Normal view
surge 6.0 又来割韭菜
Solutions to Saturday Mac riddles 316
I hope that you enjoyed Saturday’s Mac Riddles, episode 316. Here are my solutions to them.
1: From PageRank and 10^100 to a set of letters.
Click for a solution
From PageRank (Google Search was founded on the patented PageRank algorithm for ranking search results) and 10^100 (its name is derived from the very large number googol, 10 to the power of 100) to a set of letters (in 2015 it restructured under the ownership of Alphabet Inc.).
2: A hooligan went from directory to search then declined into finance and news.
Click for a solution
Yahoo!
A hooligan (a yahoo) went from directory (it started as a curated web directory) to search (followed by a search engine) then declined into finance and news (what now remains).
3: After changing name three times, this directory has gone wavy.
Click for a solution
DMOZ
After changing name three times (originally GnuHoo, it then became NewHoo, almost ZURL, next Open Directory Project, before becoming DMOZ), this directory (it was a human-curated web directory) has gone wavy (DMOZ was superseded by Curlie in 2018).
The common factor
Click for a solution
They have been web directories or search engines.
I look forward to your putting alternative cases.
Mac 本地网络权限设置里面全是 Chrome……
Saturday Mac riddles 316
Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.
1: From PageRank and 10^100 to a set of letters.
2: A hooligan went from directory to search then declined into finance and news.
3: After changing name three times, this directory has gone wavy.
To help you cross-check your solutions, or confuse you further, there’s a common factor between them.
I’ll post my solutions first thing on Monday morning.
Please don’t post your solutions as comments here: it spoils it for others.
Mac 端最好用的邮件软件是什么?
Mac 端最好用的邮件软件是什么? 看到很多人都不用自带的邮件,不知道是为什么,请教一下大家。
What happened to XProtect this week?
This week’s security data updates were quite a surprise. We’ve grown accustomed to Apple tweaking XProtect’s data most weeks, but this week was a bit different, and came with an update to XProtect Remediator as well, the first in four months. This article explores what they have brought.
Although this security data all goes under the name of XProtect, there are three different protection systems involved.
The traditional XProtect contains a set of ‘Yara’ rules used when performing Gatekeeper scans of new executable code, most notably when a quarantined app is first run, although recent macOS also runs XProtect checks on other occasions. Those rules are used to determine whether the code being scanned is known to be malicious, and if it’s found to be positive, macOS refuses to run that code and you’re told to trash the app.
XProtect Remediator only runs in Catalina and later, where it performs daily background scans to detect and remove software it believes to be malicious. It currently contains 24 separate scanning modules, each designed to detect and ‘remediate’ a different family of malware. Some of its modules also use the detection rules in traditional XProtect, so are improved by regular XProtect data updates. Surprisingly, if XProtect Remediator detects and removes malware, you aren’t notified, although that is recorded in the log and reported as an Endpoint Security event that can be detected by some third-party security software.
Inside the XProtect Remediator app are two files used by the third XProtect, which detects potentially malicious activity such as tampering with parts of a browser’s files. This is therefore referred to as XProtect Behavioural, or by the name it gives to the detection rules it uses, Bastion. Unlike the other two XProtects, this doesn’t rely on performing static checks, but is watching constantly for malicious activity. Although it records that in its local database, at present it doesn’t inform the user, but reports the activity to Apple, to help it acquire intelligence to improve the battle against malware.
XProtect
XProtect version 5304, provided by Apple on 8 July, makes substantial changes to its Yara detection rules to add what appears to be a new family of malware, code-named Bonzai. New rules refer to five different forms, which are most likely to be different components in the same malware, or separate variants, named Bonanza, Barricade, Blaster, Bonder and Banana. It’s likely that independent security researchers will identify these in the coming days, but for the moment the public name of this malware isn’t known.
Looking through these new Yara rules, they look most likely to be for a ‘stealer’, a type of malware that’s currently prevalent, and steals your secrets to send them to a remote server. There are references to Chrome, Brave, Edge and Firefox extensions, and most interestingly some of the malware has been compiled from code written in the Go language, which is becoming popular in cross-platform malicious code.
The last times that Apple added detection rules as substantial as these were in XProtect version 5284 for Adload and Bundlore, and in 5269 for Dolittle, each being major threats.
Bastion
Until now, the behavioural rules used by Bastion have evolved steadily, and the most rules added in one release has only been two, when XProtect Remediator version 123 came with rules 8 and 9, and changes to rule 7, back in January 2023. This update brings four new rules:
- Rule 14 detects sending AppleEvents to Safari, Firefox or Chrome.
- Rule 15 detects sending AppleEvents to the Finder or Terminal.
- Rule 16 detects Mach lookups for com.apple.pasteboard.1.
- Rule 17 detects writing shell files hidden in ~/ or /etc, such as ~/.zlogin, or /etc/zlogin.
The first two may be intended to detect AppleScript being used to control those browsers, the Finder or to run scripts in Terminal. Rule 16 may also be related to Apple’s recent announcement on controlling access to the pasteboard in macOS 26. Rule 17 concerns settings files commonly used by command shells, readily seen if you reveal hidden files for your Home folder.
These may well be related to Bonzai, and enable Apple to get a better idea of what is going on out here in the wild, and focus its efforts in improving its detection.
XProtect Remediator
Once samples of malware have been obtained, developing and testing new Yara rules to detect it is relatively quick, and often uses AI to accelerate the process. Writing a new scanning module for XProtect Remediator is more complicated, and takes more time. It may well be that an additional Bonzai scanner is already on its way, and might be delivered in a further update in the next couple of weeks, perhaps with some fine-tuning of the new Bastion rules. I’ll be keeping a lookout for those.
Above all, it will be interesting to see what changes are made in third-party security software, and how well those tackle what appears to be novel malware for macOS.
What does RunningBoard do? 1 App launching
As Macs are computers, when they become overloaded with demands on their resources, they can slow down to a crawl. When Apple was developing its first iPhone it realised that wouldn’t work with a phone, so built safeguarding systems into iOS to ensure their continuing smooth function. When Apple was preparing for the transition from Intel Macs to using its own chips, it decided to bring similar safeguards to the management of their resources. These arrived in macOS 10.15 Catalina with the introduction of RunningBoard.
