How can you check whether important data has acquired errors? It could be in packets transferred over a network, files being stored in the cloud, or those put in an archive for safe-keeping. This article explains how errors can be detected and in some cases corrected.

Checksum

One quick and simple way to keep track of whether errors have crept in is to add all the byte values together using modulo arithmetic, and see if that number matches what we expect. Modulo addition ensures the sum never exceeds 255 (for 8-bit bytes), but it also means there’s a 1 in 255 chance that the checksum may remain correct even when the data is wrong. There’s an even more serious problem, though, as changing the order of bytes in the data won’t have any effect on their checksum, even though it would scramble the data.

One solution to those is the Fletcher checksum, using two values instead of one. Both start at zero, then the value of the first block of data is added to the first of those. That is then added to the second value, and each time another value is added to the first, their total is added to the second value. At the end the two values are combined to give the Fletcher checksum.

As this only uses modulo addition, it’s extremely quick, so is used with 32-bit blocks for the Fletcher-64 checksum in APFS file system metadata. The chances of a ‘collision’, in which an error fails to show up in the checksum, are almost 1 in 4.3 billion. Wikipedia’s account includes worked examples.

Cyclic redundancy check

These use additional bits to form cyclic codes based on the remainder of a polynomial division of the data contents. Although they sound complex, they use simple binary operations, so can be very quick in use. Again, Wikipedia’s account includes worked examples.

These were originally developed for use over communication channels such as radio, where they are effective against short bursts of errors. Since then they have been widely used in hard disks and optical storage. They have two main disadvantages, in that they can easily be reversed, allowing the original data to be reconstructed, and they can’t protect against intentional modifications.

Hash

Secure Hash Algorithms, SHA, are a family of cryptographic functions based on a one-way compression function. The first, SHA-1, produces a 160-bit value referred to as the digest. Used from 1995, it was broken in 2005, and has been replaced by SHA-2 using digest sizes of 224-512 bits, now most widely used as SHA-256.

For SHA-256, data is processed in 512-bit chunks and subjected to 64 rounds of a compression function before being appended into the 256-bit digest, while SHA-512 uses 1024-bit chunks and 80 rounds. Full details are again given in Wikipedia.

Important properties of cryptographic hash functions include:

• There’s a one-to-one mapping between input data and hash, so the same data always generates the same hash.
• It’s not feasible to work out the input data for any given hash, making the mapping one-way.
• Collisions are so rare as to not occur in practice.
• Small changes in the input data result in large changes in the hash, so amplifying any differences.
• Hash values should be fairly evenly distributed.

SHA-256 and related hashes are used in code signatures, as CDHashes of the protected parts of each app, bundle, etc. They’re also used to verify the integrity of the Signed System Volume in modern macOS, where they’re assembled into a tree hierarchy so they can be verified lazily, on-demand. More generally, cryptographic hashes are used in message authentication codes (MAC) to verify data integrity in TLS (formerly SSL).

Error-correcting code

Those methods of detecting errors can’t, in general, be used to correct them. The first effective error-correcting code was devised by Richard Hamming, and is named after him. It can correct all single-bit errors, and will detect two-bit errors as well. Wikipedia’s excellent account, complete with explanatory Venn diagrams, is here.

Ten years after Hamming code came Reed-Solomon code (R-S), invented by Irving S Reed and Gustave Solomon. Nearly twenty years later, when Philips Labs were developing the format for CDs, their code was adopted to correct errors in their reading. Unlike others, when used in CDs, R-S codes are applied to bytes rather than bits, in two steps.

The first encodes 24 B of input data into 28 B of code. Interleaving is then performed on those codewords in blocks of 28, or 784 B of codewords, following which a second R-S coding is performed to convert each 28 B into 32 B of code. The overall code rate is thus 24/32, so an input file grows by a third following this double encoding. R-S code is explained in detail in this Wikipedia article.

The reason for such a complex scheme of error-correction in CDs is to correct bursts of errors up to 4 KB, or 500 bytes, representing about 2.5 mm of the track on a CD. Similar methods have been used for DVDs and in parchive files, which were distributed in USENET posts. However, it becomes progressively harder and less efficient to provide error-correction for larger blocks of missing data, which is of course one of the most serious problems in computer storage systems.

macOS

Unlike some file systems including Zfs, APFS and macOS don’t provide any native method for checking the integrity of data stored in files, although macOS does offer SHA-256 and SHA-512 support in CryptoKit. My free suite of two apps (Dintch and Fintch) and a command tool (cintch) offer a robust scheme using CryptoKit’s SHA-256 that I and others have been using for the last five years. Details are in their Product Page.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5305. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds a single new rule for MACOS.SOMA.JLEN, part of the Amos/Soma family of malware.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5305

Sequoia systems only

This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5305 but your Mac still reports an older version is installed, you may be able to force the update using
sudo xprotect update

Several Masters have specialised in painting myths told in Ovid’s Metamorphoses. Although Nicolas Poussin painted many, perhaps the most prolific is Peter Paul Rubens, whose work has featured in nearly half the articles in this series. Here, possibly for the first time, I bring together a virtual exhibition of some of his best narrative paintings drawn from Ovid.

Rubens’ Deucalion and Pyrrha (1636) shows an aged couple, clearly beyond any hope of parenthood, which at least explains why this metamorphosis was needed. As their more reasonably sized rocks transform, they follow an ontogenetic process, instead of behaving like sculpted blocks. Rubens also treats us to some interesting details: the couple’s boat is shown at the top right, and a newly transformed couple appear already to be engaged in the initial stages of making the next generation without the aid of metamorphosis.

His late oil sketch of Pan and Syrinx from about 1636 is one of the few paintings that attempts to show Syrinx undergoing her transformation into reeds, and succeeds in making Pan appear thoroughly lecherous.

Rubens’ finest painting of the story of the rape of Io is his Juno and Argus from about 1611, showing this part of its outcome. Juno, wearing the red dress and coronet, is receiving eyes that have been removed from Argus’ severed head, and is placing them on the tail feathers of her peacocks. The headless corpse of Argus lies contorted in the foreground. Rubens took the opportunity of adding a visual joke, in which Juno’s left hand appears to be cupped under the breasts of the woman behind.

His The Fall of Phaeton, started in about 1604, is perhaps the best of several superb paintings of this story. He seems to have reworked this over the following three or four years, and elaborates the scene to augment the chaos: accompanying Phaëthon in the chariot of the sun are the Hours (Horae, some shown with butterfly wings), who are thrown into turmoil, and time falls out of joint as Phaëthon tumbles out of the chariot.

His is also one of the best accounts of Jupiter and Callisto (1613). Diana looks a tad more masculine than in most depictions, and their facial expressions are more serious, with Callisto hesitant and suspicious. Most importantly, Rubens tells us that this Diana is more than meets the eye: parked in the background is Jupiter’s signature eagle, with a thunderbolt in its talons.

This is the better of his two versions of Erichthonius Discovered by the Daughters of Cecrops, from about 1616. Aglauros has just given way to temptation and taken the top off the basket entrusted to the sisters by Minerva, revealing the infant Ericthonius and a small snake inside. To the right is a fountain in honour of the Ephesian Artemis (Roman Diana), distinctive with her multiple breasts, each of which is a source of water. At the left, in the distance, is a herm, at the foot of which is a peacock, suggesting that Juno isn’t far away.

Rubens’ workshop is credited with this oil sketch of Cadmus Sowing Dragon’s Teeth from between 1610-90, the start of Ovid’s history of Thebes. Cadmus stands at the left, Minerva directing him from the air. The warriors are shown in different states, some still emerging from the teeth, others killing one another. Behind Cadmus is the serpent, dead and visibly edentulous.

His oil sketch of The Death of Semele from about 1620 reveals Semele pregnant on a bed and in obvious distress. Jupiter grasps his thunderbolt in his right hand, as his dragon-like eagle swoops in through the window.

Rubens’ Perseus and Andromeda (c 1622) shows a late moment when the height of action is just past, but its outcome more obvious. Andromeda is at the left, unchained but still almost naked. Perseus is in the process of claiming her hand as his reward, for which he is being crowned with laurels, as the victor. He wears his winged sandals, and holds the polished shield that still reflects Medusa’s face and snake hair. One of several putti (alluding to their forthcoming marriage) holds Hades’ helmet of invisibility, and much of the right of the painting is taken up by Pegasus, derived from a different version of the myth. At the lower edge is the dead Cetus, its fearsome mouth wide open.

The young and flourishing Rubens painted this remarkable Head of Medusa in about 1617. This shows the head after Perseus had placed it on a bed of seaweed once he had rescued Andromeda. He includes an exuberant mass of snakes, even a lizard and a scorpion, more of which appear to be forming in the blood exuding at the neck.

His superb The Rape of Proserpina (1636-38) shows a composite of Ovid’s account. Pluto’s face looks the part, his eyes bulging and staring at Minerva, who is trying to stop the girl from being abducted. Below the chariot, the basketful of flowers which Proserpine had been picking is scattered on the ground. Rubens shows irresistible movement to the right, as Pluto struggles to lift the girl into his chariot. Two winged Cupids are preparing to drive the black horses on, once the couple are secured inside.

Rubens’ surviving oil study of Pallas and Arachne (1636-7) tells this story in a conventional view. In the foreground, the angry Minerva is striking Arachne on the forehead with the shuttle. To the right is one of the images woven by Arachne, showing Europa riding Jupiter disguised as a white bull, an image that Rubens was familiar with from Titian’s Rape of Europa (c 1560-62), copied so well by Rubens in 1628-29. However, this version is different from either of those. Behind Minerva and Arachne, two women are sat at a loom, and it’s tempting to think that they too might represent the pair, in multiplex narrative. However, neither is dressed in red as is Arachne, leaving the question open.

His Tereus Confronted with the Head of his Son Itys (1636-38) shows the two sisters dressed as Bacchantes, one carrying her thyrsus with her left arm, and their breasts bared. Tereus is just reaching for his sword with his right hand, and his eyes are wide open in shock and rage. In the background, a door is open, and one of the court watches the horrific scene.

Rubens painted Boreas Abducting Orithyia in about 1620, when he was at the peak of his career. Boreas is shown in his classical guise, as a roughly bearded old man with wings. He is sweeping Orithyia up in his arms, while a cluster of Cupids are engaged in a snowball fight, a lovely touch of humour, and a subtle reference to winter.

This oil sketch of Aurora Abducting Cephalus was probably painted by Rubens in 1636-37, late in his life, for his workshop to complete as a painting for King Philip IV of Spain’s hunting lodge at Torre de la Parada, near Madrid. In addition to showing the willing Aurora trying to persuade the reluctant Cephalus to join her in her chariot, it includes some details differing from Ovid’s story: Diana’s hunting dog and javelin, given by Procris to her husband after their reconciliation, occurs later in the story, and may be intended as attributes to confirm his identity.

His oil sketch of Cephalus and Procris (1636-37), shows the couple just before Cephalus throws the fateful javelin at his wife.

Rubens’ initial oil sketch of The Fall of Icarus (1636) above, was presumably turned into a finished painting by his apprentice Jacob Peter Gowy. Icarus, his wings in tatters and holding his arms up as if trying to flap them, plunges past Daedalus. The boy’s mouth and eyes are wide open in shock and fear, and his body tumbles as it falls. Daedalus is still flying, though, his wings intact and fully functional; he looks towards the falling body of his son in alarm. They are high above a bay containing people with a fortified town at the edge of the sea.

In the previous article I looked at how RunningBoard monitored an ordinary notarized macOS app, but didn’t manage its life cycle by limiting its access to resources such as memory, CPU or GPU. Here I extend that to the two types of app that are most likely to be managed by RunningBoard, Catalyst and iPadOS apps.

Catalyst

Apple introduced this as a streamlined way for developers of iPadOS apps to be able to create a version that runs in macOS from Catalina onwards. When running on macOS, Catalyst apps are dependent on RunningBoard’s life cycle management, UIKitSystem (which first appeared in macOS Mojave) to bridge between UIKit’s class framework in iPadOS and those in macOS, and additional -board services including FrontBoard, FuseBoard and BaseBoard. Catalyst apps also have access to some features in AppKit, the central class framework for apps developed for macOS, at least until SwiftUI has started to replace it.

Although Apple might have had high hopes of Catalyst bringing many new apps from iPadOS, it hasn’t proved popular with third-party developers, and the ability of Apple silicon Macs to run iPadOS and iOS apps has reduced its relevance to users.

Job descriptions

RunningBoard’s lengthy job descriptions recorded in the log early during the app launch process allow regular macOS, Catalyst and iPadOS apps to be distinguished easily. At the start of each job description, the Platform is recorded, 1 for macOS, 2 for iPadOS, and 6 for Catalyst.

Other differences in job descriptions include:

• In EnvironmentVariables, iPadOS adds Container values for CFFIXED_USER_HOME and _DYLD_CLOSURE_HOME.
• In AdditionalProperties, both Catalyst and iPadOS apps have “Managed” set to true, and SpawnConstraints containing their CDHashes.
• In AdditionalProperties, iPadOS apps have a BeforeTranslocationBundlePath specified.

Catalyst launch

Catalyst apps are launched using the same basic sequence of events as regular macOS apps, with some additional overhead resulting from their UIKitSystem and -board service support. However, when they reach RunningBoard they become managed, in the test case denying it access to the GPU:
00.984295 com.apple.runningboard [app…] Memory Limits: active 0 inactive 0
00.984303 com.apple.runningboard [app…] This process will be managed.
00.984307 com.apple.runningboard <private> is not freezer eligible, disabling freezing.
00.985634 com.apple.runningboard [app…] Set jetsam priority to 0 [0] flag[1]
00.985649 com.apple.runningboard 3638 Set Darwin GPU to "deny"
00.985708 com.apple.runningboard 3638 setGPURole role to 2 (no effect for this process)
00.985715 com.apple.runningboard [app…] Disabled CPU monitoring
00.985716 com.apple.runningboard [app…] Reset CPU monitoring limits to defaults
00.985717 com.apple.runningboard [app…] Resumed CPU monitoring
where [app…] is the app identifier.

