Signing and notarization of apps and other executable code is a controversial topic. Over the last decade and more Apple has steadily introduced increasingly demanding standards, now requiring developers to notarize apps and other code they distribute outside the App Store. This article tries to explain why, and how this contributes to Mac security.

I would hope that what we all want is confidence that all executable code that our Mac runs, in particular apps, is exactly as was built by its developer. In addition to that, in the event that any code is found to be malicious, then macOS can promptly protect us by refusing to launch it. The first requirement is thus about verification of apps and code, and the second is about having a system that can block code from being launched in the first place.

CDHashes

The well-proven way to verify that files and bundles haven’t changed is using cryptographic hashes of their contents. Compute a hash, save it in a way that can’t be tampered with, and you can verify a bundle by recomputing its hash and confirming that it hasn’t changed. Apple has been using this for a long time, and its approach is a little more complex, as explained in detail in this excellent tech note.

When an app is signed, hashes are computed for different parts of its contents and assembled into a code directory, a data structure rather than a folder/directory. That data structure is then hashed to form the cdhash, or CDHash with mixed case to aid its reading. Because it’s a hash of hashes, it uniquely identifies that app, bundle or other executable code. CDHashes are thus part of the signing process, and the signature contains those CDHashes. They are also part of the notarization process, in which Apple’s Notary Service signs the CDHashes for code when it undergoes notarization, and that forms the notarization ticket that’s issued for that app, and normally attached or ‘stapled’ to it.

Between them, code signing and notarization thus provide two levels of verification, in a signature attached to the code itself, and in a record kept by Apple following successful notarization.

Unsigned apps

An unsigned app has no CDHashes, so its contents are uncontrolled and no verification is possible. It can change its own contents, morph itself from benign to malicious, forge its identity by posing as a completely different app, or be hijacked to run malicious code. While macOS could compute its CDHashes and Apple could try to track them, there’s no way to verify its identity, so external checks aren’t feasible, and there’s no way to block the code from being launched, as all it would need to do to evade that would be to change itself so its CDHashes changed.

Although macOS running on Intel Macs long tolerated this, from their release four years ago, Apple silicon Macs have refused to run such unsigned code.

Ad-hoc signed apps

Since Apple required code to be signed for Apple silicon Macs, all self-respecting build systems for macOS have automatically signed the code they generate. However, unless the developer has a certificate issued by Apple, by default they use ‘ad hoc’ certificates that are created locally and lack any chain of trust. That enables anyone to create CDHashes at any time, without any traceability to a trusted root certificate.

This is a slight improvement on completely unsigned code, and does enable an app to be identified by its CDHashes, but as they’re so easy to create, there’s no reliable way to verify that the app hasn’t changed since its original build. Although Apple could try to collect those CDHashes, there’s no useful way to block code from being launched, as all an adversary needs is to resign the code to change its CDHashes: they’re simply too labile to be trustworthy.

Certificate signed apps

For many years, before Apple introduced notarization over six years ago, this was the standard expected, but not required, of apps distributed by third-party developers. Although in theory developers could have used certificates provided by other authorities, not all Certificate Authorities are equal in their diligence, and Apple rightly wanted to be responsible for all revocations.

Certificates add control and verification, within limits determined by the certificate user. CDHashes gathered from code can be collected, but again their provenance relies on their user. At one time, they were commonly abused by those distributing malicious software. Although abused certificates were revoked by Apple, before that could happen, the malware had to be detected and identified, which could allow it to be run by many users for long before it could be blocked.

Certificate checks were another problem with this approach. It isn’t practical to check each certificate every time code is to be launched, so approvals have to be cached locally, adding to the delay before any revocation becomes effective.

Notarization

To address the limitations of signing code using developer certificates, Apple introduced the process of notarization. In this context, it adds:

• CDHashes from notarization are known to Apple, and stored in its database, for quicker online checks, and more rapid revocation.
• Apple screens apps being notarized to detect those that may be malicious.
• Apple has a complete copy of every app that has been notarized, and already knows its CDHashes.

This finally checks the provenance of all code being run, through its CDHashes; if they’re not already known to Apple, then that build of the app can’t have been notarized, and can be blocked from launching, provided the user doesn’t disable notarization checks. Screening for malware forces those trying to get malicious code notarized to adopt techniques of obfuscation, but even if those are successful, Apple already has a copy of that app and its CDHashes. That eliminates much of the delay incurred by certificate-signed apps. Together these have proved sufficient disincentive to malware developers to try to abuse notarization.

Key features of notarization are thus:

• Verification that the app or code hasn’t changed since it was built by its developer, up to the moment that it’s run.
• Independent verification against Apple’s database.
• Rapid blocking if the app or code is discovered to be malicious.
• Apple is provided with a full copy of the app or code, to aid any further investigation.
• All apps or code are checked independently for evidence that they’re malicious, before they can be released.

If you can come up with a system that achieves those and could replace notarization, I’m sure that Apple would love to hear of it.

Having just told us of the events leading to the death and apotheosis of Hercules, Ovid continues book 9 of his Metamorphoses by telling the story of his birth. He leads into this by telling us that Alcmena, Hercules’ mother, had found Iole, Hercules’ lover, a good confidante. Since Hercules’ apotheosis, and at the hero’s instruction, Hyllus had married Iole, and she was now pregnant with his child.

This reminds Alcmena of her own pregnancy with Hercules, that had been cursed by Juno to be a difficult one. She was in labour for seven days and nights, in agony, and called on Lucina and the multiple Roman deities of childbirth to deliver her child. But Lucina had received instructions from Juno, and would not let the labour progress.

Lucina sat on an altar by the door, her legs crossed and her hands linked, preventing delivery. One of Alcmena’s most loyal maids, Galanthis, took matters into her own hands, and announced to Lucina that Hercules had been born. The goddess was so shocked that she jumped up, parting her hands, so allowing Alcmena’s labour to conclude at last. But Galanthis ridiculed Lucina for this. The goddess seized Galanthis by her hair and dragged her along the ground. As the maid struggled to rise she was transformed into a weasel, and Hercules entered the world.

I’ve been unable to find any paintings of this story, but there are several engravings.

Virgil Solis engraved Alcmena’s Labour at some time around 1550. Alcmena is in the left foreground, in the throes of her protracted labour, with four women attending to her. In the background, two women are talking, and at the far right, Lucina is dragging Galanthis to the ground by her hair. There’s also a weasel walking past.

Subsequent engravings have drawn on this. Some show Lucina and Galanthis fighting in the background, but most omit the weasel. One other comes close to showing the story as told by Ovid.

The unknown engraver who made Alcmena Giving Birth to Hercules: Juno, Jealous of the Child, Attempts to Delay the Childbirth, in about 1606, has an almost identical group around Alcmena. The same two women are talking in the background, but the weasel is prominent.

Other stories about Hercules as a baby and young child, which Ovid doesn’t tell here, have been much better represented in paintings. According to older Greek myths, the sons of Jupiter could only become divine if they were suckled at Juno’s breast. Shortly after the birth of Hercules, Mercury took the infant to Juno, who put him to her breast. When she realised who the baby was, she pulled him away, and the excess milk released as a result sprayed over the heavens, forming the Milky Way.

There are two outstanding paintings showing this unusual scene.

Jacopo Tintoretto’s The Origin of the Milky Way from about 1575 shows the infant Hercules being pulled away by an anonymous assistant, with fine streams of milk gushing upwards to generate individual stars. In the background, Jupiter’s eagle appears to have a crablike object in its talons, perhaps representing the constellation of the Crab (Cancer), and Juno’s peacocks are at the right.

Just a few years before his death, Rubens painted an even more wonderful version, The Birth of the Milky Way (1636-37). Jupiter sits in the background on the left, seemingly bored. Juno’s milk arcs out from her left breast over the heavens, and her peacocks look distressed.

Other myths tell that Juno was still furious that Hercules had been born, so she placed two serpents in his cradle, in an attempt to kill the child. Hercules’ mortal twin Iphicles (not mentioned by Ovid) screamed at the snakes, bringing their father Amphitryon running. He found Hercules strangling the serpents with his bare hands: proof that he was indeed the son of Jupiter.

Several fine paintings seize this unique opportunity to show an infant strangling serpents.

This painting from the mid seventeenth century, attributed to Bernardino Mei, has been neutrally titled Scene from the Infancy of Hercules. Rather than let his father discover the baby’s strange abilities, it’s Alcmena who has come running into his nursery.

Pompeo Batoni’s account, The Infant Hercules Strangling Serpents in his Cradle from 1743, succeeds because it shows so well Hercules’ parents, disturbed from their bed, discovering their baby despatching the snakes, all by the light of an oil lamp.

The third version of this story comes from Sir Joshua Reynolds, who was commissioned by Catherine the Great of Russia in 1785 to paint her a history subject of his choice. Reynolds thought that he could flatter the Empress of Russia, perhaps, and produced this preparatory study for the heart of his final work.

The Infant Hercules was painted between about 1785-88, then exhibited at the Royal Academy before being sent to Russia. Reynolds is reputed to have used a real baby as his model, and later reused this for a painting of Puck as a baby.

Reynolds’ finished painting of The Infant Hercules Strangling Serpents in his Cradle (1788) loses the baby among its elaborate supporting cast. It has also suffered problems with deterioration in its paint layer, a common issue with many of Reynold’s paintings.

I hope that you enjoyed Saturday’s Mac Riddles, episode 280. Here are my solutions to them.

1: Third prime should run at twice three or four, and four times two.

2: The third of XV brought AI for some.

3: If E > P and E + P = GPU what does E equal?

The common factor

I look forward to your putting alternative cases.

If you encounter problems with QuickLook not creating Thumbnails or Previews properly, one of the first steps is to discover which code is responsible for generating those for QuickLook. Prior to macOS Sequoia, the standard way to do that was using the command tool qlmanage, among whose options is -m, to list all the qlgenerators available on your Mac. If you’ve tried that in Sequoia, you’ll surely have noticed that no longer works.

qlmanage

Since Catalina, Apple has been encouraging developers to switch away from qlgenerators to app extensions to create custom Thumbnails and Previews for QuickLook, and Sequoia is the first version of macOS that can’t use third-party qlgenerators. I have noticed some document types that only a few weeks ago in Sonoma still used custom thumbnails and full previews, but now can’t do so, although others continue to work normally.

