The history of clocks is a story of largely unwanted technical capability driven by the requirement for accurate navigation, until the arrival of railways in the middle and late nineteenth century. Until people needed to catch a train run according to a timetable, even towns and cities could proceed at their own pace, and as long as they got the right day, the country could amble along too. Clocks were mostly features of churches and public buildings, and often weren’t even synchronised with the next town. Accordingly, clocks were rare, and were more items of furniture than rulers of the day.

Where they do appear in paintings before the nineteenth century, they’re normally an anachronism.

The title given to this painting by Domenico Maroli from about 1655 is Euclid of Megara Dressing as a Woman to Hear Socrates Teach in Athens, which is baffling enough. Given that Euclid of Megara lived between about 435-365 BCE, the ornate clock at the upper right corner is badly out of time and place. No one is too sure of the time that such clocks first appeared, but it must have been at least 1500 years later.

It gets worse, though. Euclid of Megara was a real figure, a minor Greek philosopher and a pupil of Socrates. He ended up wearing women’s clothing because citizens of Megara were banned from entering Athens, so in order to hear his master’s teaching, he dressed as a woman and entered the city after dark. But Marolì confused that Euclid with the much better-known Euclid of Alexandria, the famous mathematician and geometer, and surrounded the minor philosopher with everything you might associate with the other Euclid, including his anachronistic clock.

When we reach the nineteenth century, clocks feature in remarkably few interiors.

One of the earliest is William Holman Hunt’s The Awakening Conscience, painted during the period 1851-53. Sat in its glass bell case on the top of the piano it an ornate gilt clock, its face turned away but apparently showing the time as five to twelve.

The fashionable young man seated at the piano in this small house in the leafy suburbs of London is clearly in an extra-marital relationship with the young woman, who has half-risen from his lap and now stares absently into the distance. Around them are signs that she’s a kept mistress with time on her hands. Her companion, a cat, is under the table, where it has caught a bird with a broken wing, a symbol of her plight. At the right edge is a tapestry with which to while away the hours, and her wools below form a tangled web in which she is entwined.

Thomas Brooks’ painting of The New Pupil from 1854 shows a disorderly rabble in an English country school, as a mother introduces her reluctant son to his new class. Behind the teacher, at the left, one the boys reaches up to adjust the time on the pendulum clock on the wall, no doubt moving its hand forward to bring a premature end to classes for the day.

Charles Hunt’s Visit to the Schoolroom from 1859 shows a more impressive educational establishment, with a grandfather clock supervising the class from the middle of the back wall. To the left of it is a barometer, even more unusual in a school at that time.

In Rebecca Solomon’s The Appointment from 1861, a beautiful woman stands in front of a mirror and looks intently at a man, who’s only seen in his reflection and stands in a doorway behind the viewer’s right shoulder. The woman is dressed to go out, and is holding a letter in her gloved hands. The clock on the mantelpiece shows that it’s about thirteen minutes past seven, either on a summer’s evening, or in the morning.

Another splendid longcase clock, of a type known as Comtoise or Morbier, appears in the right background of Pascal Dagnan-Bouveret’s An Accident from 1879. At this time, the factory making them in the Franche-Comté region of France was delivering over sixty thousand of them each year, but they’re unusual in paintings.

Viktor Mikhailovich Vasnetsov’s Russian Preference (1879) shows three players of the game known as ‘Russian Preference’ or Preferans. According to the grandfather clock at the right it’s just after four o’clock, which could be in the afternoon or the small hours of the morning. Cast natural light in the doorway suggests it’s still daylight outside, though, as these three play cards to while away the time.

Like those homes, that in Évariste Carpentier’s undated The Reprimand may lack signs of material wealth but they have given their grandfather clock pride of place in the living room. The son is sat on the corner of a simple table with one of his wooden clogs dropped onto the floor. Dressed in multiply patched clothing, he’s being reprimanded by a figure out of the image, beyond its left edge. His mother stands preparing food to the right, and his grandmother sits at the table. Even the family’s black and white dog faces towards the wall, as if in disgrace.

Long before the days of radio let alone television, reading became popular entertainment. LA Ring’s Housewife’s Evening Party from 1905 shows a very different sort of party from those being painted at the time in cities like Paris. This housewife sits knitting, as her husband and a friend discuss a book by the light of the kerosene lantern. They aren’t poor by any means: there are portrait paintings on the wall, and a clock ticking softly above them, showing the time as seventeen minutes to eight.

During the twentieth century, mantelpiece clocks became almost universal, as timekeeping became the rule rather than an exception, but longcase clocks grew increasingly rare. Now it seems few younger people can even read the face of an analogue clock.

As those running macOS 15 Sequoia are only too painfully aware, the way that XProtect’s data is updated has changed from that still used in older versions of macOS. Instead of accessing that data in XProtect.bundle in the path /Library/Apple/System/Library/CoreServices, in Sequoia the data used is in /private/var/protected/xprotect. While the old location can still be updated using Software Update, SilentKnight and softwareupdate, the only way to update the copy in the new location is using the xprotect command tool, which normally obtains its updates through a connection to iCloud.

Updating in Sequoia

Since Sequoia 15.0, there has been a way to update data in the new location from XProtect.bundle in the old location, using the command
sudo xprotect update
If that finds a newer version of the bundle in the old location, it installs its contents in the new location, so updating XProtect in Sequoia. At least, it did until the release of Sequoia 15.3 or 15.3.1.

When Apple released XProtect version 5288 on 26 February, it did so through both connections, and all versions of macOS were able to update promptly and successfully. That didn’t work with its successor 5289 on 4 March, though. Although the Software Update version was successfully updated in the old location to 5289, no iCloud update was made available, and sudo xprotect update proved unable to update from that to the new location.

This has left those running Sequoia 15.3.1 with version 5289 in the old location, but 5288 stuck in the new location. As Apple doesn’t tell us of these updates, nor of how XProtect is supposed to work in Sequoia or earlier, it’s impossible to tell whether this is intended, or an unintended failure.

Which rules does XProtect now use?

One potential explanation is that XProtect has returned to using its old location for the Yara rules, in /Library/Apple/System/Library/CoreServices/ XProtect.bundle/Contents/Resources/XProtect.yara. That’s fairly easy to check in the log, where it states the location of the rules it’s using to check an app for malware. The answer is
com.apple.xprotect Using XProtect rules location: /var/protected/xprotect/XProtect.bundle/Contents/Resources/XProtect.yara
that’s the new location for Sequoia, and hasn’t changed since 15.0.

How does macOS now update the correct rules?

By chance, a few minutes after I had started my Mac mini M4 Pro yesterday, I opened SilentKnight and discovered that XProtect had successfully been updated to version 5289, something it wouldn’t do the previous evening following its release. At that time:

• XProtect in its old location had been updated to 5289 the previous evening.
• SilentKnight now reported XProtect in its new location was 5289.
• sudo xprotect check reported the version in iCloud was still 5288.
• sudo xprotect update reported that it was already up to date.
• xprotect version reported that 5289 had just been installed, about 2.5 minutes after starting up.

This was an ideal opportunity to discover how XProtect had updated this time, by looking in the log with LogUI. That showed the update had been dispatched as a background activity by DAS, with ID com.apple.security.syspolicy.xprotect-update. That’s a scheduled background activity run every 24 hours, and in this case appears to have been dispatched because of the recent boot.

That activity connects to XProtectUpdateService, which then runs the check and updates as necessary, connecting to iCloud using CloudKit. On this occasion it ‘found’ the 5289 update, although maybe in its old location rather than in iCloud, and updated XProtect’s data in its new location.

How to keep XProtect up to date

From this experience, bearing in mind that everything might change again in the future, my advice is to:

• Check for updates as usual using SilentKnight, Software Update, or softwareupdate.
• When offered an update by any of those, install it gratefully.
• Run SilentKnight a few minutes later. If that update isn’t reflected in the version shown, restart your Mac and leave it for 10 minutes or so before checking again.
• If it still doesn’t update correctly, check again in about 24 hours, by which time DAS should have dispatched com.apple.security.syspolicy.xprotect-update with any luck.

I suppose that’s progress?

The world still looks to Paris for the height of fashion in clothing, a phenomenon already well-established by the late nineteenth century. This of course included hats, and in this second article on the reading of hats in paintings, I show a selection of works illustrating fashionable headwear of that period. These are the works of just five painters who seem, in one way or another, to have specialised in fashionable women’s headwear: Georges Clairin, Jean Béraud, Pierre-Georges Jeanniot, Henri Gervex and Edgar Degas.

Georges Clairin’s undated Elegant Couple at the Coast comes not from the Rococo, but as indicated by the painterly style of the slippery rocks, was most probably painted in the early years of the twentieth century. It’s a study of one of the few disadvantages of hats, particularly extensive fashionable adornments, in their behaviour in wind. The very pink young galante woman is a textbook example of how to make a figure look windswept, although her partner seems mysteriously to be unaffected by the breeze.

The English word for specialists in fashionable hats for women, milliner, comes from that for an inhabitant of Milan, one of the former centres of the hat trade in Europe. Milliners and their shops were associated with the height of fashion, and drew the attention of Edgar Degas among others.

Degas looked carefully at one of the delights of the middle and upper class modern woman, the selection of hats in The Millinery Shop (1879/86). Here he also experiments with unusual views and cropping, as he examines the tricky process of assessing and choosing a hat.

Around this fashionably-dressed Milliner on the Champs Elysées, Jean Béraud carefully balances painterly background foliage and sky, and the atmospheric detail of distant carriages. His Milliner on the Pont des Arts from 1879-82 (below) shows the same model drawing admiring looks on a windy day by the River Seine.

Pierre-Georges Jeanniot’s At the Milliner (1901) contrasts with those of Degas in its relatively fine detail, and his use of mirror play to show the milliner herself, at the right. His swirling hats, and the huge ginger cat, are marvellous.

Millinery was one of the staples of fashion houses like that of Paquin, whose success was characteristic of the late nineteenth century, and shown in Henri Gervex’s Five Hours at Paquin’s from 1906.

The purpose of these expensive hand-made hats was for show, when the lady was seen in appropriate surroundings. Jeanniot’s painting of the patrons of one of the most fashionable hotels in Paris shows all the hats out on parade in the fine weather in the inner garden of the Paris Ritz.

Others captured the role of hats to those heading downward through society.

In Béraud’s The Letter (1908) the man looks rough and is unshaven, although the woman is elegantly dressed, and apparently engaged in writing a letter. In front of each of them is a glass of absinthe, notorious for its association with alcoholism. His battered old brown bowler hat suggests a working past before he succumbed to drink.

Although I’ve concentrated almost exclusively on hats seen in Europe on the head of Europeans, the nineteenth century was also a time when hats from overseas were becoming more frequent sights.

Georges Clairin’s paintings of Ouled Naïl women provide glimpses of those from this nomadic group from the foothills of the Atlas Mountains. Exotic they certainly are, with elaborate headwear, richly decorated clothing, and no doubt over their identity.

Of all the artists of this period, it was Clairin who appears to have been most fascinated by hats.

His extraordinary Bust of a Woman in Profile (1899) is perhaps a sea-nymph, wearing the most bizarre headgear that appears to have grown from coral. It has peculiar pedicles which sweep over her hair, and excrescences resembling the bodies of fabulous birds, making it the ultimate hat of them all.

With more new M4 Macs in the offing, one question that I’m asked repeatedly is whether you should save money by getting a Mac with the smallest internal SSD and extend that using cheaper external storage. This article considers the pros and cons.

Size and prices

In Apple’s current M4 models, the smallest internal storage on offer is 256 GB. For the great majority, that’s barely adequate if you don’t install any of your own apps. It might suffice in some circumstances, for example if you work largely from shared storage, but for a standalone Mac it won’t be sufficient in five years time. Your starting point should therefore be a minimum of 512 GB internal SSD. Apple’s typical charge for increasing that to 2 TB is around $/€/£ 600.

The alternative to 2 TB internally would be an external 2 TB SSD. Unless you’re prepared to throw it away after three years, you’ll want to choose the most versatile interface that’s also backward compatible. The only choice here is Thunderbolt 5, which currently comes at a small premium over USB4 or Thunderbolt 3. Two TB would currently cost you $/€/£ 380-400, although those prices are likely to reduce in the coming months as TB5 SSDs come into greater supply.

Don’t be tempted to skimp with a USB 3.2 Gen 2 external SSD if that’s going to be your main storage. While it might seem a reasonable economy now, in 3-5 years time you’ll regret it. Besides, it may well have severe limitations in not Trimming as standard, and most don’t support SMART health indicators.

Thus, your expected saving by buying a Mac with only 512 GB internal storage, and providing 2 TB main storage on an external SSD, is around $/€/£ 200-220, and that’s really the only advantage in not paying Apple’s high price for an internal 2 TB SSD.

Upgrading internal storage in an Apple silicon model currently isn’t feasible for most users. As Apple doesn’t support such upgrades, they’re almost certain to invalidate its warranty and any AppleCare+ cover. That could change in the future, at least for some models like the Mac mini and Studio, but I think it unlikely that Apple would ever make an upgrade cheaper than initial purchase.

External boot disk

One of the few compelling reasons for choosing a Mac with minimal internal storage is when it’s going to be started up from an external boot disk. Because Apple silicon Macs must always start their boot process from their internal storage, and that Mac still needs Recovery and other features on its internal SSD, you can’t run entirely from an external SSD, but you could probably get away with the smallest available for its other specifications, either 256 or 512 GB.

Apple silicon Macs are designed to start up and run from their internal storage. Unlike Intel Macs with T2 chips, they will still boot from an external disk with Full Security, but there are several disadvantages in them doing so. Among those are the fact that, on an external boot disk, FileVault encryption isn’t performed in hardware and is inherently less secure, and AI isn’t currently supported when booted from an external disk. Choosing to do that thus involves compromises that you might not want to be stuck with throughout the lifetime of that Mac.

External media libraries

Regardless of the capacity of a Mac’s internal storage, it’s popular to store large media libraries on external storage, and for many that’s essential. This needs to be planned carefully: some libraries are easier to relocate than others, and provision has to be made for their backups. If you use hourly Time Machine backups for your working folders, you’ll probably want to back up external media libraries less frequently, and to different external storage.

External Home folder

Although it remains possible to relocate a user’s entire Home folder to external storage, this seems to have become more tricky in recent versions of macOS. Home folders also contain some of the most active files, particularly those in ~/Library, so moving them to an external SSD is going to require its good performance.