Later management includes regular state updates, such as
01.209325 com.apple.runningboard Update delivered for [app…] with taskState 4
01.209327 com.apple.runningboard Received state update for 3638 (app…, running-active-Visible

iPadOS launch

iPadOS and iOS apps are launched completely differently on macOS. Initially MIS, presumably MobileInstallationService, validates the app and its Wrapper, which are translocated to a hidden location in /private/var/folders, from where the wrapped app will be launched. Translocation isn’t intended as a security measure, as it is with macOS apps run there when in quarantine, but is required to work around two limitations:

• iOS/iPadOS apps may expect to be run from a path that doesn’t contain whitespaces. The path to the translocation folder guarantees that.
• In macOS, the user can run apps from (almost) any path, such as the Desktop, and can rename apps. The translocation path ensures the app’s name and path remain fixed.

Those are reflected in the following log entries, which have changed little since Big Sur:
00.946662 com.apple.mis Bundle: <private>
00.946662 com.apple.mis Is main executable: 0
00.953668 com.apple.syspolicy MIS validation result: 0
00.953673 com.apple.syspolicy Valid app wrapper: <private>
00.953719 com.apple.syspolicy appWrapperPolicyResult: <private>, AWPolicyResult: 1,1,0
00.956399 com.apple.securityd SecTranslocateCreateGeneric: created /private/var/folders/x4/[…]/d/Wrapper
00.965043 com.apple.launchservices LAUNCH: translocate to <private> from <private>
01.047816 com.apple.launchservices Marking <private> as .requiresSecureLaunch because it is PLATFORM_IOS or PLATFORM_MACCATALYST.
01.049878 com.apple.launchservices LAUNCH: _LSLaunchThruRunningboard: com.parrot.freeflight6 / <private>
FairPlay DRM is then accessed through the Secure Enclave Processor.

When it reaches the attention of RunningBoard, the app’s memory limits are set, it’s denied the GPU, and it’s then managed through its life cycle.
02.365127 com.apple.runningboard [app…:3466] Memory Limits: active 16384 inactive 16384
02.365137 com.apple.runningboard [app…:3466] This process will be managed.
02.365142 com.apple.runningboard <private> is not freezer eligible, disabling freezing.
02.365150 com.apple.runningboard Now tracking process: [app…:3466]
02.367347 com.apple.runningboard 3466 Set Darwin GPU to "deny"
02.367450 com.apple.runningboard 3466 setGPURole role to 2 (no effect for this process)
02.367460 com.apple.runningboard [app…:3466] Disabled CPU monitoring
02.367462 com.apple.runningboard [app…:3466] Reset CPU monitoring limits to defaults
02.367464 com.apple.runningboard [app…:3466] Resumed CPU monitoring
02.367496 com.apple.runningboard [app…:3466] set Memory Limits to Hard Inactive (16384)
where [app…:3466] is the app identifier.

That’s followed by frequent assertions and state updates.

PerfPowerServices

Some users have reported RunningBoard using high CPU %, sometimes associated with high levels from PerfPowerServices. By chance, during these tests I encountered a similar situation. For several seconds, the log was filled with entries recording com.apple.PerfPowerServices requesting management information from RunningBoard about most if not all services running at that time.

Many entry sequences followed the pattern:
00.004740 com.apple.runningboard PERF: Received request from [osservice<com.apple.PerfPowerServices>:976] (euid 0, auid 0) (persona (null)): lookupHandleForPredicate:error:
00.004743 com.apple.runningboard PERF: Received lookupHandleForPredicate request from [osservice<com.apple.PerfPowerServices>:976] (euid 0, auid 0) (persona (null))
00.004971 com.apple.runningboard _multiInstance = 0
00.004973 com.apple.runningboard _executablePath = /usr/sbin/cfprefsd
00.004974 com.apple.runningboard no additional launch properties found for <private>
00.005020 com.apple.runningboard _resolveProcessWithIdentifier pid 2712 euid 277 auid 277
00.005040 com.apple.runningboard Resolved pid 2712 to [osservice<com.apple.cfprefsd.xpc.agent(277)>:2712]
00.005089 com.apple.runningboard memorystatus_control error: MEMORYSTATUS_CMD_CONVERT_MEMLIMIT_MB(-1) returned -1 22 (Invalid argument)
00.005091 com.apple.runningboard memorystatus_control error: MEMORYSTATUS_CMD_CONVERT_MEMLIMIT_MB(0) returned -1 22 (Invalid argument)
00.007828 com.apple.runningboard Full encoding handle <private>, with data 44b0344500000a98, and pid 2712
00.008019 com.apple.runningboard [osservice<com.apple.cfprefsd.xpc.agent(277)>:2712] is not RunningBoard jetsam managed.
00.008040 com.apple.runningboard [osservice<com.apple.cfprefsd.xpc.agent(277)>:2712] This process will not be managed.
for multiple copies of cfprefsd, and many other processes.

Presumably PerfPowerServices is concerned with performance power services, but the purpose of these many requests is unknown. After a few seconds of frenetic activity, and more than 10,000 log entries, this subsided and normal running was resumed. If anyone can provide an explanation, I’d be most grateful.

Key points

• RunningBoard job descriptions record the app Platform: 1 for macOS, 2 for iPadOS, and 6 for Catalyst.
• Catalyst apps are managed by RunningBoard through a relatively normal launch sequence.
• iPadOS/iOS apps are launched differently, in a Wrapper and translocated to avoid problems with their name and path in macOS.
• iPadOS/iOS apps rely on FairPlay DRM accessed through the Secure Enclave.
• iPadOS/iOS apps have memory limits imposed by RunningBoard.
• PerfPowerServices can busy RunningBoard with many requests and high CPU %. The cause is unknown, but that high activity should settle of its own accord.

From the start of his career, Lovis Corinth was a great admirer of the paintings of Rembrandt, and like him he painted a series of self-portraits reflecting changes in his life. This penultimate article in the series to commemorate his death a century ago looks at a selection of those. These should cast light on whether his style changed dramatically over the course of his career, and what effects his stroke at the end of 1911 may have had on that style.

His earliest self-portrait is typical of his initial detailed realist style, although he didn’t show the meticulous detail in his hair or beard, for instance, that was more popular earlier in the nineteenth century.

By his later years in Munich, the skin of his face has become more painterly, and non-flesh surfaces such as his shirt and the landscape background, as well as the skull, have obviously visible brushstrokes. A simple self-portrait was also not enough: he posed beside a skeleton, drawing the comparison between his living, fleshy face, and the fleshless skull next to it.

His move from Munich, where he already had a reputation for drinking and social life, to Berlin brought him love and inspiration from his fiancée then wife Charlotte Berend, but intensified his work, social life, and drinking. His depiction of flesh has a rougher facture, and most of the passages in this work appear to have been sketched in quickly.

These changes are even more evident in this wild and ribald double portrait with his wife, posing appropriately as Bacchantes. His chest and left arm now have stark dark brushstrokes giving the flesh a texture rather than form.

Before his stroke, and the outbreak of the First World War, he posed as the standard-bearer to a mediaeval knight, his head held high with pride for Prussia. The flesh of his face now appears rough-hewn, particularly over surfaces that would normally be shown smooth and blended, such as the forehead. Bright patches on the suit of armour are shown with coarse daubs of white paint.

After his stroke, and just as the First World War was about to start, there has been little roughening in his facture. His face, though, looks more worried, and his previous pride appears to have been quashed.

By the end of the war, when he was 60, he had aged markedly, with receding hair and gaunt cheeks. Although his face and hand are as sketchy as before, his hair and left ear have been rendered more roughly still.

When he was out in the country sun at the family’s chalet by Walchensee, he painted his clothing and the landscape extremely roughly. He looks his years, but if anything appears more healthy and relaxed than when he was confined to Berlin.

His last self-portrait shows age catching up with him, and has even rougher facture. His forehead is now a field of daubs of different colours, applied coarsely. His hair consists of gestural marks seemingly made in haste.

Although there’s a clear trend towards a rough facture over the years, I can’t see any particular watershed either following his stroke or at another time that suggests sudden change. Can you?

References

Wikipedia.

Lemoine S et al. (2008) Lovis Corinth, Musée d’Orsay & RMN. ISBN 978 2 711 85400 4. (In French.)

I hope that you enjoyed Saturday’s Mac Riddles, episode 316. Here are my solutions to them.

1: From PageRank and 10^100 to a set of letters.

2: A hooligan went from directory to search then declined into finance and news.

3: After changing name three times, this directory has gone wavy.

The common factor

I look forward to your putting alternative cases.

This is the last batch of ‘simple’ updates to my free apps to bring them up to the expectations of macOS 26 Tahoe. With them comes a minor update to my log browser LogUI, which is recommended for all using Tahoe, as it fixes an annoying if fundamentally cosmetic bug.

Preparing these updates for release was a little troublesome, as I attempted this using developer beta 3 of Tahoe and Xcode 26 beta 3. Little did I realise when I got all four rebuilt, tested and notarized, that this combination had stripped their shiny new Tahoe-compliant app icons. That made these new versions unusable in Sequoia and earlier, as they each displayed there with the generic app icon, despite working fine in Tahoe.

Eventually I discovered that I could build fully functional versions using Xcode 26 beta 2 in Sequoia 15.5, so that’s how they have been produced.

File integrity

Five years ago I build a suite of two apps and a command tool to enable checking the integrity of file data wherever it might be stored. This uses SHA256 hashes stored with each checked file as an extended attribute. At that time, the only alternative saved hashes to a file in the enclosing folder, which I considered to be suboptimal, as it required additional maintenance whenever files were moved or copied to another location. It made more sense to ensure that the hash travels with the file whose data integrity it verifies.

The three are Fintch, intended for use with single files and small collections, Dintch, for larger directories or whole volumes, and cintch, a command tool ideal for calling from your own scripts. As the latter has no interface beyond its options, it continues to work fine in macOS 26.

Since then other products have recognised the benefits of saving hashes as extended attributes, although some may now use SHA512 rather than SHA256 hashes. What may not be apparent is the disadvantage of that choice.

Checking the integrity of thousands of files and hundreds of GB of data is computationally intensive and takes a lot of time, even on fast M4 chips. It’s therefore essential to make that as efficient as possible. Although checksums would be much quicker than SHA256 hashes, they aren’t reliable enough to detect some changes in data. SHA algorithms have the valuable property of amplifying even small differences in data: changing a single bit in a 10 GB file results in a huge change in its SHA256 hash.

At the same time, the chances of ‘collisions’, in which two different files share the same hash, are extremely low. For SHA256, the probability that two arbitrary byte sequences share the same hash is one in 2^256, roughly one in 1.2 x 10^77. Using SHA512 changes that to one in 2^512, which is even more remote.

However, there ain’t no such thing as a free lunch, as going from SHA256 to SHA512 brings a substantial increase in the computational burden. When run on a Mac mini M4 Pro, using its internal SSD, SHA256 hashes are computed from files on disk at a speed of around 3 GB/s, but that falls to 1.8 GB/s when using SHA512 hashes instead.

Dintch provides two controls to optimise its performance: you can tune the size of its buffer to cope best with the combination of CPU and storage, and you can set it to run at one of three different QoS values. At its highest QoS, it will run preferentially on Apple silicon P cores for a best speed of 3 GB/s, while run at its lowest QoS it will be confined to the E cores for best energy economy, and a speed of around 0.6 GB/s for running long jobs unobtrusively in the background.

The two apps and cintch are mutually compatible, and with their earlier versions going back to macOS El Capitan. In more recent versions of macOS they use Apple’s CryptoKit for optimum performance.

Dintch version 1.8 is now available from here: dintch18
Fintch version 1.4 is now available from here: fintch14
and from their Product Page, from where you can also download cintch. Although they do use the auto-update mechanism, I fear that changes in WordPress locations may not allow this to work with earlier versions.

Compression/decompression

Although I recommend Keka as a general compression and decompression utility, I also have a simple little app that I use with folders and files I transfer using FileVault. This only uses AppleArchive LZFSE, and strips any quarantine extended attributes when decompressing. It’s one of my testbeds for examining core allocation in Apple silicon Macs, so has extensive controls over QoS and performance, and offers manual settings as well as three presets.

Cormorant version 1.6 is now available from here: cormorant16
and from its Product Page. Although it does use the auto-update mechanism, I fear that changes in WordPress locations may not allow this to work with version 1.5 and earlier.

LogUI

Those using this new lightweight log browser in Tahoe will have discovered that, despite SwiftUI automatically laying out its controls, their changed sizes in Tahoe makes a mess of the seconds setting for times. This new version corrects that, and should be easier to use.

LogUI version 1 build 70 is now available from here: logui170

There will now be a pause in updates for macOS Tahoe until Apple has restored backward compatibility of app icons, hopefully in the next beta-releases.

For all its toxicity, vermilion proved an enduring red, unlike less dangerous pigments such as crimson, with its natural origin.

People have dyed their clothes and other fabrics using vegetable colourants for as long as we have evidence. Dyes are quite unsuitable for use in durable paintings: instead of solutions of small molecules of colourant that work well applied to fabrics and paper, we much prefer to paint using pigments, in which the colourant is packaged and protected in much larger particles.

One of the early challenges in the history of art materials was the transformation of vegetable dyes into pigments, in a process generally known as laking. The need was simple: take a vegetable dye such as the crimson derived from Madder plants, and fix it into pigment particles that can be dispersed in gum solution for watercolour, or a drying oil medium.

Neither the Romans nor the Greeks appear to have solved this on any scale, but at some time between the Classical civilisations and the pre-Renaissance, someone discovered that aluminium salts will combine with the colourants in madder extract and make a pigment suitable for fine art painting, in madder lake.

Over time, many different recipes for the preparation of madder lakes were evolved. By using different species of Madder plant, adjusting the method of extracting the colourants from its root, and using different salts for the laking process, madder lakes covered a broad range of hues from pale purples through pinks to brilliant scarlet.

