Hi, friends! Welcome to Installer No. 78, your guide to the best and Verge-iest stuff in the world. (If you’re new here, welcome, sorry everything’s about to get so expensive, and also you can read all the old editions at the Installer homepage.)
Technology
One streaming app to (almost) rule them all
This week, I’ve been reading about baseball bats and work-life balance and BYD and Scarlett Johansson, watching Paradise, rekindling my love of pear-flavored jelly beans, sharing Robin Sloan’s AI take with anyone who will listen, grooving to the greatest unexpected Doechii remix of all time, and finally finding the monitor mount that makes my webcam upgrade work.
I also have for you a couple of great new apps for streaming and gaming, a look back into Microsoft’s history, the latest on the Switch 2, a screed against screen time, and much more.
Oh, and a programming note: Installer is off next week. Taking a little break before we ramp up for Developer Conference season. But we have lots to do today! Let’s get into it.
(As always, the best part of Installer is your ideas and tips. What are you into right now? What should everyone else be reading / listening to / watching / downloading / sipping on this week? Tell me everything: installer@theverge.com. And if you know someone else who might enjoy Installer, tell them to subscribe here.)
- Plex. Plex has spent a lot of time and energy trying to become a proper, legit streaming platform, and the new mobile app is by far the most mainstream-useful thing it has ever made. Mixing streaming media with my library, and lots of discovery tools, feels really nice. Fair warning, though: you’ll need a $4.99 monthly sub to get a lot of Plex’s best features.
- Delta 1.7. The iPhone’s best game emulator, now with online multiplayer! (At least for DS games.) It also has nice screenshot support and some new N64-specific updates, which gives me great hope for the Mario Golf ROM I’ve already put too many hours into.
- Skylight. It looks exactly like TikTok, but it runs on the same AT Protocol that powers Bluesky. That is a very enticing combination — and it’s a really nice app for something so brand new. Bluesky is really starting to look like the fediverse.
- Celebrate 50 years of Microsoft with the company’s original source code. This week was the 50th anniversary of Microsoft, and Bill Gates marked the occasion by releasing all its original Altair BASIC source code — via one of the cooler retro-style websites you’ll ever use.
- The Nintendo Switch 2. I know, we’ve talked about this before, and I know, it’s not launching until June. But the new Switch — a console I am outrageously, maybe unprecedentedly, excited about, especially now that we’ve learned more about its specs and its game lineup — is officially launching in June, and I just needed you to know so you don’t miss it. I will be there. You can’t preorder it yet, because of chaos, but I’ll keep you posted.
- “I hate my phone so I got rid of it.” Been a while since a 46-minute YouTube rant had me nodding this hard — but Eddy Burback does a great job of explaining both why our phones are a problem, and why life without a phone feels increasingly impossible. Using a landline? Can you imagine?
- A Minecraft Movie. The reviews are meh, because of course they are. But I’ll watch Jack Black in anything, and I’m genuinely curious to see both what the blocky movie world looks like and how this very clearly Lego Movie-inspired flick pulls off the whole “just keep building” bit.
- DEVONthink 4.0. DEVONthink is, like, the ultimate Mac app for just storing all your junk. The design’s a little ’90s for my taste, but the new beta has some nice updates and a huge set of AI tools for finding, summarizing, and organizing content. I’m tempted to throw my whole life back in the app.
- Koira. Another delightful entrant (for Steam and PS5) in one of my favorite game genres — the quiet, simple puzzler that never tries to do too much but somehow seems to keep your attention forever. Plus, you get a puppy friend!
We’ve talked about the app Sofa a few times here in Installer. It’s a really good-looking, powerful app for Apple devices that lets you manage all the stuff you want to watch, read, listen to, and everything else. I’ve come to appreciate having it as the app I go to when I deliberately want to relax. Rather than just aimlessly scroll on Reddit or whatever, Sofa is just a giant list of stuff I actually want to consume.
Sofa’s big new feature this week is a podcast player, which is full-featured enough that you can use Sofa as your one and only podcast app. Like everything else in Sofa, it’s really nicely made and is already as good at queue management as any app I’ve tried.
On the occasion of the new update, I asked Shawn Hickman, Sofa’s developer, to share his homescreen with us. I figured he might have some widget ideas, you know? Here it is, plus some info on the apps he uses and why:
The phone: iPhone 16 Pro Max. I love the big phones and have embraced the PopSocket life.
The wallpaper: My homescreen rotates images from my photo library (one of my favorite iOS features), and I use the blurred version of it as my “wallpaper.”