A more flexible alternative is to extend some working folders to external storage, while retaining the Home folder on internal storage. This can fit well with backup schedules, but you will still need to ensure the whole Home folder is backed up sufficiently frequently. This does have an unfortunate side-effect in privacy protection: this may require most of your working apps to be given access to Removable Volumes in the Files & Folders item in Privacy & Security settings. Thankfully, that should only need to be performed once when first using an app with external storage.

How much free space do you need?

When you’re weighing up your options to minimise the size of your new Mac’s internal storage, you also need to allow sufficient free space on each disk. APFS is very different from HFS+ in this respect: on external disks, in particular, HFS+ continues to work happily with just a few MB free, and could be filled almost to capacity. APFS, modern macOS and SSDs don’t work like that.

Measuring how much free space is needed isn’t straightforward either, as macOS trims back on its usage in response to falling free space. Some key features, such as retaining log entries, are sacrificed to allow others to continue. Snapshots can be removed or not made. Perhaps the best measurements come from observing the space requirements of VMs, where total virtual disk space much below 50 GB impairs running of normal functions. That’s the total size of the virtual disk, not the amount of free space, and doesn’t apply when iCloud or AI are enabled.

The other indicator of minimum free space requirements is for successful upgrading of macOS, which appears to be somewhere between 30-40 GB. This makes it preferable to keep an absolute minimum of around 50 GB free at all times. When possible, 100 GB gives more room for comfort.

SSD wear and performance

When the first M1 Macs were released, base models with just 8 GB of memory and 128 GB internal SSDs were most readily available, with custom builds (BTO) following later. As a result, many of those who set out to assess Apple’s new Macs ended up stress-testing those with inadequate memory and storage for the tasks they ran.

Many noticed rapid changes in their SSD wear indicators, and some were getting worryingly close to the end of their expected working life after just three years. Users also reported that SSD performance was falling. The reasons for those are that SSDs work best, age slowest, and remain fastest when they have ample free space. One common rule of thumb is to keep at least 20-25% of SSD capacity as free space, although evidence is largely empirical, and in places confused.

The simplest factor to understand is the effect of SSD size on wear. As the memory in an SSD is expected to last a fixed number of erase-write cycles, all other things being equal, writing and rewriting the same amount of data to a smaller SSD will reach that number more quickly. Thus, in general terms and under the same write load, a 512 GB SSD will last about half as long as a 1 TB SSD.

All other things aren’t equal, though, and that’s where wear levelling and Trim come into play. Without levelling the number of erase-write cycles across all the memory in an SSD, some would reach their limit far sooner than others. To tackle that, SSDs incorporate mechanisms to even out the use of individual memory cells, as wear levelling. The less free space available on an SSD, the less effective wear levelling can be, giving larger SSDs a significant advantage if they also have more free space.

Trimming is performed periodically to allow storage that has already been made available for reuse, for example when a file has been deleted, to be erased and made ready. Both APFS and HFS+ will Trim compatible SSDs when mounting a volume, but Trim support for external SSDs is only provided by default for those with NVMe interfaces, not SATA, and isn’t available for other file systems including ExFAT. Some SSDs may still be able to process available storage in their routine housekeeping, but others won’t. Without Trimming, an SSD gradually fills with unused memory waiting to be erased, and will steadily grind to a halt, with write speeds falling to about 10% of new.

Thus, to ensure optimum performance and working life, SSDs should be as large as possible, with much of their storage kept free. Experience suggests that a healthy amount of free space is 20-50% of their capacity.

Striking the best compromise

Apple silicon Macs work best and fastest when largely running from their internal SSDs. By all means reduce the capacity required by moving more static media libraries, and possibly large working folders, to an external SSD. But there’s no escaping the evidence that your Mac will work best and longest when its internal storage has a minimum of 20% free at all times, and you must ensure that never falls below 50 GB free space. Finally, consider your needs not today, but when you intend replacing that Mac in 3-5 years time, or any savings made now will prove a false economy.

Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5289, and to XProtect Remediator for all macOS from Catalina onwards, to version 151. As usual, Apple doesn’t release information about what security issues these updates might add or change.

Yara definitions in this version of XProtect add two new rules for MACOS.TAILGATOR.RST.CT and MACOS.TEPIDTEA.

XProtect Remediator doesn’t change the list of scanner modules.

There is a new Bastion rule 13 for the behavioural version of XProtect (Ventura and later). This watches for execution of PasswordManagerBrowserExtensionHelper in CoreServices, in the App Cryptex, and makes an immediate report with the Signature Name of macOS.PasswordExtension.Exec if that occurs.

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-151 and XProtectPlistConfigData_10_15-5289.

Sequoia systems only

This update hasn’t yet been released for Sequoia via iCloud. If you want to check that manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5289 but your Mac still reports an older version is installed, you can force the update using
sudo xprotect update

This version is currently only available via Software Update, softwareupdate, or in SilentKnight, and not via iCloud. If your Mac is running Sequoia and you download it that way, the xprotect update command might take a while to use that downloaded version to update your Mac properly. As a result, the version of XProtect shown may remain at 5288, but should later change to 5299.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

Updated 1720 GMT 5 March 2025 following a ‘spontaneous’ update at 1631, although sudo xprotect check is still reporting the old version.

I have just replaced LogUI 1.0 build 25 with build 27. This:

• completes support for Signposts by including them in RTF files,
• changes the Settings dialog to use Full Fields for consistency,
• updates technical info with a link to original source code.

You can now download build 27 from here: logui127
or from the link in the original article.

It wasn’t that long ago that it was most unusual to go out without wearing a hat. Although they’ve made something of a comeback in recent decades, in much of the world they’re still far from popular unless it’s unusually cold. In this week’s two articles about the reading of paintings, I show a selection where reading the hats can be useful. However, I avoid two other types of headgear that commonly appear in art, as they’ve been covered elsewhere: helmets and halos.

People have put hats on their head since long before recorded history. Some distinctive forms of hat have unusual histories, and puzzling representations in art. Among the many quirks in the amazing paintings of Hieronymus Bosch are figures in or wearing funnels.

Their origin goes back to the Jewish diaspora of the Middle Ages, when Ashkenazi Jews (in particular) migrated to northern Europe, from about 800 CE. Predominantly Christian powers sought to make visible signs to distinguish Jews, and to a lesser extent Muslims, from local Christians, and for many centuries the migrants were persecuted, confined to Jewish ghettos, and generally kept in isolation as much as possible.

One common discriminatory technique employed in much of northern Europe was to require Jews to wear distinctive hats. This played on religious requirements for Jews to cover their heads, and the fact that most people wore hats when outdoors. The patterns of Jewish hat most often recorded are pointed or conical, and some have highly distinctive ‘bobbles’ at the top.

This detail from the centre panel of Bosch’s Haywain Triptych from about 1510-16 shows some unusual headgear probably derived from the appearance of the Jewish hat.

They’re also to be seen in more recent historically accurate depictions of the Middle Ages, as shown by Carl Gustaf Hellqvist in the right of his wonderful large history painting of Valdemar Atterdag Holding Visby to Ransom, 1361 (1882). There’s a rich range of military helmets, and one obvious conical hat being worn by a Jew, seen in the detail below.

In time, conical hats remained visible signs of discrimination. Charles Hunt’s Visit to the Schoolroom from 1859 shows the range of hats worn by children, and at the far right a dunce stands on a chair wearing the trademark conical hat.

As with all forms of clothing and personal decoration, hats have long been objects of fashion, used by individuals to distinguish and adorn, and feed their personal vanity. One of the best examples of this is in Bartholomäus Strobel’s long panoramic view of the Decapitation of Saint John the Baptist at Herod’s Banquet from about 1630-33.

Gathered in this grand banquet are many ranks of nobility wearing contemporary dress with an astonishing range of headgear, from armoured helmets to feathery confections. At the far right, the executioner stands by John’s headless corpse, a large pool of bright blood on the ground where its head once lay. A young woman (who might be Salome) looks up to heaven, her hands clasped in prayer, while an older woman (presumably Herodias) chats with the executioner.

During the English Civil War of 1642-51, hats assumed an even greater importance, to distinguish the two sides, so-called Cavaliers and Roundheads.

William Frederick Yeames’ And when did you last see your Father? indicates this in the Puritan dress of conical hats and plain clothes. This contrasts with the opulent silks of the mother and children, who are clearly Royalists. The young boy is being questioned, presumably as given in the title, for him to reveal the whereabouts of his Cavalier father, an act that’s bringing anguish to his sisters and mother.

Not to be outdone by their subjects, Kings and their bishops had to have their own hats in the form of crowns and mitres.

Probably the most famous depiction of any major coronation is that of Raphael and his workshop in this fresco of the Coronation of Charlemagne from 1514-15, with its serried ranks of mitres and just the one crown to rule them all. The rows of bishops here wear what is the exact opposite of the monks’ bare tonsured heads.

It didn’t take long for the church and other organisations to express rank and superiority in subtle variations of hat.

Raphael’s magnificent Portrait of a Cardinal from 1510-11 pays particular attention to the surface textures of the fabrics. Three quite distinct fabrics are shown in the cardinal’s choir dress: the soft matte surface of the biretta on his head, the subtly patterned sheen of his mozzatta (cape), and the luxuriant folds of his white rochet (vestment). In that scarlet biretta is great power.

Some well-known characters in paintings are instantly recognisable by their hat, in this case the Florentine poet Dante, shown below with Virgil as they are being ferried in the Inferno.

In 1822, the young Eugène Delacroix painted this Barque of Dante, one of his finest narrative works, showing Dante and Virgil crossing a stormy river Acheron in Charon’s small boat. Dante is inevitably wearing his signature red chaperon. This had evolved before 1200 as a hooded short cape, and developed into variants that remained popular until becoming unfashionable in about 1500. For his part, Virgil wears a laurel wreath honouring an epic poet of his stature.

Some of these ancient hats have been perpetuated in formal dress, such as that worn by academics for ceremonial.

In Jean Béraud’s undated The Thesis of Madeleine Brès or The Doctoral Jury he shows us one of the early woman doctoral students defending her thesis before the academic jury, who are wearing what might now appear to be fancy dress hats. At the time this was a major landmark in the improvements in women’s rights, and the archaic headwear serves to emphasise that change.

Finally, hats aren’t always good signs, but can signify the sinister and worse. Although most of us associate the silk top hat with elegant opulence, in its day it gained some dark associations.

Jean-Louis Forain’s Dancer and Admirer Behind the Scenes from 1903 whispers its disturbing message of the association between the top hat and white tie, and under-age prostitution that was rife at the time among dancers of the Paris ballet. It’s not just the hat, but the context in which it’s worn.

Last week I introduced my new prototype log browser, LogUI, which seems to have been popular with many. As I now use it in preference to its predecessor Ulbow, I’ve spent a little time adding some new and improved features to bring you version 1.0 build 25. Changes include:

• support for discontinuous selection of log entries,
• support for copying text from selected log entries,
• subsystem names are now case-insensitive,
• support for Signposts,
• window names change to include the start time of each log excerpt,
• RTF saved file names change to reflect the start of each log excerpt.

Settings

These now let you set app defaults for displaying full log entries, and for fetching and displaying Signposts.

Browser controls

The only addition to these is the option to Show Signposts. When that’s ticked, Get Log also fetches all Signposts during the set period, and displays them inline with regular log entries.

LogUI now supports all types of log entry:

• regular log entries,
• Activities, events such as clicks/taps and others,
• Boundaries, markers such as the start of the boot process,
• Signposts, used to record significant steps and assess performance.

Signposts have their own custom fields, including signpost ID, name, and type, which are displayed when Full Fields are enabled. The only caution with Signposts is that they can outnumber regular log entries, so if you don’t need to see them, it’s better to leave them turned off.

I’m grateful to Joe for asking for the subsystem to be case-insensitive. This means that you can enter com.apple.TimeMachine or com.apple.timemachine as the subsystem and LogUI will display entries with a subsystem name of com.apple.TimeMachine for both. No longer will case trip you up.

Log entries

The biggest changes are in the selection and copying of log entries. You can now select log entries in a browser window. Selections can be multiple continuous using the Shift key modifier, and discontinuous using the Command key modifier. When one or more entries have been selected, you can then copy their text contents using the Copy command or Command-C. Copied text can then be pasted into an app that supports handling of text items in the Clipboard.

Because there are many different fields possible in each entry, copied text consists of a standard set:
date level sender process subsystem message
each separated by a Tab character.

If you want more fields with colour, save the log excerpt in RTF, open it in an RTF editor and copy from that.

If you’re a developer and are wondering how I have implemented this copy feature for a SwiftUI List, let me know and I’ll explain how I managed to pin this tail on the donkey while I was blindfolded, or how persistent guessing overcame the absence of documentation or example code.

Naming

To distinguish between windows and saved RTF files, LogUI now automatically names and renames its windows and the default file names suggested when saving files. Names are based on the Start date and time of the current log excerpt in that window. To begin with, when there’s no log extract, each new window is named LogUI. When it gains its first extract, the date and time are appended to that, e.g. LogUI 2025_03_03_08-14-00, and a similar default file name is offered. When you obtain a new log excerpt in the same window, those names are updated to reflect the changed Start date and time.

Help book

This has been updated to include all these changes.

LogUI 1.0 build 27 is now available from here: logui127
It still requires a minimum macOS version of 14.6, I’m afraid, because of the SwiftUI features it has to rely on.

Enjoy!

Postscript

I have replaced build 25 with 27. This completes support for Signposts, by including them in saved RTF files. I’ve also taken the opportunity to make a small correction in the Settings dialog, and to add a link to the technical info to the log access source code.

Ovid closed Book Twelve of his Metamorphoses with the death of the great Greek warrior Achilles at Troy. As was customary, his arms and armour were then to be passed on to a successor. As they had been made specially for him by the god Vulcan (Hephaestus), they were particularly sought-after. Two contenders emerged, Ajax the Great and Ulysses. Agamemnon therefore summoned his leading warriors to determine who was to be given these unique arms and armour.

Ovid uses the speeches of Ajax and Ulysses as a means of quickly summarising some of the action that had taken place in the war against Troy up to this moment.

Ajax puts his case first. He claims that, when Hector tried to set fire to the Greek fleet, it was he who stayed to fight the Trojans. He mentions that Ulysses was late joining the combat, as his rival had feigned madness, but he had been there from the start. When his colleague Philoctetes was dying, Ulysses had abandoned him to die alone. Ajax even had to save Ulysses on the battlefield, and finally he says that he needed a new shield as his current one was worn out with fighting, but Ulysses’ shield had barely been used.