As a result, madder lakes were very widely used, and generally sought-after, except that they weren’t lightfast, even when protected in an oil paint film, and many faded rapidly, over months or just a few years.

Friedrich Herlin’s High Altar made for the church of St Jacob in Rothenburg in 1466 is one of the earliest paintings in which madder lake has been demonstrated. Its abundant reds seem to have stood the test of time, although because Herlin’s painting was normally stored with its wings closed, its madder lakes will have had limited exposure to bright daylight.

The two or three different shades of red used by Herlin in the panel of The Presentation of Christ in the Temple are still brilliant, although something odd appears to have happened in the blue robes of the Virgin Mary.

The Mass of Saint Hubert, the right hand shutter of the Werden Altarpiece from about 1485-90, has also retained its deep madder lake reds.

Madder red was mixed with a little lead-tin yellow for the sleeve (at least) in Altobello Melone’s Christ Carrying the Cross, dating back to about 1515.

Niklaus Manuel’s Demons Tormenting St. Anthony, on the left wing outside from the Antonius Altar of 1520, features several different reds, at least one of which contains madder lake as its main pigment. It also appears that some of those reds may have faded: Saint Anthony’s cloak looks pale and anaemic, for example.

Jan Vermeer’s Christ in the House of Martha and Mary from about 1654-56 is a good example of the use of madder lake by one of the Dutch Masters.

When industrial chemistry started to look for improved dyes and pigments in the nineteenth century, attention turned to the humble Madder, in an attempt to isolate the most lightfast components of its root extract, then to synthesise them on an industrial scale.

The main colourant, alizarin, was isolated in impure form in 1826, following which rose-red alizarin lakes became available. The other major colourant, purpurin, was more of a mystery, as little was found in fresh root extract, but it was generated during manufacture and storage; its purification took a few decades longer to achieve.

I suspect that the delicate reds in Henri Fantin-Latour’s Still Life with Chrysanthemums (1862) owe much of their colour to partially-purified alizarin crimson derived from Madder root.

Alizarin was first synthesised in about 1869, became available as a pigment in its own right from 1891, and was considered to be both more consistent in its colour and more lightfast. However, its lightfastness didn’t prove as good as had been hoped, and since the late twentieth century the fading of alizarin crimson has been used in lightfastness testing to demonstrate that sufficient light exposure has occurred. It has effectively become the benchmark for non-lightfastness.

Modern professional watercolour ranges, here those from QoR, often include a paint designated as Permanent Alizarin Crimson, which doesn’t contain alizarin or any other derivative of the Madder plant.

A few ranges, including Winsor & Newton Artists’ Watercolour Sticks, do still offer genuine alizarin crimson (PR83). Unless you are content for that colour to fade on exposure to light, you should avoid using it in any significant work.

This is true even in oil paints, where ranges such as Williamsburg’s offer a Permanent Crimson using a more lightfast pigment.

It’s a great pity that the crimson used by Vermeer and extensively by JMW Turner has such fugitive colour. At least we now have several excellent alternatives.

Reference

Helmut Schweppe and John Winter (1997) Artists’ Pigments, vol 3, ed Elisabeth West Fitzhugh, Archetype. ISBN 978 1 904982 76 0.

I can confirm that there are ghosts in Macs. I know because I have seen them, spectres of rock bands from well over 50 years ago, speaking to us from the past, a dozen years before the first Mac, and four years before Apple was even founded. The band in question is named Creedence Clearwater Revival, who split up in 1972. Their appearance on Macs has been sporadic, in the form of a mystery volume that seems to mount from nowhere, whose name starts with the distinctive neologism coined by CCR’s rhythm guitarist Tom Fogerty after his friend Credence Newball.

Last week it turned out that mystery volume is a cryptex, one of the 23 used to provide support for Apple Intelligence in macOS, iOS and iPadOS.

Cryptexes are both straightforward and rather strange. They’re basically just a cryptographically secured disk image, but when they’re loaded by APFS, rather than being mounted as a volume, they get grafted into the file system almost as if they had been firmlinked into it. Although they didn’t exactly impress when used for Rapid Security Responses (RSRs) in macOS Ventura, since then they’ve been put to better use adding flexibility to the Signed System Volume (SSV), an immutable snapshot of the System volume that’s sealed with cryptographic hashes.

While the SSV is a powerful way to secure the boot process, it’s also a little too rigid for some purposes. Not only do cryptexes provide a convenient way to deliver Safari and its supporting components, which previously had to be installed on the Data volume, but they are a flexible solution for large dyld caches, accommodating to the differing needs of Intel and Apple silicon Macs. Intel Macs only use those built for their own architecture, but Apple silicon Macs require support for both, with the Intel version available for use by Rosetta 2 when running translated x86 code.

What I hadn’t realised, and hadn’t seen reported elsewhere, was how the extras needed for Apple Intelligence, another single-platform feature, are also provided in cryptexes. Unlike those for the system, these aren’t grafted early during the boot process, so can be downloaded and installed when a user enables AI, and thereafter grafted after that user has logged in. Their contents then appear among the thousands of install-on-demand linguistics and other components in /System/Library/AssetsV2, as I described earlier this week.

Presumably they merit this special protection because of their access to Private Cloud Compute (PCC), consistent with Apple’s stringent policies and engineering to ensure the robustness of PCC. Indeed, as Apple describes, the PCC is apparently an enthusiastic user of cryptexes: “Additional software outside the base operating system can be delivered to the system only in the form of cryptexes, which contain their own Image4 manifest and trust cache.” Apple goes on to provide a detailed account of how cryptexes are handled by PCC. This illustrates how sophisticated their management can be, and explains why, despite their shaky introduction as RSRs, cryptexes are proliferating.

This could change when macOS 27 goes single-architecture next year, and there’s no need to cater for both chalk and cheese. But I suspect the advantages of augmenting the SSV with the flexibility of cryptexes will remain sufficiently attractive to ensure they are retained in macOS, as they already are in iOS and iPadOS.

Cryptexes are also remarkably unobtrusive, as has been apparent with the 23 currently used to support AI. That is until something unearthly happens deep inside the grafting mechanism in macOS and accidentally mounts a cryptex as a disk image, making it appear like a spectre in the Finder. In my case it must have occurred when I copied a cryptex from its hiding place among those files in /System/Library/AssetsV2 and mounted it to see what it contained. Exorcising this ghost required compressing the cryptex, trashing the copy I had made, and repeatedly trying to unmount it until it finally stopped appearing following startup.

But I still know how to summon the spirit of Creedence Clearwater Revival whenever I need to remind myself of the early 1970s. Now if someone would be kind enough to tell me which cryptex brings the spirit of Pink Floyd, I’ll leave you in peace.

As a primary colour, red is essential to most palettes, but it has also proved technically challenging to find pigments that are both intense and lasting. This weekend I look at the history of two contenders, in vermilion and crimson, names also steeped in history.

There’s one red that looks as brilliant today as when it was first brushed out five hundred or even two thousand years ago. It’s a pigment known to, and used by, the Romans, and in ancient China was not only used extensively in art, but was scattered in graves. Vermilion is one of the most toxic pigments, and over the last century has been displaced by cadmium red and more novel organic pigments. Look at many paintings made before 1870, and their reds are likely to be dominated by vermilion.

For a long time, vermilion paint was made using powdered cinnabar, naturally-occurring mercuric sulphide, and is then technically known as cinnabar rather than vermilion. Its manufacture from liquid mercury was probably brought from China to Europe, since when much of the vermilion pigment used in Europe has been synthetic.

The main source of cinnabar, and of the metal mercury, in Europe were the mines at Almadén in Spain. These were used by the Romans, and until their closure in 2000 had produced more cinnabar and mercury than any other location. In 1563, deposits were discovered in Huancavelica in Peru, and they were the second largest source over the following three hundred years. Other important sources have been located in China, Slovenia, Italy, Mexico, and the USA.

The mining of cinnabar has long been recognised as hazardous due to its great toxicity, something known as far back as the Romans. Locked in pigment particles in oil paint it’s less hazardous than in water-based paints such as egg tempera; it’s wisest not to use cinnabar or vermilion in dry form, as in pastels, even with good respiratory and skin protection. Even with careful handling, pigment residues pose a serious threat to the environment.

The brightest of the reds in Duccio’s Transfiguration, from the Maestà Predella Panels painted in 1307-11, have the distinctive colour of vermilion. It is often associated with holy people, and holy objects, and contrasts with the other brilliant pigment of ultramarine, which is conventionally used in the clothing of the Virgin Mary.

Its one unfortunate habit is a tendency to blacken, by forming the black version of cinnabar known as metacinnabar. This tends to happen more often in the thinner, less protective paint films of aqueous media, particularly egg tempera, as shown in Nardo di Cione’s Saint John the Baptist, Saint John the Evangelist and Saint James from 1363-65. The lining of the clothing of the saint at the right uses vermilion, and has darkened in patches as a result.

Masaccio’s panel of Saints Jerome and John the Baptist from the Santa Maria Maggiore Altarpiece, from 1428-29, is another fine example of the use of a lot of vermilion (as cinnabar). The robes of Saint Jerome, on the left, may also show a little darkening in patches, but contrast well with the paler and pinker red of Saint John the Baptist at the right.

Cinnabar saw extensive and highly effective use by the van Eycks in The Ghent Altarpiece (c 1432). Because this was painted in oils, the chances of discolouration are much lower.

Botticelli used cinnabar in several passages in his Mystic Nativity (1500), where its persistent colour contrasts with his use of other red pigments, which haven’t retained their colour as well.

All the Masters and most other significant artists of the past used cinnabar, or vermilion when it was being manufactured in Europe by the early seventeenth century. Tintoretto was no exception, as shown in these two examples: Jupiter and Semele (1545) above, and The Origin of the Milky Way (c 1575), below.

Peter Paul Rubens’ centre panel of the Descent from the Cross (1612-14) in the huge triptych in Onze-Lieve-Vrouwekathedraal, in Antwerp, is one of the most spectacular demonstrations of the use of vermilion, and its lasting chromatic brilliance.

Rembrandt is another Master who used vermilion to great effect, here in the dress of the woman at the right, in his Belshazzar’s Feast (c 1635-38). The colour draws attention to her as she is so shocked as to empty the goblet she is holding in her right hand. A duller colour might have allowed this dramatic action to pass unnoticed by the viewer.

Aelbert Cuyp’s Hilly River Landscape with a Horseman talking to a Shepherdess from about 1655-60 is one of the few oil paintings in which darkening of cinnabar has become obvious. The pigment serves well in the huntsman’s coat, but has darkened in patches.

William Hogarth played on another common association of the colour red in the third painting, The Inspection, from his series Marriage A-la-Mode (c 1743). Although in English we usually refer to a scarlet woman, rather than a vermilion one, his use of vermilion here is effective in portraying the woman as a prostitute.

Vermilion remained popular well into the latter half of the nineteenth century, long enough for it to grace the paintings of the Pre-Raphaelite movement and the French Impressionists.

Although Claude Monet used just a few dabs and strokes of vermilion in his landmark painting Bathers at la Grenouillère (1869), he continued to use it well into the latter years of his career. By that time, though, the new cadmium reds were replacing vermilion, a process that is almost complete today, with cadmiums now being superceded by modern organic pigments.

Reference

RJ Gettens, RL Feller & WT Chase (1993) Artists’ Pigments, vol 2, ed Ashok Roy, Archetype. ISBN 978 1 904982 75 3.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: From PageRank and 10^100 to a set of letters.

2: A hooligan went from directory to search then declined into finance and news.

3: After changing name three times, this directory has gone wavy.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Depending on where you were, public Internet access first came in the early 1990s. Before that there were dial-up bulletin boards accessed using a modem.

The first of those bulletin boards (BBS) went online in Chicago in 1978, thanks to the pioneering work of Ward Christensen and Randy Suess. Those were joined by FidoNet BBSes in 1984-85, developed by Tom Jennings in San Francisco. Here in the UK one of the earliest was Compulink Information Exchange, founded by Frank and Sylvia Thornley. That went commercial as CIX in 1987, and the following year brought the first public access in the UK to limited Internet services such as email and Usenet.

Following discussions on CIX, Cliff Stanford (1954-2022) and his business partners Grahame Davies and Owen Manderfield set up the UK’s first public Internet service, Demon Internet, in a scheme originally known as tenner a month, or TAM. This was founded on the strength of 200 initial subscribers each paying £10 per month a year in advance from 1 June 1992. Demon grew rapidly to reach more than 50,000 subscribers, following which it was bought by Scottish Telecom in 1997, and two years later was demerged and became a public-traded company Thus plc.

At this time, Apple employees and third-party developers communicated using an integrated email system, AppleLink, a service operated by a descendant of General Electric (GE), one of the early computer manufacturers, GE Information Services Company, or GEISCO. Apple’s Internet presence expanded as AppleLink shut down in 1997. GEISCO went on to become GEnie, and died quietly with the new millennium.

Dial-up

Dedicated connections over ADSL were still prohibitively expensive for most users. Like most landline phone calls, online charges were highest during the day, and fell after 6 o’clock in the evening. Most nights the race would be on to see who could connect to their Internet provider before they ran out of incoming phone lines, and you’d have to wait an hour or two before one became available. The following screenshots walk through establishing an Internet connection using Mac OS 8.6 or 9.x with TCP/IP and Remote Access control panels, in 2001.

Armed with your ISP’s instructions and connection details (phone numbers, log on sequences, etc.), open the Modem control panel and check it’s configured correctly (port/internal, modem type). Then open the TCP/IP control panel, and use the Edit/User Mode menu command to display this dialog.

Changing user mode increases the scope of the TCP/IP dialog. In most cases, switch the upper pop-up menu to PPP (the protocol you’ll use to access your ISP), and configure the next pop-up down to Using PPP Server. Some ISPs may instruct differently. Other boxes should only be completed if advised – IP addresses of name servers, for instance. Some ISPs may advise you of a ‘hosts’ file (specifying IP addresses for services such as mail and news), which can be read in by clicking the Select Hosts File button.