Launching apps in macOS had become increasingly complex, and required more than just running the executable using launchd
. For an app to have its GUI, the code it uses has to be wired up with parts of macOS that run the GUI such as WindowServer. When it’s launched, its window(s) have to be created and brought into focus, in front of other windows. It needs its preference file opened, to be added to the Recent Items list, and for a list of its recently opened documents to be made available to its Open Recent menu command. Those latter services have been provided by LaunchServices, and to enable them it maintains a database of exhaustive details about every app it knows.
Prior to Catalina, it was LaunchServices that coordinated many of these aspects of launching an app from the Finder. Since then it has been handing more over to RunningBoard, while retaining many of its functions. RunningBoard has come to monitor and manage the entire life cycle of apps, from launch to exit. For regular macOS apps, its life cycle management remains supervisory, but for some, including Catalyst apps and those built for iPadOS, RunningBoard can manage and control their allocation of resources such as memory and access to the GPU.
As one of the newer and more pervasive services in macOS, RunningBoard writes a lot of detail in the log, indeed it’s garrulous almost to the point of excess. Although Apple documents almost nothing about its background service runningboardd
except stating that it’s “a daemon that manages process assertions to ensure those processes are kept in the appropriate state while assertions are in effect”, and its information about LaunchServices is terse and largely deprecated, we can learn a great deal from the log.
I’ll start this series of articles by explaining how RunningBoard first gets involved in launching an application. I have recently summarised its key stages in the following diagram.
Here, for the sake of simplicity, I’m going to ignore the security side completely, so we’ll assume this app isn’t quarantined, has been run recently in this session, is notarised, and hasn’t changed its CDHashes since it was last run.
As soon as LaunchServices is informed of the action to open the app, it announces it will be launched through RunningBoard, a change from its previous behaviour in Catalina, where LaunchServices did more of the work at the start of the launch process. RunningBoard receives the launch request from CoreServices, and ‘acquires’ an ‘assertion’ targeting the app, with a description to launch the app in a User Interactive role.
RunningBoard works using these assertions, a type of declaration of an intention or intended event. Its next major task is to create a job description, which it helpfully writes to the log as a dictionary. This is a mine of useful information, and has replaced the copious data compiled by LaunchServices in the past. This includes:
- a dictionary of Mach services
- whether Pressured Exit is enabled
- a full listing of environment variables, such as TMPDIR, SHELL, PATH
- RunningBoard properties including another TMPDIR
- whether to materialise dataless files.
A full example is given in the Appendix at the end. If you ever want to obtain a similar summary for an app, just launch it and inspect log entries from the com.apple.runningboard subsystem for the first second or two after launch.
Shortly after that launchd
announces that it will start (spawn) the app, and the user ID (UID) is obtained by OpenDirectory, confirming that ‘divined’ earlier by RunningBoard. This allows launchd
to complete spawning the app, and RunningBoard to decide whether it will be managed, in terms of memory and other resources. RunningBoard goes through further preparations before declaring whether the process is subject to GPU, CPU or memory limits.
LaunchServices creates the ‘pending’ application, and a new LSApplication object for it. But it also expects the imminent death of the app, in two entries that might appear surprising:com.apple.launchservices DEATH: Expecting to hear about the death of app App:"AsmAttic" asn:0x0-5b05b pid:3083 refs=4 @ 0x55402ae00, adding to sRunningBoardDeathNotificationsSetRef (pid=3083}.
com.apple.launchservices DEATH: Listening for death via runningboard notification for pending application, pid=3083.
Its fears are unfounded, though, and RunningBoard continues to receive assertions as the launch proceeds. Eventually you should see log entries confirming success:com.apple.launchservices LAUNCH: Starting application with ASN 0x0-0x5b05b co.eclecticlight.AsmAttic because it was launched and still stopped.
com.apple.processmanager LAUNCH: 0x0-0x5b05b co.eclecticlight.AsmAttic starting stopped process.
com.apple.launchservices LAUNCH: Sending 0x0-0x5b05b 3083 co.eclecticlight.AsmAttic a SIGCONT to get process started ( it was launched in the stopped state )
This is the cue for launchd
to ‘uncork’ the executable and create the processlaunchd pid/3083 [AsmAttic] uncorking exec source upfront
launchd pid/3083 [AsmAttic] created
After that, you should see log entries from the app at last, retrieving the UID and loading its preferencesAsmAttic Retrieve User by ID
AsmAttic Loading Preferences From User CFPrefsD
Key points
- RunningBoard monitors and may manage the life cycle of apps, from launch to exit, and does so by acquiring assertions about the app’s status.
- RunningBoard now plays an active part in app launch, and fills the log with its entries.
- Soon after the start of the launch process, its job description is a mine of useful information about the app being launched.
- It’s normal for app launch entries to expect the app’s imminent death before it’s launched successfully.
- Don’t be surprised or concerned to see RunningBoard mentioned in early crash reports.