Ajax concludes by proposing that the two should settle the matter in a fight, in which he feels Ulysses would stand no chance. This elicits applause from the surrounding crowd.

Ulysses doesn’t play to that gallery, but when he steps up, he delivers an eloquent argument to the leaders who are to make the decision. He says that he found Achilles hiding on the island of Scyros, and brought him to the war, so can claim Achilles’ successes as his. It was he who convinced Agamemnon to sacrifice Iphigenia in the first place, so enabling the thousand ships of the Greek fleet to sail on Troy. He had worked hard at diplomatic solutions during the first nine years of the war, when Ajax had done nothing. He had also convinced both Agamemnon and Ajax not to abandon the campaign.

Ulysses had killed a Trojan spy, Dolon, and unlike Ajax had been wounded in battle. He also denies Ajax’s claim to have saved the fleet from fire, arguing that had been Patroclus in disguise. Ulysses had later carried Achilles’ dead body from the battlefield, and will recover that of Philoctetes.

To emphasise that, at least in Ovid’s world of Metamorphoses, it is words that carry greater weight than deeds, Achilles’ armour is awarded to Ulysses.

Ajax’s response is sudden and shocking: he literally falls on his sword, and like Hyacinthus before, his blood is turned into the purple hyacinth flower, its leaves marked with the letters AI, both the start of Ajax’s name and a cry of grief.

This, created by the ‘Taleides Painter’ in about 520 BCE, shows the warriors being held apart as they vie for the arms and armour.

Leonaert Bramer’s small painting on copper of The Quarrel between Ajax and Odysseus was made between about 1625-30. The pair stand in their armour, next to tents pitched at the foot of Troy’s mighty walls. At their feet is the armour of Achilles, and all around them are Greek warriors, some in exotic dress to suggest more distant origins.

Just a year or two later, Ajax’s suicide appeared prominently in one of Nicolas Poussin’s greatest narrative paintings: The Empire of Flora.

Poussin painted this in early 1631 for someone named Valguarnera, who turned out to be a thief of uncut diamonds, whose prosecution in court enables its unusually precise dating. At that time it was simply known as Spring. It’s set in a garden, with trees in the left background, a flower-laden system of pergolas, a large water feature, and dancing putti. In this are a series of well-known characters, one of whom is Ajax, shown in the act of falling on his sword.

Poussin has already used the purple hyacinth for the death of Hyacinthus, so here places under Ajax a white carnation which will shortly turn blood red.

Ovid races through the final destruction of Troy and its nobility: the death of Priam, the herding together of the Trojan women to be taken as trophies, and the vicious murder of Astyanax, Hector’s young son, who is thrown from one of the city’s towers.

There are many paintings showing the sacking and destruction of Troy, of which my favourite, for its truly apocalyptic vision, is this, attributed to Gillis van Valckenborch.

The story of Astyanax is a relatively recent addition, and probably developed well after 700 BCE.

The clearest narrative painting showing this is Edouard-Théophile Blanchard’s winning entry for the Prix de Rome in 1868, The Death of Astyanax. It breaks convention in depicting Neoptolemus, Achilles’ vicious son, as a North African. Given that Achilles was the king of Thessaly, in central Greece, that seems a stretch of the imagination. Andromache pleads on her knees with the warrior to spare her son, her left hand vainly trying to prevent him from being slung from the wall. Two men cower in fear in the background. Two of Troy’s famous towers are shown, but there is no smoke or other evidence of a sacking in progress, neither is there any sign of King Priam.

Georges Rochegrosse enjoyed great success at the Salon in 1883 with Andromache, a huge and gruesome painting nearly nine metres (27 feet) high. She is at the centre, being restrained by four Greeks prior to her abduction by Neoptolemus. Her left arm points further up the steps, to a Greek warrior in black armour holding the infant Astyanax, as he takes him to the top, where another Greek is shown in silhouette, to murder him. There is death and desolation around the foot of the steps: a small pile of severed heads, a jumble of living and dead, and the debris of the sacking.

Jules Joseph Lefebvre won the Prix de Rome in 1861 with his Death of Priam; Georges Rochegrosse was later to become one of his students. A thoroughly conventional and Spartan Neoptolemus is just about to swing his sword at the prostrate figure of King Priam, who is lying on the floor by the altar to Zeus. Priam looks up at his killer, knowing that he has only seconds to live. Behind Neoptolemus is another body, presumably that of Priam’s son Polites. To the right, in the darkness behind, Queen Hecuba tries to comfort other Trojans. At the left, a young Trojan is trying to sneak away, back into the burning city, with smoke twisting its way into the dark sky.

I hope that you enjoyed Saturday’s Mac Riddles, episode 297. Here are my solutions to them.

1: Can still spin a disc with five between two five-hundreds.

2: Joins overhead and face together in shared video.

3: Railway inspector for the hound of Hades.

The common factor

I look forward to your putting alternative cases.

Some of the oldest privacy protections in macOS are those applied to devices such as cameras and microphones. In recent years, those have been extended to cover other types of device. This article covers the following items protected in macOS Sequoia, and listed in Privacy & Security settings:

• Bluetooth, can also be added by the user;
• Camera, requires the app to have both user text and entitlement;
• HomeKit data;
• Input Monitoring, to allow monitoring the mouse or trackpad, and keyboard, can also be added by the user;
• Local Network, to allow the app to find and communicate with network devices;
• Microphone, requires the app to have both user text and entitlement;
• Screen & System Audio Recording, to allow the app to record screen and/or audio, can also be added by the user;
• Speech Recognition, to allow access to speech recognition features.

In each case, access to the protected device is normally requested by the app, although those noted can also be added manually by the user. For an app to be allowed to access these devices, it normally has to provide text explaining why it’s doing that, and may be required to have an appropriate entitlement. In at least some cases, including camera and microphone, those are required, and an app that doesn’t provide both text and entitlement will be crashed by macOS if it tries to access that device.

In addition to those regular privacy protections, Intel laptops with T2 chips and Apple silicon laptops also feature hardware microphone disconnect, that automatically disables the microphone when their lid is closed. There is no override for that protection.

App requirements

Occasionally, when looking through the lists in Privacy & Security settings, you may come across apps that surprisingly have access to what appear to be inappropriate devices, or you may be confronted with an unexpected request for access. Don’t feel obliged to consent, but quit the app if it’s running and check its Info.plist and entitlements to establish whether this is legitimate and provides a valid reason.

This is easily accomplished using Mothers Ruin’s superb free Apparency. Open the app with that, and browse its Info Property List.

There you should see all the text it uses to populate its privacy requests. Each NS[name]UsageDescription should provide meaningful information about why the app is making that request. If you don’t see a good explanation there, then refer to the app’s documentation. Apple lists all these keys here. Note that Apple’s bundled apps don’t use text in their Info.plist and shouldn’t make privacy access requests, although its App Store apps should follow the same rules as those for third parties.

Then switch to the list of Entitlements for that app.

If the app uses cameras or microphones, you should there see respective entries for com.apple.security.device.* regardless of whether that app runs in a sandbox. You may also see additional com.apple.security.* entitlements for other protected features. Apple lists all those entitlements here.

So, for an app to make a legitimate request for access to a camera, you should see both

• NSCameraUsageDescription text in its Info.plist giving the reason for access, and
• com.apple.security.device.camera in its entitlements giving it that capability.

For access to a microphone, you should see both

• NSMicrophoneUsageDescription text in its Info.plist giving the reason for access, and
• com.apple.security.device.audio-input in its entitlements giving it that capability.

If you’re still not happy, delete the privacy setting or deny the app’s request. You can always accept the request at a later time if you wish.

Maintenance

There are times when we want to clear out some of the apps that we gave access to devices in the past. For those categories where you can remove individual settings, that’s usually the simplest course of action. But you can’t do that with camera and microphone access, for example. The only way to clear those categories is to reset them completely, then when each app requests access again to grant it to those you want to allow.

The only way to do this is in Terminal’s command line using the tccutil command tool. For example, to reset settings for microphones, enter the command
tccutil reset Microphone
and for cameras use
tccutil reset Camera

Apple doesn’t seem to document the names to be used for each category, but those worth trying according to circumstances include:

• Accessibility
• AddressBook (for the Contacts list)
• AppleEvents (for the Automation list)
• Calendar (note the singular, for the Calendars list)
• Camera
• Microphone
• Photos
• Reminders
• ScreenCapture (for the Screen Recording list)
• SystemPolicyAllFiles (for the Full Disk Access list)
• SystemPolicyDesktopFolder
• SystemPolicyDeveloperFiles (which doesn’t match any of the lists in privacy settings)
• SystemPolicyDocumentsFolder
• SystemPolicyDownloadsFolder
• SystemPolicyNetworkVolumes
• SystemPolicyRemovableVolumes
• SystemPolicySysAdminFiles (which doesn’t match any of the lists in privacy settings).

If only one or two apps are involved, then you can reset their settings with
sudo tccutil reset All com.vendor.appname
for the app with the identity com.vendor.appname, also easily discovered using Apparency.

Beyond that, a full reset can be performed using
sudo tccutil reset All
but that should remove all your consents, which would then need to be recreated one by one.

Summary

• Privacy & Security settings now control access to several types of device, including cameras and microphones.
• T2 and Apple silicon laptops have hardware microphone disconnect to disable their microphone when their lid is closed.
• Apps make requests to have access to protected devices, and some types can also be added by the user.
• Requests for access should give a meaningful reason, and some also require an entitlement.
• If in doubt, use Apparency to check their Info.plist and entitlements.
• Allow access only when you’re satisfied that it’s legitimate and for good reason.
• Device categories in Privacy & Security that can’t be changed by the user can be reset using the tccutil reset command with their category name.
• Be cautious about resetting all consents using sudo tccutil reset All as you’ll then have to recreate them all one at a time.

To follow yesterday’s account of the painting patronage of Isabella d’Este (1474-1539), Duchess of Mantua, today I look at her husband’s lover and one of the most famous femmes fatales, Lucrezia Borgia (1480-1519), Duchess of Ferrara, Modena and Reggio. She had no aspirations as a patron of the arts, and instead has been portrayed in several paintings.

Her father was Cardinal Rodrigo de Borgia, later to become Pope Alexander VI, and her mother was one of his several mistresses who were kept discreetly outside the city of Rome. She was born on 18 April 1480, and received an unusually broad education, becoming proficient in four main languages, as well as being able to read Latin and Greek.

Before she was even eleven years old, marriage was arranged for her, first with a Valencian noble, then with the Count of Procida. After her father became Pope, that was changed again to a second-rank count in the House of Sforza. Lucrezia married him when she was just thirteen, for the Pope’s political gain.

The papal court soon lost interest in the Sforzas, so the Pope ordered her husband’s execution. Lucrezia warned him, enabling him to flee, and their marriage was annulled on the basis of non-consummation, sparing his life. It’s generally thought that, while awaiting the annulment, Lucrezia had an affair resulting in her pregnancy, and the birth of a son, Giovanni Borgia, although two papal bulls were issued contradicting that, and one another.

When she was eighteen, Lucrezia was married a second time, to Alfonso d’Aragon, the Neapolitan half-brother of her brother-in-law. The following year it was she, rather than her husband, who was appointed governor of Spoleto, and a year later, in 1500, her husband was murdered, apparently on the orders of Lucrezia’s brother Cesare because of changing political allegiances.

Her father, the Pope, then arranged a third marriage, to Alfonso d’Este, the Duke of Ferrara, which proved both more lasting and productive of eight children. However, neither husband nor wife was faithful in the slightest: Lucrezia had a long and thoroughly physical affair with her brother-in-law Francesco Gonzaga, the Marquess of Mantua, Isabella d’Este’s husband, which he had to terminate when his syphilis became too overt to hide any longer.

Lucrezia also had a more emotional affair with the poet Pietro Bembo, who is now commemorated in the font of that name. She fell seriously ill after the birth of her tenth child in June 1519, and died on 24th of that month.

The closest that we have to a portrait of Lucrezia is this panel attributed to Dosso Dossi, and claimed to show Lucrezia Borgia, Duchess of Ferrara from some time between 1519-30. Inevitably that remains a matter of dispute, and doesn’t match contemporary descriptions of her having long and thick blonde hair.

It has been proposed that Lucrezia modelled for the title role of Pinturicchio’s wonderful fresco of St Catherine’s Disputation in the Borgia Apartments in the Vatican Palace. She would therefore be the woman wearing a red cloak over a patterned blue dress to the left of the centre foreground. As this was painted between 1492-94, she would only have been 12-14 at the time, and in the throes of her first marriage.

There are two other contemporary portraits claimed to be of Lucrezia, both painted by Bartolomeo Veneto, and otherwise unidentified.

Veneto’s early Portrait of a Young Lady, probably from about 1500-10, has been thought to have a Ferrarese origin, and one of the beads worn by her is inscribed ‘SAP’. Her hair isn’t blonde, and she’s dressed in sombre clothing bearing emblems of the Passion. If the dating of this work is correct, Lucrezia would have been in her twenties at the time.

The second of Veneto’s paintings claimed to show Lucrezia is more scandalous, and was probably completed shortly after her death. Known as an Idealised Portrait of a Courtesan as Flora (c 1520), it does at least show a blonde, but the Duchess of Ferrara exposing her left breast?

Had those been the only paintings possibly of Lucrezia Borgia, she would hardly have made her mark in art. But Dante Gabriel Rossetti developed an obsession with her, and revived her image on several of his watercolours in the late nineteenth century.

In the first, The Borgias painted in 1851, Rossetti has Lucrezia playing a lute in the midst of her family, two of her children dancing in front. All the figures look disturbingly sinister, particularly the man leaning on her right shoulder.

In 1860, Rossetti returned to her when his interest in her family was rekindled. In Lucrezia Borgia (1860–61), he shows Lucrezia washing her hands in a small sink after she has poisoned her husband Alfonso d’Aragon in 1500. Shown in cameo, in a reflection in the upper left, are Lucrezia’s father, the Pope, helping her husband to walk in order to hasten the effects of the poison and bring about his death. Rossetti revised her face at a later date.

Ten years later, in 1871, Rossetti returned to this same scene and composition, and painted Lucrezia Borgia again. The only minor change is the decoration on the tall pot under the sink.