These are controlled in the Quick Look item in Login Items & Extensions in General settings.

That should list all third-party app extensions providing this service, and enabling the right one(s) could fix some of those problems. But it turns out this list isn’t complete, and doesn’t in any case tell you which app extension handles which file type. For those, you’d normally turn to qlmanage, but its -m option can only see the qlgenerators in macOS, and no third-party app extensions at all. In fact, qlmanage is now of little help for anything related to QuickLook. I’ve gone back through Sonoma and Ventura, and qlmanage there is no different: although it does list third-party qlgenerators, none of those provided in app extensions appear in its list.

QuickLook app extensions

As far as I can discover, Apple doesn’t provide any equivalent of qlmanage that can report on QuickLook app extensions. The closest it comes is in the pluginkit tool, that can list all app extensions known to macOS. With a bit of tweaking, its -m option can reveal which of those use the QuickLook SDKs for Thumbnails or Previews.

Armed with the appex bundle path from pluginkit, you can then inspect the Info.plist in each, where there’s an array of QLSupportedContentTypes giving the UTIs of all file types supported by that appex. Although I’m sure someone could implement that in a shell script, this seemed an ideal task for my free utility Mints.

Mints and QuickLook

Version 1.20 of my free utility Mints is now available from here: mints120
from Downloads above, from its Product Page, and via its auto-update mechanism.

This adds a twenty-fifth button to the app’s control window, named QuickLook, at the bottom left. Click on that and Mints will open a new window and fill it with information about all the qlgenerators and QuickLook appexes your Mac knows about.

For qlgenerators, you’re given the file UTI, the path to the qlgenerator file, and (when available) its version number, e.g.
com.adobe.pdf /System/Library/QuickLook/PDF.qlgenerator (1002.2.3)

App extensions are divided into two, the first are those providing Previews, and the second those for Thumbnails, e.g.
com.apple.applescript.text /Applications/PreviewCode.app/Contents/PlugIns/Code Previewer.appex

This is an appex provided in one of Black Pyramid Software’s superb Preview series, in PreviewBundle 2 from the App Store (highly recommended).

You will see a few entries like Safari’s
[none] /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app/Contents/PlugIns/SafariQuickLookPreview.appex
with an appex that doesn’t have a list of file types in QLSupportedContentTypes.

Checking UTIs

It’s easy to guess which UTIs represent many file types, but some are a bit more cryptic. For those, copy and paste the UTI into the UTI field of my free UTIutility and it will give you clues as to its identity, including file extensions.

Unfortunately, some of the system qlgenerators support generic UTIs such as
public.audio /System/Library/QuickLook/Audio.qlgenerator (1002.2.3)
public.image /System/Library/QuickLook/Image.qlgenerator (1002.2.3)
public.movie /System/Library/QuickLook/Movie.qlgenerator (1002.2.3)
which clearly cover broad ranges of more specific file types, but don’t provide any more specific information.

How to identify QuickLook extensions

• List installed QuickLook extensions using Mints’ QuickLook button.
• Identify the file’s UTI using UTIutility.
• Locate the UTI in the list of extensions.
• If no match is found, check UTIs listed in UTIutility as Conforms.
• Check Quick Look item in Login Items & Extensions in General settings, to ensure that extension is enabled.

Next up for Mints is a feature to explore app extensions. I may be a little longer on that one.

We’re spending this weekend in the city of Gloucester, to the north-east of Boston, Massachusetts, in the company of some of the fine paintings of its harbour and coast. In the first of these two articles, I showed views from those of pioneer Fitz Henry Lane in 1850, up to Frank Duveneck in 1910.

To remind you of the location, here’s the map from 1893 again.

Louise Upton Brumback was a pupil of William Merritt Chase, friend and contemporary of Frank Duveneck. She learned to paint en plein air in Chase’s summer school on Long Island, before moving to live in Kansas City, Missouri. From 1909, the Brumbacks spent their summers in the artists’ colony of Gloucester, Massachusetts, and the rest of the year in Manhattan; those summers were to prove her most productive seasons.

From the outset, Brumback’s paintings reflected her nature. Bathers Along the Shore (1910) is decidedly post-Impressionist, highly individual, colourful, and expressed in strong terms.

Gloucester, Massachusetts (1912) is an unusual view of part of what had been one of the USA’s busiest seaports.

In 1912 the Brumbacks had a house built for them in East Gloucester, and Louise started to exhibit more frequently, and much more successfully. By 1914, she showed paintings at the National Academy of Design, the Art Institute of Chicago, the Corcoran Gallery in Washington DC and in Boston, and had a solo show at the Fine Arts Institute in Kansas City. Her husband had been able to retire early from his legal practice, and devoted his time and effort to supporting her career.

With her more mature style, she became best-known for vibrantly colourful beach scenes, such as her Good Harbor Beach, showing the coast near Gloucester in 1915.

Her undated Good Harbor Gloucester was probably painted in the same, or an adjacent, summer.

Three Umbrellas (undated) features impasto across the beach, and unusual brushstrokes in the sky.

Even some of her later paintings have a primitive look about them, as in Grey Day Gloucester from 1920, with its boxy houses, relaxed perspective, and simple reflections.

Although I have only been able to obtain this monochrome image of her later view of Gloucester Harbour from about 1921, its details show a marked contrast. She died in Gloucester in 1929.

My last artist was another of Chase’s pupils, who was influenced by Henry David Thoreau, Ralph Waldo Emerson and the Transcendentalists: the Modernist painter Marsden Hartley. Although more strongly associated with his native Maine, he too visited Gloucester.

Gloucester Fantasy (c 1934-36) shows the seaport of Gloucester Harbour, with graffiti made by Hartley using a pencil in the oil paint.

Both Brumback and Hartley visited a historic area in the hills between Gloucester and Rockport. Between 1693 and 1830, this had been a flourishing settlement known as Dogtown. In the middle of the eighteenth century this housed up to a hundred families. The growth of Gloucester drew people away, and in the early nineteenth century Dogtown had been largely depopulated, leaving a few occupants, some of whom were accused of witchcraft. The last building was demolished in 1845, and the land returned to dense forest.

Louise Upton Brumback’s Dogtown, Cape Ann, Massachusetts (1920) shows this area. Rocky and with poor soil, it now consists of woodland with a mesh of trails and old roads, as seen in the valley on the right.

When Marsden Hartley returned to the USA in 1930, he toured some of the classic locations in Massachusetts, including Dogtown. On an early visit there in 1931, he painted his Blueberry Highway, Dogtown, an unusual take on this desolate wooded and rocky area, which must have been in the fall/autumn. He wrote that Dogtown was a cross between Easter Island and Stonehenge.

Dogtown Common (1936) is Hartley’s later and more conventional depiction of this abandoned settlement.

Almost exactly a year after it released its first Macs featuring chips in the M3 family, Apple has replaced those with the first M4 models. Benchmarkers and core-counters are now busy trying to understand how these will change our Macs over the coming year or so. Before I reveal which model I have ordered, I’ll try to explain how these change the Mac landscape, concentrating primarily on CPU performance.

CPU cores

CPUs in the first two families, M1 and M2, came in two main designs, a Base variant with 4 Performance and 4 Efficiency cores, and a Pro/Max with 8 P and 2 or 4 E cores, that was doubled-up to make the Ultra something of a beast with its 16 P and 4 or 8 E cores. Last year Apple introduced three designs: the M3 Base has the same 4 P and 4 E CPU core configuration as in the M1 and M2 before it, but its Pro and Max variants are more distinct, with 6 P and 6 E in the Pro, and 10-12 P and 4 E cores in the Max. The M4 family changes this again, improving the Base and bringing the Pro and Max variants closer again.

As these are complicated by sub-variants and binned versions, I have brought the details together in a table.

I have set the core frequencies of the M4 in italics, as I have yet to confirm them, and there’s some confusion whether the maximum frequency of the P core is 4.3 or 4.4 GHz.

Each family of CPU cores has successively improved in-core performance, but the greatest changes are the result of increasing maximum core frequencies and core numbers. One crude but practical way to compare them is to total the maximum core frequencies in GHz for all the cores. Strictly speaking, this should take into account differences in processing units between P and E cores, but that also appears to have changed with each family, and is hard to compare. In the table, columns giving Σfn are therefore simply calculated as
(max P core frequency x P core count) + (max E core frequency x E core count)

Plotting those sum core frequencies by variant for each of the four families provides some interesting insights.

Here, each bar represents the sum core frequency of each full-spec variant. Those are grouped by the variant type (Base, Pro, Max, Ultra), and within those in family order (M1 purple, M2 pale blue, M3 dark blue, M4 red). Many trends are obvious, from the relatively low performance expected of the M1 family, except the Ultra, and the changes between families, for example the marked differences in the M4 Pro, and the M3 Max, against their immediate predecessors.

Sum core frequencies fall into three classes: 20-30, 35-45, and greater than 55 GHz. Three of the four chips in the M1 family are in the lowest of those, with only the M1 Ultra reaching the highest. The M4 is the first Base variant to reach the middle class, thanks in part to its additional two E cores. Two of the M4 variants (Pro and Max) have already reached the highest class, and any M4 Ultra would reach far above the top of the chart at 128 GHz.

Real-world performance will inevitably differ, and vary according to benchmark and app used for comparison. Although single-core performance has improved steadily, apps that only run in a single thread and can’t take advantage of multiple cores are likely to show little if any difference between variants in each family.

Game Mode is also of interest for those considering the two versions of the M4 Base, with 4 or 6 E cores. This is because that mode dedicates the E cores, together with the GPU, to the game being played. It’s likely that games that are more CPU-bound will perform significantly better on the six E cores of the 10-Core version of the iMac, which also comes with a 10-core GPU and four Thunderbolt 4 ports.