Appendix: Example RunningBoard job description
<dictionary: 0x896c7dda0> { count = 23, transaction: 0, voucher = 0x0, contents =
“Platform” => <int64: 0x9f2093afcb6817e7>: 1
“ProcessType” => <string: 0x896c70de0> { length = 3, contents = “App” }
“EnableTransactions” => <bool: 0x1fd757390>: false
“_ManagedBy” => <string: 0x896c72490> { length = 22, contents = “com.apple.runningboard” }
“CFBundleIdentifier” => <string: 0x896c729a0> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“_ResourceCoalition” => <string: 0x896c71740> { length = 61, contents = “app<application.co.eclecticlight.AsmAttic.753771.753789(501)>” }
“_DisablePointerAuth” => <bool: 0x1fd757370>: true
“ThrottleInterval” => <int64: 0x9f2093ac3497e817>: 2147483647
“MachServices” => <dictionary: 0x89696b120> { count = 0, transaction: 0, voucher = 0x0, contents =
}
“EnablePressuredExit” => <bool: 0x1fd757390>: false
“LimitLoadToSessionType” => <array: 0x896c70c90> { count = 2, capacity = 8, contents =
0: <string: 0x896c71680> { length = 4, contents = “Aqua” }
1: <<string: 0x896c71920> { length = 11, contents = “LoginWindow” }
}
“InitialTaskRole” => <int64: 0x9f2093afcb6817ff>: 2
“EnvironmentVariables” => <dictionary: 0x896c7e220> { count = 12, transaction: 0, voucher = 0x0, contents =
“__CF_USER_TEXT_ENCODING” => <string: 0x896c72df0> { length = 13, contents = “0x1F5:0x0:0x2” }
“TMPDIR” => <string: 0x896c722e0> { length = 49, contents = “/var/folders/x4/x00kny5x0_5dsnmmxhtw6hc80000gn/T/” }
“SHELL” => <string: 0x896c715f0> { length = 8, contents = “/bin/zsh” }
“HOME” => <string: 0x896c72370> { length = 14, contents = “/Users/hoakley” }
“SSH_AUTH_SOCK” => <string: 0x896c71b60> { length = 51, contents = “/private/tmp/com.apple.launchd.kofHVtGWoW/Listeners” }
“LOGNAME” => <string: 0x896c723d0> { length = 7, contents = “hoakley” }
“PATH” => <string: 0x896c70ae0> { length = 29, contents = “/usr/bin:/bin:/usr/sbin:/sbin” }
“XPC_SERVICE_NAME” => <string: 0x896c71560> { length = 16, contents = “com.apple.Finder” }
“__CFBundleIdentifier” => <string: 0x896c72c10> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“COMMAND_MODE” => <string: 0x896c72070> { length = 8, contents = “unix2003” }
“USER” => <string: 0x896c726a0> { length = 7, contents = “hoakley” }
“XPC_FLAGS” => <string: 0x896c725e0> { length = 3, contents = “0x0” }
}
“_AdditionalProperties” => <dictionary: 0x896c7e100> { count = 1, transaction: 0, voucher = 0x0, contents =
“RunningBoard” => <dictionary: 0x896c7eb20> { count = 4, transaction: 0, voucher = 0x0, contents =
“TMPDIR” => <string: 0x896c72820> { length = 49, contents = “/var/folders/x4/x00kny5x0_5dsnmmxhtw6hc80000gn/T/” }
“HOME” => <string: 0x896c72430> { length = 14, contents = “/Users/hoakley” }
“RunningBoardLaunchedIdentity” => <dictionary: 0x896c7f1e0> { count = 5, transaction: 0, voucher = 0x0, contents =
“AJL” => <string: 0x896c727c0> { length = 51, contents = “application.co.eclecticlight.AsmAttic.753771.753789” }
“TYPE” => <int64: 0x9f2093afcb6817e7>: 1
“AUID” => <uint64: 0x9fa093afcb681847>: 501
“EAI” => <string: 0x896c717d0> { length = 25, contents = “co.eclecticlight.AsmAttic” }
“PLAT” => <uint64: 0x9fa093afcb6817e7>: 1
}
“RunningBoardLaunched” => <bool: 0x1fd757370>: true
}
}
“ExitTimeOut” => <int64: 0x9f2093afcb6817e7>: 1
“Label” => <string: 0x896c70ea0> { length = 51, contents = “application.co.eclecticlight.AsmAttic.753771.753789” }
“WaitForDebugger” => <bool: 0x1fd757370>: true
“MaterializeDatalessFiles” => <bool: 0x1fd757370>: true
“WorkingDirectory” => <string: 0x896c72760> { length = 1, contents = “/” }
“_LaunchType” => <int64: 0x9f2093afcb6817f7>: 3
“AbandonProcessGroup” => <bool: 0x1fd757370>: true
“ProgramArguments” => <array: 0x896c71080> { count = 1, capacity = 8, contents =
0: <string: 0x896c716b0> { length = 50, contents = “/Applications/AsmAttic.app/Contents/MacOS/AsmAttic” }
}
“Program” => <string: 0x896c71c20> { length = 50, contents = “/Applications/AsmAttic.app/Contents/MacOS/AsmAttic” }
}
-
The Eclectic Light Company
- Apple has just released major updates to XProtect and XProtect Remediator
Apple has just released major updates to XProtect and XProtect Remediator
Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5304, and to XProtect Remediator for all macOS from Catalina onwards, to version 152. As usual, Apple doesn’t release information about what security issues these updates might add or change.
Yara definitions in this version of XProtect add two private rules for Shebang, to match shell scripts by ‘shebang’, and _golang_macho, to match machos compiled by Golang. There are also 19 new rules for a novel family of what appear to be stealers based on the name BONZAI, including MACOS.BONZAIBONANZA.AUTO, MACOS.BONZAIBONANZA.TAAP, MACOS.BONZAIBONANZA.TAFI, MACOS.BONZAIBONANZA.VACA, MACOS.BONZAIBONANZA.VASN, MACOS.BONZAIBONANZA.FU, MACOS.BONZAIBONANZA.SC, MACOS.BONZAIBARRICADE.PE, MACOS.BONZAIBARRICADE.PA, MACOS.BONZAIBARRICADE.KE, MACOS.BONZAIBLASTER.FU, MACOS.BONZAIBLASTER, MACOS.BONZAIBLASTER.TA, MACOS.BONZAIBONDER.SO, MACOS.BONZAIBONDER.PE, MACOS.BONZAIBONDER.TEPL, MACOS.BONZAIBONDER.LA, MACOS.BONZAIBONDER.FU, and MACOS.BONZAIBANANA.
XProtect Remediator doesn’t change the list of scanner modules.
There are changes to the list of Bastion rule 2 paths, and four new Bastion rules 14-17. These cover sending AppleEvents to browsers, the Finder and Terminal, mach-lookup for com.apple.pasteboard.1
, and writing to a long list of shell-related hidden directories in the user’s Home folder.
These are probably the greatest changes to XProtect’s Yara rules and Bastion rules for more than a year.
You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-152
and XProtectPlistConfigData_10_15-5304
.