Among Lucrezia’s children who survived to adulthood, one was the Duke of Ferrara for over fifty years, a second became Archbishop of Milan, and another – Leonora d’Este – was a nun and probably the composer of religious motets. The d’Este family, particularly Isabella, wife of Lucrezia’s lover and brother-in-law Francesco Gonzaga, were major patrons of art in the Renaissance. Isabella was patron to Bellini, Leonardo da Vinci, Mantegna, Perugino, Raphael, Titian, Correggio, Dosso Dossi, and others, but it was Lucrezia who inspired artists as recent as Dante Gabriel Rossetti.

Reference

Wikipedia.

‘Tis impossible to be sure of any thing but Death, Taxes and macOS updates.
(Modified with apology from the original, said by Toby Guzzle in Christopher Bullock’s play The Cobbler of Preston (1716), quoted in turn by Daniel Defoe and most famously by Benjamin Franklin in 1789.)

Last week my iMac Pro was updated against my wishes from macOS Sequoia 15.1.1 to 15.3.1. Although it wasn’t my intention, it proved a relief in two ways, first that my ageing iMac Pro survived the process without losing any data or dying completely, and second that I had at last caught a forced update red-handed. For some years I have been aware of many who suffered a similar fate, where they had been careful to avoid upgrading or updating macOS, but had eventually succumbed to it unwittingly. At last I was able to experience this at first hand, and capture log excerpts to discover just what happened.

Deceit

My conclusions were:

• Software update notifications tricked me into unwittingly agreeing to perform a macOS update.
• That update was expressly against my Software Update settings.
• I was given no second chance to confirm I intended the update to take place.
• The update was scheduled to be performed when my Mac was unattended.
• DAS scheduling and dispatch were unaware of the scheduled backups to be performed later that night, and dispatched the update at a time before those backups were scheduled. Had anything gone wrong in the update, I could have had to fall back on backups made nearly 24 hours earlier, and would have lost a whole day’s changes.

What I’d like to see is a change to the process initiated by opting to perform a delayed update, either later or that night. If the user opts for that, then Software Update should display a clear confirmation dialog, offering options to cancel the update or postpone it further. If the user does accept, then they should be offered a timeframe for the update to be performed, to allow it to be scheduled after any nightly backups.

Above all, the user should never be given a forced choice between updating now or later tonight, and there should always be a third option to defer further.

This has been a long-running flaw in the behaviour of macOS that has shocked and antagonised many users over several years. Although we’re all in favour of Apple encouraging and facilitating us to keep macOS up to date, there’s neither need nor excuse to do so by deceiving us by trickery. Deceit undermines confidence in both Apple and its products and is notoriously bad marketing and support.

This chart shows how I believe the process works, from the initial notification options to starting the update.

Opacity and persistence

During my investigation of how this unwanted update had occurred, I hadn’t expected to meet my old friend Duet Activity Scheduler (DAS). As I traced through the log extracts it became clear that, once the update had been scheduled by DAS, the only way to postpone or abort it would have been to shut the Mac down. Activities scheduled by DAS-CTS are hidden from the user, who has neither awareness nor control over them.

DAS and its linked XPC Activity subsystem, alias Centralised Task Scheduling or CTS, now manage over 500 background activities in macOS, including Time Machine backups and XProtect Remediator scans. They’re one of the few parts of the system that remains almost inaccessible. DAS manages lists of activities that can’t be inspected, and dispatches them according to opaque criteria. Once an activity is scheduled by DAS, there’s no way a user can remove it from its lists, so it will inexorably attain a score sufficient to pass that set by DAS as its threshold. For a few brief moments that activity will be visible among running processes, then vanish again into obscurity.

If I wanted to design persistent code that periodically harvests and send sensitive data to a remote server, DAS-CTS would be highly attractive. As there’s no way to inspect its scheduled activities, no security software could discover the existence of that activity, unless they were fortunate enough to catch it while it’s running briefly. Such activities don’t need a tell-tale LaunchDaemon or LaunchAgent, but can be arbitrary code in a completion handler within an apparently innocent app. They’re run using XPC, but without its formalities or restrictions.

DAS-CTS seems to rely largely on security through obscurity, and opening up inspection of its activity lists could be a valuable first step in preventing its abuse. It has enjoyed a decade since its release in 2014 apparently without being exploited, although its opacity makes it difficult to know that with any confidence. Perhaps it’s time for a reassessment.

This weekend I look at two Italian duchesses, today Isabella d’Este (1474-1539), Duchess of Mantua, and tomorrow her rival Lucrezia Borgia (1480-1519), Duchess of Ferrara, Modena and Reggio, and lover of Isabella’s husband.

Isabella d’Este was an unusually well-educated woman who became one of the best-known of all the Renaissance patrons of art. She was born to the Duke of Ferrara and his wife Eleanor of Naples in 1474, the oldest and favourite of their children. Her mother ensured she received an excellent education, even by male standards of the day, emphasising the classics including Greek and Latin. She seems to have struggled more in learning to read Latin, and in adult life received additional lessons to help her reading skills. She was particularly fond of music, singing and dancing, and learned to play several instruments including the lute and harpsichord. Her taste in music was predominantly secular.

When she was only six years old she was betrothed to Francesco, who was expected to succeed as Marquess of Mantua, a city and small province in Lombardy, about a hundred miles (160 km) from Venice. They were married by proxy ten years later, by which time the young Francesco had inherited both title and realm, which he was to rule until his death in 1519. He was also the commander-in-chief of the army of the Republic of Venice, which frequently took him away from their palace in Mantua. In 1509, he was held captive as a hostage in Venice, and wasn’t released for three years.

Although Isabella had eight children between 1493-1508, six of whom survived into adult life, a remarkably high figure for the time, her marriage was blighted by Francesco’s sexual incontinence. His most famous affair was with the notorious Lucrezia Borgia, which started in 1503, and only came to an end when Francesco contracted syphilis from his contacts with prostitutes.

In contrast, Isabella seems to have lived a virtuous life and became an accomplished statesman and diplomat, with shrewd political judgement even when dealing with the likes of Cesare Borgia. She saw Mantua promoted to a Duchy, and ruled it from the death of Francesco in 1519 until her son Federico came of age some years later. She still hankered after political involvement, and in 1527 moved to Rome. On her return to Mantua, she promoted the education of girls and finally took charge of the town of Solarolo until her death in 1539, at the age of 64.

Isabella started to collect objets d’art soon after she moved to her palace in Mantua. As far as paintings are concerned, she was foremost a collector who relied on the advice of others in the court, rather than a connoisseur in her own right. Surprisingly, her purchases had to be made from her own wealth, which was quite limited, and in times of hardship she resorted to pawning jewellery to raise funds. Her patronage concentrated mainly on music and sculpture. She was unusual for promoting women as singers and placing them in choirs. Her literary sponsorship was limited: she seems to have enjoyed swashbuckling stories of chivalry, such as those in Ludovico Ariosto’s Orlando Furioso, and was a loyal supporter of his work.

Her sponsorship and taste in paintings is largely reflected in the works she commissioned for her private study, her famous studiolo, which thankfully have been well preserved as they passed to the French Kings, and most are now in the Louvre as a result. Combined with records in her copious correspondence and a crucial inventory, her studiolo has been reconstructed in detail. Her period of collecting covered the appointments of two court painters in Mantua: Andrea Mantegna until his death in 1506, thereafter Lorenzo Costa. When Isabella was most active in collecting paintings in the early 1500s, Mantegna was around 70 years old, and Costa in his forties.

Mantegna arranged to be recommended to Isabella through her former tutor, but his first attempt to impress her with a portrait in 1493 met with a stony reception: Isabella declined it as being so badly painted that it didn’t resemble her.

Despite that discouraging start, her first commission for a painting for her study was awarded to Mantegna, for his painting of Mars and Venus, known better as Parnassus (1496-97). She had apparently grown to like his finely finished and old-fashioned tempera paintings, and the artist probably painted this largely in tempera, only for it to be repainted using oils after his death.

This refers to the classical myth of the affair between Mars and Venus, the latter being married to Vulcan, who caught them in bed together and cast a fine net around them for the other gods to come and mock their adultery. The lovers are shown standing together on a flat-topped rock arch, as the Muses dance below. To the left of Mars’ feet is Venus’ child Cupid aiming his blowpipe at Vulcan’s genitals, as he works at his forge in the cave at the left. At the right is Mercury, messenger of the gods, with his caduceus and Pegasus the winged horse. At the far left is Apollo making music for the Muses on his lyre.

It’s an unusual theme for a woman of the time to have chosen, although it has largely been interpreted with reference to a contemporary poem that seems less concerned with the underlying story of adultery exposed.

A couple of years later, Isabella returned to commission Mantegna to paint a more moralistic allegory of The Triumph of the Virtues, or Pallas Expelling the Vices from the Garden of Virtue (1499-1502), again largely in tempera. The scene is a garden with a pond, near a river meandering down to a lush valley in the distance. Inside its arched perimeter Pallas Athena, at the left with her distinctive helmet and shield, is chasing away figures representing the Vices.

At the far left is a tree representing Virtue Deserted, and to the right of Athena’s feet is the armless Vice of Idleness. Also in the pond is a centaur who carries a standing figure, usually read as Diana, on its back. At the far right is the Virtue of Prudence represented as a message from within her prison, and in the sky are the Virtues of Justice, Temperance and Fortitude.

An unusual and personal twist indicating the extent of Isabella’s involvement in this composition is Athena’s spear. Although one of her normal attributes, its head has broken off and rests on the ground. This is a reference to a broken lance that Francesco presented to Isabella following his command of the Holy League (Venetian) forces at the Battle of Fornovo in 1495.

After Leonardo da Vinci had painted The Last Supper, he visited the court at Mantua, where he made this chalk Portrait of Isabella d’Este (c 1499-1500). Isabella apparently disliked wasting time sitting for portraits, and this elegant profile is one of few known to have been made of her. Leonardo and Isabella corresponded afterwards, she inviting him to undertake commissions for her including one for a painting of Christ at the age of twelve, but he turned her offers down.

She was also unsuccessful in getting Giovanni Bellini to paint a proper commission for her. She had originally asked him in 1496 to paint an allegory, no doubt destined for her study, but by late 1502 she reluctantly wrote that she’d settle for a Nativity so long as it included Joseph, “the beasts” and Saint John the Baptist. Bellini refused to include the last of those, which she finally agreed to. His painting arrived in 1504, but that work now appears to be lost. Isabella asked Bellini a third time in 1505, promising not to hold him to any detailed description of the painting, but nothing came of that.

Isabella’s third painting was made by another artist reaching the end of his career, Pietro Perugino (1448–1523), who is believed to have taught Raphael. The latter may have been working for Perugino at the time that his former master painted The Combat of Love and Chastity in 1503, using Mantegna’s favourite medium of tempera despite Perugino’s accomplishment in oils.

Mantegna worked in Mantua, so little of Isabella’s correspondence gives insight into the process of his commissions. She had to write to Perugino, though, and there’s a trail of letters revealing how much detail she specified about this work, even supplying a drawing. Its theme is literary, as laid down in the contract by Isabella’s court poet, and shows a fight between the personifications of Love and Chastity, which may have worked well in words but doesn’t translate into visual art at all well.

It features a gamut of mythological figures in no particular order, including Apollo and Daphne, Jupiter and Europa, Polyphemus and Galatea, and Pluto and Proserpina – all couples in which the man abducted and/or raped the woman. In front is Pallas Athene about to kill Eros with a lance, and a more even match between Diana with her bow and Venus, who is singeing the huntress with a burning brand. Isabella laid out strict instructions, for example requiring that Venus, who is traditionally shown naked, was clothed. Even the owl perched in the branches of the sacred olive tree at the left was prescribed in the commission. When Perugino didn’t follow these, she protested, and on completion she wrote that it should have been better finished to set alongside her Mantegnas, and was clearly unimpressed. For this the artist was paid a mere 100 ducats.

Isabella then turned to Lorenzo Costa (1460–1535) for The Garden of the Peaceful Arts or The Crowning of a Female Poet (1504-06), painted in oil and tempera. Mantegna had originally been commissioned to paint this, but died before he could make much progress. Costa started from scratch, and under Isabella’s direction according to her poet’s literary theme produced this strange painting often known as an allegory of Isabella’s coronation, or construed as an account of Sappho’s career.

Figures identified include Diana, at the front on the right, and Cadmus, but reading this work coherently now seems impossible.

Another commission that Mantegna had started to work on before he died was completed by Costa in 1511, The Reign of Comus, again using tempera for a complex composition. Comus, ruler of a land of bacchanalia, sits talking to a near-naked Venus in the left foreground. Just to the right of the centre foreground, Nicaea is lying unconscious through alcohol, against Dionysus (Bacchus), who got her into a stupor so that he could rape her.

Under the arch is the unmistakable two-faced Janus with Hermes, apparently repelling potential newcomers to the bacchanal. In the centre is a small group of musicians, and various naked figures are cavorting in the waters behind.

Isabella is believed to have commissioned other paintings that weren’t destined for her study, including some religious works.

One surviving painting that appears to have been commissioned by Isabella but remained outside the private world of her study is by Francesco Bonsignori (1460–1519), who made this chalk study of Isabella d’Este in 1519.

Bonsignori’s painting of the Blessed Osanna Andreasi followed later that year. This beatified Mantuan woman was the daughter of a Gonzaga, who started reporting visions when she was only six. She rejected an arranged marriage and secretly took orders, becoming a Dominican tertiary. She developed stigmata, learned to read and write in a miracle, and became a mystic. She died in Mantua in 1505, and Isabella led the campaign for her veneration.

Isabella is shown in profile, kneeling at the left, with her lifelong friend Margherita Cantelma. On the right, among the Dominican nuns, is Isabella’s daughter Ippolita, one of three of her children who took holy orders.

Late additions to Isabella’s study were a pair of tempera allegories by Antonio da Correggio (1489–1534), Allegory of Vices (1529-30) above, and Allegory of Virtues (1531) below. The latter reflects a detailed commission, as it shows once again Pallas Athena holding the broken spear that Francesco had brought back from battle for Isabella.

Inevitably, her portrait was painted by Titian (1490–1576). The original version from 1523 was made from life, but in about 1536, when she was in her early sixties, she sent an old portrait made by Francia in 1511 for Titian to paint from, with suitably updated fashionable dress of the day. The result is the anachronistic Isabella d’Este, Duchess of Mantua, which flatters more than it reveals.