The apps: Camera, Phone, Apple Maps, Clock, Wallet, Settings, Photos, Reminders, App Store, Music, Safari, 1Password, YouTube, Bear, YouTube Studio, Lightroom, Things, Blackmagic Camera, Reeder, Discord, RevenueCat, ChatGPT, Apple Sports, Mail, Messages, Sofa, Apple Notes.
I keep very few apps on my homescreen and tend to rely on search more. Also, I’m not a big widgets person. I have a few on my first page (Photos, Weather, and Calendar), but I prefer scanning app icons rather than widgets 🤷♂️.
Things, Bear, and Reeder are a few of my favorite apps of all time. I’ve used Reeder (now Reeder Classic) for a long time and have always been impressed with the app’s craftsmanship. The new Reeder is even better. I actually like the “news feed” approach more than the traditional RSS feed / inbox approach. I find it to be a low-stress way to keep up with different news sources.
Bear is where I write and store a lot of my “work” notes. I love writing in markdown, the flexibility of the app’s tagging system, and its visual design. Things is my favorite app ever. I’ve been using it for so long and couldn’t imagine managing my work without it. Simply the best.
I have a YouTube channel. I’ve been experimenting with shooting Apple Log, and the Blackmagic Camera app is by far the most flexible. You need to do a bit of learning, but it’s pretty sweet once you’ve gotten a handle on it. I love photography, and really love editing photos, so I tend to spend a lot of time in Lightroom. I find it relaxing, and tend to edit photos when I’m stuck on a problem. It weirdly helps me think.
RevenueCat is a great service that makes implementing and managing Sofa’s app subscriptions much easier.
I also asked Shawn to share a few things he’s into right now. Here’s what he sent:
- Severance. It’s probably my favorite TV show since the first season of Stranger Things… and I really want to buy one of the keyboards the MDR team uses! Now we must all endure the long wait for season 3.
- I’ve been on a history kick, and there are a few documentaries I’ve really liked: Benjamin Franklin, The Roosevelts: An Intimate History, and I’m currently watching The War.
- Framelines: I’m a photography enthusiast, and one of my favorite YouTube channels, and now magazines, is Framelines. They focus a lot on street photography but expand beyond that quite a bit. Their channel is great, and I love getting their physical magazines, too.
Here’s what the Installer community is into this week. I want to know what you’re into right now as well! Email installer@theverge.com or message me on Signal — @davidpierce.11 — with your recommendations for anything and everything, and we’ll feature some of our favorites here every week. For even more great recommendations, check out the replies to this post on Threads and this post on Bluesky.
“I played Dungeon Pages for the first time on my iPad last night and REALLY enjoyed it! Would be even more enjoyable on paper to get away from doomscrolling for a while.” – Dylan
“I initially had my heart set on the Fujifilm X100VI, but a friend suggested the X-T50. It’s been a great learning experience, and I’m pleased with the photos I’ve taken. I’m still discovering all the nuances of the Fujifilm ecosystem.” – Paul
“If you’re liking your SodaStream, you should check out Simpli Soda — they’re a family business out of SE Wisconsin that does mail-in cylinder swaps for all brands (including quick-connects like your SodaStream Art uses) for less $$.” – Cori
“Late to the party, but Baldur’s Gate 3. I was blown away by how quickly I got immersed, and I’m only on my first playthrough. I didn’t realize that it ran natively on macOS until last month.” – Drake
“Wanted to recommend a great app I have been happily using (+ paying for) for five years that no one else seems to talk about: Mealime. It’s the perfect app if, like me, you struggle not only at planning recipes for the week but also the act of shopping itself. Normally, when I make a grocery list, I crisscross the grocery store looking for what I need. Mealime gives you tons of recipes, lets you filter by dietary preferences, make a meal plan, and then it makes a grocery list grouped by section of the grocery store. It’s a total game-changer for me.” – Drew
“I absolutely love Li Hing pineapple rings. I’m told they’re common in Hawaii, but on the East Coast, they’re new to me. Sour and delicious. I order mine from Wholesale Unlimited Hawaii, and they’re fun and delicious and unique. The store has tons of snacks I’ve never seen around where I live, and everything I’ve bought is really good.” – Steve
“I finished watching Reacher season 3 on Prime Video. I liked the season as an action flick, but it doesn’t feel like a Reacher-level story. The investigation element was missing from this season. Season 1 was the strongest offering in this series.” – Ankur
“I just found out about the Johnny.Decimal system last night. Diving in to reorganizing my work files as I descend further down the PKM rabbit hole.” – Dirk
“Otherwise Objectionable is an excellent history of Section 230. Hosted by Mike Masnick and featuring recollections from the folks who were there at the inception of the ‘26 words that created the Internet.’ Section 230 is under threat (yet again), so it’s a good time to learn why it’s so important we don’t screw it up with badly written and misguided legislation.” – Zip
If you were extremely online during a very specific time period, the names Jake Hurwitz and Amir Blumenfeld might mean a lot to you. They were two of my first favorite online comedians, part of a brilliant CollegeHumor gang that was way ahead of its time making funny stuff on the internet.