Sequoia and Tahoe systems only
The XProtect update has already been released for Sequoia and Tahoe via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5304 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
伪需求
最近小半年来因为工作的问题作为销售外勤的我也经常需要用到电脑处理些许文档了,有几次遇到过临时紧急的需要弄一个文档的时候只能在外面找个网吧临时对付一下。有过几次这样的经历之后就有了买台笔记本放包里用的想法,加上去年已经解决了温饱问题,兜里有一点点可以支配的私房钱了,于是就正式的开始选购起了笔记本,原则就是轻便和能打开一些复杂的报表就可以了。
考虑到数码产品“买新不买旧,除非钱不够”的原则,最开始是打算买个 ThinkPad X 系列,毕竟这个牌子是我用上电脑就接触到的第一个品牌。但是看了下新款的价格,以及老款那种傻大黑粗的造型,最终是在同城论坛买了个 2020 款的丐版 M1 的MacBook Air。买来前两天还是有些不习惯的,因为很多在 Windows 上用得得心应手的快捷键到了 macOS 上就变了,但是 macOS 下的 Office 软件对应的快捷键和 Windows 下又是一样的,为了减轻本来容量就小的脑子的负担,只能把快捷键映射成和 Windows 下一样的操作。
恰好家里的台式机还是 10 年前的联想扬天一体机,i3 4130的性能已经不堪用了,打开个 5M 左右的 Excel 报表都要转半天。笔记本都升级了,台式机也升级一下吧,又花了 400 块在同城买了一台 8100T+16G+256G 的主机,又在京东花了 1399 买了个杂牌的 23.8 寸 4K 显示器。这个后面觉得买亏了,没有 VESA 接口上不了支架,同等价位下都可以买到底端品牌的 27“ 4K 了。不过作为穷人要有穷人的觉悟,用一句“又不是不能用“就能简单的安慰自己。现在作为天选打工人再也没有什么能够阻挡我随时随地的工作了。
正常用了一个多星期,在网上看了些视频说是乞丐版的 MacBook Air 剪辑视频会很卡,至少需要 16G 以上的内存才能流畅使用。为什么会有这样的需求呢,因为打算把娃每一年的视频和照片剪辑到一起,方便分享给家里人看。但是考虑到“买都买了”、“又不是不能用”的时候,只能从其它方面入手解决这个问题了。
新买的 i3 8100T 不是正好 16G 的内存嘛,可以用来 Hackintosh ,再认真的了解了一下之后现在的 Hackintosh 安装已经不像几年前用变色龙、Clover 那么复杂了。使用 Opencore 简单的配置一下就能启动起来,剩下的细节问题就看在不在乎了,如果不在乎所谓的“完美”配置,只要能启动就起来就是能正常使用的。于是又在小黄鱼上买了 200 块买了张“拆机”RX570 8G 显卡,其实都明白这是个 RX470 矿渣刷出来的,但是本着“又不是不能用”的心态,买家卖家都看破不说破了。其实说不定 i3 8100T 自带的核显 UHD630 都是够用的。这么配置下来性能强于 2018款的 Mac mini,约等于同配置的 2019 款的 iMac,而且我这个算上显示器还不到 2000 块,真是划算呢。
因为这台算上显卡 600 块买的这台主机没有 M.2 接口,上不了 NVME 的固态硬盘,又打算把主板处理器主板硬盘升级一下,打算升级到 i5 8500 和带 M.2 接口的主办以及 500G 的 NVME 硬盘,预计花费 700 左右。虽然 10 代处理器是最后能完美使用核显装黑苹果的处理器,但还是那个买新不买旧除非钱不够的原则只能考虑 8 代。
又在网上看到了 18-19 款的 MacBook Pro 下半身,想着有 4K 显示器了可以高一个来玩玩,预计又要花费 1500 左右。
这么一折腾的话目前家里的台式主机花了 600 ,显示器 1400,笔记本 3600,准备更新的配置的台式机预计花费 700,苹果无头骑士 1500,这样算下来我就得到了一台性能将就的 PC 机,1.5 台 Mac 电脑,总计将会花费 8000。
眼看着购物车里的东西越来越多,回过头来我只是想有个能移动处理工作的笔记本和同时能把熊孩子平时的照片视频素材剪到一起的工具而已。更何况都还没有用现有的设备尝试能不能完成自己的需求,因为下载好的“剪映”软件图标下到现在都还有个小蓝点(还没打开过),淘宝买的共享 ID 下载的 FCPX 也同样没有打开过(还没用过就不算用盗版吧)。
很突然的,我觉得应该打住了,都本命年的人了不应该由着自己的想法来,看是的看看自己的真实需求,不用用一些借口来创造伪需求。就像之前玩无线电、学钓鱼、骑摩托车一样,都是刚刚开始用就已经无限预算的想买买买了,更何况我到现在为止做什么都是三分钟热度。
及时的通过其它方式转移注意力,这两天又迷上了通过脚本来签到各种 APP 的玩法,换个其它东西吸引注意力之后就不会花太多的心思来想折腾电脑的问题了,毕竟只是工具。
您也许会感兴趣:
- 暂无相关文章:
Solutions to Saturday Mac riddles 315
I hope that you enjoyed Saturday’s Mac Riddles, episode 315. Here are my solutions to them.
1: It came with a tumbler from Camelot in 1993, then opened in 2008.
Click for a solution
It came with a tumbler (an acrobat) from Camelot (its original internal name) in 1993 (first released on 15 June 1993), then opened in 2008 (when it was adopted as an open ISO standard).
2: Replacement for 3 to avoid royalties with transparency has just turned three.
Click for a solution
PNG
Replacement for 3 (it was developed by Thomas Boutell and others to replace GIFs) to avoid royalties (those were imposed on GIFs because of their use of LZW compression) with transparency (it supports a transparency layer) has just turned three (its latest version 3.0 was released in June this year).
3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.
Click for a solution
GIF
CompuServe (released by CompuServe in 1987) animated (it supports animated images) its palette with 256 colours (it only supports palettes with 256 colours) but we still can’t agree how to say it (there has been a long-running dispute as to whether its ‘g’ is hard like ‘gift’ or soft like ‘gin’).
The common factor
Click for a solution
They were each intended to be portable, universal file formats.
I look forward to your putting alternative cases.
Saturday Mac riddles 315
Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.
1: It came with a tumbler from Camelot in 1993, then opened in 2008.
2: Replacement for 3 to avoid royalties with transparency has just turned three.
3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.
To help you cross-check your solutions, or confuse you further, there’s a common factor between them.
I’ll post my solutions first thing on Monday morning.
Please don’t post your solutions as comments here: it spoils it for others.
What’s the future for your Intel Mac?
From its first announcement of Apple silicon Macs on 22 June 2020, there has been speculation as to when support of Intel models will cease. Now Apple has given exceptionally clear details of its future intentions, and we have a clearer idea of what’s coming in macOS Tahoe, we can make plans at last. This article looks at the years ahead. In each case, major events are scheduled to occur with the annual transition of macOS to the next major version, normally in September-October.
2025
Final security update for macOS 13 Ventura, ending support for:
- iMac 18,1-3
- MacBook 10,1
- MacBook Pro 14,1-3.
