garantie de NVIDIA ont été multipliées par dix en 2025, atteignant 894 millions de dollars, un bond que plusieurs observateurs relient directement aux problèmes persistants du connecteur d'alimentation 16 broches introduit avec les RTX 40, et reconduit sur les RTX 50.
Certaines zones en france sont floutées dans les services de cartographie satellite comme Google Maps, Bing Maps, etc... Mais saviez-vous que la france fait partie des rares pays à utiliser ce système ?
Comme l'explique le journaliste l'intérêt peut se discuter. D'autant que la liste complète des zones floutées est accessible à tous.
En revanche, c'est assez gênant quand vous souhaitez visualiser un endroit à proximité d'une zone qui a été floutée un peu trop largement... heureusement que le fond de carte (vectoriel) n'est pas flouté.
À l'occasion d'un atelier pendant les essais de la Denza Z9 GT, nous avons pu voir de nos propres yeux la nouvelle technologie Flash Charging de BYD, permettant de ravitailler de 10 à 70 % en seulement 5 minutes.
Is Starfield coming to Nintendo Switch 2? A new rating suggests that it is, though recent reports claim the port in development has been difficult to make.
A Steam backend update suggests expanded price history tracking could be on the way. The feature highlights a gap on Xbox, where users still rely on third party tools to track game pricing.
Xbox Game Camp returns in 2026 with a new program in Minneapolis, offering a 12 week training course for young developers to build games, learn key skills, and create a portfolio with Microsoft.
Connexion