Click on the Options button and ensure that TCP/IP is made active. If you can spare the memory, uncheck the Load Only When Needed box, to save memory fragmentation. Using the File/Configurations menu command, name and save these TCP/IP settings so they can be recalled readily. Then quit the control panel.

You should normally access your ISP through the Remote Access control panel, which needs to be set up with the access phone number, your user name (normally the first part of your Internet domain name, allocated by your ISP), and password. Unless you fancy typing your password in every time (or have security problems such as children!), let it save your password.

Click on the Options button to set other important features of Remote Access. Some ISPs require a full script to log on each time, in which case you must obtain a copy from the ISP, and install the script here, for a command-line host. This is unnecessary for most ISPs, thankfully. Avoid checking the top option, of connecting whenever you start TCP/IP applications, as it can cause untold aggravation each time you start your Web browser, for instance. Set any other options, and click on OK.

Finally, set up your email software, browser, and other Internet applications. In recent versions of Mac OS, Apple provides the Internet control panel as an easy way to do this – details entered here, particularly for incoming and outgoing mail, should apply to all compliant applications. Then re-open Remote Access and your applications, and click on Connect.

Mobile

Even if you were fortunate enough to have a mobile phone in those days, they had to use dial-up Internet connections too. So what did we do when we were on the road with a PowerBook G4, or the modem couldn’t connect? We connected to the Internet via a Bluetooth dongle and mobile phone. This next sequence of screenshots explains how to manage this technological feat. The phone I was using at the time was a brand new Ericsson T68, with a display resolution of 101 x 80 in 256 colours, no camera, but the novelty of predictive text. My Mac was running Mac OS X 10.1.x or later, with Apple’s Bluetooth support software (bundled in 10.2 Jaguar), an Apple-supplied D-Link USB Bluetooth transceiver, and Bluetooth-equipped mobile phone with airtime facilities and contract (e.g. GPRS).

Install the Bluetooth software (10.2 already has support) and connect your USB adaptor to a port on your Mac. A new pane appears in System Preferences, Bluetooth. Click to open it and check the Discoverable and Show Bluetooth Status items. Enter the Bluetooth control section of your phone’s menus, turn Bluetooth on, then set your phone to Discover. Authenticate using the same number, 1111 perhaps, on each, and they should pair.

Once paired, and that can sometimes prove a bit fiddly, your phone knows your Mac by its AppleShare computer name, and your Mac knows the phone by its name. Re-pairing in the future should be simpler, but follows the same basic sequence of making your Mac discoverable, letting the phone discover it, then completing the pairing. Switch your phone’s Bluetooth to automatic to save battery power when not paired.

Click on the Network pane, and using the Active Network Ports popup item turn off other connections apart from bluetooth-modem. Configure that connection to use PPP in the TCP/IP pane. Switch to the PPP pane, and enter connection details provided by your phone network. The phone ‘number’ to dial is a special series of characters, set by the network, and you may need to set PPP Options too.

In the Modem pane, select an appropriate phone from the popup Modem list. Although using an Ericsson T68 here, the closest listed is the T39 running at 28.8 Kbps (not Mbps). You may have to try out different modem setting scripts to see which works best with your particular phone, network, and airtime contract. You can also create your own connection scripts using Modem Script Generator.

Apply the changes to Network now, and open the Internet Connect application. Ensure that the correct configuration is selected, and check the details again. When you’re happy, and confident that your phone is within Bluetooth signal range and has a good phone signal strength (if using GPRS, ensure that its signal is strong rather than the regular GSM voice signal), click on the Connect button.

Once your connection is established you can browse the Web, collect and send email, and use all the facilities of the Internet from your Mac. Connection speeds are inferior to those made over telephone wires, though, and pedestrian compared with broadband. The menubar status holds a popup menu for ready access to key applications. Click on Internet Connect’s Disconnect button when finished.

Finally, in case you hadn’t already gathered, these were really slow Internet connections, and even small downloads could take several hours, if you weren’t disconnected. But there were times when software played tricks to amuse us. Here’s a screenshot of me trying to download and install the 14.4 MB update via Demon, to take Mac OS X 10.1 Puma to version 10.1.1 in November 2001, claimed to take 11,643 days at 44 Kbps.

Further reading

Bulletin boards (Wikipedia)
FidoNet (Wikipedia)
CIX (Wikipedia)
Demon Internet (Wikipedia)
AppleLink, a long personal reminiscence

This is the last of four articles providing brief summaries and contents for this series of paintings telling myths from Ovid’s Metamorphoses, and covers parts 55-74, from the foundation of Troy to the age of Augustus.

The foundation of Troy by Laomedon who failed to repay Apollo and Neptune for their help, so Neptune floods the city. Peleus marries the Nereid Thetis, with their wedding banquet on Mount Pelion, attended by the gods. Eris, goddess of discord, throws a golden apple into the group as a reward for the fairest, setting up the Judgement of Paris and leading to the war against Troy. Thetis gives birth to Achilles.

55 The Wedding of Peleus and Thetis

Chione boasts she is fairer than Diana, so the goddess shoots an arrow through her tongue, and she bleeds to death. Her father is turned into a hawk. Ceyx and Halcyone are turned into kingfishers. Aesacus is turned into a seabird after the death of Hesperia from a snake bite.

56 The hawk, kingfishers and a diver

After his judgement, Paris abducts Helen and triggers the war against Troy. The thousand ships of the Greeks gather at Aulis, where they’re delayed by storms. Their leader Agamemnon had offended Diana, so has to sacrifice his daughter Iphigenia to propitiate the goddess. At the last moment, Diana may have substituted a deer.

57 The sacrifice of Iphigenia

The Greek fleet sets sail against Troy, and when it arrives Protesilaus, the first to land, is killed by Hector. Achilles kills Cycnus, who is transformed into a swan. Caeneus was born a woman and raped by Neptune, for which she was turned into a male warrior. Nestor tells of the battle between Lapiths and Centaurs at the wedding of Pirithous and Hippodame.

58 A wedding ruined by centaurs

Neptune’s hatred for Achilles leads to the warrior’s death from an arrow shot by Paris.

59 The death of Achilles

Ajax and Ulysses contest for the armour of Achilles, but Ajax loses and falls on his sword. His blood is turned into the purple hyacinth flower. Troy falls, Priam is killed, Hector’s son Astyanax is thrown from a tower, and Troy is sacked by the Greeks.

60 The sack of Troy

Queen Hecuba’s youngest son is murdered, and her daughter Polyxena is sacrificed to gain fair winds for the departing Greek fleet. Hecuba blinds Polymestor and is transformed into a dog. Aurora laments the death of her son Memnon.

61 Sacrifice of Polyxena

Aeneas flees Troy with his father Anchises and son Ascanius, but his wife Creusa dies before she can escape. They sail with a fleet of Trojan survivors to Delos, then on to Crete.

62 Aeneas flees Troy

Aeneas sails on to land on Sicily. Galatea tells the story of her love for Acis, and the jealousy of Polyphemus the Cyclops, who killed Acis, whose blood was turned into a stream.

63 The tragedy of Galatea

Glaucus pursues Scylla, and is refused, so he visits Circe, who turns the lower part of Scylla’s body into a pack of dogs, then finally into a rock in the Straits of Messina. Together with Charybdis the whirlpool, they pose a threat to Odysseus’ ship.

64 Scylla meets Glaucus

Aeneas is rowed through the straits only to be blown south to Carthage, where he has an affair with Queen Dido. When he departs she falls on a sword he gave her and dies on her funeral pyre. Aeneas returns north to land at Cumae to visit its Sibyl. The pair visit the underworld, where they meet the ghost of Anchises.

65 The Cumaean Sibyl

A survivor left from Ulysses’ crew tells of their encounter with the Cyclops Polyphemus, who had held them captive. Ulysses got him drunk and blinded his single eye. The crew escaped tied under a flock of sheep. As they fled in their ship, the Cyclops threw a huge rock at them.

66 The tale of Polyphemus

A second of Ulysses’ crew tells of their time on Circe’s island. She turned them into pigs, but they were transformed back after Ulysses and Circe married.

67 Circe and her swine

Circe transforms Picus, King of Latium, into a woodpecker. Aeneas arrives at Latium, where he has to fight Turnus for the throne. Aeneas’ ships are burned and transformed into sea nymphs. As the end of Aeneas’ life draws near, he undergoes apotheosis to become Indiges.

68 Apotheosis of Aeneas

Pomona, a dedicated gardener who shuns men, is courted unsuccessfully by Vertumnus, god of the seasons. He assumes the guise of an old woman to try to persuade her, and tells her the tragic story of Iphis and Anaxarete, who was transformed into a statue. Vertumnus finally succeeds.

69 Vertumnus and Pomona

Rome is founded by Romulus. Its war with the Sabines, the death of the Sabine King Tatius, and Romulus becomes ruler of both peoples. Romulus is transformed into the god Quirinus, with his wife Hersilia as the goddess Hora.

70 Romulus and the founding of Rome

Myscelus is saved from death and goes on to found Crotona, where Pythagoras lived in exile. Pythagoras expounds change and transformation underlying everything in nature, and the central theme of Metamorphoses. The virtues of vegetarianism. King Numa returns to Rome and establishes its laws.

71 Pythagoras and Numa

Plague strikes Rome. The oracle at Delphi tells the Romans to bring the god Aesculapius to the city. He is taken as a snake from Epidaurus to his temple on Tiber Island, and the Romans are saved from plague.

72 Plague and Aesculapius

The assassination of Julius Caesar, who then undergoes apotheosis.

73 Julius Caesar

Jupiter foretells the accomplishments of Augustus, including success in battle, the fall of Cleopatra, and growth of the empire. The fate of Ovid in banishment to Tomis on the Black Sea.

74 The Age of Augustus

This week’s security data updates were quite a surprise. We’ve grown accustomed to Apple tweaking XProtect’s data most weeks, but this week was a bit different, and came with an update to XProtect Remediator as well, the first in four months. This article explores what they have brought.

Although this security data all goes under the name of XProtect, there are three different protection systems involved.

The traditional XProtect contains a set of ‘Yara’ rules used when performing Gatekeeper scans of new executable code, most notably when a quarantined app is first run, although recent macOS also runs XProtect checks on other occasions. Those rules are used to determine whether the code being scanned is known to be malicious, and if it’s found to be positive, macOS refuses to run that code and you’re told to trash the app.

XProtect Remediator only runs in Catalina and later, where it performs daily background scans to detect and remove software it believes to be malicious. It currently contains 24 separate scanning modules, each designed to detect and ‘remediate’ a different family of malware. Some of its modules also use the detection rules in traditional XProtect, so are improved by regular XProtect data updates. Surprisingly, if XProtect Remediator detects and removes malware, you aren’t notified, although that is recorded in the log and reported as an Endpoint Security event that can be detected by some third-party security software.

Inside the XProtect Remediator app are two files used by the third XProtect, which detects potentially malicious activity such as tampering with parts of a browser’s files. This is therefore referred to as XProtect Behavioural, or by the name it gives to the detection rules it uses, Bastion. Unlike the other two XProtects, this doesn’t rely on performing static checks, but is watching constantly for malicious activity. Although it records that in its local database, at present it doesn’t inform the user, but reports the activity to Apple, to help it acquire intelligence to improve the battle against malware.

XProtect

XProtect version 5304, provided by Apple on 8 July, makes substantial changes to its Yara detection rules to add what appears to be a new family of malware, code-named Bonzai. New rules refer to five different forms, which are most likely to be different components in the same malware, or separate variants, named Bonanza, Barricade, Blaster, Bonder and Banana. It’s likely that independent security researchers will identify these in the coming days, but for the moment the public name of this malware isn’t known.

Looking through these new Yara rules, they look most likely to be for a ‘stealer’, a type of malware that’s currently prevalent, and steals your secrets to send them to a remote server. There are references to Chrome, Brave, Edge and Firefox extensions, and most interestingly some of the malware has been compiled from code written in the Go language, which is becoming popular in cross-platform malicious code.

The last times that Apple added detection rules as substantial as these were in XProtect version 5284 for Adload and Bundlore, and in 5269 for Dolittle, each being major threats.

Bastion

Until now, the behavioural rules used by Bastion have evolved steadily, and the most rules added in one release has only been two, when XProtect Remediator version 123 came with rules 8 and 9, and changes to rule 7, back in January 2023. This update brings four new rules:

• Rule 14 detects sending AppleEvents to Safari, Firefox or Chrome.
• Rule 15 detects sending AppleEvents to the Finder or Terminal.
• Rule 16 detects Mach lookups for com.apple.pasteboard.1.
• Rule 17 detects writing shell files hidden in ~/ or /etc, such as ~/.zlogin, or /etc/zlogin.

The first two may be intended to detect AppleScript being used to control those browsers, the Finder or to run scripts in Terminal. Rule 16 may also be related to Apple’s recent announcement on controlling access to the pasteboard in macOS 26. Rule 17 concerns settings files commonly used by command shells, readily seen if you reveal hidden files for your Home folder.

These may well be related to Bonzai, and enable Apple to get a better idea of what is going on out here in the wild, and focus its efforts in improving its detection.

XProtect Remediator

Once samples of malware have been obtained, developing and testing new Yara rules to detect it is relatively quick, and often uses AI to accelerate the process. Writing a new scanning module for XProtect Remediator is more complicated, and takes more time. It may well be that an additional Bonzai scanner is already on its way, and might be delivered in a further update in the next couple of weeks, perhaps with some fine-tuning of the new Bastion rules. I’ll be keeping a lookout for those.

Above all, it will be interesting to see what changes are made in third-party security software, and how well those tackle what appears to be novel malware for macOS.

If you’re building apps using Xcode 26 beta on macOS 26 beta, you should beware of the combination of their third betas. If you’re unlucky like me, you’ll discover those shiny new app icons generated by Icon Composer no longer work on any older version of macOS. This is mentioned in the Xcode 26 b3 release notes, and the workaround given is “none”.