Memory and GPU

Memory bandwidth is also important, although for most apps we should assume that Apple’s engineers match that with likely demand from CPU, GPU, neural engine, and other parts of the chip. There will always be some threads that are more memory-bound, whose performance will be more dependant on memory bandwidth than CPU or GPU cores.

Although Apple claims successive improvements in GPU performance, the range in GPU cores has started at 8 and attained 32-40 in Max chips. Where the Max variants come into their own is support for multiple high-res displays, and challenging video editing and processing.

Thunderbolt and USB 3

The other big difference in these Macs is support for the new Thunderbolt 5 standard, available only in models with M4 Pro or M4 Max chips; Base variants still only support Thunderbolt 4. Although there are currently almost no Thunderbolt 5 peripherals available apart from an abundant supply of expensive cables, by the end of this year there should be at least one range of SSDs and one dock shipping.

As ever with claimed Thunderbolt performance, figures given don’t tell the whole story. Although both TB4 and USB4 claim ‘up to’ 40 Gb/s transfer rates, in practice external SSD performance is significantly different, with Thunderbolt topping out at about 3 GB/s and USB4 reaching up to 3.4 GB/s. In practice, TB5 won’t deliver the whole of its claimed maximum of 120 Gb/s to a single storage device, and current reports are that will only achieve disk transfers at 6 GB/s, or twice TB4. However, in use that’s close to the expected performance of internal SSDs in Apple silicon Macs, and should make booting from a TB5 external SSD almost indistinguishable in terms of speed.

As far as external ports go, this widens the gap between the M4 Pro Mac mini’s three TB5 ports, which should now deliver 3.4 GB/s over USB4 or 6 GB/s over TB5, and its two USB-C ports that are still restricted to USB 3.2 Gen 2 at 10 Gb/s, equating to 1 GB/s, the same as in M1 models from four years ago.

My choice

With a couple of T2 Macs and a MacBook Pro M3 Pro, I’ve been looking to replace my original Mac Studio M1 Max. As it looks likely that an M4 version of the Studio won’t be announced until well into next year, I’m taking the opportunity to shrink its already modest size to that of a new Mac mini. What better choice than an M4 Pro with 10 P and 4 E cores and a 20-core GPU, and the optional 10 Gb Ethernet? I seldom use the fourth Thunderbolt port on the Studio, and have already ordered a Kensington dock to deliver three TB5 ports from one on the Mac, and I’m sure it will drive my Studio Display every bit as well as the Studio has done.

If you have also been tempted by one of the new Mac minis, I was astonished to discover that three-year AppleCare+ for it costs less than £100, that’s two-thirds of the price that I pay each year for AppleCare+ on my MacBook Pro.

I look forward to diving deep into both my new Mac and Thunderbolt 5 in the coming weeks.

This weekend I’d like you join me on a trip to one of the oldest artist’s colonies in America, and once one of it’s busiest ports, the city of Gloucester in Massachusetts, just over thirty miles (50 km) north-east of Boston. Its large natural harbour has been painted by a succession of many of the greatest American landscape artists since the middle of the nineteenth century, and my selection of their works in this weekend’s two articles is a potted history of modern painting styles.

This map of the Cape Ann peninsula from 1893 shows the areas that you’ll see pictured, around Gloucester Harbor that encloses Ten Pound Island to the south of the city, surrounding beaches, and as a finale to tomorrow’s article, the old abandoned settlement of Dogwood in the hills to the north.

It was local artist Fitz Henry Lane who first started painting the coast here, in the first half of the nineteenth century. His early style steadily evolved through paintings like this of Gloucester Harbor from 1850 as he increasingly explored the effects of light and atmosphere.

By about 1860, when Lane painted Ship in Fog, Gloucester Harbor, this had reached Luminism, an approach allied with the writing of Ralph Waldo Emerson and the Transcendentalist movement.

In the summer of 1873, the aspiring Boston artist Winslow Homer visited, at a critical time in his career. He was in the process of making watercolour his preferred medium, and abandoning work as an illustrator, to devote his time to landscape painting.

This matching pair of watercolour (above) and oil (below) versions of the same motif demonstrate his skill in both.

Perhaps as a result of his visit to France, many of Homer’s paintings during the 1870s showed very loose brushwork, and greater emphasis on markmaking than previously. At first the critics were disparaging of his watercolours, but they were popular and sold well. He also developed and often used a wide range of techniques to enhance his watercolours. These included the use of both transparent and opaque watercolour, thin layered washes, scraping, texture, resist, splattering, and even abrasive paper.

In the late 1870s Homer became more reclusive, lived in Gloucester, and at one time in Eastern Point Lighthouse, before he travelled to England, where he lived and painted in the coastal village of Cullercoats in 1881-82.

Willard Metcalf, an American Impressionist who was born near Boston, visited and painted Gloucester Harbour in 1895. This is his view of Smith Cove in East Gloucester, looking towards its inner harbour, with the town itself on the opposite shore. It’s a superb set-piece of what had been a couple of decades earlier the busiest port in the USA. With the rapid decline of sail at the end of the nineteenth century, though, it was slowly returning to a quieter existence, with its supporting industries reducing.

In about 1899, Metcalf’s contemporary Frederick Childe Hassam, another American Impressionist, visited and painted Gloucester Inner Harbor. Hassam had also been born in Boston, and like Homer had been a successful illustrator before visiting Europe in 1883.

Frank Duveneck had been born in Kentucky and joined the German community in Cincinnati, Ohio, before studying alongside William Merritt Chase in Munich, Germany. When he returned to the USA, he found first success in Boston. Later in his career, he spent his summers in and around Gloucester, where he painted his Horizon at Gloucester (c 1905), showing the port’s distinctive skyline from Eastern Point.

The Yellow Pier Shed (c 1910) is another of Duveneck’s summer paintings of Gloucester’s harbour.

Curiously, in his final years he painted several views of Brace’s Rock (c 1916), off Eastern Point, Gloucester. Fitz Henry Lane had done the same shortly before his death.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Third prime should run at twice three or four, and four times two.

2: The third of XV brought AI for some.

3: If E > P and E + P = GPU what does E equal?

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

One of the novel features in the original Finder in Classic Mac OS was the use of distinctive icons for different types of document in an extensible scheme.

Every file had its type and creator codes, each consisting of four single-byte characters. The Desktop databases contained indexes to those, to enable the Finder to display the appropriate icon for a text document of type TEXT created by an app with the creator code of ttxt, SimpleText, for instance.

Apps provided a custom icon in their Resource fork for each type of document they supported. Periodically, those Desktop databases became broken, and documents lost their custom icons. The solution was to rebuild those Desktop databases from the data in each app’s Resources, a procedure that every Mac user became only too familiar with.

At some stage, perhaps in System 6 of 1988, or System 7 of 1991, document icons such as images could be displayed as miniatures or thumbnails instead. This was accomplished by apps creating that file’s thumbnail and saving it as an ICN# resource in the file’s Resource fork. Amazingly, this still works in Sequoia, where I pasted a prepared Resource fork into a Zip file to give it an inappropriate thumbnail.

The raw Resource fork is shown below in xattred as a com.apple.ResourceFork extended attribute.

Initially, Mac OS X continued a similar system, including custom thumbnails, until Apple introduced Quick Look in Mac OS X 10.5 Leopard, in 2007. This came with built-in support for a wide range of common document types, extending to QuickTime media including audio and video. One curious omission at first was that animated GIFs weren’t supported as animations until OS X 10.7.

Display of Thumbnails used the QuickLook framework documented here. This enabled third-parties to extend coverage to their own document types using QuickLook generators with the extension .qlgenerator. Initially, they were installed into /Library/QuickLook from each app bundle.

Normally, when QuickLook generated a Thumbnail or Preview, that was stored in its cache database kept in NSTemporaryDirectory in the path C/com.apple.QuickLook.thumbnailcache/. Those could give revealing insights into images and other documents accessed recently, and Wojciech Regula and Patrick Wardle discovered that, in High Sierra and earlier, it was easy for malicious software to examine that cache. Apple addressed that in macOS 10.14 Mojave by making the cache completely inaccessible.

In-memory caching of Thumbnails has also proved controversial in more recent versions of macOS. To deliver smooth scrolling of Thumbnails in the Finder’s Gallery views in particular, the Finder has taken to caching them in memory for up to two days, sometimes using several GB in the process. That can readily be mistaken for a memory leak, until those cached Thumbnails are finally flushed.

I described how QuickLook Thumbnails worked in early 2019, in the days before the SSV.

When you select a document in the Finder, a dialog, or somewhere else where you expect its icon to be shown, the Finder passes details of the document path and its type (UTI) to IconServices, to fetch the appropriate icon. This calls on its main service, iconservicesd in /System/Library/CoreServices, to check its icon cache.

Although the main icon store is locked away in /Library/Caches/com.apple.iconservices.store, there’s additional data in a folder on a path based on /private/var/folders/…/C/com.apple.iconservices, where … is an unreadable alphanumeric name. For icons used in the Dock, their cache is at /private/var/folders/…/C/com.apple.dock.iconcache. If the icon should be replaced by a QuickLook Thumbnail, such as in a Finder column view, QuickLook is asked to provide that thumbnail. That in turn may be cached in its protected cache at /private/var/folders/…/C/com.apple.QuickLook.thumbnailcache.

QuickLook then relies on there being an appropriate qlgenerator to create a thumbnail of that document type; if the qlgenerator is flawed or can’t cope with the document’s contents, that could easily fall over. For example, if you renamed a text file with a .jpeg extension so that macOS considered it was a JPEG image, the bundled qlgenerator might have simply resulted in the display of a busy spinner, rather than resolving to a generic JPEG document icon. IconServices should then deliver the appropriate icon back to the Finder to display it.