If you’ve never watched a Jake and Amir, head to their YouTube channel, sort by oldest, and give it a whirl. But if you can quote as many of their bits as I can, you really should check out the “Greatest Jake and Amir Episode Ever” tournament the two guys are doing on the channel, rewatching and commenting on some of their best work. (If you’re on their Patreon, you can already see who won the tournament, but as I write this, the YouTube channel is only up to the Final Four.) I was shocked at how many of these videos I can still recite, pretty much word for word, all these years later. No keeding.
A UK employment tribunal rejected a request from fired Rockstar Games employees to receive interim pay while waiting for a full hearing about their dismissal, according to Bloomberg and IGN. After Rockstar fired 34 employees last year — 31 from the UK and three from Canada — the Independent Workers’ Union of Great Britain (IWGB) accused the company of “union busting.” Rockstar claims that the fired employees were leaking company information in a Discord channel.
The hearing took place over two days last week. “Despite being refused interim relief today, we’ve come out of last week’s hearing more confident than ever that a full and substantive tribunal will find Rockstar’s calculated attempt to crush a union to be not only unjust but unlawful,” IWGB president Alex Marshall says in a statement. “The fact that we were granted this hearing speaks to the strength of our case and, over the course of the two-day hearing, Rockstar consistently failed to back up claims made in the press or to refute that they acted unfairly, maliciously, and in breach of their own procedures.”
“We regret that we were put in a position where dismissals were necessary, but we stand by our course of action as supported by the outcome of this hearing,” a Rockstar Games spokesperson says in statements to Bloomberg and IGN. Rockstar and owner Take-Two didn’t immediately reply to a request for comment.
Rockstar is working on Grand Theft Auto VI, which was recently delayed from a planned May launch to November 19th.
NEWYou can now listen to Fox News articles!
Android TV streaming boxes that promise “everything for one price” are everywhere right now.
You’ll see them on big retail sites, in influencer videos, and even recommended by friends who swear they’ve cut the cord for good. And to be fair, they look irresistible on paper, offering thousands of channels for a one-time payment. But security researchers are warning that some of these boxes may come with a hidden cost.
In several cases, devices sold as simple media streamers appear to quietly turn your home internet connection into part of larger networks used for shady online activity. And many buyers have no idea it’s happening.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE
Android TV streaming boxes promising unlimited channels for a one-time fee may quietly turn home internet connections into proxy networks, according to security researchers. (Photo By Paul Chinn/The San Francisco Chronicle via Getty Images)
What’s inside these streaming boxes
According to an investigation by Krebs on Security, media streaming devices don’t behave like ordinary media streamers once they’re connected to your network. Researchers closely examine SuperBox, which is an Android-based streaming box sold through third-party sellers on major retail platforms. On paper, SuperBox markets itself as just hardware. The company claims it doesn’t pre-install pirated apps and insists users are responsible for what they install. That sounds reassuring until you look at how the device actually works.
To unlock the thousands of channels SuperBox advertises, you must first remove Google’s official app ecosystem and replace it with an unofficial app store. That step alone should raise eyebrows. Once those custom apps are installed, the device doesn’t just stream video but also begins routing internet traffic through third-party proxy networks.
What this means is that your home internet connection may be used to relay traffic for other people. That traffic can include ad fraud, credential stuffing attempts and large-scale web scraping.
During testing by Censys, a cyber intelligence company that tracks internet-connected devices, SuperBox models immediately contacted servers tied to Tencent’s QQ messaging service, run by Tencent, as well as a residential proxy service called Grass.
Grass describes itself as an opt-in network that lets you earn rewards by sharing unused internet bandwidth. This suggests that SuperBox devices may be using SDKs or tooling that hijack bandwidth without clear user consent, effectively turning the box into a node inside a proxy network.
Why SuperBox activity resembles botnet behavior
In simple terms, a botnet is a large group of compromised devices that work together to route traffic or perform online tasks without the owners realizing it.