Problem

I’ve built over 20 apps now using Icon Composer’s new icon files, with Xcode 26 b2 on macOS 26 b2. All look good in Tahoe and in previous versions of macOS, at least in Sonoma and Sequoia.

Today I built my first apps using icon files already generated by Icon Composer, but this time with Xcode 26 b3 on macOS 26 b3. In every case, I got a build warning that Xcode “failed to generate flattened icon stack for icon named…”. Although the app icon displays fine in macOS 26 b3, when moved across to Sequoia there’s just a generic icon. Inspecting the app bundle reveals that there’s no icns file inside. The Xcode warning implied this might be related to CoreSVG.

Workaround

I next tried building the same projects using Xcode 26 b2 on macOS 26 b3, but that made no difference at all.

What does appear to be effective is to build in Xcode 26 b2 on macOS 15.5. So far each of the apps I’m trying to build has then worked fine in both Tahoe and Sequoia, and that magic icns file is back.

I wish you success.

As I approach the end of this series looking at paintings of interiors, I reach the rooms well out of sight, those that weren’t talked about in polite company. They often used to be known as the scullery, and now as utility rooms. These are where the dull maintenance tasks took place, where the washing was done by maids, the vegetables prepared for the kitchen, and so on. Although never popular in paintings, they have also brought us one of the masterpieces in the European canon.

Portraits of women washing linen first became popular in Dutch and Flemish ‘cabinet’ paintings, such as Gabriël Metsu’s Washerwoman (c 1650), along with other scenes of household and similar activities. This painting appears authentic and almost socially realist: the young woman appears to be a servant, dressed in her working clothes, with only her forearms bare, and her head covered. She’s in the dark and dingy lower levels of the house, and hanging up by her tub is a large earthenware vessel used to draw water. She looks tired, her eyes staring blankly at the viewer.

It took Jan Vermeer to transform a maid at work in a scullery into a masterpiece, in his Milkmaid from about 1658-1661.

A maid is pouring milk from a jug, beside a tabletop with bread. In the left foreground the bread and pots rest on a folded Dutch octagonal table, covered with a mid-blue cloth. A wicker basket of bread is nearest the viewer, broken and smaller pieces of different types of bread behind and towards the woman, in the centre. Behind the bread is a dark blue studded mug with pewter lid, and just in front of the woman a brown earthenware ‘Dutch oven’ pot into which she is pouring milk.

At the left edge is a plain leaded window casting daylight onto the scene. One of its panes is broken, leaving a small hole. Hanging high on the wall on the left are a wickerwork bread basket and a shiny brass pail. The wall behind is white and bare apart from a couple of nails embedded towards its top, and several small holes where other nails once were. At its foot, at the bottom right, five Delft tiles run along the base. In front of those is a traditional foot-warmer, consisting of a metal coal holder inside a wooden case. The floor is dull red, with scattered detritus on it.

Although now much better-known for his still lifes, Jean-Baptiste-Siméon Chardin’s Laundress (c 1735) is one of his many fine genre paintings. This shows a more humorous view of life ‘below stairs’ in a contemporary household. A woman has her voluminous sleeves rolled up and her head well-covered as she launders in a large wooden tub. She looks off to the left of the painting, with a wry smile on her lips.

In front of her, a small child in tatty clothing is blowing a large bubble from a straw, perhaps using some of the soapy water from the washing tub. At the right is one of the cats, looking as inscrutable as ever. Through a partly open door, a maid is seen hanging clean washing up on an indoor line.

Jean-Baptiste Greuze’s Laundress (1761) is in the dilapidated servants’ area, probably in a cellar, where this provocative and flirtaceous young maid is washing the household linen.

The archetype of the maid who seems to have spent all her time in the scullery is Cinderella, in the popular European folk tale.

Edward Burne-Jones’ Cinderella from 1863 shows her reverted to her plain clothes after the ball, but still wearing one glass slipper on her left foot. She is seen in a scullery with a dull, patched, and grubby working dress and apron. Behind her is a densely packed display of blue crockery in the upper section of a large dresser.

John Everett Millais’ version is very different. A much younger girl, Cinderella is sat in her working dress, clutching a broomstick with her left hand, and with a peacock feather in her right. She also has a wistful expression, staring into the distance almost in the direction of the viewer. The only other cue to the narrative is a mouse, seen at the bottom left. She wears a small red skull-cap that could be an odd part of her ball outfit, but her feet are bare, and there is no sign of any glass slipper.

Early in his career, Edgar Degas started painting a series of laundresses toiling indoors. Woman Ironing (c 1869) shows one of the army of women engaged or enslaved in this occupation in Paris at the time. She is young yet stands like an automaton, staring emotionlessly at the viewer. Her right hand moves an iron (not one of today’s convenient electrically-heated models) over an expanse of white linen in front of her. Her left arm hangs limply at her side, and her eyes are puffy from lack of sleep. The room is full of her work, which threatens to engulf her.

Degas’ less gloomy painting of a Woman Ironing (c 1876-87) maintains the impression of this being protracted, backbreaking work, only slightly relieved by the colourful garments hanging around the laundress as she starches and presses white shirts.

As Macs are computers, when they become overloaded with demands on their resources, they can slow down to a crawl. When Apple was developing its first iPhone it realised that wouldn’t work with a phone, so built safeguarding systems into iOS to ensure their continuing smooth function. When Apple was preparing for the transition from Intel Macs to using its own chips, it decided to bring similar safeguards to the management of their resources. These arrived in macOS 10.15 Catalina with the introduction of RunningBoard.

Launching apps in macOS had become increasingly complex, and required more than just running the executable using launchd. For an app to have its GUI, the code it uses has to be wired up with parts of macOS that run the GUI such as WindowServer. When it’s launched, its window(s) have to be created and brought into focus, in front of other windows. It needs its preference file opened, to be added to the Recent Items list, and for a list of its recently opened documents to be made available to its Open Recent menu command. Those latter services have been provided by LaunchServices, and to enable them it maintains a database of exhaustive details about every app it knows.

Prior to Catalina, it was LaunchServices that coordinated many of these aspects of launching an app from the Finder. Since then it has been handing more over to RunningBoard, while retaining many of its functions. RunningBoard has come to monitor and manage the entire life cycle of apps, from launch to exit. For regular macOS apps, its life cycle management remains supervisory, but for some, including Catalyst apps and those built for iPadOS, RunningBoard can manage and control their allocation of resources such as memory and access to the GPU.

As one of the newer and more pervasive services in macOS, RunningBoard writes a lot of detail in the log, indeed it’s garrulous almost to the point of excess. Although Apple documents almost nothing about its background service runningboardd except stating that it’s “a daemon that manages process assertions to ensure those processes are kept in the appropriate state while assertions are in effect”, and its information about LaunchServices is terse and largely deprecated, we can learn a great deal from the log.

I’ll start this series of articles by explaining how RunningBoard first gets involved in launching an application. I have recently summarised its key stages in the following diagram.

Here, for the sake of simplicity, I’m going to ignore the security side completely, so we’ll assume this app isn’t quarantined, has been run recently in this session, is notarised, and hasn’t changed its CDHashes since it was last run.

As soon as LaunchServices is informed of the action to open the app, it announces it will be launched through RunningBoard, a change from its previous behaviour in Catalina, where LaunchServices did more of the work at the start of the launch process. RunningBoard receives the launch request from CoreServices, and ‘acquires’ an ‘assertion’ targeting the app, with a description to launch the app in a User Interactive role.

RunningBoard works using these assertions, a type of declaration of an intention or intended event. Its next major task is to create a job description, which it helpfully writes to the log as a dictionary. This is a mine of useful information, and has replaced the copious data compiled by LaunchServices in the past. This includes:

• a dictionary of Mach services
• whether Pressured Exit is enabled
• a full listing of environment variables, such as TMPDIR, SHELL, PATH
• RunningBoard properties including another TMPDIR
• whether to materialise dataless files.

A full example is given in the Appendix at the end. If you ever want to obtain a similar summary for an app, just launch it and inspect log entries from the com.apple.runningboard subsystem for the first second or two after launch.

Shortly after that launchd announces that it will start (spawn) the app, and the user ID (UID) is obtained by OpenDirectory, confirming that ‘divined’ earlier by RunningBoard. This allows launchd to complete spawning the app, and RunningBoard to decide whether it will be managed, in terms of memory and other resources. RunningBoard goes through further preparations before declaring whether the process is subject to GPU, CPU or memory limits.

LaunchServices creates the ‘pending’ application, and a new LSApplication object for it. But it also expects the imminent death of the app, in two entries that might appear surprising:
com.apple.launchservices DEATH: Expecting to hear about the death of app App:"AsmAttic" asn:0x0-5b05b pid:3083 refs=4 @ 0x55402ae00, adding to sRunningBoardDeathNotificationsSetRef (pid=3083}.
com.apple.launchservices DEATH: Listening for death via runningboard notification for pending application, pid=3083.

Its fears are unfounded, though, and RunningBoard continues to receive assertions as the launch proceeds. Eventually you should see log entries confirming success:
com.apple.launchservices LAUNCH: Starting application with ASN 0x0-0x5b05b co.eclecticlight.AsmAttic because it was launched and still stopped.
com.apple.processmanager LAUNCH: 0x0-0x5b05b co.eclecticlight.AsmAttic starting stopped process.
com.apple.launchservices LAUNCH: Sending 0x0-0x5b05b 3083 co.eclecticlight.AsmAttic a SIGCONT to get process started ( it was launched in the stopped state )

This is the cue for launchd to ‘uncork’ the executable and create the process
launchd pid/3083 [AsmAttic] uncorking exec source upfront
launchd pid/3083 [AsmAttic] created

After that, you should see log entries from the app at last, retrieving the UID and loading its preferences
AsmAttic Retrieve User by ID
AsmAttic Loading Preferences From User CFPrefsD

Key points

• RunningBoard monitors and may manage the life cycle of apps, from launch to exit, and does so by acquiring assertions about the app’s status.
• RunningBoard now plays an active part in app launch, and fills the log with its entries.
• Soon after the start of the launch process, its job description is a mine of useful information about the app being launched.
• It’s normal for app launch entries to expect the app’s imminent death before it’s launched successfully.
• Don’t be surprised or concerned to see RunningBoard mentioned in early crash reports.

Appendix: Example RunningBoard job description

<dictionary: 0x896c7dda0> { count = 23, transaction: 0, voucher = 0x0, contents =
“Platform” => <int64: 0x9f2093afcb6817e7>: 1
“ProcessType” => <string: 0x896c70de0> { length = 3, contents = “App” }
“EnableTransactions” => <bool: 0x1fd757390>: false
“_ManagedBy” => <string: 0x896c72490> { length = 22, contents = “com.apple.runningboard” }
“CFBundleIdentifier” => <string: 0x896c729a0> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“_ResourceCoalition” => <string: 0x896c71740> { length = 61, contents = “app<application.co.eclecticlight.AsmAttic.753771.753789(501)>” }
“_DisablePointerAuth” => <bool: 0x1fd757370>: true
“ThrottleInterval” => <int64: 0x9f2093ac3497e817>: 2147483647
“MachServices” => <dictionary: 0x89696b120> { count = 0, transaction: 0, voucher = 0x0, contents =
}
“EnablePressuredExit” => <bool: 0x1fd757390>: false
“LimitLoadToSessionType” => <array: 0x896c70c90> { count = 2, capacity = 8, contents =
0: <string: 0x896c71680> { length = 4, contents = “Aqua” }
1: <<string: 0x896c71920> { length = 11, contents = “LoginWindow” }
}
“InitialTaskRole” => <int64: 0x9f2093afcb6817ff>: 2
“EnvironmentVariables” => <dictionary: 0x896c7e220> { count = 12, transaction: 0, voucher = 0x0, contents =
“__CF_USER_TEXT_ENCODING” => <string: 0x896c72df0> { length = 13, contents = “0x1F5:0x0:0x2” }
“TMPDIR” => <string: 0x896c722e0> { length = 49, contents = “/var/folders/x4/x00kny5x0_5dsnmmxhtw6hc80000gn/T/” }
“SHELL” => <string: 0x896c715f0> { length = 8, contents = “/bin/zsh” }
“HOME” => <string: 0x896c72370> { length = 14, contents = “/Users/hoakley” }
“SSH_AUTH_SOCK” => <string: 0x896c71b60> { length = 51, contents = “/private/tmp/com.apple.launchd.kofHVtGWoW/Listeners” }
“LOGNAME” => <string: 0x896c723d0> { length = 7, contents = “hoakley” }
“PATH” => <string: 0x896c70ae0> { length = 29, contents = “/usr/bin:/bin:/usr/sbin:/sbin” }
“XPC_SERVICE_NAME” => <string: 0x896c71560> { length = 16, contents = “com.apple.Finder” }
“__CFBundleIdentifier” => <string: 0x896c72c10> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“COMMAND_MODE” => <string: 0x896c72070> { length = 8, contents = “unix2003” }
“USER” => <string: 0x896c726a0> { length = 7, contents = “hoakley” }
“XPC_FLAGS” => <string: 0x896c725e0> { length = 3, contents = “0x0” }
}
“_AdditionalProperties” => <dictionary: 0x896c7e100> { count = 1, transaction: 0, voucher = 0x0, contents =
“RunningBoard” => <dictionary: 0x896c7eb20> { count = 4, transaction: 0, voucher = 0x0, contents =
“TMPDIR” => <string: 0x896c72820> { length = 49, contents = “/var/folders/x4/x00kny5x0_5dsnmmxhtw6hc80000gn/T/” }
“HOME” => <string: 0x896c72430> { length = 14, contents = “/Users/hoakley” }
“RunningBoardLaunchedIdentity” => <dictionary: 0x896c7f1e0> { count = 5, transaction: 0, voucher = 0x0, contents =
“AJL” => <string: 0x896c727c0> { length = 51, contents = “application.co.eclecticlight.AsmAttic.753771.753789” }
“TYPE” => <int64: 0x9f2093afcb6817e7>: 1
“AUID” => <uint64: 0x9fa093afcb681847>: 501
“EAI” => <string: 0x896c717d0> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“PLAT” => <uint64: 0x9fa093afcb6817e7>: 1
}
“RunningBoardLaunched” => <bool: 0x1fd757370>: true
}
}
“ExitTimeOut” => <int64: 0x9f2093afcb6817e7>: 1
“Label” => <string: 0x896c70ea0> { length = 51, contents = “application.co.eclecticlight.AsmAttic.753771.753789” }
“WaitForDebugger” => <bool: 0x1fd757370>: true
“MaterializeDatalessFiles” => <bool: 0x1fd757370>: true
“WorkingDirectory” => <string: 0x896c72760> { length = 1, contents = “/” }
“_LaunchType” => <int64: 0x9f2093afcb6817f7>: 3
“AbandonProcessGroup” => <bool: 0x1fd757370>: true
“ProgramArguments” => <array: 0x896c71080> { count = 1, capacity = 8, contents =
0: <string: 0x896c716b0> { length = 50, contents = “/Applications/AsmAttic.app/Contents/MacOS/AsmAttic” }
}
“Program” => <string: 0x896c71c20> { length = 50, contents = “/Applications/AsmAttic.app/Contents/MacOS/AsmAttic” }
}

Most urban societies have had some form of police, in addition to soldiers and armed guards. In the Roman Empire these were known as lictors, employed to act as bodyguards to magistrates, who could also arrest suspects and punish offenders under the magistrate’s authority.