In macOS 10.15 Catalina (2019), Apple started replacing this system with a new framework named QuickLook Thumbnailing, documented here. That replaces qlgenerators with QuickLook preview extensions, in particular Thumbnail Extensions, as explained to developers at WWDC in 2019.

macOS 15.0 Sequoia has finally removed support for qlgenerators. That has resulted in the unfortunate loss of custom Thumbnails and Previews for document types of third-party apps that are still reliant on qlgenerators, and haven’t yet got round to providing equivalent app extensions. It’s almost as if the Desktop databases need to be rebuilt again.

After the popularity of genre scenes and interiors in the Dutch Golden Age, the middle classes had less influence over themes in art until the nineteenth century.

They were then able to indulge in a few paintings and framed prints of their own, although most would have been family portraits rather than anything of greater aesthetic or cultural value. Matthäus Kern’s watercolour showing A Study Interior at St. Polten from 1837 is unusual for being an early pure interior, with no sign of figures, except in the portraits.

Then came Orientalist interiors.

Eugène Delacroix’s Women of Algiers in their Apartment is his first Orientalist masterpiece, based in part on the watercolours and sketches made of local models during his visits to Morocco and Tangier, combined with studio work in Paris using a European model dressed in clothing the artist had brought back from North Africa. The black servant at the right appears to be an invention added for effect, as an extra touch of exoticism. The end result is harmonious, and makes exceptional use of light and colour, the fine details of the interior giving the image the air of complete authenticity.

In the mid-1850s, Théodore Chassériau’s Orientalism took the inevitable turn towards the erotic. This started with his Orientalist Interior: Nude in a Harem from 1850-52, referring strongly to Delacroix’s Women of Algiers, and equally rich in detail.

Narrative painting also started to turn away from classical themes, and became framed around open-ended narrative and ‘problem pictures’ to challenge those trying to read them.

As far as I can discover, one of the earliest major paintings that intentionally lacks narrative closure is William Holman Hunt’s The Awakening Conscience, painted during the period 1851-53. As with most masterly narrative paintings, its story is assembled from a multitude of clues to be found in the image.

It shows a fashionable young man seated at a piano in a small if not cramped house in the leafy suburbs of London, in reality Saint John’s Wood. Half-risen from the man’s lap is a young woman who stares absently into the distance. They’re clearly a couple in an intimate relationship, but conspicuous by its absence is any wedding ring on the fourth finger of the woman’s left hand, at the focal point of the painting. This is, therefore, extra-marital.

The interior around them has signs that she’s a kept mistress with time on her hands. Her companion, a cat, is under the table, where it has caught a bird with a broken wing, a symbol of her plight. At the right edge is a tapestry with which she whiles away the hours, and her wools below form a tangled web in which she is entwined. On top of the gaudy upright piano is a clock. By the hem of her dress is her lover’s discarded glove, symbolising her ultimate fate when he discards her into prostitution. The room itself is decorated as gaudily as the piano, in poor taste.

The couple have been singing together from Thomas Moore’s Oft in the Stilly Night when she appears to have undergone some revelatory experience, causing her to rise. For Hunt this is associated with a verse from the Old Testament book of Proverbs: “As he that taketh away a garment in cold weather, so is he that singeth songs to an heavy heart.” Ironically, his model was his girlfriend at the time, Annie Miller, an uneducated barmaid who was just sixteen.

The only artist in the nineteenth century who seems to have painted any significant number of narrative works based on popular contemporary writers is Robert Braithwaite Martineau. The Tate Gallery has two such paintings of his: above is Kit’s Writing Lesson (1852), showing a less than memorable scene from Charles Dickens’ The Old Curiosity Shop, with its elaborately detailed interior. The other (not shown here) is Picciola (1853), based on the 1836 novel of the same name by the obscure French novelist Xavier Boniface Saintine (1798-1865).

Rebecca Solomon’s Appointment (1861) appears to be another early problem picture, with a deliberately open-ended narrative set in an interior. A beautiful woman stands in front of a mirror, and looks intently at a man, who is only seen in his reflection in the mirror, and is standing in a doorway behind the viewer’s right shoulder. The woman is dressed to go out, and is holding a letter in her gloved hands. The clock on the mantlepiece shows that it’s about thirteen minutes past seven.

John Everett Millais painted his Eve of St Agnes in 1863, in the King’s Bedroom in the Jacobean house at Knole Park, near Sevenoaks in Kent. His model is his wife Effie, formerly Euphemia Gray, who married John Ruskin, and is here set in a rich period interior.

The last of these open-ended narratives set in interiors is the most puzzling, Edgar Degas’s Interior from 1868-9, also known as The Rape.

A man and a woman are in a bedroom together. She’s at the left, partly kneeling down, facing to the left, and partially (un)dressed. He’s at the right, fully dressed in street clothes, standing in front of the door, with his hands thrust deep into his trouser pockets.

The woman’s outer clothing is placed at the foot of the bed, and her corset has been hurriedly or carelessly cast onto the floor beside the bed. She clearly arrived in the room before the man, removed her outer clothing, and at some stage started to undress further, halting when she was down to her shift or chemise. Alternatively, she may have undressed completely, and at this moment have dressed again as far as her chemise.

Just behind the woman is a small occasional table, on which there is a table-lamp and a small open suitcase. Some of the contents of the suitcase rest over its edge. In front of it, on the table top, is a small pair of scissors and other items from a clothes repair kit or ‘housewife’. There’s a wealth of detail that can fuel many different accounts of what is going on in this interior.

We back up to ensure that we can recover files, whole volumes, our complete Mac if needed. When that crucial document you were working on earlier has vanished, or becomes damaged, or disaster strikes a disk, backups are essential. But how do you preserve all those documents that used to come on paper, records, correspondence and certificates? How will you or your successors be able to retrieve them in ten or thirty years time? This brief article considers how you should archive them safely, which isn’t the same as backing them up.

By archiving, I mean putting precious files somewhere they can be retrieved in at least ten years time. They may include financial, business, employment and personal records, as well as all finished work that you want to record for posterity. For most, they’ll also include a careful selection of still images, movies, and the more important documents you might create, such as books, theses and papers. They’re what you and the law want you to keep in perpetuity, and to be able to retrieve even after you’re gone.

To see how this can be achieved, I consider: the storage medium to be used, file formats that will be retrievable, how to index them for access, physical storage conditions, and the checks of their integrity that are needed.

Storage medium

While backups are most likely to be kept on hard disks or SSDs, neither of those is in the least suitable for archives, as they have relatively short lifetimes and are too sensitive to storage conditions. Instead, you need a removable medium, today probably Blu-ray disks intended for archival use, such as M-DISC.

For those with copious archives of importance beyond their family, Sony used to offer Optical Disk Archive systems, but those products were discontinued last year and don’t appear to have a suitable replacement. This illustrates one of the problems with planning for the more distant future: today’s technology can all too easily become orphaned.

Businesses are increasingly turning to cloud services to store their archives, but for the great majority of us the recurring cost makes this impractical. In any case, best practice should be to use cloud services as a supplement to a physical archive. iCloud is more affordable for the storage of most important documents, but requires a Legacy Contact to be appointed.

File formats

While it’s fine to archive documents in their original format, as you do in your backups, it’s also important to extract their contents into more permanent formats. Among those most likely to prove durable for the next 50-100 years are:

• UTF-8 (and formerly ASCII) for text files,
• JPEG and PNG for still images,
• audio, video and rich media using one of the widely-used compression standards and file formats,
• XML-based open document standards,
• CSV for data,
• PDF provided that it complies with one of the archival standards PDF/A-1 to /A-4.

You may find it worthwhile tarring together large collections of smaller files, but don’t use an unusual compression or ‘archive’ format, which might prove inaccessible in the future.

Indexing and access

For larger collections, even when structured carefully, a thorough list of contents in UTF-8 text format is essential. While there are index and search tools that could help, in this respect too archives are different from backups. If you’re going to be gathering TB of files, look at some of the commercial solutions. Although some are free to use, like the long-established Greenstone, they aren’t intended for casual users and might prove demanding.

Physical storage conditions

Never print on the disk itself, which can result in its degradation, and keep paper records alongside disks in the same container, but not inside the cases themselves, where they could damage them.

Archive optical disks should be stored in cases with centre hub security, not in sleeves. They must be kept in a cool, dry and dark container, in which there is no mould or fungus. They also need to be protected from physical threats such as flood and fire. Firesafes are popular furniture for this, but you must then ensure that their combination or keys are readily available and not separated from the safe.

There used to be a vogue for commercial data repositories, often underground storage sites that had been repurposed. Not only were those expensive, but many failed to take the care that they promised, and plenty went bankrupt and put their contents at risk. If you can arrange it, store one copy with you, and another at a friend’s or relative’s at least a few miles away.

Integrity checks

If you’re serious about maintaining your archives, some form of integrity checking, such as that provided by my free utilities Dintch, Fintch and cintch, is essential. Check a sample on each disk once a year, to ensure that none has started to deteriorate. If you do detect errors, that’s the time to burn a replacement before the original is lost to decay.

Conclusion

Backups are for recovery, while archives are for posterity. Start building your archives now, and keep them safe for the future.

Further reading

How to burn a Blu-ray disc in Monterey
Wikipedia point of entry

Postscript

Some of you are reporting widespread claims that some Blu-ray burners no longer work in Sequoia. I have therefore repeated the process that I described in Monterey, using exactly the same Pioneer burner connected to a Mac Studio M1 Max running macOS 15.1. I’m delighted to report that it still works perfectly, and I see no reason that any other recent Pioneer optical drive should prove incompatible. All you need to do is follow the instructions.

Happy archiving!

Little known today outside his native Germany, Hans Thoma (1839–1924) was a prolific painter with a distinctive style, who died a century ago, on 7 November 1924. In this article, I look at his career and a small selection of his paintings up to the time that he achieved recognition around 1885, to be concluded next week marking the anniversary of his death.

Thoma was born in the Black Forest, in Germany, and started his training as a lithographer in Basel, before turning to painting ornamental clock faces. From 1859, he studied at the academy in Karlsruhe, under Johann Wilhelm Schirmer and Ludwig Des Coudres.