With few exceptions, Isabella’s commissions were very personal, so much so that their elaborate stories and allegories are now elusive. More than one of the artists who painted for her must, at some stage, have wished that she had learned to paint. Those masters were used as proxy craftsmen, to turn the words of her court poet into images for her study. No doubt she amazed distinguished guests by explaining their symbols and references when they were taken on a tour of her collection.

Isabella’s understanding of visual art was limited, her paintings fascinating, but of no consequence to the Renaissance or the history of painting. For the great masters of the day, who were changing art history by their paintings, Isabella’s commissions were to be avoided like the plague. They would have been archaic in style, stifled original creation, and could only have led to great dissatisfaction for all concerned.

Isabella d’Este was an outstanding example of what education and ability can achieve, and a great woman of any age. But as far as painting is concerned, her reputation as a great and influential patron is at best misleading.

References

Wikipedia.

Alison Cole (2016) Italian Renaissance Courts: Art, Pleasure and Power, Laurence King, ISBN 978 1 78067 740 8.
Christine Shaw (2019) Isabella d’Este, A Renaissance Princess, Routledge, ISBN 978 0 367 00247 3.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Can still spin a disc with five between two five-hundreds.

2: Joins overhead and face together in shared video.

3: Railway inspector for the hound of Hades.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Passwords and other secrets were little-used until the arrival of email and the Internet. Secure storage for them in keychains was developed for the PowerTalk mail engine in Apple Open Collaboration Environment (AOCE), and was first released in about September 1993, probably in System 7.1.1. When AOCE was dropped from Mac OS 8, keychains languished until their revival later that decade, and were probably first supported by the System in around 1999 in Mac OS 8.6.

Those early keychains were the ancestors of what’s now referred to as file-based keychains, in contrast to the data protection keychain that can be shared in iCloud. Although macOS Sequoia still supports classic keychains, their use was discontinued with the introduction of Mac OS X in 2001, when they were replaced with newer keychains supported by the SecKeychain API.

SecKeychains gained full support in Mac OS X 10.2 Jaguar in 2002, and ever since have provided the central login keychain still used in Sequoia over 20 years later. These are encrypted databases containing login credentials and other secrets. Each keychain can be unlocked using a single password, with that of the login keychain being the same as the user’s login password, enabling it to be unlocked following login.

With the introduction of iPhones and their iOS operating system, they didn’t use SecKeychains, but a new and more secure relative known as the Data Protection keychain, with a separate SecItem API. Although support for that was added in Mac OS X 10.6 Snow Leopard in 2009, it wasn’t until OS X 10.9 Mavericks in 2013 that Macs started using Data Protection keychains for their iCloud Keychain. Two years later, with OS X 10.11 El Capitan, SecKeychains and their ancestors were formally deprecated, although much of their APIs still remain.

Throughout Mac OS X and into macOS, the bundled tool for maintaining keychains has been Keychain Access provided in /Applications/Utilities. With the arrival of the iCloud Keychain, Safari provided access to passwords stored in the iCloud Keychain, and that was later augmented in a Passwords item in System Preferences and Settings.

Earlier versions of Keychain Access, such as that seen here in Mac OS X 10.4 Tiger in 2005, provided a valuable First Aid tool to verify and repair keychains. That was dropped some years ago.

After the introduction of iCloud Keychain, the login keychain has steadily lost importance. Here it’s seen at its zenith in Mac OS X 10.6 Snow Leopard.

This shows the login keychain again, in Keychain Access from OS X 10.10 Yosemite in 2014.

macOS Sequoia brought a dedicated app Passwords that only works with the Data Protection keychain, and relegated Keychain Access to /System/Library/CoreServices/Applications, where it can still be used to work with traditional file-based keychains as well.

login keychain

For each user, their default personal file-based SecKeychain is the login keychain, located in ~/Library/Keychains/login.keychain-db. This is unlocked automatically when the user logs in as it has the same password as that user account. It’s here that each user can still store certificates, secure notes, etc. for general use on that Mac.

Although kept unlocked, readable and writeable while the user is logged in, that doesn’t guarantee access to its contents. If an app makes a call to the macOS security system to retrieve a stored password for its use, that system determines whether the app is trusted to access that information, and whether that keychain is locked. Assuming the password is stored there, the app is trusted, and the keychain is unlocked, then the password is retrieved and passed back to the app. If the app isn’t trusted or the keychain is locked, then the security system, not the app, displays a distinctive standard dialog asking for the password to that keychain to authenticate before it will provide the password to the app.

Access to secrets is determined by the security system, the specific access it grants to an app, and to individual items in that user’s keychain. At its most restrictive, the system can limit all other apps from accessing a particular secret in the keychain, but specific secrets can also be shared across several different apps.

System keychains

For the system, there two two vital groups of keychains:

• in /System/Library/Keychains, in the SSV, are SystemRootCertificates and others providing the set of root security certificates for that version of macOS;
• in /Library/Keychains is the System keychain and others providing certificates and passwords required for all users, including those to gain access to that Mac’s Wi-Fi connections.

Data Protection keychain

Since OS X 10.9, Macs have also had one and only one Data Protection keychain that’s accessed using the SecItem API. If you share your keychain in iCloud, this is the local copy of that shared keychain and is known as iCloud Keychain; if you don’t share it in iCloud, then it’s known as Local Items instead. The local copy of this is normally stored in ~/Library/Keychains/[UUID]/keychain-2.db, where the UUID is that assigned to that Mac.

This Data Protection keychain stores all the standard types of secret, including internet and other passwords, certificates, keys and passkeys. Prior to macOS 11, it only synchronised internet passwords using iCloud, but from Big Sur onwards it synchronises all its content, including passkeys, which have now become first class citizens. Unlike file-based keychains, secrets in the Data Protection keychain can be protected by the Secure Enclave in T2 and Apple silicon Macs, and can therefore be protected by biometrics including Touch ID, and Face ID on iOS and iPadOS. Hence they’re required for passkeys, which can’t be supported by traditional file-based keychains.

Future

Much as Apple wants to support only the Data Protection keychain in macOS, there are still many that rely on the login and other file-based keychains. SecKeychain will thus remain supported reluctantly until macOS can finally call it a day on keychains that originated well over 25 years ago.

References

Apple TN3137: On Mac keychain APIs and implementations
Apple Keychain Services

Long before cities gained their bright lights they had plenty of inns and taverns where folk could consume alcoholic drinks until they couldn’t pay for them any more. Persistent drunkenness has been recognised as a problem since ancient times, but it wasn’t until the latter half of the nineteenth century that its consequences on health were reported. Of course, alcohol abuse also took place in the country, but it was in the towns and cities that it became most obvious and destructive.

In French cities like Paris the main culprit was seen as absinthe, produced from species of wormwood plants, and claimed to contain addictive and destructive drugs in addition to its high alcohol content. It was developed in the late eighteenth century, and popularised the following century, particularly among artists and writers.

Edgar Degas’ famous painting In a Café or L’Absinthe from 1873 laments the fate of those who ended up drinking it. Pale green to yellow in colour, it was normally diluted with water, turning it cloudy, as seen is this woman’s glass.

Absinthe wasn’t the only route to alcoholism, though, as shown in Édouard Manet’s Drinker of Bocks from about 1878-79. Bock is a strong and dark lager originally brewed in Germany, and was often viewed as the start of the descent to absinthe and oblivion. Its equivalent in England was barley wine, with its similarly high alcohol content.

In The Absinthe Drinkers (c 1880-81) Jean-François Raffaëlli followed from Degas, here with two down-at-heel men sat outside a bar.

The Drinkers, or Monday’s Work (1884) is one of Émile Friant’s first social realist paintings, showing two unemployed and unskilled men sat drinking together against an exterior wall. The hands of the more distant man are conspicuously grubby and unkempt, and a small dog looks on accusingly.

Jean Béraud’s Letter from 1908 gives a glimpse into the café culture of the years prior to the First World War. The man looks rough, and is unshaven, although the woman is elegantly dressed, and apparently engaged in writing a letter. His battered old brown bowler hat suggests a working past before he succumbed to absinthe.

Béraud’s more academic take on The Absinthe Drinkers from 1908 reworks Degas’ painting, with its two glasses of cloudy absinthe, soda syphon, and jug of water. As a bonus, at the top edge he lines up a parade of bottles containing alternatives.

As with Edvard Munch and so many other artists, Aksel Waldemar Johannessen was prone to bouts of heavy drinking. In The Drinker’s Family from 1916, perhaps painted during a period of remorse over his behaviour, the artist here includes two self-portraits, as the young man at the right, and the wrecked alcoholic at the left.

The Morning After (1916) is another self-portrait of Johannessen as a drunkard, his arm around a woman who pokes her tongue out in disapproval of his addiction.

The culmination of this descent is shown in Arturo Michelena’s Charity from 1888, where a pair of charitable bourgeois ladies have arrived at the hovel that is home to a young mother and her small child. Beside the woman, on a small table under the window, are a couple of bottles of her favourite ‘poison’, quite likely absinthe.

It must be almost two years since I last demonstrated some magic tricks involving available and purgeable disk space. At that time, the amount of space involved was a mere 83.71 GB. Today I’m going to show you how I converted 228.16 GB of purgeable space into used space, recovering a lot of my files in the process.

Prior to my iMac Pro’s forced update to Sequoia 15.3.1, described here yesterday, its internal SSD had around 150-160 GB free, with no purgeable space at all. Immediately before installing that update, SoftwareUpdate reported that there was 160.57 GB available. When I had coaxed it back into life, now running 15.3.1, the foot of each Finder window told me there was now “393.72 GB available”. Imagine my surprise/shock/horror that about 240 GB of what had been on that SSD before it was updated had now vanished.

Recalling my previous experience, I selected Macintosh HD in the Finder, and opened the Get Info dialog. That confirmed the situation, stating

• Available 393.72 GB (228.16 GB purgeable)
• Used: 828,672,419,328 bytes (829.67 GB on disk)

A little arithmetic reveals that of the 393.72 GB “available”, only 165.56 GB was actually free at the time, the rest being “purgeable”. Together the truly free and that used “on disk” amounted to 995.23 GB. Adding the 16.16 GB used by other volumes, my Mac’s internal SSD had grown in capacity to 1.011 TB, which made that slightly traumatic update worthwhile after all.

Sadly, Disk Utility wasn’t so impressed. The figures it gave were very different indeed:

• Available: 165.56 GB (none purgeable)
• Used: 818.52 GB + 16.16 GB on other volumes = 834.68 GB
• One snapshot of 7.16 GB

for a total disk size of exactly 1 TB. The figures my own Mints gave were in accord with those from Disk Utility.

Although I much preferred the Finder’s figure of nearly 400 GB of “available” space, I realised that could only come at the cost of purging all that 228 GB of “purgeable” space. As that seemed to include many of my files, I thought it was time to work this week’s magic trick. I therefore restarted the Mac, and all of a sudden purgeable space had vanished, leaving me with only about 165 GB of free space after all.

To remind you of what I found nearly two years ago, after updating to macOS 13.3.1, the Finder found 83.71 GB “purgeable”, and my SSD had then grown to 1.08 TB in size.

That’s two major versions of macOS and almost two years apart, and the Finder still can’t come up with correct figures.

It’s not that long ago that a great many homes in the UK and Europe were heated by open fires. During the 1960s, the house where I lived in the suburbs of London had a single main fireplace burning ‘smokeless’ processed coal throughout the winter months. Even after colour television came in the early 1970s, the National Coal Board was advertising the virtues of open fires in the home. Today’s paintings of interiors show fireplaces and the objects we surrounded them with.

Jules Breton’s Grandfather’s Birthday (1864) shows three generations of a Courrières family living in modest comfort, although their floors are made of bare and worn tiles, furniture is sparse, and the fire is hardly alight. One of the grandchildren is just about to present their grandpa with a simple birthday cake, no icing, as another of the women prepares a celebratory meal in the kitchen. Maybe some firewood might have been a better present. This fireplace has an unusually high mantelpiece, providing just enough room to fit in some cherished plates below the ceiling.

Judging by the thin summer dress worn by the young woman reading in Francis Davis Millet’s Cosey Corner from 1884, the fire burning in this open hearth is primarily to boil water in the large black kettle for her cup of tea. This is a more modern fireplace fabricated in wrought iron. It has a grate to let spent ashes drop into the ash tray underneath, making it simpler to remove them before building the first fire of the day. On either side of the fire are fire dogs, and a kettle is suspended above the glowing embers.

Virginie Demont-Breton’s original painting of The Man is at Sea, above, was completed in or before 1889. This shows a fisherman’s wife warming herself and her sleeping infant by the fire, while her husband is away fishing at sea. It was exhibited at the Salon in 1889, following which it was rapidly engraved for prints. Later that year, Vincent van Gogh saw an image of that painting when he was undergoing treatment in the Saint Paul asylum at Saint-Rémy, and made a copy of it, shown below.

Laurits Andersen Ring’s contrasting The Artist’s Wife and Children, from 1904, shows his wife Sigrid with their young son and daughter, in front of the roaring fire typical of the more affluent middle class home in the early twentieth century. The fireplace is here built into a substantial structure.

Carl Larsson’s Christmas Eve from 1904 shows his large extended family gathering to celebrate in grand style, with a huge turkey, a roaring fire in the large open fireplace, and a cat under the table, trying to get into the party.

William McGregor Paxton’s open fire In the Studio (1905) is appropriately classy and glows confidently in the background. He deliberately defocussed it in what he termed Vermeer’s “binocular vision”. His model is in crisp focus, and as the eye wonders further away from her as the optical centre of the painting, edges and details become progressively more blurred.

Among Douglas Fox Pitt’s views of domestic interiors, Interior with Maid from about 1913 is notable for its display of two of the artist’s collection of paintings by the Camden Town Group. Above the fireplace is Harold Gilman’s Norwegian Street Scene (Kirkegaten, Flekkerfjord) (1913), and above the bright cushion is Charles Ginner’s The Wet Street, Dieppe (1911). The fire is being tended by a maid, and is thoroughly suburban, with tools including a poker at the left. Its mantelpiece is relatively low, and home to a precisely arranged row of ornaments.

Henry Tonks’ Sodales – Mr Steer and Mr Sickert (1930) shows two British painters in their old age: Philip Wilson Steer is dozing in front of the fire while Walter Sickert was visiting him at home in Cheyne Walk, London. This mantelpiece is cluttered with various small objects.