Henryk Siemiradzki’s Christian Dirce of 1897 refers to Dirce, a figure in Greek mythology who was killed by being tied to the horns of a bull. Accounts of Roman martyrdoms report that the killing of Christian women sometimes occurred in enactments of the death of Dirce, hence the scene shown here, in which a woman’s near-naked body is draped over the body of a bull. Siemiradzki shows the emperor and his entourage, including two lictors holding their fasces, symbolic rods and axes, gazing at the grim aftermath. The word Fascism is derived from the fasces, which are themselves often symbolic of Fascist groups.

Various police forces evolved across Europe after the Middle Ages, but it wasn’t until the early nineteenth century that they became recognisable in modern form, with organised professionals. Although by no means the first, the city of London’s Metropolitan Police force was created by Act of Parliament in 1829, and quickly became known as Peelers after the minister responsible.

These police forces adopted distinctive dress, typically dark blue, to set them apart from civil guard and other military formations. Most also wore headgear that made them instantly recognisable as officers of the law.

Jules Breton’s first masterpiece, The Gleaners (1854), shows their oversight by the garde champêtre or village policeman, an older man distinguished by his official hat and armband, who was probably an army veteran.

William Powell Frith’s The Railway Station (1862) is set in the crowded and busy Paddington railway station in London that had only been completed a decade earlier by the great Victorian engineer Isambard Kingdom Brunel. The centre of action is at the right of the painting, where an arrest is being made, shown in the detail below. A man dressed in brown clothes is about to board the train, within which a woman stares aghast at the scene. Two Scotland Yard detectives, complete with top hats, are in the process of serving him a warrant for his arrest, the other stood ready with a pair of handcuffs.

Police forces came to the fore later in the century when industrial unrest spread across the coalfields of Europe.

One of the first prominent paintings of a strike is Alfred Philippe Roll’s Miners’ Strike, exhibited in the Salon of 1880 or perhaps the following year. It’s most probably based on a strike at Denain in the Nord-Pas de Calais coalfield of that year. It shows the desperate and increasingly worrying gathering of striking miners and their families. A woman is restraining one man from throwing a rock at the pithead buildings. Mounted police are present, handcuffing one of the strikers.

Police also became involved in the regulation of prostitution in some cities.

Just before Christmas 1886, Christian Krohg’s first novel Albertine was published by a left-wing publisher. Its central theme is prostitution in Norway at the time, and the police quickly seized all the copies they could find, banning it on the grounds of violating the good morals of the people. At the same time as he was writing that novel, Krohg had been working on his largest and most complex painting: Albertine in the Police Doctor’s Waiting Room (1885-87).

In the novel, Albertine starts as a poor seamstress, who is mistaken for a prostitute by the police officer in charge of the section controlling prostitutes. He plies her with alcohol then rapes her. She is summoned to be inspected by the police doctor, whose examination further violates her, making her think that she is destined to be a prostitute, and that is, of course, exactly what happens.

Albertine isn’t the prominent woman in the centre looking directly at the viewer: Krohg’s heroine is the simple and humble country girl at the front of the queue to go into the police doctor for inspection. Behind her is a motley line of women from a wide range of situations. At the right, in the corner of the room, is another country girl with flushed cheeks. Others are apparently more advanced in their careers, and stare at Albertine, whose profiled face is barely visible from behind her headscarf. Barring the way to the surgery door, and in control of the proceedings, is a policeman.

In Denmark, Erik Henningsen’s first major painting bears the enigmatic title of Summum jus, summa injuria. Infanticide (1886). The Latin quotation comes from Cicero’s De Officiis I, 33, and literally means the highest law, the greatest injustice. It is a warning still used that strict application of rights and the law carries the danger of doing some people a huge injustice, and Henningsen’s narrative is an important example of a serious social and legal problem at the time.

Two labourers are digging a small pit at the side of a track across sand dunes. They are supervised by two policemen, one of whom keeps a written record. Behind and to the right is another policeman who holds a young woman by the elbow. She looks down as she is petting a dog.

The subtitle provides the clue as to what is going on. The labourers are trying to find the body of a baby, who is the subject of a police investigation. The young woman is the child’s mother. Unmarried, she had the baby in secret, smothered it at birth, and disposed of its body. She knows that if her baby is discovered, her punishment will be severe. But this was the only course open to her, as having a baby out of wedlock was against accepted religious and moral standards of the day.

The following year, Henningsen’s Farmers in the Capital (1887) shows migrants freshly arrived in Copenhagen from the country. The father is speaking to a mounted policeman, presumably asking him for directions to their lodgings.

Krohg’s The Struggle for Existence (also translated as The Struggle for Survival) (1889) shows Karl Johan Street in Oslo in the depths of winter, almost deserted except for a tight-packed crowd of poor women and children queuing for free bread. A policeman, wearing a heavy coat and fur hat, walks in the distance, down the middle of the icy street, detached from the scene.

Henningsen’s Evicted from 1892 shows a family of four being evicted into the street in the winter snow. With them are their meagre possessions, including a saw suggesting the father may be a carpenter. In the background he is still arguing with a policeman.

José Uría’s After a Strike, from 1895, revolves around a strike and its violent consequence. The scene is a large forge that’s apparently standing idle because of a strike. At the far right is a row of mounted police, and what may be lifeless bodies laid out on the ground. Inside the factory a woman, presumably a wife, kneels and embraces her child, beside what is presumably the dead body of her husband, who was a worker there. Close to his body is a large hammer, apparently the instrument of his death. In the distance, one of two policemen comfort a younger woman.

The role of police forces has remained as controversial ever since.

Somewhen around late versions of macOS Monterey, and certainly by the release of Ventura, macOS started to use cryptexes to load Safari and parts of the operating system including dyld caches, rather than installing them to the Data volume. Over a period of three months, cryptexes were also used to install Rapid Security Responses (RSRs) in an experiment that was quickly discontinued. What I hadn’t realised until recently was that they are also used to deliver much of the additional components required to support Apple Intelligence features in Apple silicon Macs. This article looks as how that works.

Cryptexes

These first appeared on Apple’s customised iPhone, its Security Research Device, which uses them to load a personalised trust cache and a disk image containing corresponding content. Without the cryptex, engineering those iPhones would have been extremely difficult. According to its entry in the File Formats Manual from five years ago (man cryptex), ‘A cryptex is a cryptographically-sealed archive which encapsulates a well-defined filesystem hierarchy. The host operating system recognizes the hierarchy of the cryptex and extends itself with the content of that hierarchy. The name cryptex is a portmanteau for “CRYPTographically-sealed EXtension”.’

In practice, a cryptex is a sealed disk image containing its own file system, mounted at a randomly chosen location within the root file system during the boot process. Prior to mounting the cryptex, macOS verifies it matches its seal, thus hasn’t been tampered with. Managing these cryptexes is the task of the cryptexd service with cryptexctl. Because cryptexes aren’t mounted in the usual way, they’re not visible in mount lists such as that produced by mount(8).

System cryptexes

Once kernel boot is well under way, APFS mounts containers and volumes in the current boot volume group, followed by others to be mounted at startup. When those are complete, it turns to mounting and grafting the three standard system cryptexes:

• os.dmg, around 6 GB (macOS 15.5), containing system components such as dyld caches;
• app.dmg, around 23 MB, containing Safari and supporting components;
• os.clone.dmg, apparently a copy of os.dmg and the same size.

AI cryptex collection

About 5 seconds later, and over 14 seconds after APFS first started work, it checks and grafts a series of 23 cryptexes primarily involved with Apple Intelligence features. These are handled one at a time in succession, each reported in a sequence of log entries as follows (times in seconds after an arbitrary start).

First the Image4 file containing the cryptex is validated
9.434431 root_hash_execution_cb_mobile_asset:3066: image4_trust_evaluate: successfully validated the payload and the manifest

Then it’s grafted into the file system of the Data volume as a ‘PFK volume’. In this extract I omit the bulk of the cryptex’s name using […] for the sake of brevity.
9.434465 apfs_graft:695: disk3s5 Grafting on a PFK volume
9.434509 graft_dev_init:480: disk3 UC_[…]_Cryptex.dmg GRAFT (compiled @ Apr 22 2025 19:49:43)
9.434514 graft_dev_init:484: disk3 UC_[…]_Cryptex.dmg device_handle block size 4096 real block size 4096 block count 11264 features 0 internal VEK
9.434695 nx_mount:1308: UC_[…]_Cryptex.dmg initializing cache w/hash_size 512 and cache size 512
9.437484 nx_mount:1630: UC_[…]_Cryptex.dmg checkpoint search: largest xid 15, best xid 15 @ 7
9.437497 nx_mount:1657: UC_[…]_Cryptex.dmg stable checkpoint indices: desc 6 data 31
9.438117 er_state_obj_get_for_recovery:8420: UC_FM_LANGUAGE_INSTRUCT_3B_CONC No ER state object for volume RevivalB13M201388.UC_[…]_Cryptex - rolling is not happening, nothing to recover.
9.438124 apfs_log_op_with_proc:3263: UC_FM_LANGUAGE_INSTRUCT_3B_CONC grafting volume RevivalB13M201388.UC_[…]_Cryptex, requested by: mobileassetd (pid 457); parent: launchd (pid 1)
Note the volume name starts with Revival. Names of all other cryptex volumes in the AI collection start with the same code name, except for the PKI cryptex examined below, which uses Creedence instead. Perhaps these are a reference to Creedence Clearwater Revival?

The root hash of the cryptex file system is then authenticated
9.438156 graft_dev_blockmap_lut_switch_to_metadata_based_if_needed:1312: UC_FM_LANGUAGE_INSTRUCT_3B_CONC lut contains 26 extents, 3 of which contain metadata
9.438160 is_root_hash_authentication_required_osx:387: UC_FM_LANGUAGE_INSTRUCT_3B_CONC Release kext with internal build: 0, ARV disabled: 0, booting xid: 0
9.438164 is_root_hash_authentication_required_osx:418: UC_FM_LANGUAGE_INSTRUCT_3B_CONC strict graft, root hash authentication failure is required
9.438167 is_root_hash_authentication_required:557: UC_FM_LANGUAGE_INSTRUCT_3B_CONC Strict Graft, root hash authentication is required
9.438179 authenticate_root_hash:642: UC_FM_LANGUAGE_INSTRUCT_3B_CONC successfully validated on-disk root hash
9.438191 apfs_lookup_ge_jobj_id:5028: disk3s5 Found OBJID 0x66a1b8 type 3

The graft is then completed.
9.438195 apfs_graft:1045: disk3s5 Graft ino 6557986, jobj_id range 6725836+76
9.438396 apfs_graft:1138: disk3s5 successfully grafted ino 6557986 on dir 6725835, dev_name [UC_[…]_Cryptex.dmg]

Fortunately, these log entries provide the inode number for the location of the grafted cryptex, and that can be used in Mints to obtain its full path.

Among the AI cryptex collection is a secure public key infrastructure (PKI) trust store, located at
/System/Library/AssetsV2/com_apple_MobileAsset_PKITrustStore/purpose_auto/[…].asset/AssetData/Restore/SECUREPKITRUSTSTOREASSETS_SECUREPKITRUSTSTORE_Cryptex.dmg
In the log, this is recorded as being 4.2 MB in size, and that is the same size as reported for the .dmg file by the Finder. Disk images are in APFS (Case-sensitive) format, and might be identical to their equivalents provided for iOS and iPadOS.

When mounted, that disk image becomes a volume named Creedence11M6270.SECUREPKITRUSTSTOREASSETS_SECUREPKITRUSTSTORE_Cryptex. That contains many property lists, certificate data, a SystemRootCertificates keychain, and two property lists that are grafted into /System/Library/CoreServices.

The names of all 23 cryptex disk images included in the macOS 15.5 AI cryptex collection are given in the Appendix. All are given as being compiled at Apr 22 2025 19:49:43, the same as the system cryptexes, implying that they were installed as part of the macOS 15.5 update. The whole sequence of processing the AI cryptexes took 0.78 seconds to complete, and the total size of disk images mounted in that period was 7.2 GB, which is similar to the reported size of additional files required to support AI.

Conclusions

• Apple silicon Macs running macOS 15.5 with AI enabled load 23 additional cryptexes to support AI, totalling 7.2 GB.
• Those AI cryptexes are grafted into the Data volume, in paths starting /System/Library/AssetsV2.
• All except one have volume names starting with Revival
• One cryptex is a secure PKI trust store, whose volume name starts with Creedence instead.
• These cryptexes are installed and updated as part of macOS updates, although they could also be installed or updated separately, for example when AI is enabled.
• If a Mac shows an unusual mounted volume with a name starting with Creedence or Revival, that’s almost certainly the respective disk image, which should normally be hidden and not visible in the Finder.