Autumn Tree, Wiesenthal was painted when he was still a student in Karlsruhe, in about 1862-63. It has the high chroma colours and gestural brushwork indicative of Impressionist style, at a time when Claude Monet was still painting in a tighter, realist manner.

After completing his training in 1866, Thoma moved from Karlsruhe to Basel in north-west Switzerland, then to Düsseldorf. At that time, Düsseldorf was home to one of the leading landscape painting schools in Europe, and was a significant influence on the Hudson River School in the USA, and several of its members trained there.

In Chickenfeed (1867), Thoma tackles this genre scene in a more traditional and detailed realist style.

At first sight, Thoma’s In the Sunshine (1867) appears to show an oddly flattened face, with both the woman’s eyes visible. In fact the woman’s head is shown in profile, and what seems to be her left eye is not part of her face at all. Otherwise he has combined colour contrasts with a carefully detailed landscape.

The following year he moved to Paris, where he came to admire the work of Gustave Courbet, and the Barbizon School. He returned to Germany in 1870, where he settled in Munich, then the centre of German arts, until 1876.

Under the Elderberry (1871) is a delightful portrait of a mother and her young child, with finely detailed hair and elder flowers. His colours are softer than before, as suits this subject.

These eight Children Dancing in a Ring (1872) are set in a Bavarian alpine meadow, with pastures and high mountains in the far distance.

Thoma’s painting of two lovers in Summer from 1872 returns to a more painterly style in its flowers and vegetation. It also demonstrates his inclination towards mediaeval romance and ‘faerie’ paintings, with the chain of three winged putti in the upper right.

Siblings (1873) is an example of his domestic genre scenes. The brother sits disconsolate at the table, while his sister reads intently. By the window is a spinning wheel, the wool above it adorned with a blue ribbon.

In 1874, Thoma visited Italy for the first time.

Ring dancing appears again in his Children and Putti in a Ring (1874), although now the winged putti have come down from the sky to follow a young faun-like figure and a nymph. At the bottom left is a snake threatening to disrupt the scene. As with his other mythical settings, Thoma doesn’t appear to be telling a specific story, but populates his enchanted landscape with curious creatures.

Thoma’s pure landscapes include explorations of big skies and the transient effects of light, as in his Mainebene (1875), showing the plain of the River Main lit by shafts of light. At the lower left is a team ploughing.

He handles backlighting skilfully in A Peaceful Sunday (1876). An elderly couple are sat at a plain wooden table, in their urban apartment. She works at her crochet, he reads. You can almost hear the soft, measured tick of the clock which is out of sight, slowly passing their remaining years.

Three Mermaids (1879) is a complete contrast, with its raucous nudity and frolics with fish under the light of the moon. Thoma’s mermaids are remarkably human in form, lacking fishtails.

In 1878, Thoma moved to Frankfurt, where he was a close friend of the painter Wilhelm Steinhausen. The following year he visited Britain, and a year later returned to Italy.

As was popular during the nineteenth century, Thoma repurposed Nordic mythology with a more Germanic interpretation. The Trek of the Gods to Valhalla (1880) shows a scene that may have been inspired by Wagner’s Ring cycle, first performed at Bayreuth in 1876. This is the group of gods known as the Æsir riding across the bridge Bifröst, which is formed from a burning rainbow and reaches between Midgard (the realm of humans) and Asgard (the realm of the gods). The Æsir traditionally include Odin, Frigg, Thor, Baldr, and Týr. Recognisable on the bridge are Odin, holding his staff, with Frigg, and Thor with his hammer. At the left is probably Iðunn, holding an apple of her youth aloft. In Nordic mythology, this is an event foretold as part of the process of Ragnarök.

I’m not sure of the mythical background to his Sea Wonders (1881), where four boys have raised up a surface on which stands a winged putto clutching an egg. It is, nevertheless, a powerful image.

The Öd, View of Holzhausenpark in Frankfurt am Main (1883) shows what is perhaps better-known as Adolph-von-Holzhausen Park, which started as the larger Holzhausen Oed in around 1552, and became a public park in 1912-13. The prominent white building is its distinctive moated baroque summer residence.

Reference

Wikipedia (in German).

QuickLook is the subsystem in macOS responsible for providing two types of document preview, small Thumbnails and full Previews. If you’ve already upgraded to Sequoia, you’ll have noticed that some document types are no longer displayed with their custom Thumbnails or Previews. This article explains what has happened, and how it should work in the future.

As I’ll detail on Saturday morning, QuickLook (or Quick Look) is the latest in a series of methods for providing custom icons and previews for documents, that started back in the initial versions of Classic Mac OS. macOS ships with its own code to generate Thumbnails and Previews for a wide range of standard file types, from text and PDF to audio and movies. To extend these to other types, developers are encouraged to provide their own code.

Prior to macoS 10.15 Catalina in 2019, the display of Thumbnails was supported by the QuickLook framework. From Catalina onwards, this is provided by a new framework named QuickLook Thumbnailing. The older framework is documented here, and had been deprecated for some years. Its replacement is documented here. To extend these, the older framework used QuickLook generators with the extension .qlgenerator, but in the newer framework this function is provided by QuickLook preview extensions, in particular Thumbnail Extensions, that were explained to developers at WWDC in 2019.

As with most deprecated features, eventually the time comes for Apple to remove support for the old, and for QuickLook generators that has occurred in macOS 15.0 Sequoia. From now on, QuickLook Generator plugins no longer work. Oddly, those provided by macOS in /System/Library/QuickLook are still named with the old extension of .qlgenerator, but all custom support now has to use the new framework in App Extensions.

To check whether an app is still trying to use an old QuickLook Generator, look inside the app bundle in Contents/Library/QuickLook. If you see one or more .qlgenerator bundles there, then those no longer work in Sequoia. Instead, you should see new Thumbnail Extensions in Contents/PlugIns, where you should see App Extension bundles with names ending in something like Thumbnail.appex and QuickLook.appex. Some of the better apps provide both QuickLook Generators for compatibility with Mojave and earlier, and App Extensions for more recent macOS.

If the app you rely on to generate custom QuickLook Thumbnails and Previews doesn’t yet come with those App Extensions, contact their Support and ask them when they’re going to implement the changes brought five years ago in Catalina. Particularly if you’re paying them a subscription, it’s time they caught up. Until they do, I’m afraid those Thumbnails and Previews simply won’t work in Sequoia, and you’ll continue to see generic icons rather than Thumbnails.

In the more northerly latitudes, grass that’s essential for cattle to graze grows little during the winter months. Farmers keeping cattle therefore have to provide alternative feed for their livestock for several months each year. This can include root crops such as brassica varieties including turnips and swedes (also known as rutabaga), but the most widespread is cut and dried grass as hay.

Where climate and day-length are suitable, as in much of England and France, dedicated hay meadows can provide two harvests each year. Left ungrazed through the winter, the first is normally ready to mow in the late Spring, and when there’s sufficient rainfall during the early summer, a second hay harvest can be obtained before the weather deteriorates in the early autumn. The mowing of hay has also been known as math, and mowing a second time is thus the aftermath or lattermath.

The essential requirement for hay is that it’s dried thoroughly, or it will rot over time and become unusable as fodder. In the centuries before mechanisation during the nineteenth century, this process was described as: first mow the grass, “scatter it about, gather it in windrows, cock it overnight, scatter it about, windrow it, cock it, and so on to the stack and stack it”. (Fussell) Those steps are shown well in paintings.

The companion to Pieter Bruegel the Elder’s painting of the grain harvest, The Hay Harvest from 1565 shows all stages in progress. In the left foreground a man is beating the blade on his scythe to sharpen it ready for mowing. Three women are striding towards him with the rakes they use to scatter and gather the mown hay. Behind them, in the valley, others are gathering the hay into small stacks or cocks, where it continues to dry before being loaded onto the hay wagon to be taken back to the farm.

At the right are wicker baskets containing other crops, including what appear to be peas or beans, together with a red fruit.

Ferdinand Hodler’s marvellous Mower from about 1898 is seen sharpening the blade on his heavy scythe using a whetstone, as the sun rises behind and to the left.

The couple in Jules Bastien-Lepage’s Haymakers from 1877 are enjoying a short break from their labours, with the mown hay behind them still scattered to dry, before it can be raked into cocks.

Henri-Jean Martin painted Summer, or Mowers in 1903, as mechanisation was spreading across Europe. Several small clusters of men are mowing the hay in this meadow with their scythes, as three young women are dancing in a ring on the bed of flowers, and another sits nursing an infant.

Henry Moret’s Haymaking in Brittany from 1906 shows a smaller team busy mowing and raking on steeper ground.

In Camille Pissarro’s Divisionist painting of Haymaking, Éragny from the summer of 1887, a team of women are raking the cocks into haystacks.

Women in this hay meadow in Ukraine are raking in the harvest to be transported by a hay wain drawn by a pair of oxen, as painted in Mykola Pymonenko’s undated Haymaking.

In Jean-François Millet’s Haystacks: Autumn from about 1874, the harvest has been gathered, and three huge haystacks dominate the canvas. At the foot of one of them, a shepherd leans on his staff, resting from his labours as his flock grazes on the stubble.

Surplus hay was also a good cash crop for those who could get it transported to towns and cities. Along the east coast of England, barges were filled with hay then taken to London for sale. Much of the land in the county of Middlesex, to the west of London, was devoted to producing hay to feed horses in the city.

Robert Bevan’s painting of Hay Carts, Cumberland Market from 1915 is a view of London’s last hay market, near to the artist’s studio. By this time, the bales shown were made by mechanical baling machines and brought to London by barge.

In the next article in this series, I’ll look at a novel crop that soon became the staple food for many, the potato.

Modern Macs and macOS feature multiple layers of protection, most of which I have recently described. This article tries to assemble them into an overview to see how they all fit together, and protect your Mac from startup to shutdown. There are also many additional options in macOS and third-party products that can augment security, but I’ll here concentrate on making best use of those that come with a modern Mac and macOS. My recommendations are for the ‘standard’ user, as a starting point. If your needs differ, then you may of course choose to be different, but should always do so in the full knowledge of what you are doing and what its penalties are.