Researchers discovered SuperBox devices contained advanced networking and remote access tools that have no business being on a streaming box. These included utilities like Tcpdump and Netcat, which are commonly used for network monitoring and traffic interception.
The devices performed DNS hijacking and ARP poisoning on local networks, techniques used to redirect traffic and impersonate other devices on the same network. Some models even contained directories labeled “secondstage,” suggesting additional payloads or functionality beyond streaming.
SuperBox is just one brand in a crowded market of no-name Android streaming devices. Many of them promise free content and quick setup, but often come preloaded with malware or require unofficial app stores that expose users to serious risk.
In July 2025, Google filed a lawsuit against operators behind what it called the BADBOX 2.0 botnet, a network of more than ten million compromised Android devices. These devices were used for advertising fraud and proxy services, and many were infected before consumers even bought them.
Around the same time, the Feds warned that compromised streaming and IoT devices were being used to gain unauthorized access to home networks and funnel traffic into criminal proxy services.
We reached out to SuperBox for comment but did not receive a response before our deadline.
8 steps you can take to protect yourself
If you already own one of these streaming boxes or are thinking about buying one, these steps can help reduce your risk significantly.
1) Avoid devices that require unofficial app stores
If a streaming box asks you to remove Google Play or install apps from an unknown marketplace, stop right there. This bypasses Android’s built-in security checks and opens the door to malicious software. Legitimate Android TV devices don’t require this.
2) Use strong antivirus software on your devices
Even if the box itself is compromised, strong antivirus software on your computers and phones can detect suspicious network behavior, malicious connections or follow-on attacks like credential stuffing. Strong antivirus software monitors behavior, not just files, which matters when malware operates quietly in the background. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
3) Put streaming devices on a separate or guest network
If your router supports it, isolate smart TVs and streaming boxes from your main network. This prevents a compromised device from seeing your laptops, phones or work systems. It’s one of the simplest ways to limit damage if something goes wrong.
4) Use a password manager
If your internet connection is being abused, stolen credentials often come next. A password manager ensures every account uses a unique password, so one leak doesn’t unlock everything. Many password managers also refuse to autofill on suspicious or fake websites, which can alert you before you make a mistake.
MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA
Investigators warn some Android-based streaming boxes route user bandwidth through third-party servers linked to ad fraud and cybercrime. (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
5) Consider using a VPN for sensitive activity
A VPN won’t magically fix a compromised device, but it can reduce exposure by encrypting your traffic when browsing, banking or working online. This makes it harder for third parties to inspect or misuse your data if your network is being relayed.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Watch your internet usage and router activity
Unexpected spikes in bandwidth, slower speeds or strange outbound connections can be warning signs. Many routers show connected devices and traffic patterns.
If you notice suspicious traffic or behavior, unplug the streaming box immediately and perform a factory reset on your router. In some cases, the safest option is to stop using the device altogether.
Also, make sure your router firmware is up to date and that you’ve changed the default admin password. Compromised devices often try to exploit weak router settings to persist on a network.
7) Be wary of “free everything” streaming promises
Unlimited premium channels for a one-time fee usually mean you’re paying in some other way, often with your data, bandwidth or legal exposure. If a deal sounds too good to be true, it usually is.
8) Consider a data removal service
If your internet connection or accounts have been abused, your personal details may already be circulating among data brokers. A data removal service can help opt you out of people-search sites and reduce the amount of personal information criminals can exploit for follow-up scams or identity theft. While it won’t fix a compromised device, it can limit long-term exposure.
10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026
Cyber experts say certain low-cost streaming devices behave more like botnet nodes than legitimate media players once connected to home networks. (Photo by Alessandro Di Ciommo/NurPhoto via Getty Images)
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Kurt’s key takeaway
Streaming boxes like SuperBox thrive on frustration. As subscriptions pile up, people look for shortcuts. But when a device promises everything for nothing, it’s worth asking what it’s really doing behind the scenes. Research shows that some of these boxes don’t just stream TV. They quietly turn your home network into a resource for others, sometimes for criminal activity. Cutting the cord shouldn’t mean giving up control of your internet connection. Before plugging in that “too good to be true” box, it’s worth slowing down and looking a little closer.
Would you still use a streaming box if it meant sharing your internet with strangers? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Anthropic wants to expand Claude’s AI agent capabilities and take advantage of the growing hype around Claude Code — and it’s doing it with a brand-new feature released Monday, dubbed “Claude Cowork.”