Appendix

Disk image names for the AI cryptex collection in macOS 15.5 (Apple silicon):

• UC_FM_LANGUAGE_INSTRUCT_3B_CONCISE_TONE_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_TEXT_EVENT_EXTRACTION_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_PROOFREADING_REVIEW_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_VISUAL_IMAGE_DIFFUSION_V1_BASE_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_BASE_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_IF_PLANNER_NLROUTER_BASE_EN_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_MAIL_REPLY_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_DRAFTS_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_SUMMARIZATION_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_AUTONAMING_MESSAGES_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_URGENCY_CLASSIFICATION_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_MESSAGES_REPLY_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_PROFESSIONAL_TONE_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_SAFETY_GUARDRAIL_BASE_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_TEXT_EVENT_EXTRACTION_MULTILINGUAL_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_CODE_GENERATE_SMALL_V1_BASE_GENERIC_H16_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_MAGIC_REWRITE_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_300M_BASE_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_TEXT_PERSON_EXTRACTION_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_CODE_GENERATE_SAFETY_GUARDRAIL_BASE_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_TEXT_PERSON_EXTRACTION_MULTILINGUAL_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• UC_FM_LANGUAGE_INSTRUCT_3B_FRIENDLY_TONE_DRAFT_GENERIC_GENERIC_H16S_Cryptex.dmg,
• SECUREPKITRUSTSTOREASSETS_SECUREPKITRUSTSTORE_Cryptex.dmg.

Given in the order that they are grafted.

Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5304, and to XProtect Remediator for all macOS from Catalina onwards, to version 152. As usual, Apple doesn’t release information about what security issues these updates might add or change.

Yara definitions in this version of XProtect add two private rules for Shebang, to match shell scripts by ‘shebang’, and _golang_macho, to match machos compiled by Golang. There are also 19 new rules for a novel family of what appear to be stealers based on the name BONZAI, including MACOS.BONZAIBONANZA.AUTO, MACOS.BONZAIBONANZA.TAAP, MACOS.BONZAIBONANZA.TAFI, MACOS.BONZAIBONANZA.VACA, MACOS.BONZAIBONANZA.VASN, MACOS.BONZAIBONANZA.FU, MACOS.BONZAIBONANZA.SC, MACOS.BONZAIBARRICADE.PE, MACOS.BONZAIBARRICADE.PA, MACOS.BONZAIBARRICADE.KE, MACOS.BONZAIBLASTER.FU, MACOS.BONZAIBLASTER, MACOS.BONZAIBLASTER.TA, MACOS.BONZAIBONDER.SO, MACOS.BONZAIBONDER.PE, MACOS.BONZAIBONDER.TEPL, MACOS.BONZAIBONDER.LA, MACOS.BONZAIBONDER.FU, and MACOS.BONZAIBANANA.

XProtect Remediator doesn’t change the list of scanner modules.

There are changes to the list of Bastion rule 2 paths, and four new Bastion rules 14-17. These cover sending AppleEvents to browsers, the Finder and Terminal, mach-lookup for com.apple.pasteboard.1, and writing to a long list of shell-related hidden directories in the user’s Home folder.

These are probably the greatest changes to XProtect’s Yara rules and Bastion rules for more than a year.

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-152 and XProtectPlistConfigData_10_15-5304.

Sequoia and Tahoe systems only

The XProtect update has already been released for Sequoia and Tahoe via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5304 but your Mac still reports an older version is installed, you may be able to force the update using
sudo xprotect update

By 1915, Robert Polhill Bevan (1865–1925) was treasurer of the London Group, successor to Walter Sickert’s Camden Town Group, and had formed his own group centred on his studio in Cumberland Market, Camden Town, London. The latter exhibited at the Goupil Gallery, London, and was later to be joined by Edward McKnight Kauffer and CRW Nevinson, who was to achieve fame as a War Artist.

Despite the landscapes he painted in the countryside of the Blackdown Hills in East Devon, Bevan’s more acclaimed paintings were mainly views in London, particularly those of Saint John’s Wood and Belsize Park.

Hay Carts, Cumberland Market from 1915 is another view of London’s last hay market, close to Bevan’s studio. The bales shown were made by mechanical baling machines and brought to London by barge.

The Green House, St John’s Wood from about 1918 shows one of many mansions that had been built in this former suburb of London, developed into low-density housing for the more affluent of the nineteenth century. This area is now known for being home to cricket with the major ground of Lord’s, and the Abbey Road Studios used by the Beatles and other famous bands. Bevan introduces a motor taxi opposite two horse-drawn carts, signalling the decline of the latter.

The Caller at the Mill from 1918-19 probably shows a scene in East Devon, painted during one of Bevan’s summer visits.

Also in typical Blackdown Hill country is The Ford, from the same period.

Bevan painted A Devon Cottage (Luppitt) in about 1920, in the same area to the north of Honiton.

In 1922, Bevan was elected a member of the New English Art Club.

He painted this view of Aldwych in central London in 1924. This is a crescent off the Strand, to the east of Charing Cross. At the left is a motor omnibus, while drinking at the water-trough beneath the memorial is one of the remaining working horses of London, which by now were well in decline.

Mount Stephen from 1924 shows one of the farms close to Luppitt in East Devon, presumably painted during one of Bevan’s summer visits.

I also have one undated watercolour of Bevan’s.

Landscape with Three Trees was most probably painted en plein air in the south-west of England, as an alternative to his early oil sketches.

Robert Bevan died of cancer of the stomach on 8 July 1925, in London. The following year his life and work were remembered in a retrospective, but he didn’t gain the recognition he deserved until his centenary in 1965, and remains seriously underrated even today.

References

Wikipedia.
Robert Upstone (ed) (2008), Modern Painters: The Camden Town Group, Tate Publishing. ISBN 978 1 85437 781 4.

This week’s batch of app updates includes two for working with metadata, a fun obfuscator of text, and my in-house performance test for storage. In each case, they have been given a new app icon that should display well in all versions of macOS from Big Sur to Tahoe. Their windows have been overhauled to accommodate Tahoe’s larger controls, and they have been rebuilt.

Spotlight and metadata

Metamer gives access to 16 of the most useful types of metadata that can be saved as extended attributes to any file, and others that are text-based if you wish. It has a built-in scratchpad you can use to assemble groups of keywords, for instance. It thus gives access to a wide range of metadata that you can use in Spotlight search.

Metamer version 1.6 is now available from here: metamer16
from its Product Page, and via its auto-update mechanism.

To accompany that is Spotcord, which scans folders to build vocabularies of keyword metadata (kMDItemKeywords in Spotlight’s terms), subjects and other specified types. Although it can look for those Spotlight derives from image analysis, experience shows that few are likely to be accessible outside Spotlight itself. This is the first release version of Spotcord, which had lingered in beta far too long.

Spotcord version 1.0 is now available from here: spotcord10
and from its Product Page. It doesn’t use the auto-update mechanism, though.

Text obfuscation

Dystextia is a bit of fun using Unicode lookalike characters to obfuscate Roman text. For example, it will convert this line into
Dуstехtіа іs а bіt оf fun usіng Unісоdе lооkаlіkе сhаrасtеrs tо оbfusсаtе Rоmаn tехt.
or even
Dу𝚜𝚝ех𝚝іа і𝚜 а bі𝚝 о𝚏 𝚏𝚞𝚗 𝚞𝚜і𝚗ɡ U𝚗ісоⅾе ⅼоо𝚔аⅼі𝚔е с𝚑а𝚛ас𝚝е𝚛𝚜 𝚝о оb𝚏𝚞𝚜са𝚝е Rо𝚖а𝚗 𝚝ех𝚝․
if you prefer. This is easy to reverse using AI, but throws find and spellchecking out of the window.

Dystextia 1.9 is now available from here: dystextia19
from its Product Page, and via its auto-update mechanism.

Storage performance testing

In contrast, today’s last update is the app I use to measure read and write speeds of storage, from internal SSDs to external hard disks and NAS systems. This offers a flexible range of test methods, all based on the same API calls used by apps to ensure they represent real-world performance. This comes with a detailed Help book that explains how testing and data analysis are performed.

Stibium version 1.2 is now available from here: stibium12
from its Product Page, and via its auto-update mechanism.

Coming next

My next batch of updates concludes the straightforward ones, and will bring Dintch, Fintch and Cormorant.

I currently don’t intend updating any of my command tools like blowhole, as they appear to continue working fine in Tahoe.

I have started work on updates to Unhidden, SilentKnight/Skint, and the Viable family of virtualisers. Each needs more work before they will work properly with Tahoe, in the case of SilentKnight/Skint a complete new version designed for future macOS.

I currently don’t intend updating ArchiChect, Taccy, Signet, Scrub, LockRattler or the command tool silnite for Tahoe, as they’ve now been superseded or outdated. If you want one of those reinstated, please let me know.

During the 1920s, in the last years of his career, Lovis Corinth’s paintings reached a new peak, both in their quantity and their innovative exploration of colour and texture.

Although Corinth was clearly relishing this intensity, his Large Self-portrait in Front of Walchensee (1924) shows his race against the effects of age.

The Trojan Horse (1924) is Corinth’s last major painting from classical myth, showing the wooden horse made by the Greeks in order to gain access to the city of Troy, so they could sack and destroy it. The lofty towers and impregnable walls of the city are in the background. The select group of Greek soldiers who undertook this commando raid have already been concealed inside the horse, and those around it are probably Trojans, sent out from the city to check it out before it was taken inside.

Although there are suggestions as to an allegorical relationship between this painting and the First World War, Troy had been a hot topic in Berlin since the excavations at Hisarlık in Turkey in the late nineteenth century by Heinrich Schliemann and Wilhelm Dörpfeld.

Corinth also painted for fun: this superb depiction of a Königsberger Marzipantorte (Royal Marzipan Cake) (1924) must have been completed at great speed before his family consumed his model.

The Jochberg at Walchensee (1924) shows this 5,141 foot (1,567 metre) mountain dividing the Walchensee from the Kochelsee.

Walchensee, Vegetable Garden (1924) was painted away from his normal vantage point above the lake, to include the colours and textures of this vegetable patch.

Walchensee (1924) is a watercolour sketch reportedly painted on vellum.

Carmencita, Portrait of Charlotte Berend-Corinth in Spanish Dress (1924) probably doesn’t refer directly to the famous Spanish dancer Carmen Dauset Moreno, who had died in 1910. Charlotte Corinth, or Berend-Corinth, had continued painting in the early twentieth century, and joined the Berlin Secession in 1912. She also painted actively when at their chalet. In 1933, she emigrated to the USA, where she produced the first catalogue raisonné of her husband’s paintings. She died in 1967, so I am unable to show any of her paintings.

Corinth painted members of his family more often at this time, as he probably suspected he was reaching the end of his artistic career. In Wilhelmine in a Yellow Hat (1924) his shy daughter is starting to show some of her mother’s vivacity.

Thomas in Armour (1925) shows Corinth’s older child, then 21, wearing the suit of armour that had appeared in several of Corinth’s paintings over the years, in a visual record of his son’s transition into adult life.

Corinth painted Ecce Homo at Easter, 1925, as an act of meditation to mark the festival. It shows the moment that Pilate presents Christ to the hostile crowd, just before the Crucifixion. Christ has been scourged, bound, and crowned with thorns, and Pilate’s words are quoted from the Vulgate translation, meaning behold, the man. In keeping with his earlier contemporary interpretations of the scenes of the Passion, Pilate (left) is shown as an older man in a white coat, and the soldier (right) wears a suit of armour.

Corinth completed this in four days. This was bought for the Nationalgalerie in Berlin in 1929, but in 1937 was condemned by the Nazi party as being ‘degenerate art’. Thankfully, it escaped destruction when it was bought by the art museum in Basel in 1939.

The Beautiful Woman Imperia was one of the last paintings that Corinth completed in the late spring of 1925, and his final fleshly work. It’s based on Balzac’s anthology of tales Cent Contes Drolatiques from 1832-37. This shows the courtesan Imperia, naked in front of a priest, in surroundings suggesting contemporary decadent cabarets, or a far older ‘perfumed room’.

Corinth’s Last Self-Portrait, painted just two months before his death in 1925, is unusual in showing him with his reflection in a mirror. He is now balding rapidly, his cheeks sunken, and his eyes are bloodshot and tired. That summer he travelled to the Netherlands to view Old Masters, including Rembrandt and Frans Hals. He developed pneumonia, and died at Zandvoort on 17 July, four days before his sixty-eighth birthday.

He had painted more than a thousand works in oil, and hundreds of watercolours. He also made more than a thousand prints, an area of his work that I haven’t touched on. Ironically, it was the rise of the Nazi party from 1933 that prevented him from achieving the international recognition his work deserved.

References

Wikipedia.

Lemoine S et al. (2008) Lovis Corinth, Musée d’Orsay & RMN. ISBN 978 2 711 85400 4. (In French.)
Czymmek G et al. (2010) German Impressionist Landscape Painting, Liebermann-Corinth-Slevogt, Arnoldsche. ISBN 978 3 89790 321 0.

I hope that you enjoyed Saturday’s Mac Riddles, episode 315. Here are my solutions to them.

1: It came with a tumbler from Camelot in 1993, then opened in 2008.

2: Replacement for 3 to avoid royalties with transparency has just turned three.

3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.

The common factor

I look forward to your putting alternative cases.

Much of the data handled on and off our Macs and devices is protected by encryption. That has been designed to ensure encryption can’t be broken in a reasonable amount of time using current and future computing resources. Using conventional computers, for instance, it would take a great many years to break data encrypted using 256-bit AES, so in practice this has been considered to fully secure, for the past.

Threat

For the last 50 years or so, researchers have been working on quantum computers that could radically change that. Instead of using normal binary bits with values of 0 and 1, those use qubits measured in terms of probability, making them non-deterministic. That changes the way they work, and some tough problems in the binary world can be speeded up so much that, given a suitable quantum computer, they could compute in far shorter times. This has already been applied to greatly reduce search times in big data, and has the potential to break most recent forms of encryption.