If you’re still running Ventura on a Mac capable of Sonoma or later, now is the time to plan the upgrade.
2026
Final security update for macOS 14 Sonoma, ending support for:
- MacBook Air 8,1-2.
First release of an Arm-only version of macOS, 27. However, that and all its updates will continue to include full support for running Intel binaries using Rosetta 2 translation. macOS 27 will be the last major version that supports Rosetta 2 fully in Virtual Machines.
2027
Final security update for macOS 15 Sequoia, ending support for:
- iMac 19,1-2
- iMac Pro
- Mac mini 8,1
- MacBook Air 9,1
- MacBook Pro 15,1-4 16,3.
First release of macOS 28, with full Rosetta 2 support removed. Limited Intel binary support will continue for “older unmaintained gaming titles” only. As a result, virtual machines running macOS 28 will no longer be able to run most Intel binaries.
2028
Final security update for macOS 26 Tahoe, ending support for all remaining Intel models:
- iMac 20,1-2
- Mac Pro 7,1
- MacBook Pro 16,1-2 16,4.
T2 firmware updates are almost certain to cease with the end of support for macOS 26. Major third-party vendors are likely to stop providing Universal binaries, as they too drop support for macOS 26 and Intel models. Apple may decide to remove x86 support from Xcode 29, but hasn’t yet made any statement either way.
Benefits of upgrading macOS in Intel models
Although macOS Sequoia and Tahoe have brought some new features for Intel Macs, much of Apple’s emphasis now requires Arm systems. Major reasons for upgrading your Intel Mac to the most recent version of macOS it can run include:
- Third-party support. Major software vendors like Microsoft normally only support their products on versions of macOS still supported by Apple.
- Safari is only updated in supported versions of macOS.
- Bug fixes. Although new versions bring their own bugs, the chances of an existing bug being fixed in the current release of macOS are far greater than it being fixed in an older version.
- Security vulnerabilities. Only the current version of macOS gets a full set of fixes in each round of security updates, and the older two supported versions often lag the current one.
- Enhancements. Some new features are still provided for both platforms.
- Compatibility. If you already use Apple silicon Macs, or intend doing so, they are more compatible when running the same version of macOS. One topical example is Tahoe’s new ASIF disk image format.
- Quantum-secure encryption. Apple has already started to transition to cryptographic techniques designed to remain secure as and when quantum computers are used in the future to break older methods. This started with iMessage last year, and Apple has announced that macOS 26 Tahoe will support quantum-secure encryption in TLS. This is unlikely to be added retrospectively to older versions of macOS.
I hope you find that helpful in your planning, and wish you success in whatever you choose.
求 mac mini 用作软路由,连接光猫拨号的解决方案
软件层面:使用 openwrt?爱快可行吗?
求助大佬
Apple has released an update to XProtect for all macOS
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5303. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds two new rules, for MACOS_SOMA_JUEN and MACOS_SOMA_LLJU, continuing to extend its coverage of the Amos/Soma family of malware.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5303
Sequoia systems only
This update has just now been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5303 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Update:
The update was released via iCloud at 2010 GMT.
Solutions to Saturday Mac riddles 314
I hope that you enjoyed Saturday’s Mac Riddles, episode 314. Here are my solutions to them.
1: Expedition for a panther now in visionOS too.
Click for a solution
Safari
Expedition (a safari) for a panther (it was first bundled with Mac OS X Panther in 2003) now in visionOS too (it’s now bundled in visionOS).
2: Polished plate is now 1’s most serious competitor.
Click for a solution
Chrome
Polished plate (chrome) is now 1’s most serious competitor (on Apple’s platforms, it is Safari’s main competitor).
3: Web pet only lasted a year before the exploder.
Click for a solution
Cyberdog
Web (cyber) pet (dog) only lasted a year before the exploder (released in 1996, it was dropped the following year, for Microsoft Internet Explorer to become the bundled web browser in Mac OS X).
The common factor
Click for a solution
They’ve each been web browsers for Mac OS.
I look forward to your putting alternative cases.
Saturday Mac riddles 314
Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.
1: Expedition for a panther now in visionOS too.
2: Polished plate is now 1’s most serious competitor.
3: Web pet only lasted a year before the exploder.
To help you cross-check your solutions, or confuse you further, there’s a common factor between them.
I’ll post my solutions first thing on Monday morning.
Please don’t post your solutions as comments here: it spoils it for others.
A brief history of web browsers
Although taken for granted now, Apple didn’t release the first version of Safari until January 2003. Before that was a succession of interesting experiments to try. Those started with Netscape Navigator in 1994, which lasted until 2007, although by then it was little used on Macs.
Netscape is seen here in 2000, following my successful purchase of downloadable versions of Conflict Catcher and Suitcase from Casady & Greene’s online store.
Two years later, and I’m browsing Amazon’s listing of my never-published book that was slated for 31 March the following year. I’m so glad I never pre-ordered it.
Netscape had been at the front of browser development, leading with on-the-fly page display, cookies and JavaScript. But in 1996, it was challenged by Microsoft’s Internet Explorer, and Apple’s more innovative Cyberdog. The latter was sadly abandoned the following year, leaving the way clear for Apple to replace the bundled Netscape with Internet Exploder, as it quickly became nicknamed.
This is Microsoft Internet Explorer in 2001, providing the front end to Mac OS X Server through Webmin.
Cookie settings in Explorer were highly detailed in 2005.
Many of us abandoned Internet Explorer for alternatives such as Camino. That had originated within Netscape as Chimera in 2002, based on its Gecko layout engine, with a native Mac OS X front end. The following year it was rebranded as Camino, and amazingly lasted until 2012.
There were other competitors, such as Omni Group’s OmniWeb, which had been developed for NeXTSTEP since 1995, then moved to Mac OS X until 2012.
This is OmniWeb in 2007, showing the different browsers it could identify itself as, including a single version of Safari 1.0.
In January 2003, Apple launched the first beta-release of its own browser, Safari, and bundled it in Mac OS X 10.3 Panther when it was released that October. Since then Safari has been a regular fixture in successive versions of Mac OS X, OS X, and macOS. For several years, it was the only browser on iOS and iPadOS.
This is Safari 1 showing the front page for Apple’s developer site in 2004, complete with the offer to download Xcode version 1.5 with dead code stripping as a new feature. That year, Mozilla Firefox was released as an alternative, and has continued to support Macs ever since.