Startup

Whether your Mac has a T2 or Apple silicon chip, it’s designed to boot securely, which means that every stage of the boot process, from its Boot ROM to running the kernel and its extensions, is verified as being as Apple intends. To ensure that, your Mac should run at Full Security. For a T2 model, that means disabling its ability to boot from external disks; for an Apple silicon Mac, that means no third-party kernel extensions. If you need to run your Mac at reduced security, that should be an informed decision when there’s no good alternative.

A vital part of the Secure Boot process is the firmware loaded by the Boot ROM. That needs to be kept up to date by updating to the latest minor release of the major version of macOS. That doesn’t prevent your Mac from staying with an older supported version of macOS, as Apple supplies the same firmware updates for all three supported versions of macOS.

The System volume should be signed and sealed, as the SSV created by a macOS installer or updater. System Integrity Protection (SIP) should also be fully enabled, as without it many macOS security features work differently or not at all. Some need to disable specific SIP features, but again that should only be set when you’re fully aware of their effects and consequences, and should be the minimum needed for the purpose.

User Data

Having got the system up and running, the boot process moves to what is in mutable storage on the Mac’s Data volume. In the internal SSD of a modern Mac, that’s always encrypted, thanks to the Secure Enclave. Although that might appear sufficient, you should always turn FileVault on if your Mac starts up from its internal SSD. That ensures the encryption is protected by your password: an intruder then has to know your password before they can unlock the contents of its Data volume. They have limited attempts to guess that password before the Mac locks them out from making any further attempts. As FileVault comes free from any performance penalty, there’s no good reason for not using it.

Good security is even more important for Data volumes on external boot disks, where FileVault is just as important, but needs additional physical measures to ensure the external disk isn’t mislaid or stolen. That’s a more complex issue, for which the simplest solution is to start your Mac up from its internal SSD with the benefit from FileVault there.

Run Apps

With the user logged in successfully, and the Data volume fully accessible, the next stage to consider is running apps and other software. For this there’s another series of security layers.

When an app is launched or other code run, Gatekeeper will first check it, and in many circumstances run a check for malware using XProtect. Those shouldn’t be disabled, or macOS will still make those checks, but will simply ignore the results. XProtect looks for evidence that the code about to be run matches that of known malware. Although on its own this won’t detect unknown malware, it’s an effective screen against what’s most common. You also need to keep your Mac up to date with the latest security data updates, as those can change every week or two as new malware is identified and included.

Currently, no well-known malware has been notarized by Apple, and most isn’t even signed using a trusted developer certificate. Most therefore attempt to trick you into bypassing checks made by macOS. In Sonoma and earlier, the most common is to show you how to use the Finder’s Open command to bypass the requirement for notarization. As that has changed in Sequoia, those who develop malware have had to adapt, and some now try to trick you into dropping a malicious script into Terminal. Expect these to become more sophisticated and persuasive as more upgrade to Sequoia.

There are simple rules you can apply to avoid getting caught by these. The first time you run any new app supplied outside macOS or the App Store, drag the app to your Applications folder and double-click it in the Finder to open it. If it can’t be launched that way, don’t be tempted to use the Finder’s Open bypass, or (in Sequoia) to enable the app in Privacy & Security settings. Instead, ask its developer why it isn’t correctly notarized. Never use an unconventional method to launch an app: that’s a giveaway that it’s malicious and you shouldn’t go anywhere near it.

macOS now checks the hashes (CDHashes) of apps and code it doesn’t already recognise, for notarization and known malware. Those checks are run over a connection to iCloud that doesn’t need the user to be signed in. Don’t intentionally or inadvertently block those connections, for instance using a software firewall, as they’re in your interest.

Private Data

Traditional Unix permissions weren’t intended to protect your privacy. Now so many of us keep important or valuable secrets in our Home folders, privacy protection is essential. While you might trust an app to check through some files, you may not expect or want that app to be looking up details of your bank cards and accounts.

Privacy protection is centred on a system known as TCC (Transparency, Consent and Control), and its labyrinthine Privacy & Security settings. One of the most tedious but important routine tasks is to check through these every so often to ensure that nothing is getting access to what it shouldn’t.

No matter how conscientious we might be, there’s always the request for access that you don’t have time to read properly, or items that end up getting peculiar consents, like a text editor that has access to your Photos library or your Mac’s camera. Take the time to check through each category and disable those you don’t think are in your best interests. If you get through a lot of new apps, you might need to do this every week or two, but it needn’t be as frequent in normal use, and shouldn’t become an obsession.

There’s some dispute over whether it’s better to leave an app turned off in a category that you control, like Full Disk Access, or to remove it. I tend to disable rather than remove, with the intention of removal later, but seldom get round to that.

Downloaded Apps

While macOS continues checking apps in Gatekeeper and XProtect, there are a couple of other important protections you need to know about. Since macOS Catalina, every 24 hours or so macOS runs a paired set of scans by XProtect Remediator, looking for signs of known malware. If it finds any, it then attempts to remove, or remediate, that. The snag is that it does this in complete silence, so you don’t know whether it has run any scans, and you don’t know if it came across anything nasty, or removed it. I like to know about such things, and have written my own software that lets me find out, in SilentKnight, Skint and XProCheck. One day Apple might follow suit.

Some browsers like Safari have a potentially dangerous setting, in which they will automatically open files they consider to be safe, once they have been downloaded. This can include Zip archives that might not be as innocent as you expect. If you leave that behaviour set, you could discover your Downloads folder with all sorts of items in it. I much prefer to turn that off and handle those downloads myself. You’ll find this control in Safari’s General settings, where it’s called Open “safe” files after downloading.

Bad Links

Most of the protection so far relies more on features in your Mac and macOS, and less on your habits and behaviour. But it’s the user who is the kingpin in both security and privacy protection. Nowhere is this more important than dealing with links in web pages, emails, messages, and elsewhere. If you’re happy to click on a link without checking it carefully, you can so easily end up in the company of your attackers, inviting them into your Mac and all your personal data.

Unless it’s a trusted web page or contact, I always inspect each link before even considering whether to open it. For emails, my general rule is never, and I inspect the text source of each message to see what that really links to. It’s harder on the web, where even ads placed by Google can whisk your browser into an ambush. One invaluable aid here is Link Unshortener, from the App Store, which is a ridiculously cheap and simple way to understand just where those cryptic shortened links will take you. If you can’t convince yourself that a link is safe and wholesome, then don’t whatever you do click on it, just pass on in safety.

Summary

That has been a whirlwind tour through getting the best from macOS security, summarised in the following diagram. Fuller details about each of those topics are easy to find using the Search tool at the top right of this page. There’s plenty more to read, and for deeper technical information, try Apple’s Platform Security Guide.

Work and play safely!

If your Mac is still running Sonoma or Ventura, and you have already updated it to 14.7.1 or 13.7.1, you might have noticed that neither updated Safari, nor has there been a separate update released yet for Safari 18.1.

According to release notes for Safari 18.1 (20619.2.8), this new version has already been released for Sonoma and Ventura, but as of 1600 GMT on 29 October 2024, there’s still no sign of any separate update, nor was it bundled in the x.7.1 updates.

Sonoma and Ventura had Safari 18 released for them on 16 September 2024, concurrently with Sequoia 15.0. On 3 October 2024, at the same time that Apple released Safari 18.0.1 in Sequoia 15.0.1, it also released Safari 18.0.1 for Sonoma and Ventura, without any CVEs being reported as fixed.

Current versions of Safari read:

• in Sequoia 15.1 – Safari 18.1 (20619.2.8.11.10)
• in Sonoma 14.7.1 – Safari 18.0.1 (19619.1.26.111.11, 19619)
• in Ventura 13.7.1 – Safari 18.0.1 (18619.1.26.111.11, 18619)

leaving the latter two due an update to Safari 18.1, which would ordinarily have been released with the x.7.1 macOS updates, but hasn’t been yet.

Update

As of 2150 on 29 October 2024, both Safari updates are now available through Software Update. Version and build numbers are 18.1 (19619.2.8.111.5, 19619) for Sonoma 14.7.1, and 18.1 (18619.2.8.111.5, 18619) for Ventura 13.7.1, and Apple lists the CVEs they address in this note.

Mermaids and mermen are mythical creatures with origins outside the classical Mediterranean civilisations. Conventionally, their upper body is human, while below the waist they have the form of a fish. Mermaids seem invariably young, beautiful and buxom, and are most frequently encountered by fishermen and those who go down to the sea. In the Middle Ages they became confounded with the sirens of Greek and Roman myth, who were part human and part bird.

John William Waterhouse’s diploma study for the Royal Academy, painted in 1900, shows a conventional image of A Mermaid, seen combing her long tresses on the shore.

Despite their separate origin, mermaids have been depicted in accounts of some classical myths, perpetuating medieval confusion.

Gustave Moreau’s Venus Rising from the Sea from 1866 shows the goddess as she has just been born from the sea, and sits on a coastal rock, her arms outstretched in an almost messianic pose. On the left, a mermaid attendant holds up half an oyster shell with a single large pearl glinting in it. On the right, a merman proffers her a tree of bright pink coral, and cradles a large conch shell.

Ary Renan’s Charybdis and Scylla (1894) is an imaginative painting of one of the dangers to mariners in the Strait of Messina, between Sicily and the Italian mainland. Scylla was said to be a six-headed sea monster, but was actually a rock shoal, and Charybdis was a whirlpool. Renan shows both together, the whirlpool with its mountainous standing waves at the left, and the rocks at the right, with the form of a beautiful mermaid embedded in them.

As the First World War was ending, Franz von Stuck returned to his favourite faun motif in A Faun and a Mermaid (1918). This has survived in two almost identical versions, the other now being in the Alte Nationalgalerie in Berlin. His version of a mermaid is a maritime equivalent of a faun, with separate scaly legs rather than the more conventional single fish tail. She grasps the faun’s horns and laughs with joy as the faun gives her a piggy-back out of the sea.