Progress in making suitably powerful quantum computers to be able to decrypt data encrypted using classical techniques has been slow, but we’re now reaching the stage where that’s likely to be feasible in the next year or three. Now is the time to start deploying more advanced forms of encryption to protect our data from the imminent future.

Data in transit

In February last year, Apple announced that iMessage was transitioning to the use of protocols that are quantum-secure, and those were introduced the following month in macOS 14.4, iOS and iPadOS 17.4 and watchOS 10.4. When macOS 26 Tahoe and its matching OSes are released in a couple of months, they bring further important steps towards fully secure encryption, in encrypted network connections using quantum-secure mechanisms in TLS 1.3.

Classical encryption is at its most vulnerable when encryption keys are exchanged over the Internet, and public key systems can be completely broken by quantum methods. Thus, Apple’s first changes are being made to protect data in transit, where it can be intercepted and stored for later decryption using a quantum computer. Securing iMessage is an important start, and the new features in Tahoe and its sisters extend similarly improved protection to other data transfers.

Apple’s operating systems provide support for encryption and related techniques in CryptoKit, making quantum-secure methods available to third-party apps as well. For OS 26, CryptoKit gains Module-Lattice based key encapsulation or ML-KEM, part of the FIPS 203 primary standard for general encryption. Signatures gain the Module-Lattice based digital signature algorithm or ML-DSA, part of FIPS 204.

Data in storage

Whereas public key cryptography systems can be completely broken by quantum attacks, the news for symmetric key schemes such as those used in FileVault and APFS encryption is considerably better. Although quantum computers will be able to break classical techniques more quickly, that should prove neither quick nor easy.

In Intel Macs with T2 chips and Apple silicon Macs, encryption keys are protected by the Secure Enclave, never leave it, and are never exposed to the main CPU. Attempts to gain access through the Secure Enclave are subject to robust defences: for example, the Secure Enclave Processor allows only 5 attempts to enter a Mac’s password before it increases the time interval enforced between entry attempts, and after 30 unsuccessful attempts no more are allowed at all, and the Mac has to be fully wiped and reset.

Trying to remove internal storage is designed to frustrate the attacker. Although internal storage is referred to as an SSD, the storage used isn’t complete in the sense that you couldn’t remove it and install it in another computer, and most of its disk controller functionality is performed by sections in the host chip, including its Secure Enclave. Even models like the Mac Studio that have socketed storage don’t make this easy: remove its special SSD module and it won’t work in another Studio unless it has been completely wiped and reset, destroying its keys and contents.

Apple’s strategy for the protection of encrypted internal storage is thus intended to block access at every level, so that post-quantum brute-force decryption would have little if any impact should it become available in a few years. The standard encryption method used, AES-256 in XTS mode, may need to be revised as quantum decryption becomes more feasible, and Apple is now recommending that doubling the key size should be sufficient to make encryption suitably resistant to forcing with a quantum computer.

Summary

• Future quantum computers will be able to break some classical encryption methods.
• Public key methods used to protect data in transit across the Internet are the most vulnerable to quantum attack.
• macOS 14.4 and iOS 17.4 have started progressively replacing iMessage protection to make it resistant to quantum attack.
• OS 26 will extend that protection to cover connections over TLS 1.3, where supported by servers.
• Protection already provided to stored data, such as FileVault, is considered to remain robust.
• Encryption of static data can be made more robust to quantum cryptography by doubling key size from 256 to 512 bits.

Resources

Quantum computing (Wikipedia)
Post-quantum cryptography (Wikipedia)
FIPS 203-206 (NIST standards)
Securing iMessage with PQ3 (Apple)
macOS Tahoe TLS 1.3 support (Apple)
Cathie Yun presentation Get ahead with quantum-secure cryptography, WWDC 2025 (via Apple Developer app etc.)
CryptoKit for developers (Apple)

On the second day of this weekend’s visit to the fjords of Norway, we’ve reached the twentieth century, and a pupil of Eilert Adelsteen Normann (1848-1918).

Clearly inspired by Normann’s views of the fjords, Elisabeth Grüttefien’s style is quite distinct, as shown in her undated Fjord Landscape. Her greens are more vibrant, and there are some fluffy red patches in her blue sky.

In her Fjord with Steamer from about 1900, she includes a sailing boat and one of the larger steamships, just as might have appeared in Normann’s paintings.

She also found some different motifs. In Fjord Landscape, also from about 1900, it is spring, and there’s still plenty of snow left from the winter. Groups of birch trees have yet to come into leaf.

Sadly, Elisabeth Grüttefien then vanished, and her paintings stopped.

Nikolai Astrup, the last landscape artist in this series, spent most of his life in the hamlet of Jølster, to the north of Sognefjord, where his father was the parish priest. He trained under two great Norwegian painters, Harriet Backer and Christian Krogh, and under Lovis Corinth in Berlin. Unlike the previous artists, Astrup was no visitor to the fjords, he lived among them.

Kollen, translated as The Barren Mountain, or simply The Fell, (1905-06) shows one of the huge rocky outcrops towering over the coast of fjords and lakes in this part of Norway. Astrup must have painted this during the late winter.

Astrup recorded the public rites of the community, as in his Funeral Day in Jølster (before 1908). With the grandeur of the hills behind, a small party escorts the coffin of one of the villagers. His father, the pastor, leads the procession to the small churchyard, a rite that had taken place many times over the preceding centuries, and was to follow the artist’s own early death in 1928.

Grey Spring Evening (before 1908) is one of Astrup’s finest paintings of Jølster Lake. In its suffuse light, the hill dominating the opposite bank has rich earths and a shallow strip of green fields near the water’s edge. The pale green spring foliage on the trees in the foreground is muted, and a rowing boat out in the middle of the lake seems a tiny speck lost in the midst of nature.

Jølster Lake is fed from meltwater from Jostedalsbreen, and there’s still abundant snow on the mountains in Astrup’s view of A June Night and Old Jølster Farm, with its lush carpet of marsh marigolds.

His prints clearly influenced his painting style. Kari – Motif from Sunde (c 1918) shows an elfin figure of a girl who has been painted as if in an illustration, or perhaps one of Carl Larsson’s popular albums.

The Cold Frame Mound (c 1921-28) reveals the Astrup family vegetable garden by their house at Sandalstrand, including the ‘cold frame’ of the title. Despite their name, cold frames actually protect plants from the cold, and are used to enable earlier starting of vegetable crops. Sinking the cold frame into the ground (and siting it on a high point) protects its contents from ground frosts, while covering it with glazed windows ensures that daylight can raise the air and soil temperatures within it.

For much of his career, Astrup’s prints and paintings had informed and influenced one another; The Befring Mountain Farms (c 1924-28) is an example of his mixing the media in a single work, coupling woodblock printing with oil painting. It shows an extended series of farm buildings not far from Jølster Lake.

Astrup uses the natural environment to generate one of his most magical works. Two people are engaged in milking a goat by the entrance to a building in the left foreground. The farm buildings have turf roofs with luxuriant growth, in one case sporting a small tree. Spindly birches stand next to them, their leaves shimmering in the light of the crescent moon. That moon is reflected in a small pond surrounded by marsh marigolds in full flower. You can hear the silence among the massive rock bluffs towering over the lake, and that in the centre looks like the head of an owl, watching over the stillness of the night.

Yesterday’s brief history of Internet search carries a lot in between its lines, some of it increasingly sinister. From the assumption that search results should be ranked by popularity rather than quality of content, to Google’s latest AI overviews, so much runs counter to all we had come to learn in previous millennia.

Many of our greatest insights and ideas have been far from popular at the time, and some have been so reviled that their authors have been ostracised as a result. Indeed, the origin of the term ostracisation refers to a practice that the ancient Greeks recognised led to popular but flawed outcomes, when the great were rejected by ill-informed opinion of the mob.

By a quirk of fate, the screenshot of Google Scholar in use showed search results from 2011 for the terms autism vaccine, a topic that has recently returned to the headlines. Claims made by some of today’s politicians have been propagated using the same principles as PageRank until millions of people have been fooled into believing what were demonstrably fraudulent results. The mob are about to throw away decades of public health improvements for the sake of palpable lies.

We now have new tools to amplify such nonsense, in ‘AI’ built on large language models, and they’re starting to supplant search. In doing so, they’re going to destroy the raw material they feed on to generate their summaries.

Before about 2000, the great majority of information was printed on paper. There must have been a dozen or more specialist Mac magazines, and a steady stream of popular books about Mac OS and how to get the best from it. Even Apple was a prolific originator of thoroughly well written reference guides in its Inside Macintosh series, published by Addison Wesley. In the following couple of decades, most of those vanished, replaced by websites financed by advertising income, hence the industry dominated worldwide by Google.

Blogs originated in the mid-1990s and by about 2010 had reached a peak in their numbers and influence. Since then many have ceased posting new articles, or simply vanished. The generation that took to the web around 25 years ago are now trying to retire, sick of spam comments and the vitriolic spite of those that abuse them. Unsurprisingly the next generation are less enthusiastic about taking to their blogs, leaving some to make money from ephemeral video performances.

If there’s one thing that Google could have done to further the decline of the remaining online publications and blogs it’s to plunder their contents, massage their words with the aid of an LLM, and present those as overviews. When you’ve researched an article over several days and spent many hours writing and illustrating it, it’s more than galling to see an AI present its paraphrase as its own work.

These AI overviews range from the accurate, through repetitious waffle, to those riddled with errors and contradictions. Had they been written by a human, I’d describe them as a shameless and inaccurate plagiarist who has little or no understanding of what they’re plagiarising.

You can see examples of this by making quick comparisons between Google’s AI overview and the articles that it links to. For instance:

• Ask Google “what is the boot volume structure in ios?” and compare that overview with this article. For added entertainment, try the same with iPadOS, and spot the differences.
• Ask “what does runningboard do in macos?” and notice how sources given date from 2019 and 2021, when RunningBoard had only just been discovered. Refer to a more recent account such as that here, to see how out of date that overview is, and how much it has changed in Sequoia.

There’s also an element of unpredictability in those overviews. Repeat one after a couple of minutes, and the results can be quite different.

Although Cloudflare has developed a method that enables commercial publishers to control Google’s ability to scrape their content and plagiarise it, for the great majority of us, there seems little we can do but watch page views continue to fall to levels below those before the Covid pandemic. If you’ve got something better to do with your time than write for your blog, this is when you get seriously tempted.

But Google is digging a deep hole for its future. As the supply of new content to feed its LLM falls, most new articles will be generated by AI. All it will have to plagiarise then will itself be plagiarism, and it will amplify its own errors. By not referring searches to content, Google will also have killed the geese that lay its golden eggs, and lost much of its advertising revenues.

We’ll then be back full circle to curated web directories of the remaining reliable sites.

With summer here at last, if you’re in the Northern Hemisphere, it’s time to head north away from the heat and spend a weekend exploring the fjords of Norway in the company of some of the nation’s great landscape artists. Today we’ll see the development of painting during the nineteenth century, then tomorrow we’ll conclude with the early twentieth century.

We start with the founding father of the golden age of painting in Norway, Johan Christian Claussen Dahl, who was born in Bergen, Norway.

In February 1827, Dahl painted one of the finest winter landscapes of a Norwegian fjord, Winter at Sognefjord. This is the largest and deepest of all the Norwegian fjords, shown deserted apart from a few crows gathered around the base of what appears to be a pinnacle of ice. This might be the famous Balder or Frithjof memorial stone at Leikanger.

Hans Gude was in the next generation, and in the earlier part of his career collaborated with fellow-countryman Adolph Tidemand.

Among the results of this collaboration are some of their most spectacular works, such as Bridal Journey in Hardanger (1848). Gude’s highly detailed and realistic landscape is set in the far south-west of Norway, in the region to the east of Bergen, where one of the world’s largest and most spectacular fjords carves its way from glacier to the sea.

Sandvik Fjord (1879) is Gude’s startlingly detailed depiction of a view from above Sandviken, now the northern suburbs of the Norwegian city of Bergen, looking to the west and the island of Askøy.

The most prolific of those who painted the fjords was Eilert Adelsteen Normann, who like many Norwegian artists of the century trained in Germany, in Düsseldorf. He was responsible for attracting many visitors to Norway, who bought his paintings, and in the early 1890s for helping Edvard Munch to success.

Normann’s From Romsdal Fjord, painted in 1875, is the earliest of his dated works that I have located. It shows the ninth longest fjord in Norway, carving its way through this huge mountain gorge. A small party of well-dressed people have arrived in small boats, for a picnic on a rock spit. A sailing boat is gliding slowly along the mirror surface of the water, and in the far distance is a steamer.

A couple of summers later, Normann returned to the same fjord and painted Romsdal Fjord (1877), using a similar formula for its staffage. Next to his signature, at the lower left, the artist states that this work was painted not in Norway but when he was back in Düsseldorf.

Munken gård in Esefjord was painted on the shore of this tributary to the mighty Sognefjord, in the south-west of Norway, near Normann’s summer cabin.

One of the regular passenger and cargo ferry services steams up an unidentified fjord in Normann’s The Steamship.

Sognefjord, Norway returns to Norway’s longest and deepest fjord, as it carves its way due east from the southern bulge of the coastline. This view features Normann’s favourite small craft, and the sky and rock have become very painterly.

Sognefjord is fed by meltwater from Jostedalsbreen, the largest glacier in continental Europe, and the Hurrungane mountain range, rising to its highest peak Store Skagastølstind, with an elevation of 2,405 metres (7,890 feet). Like several Norwegian mountains, that was first climbed by the English mountaineer William Cecil Slingsby, on 21 July 1876. Slingsby made many first ascents in Norway during his thirty-year climbing campaign there from 1872, and is often regarded as the father of Norwegian mountaineering.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: It came with a tumbler from Camelot in 1993, then opened in 2008.

2: Replacement for 3 to avoid royalties with transparency has just turned three.

3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.