“Cowork can take on many of the same tasks that Claude Code can handle, but in a more approachable form for non-coding tasks,” Anthropic wrote in a blog post. The company is releasing it as a “research preview” so the team can learn more about how people use it and continue building accordingly. So far, Cowork is only available via Claude’s macOS app, and only for subscribers of Anthropic’s power-user tier, Claude Max, which costs $100 to $200 per month depending on usage.
Here’s how Claude Cowork works: A user gives Claude access to a folder on their computer, allowing the chatbot to read, edit, or create files. (Examples Anthropic gave included the ability fo “re-organize your downloads by sorting and renaming each file, create a new spreadsheet with a list of expenses from a pile of screenshots, or produce a first draft of a report from your scattered notes.”) Claude will provide regular updates on what it’s working on, and users can also use existing connectors to link it to external info (like Asana, Notion, PayPal, and other supported partners) or link it to Claude in Chrome for browser-related tasks.
“You don’t need to keep manually providing context or converting Claude’s outputs into the right format,” Anthropic wrote. “Nor do you have to wait for Claude to finish before offering further ideas or feedback: you can queue up tasks and let Claude work through them in parallel. It feels much less like a back-and-forth and much more like leaving messages for a coworker.”
The new feature is part of Anthropic’s (and its competitors’) bid to provide the most actually useful AI agents, both for consumers and enterprise. AI agents have come a long way from their humble beginnings as mostly-theoretically-useful tools, but there’s still much more development needed before you’ll see your non-tech-industry friends using them to complete everyday tasks.
Anthropic’s “Skills for Claude,” announced in October, was a partial precursor to Cowork. Starting in October, Claude could improve at personalized tasks and jobs, by way of “folders that include instructions, scripts, and resources that Claude can load when needed to make it smarter at specific work tasks — from working with Excel [to] following your organization’s brand guidelines,” per a release at the time. People could also build their own Skills for Claude relative to their specific jobs and tasks they needed to be completed.
As part of the announcement, Anthropic warned about the potential dangers of using Cowork and other AI agent tools, namely the fact that if instructions aren’t clear, Claude does have the ability to delete local files and take other “potentially destructive actions” — and that with prompt injection attacks, there are a range of potential safety concerns. Prompt injection attacks often involve bad actors hiding malicious text in a website that the model is referencing, which instructs the model to bypass its safeguards and do something harmful, such as hand over personal data. “Agent safety — that is, the task of securing Claude’s real-world actions — is still an active area of development in the industry,” Anthropic wrote.
Claude Max subscribers try out the new feature by clicking on “Cowork” in the sidebar of the macOS app. Other users can join the waitlist.
Arkansas2 minutes ago
Arkansas football beats SEC competition for Ouachita Baptist transfer lineman Terence Roberson Jr. | Whole Hog Sports
California8 minutes ago
How much water is in Lake Shasta, California reservoirs in 2026?
Colorado14 minutes ago
Polis’ budget proposal would cut Colorado support for training new doctors
Connecticut20 minutes ago
The cheese stands alone: Exploring the world of CT cheese
Delaware26 minutes ago
Delaware Sen. Chris Coons leading congressional delegation to Greenland as Trump threatens takeover
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia1 year ago
99th annual Pony Swim held in Virginia
Education2 years ago
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Politics6 hours ago
Rep Ro Khanna demands prosecution of ICE agent in Minneapolis fatal shooting
World8 hours ago
Syrian army sends troops to rural Aleppo to stop any SDF attempt to regroup
News8 hours ago
Iran acknowledges mass protest deaths, but claims situation under control as Trump mulls response
Videos16 hours ago
The Mayor of London explains why he thinks London is getting safer | BBC Newscast
News17 hours ago
Video: What Our Photographer Saw in Minneapolis
-
Detroit, MI1 week ago2 hospitalized after shooting on Lodge Freeway in Detroit
-
Technology7 days agoPower bank feature creep is out of control
-
Dallas, TX4 days agoAnti-ICE protest outside Dallas City Hall follows deadly shooting in Minneapolis
-
Delaware4 days agoMERR responds to dead humpback whale washed up near Bethany Beach
-
Montana3 days agoService door of Crans-Montana bar where 40 died in fire was locked from inside, owner says
-
Dallas, TX1 week agoDefensive coordinator candidates who could improve Cowboys’ brutal secondary in 2026
-
Iowa7 days agoPat McAfee praises Audi Crooks, plays hype song for Iowa State star
-
Virginia3 days agoVirginia Tech gains commitment from ACC transfer QB