Perhaps the earliest painting of a mermaid in European art is in a Christian religious painting by Lucas Cranach the Elder, from 1518-20.

Cranach’s Saint Christopher shows the saint with his back and legs flexed as he bears the infant Christ on his left shoulder. In the foreground is an unusual putto-mermaid with a long coiled fish tail.

Mermaids feature in folktales from many of the traditions of Europe, where they’re known by local names such as havfrue in Denmark.

John Reinhard Weguelin’s watercolour of The Mermaid of Zennor (1900) tells the legend of a mermaid living in a cove near Zennor in Cornwall. This scene brings her together with Matthew Trewhella, a local chorister, whose voice she had fallen in love with. The legend tells that the couple went to live in the sea, and that his voice can still be heard in the cove.

Peter Nicolai Arbo’s Liden Gunver and the Merman (1874-1880) is drawn from an opera The Fishers, by Johannes Ewald and Johann Hartmann, first performed in Copenhagen in 1780. The young woman Liden Gunver, on the right, is taken to sea by the alluring but deceptive merman on the left.

Hans Thoma’s Three Mermaids (1879) lack fishtails as they frolic raucously with fish under the light of the moon.

Gustav Klimt’s Mermaids (Silverfish) (c 1899) appear to be tadpole-like creatures with smiling, womanly faces.

Apple has made great play over the privacy provided in its new AI tools. If you’ve just updated your Apple silicon Mac to Sequoia 15.1 and are wondering how you can check on this for Writing Tools, this article explains how.

When running on a capable Mac, with an M-series chip, macOS captures details of all AI use in its Apple Intelligence Report (AIR). Control and access that from its new entry in Privacy & Security settings, where you’ll find it towards the end, just above the final Security section. Open that, and you’ll see you can set the Report Duration to 15 minutes, 7 days, or turn it off altogether. As report sizes can grow quickly with a little use of Writing Tools, I suggest you start off with 15 minutes, or you might get overwhelmed.

When you want to browse a report, simply click on the button to Export Activity, and save the AIR report.

Apple Intelligence Reports are written out to JSON files that can be viewed using a text editor if you don’t have a specialist JSON editor. They’re usually bulky, and much of their content may be encoded binary that’s of little meaningful use. However, at the start you’ll see a series of modelRequests.

Each modelRequest begins with the timestamp of the request, given in decimal seconds since 1970. That’s followed by a UUID, information on the prompt template used, and shortly after that is the text that was extracted and used by Writing Tools. For longer passages of text, you may see that it’s divided up into a series of shorter sections that match the paragraphs given in a summary.

After that input text, the language localisation is given, currently en_US as other variants and languages won’t be available until macOS 15.2 later this year. Next, the response is provided, as inserted into the Writing Tools or text window. That section ends with:

• model, the name of the AI model used, such as com.apple.fm.language.instruct_server_v1.text_summarizer, and the version.
• clientIdentifier, such as com.apple.WritingTools.xpc.WritingToolsViewService for normal use of Writing Tools in an app.
• executionEnvironment, currently expected to be PrivateCloudCompute, which tells you where the AI processing took place.

After the list of modelRequests, you’ll probably see a long series of privateCloudComputeRequests full of incomprehensible data for sepAttestations and provisioningCertificateChains, part of the validation information for use of PrivateCloudCompute. If this all seems a little long-winded, try looking in the logs when Writing Tools are in use!

I’m very grateful to Tim, who has drawn my attention to these reports, and points out that use of PrivateCloudCompute appears confined to macOS at the moment. A similar report is also available for iOS 18.1, but iPhones don’t appear to rely on PrivateCloudCompute in the same way.

We must remember that, while Apple considers Writing Tools now ready for general use, it’s still officially a beta-release, and over the coming months is likely to undergo significant change. This poses the question of whether Writing Tools will run on-device in the future, something only Apple can answer. What appears to happen at present is that the only local processing that takes place is tokenisation of text to prepare it for remote processing using Apple’s PrivateCloudCompute service, which actually performs the heavy lifting before returning its results to the Mac. However, macOS also appears to wake up the slumbering Neural Engine (ANE) for most Writing Tools services. Why that happens remains a mystery.

If you want to watch progress as AI features develop in macOS, you may find Apple Intelligence Reports a useful way to track that. If you do come across entries that seem to have used on-device services instead of PrivateCloudCompute, please let us know.

The macOS 15.1 update is the first scheduled update since Sequoia’s release last month, and brings with it a great many fixes as expected. From user reports, it’s believed to complete correcting problems reported with networking in 15.0, some of which were addressed in 15.0.1, although Apple hasn’t confirmed that.

Apple’s release notes are helpfully more detailed than usual, and include the following:

• new Writing Tools, but only for Apple silicon Macs set to US English as their primary language, with Siri also set to US English,
• a new-look Siri with Type to Siri for those who don’t want to talk to it, richer language understanding and context, and Apple product knowledge,
• Photos can find by description, and now features Clean Up to remove unwanted parts,
• Notifications has summaries, and a new Reduce Interruptions focus,
• Mail and Messages have Smart Reply for suggested responses,
• Notes has transcription summaries,
• iPhone Mirroring now supports drag and drop.

To clarify the requirement to get Writing Tools and other AI to work, the Mac must have an Apple silicon chip (M1 to M4), and:

1. in System Settings, General, Language & Region, the Primary language must be set to English (US), although any other language can be set secondarily, and made the current language in the keyboard menu, and
2. in Apple Intelligence & Siri, the Language set for Siri Requests must be English (United States), although you can turn Listen for Off if you don’t want to converse with Siri vocally.

Once those are set, you should be able to turn Apple Intelligence on. There will then be a short period on the waiting list, for macOS to download the additional models required. You’ll be notified when it’s ready to use.

Security release notes are available here, and list 50 entries, none of which Apple suspects may already have been exploited.

iBoot firmware on Apple silicon Macs is updated to version 11881.41.5, and T2 firmware to 2069.40.2.0.0 (iBridge: 22.16.11072.0.0,0). The macOS build number is 24B83, with kernel version 24.1.0. There are no firmware updates for Intel Macs without T2 chips.

Significant changes seen in bundled apps include:

• Books, to version 7.1
• Freeform, to version 3.1
• iPhone Mirroring, to version 1.1
• Mail and Messages, large build increments
• Music, to version 1.5.1
• News, to version 10.1
• Passwords, to version 1.1
• Photos, large build increment
• Reminders, large build increment
• Safari, to version 18.1 (20619.2.8.11.10)
• Shortcuts, large build increment
• TV, to version 1.5.1
• Tips, to version 15.1.

Inevitably, there are many build increments in components related to Apple Intelligence. Other significant changes to /System/Library include:

• Audio/Plug-Ins/HAL MacAudio driver, to version 510.2
• CoreServices Desk View app, to version 2.0
• CoreServices Siri app, to version 3401.24.3.14.7
• Significant changes across many AGX and AppleEmbeddedAudio kernel extensions
• A new AppleT8140 kernel extension
• APFS is updated to version 2313.41.1
• Many public frameworks have updated build numbers, among them FileProvider
• A new ImagePlayground public framework, which has moved from being private, in anticipation of the new app coming in macOS 15.2
• Many private frameworks have substantial increments in build numbers, particularly Biome, Cloud, Email, Mail, Photo, Photos, Spotlight and FileProvider
• A new DesignLibrary private framework.

Although this isn’t a particularly large update, it does come with the first wave of AI features, and a wide range of other improvements and bug fixes.

Updated 2030 GMT 1 November 2024 with info on non-T2 Intel firmware updates.

As expected, Apple has released the update to macOS 15.1 Sequoia, together with security updates to bring Sonoma to version 14.7.1, and Ventura to 13.7.1. There should also be Safari updates to accompany the latter two.

The Sequoia update is around 2.9 GB for Apple silicon Macs, and about 2.4 GB for Intel models.

As expected, this brings the first release of Writing Tools, in the first wave of new AI features, only for Apple silicon Macs using US English as both their primary language, and that set for Siri. Apple hasn’t got round to providing any list of new or changed features, and you may find that offered by Software Update is the same as for 15.0.

Security release notes are available here for 15.1, which has around 50 entries, here for 14.7.1 with around 39, and here for 13.7.1 with around 36.

iBoot firmware on Apple silicon Macs is updated to version 11881.41.5, T2 firmware to 2069.40.2.0.0 (iBridge: 22.16.11072.0.0,0), and Safari to 18.1 (20619.2.8.11.10).

I will post details of changes found later tonight.

[Updated 1820 GMT 28 October 2024.]

Once Achelous had completed telling the story of how his lost horn had been transformed into the Horn of Plenty, the floods had abated, so his guests left the banquet, leaving Ovid to explain the events leading to the death of the great hero Hercules. This reverses the chronological order, as the next story after that in Metamorphoses tells of his birth.

Having won her hand by defeating Achelous, Hercules married the beautiful Deianira, and was returning with her to his native city. The couple reached the River Euenus, which was still in spate from the winter’s rains. Hercules feared for his bride trying to cross the river, but the centaur Nessus came up and offered to carry her across.

Hercules had thrown his club and bow to the other bank and had swum across the river when he heard Deianira’s voice calling. He suspected Nessus was trying to abduct her, so shouted warning to him before loosing an arrow at the centaur’s back.

Ovid’s description of these events poses a problem for those trying to depict them, in choosing the right point of view and composition to remain faithful to that account.

Guido Reni’s masterly painting from around 1620, one of the finest of its period in the Louvre, almost fills the canvas with Nessus, who looks worryingly heroic, and Deianeira, who seems to be flying. The small figure of Hercules in the distance is well-lit, but loses the details of bow and arrow. In any case, that arrow could hardly strike Nessus in the chest.

Paolo Veronese’s painting from about 1586 also elects for this early moment, as Hercules is readying his bow and arrow, with Nessus just reaching the opposite bank. He shows the scene from Hercules’ position, but discovers the problems with that point of view: Nessus and Deianeira are now small, and Nessus is looking away with his chest concealed, and even Hercules’ face is turned from the viewer. The result makes its hero look more like a furtive stalker.