Mac OS X 10.4 Tiger came with Safari as the only bundled browser when it was released in April 2005, although it took Safari 2.0.4 in early 2006 before it was stable.
Page loading was slow in 2005, when Apple’s front page took a total of over 16 seconds to load fully, but that only used 6.8 MB of memory. By contrast, today Apple’s front page only takes a couple of seconds but requires over 200 MB.
There were times when the only way ahead with these early versions of Safari was to completely reset it, emptying its cache, and even removing all passwords and AutoFill text. This is Safari 2 in 2006.
Prominent among the plugins in 2006 was the dreaded Shockwave Flash, which had only recently been taken over by Adobe when it acquired Macromedia the previous year. Details of plugins are here being displayed on an internal web page within Safari 2.
Safari 3, bundled in Mac OS X 10.5 Leopard in October 2007, brought the claim that it was then the fastest browser, but it was troubled by bugs and security problems at first.
Safari 3 had already grown extensive preferences, covering the use of plugins, Java, JavaScript and cookies, seen here in 2007.
Its successor, Safari 4, followed in the summer of 2009, ready for Mac OS X 10.6 Snow Leopard, with further performance improvements, particularly in its JavaScript engine.
By 2009, Safari 4 was able to warn the user if it was about to visit a site blacklisted by the Google Safe Browsing Service. At least when that service was available. That year also saw Preview and Beta releases of Google Chrome, now Safari’s most serious competitor on Apple’s hardware.
Safari 5 was released a year later, in 2010, and was bundled in Mac OS X 10.7 Lion in 2011. This brought Reader mode and opened the door to third-party extensions.
Safari’s hidden Debug menu provided a collection of tools for web developers, and more recently has become the even more extensive Develop menu.
By the release of macOS 10.12 Sierra in 2016, Safari had reached version 10.
By 2016, close control over Adobe Flash Player had become critical, as a result of its frequent exploits, although it remained highly popular with content developers before Adobe finally killed it at the end of 2020.
Since 2021, with the release of macOS 12 Monterey, Safari 15 and its successors have been able to perform on-the-fly translation, as demonstrated here.
Safari is now the bundled browser in macOS, iOS, iPadOS and visionOS, and this year is set to leap in version number from 18 to 26 with the arrival of Tahoe and its sister OSes. It has been a long and sometimes troubled journey over those 22 years, and despite strong competition from Google Chrome and Chromium-based browsers, it remains the browser of first choice for a great many using Apple’s hardware products. I hope my screenshots have brought back more happy memories than traumatic moments.
Reference
Apple has released an update to XProtect for all macOS
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5302. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds a new rule for MACOS_SOMA_FA_LE, again extending coverage of the Amos/Soma family of malware.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5302
Sequoia systems only
This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5302 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Solutions to Saturday Mac riddles 313
I hope that you enjoyed Saturday’s Mac Riddles, episode 313. Here are my solutions to them.
1: Light and lenses control a car inside Macs until 2013.
Click for a solution
Optical drive
Light and lenses (optical) control a car (to drive) inside Macs until 2013 (they were fitted internally in Macs until 2013 models, with the last being in the MacBook Pro 13-inch mid-2012 that wasn’t discontinued until 2016).
2: Splendid campaign originally for airs until last August.
Click for a solution
SuperDrive
Splendid (super) campaign (drive) originally for airs (this external optical drive was first intended for MacBook Airs) until last August (they were discontinued in August 2024).
3: Cupertino’s Roman 400 in South Carolina was the first in 1988.
Click for a solution
AppleCD SC
Cupertino’s (Apple) Roman 400 (in Roman numerals, CD) in South Carolina (abbreviated to SC) was the first in 1988 (it was Apple’s first tray-loading CD-ROM reader, available between 1988-91).
The common factor
Click for a solution
They’re all optical drives that have been sold by Apple.
I look forward to your putting alternative cases.
Saturday Mac riddles 313
Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.
1: Light and lenses control a car inside Macs until 2013.
2: Splendid campaign originally for airs until last August.
3: Cupertino’s Roman 400 in South Carolina was the first in 1988.
To help you cross-check your solutions, or confuse you further, there’s a common factor between them.
I’ll post my solutions first thing on Monday morning.
Please don’t post your solutions as comments here: it spoils it for others.
Apple has released an update to XProtect for all macOS
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5301. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds a new rule for MACOS_AMOS_BO_EN, extending coverage of the Amos/Soma family of malware.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5301
Sequoia systems only
This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5301 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Solutions to Saturday Mac riddles 312
I hope that you enjoyed Saturday’s Mac Riddles, episode 312. Here are my solutions to them.
1: Border lake claims it’s both 10 and 1A.
Click for a solution
Tahoe
Border lake (Lake Tahoe is on the border between California and Nevada) claims it’s both 10 and 1A (depending on where you look, it reports it’s version 16, 10 in hexadecimal, or 26, 1A in hex).
2: Clearly a new material comes with concentricity.
Click for a solution
Liquid Glass
Clearly (it uses transparency) a new material (as Apple describes it) comes with concentricity (markedly rounded corners are an obvious feature).
3: Patented in 1876, it’s finally on its way to our Macs.
Click for a solution
Phone
Patented in 1876 (the telephone was patented then by Alexander Graham Bell), it’s finally on its way to our Macs (macOS Tahoe introduces the Phone app).
The common factor
Click for a solution
They’re all new in macOS 26 Tahoe.
I look forward to your putting alternative cases.
Saturday Mac riddles 312
Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.
1: Border lake claims it’s both 10 and 1A.
2: Clearly a new material comes with concentricity.
3: Patented in 1876, it’s finally on its way to our Macs.
To help you cross-check your solutions, or confuse you further, there’s a common factor between them.
I’ll post my solutions first thing on Monday morning.
Please don’t post your solutions as comments here: it spoils it for others.
A brief history of rebuilding and repairing
A cynic might summarise the history of Mac OS in four eras:
- rebuilding the Desktop (Classic Mac OS)
- repairing system permissions (Mac OS X to OS X 10.10)
- resetting Home permissions (OS X 10.11 to macOS 10.15)
- cursing privacy protection (macOS 11 onwards).
There is slight overlap between the last two, in macOS 10.14 and 10.15.