Over the last few years, many have reported that their Macs spontaneously updated or even upgraded macOS when they didn’t expect them to, and often against their wishes. This can occur when Software Update in System Settings has Install macOS updates turned off. Explanations of how Apple appears to be able to override that setting have so far been lacking; this article explains how it happened overnight to my iMac Pro, when it updated itself from Sequoia 15.1.1 to 15.3.1.

Spontaneous macOS update

My story will be familiar to others who have suffered a similar forced update: I came down in the morning to discover my iMac Pro had shut down when I had left it running just seven hours earlier. A little detective work in its log revealed what had happened while I had been asleep.

Although I have kept this iMac Pro up to date with macOS since I first installed Mojave on it on 18 November 2018, it’s growing old and a bit creaky, and the update to Sequoia 15.1.1 on 19 November last year was slightly traumatic, with a series of shutdowns rather than restarts. I therefore decided to leave it running 15.1.1 until I had completed migrating to my Mac mini M4 Pro this Spring.

As a result, it had periodically notified me of updates to 15.2, 15.3, and most recently 15.3.1, each of which I had politely declined. Those notifications became more persistent, and one or two gave me either of two options, to update now, or later that night, and couldn’t otherwise be dismissed. I therefore chose to defer the update until the night, and nothing came of them.

One of those notifications, though, decided to end my procrastination and added a background activity named com.apple.SUOSUScheduler.tonight.install to the DAS-CTS scheduling system. In the small hours of the morning, DAS rescored its list of activities, and decided that it was time to dispatch that task, writing these entries in the log:
01:39:07.463 com.apple.duetactivityscheduler Rescoring all 499 activities [Entered SmartPowerNap]
01:39:07.490 com.apple.duetactivityscheduler 0:com.apple.SUOSUScheduler.tonight.install:3370CB:[{name: Thermal Policy, policyWeight: 5.000, response: {0, 0.20, }}, Decision: CP Score: 0.915843}
01:39:07.490 com.apple.duetactivityscheduler '0:com.apple.SUOSUScheduler.tonight.install:3370CB' CurrentScore: 0.915843, ThresholdScore: 0.162610 DecisionToRun:1
01:39:07.589 com.apple.xpc.activity Initiating: com.apple.SUOSUScheduler.tonight.install (0x7fd1d582a720)

That activated SoftwareUpdate, which ignored my user settings and proceeded to install the update:
01:39:07.589 com.apple.SoftwareUpdate SUOSUTonightObserver: Tonight activity fired!
01:39:07.590 com.apple.powerd Process softwareupdated.308 Created MaintenanceWake "com.apple.SoftwareUpdate.TonightActivityTrigger" age:00:00:00 id:55834610938 [System: SRPrevSleep kCPU]
01:39:07.590 com.apple.SoftwareUpdate SUOSUTonightObserver: Proceeding with updates
01:39:07.590 com.apple.SoftwareUpdate SUOSUServiceDaemon: Chose on-console client: SoftwareUpdateNotificationManager (type = sunm, pid = 698, uid = 501, path = /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager)

It turns out that these ‘DoItLater’ or ‘installTonight’ updates are already well provided for by SoftwareUpdate:
01:39:08.243 com.apple.SoftwareUpdate Successful call to startInstallingDoItLaterUpdates
01:39:08.244 com.apple.SoftwareUpdate SUOSUShimController: Start installing updates: {(<SUOSUProduct: MSU_UPDATE_24D70_patch_15.3.1_minor>)}, options: { DoInForeground = 0; DoItLater = 1; ForceRestart = 0; InitiatingClient = 2; MDMInitiated = 0;}
01:39:08.245 com.apple.SoftwareUpdate SUOSUMobileSoftwareUpdateController: Updating additionalUpdateMetricEventFields: {autoUpdate = false; buddy = false; commandLine = false; ddm = false; installTonight = true; mdm = false; notification = true; settings = false; }

The update process carefully avoided revealing what was about to happen:
01:39:08.362 com.apple.SoftwareUpdate MSU update already prepared, skip showing license agreement
01:39:08.396 com.apple.SoftwareUpdate Skipping showing the SLA
01:39:08.396 com.apple.SoftwareUpdate SUOSUShimController: Updates require post-install action (restart), installing now
01:39:08.396 com.apple.SoftwareUpdate SUOSUShimController: MSU update already prepared
01:39:08.396 com.apple.SoftwareUpdate SUOSUShimController: Download required: 0 (legacy=0, MSU=0)
01:39:08.396 com.apple.SoftwareUpdate SUOSUShimController: Notification manager client, proceeding with countdown notification flow without confirmation
01:39:08.397 com.apple.SoftwareUpdate SUOSUNotificationUpdateService: Install did begin for updates: ( "<SUOSUProduct: MSU_UPDATE_24D70_patch_15.3.1_minor>")

Local authentication was also disabled to ensure that nothing stood in the way of the imminent update:
01:39:08.443 com.apple.SoftwareUpdate SUAppStoreUpdateController: authorize
01:39:08.508 com.apple.SoftwareUpdate SUOSUAuthenticationManager: Disabling local authentication requirement
01:39:08.556 com.apple.SoftwareUpdate SUOSUMobileSoftwareUpdateController: Download finished: (null)
01:39:08.557 com.apple.SoftwareUpdate SUOSURestartCountdownOperation: Successful downloads, proceed to countdown (downloadOnly=0)
01:39:08.561 com.apple.SoftwareUpdate SUOSURestartCountdownOperation: Starting restart countdown
01:39:09.713 com.apple.SoftwareUpdate SUOSUCountdownNotification: seconds remaining: 60
01:40:08.570 com.apple.SoftwareUpdate SUOSUCountdownNotification: seconds remaining: 1
01:40:08.573 com.apple.SoftwareUpdate SUOSUUpdateController: Sending authorization to softwareupdated
01:40:08.598 com.apple.SoftwareUpdate SUOSUUpdateController: Successfully authorized with softwareupdated
01:40:08.953 com.apple.SoftwareUpdate Restarting for software update (forced=0)
01:40:10.958 com.apple.SoftwareUpdate Starting post-logout mode (skipConfirm = 1, reconnectMode = 0, shouldShutdown = 0)
01:40:10.958 com.apple.SoftwareUpdate SUOSUAuthenticationManager: Disabling local authentication requirement
01:40:11.523 com.apple.SoftwareUpdate SUOSUAuthorizationController: Non-interactive authorization succeeded for non-admin user
01:40:11.523 com.apple.SoftwareUpdate SUOSUUpdateController: Sending authorization to softwareupdated
01:40:11.562 com.apple.SoftwareUpdate SUOSUUpdateController: Successfully authorized with softwareupdated
01:40:42.389 com.apple.SoftwareUpdate SUHelper: Rebooting (success = 1, night install = 1, shutdown = 1)
01:40:42.396 com.apple.SoftwareUpdate SUHelper: Preparing for night install

What happened next was unexpected by macOS, though:
01:40:46.875 === system wallclock time adjusted
and that was the last entry in the log until the initial kernel boot entry over five hours later when I started the Mac up:
06:57:24.842 === system boot: 78F481CC-E26F-464C-BEB7-6E26E49DB8DC

At 03:15 and 04:15 that morning, full backups should have been made of the Data and another working volume. Because at that time the Mac was shut down in the middle of a possibly failed update, those backups were never made. Thankfully when it started up just before 07:00 it was able to complete the update and then resumed normal service.

Points of note

• Software update notifications tricked the user into unwittingly agreeing to perform a macOS update.
• That update was expressly against Software Update settings.
• The user was given no second chance to confirm they intended the update to take place.
• The update was scheduled to be performed when the Mac was unattended.
• DAS scheduling and dispatch were unaware of the scheduled backups to be performed later that night, and dispatched the update at a time before those backups were scheduled.
• As the update was scheduled to be performed unattended, no warning was given when it was about to start, and there was no opportunity to delay the update until after backups had been completed.
• Once the update had been scheduled by DAS, the only way to postpone or abort it would have been to shut the Mac down. Activities scheduled by DAS-CTS are hidden from the user, who has neither awareness nor control over them.
• The overall effect is that macOS enforces updates on the user against their express settings, without giving them the opportunity to postpone or abort the update.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5288. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds two new rules for MACOS.TAILGATOR.UPD and MACOS.TAILGATOR.INLASCLDR.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5288.

Sequoia systems only

This update is also available for Sequoia via iCloud. If you want to check that manually, use the Terminal command
sudo xprotect check
then entering your admin password. If that returns version 5288 but your Mac still has an older version installed, you can force the update using
sudo xprotect update

This version is now available via Software Update, softwareupdate, or in SilentKnight as well. If your Mac is running Sequoia and you download it that way, rather than using iCloud, then once it’s installed you’ll need to run the update command for that to take correctly.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

Given the great many paintings commissioned as altarpieces, it’s perhaps surprising that relatively few others depicted Christian altars. When you might expect them to, for example in Nicolas Poussin’s painting of the sacrament of Eucharist, they often avoid it. In this second article showing examples of altars in paintings, I start with one of Raphael’s magnificent frescos in the Stanza della Segnatura of the Vatican Palace.

Traditionally, the first of his series is the Disputa, or Disputation of Holy Sacrament, completed in the period 1509-10. This doesn’t represent what we know as a dispute, but a theological discussion on this aspect of the Christian faith. Its apex contains the Holy Trinity of God the Father (top), Jesus Christ flanked by the Virgin Mary and Saint John the Baptist, with the white dove of the Holy Spirit below. The tier with Christ at its centre represents the elect, a group of the most revered saints, and figures from the Old Testament including Adam, David, Abraham, Moses and possibly Joshua.

The lower tier is earthly, centred on an altar and simple monstrance containing the Holy Sacrament. Seated beside that are the Roman Fathers of the Church, including Gregory, Jerome, Augustine and Ambrose. In the flanks are many other figures who were important to the church at the time. Notable among these is Dante, seen in profile mid-right, with a laurel wreath on his head and red robes.

Altars also feature in several paintings of Joan of Arc (c 1412-1431), patron saint of France and heroine of the French nation.

JAD Ingres painted Joan of Arc at the Coronation of Charles VII, in Reims Cathedral (1854). She stands close to the crown, resplendent in full armour and holding a standard, the two-pointed oriflamme embroidered for her by the women of Orléans, in her right hand. To the right is an altar, on which her left hand is resting. At its back is a triptych altarpiece.

Dante Gabriel Rossetti’s painting of Joan of Arc Kissing the Sword of Deliverance, from 1863, shows Joan kneeling at an altar, where she stares up and into the future, while pressing her lips to her sword. This is one of the few paintings of Joan showing her wearing jewellery.

Altars were central to many coronations and similar acts of dedication.

Friedrich Kaulbach painted his romantic vision of the Coronation of Charlemagne in the nineteenth century. As Pope Leo III raises the imperial crown to place it on Charles’ head, his biographer Einhard records the event in words, at the lower right, and the emperor’s family watch on. Behind the pages and bishops to the right is an ornate altar with a large crucifix.

Edmund Blair Leighton exhibited The Dedication in 1908. A knight and his lady are kneeling before the altar of a country church seeking a blessing on the knight’s sword, presumably before battle. His squire stands outside, tending the knight’s charger.

One of the strangest events depicted at an altar must be Philip Hermogenes Calderon’s most controversial painting, of St Elizabeth of Hungary’s Great Act of Renunciation (1891).

It shows Saint Elizabeth of Hungary (1207-1231) prostrate before an altar, and completely naked, with two nuns and two monks behind her. At present, this painting is so dark that it is hard to see its details. The overlightened image below makes it more clear how shocking this must have appeared at the time.

Edward Reginald Frampton’s Isabella, or the Pot of Basil was probably painted towards the end of the nineteenth century, or possibly in the early twentieth. Taken from the well-known story in Boccaccio’s Decameron, Lisabetta is here kneeling before her pot of basil at an altar, with a crucifix behind.

Of the many wonderful paintings that Harriet Backer made of church interiors, the finest must be Uvdal Stave Church from 1909.

Stave churches were once numerous throughout Europe, but are now only common in rural Norway. Their construction is based on high internal posts (staves) giving them a characteristic tall, peaked appearance. Uvdal is a particularly good example, dating from around 1168. As with many old churches, its interior has been extensively painted and decorated, and this has been allowed to remain, unlike many in Britain which suffered removal of all such decoration.

Backer’s richly-coloured view of the interior of the church is lit from windows behind its pulpit, throwing the brightest light on the distant altar. The walls and ceiling are covered with images and decorations, which she sketches in, manipulating the level of detail to control their distraction. Slightly to the left of centre the main stave is decorated with rich blues, divides the canvas, but affords us the view up to the brightly lit altar, where there’s a painting of the Last Supper. To the left of the stave a woman, dressed in her Sunday finest, sits reading outside the stalls.

Although I often use my free log browser Ulbow daily, and it serves its purpose well, it’s time to move on with changing macOS and its APIs, and do better. Ulbow still relies on the log command tool to get its log extracts, and its front end is thoroughly AppKit.

Apple introduced the Unified log in macOS Sierra back in 2016, and at that time the only way to access it was using the log command tool, which isn’t among those for which it has provided source code. It wasn’t until Catalina in 2019 that Apple provided an API allowing developers to obtain log entries direct. As that wasn’t retro-fitted, the few apps that access the log couldn’t use that on Macs running Mojave or earlier, limiting its usefulness until relatively recently. When I developed Consolation in 2017, and its successor Ulbow two years later in 2019, I therefore continued to rely on the log command tool to obtain log extracts.

By a curious coincidence, SwiftUI was also first released for macOS in 2019, although it has taken an extraordinarily long time to approach maturity. Over the last couple of years it has improved to the point where some outstanding apps like OmniFocus have now abandoned the older AppKit API in favour of SwiftUI.

Last summer I had a first go at writing a potential replacement for Ulbow using the combination of OSLog to give direct access to log entries, and SwiftUI for its interface. At that time I reached an impasse largely as a result of excessive memory use and a memory leak that I was unable to resolve, and concluded that “Ulbow already performs better than LogUI ever could.”

More recently I have returned to that project and accepted that trying to support older versions of macOS before Sonoma is too great an impediment. Calling on some newer features in SwiftUI I have made better progress and, although not entirely continent in its use of memory, I now have an experimental version that I’m using daily. It appears robust and stable, and shouldn’t run away with all your Mac’s memory. Although it currently lacks key features like Find/Search and the ability to copy text from its browser window, it can store log extracts in rich text format.