Rebuilding the Desktop
Classic Mac OS built its Desktop illusion using hidden databases that associated types of document with icons set by the apps that created them. This was based on two four-character codes in every file to specify the file’s type and creator. Periodically, those databases became damaged and this association stopped working, with the result that all documents were displayed with the same generic icon.
Rebuilding those Desktop databases was initiated by restarting the Mac while holding the Command and Option keys until the dialog was shown. Mac OS then checked through all installed apps to reconstruct their associations with document types.
This had to be repeated for each volume in turn as it was mounted by Mac OS. If there wasn’t sufficient free space on a volume, the process failed. The price of some utilities like TechTool Pro was often justified by the tools they provided for assisting in this process.
Mac OS X ended that reliance on Desktop databases, leaving this to die with Classic Mac OS.
Repairing system permissions
Since its first beta-release, Mac OS X suffered from ill-defined and pervasive problems thought to result from corruption of files used by the system. Until the introduction of System Integrity Protection (SIP) in 10.11 El Capitan, those generally resulted from files within the system acquiring incorrect permissions. Various reasons were proposed for this, including installer scripts that overstepped their bounds.
To address this, Disk Utility had a feature whereby it could check and repair permissions of all major parts of the system, based on information contained in BoM files for system updates and installations. Repairing permissions in this way became one of the main panaceas in older versions of Mac OS X and OS X, and was an important feature in Disk Utility.
Although chiefly intended to provide better security protection, one of the benefits of SIP was that it largely prevented system files from gaining incorrect permissions, and the feature to repair them was removed from Disk Utility. In any case, because of SIP it was no longer possible for Disk Utility to change the permissions of files protected by SIP.
Resetting Home permissions
When macOS 10.12 Sierra was released, a different problem appeared, in which permissions apparently became set incorrectly not in system files generally, but in the user’s Home folder, and specifically in ~/Library/Preferences. To address this Apple added a new verb to the already complex command tool diskutil
, resetUserPermissions
, and described how to use this in a support note. It’s perhaps no coincidence that this new problem appeared at about the same time that cfprefsd
took on the management of those preference files.
At that time, the following problems were attributed by Apple to incorrect permissions in ~/Library/Preferences:
- changes to preference settings, particularly those for System Preferences, do not ‘stick’;
- changes made to the Dock do not ‘stick’;
- you are asked to authenticate when trying to move or alter some folders in your Home folder;
- when trying to save, you are told that the file is locked, or that you don’t have permission;
- Preview, TextEdit, and App Store apps (which are sandboxed) may crash when opened;
- alerts appear warning that the startup disk has no more space available for app memory;
- Safari or SafariDAVClient use large amounts of resources (memory);
- the Mac runs very slowly;
- iTunes cannot sync a device;
- there are problems with Photos or iPhoto libraries, including inability to import into the library, or forgetting the library each time the app is opened.
Most if not all of those could be attributable to problems arising from bugs in cfprefsd
.
Apple later changed its recommendations to include running a new tool repairHomePermissions
in Recovery mode, then re-installing macOS. Shortly afterwards, in June 2020 when Big Sur was in beta, Apple withdrew that support note and all reference to repairing permissions, although the tool is still available in Recovery mode even on Apple silicon Macs.
Cursing privacy protection
Prior to macOS 10.14 Mojave, privacy protection had been limited and largely unobtrusive. We then began to discover that our favourite apps were being locked out of accessing files in many of our working folders.
Thus the era of adding apps to the Full Disk Access list started, and we came to curse the blessing of privacy protection.
Even better, Apple later added extended attributes that could prevent apps perfectly capable of editing documents from being able to save them just when we needed that most. And protected the extended attribute using SIP.
Maybe rebuilding the Desktop databases every couple of months wasn’t so bad after all?
Apple has released an update to XProtect for all macOS
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5300. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version modifies an existing rule for MACOS.a6d7810, whatever that might be.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5300
Sequoia systems only
This update has just been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5300 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Updated 2215 10 June 2025 with iCloud release information.
macOS 26 Tahoe is coming
As expected, Apple announced the next major version of macOS and its other operating systems, on the opening day of WWDC yesterday. This followed a disarming vision of Craig Federighi sporting a forest of grey hair and racing a Formula 1 car around the roof of Apple Park. Mercifully, that turned out to be a promotion for a new Apple TV+ production titled F1, rather than anything about to happen to macOS. And he didn’t crash.
Previews of each new OS were prefaced by the promise of “big announcements for all of our platforms”, and inevitably opened with plans for Apple Intelligence and Private Cloud Compute. Language support is going to be further extended, and additional new features are going to be announced later during this cycle. Perhaps most important is the news that third-party developers are to be given access to on-device Large Language Models (LLMs) through a Foundation Models Framework. This looks highly accessible, and it will be exciting to see what that enables.
As widely forecast, these new major versions bring a redesign intended to harness the power of Apple silicon, with a look dubbed Liquid Glass. This features layers of translucent controls that adapt to your actions, for example moving out of the way when scrolling. Although this is harmonised across devices, fears that macOS will be ‘dumbed down’ to resemble iOS appear unfounded. Indeed, iPadOS is steadily moving closer to macOS with a more Finder-like Files app, and iPads will at last be able to run background tasks.
Some features of Liquid Glass appear visually stunning, for example when providing 3D effects of depth in lock screen photos. Overall, from the little that has been shown so far, it looks impressive without being obtrusive or irritating. To get the best out of Liquid Glass, apps will need to be rebuilt against the improved API, and their appearance tuned lightly. Some special visual effects may need access to new API features, though.
To get the best out of this new look, icons need to be layered, and adapted for new appearance options including transparent. Apple has provided a new Icon Composer app to support that. Although I doubt whether it will become as popular as ResEdit was in Classic Mac OS, I can see Icon Composer being used more widely than the rest of Xcode.
Hardware support
Surprisingly, four Intel models continue to be supported by Tahoe. The full list given by Apple reads:
- MacBook Pro 16-inch 2019, and 13-inch 2020 with four Thunderbolt ports,
- iMac 2020,
- Mac Pro 2019,
- all Apple silicon models from 2020 onwards.
Although those Intel models will be able to use many of the new features in Tahoe, they continue to be unable to access any Apple Intelligence.
This means that Tahoe will continue to be a large Universal binary, and could in theory be supported by OCLP, although that’s likely to be more challenging. Apple has stated explicitly that Tahoe will be the last major version of macOS to support Intel Macs.