Its Settings establish defaults common to all new browser windows:

• Subsystem allows you to filter entries by a single predicate for one specified subsystem.
• Period lets you set a default period for log excerpts, given in decimal seconds, so you can set 2.5 seconds if you wish.
• Max entries is the limit of entries to be fetched and displayed. This can be set as high as 20,000 or even more.
• Light Mode will set the app’s windows to Light Mode when you next open the app, if your Mac is also set to run in Light Mode. This allows you to opt out of Dark Mode if you really must.

Window controls let you override the first three of those defaults, and add

• Start, a date and time to start the log excerpt.
• Full Fields, whether to show all fields or just a shortened selection.
• Get Log button to get a log excerpt.
• Save as RTF button to write the log excerpt out to a rich text file.
• The count of entries in the current excerpt.

The end result is, I think, a considerable improvement on Ulbow, in terms of readability, without sacrificing too much space as in Console’s rigid columns.

This experimental release comes with its own PDF documentation, also accessible within the app as its Help book. I’d be very grateful if you could take it out for a spin and see how robust its log engine is, and whether you prefer its new layout for log entries. You can download a copy from here: logui120
Note that it requires a minimum macOS version of 14.6, to ensure that it doesn’t rob your Mac of memory.

Once its engine is reliable, I will add more features, starting with Search/Find support, and the ability to copy entries from its window.

Thank you, and happy logging around.

Most religions centre their ceremonies and worship around a raised horizontal surface, a stone slab, table or platform referred to as an altar. In some pre-Christian religions altars are used for libations, the pouring out of liquid as an offering, and sacrifice. Most Christian churches use them for a collection of symbolic objects such as candles and crucifixes, and the vessels used to celebrate the Eucharist. They can be a modest alcove in a home, or the focus of a grand cathedral. In this and tomorrow’s sequel I offer some examples that are significant in the reading of paintings.

Alfred-Henri Bramtot’s painting of The Death of Demosthenes from 1879 shows the suicide by poisoning of this Greek statesman and orator. His limp body is supported from falling in front of an altar to the god Neptune. At the left edge is the characteristic altar tripod, and the orator’s pen and writing materials are behind it. He charged his pen with poison, and used that to administer it to himself.

This surviving version of Angelica Kauffmann’s Acontius and Cydippe Before the Altar of Diana shows Cydippe in front of an altar to the goddess Diana, with Acontius behind. He holds his ingeniously inscribed apple high above her, apparently waiting for the perfect moment to drop it in front of her. Instead of the altar flame burning at the top of a tripod, it’s here shown in a carved stone slab, at the left. Behind the statue of Diana are two of her priestesses.

In the seventeenth century, Domenicus van Wijnen explored the theme of witchcraft in The Witches’ Sabbath by Moonlight, set in a moonlit Italian landscape. This combines many of the now-classical symbols associated with ‘the dark arts’, and takes place at an outdoor altar set up at the foot of the gallows, on which a dead body hangs. Clustered in front of the altar at the right is a soldier in armour, who is looking in a mirror at the image of another, and a woman who is kneeling and holding a snake in her right hand. The surface of the altar has been prepared with bread and wine, and there is a small chimera by it.

The young prophet Daniel (of lions’ den fame) was King Cyrus the Great’s confidant, according to the book of Daniel. When Cyrus asked Daniel why he didn’t worship the Persian god Bel (Baal), Daniel responded by saying that he worshipped a living god, not a mere idol. Cyrus then claimed that Bel too was a living god, and pointed to the offerings of food and wine that were placed before his statue, and were consumed each night. Daniel remarked cautiously that bronze statues do not eat, which for a moment threw Cyrus. But Daniel had exposed the deception of Bel’s priests.

In this painting of Daniel and Cyrus before the Idol Bel of 1633, Rembrandt has captured Cyrus, standing in the centre, pointing at the food and wine placed on the altar to Bel, whose huge idol is seen rather murkily at the upper right. Behind the modest figure of Daniel are some of the priests who maintained this deception.

Many artists associated with German Romantic and Symbolist movements painted groups of worshippers within ancient trees, often under similar titles to Arnold Böcklin’s Sacred Grove, from 1882. The nine figures here are shrouded in white habits indicating their religious association. On top of a stone altar is a bright flame, at which three of them are bent low and kneeling in obeisance.

Charles William Mitchell’s best-known painting is that of Hypatia, completed and exhibited in 1885. It shows a naked woman, her long tresses clasped to her right breast, leaning back against a carved stone altar, on which there is a crucifix and a bowl, on an altar cloth. She holds her left arm up, her hand open and gesturing towards a mosaic on the wall behind her, and looks anxious.

On either side of the altar are burning candles, long on tall floor-standing candlesticks. The flame of that at the left is being blown towards the altar, implying that a door to the left, in the direction of the woman’s gaze, is open.

The walls are decorated with mosaics; although the images of them shown are only fragmentary, they appear to be of religious motifs. That behind the woman shows a right foot that could be from an image of Christ crucified. A curtained door leads to a room behind the altar. Scattered on the floor are a white robe (presumably removed from the woman), a candlestick holder, and other debris.

A Greek mathematician in Alexandria, Hypatia was a pagan philosopher who headed the Neoplatonic school there. Known for her dignity and virtue, she became embroiled in a bitter feud between Orestes, Roman governor of Alexandria, and Cyril, Bishop of Alexandria, over local Jewish dancing exhibitions. A fanatical Christian mob kidnapped Hypatia, took her to a Christian church, where she was stripped, tortured to death, and her body mutilated and burned.

Although Mitchell may well have been aware of the historical origin of this story, he was probably most influenced by Charles Kingsley’s novel Hypatia, or New Foes with an Old Face, published in 1853. In that version, Hypatia is on the verge of being converted to Christianity when she is attacked by the Christian mob. She is then dragged to a Christian church, stripped naked by the mob, and torn apart under a large image of Christ. Modern criticism of the novel stresses its anti-Catholicism and anti-Semitism.

Making a CPU do more work requires more than increasing its frequency, it needs removal of obstacles that can prevent it from making best use of those cycles. Among the most important of those is memory access. High-speed local caches, L1 and L2, can be a great help, but in the worst case fetching data from memory can still take hundreds of CPU core cycles, and that memory latency may then delay a running process. This article explains some techniques that are used in the CPU cores of Apple silicon chips, to improve processing speed by making execution more efficient and less likely to be delayed.

Out-of-order execution

No matter how well a compiler and build system might try to optimise the instructions they assemble into executable code, when it comes to running that code there are ways to improve its efficiency. Modern CPU cores use a pipeline architecture for processing instructions, and can reorder them to maintain optimum instruction throughput. This uses a re-order buffer (ROB), which can be large to allow for greatest optimisation. All Apple silicon CPU cores, from the M1 onwards, use out-of-order execution with ROBs, and more recent families appear to have undergone further improvement.

In addition to executing instructions out of order, many modern processors perform speculative execution. For example, when code is running a loop to perform repeated series of operations, the core will speculate that it will keep running that loop, so rather than wait to work out whether it should loop again, it presses on. If it then turns out that it had reached the end of the loop phase, the core rolls back to where it entered the loop and follows the correct branch.

Although this wastes a little time on the last run of each loop, if it’s had to loop a million times before that, accumulated time savings can be considerable. However, on its own speculative execution can be limited by data that has to be loaded from memory in each loop, so more recently CPU cores have tried to speculate on the data they require.

Load address prediction

One common pattern of data access within code loops is in their addresses in memory. This occurs when the loop is working through a stored array of data, where the address of each item is at a constant address increment. For this, the core watches the series of addresses being accessed, and once it detects that they follow a regular pattern, it performs Load Address Prediction (LAP) to guess the next address to be used.

The core then performs two functions simultaneously: it proceeds to execute the loop using the guessed address, while continuing to load the actual address. Once it can, it then compares the predicted and actual addresses. If it guessed correctly, it continues execution; if it guessed wrong, then it rolls back in the code, uses the actual address, and resumes execution with that instead.

As with speculative execution, this pays off when there are a million addresses in a strict pattern, but loses out when a pattern breaks.

Load value prediction

LAP only handles addresses in memory, whose contents may differ. In other cases, values fetched from memory can be identical. To take advantage of that, the core can watch the value being loaded each time the code passes through the loop. This might represent a constant being used in a calculation, for example.

When the core sees that the same value is being used each time, it performs Load Value Prediction (LVP) to guess the next value to be loaded. This works essentially the same as LAP, with comparison between the predicted and actual values used to determine whether to proceed or to roll back and use the correct value.

This diagram summarises the three types of speculative execution now used in Apple silicon CPU cores, and identifies which families in the M-series use each.

Vulnerabilities

Speculative execution was first discovered to be vulnerable in 2017, and this was made public seven years ago, in early 2018, in a class of attack techniques known as Spectre. LAP and LVP were demonstrated and exploited in SLAP and FLOP in 2024-25.

Mechanisms for exploiting speculative designs are complex, and rely on a combination of training and misprediction to give an attacker access to the memory of other processes. The only robust protection is to disable speculation altogether, although various types of mitigation have also been developed for Spectre. The impact of disabling speculative execution, LAP or LVP greatly impairs performance in many situations, and isn’t generally considered commercially feasible.

Risks

The existence of vulnerabilities that can be exploited might appear worrying, particularly as their demonstrations use JavaScript running in crafted websites. But translating those into a significant risk is more challenging, and a task for Apple and those who develop browsers to run in macOS. It’s also a challenge to third-parties who develop security software, as detecting attempts to exploit vulnerabilities in speculative behaviour is relatively novel.

One reason we haven’t seen many (if any) attacks using the Spectre family of vulnerabilities is that they’re hardware specific. For an attacker to use them successfully on a worthwhile proportion of computers, they would need to detect the CPU and run code developed specifically for that. SLAP and FLOP are similar, in that neither would succeed on Intel or M1 Macs, and FLOP requires the LVP support of an M3 or M4. They’re also reliant on locating valuable secrets in memory. If you never open potentially malicious web pages when your browser already has exploitable pages loaded, then they’re unlikely to be able to take advantage of the opportunity.

Where these vulnerabilities are more likely to be exploited is in more sophisticated, targeted attacks that succeed most when undetected for long periods, those more typical of surveillance by affiliates of nation-states.

In the longer term, as more advanced CPU cores become commonplace, risks inherent in speculative execution can only grow, unless Apple and other core designers address these vulnerabilities effectively. What today is impressive leading-edge security research will help change tomorrow’s processor designs.

Further reading

Wikipedia on out-of-order execution
Wikipedia on speculative execution
SLAP and FLOP, with their original papers

As Ovid reaches the end of Book Twelve of his Metamorphoses, Nestor is still telling stories to the feast in honour of Achilles’ victory over Cycnus in the Trojan War. He has just completed the long and colourful story of the battle between the Lapiths and the Centaurs at the wedding of Pirithous and Hippodame.

Tlepolemus, the son of Hercules (Heracles), is offended that Nestor hasn’t mentioned his father in his stories, to which Nestor points out his hatred for Hercules. Nestor says that he’s the only survivor of twelve sons of Neleus, Hercules having destroyed all the others. Nestor then goes on to tell of the strange death of his brother Periclymenus, who had been given the power of shape-shifting by Neptune. After Periclymenus had torn the face of Hercules and had flown away as an eagle, Hercules’ arrow severed the sinews of his wings. When he fell to earth, the arrow was driven into his neck, killing him.

Ovid then jumps to the closing months of the Trojan War, writing that Neptune’s hatred of Achilles has not gone away. Seeing the Greeks are about to conquer the city, Neptune speaks with Apollo, seeking a way to kill Achilles at last. As Neptune cannot face him in combat, Apollo agrees to use his skills as an archer to bring about the warrior’s death.

Apollo goes down to the walls of Troy, where he finds Paris (Alexander), whose abduction of Helen had started the war, shooting arrows almost at random. The god reveals himself and offers to help him make his shots more effective by aiming them at Achilles. Apollo assists Paris and his arrow, to ensure that it reaches its target; Achilles falls, mortally wounded, as a result.

Of those who have painted this, it was Peter Paul Rubens who has told the story most vividly, in a series on Achilles that he completed between 1630-35, towards the end of his own career and life. This painting of The Death of Achilles is an oil sketch on a smaller panel.

Achilles, an arrow piercing straight through his right foot, is shown in the centre foreground, overtly moribund. But Rubens doesn’t place Achilles in battle, as does Ovid: he has been standing at a small altar to the goddess Diana, with her strong association with archery. At the door to the left, Paris is still holding the bow that loosed the arrow, and behind him is Apollo aiding and abetting in the killing.

Rubens’ finished painting of The Death of Achilles adheres faithfully to that sketch. Achilles’ face is deathly white, and this brings to life the supporting detail, particularly the lioness attacking a horse at the lower edge of the canvas, symbolising Paris’s attack on Achilles.

Much later, Alexander Rothaug’s undated Death of Achilles is true to the original accounts, with the arrow passing through the Achilles tendon. Paris, still clutching his bow above, looks mortified, and Apollo stands behind him.

Henry Fuseli’s Thetis Lamenting the Death of Achilles (1780) is less straightforward to read. In the foreground, Achilles’ body lies like a fallen statue on his shield, his great spear by his left side. There is no sign of any wound, arrow, or injury. At the water’s edge, his mother Thetis is waving her arms in lament for her dead son. Another deity is flying past in the distance, and is seen white against the dark and funereal sea and sky.

Ovid is quite vague as to how Achilles died, other than telling us it was from an arrow shot by Paris. Since that account in his Metamorphoses, a new myth has flourished, giving a more familiar explanation. When Achilles was a young child, his mother Thetis immersed him in the water of the river Styx, to make him invulnerable. However, she had to hold him by part of his body, the left heel, which was therefore left as his only weakness, hence his Achilles Heel. This was first recorded in the poetry of Statius, in the first century CE.

Rubens included this oil sketch in his Achilles series, showing Thetis Dipping the Infant Achilles into the River Styx (1630-35). This is taking place in the foreground, while in the middle distance Charon is seen ferrying the dead across the River Styx into the Underworld. Rubens complies with Statius’ story in making Achilles’ left heel the one left vulnerable.

Nearly thirty years after Rubens’ death, Jan-Erasmus Quellinus painted his version of Thetis Dips Achilles in a Vase with Water from the Styx (1668). It’s set not on the bank of the River Styx, but at a temple, where Achilles undergoes a baptismal procedure in a a huge pot, at the lower left. Thetis appears to be holding the infant, who is almost completely immersed, by his left foot, again in compliance with Statius. Quellinus has engaged in a little intentional Christianisation of this myth, which may also have made it seem more familiar to those who saw it.