Version numbering
As rumoured, Apple has changed the numbering of all its OSes, bringing them in synchrony to version 26. This even applies to the new beta-release of Xcode for Tahoe.
Although that might come as a surprise to some code and scripts, because it’s a higher major version number than Sequoia this should present far fewer problems than did macOS 11 Big Sur. You might still like to check anything of yours that does check version numbers to ensure it doesn’t trip up.
Details
In keeping with the redesign, improvements in folder and icon appearance were mentioned early. Easy folder customisation is coming, allowing the standard icon to be enhanced with the superimposition of symbols and emoji, and its colour changed. Icons can be tinted by the user, as well as being layered in Icon Composer.
Continuity features that integrate Macs with devices are being extended with support for Live Activities added to macOS. The Phone app will be added as well, in its improved form from iOS 26.
Shortcuts gains ‘intelligent’ actions, and will have direct access to LLMs in Private Cloud Compute. Spotlight has undergone a major update, but in Global Spotlight features rather than local search. From the Spotlight icon, there will be intelligent actions integrated with Shortcuts, quick keys abbreviations, and it will be contextually aware. To take advantage of these, third-party apps will need to use App Intents.
Games will be integrated into a new Games app, and gain translucent controls.
The powerful GPUs in Macs supported by Tahoe should also become more capable, with the introduction of Metal 4.
Finally, Tahoe is dropping full first run security checks on notarized apps, which should ensure they all launch blazingly fast. Although a few malicious apps have been inadvertently notarized in the past, running XProtect checks on them seem pointless, as the notarization process involves more extensive checks than those performed by XProtect. If malware has managed to sneak past Apple’s checks and become notarized, then nothing in macOS is going to detect it as being malicious.
Release dates
Apple has already released the first developer beta-test version of Tahoe and its sister OSes. The first public beta is promised for July, and full release of macOS 26.0 is due in the fall/autumn.
I’ve already started testing my own apps.
Solutions to Saturday Mac riddles 311
I hope that you enjoyed Saturday’s Mac Riddles, episode 311. Here are my solutions to them.
1: Shines a beam of light into files and the web.
Click for a solution
Spotlight
Shines a beam of light (a spotlight) into files and the web (it searches both local files, and the web).
2: The detective who found for Apple from 1998.
Click for a solution
Sherlock
The detective (Sherlock Holmes, created by Sir Arthur Conan Doyle) who found for Apple (it became the Mac’s search tool) from 1998 (introduced in Mac OS 8.5 in 1998).
3: His faithful assistant came from Karelia and went to Java.
Click for a solution
Watson
His faithful assistant (Dr Watson was Sherlock Holmes’ assistant) came from Karelia (developed by Karelia Software) and went to Java (after it was ‘sherlocked’ by Apple, it was ported to Java for Sun).
The common factor
Click for a solution
They have all been search tools popular on the Mac.
I look forward to your putting alternative cases.
LogUI build 60 reads iOS, iPadOS, macOS and other logarchives
Until now, LogUI has only been able to access the active log of your Mac, by reading it directly. There are occasions when you can’t do that, or want to preserve the log for future reference. You also can’t browse the log directly on any of Apple’s devices. In these cases, and others, the best solution is to make a logarchive, and browse that instead. I’m delighted to provide an update to LogUI that can browse logarchives, including those created in iOS, iPadOS, and on Apple’s other devices.
What is a logarchive?
A logarchive is an undocumented package containing copies of all the files from the active log at the moment the logarchive was created. They can be opened and browsed by Console, Consolation 3, Ulbow, the log
command tool, and now by LogUI. Because they contain all the files that make up the log, they can be large, and typically range in size from about 300 MB to over 1 GB. All the files containing log entries are stored in their original binary tracev3 format, proprietary to Apple, and again undocumented, although that format has been reversed in the past.
Create a logarchive
The easiest way to create a logarchive is to run a sysdiagnose
, and that’s the standard way for saving a logarchive on one of Apple’s devices. Methods vary by device, and include:
- On a Mac, use the System Diagnostics… option in Activity Monitor’s Action tool, or press the Shift, Command, Control, Option and . keys at the same time, or run
sudo sysdiagnose -f ~/Documents
to save it to your Documents folder. - On an iPhone or iPad, press and hold both volume buttons and the side or top button at the same time, for about 2 seconds. This combination may trigger other features, though. The
sysdiagnose
file will be made available in Settings > Privacy & Security > Analytics & Improvements > Analytics Data, from where you can transfer it to your Mac.
Unpack the .tar.gz archive resulting from that, and you’ll find a system_logs.logarchive
inside it.
On a Mac, you can instead use the log collect
command to create a logarchive directly. For example,log collect --output ~/Documents/my.logarchive --last 5m
collects the last 5 minutes of log in the specified logarchive package. macOS security will block you from trying to save that logarchive on an external volume, though.
My free log browser Ulbow uses another method for assembling logarchives, and the next build of LogUI will incorporate that and other tools for working with logarchives.
Browse a logarchive in LogUI
This new build of LogUI has a seventh tool, to Use Logarchive. Click on that and you’ll be prompted to select the logarchive to open and browse.
Because the dates and times used in the logarchive will be different from current clock time, the LogUI window displays red warning text just to the left of the Start time. Set the date and time to a period within the scope of that logarchive, and use the Get Log tool as normal.
The log excerpt shown in the screenshot above is taken from the kernel boot sequence of my iPhone 15 Pro, to demonstrate how this all works.
If you want to return that window to browsing the active log, click on the Use Logarchive tool again, but this time cancel the selection. Other windows will of course continue to browse the active log unless you set them to use a logarchive as well.
Coming soon
Although browsing saved log entries in a logarchive is exactly the same as those of the active log, dates and times can be a pain. If you want to check when log files in a logarchive were written, use the Finder’s contextual menu to show their contents, scroll to the foot of the folders inside, select the Persist folder and check the file creation dates there.
This is made even easier in the forthcoming new build of LogUI, which features a Logarchive Tool to help you navigate logarchives, and learn which date and time ranges are appropriate.
LogUI 1.0 build 60 is now available from here: logui160
and from its Product Page.
I’ll be along with a new build in a few days, once I have tested and documented its Logarchive Tool. In the meantime, I hope you’ll find LogUI useful for studying the first beta-releases of Apple’s new operating systems.