Antoine Borel’s more traditional account of Thetis Immerses Her Son Achilles in Water of the River Styx was painted at least a hundred years later, in the late eighteenth century, and again has Thetis hold Achilles by his left foot.

Unusually for Rubens, though, his paintings of the death of Achilles show the arrow transfixing his right foot, not the left. That was a necessity by virtue of its composition, although Rubens could just as easily have reversed his drawing to achieve consistency with this detail.

With Achilles on his funeral pyre, Ovid closes the book as King Agamemnon calls his warriors to meet, to decide who should be awarded Achilles’ shield and arms, in the opening of book thirteen.

I hope that you enjoyed Saturday’s Mac Riddles, episode 296. Here are my solutions to them.

1: No amateur volume has gone from Yonah to M4 Max.

2: Prophetic revelation is in favour of spatial computing.

3: The first desktop with Apple silicon took six months to release.

The common factor

I look forward to your putting alternative cases.

Last week I attempted to draw distinction between the different systems that control access to files and folders, from permissions to privacy settings. This article continues with a more detailed account of how Privacy & Security works, through the macOS Transparency, Consent and Control (TCC) system. Its settings are probably the most extensive and complicated of all System Settings, and grow worse with each new version of macOS.

Many of the controls in Privacy & Security settings refer not to folders on your Mac, but concern access to private data or sensitive hardware. The list of folders and volumes that have restricted access in macOS Sequoia is extensive:

• ~/Desktop
• ~/Documents
• ~/Downloads
• iCloud Drive
• third-party cloud storage, if used
• removable volumes
• network volumes
• Time Machine backups.

Consent and intent

Apple’s approach to privacy is founded on two basic user controls: user consent, and user intent. These are fundamentally different, and are used in different types of protection.

For an app to gain access to its built-in camera, the app has to ask to use it, and macOS then has to ask you to give your consent to that request. Although that dialog may seem tedious and even pointless, the decision is yours and not the app’s or that of macOS. If the app is for web conferencing, then the dialog may seem pointless: after all, what’s the point of opening the app if it can’t have access to your camera? But you’ll sometimes be surprised at which apps want camera access. If you simply click through every consent dialog, then you won’t catch rogue or malicious apps.

Protected locations are different. You might want almost any app to save a document you’ve been editing in your ~/Documents folder, or on a removable volume. So when you use the File Save dialog, you expect macOS to give the app that ability, by expressing your intent. Apps may access files in other ways, in which your intent isn’t expressed: a search tool might want to look in all the files in your ~/Documents folder, but you can’t express your intent for every one. So access to protected locations may require user intent or consent.

The result for protected locations generally appears in two settings:

• individual folders are set in Files & Folders,
• system-wide access is set in Full Disk Access.

You can’t add apps directly to Files & Folders, but you can give them Full Disk Access. The difference is in how they work.

Files & Folders

Take an example, my virtualiser Viable, which doesn’t do anything privacy-related, but does provide access to some protected folders. When first installed, it has no entry in Privacy & Security. When I try to run a VM, that accesses some protected folders. As I don’t select them in a file open or save dialog, or by drag-and-drop, I don’t express my intent to access those folders. When Viable tries to do so, I’m prompted to give consent for it to access the Downloads and Desktop folders.

If I agree to those, Files & Folders is changed, adding Viable to its list, with access to those two folders enabled. If I don’t like that, or trash that app, then it’s up to me to delete its settings there. Otherwise, the next time it won’t prompt me, as I’ve already given my consent.

In the case of Files & Folders settings, you don’t have to quit the app and open it again for these changes to take effect.

Full Disk Access

Instead of doing that, you could decide to give the app Full Disk Access, which goes far beyond those two folders. In most cases, you should avoid giving everything Full Disk Access, as you could then be caught out by a rogue app. This works differently in that you have to open Privacy & Security settings, and in the Full Disk Access list, click on the + tool at the bottom left to select the app and add it.

Unlike Files & Folders, if you change its setting while the app is running, you’ll need to quit the app for the change to register and take effect.

Once that’s done, my app is listed in the Full Disk Access section. You could then disable Full Disk Access, even delete the app from here, although in both cases that needs the app to be closed and re-opened for the change to take effect.

Single files

There’s a third possibility we haven’t seen here: what if I want to use an app to edit files in a protected folder like ~/Documents? So long as I show my intent using features like file open and save dialogs, then that should go unchallenged, and you won’t be asked to give consent for the app privacy settings to be changed.

Command tools

This is fine for regular apps, but what about command tools, as they don’t have a GUI interface? Here the rules are applied through an attribution chain, based on which app called the tool to be run. In most cases, that means Terminal’s privacy settings. So if you want tools there to have access to protected folders, you’ll normally need to give consent by adding Terminal to Full Disk Access settings.

Exceptions

Unfortunately, macOS also applies some additional restrictions on locations that can be used for specific actions. For example, you can use the log collect command to save a copy of the Unified log to a logarchive for later analysis, but if you specify a path to an external disk, then the command fails, as it can’t be saved on external storage. You can, however, save the logarchive to internal storage, then move or copy it to external storage.

Summary

Rules for access to protected folders:

• If the user shows explicit intent, access is normally granted.
• If the app performs access without the user showing explicit intent to use a file in a protected folder, and the app doesn’t have Full Disk Access, then the user is prompted and that app added to the Files & Folders list to allow access to that specific folder.
• If the app needs consent for more general access, give it Full Disk Access.
• For command tools, treat Terminal as setting their access.
• Privacy controls work on top of permissions; if you or your app don’t have permissions, then privacy can’t overrule that.

This is the second of this weekend’s two articles in which the artists and paintings of Ukraine tell their own story. Each of the links given takes you back to the series of articles I compiled here a couple of years ago.

By the end of the nineteenth century, Ukrainian art schools were at last training the Ukrainian artists of the future, who were able to make their own styles and develop distinctive movements. Among them were some who went on to earn a place internationally. Unfortunately, history conspired to change all this in the political unrest around the October 1917 Revolution in Russia, and through two World Wars. As a result, the lives of many Ukrainian artists were brought to an early end, by disease, starvation, or execution. A large proportion of their output has been deliberately suppressed, hidden away in collections of banned works, destroyed, or looted.

Mykola Pymonenko (1862–1912) was born in a village outside Kyiv and started his training in his father’s icon workshop in the city, prior to his discovery by Mykola Murashko of the Kyiv Art School, where he trained before heading off to Saint Petersburg. He returned to Kyiv in 1884 to teach and to paint in the Naturalist style that was so popular at the Salon in Paris at the time. It was he who perhaps painted the first distinctively Ukrainian works that drew on local themes such as Paska at Easter, traditional weddings and the grain harvest. Kazymyr Malevych was among his pupils.

Mykola Pymonenko

Many Ukrainian artists had depicted Zaporozhian Cossacks, and they remained a favourite theme for Ilia Repin right up to his death, but the first prominent specialist national history painter was Mykola Ivasyuk (1865–1937), who was born and brought up in Zastavna in western Ukraine when it was still part of the Austro-Hungarian Empire. He therefore trained at the Academy of Fine Arts in Vienna, but chose to spend much of his career in Chernivtsi and Kyiv, where he also taught.

During the nineteenth century, the evolution of painting in Ukraine had largely been constrained by the orthodoxy of the Imperial Academy, and the supply of Russian patrons. As its own art schools flourished, and support for the arts grew, the pace of progress rose rapidly in Ukraine. The first decade of the twentieth century saw Ukrainian artists in the same avant garde as those in France and the rest of Europe, until the First World War and the October 1917 Revolution.

The war threw Ukraine into the midst of the conflict between Austro-Hungary and Russia, with Ukrainians fighting one another on behalf of two different empires. Then from 1917 onwards, the country lapsed in and out of complete chaos. By 1920, many Ukrainian artists had been forced to leave, or were intending to do so.

For painters like Ivasyuk, the world changed too rapidly. Initially he was commissioned to design postage stamps, then in 1926 he was made a professor at the Kyiv Art Institute. In a few years he had been moved away to Odesa as a result of political criticism. In the autumn of 1937, he was arrested, convicted of terrorism on the basis of his history paintings, and was shot by a firing squad at the age of seventy-two. Many of his paintings were confiscated or destroyed in a bid to erase him and his work completely.

Mykola Ivasyuk

Viktor Zarubin (1866–1928) was born in Kharkiv, trained under Arkhyp Kuindzhi, and painted extensively in Ukraine and northern France.

Viktor Zarubin

Ivan Trush (1869–1941) was born in Vysotsko, to the north-east of Lviv. He settled in the city, where he was involved in the establishment of Lviv National Museum. He was a prominent portraitist, and painted Impressionist landscapes.

Ivan Trush

Petro Nilus (1869–1943) was born in Balta, in south-west Ukraine, and moved to Odesa, where he studied under Kyriak Kostandi. He was active in Odesa for much of his career until moving to Paris in 1920.

Petro Nilus

Mykola Burachek (1871-1942) was born in Letychiv, western Ukraine, and trained under Khariton Platonov in Kyiv. He taught in Kyiv from 1917, then in Kharkiv from 1925. He died there during its Nazi occupation.

Mykola Burachek

Oleksandr Murashko (1875–1919) was born in Kyiv, where he became a major figurative painter. He taught there from 1909, and was a co-founder of the Ukrainian State Academy of Arts. He was shot dead by a street gang.

Oleksandr Murashko

Kazimierz Sichulski (1879–1942) was born in Lviv. He travelled in the Carpathian Mountains from 1905, where he painted Hutsul peoples. He taught in Lviv from 1918, then in Kraków, Poland from 1930, before returning to Lviv in 1939.

Kazimierz Sichulski’s Galician Landscapes 1
Kazimierz Sichulski’s Galician Landscapes 2

Fedir Krychevskyi (1879–1947) was born in Lebedyn, near Sumy in north-east Ukraine. He studied with Gustav Klimt in Vienna before returning to teach in Kyiv in 1914, where he was appointed Rector of the Ukrainian State Academy of Arts. He remained in Kyiv during the Second World War, but was arrested by Soviet forces in 1943, and died of starvation in Irpin during the famine of 1947.

Fedir Krychevskyi

Kazymyr Malevych (1879–1935) was born in Kyiv of Polish descent, where he started his studies. He became a Cubo-Futurist by 1912, then went on to Suprematism. He taught at Kyiv Art Institute from 1928 alongside Oleksandr Bohomazov, but was sacked from there in 1930, was arrested by the KGB and threatened with execution.

Kazymyr Malevych

Oleksandr Bohomazov (1880–1930) was born in Yampil, near Lyman in east Ukraine. He trained under Mykola Pymonenko at the Kyiv Academy of Arts from 1902, alongside Oleksandra Ekster and the sculptor Oleksandr Arkhypenko who were to play major roles in the development of modernist art in Ukraine and Europe. After a period studying in Moscow, he returned to Kyiv in 1908, where he became one of the leaders of the avant garde. In 1914 he wrote an innovative treatise on modern painting that formed the basis of his teaching at the Kyiv Art Institute from 1922.

Oleksandr Bohomazov

Like Ivasyuk, Mykhailo Boichuk (1882-1937) came from Galicia in Austro-Hungary, where he was born to the south of Ternopil, but trained first in Lviv then in the Academy of Fine Arts in Kraków, Poland. He returned to Lviv in 1910, where he developed a novel style, unique to Ukraine, known as Monumentalism or Boichukism, which brings together traditional Byzantine icon painting and the pre-Renaissance. This enjoyed recognition and popularity during the 1920s, when there were more than two dozen visual artists creating commissioned works for public buildings throughout Ukraine. After the October 1917 Revolution he was a co-founder of the Ukrainian State Academy of Arts.

Boichuk and his colleagues fell from grace during Stalin’s Great Purge of 1937, when he was accused of being a bourgeois nationalist. For that, he, his wife and many of his colleagues were executed that year, and most of their work destroyed. They weren’t the last to die for their art, either: in 1946, for instance, Ivan Ivanets, director of the Lviv Art Gallery, was kidnapped and killed in Russia.

Mykhailo Boichuk

Expatriates of this period include Oleksandr Shevchenko, Oleksandra Ekster, Arnold Lakhovskyi, Wladimir Baranoff-Rossiné and Abraham Mintchine.

Oleksandr Shevchenko (1882-1948) was born in Kharkiv, and painted for much of his career in Moscow.

Oleksandr Shevchenko

Oleksandra Ekster (1882–1949) was born in Poland in a Belarusian family but trained under Mykola Pymonenko in Kyiv, where she launched her career. She lived in Paris from 1906, where she developed Cubo-Futurism before returning to Kyiv in 1914, where she opened an art school in 1918. She then went to Odesa before going to Moscow, and migrated to Paris in 1924.

Oleksandra Ekster

Arnold Lakhovskyi (1880–1937) was born in Chornobyl, in north Ukraine. He trained in Odesa and Munich, and moved to Paris in 1925, then to New York City in 1933, where he was a successful portraitist.

Arnold Lakhovskyi

Wladimir Baranoff-Rossiné (1888-1944) was born in Kherson, and studied in Odesa. He moved to Paris in 1910. During the First World War he lived in Nordic countries, then taught in Moscow in 1920. He was a prolific inventor, whose inventions include the optophonic piano, and he was an early developer of military camouflage. He moved back to Paris in 1925, where he was arrested by the Gestapo in 1943, and he died in Auschwitz.

Wladimir Baranoff-Rossiné

Abraham Mintchine (1898-1931) was born in Kyiv, where he studied at its Art School and with Oleksandra Ekster. He left for Berlin in 1923, then lived in Paris from 1925, where he painted prolifically before he died suddenly in 1931.

Abraham Mintchine

Despite attempts at their assimilation, control and waves of destruction under a succession of empires, painting in Ukraine has somehow flourished as a result of the dedication of this succession of artists. Long may the artists, teachers and art collections of Ukraine flourish.

References

Andrey Kurkov and others (2022) Treasures of Ukraine, A Nation’s Cultural Heritage, Thames & Hudson. ISBN 978 0 500 02603 8.
Konstantin Akinsha and others (2022) In the Eye of the Storm, Modernism in Ukraine 1900-1930s, Thames & Hudson. ISBN 978 0 500 29715 5.