This marvellous painting was probably made by Rubens’ workshop around the time of the Master’s death in 1640. It views the events from the bank on which Hercules is poised to shoot his arrow into Nessus. This has the centaur running across the width of the canvas, his face and body well exposed for Hercules’ arrow to enter his chest. To make clear Nessus’ intentions, a winged Cupid has been added, and Deianeira’s facial expression is clear in intent. An additional couple, in the right foreground, might be intended to be a ferryman and his friend, who appear superfluous apart from their role in achieving compositional balance.

Antonio del Pollaiolo’s painting from about 1475–80 tries a side-on view, requiring Nessus to be shot while still in the river, in a slight adjustment to the original story. Deianeira appears precariously balanced, and must be grateful that Nessus’ muscular arms save her from being dropped into the river below. The artist also leaves it to the viewer to know that Hercules’ poisoned arrow strikes Nessus rather than Deianeira.

Three centuries later, Louis-Jean-François Lagrenée clearly understood the compositional problem, but didn’t arrive at such a good solution. Nessus, bearing a distressed Deianeira in his arms, has just reached the opposite bank, in the foreground. Hercules is on the left in the distance, and we can at least see his face, bow and arrow. There appears to be no way that Hercules’ arrow could impale Nessus’ chest, without first passing through some of the abundant Deianeira, nor his back. Lagrenée also adds a ferryman, who seems to have been knocked over in Nessus’ haste to make off with his captive.

Gustave Moreau’s final drawing of about 1860, squared up and ready to transfer to canvas for painting, alters the story to make its composition feasible. He puts Nessus in the foreground, with the attendant risk of making him appear the hero, somehow supporting the upstretched body of Deianeira. In the right distance, Hercules has already loosed the fatal arrow, which is prominently embedded not in the front of Nessus’ chest, but in his back. The centaur’s legs have collapsed under him, and his head and neck are stretched up in the agony of death.

Gustave Moreau and Jules Élie Delaunay seem to have worked on a compositional solution together, resulting in Delaunay’s brilliant painting of 1870, which is sadly not available for use here.

That single shot ran Nessus through. He tore the arrow out, and his blood spurted freely, mixed with poison from the Lernaean hydra. Determined to avenge his own death, the centaur gave Deianira his tunic soaked with that poison, telling her to keep it to “strengthen waning love.”

In about 1706, Sebastiano Ricci embroidered this story further, showing Hercules, his left hand grasping Nessus’ mouth, about to club the centaur to death, while a slightly bedraggled Deianeira watches in the background. There’s no arrow in Nessus’ chest, and Hercules’ quiver is puzzlingly trapped under Nessus’ right foreleg. Three other figures of uncertain roles are at the right, and a winged putto hovers overhead, covering its eyes with its right hand.

In Arnold Böcklin’s puzzling painting from 1898, Nessus is far from part-human, and Deianeira isn’t the beauty she was claimed to be. As those two wrestle grimly, Hercules has stolen up behind them, and is busy pushing a spear into Nessus’ bulging belly. Blood pours from the wound, but Deianeira is in no position to collect it.

Years passed after Nessus’ death, and Hercules was away in Oechalia, intending to pay his respects to Jupiter at Cenaeum. Word reached Deianira that her husband had fallen in love there with Iole. Initially, she was upset, but then tried to devise a strategy to address his rumoured unfaithfulness. It was then that she recalled the blood of Nessus, and his dying words to her. She therefore impregnated a shirt with that blood, and gave that to Lichas, Hercules’ servant, to take to her husband.

This is shown in this beautiful miniature accompanying Octavien de Saint-Gelais’ translation of Ovid’s Heroides from about 1510.

Hercules donned the shirt as he was about to pray to Jupiter. He felt warmth spreading throughout his limbs, quickly growing into intense pain. Trying to tear the shirt off, he obtained no relief, and only ripped off his burnt skin from the burning flesh underneath. Hercules roamed through Oeta like a wounded beast, still trying to tear the shirt off his body. He came across Lichas, and accused him of being his murderer. His servant tried to protest his innocence, but Hercules picked him up, swung him around, and flung him out to sea, where he was transformed into a rock pinnacle.

Hercules then cut down trees and built himself a funeral pyre. Ordering this to be lit, he climbed on top, and lay back on his lionskin.

This is illustrated in another miniature, The Death of Hercules (c 1470), this time for Raoul Le Fèvre’s Histoires de Troyes.

Francisco de Zurbarán’s powerful Death of Hercules (1634) uses chiaroscuro as stark as any of Caravaggio’s to show a Christian martyrdom, with its victim staring up to heaven, commending his soul to God.

Jupiter came to the aid of the dying hero, calling on the gods to consent to Hercules being transformed into a god; they agreed, and his immortal form was carried away on a chariot drawn by four horses, into the stars above.

Tiepolo’s wonderful Apotheosis of Hercules (c 1765) portrays this as a saintly ascension, which seems inappropriate.

I hope that you enjoyed Saturday’s Mac Riddles, episode 279. Here are my solutions to them.

1: The first year it goes from London to Leeds with the First Eleven on its arm.

2: When intel brought the fifth big cat in a solo or duo.

3: When 6100-8100 came from the aim of seven.

The common factor

I look forward to your putting alternative cases.

Time Machine (TM) has evolved to be a good general-purpose backup utility that makes best use of APFS backup storage. However, it does have some quirks, and offers limited controls, that can make it tricky to use with more complex setups. Over the last few weeks I’ve had several questions from those trying to use TM in more demanding circumstances. This article explains how you can design volume layout and backup exclusions for the most efficient backups in such cases.

How TM backs up

To decide how to solve these problems, it’s essential to understand how TM makes an automatic backup. In other articles here I have provided full details, so here I’ll outline the major steps and how they link to efficiency.

At the start of each automatic backup, TM checks to see if it’s rotating backups across more than one backup store. This is an unusual but potentially invaluable feature that can be used when you make backups in multiple locations, or want added redundancy with two or more backup stores.

Having selected the backup destination, it removes any local snapshots from the volumes to be backed up that were made more than 24 hours ago. It then creates a fresh snapshot on each of those volumes. I’ll consider these later.

Current versions of TM normally don’t use those local snapshots to work out what needs to be backed up from each volume, but (after the initial full backup) should rely on that volume’s record of changes to its file system, FSEvents. These observe two lists of exclusions: those fixed by TM and macOS, including the hidden version database on each volume and recognised temporary files, and those set by the user in TM settings. Among the latter should be any very large bundles and folders containing huge numbers of small files, such as the Xcode app, as they will back up exceedingly slowly even to fast local backup storage, and can tie up a network backup for many hours. It’s faster to reinstall Xcode rather than restore it from a backup.

Current TM backups are highly efficient, as TM can copy just the blocks that have changed; older versions of TM backing up to HFS+ could only copy whole files. However, that can be impaired by apps that rewrite the whole of each large file when saving. Because the backup is being made to APFS, TM ensures that any sparse files are preserved, and handles clone files as efficiently as possible.

Once the backup has been written, TM then maintains old backups, to retain:

• hourly backups for the last 24 hours, to accompany hourly local snapshots,
• daily backups over the previous month,
• weekly backups stretching back to the start of the current backup series.

These are summarised in the diagram below.

Local snapshots

TM makes two types of snapshot: on each volume it’s set to back up, it makes a local snapshot immediately before each backup, then deletes that after 24 hours; on the backup storage, it turns each backup into a snapshot from which you can restore backed up files, and those are retained as stated above.

APFS snapshots, including TM local snapshots, include the whole of a volume, without any exceptions or exclusions, which can have surprising effects. For example, a TM exclusion list might block backing up of large virtual machine files resulting in typical backups only requiring 1-2 GB of backup storage, but because those VMs change a lot, each local snapshot could require 25 GB or more of space on the volume being backed up. One way to assess this is to check through each volume’s TM exclusion list and assess whether items being excluded are likely to change much. If they are, then they should be moved to a separate volume that isn’t backed up by TM, thus won’t have hourly snapshots.

Some workflows and apps generate very large working files that you may not want to clutter up either TM backups or local snapshots. Many apps designed to work with such large files provide options to relocate the folders used to store static libraries and working files. If necessary, create a new volume that’s excluded completely from TM backups to ensure those libraries and working files aren’t included in snapshots or backups.

TM can’t run multiple backup configurations with different sets of exclusions, though. If you need to do that, for instance to make a single nightly backup of working files, then do so using a third-party utility in addition to your hourly TM backups.

This can make a huge difference to free space on volumes being backed up, as the size of each snapshot can be multiplied by 24 as TM will try to retain each hourly snapshot for the last 24 hours.

Macs that aren’t able to make backups every hour can also accrue large snapshots, as they may retain older snapshots, that will only grow larger over time as that volume changes from the time that snapshot was made.

While snapshots are a useful feature of TM, the user has no control over them, and can’t shorten their period of retention or turn them off altogether. Third-party backup utilities like Carbon Copy Cloner can, and may be more suitable when local snapshots can’t be managed more efficiently.

iCloud Drive

Like all backup utilities, TM can only back up files that are in iCloud Drive when they’re downloaded to local storage. Although some third-party utilities can work through your iCloud Drive files downloading them automatically as needed, TM can’t do that, and will only back up files that are downloaded at the time that it makes a backup.

There are two ways to ensure files stored in iCloud Drive will be backed up: either turn Optimise Mac Storage off (in Sonoma and later), or download the files you want backed up and ‘pin’ them to ensure they can’t be removed from local storage (in Sequoia). You can pin individual files or whole folders and their entire contents by selecting the item, Control-click for the contextual menu, and selecting the Keep Downloaded menu command.

Key points

• Rotate through 2 or more backup stores to handle different locations, or for redundancy.
• Back up APFS volumes to APFS backup storage.
• Exclude all non-essential files, and bundles containing large numbers of small files, such as Xcode.
• Watch for apps that make whole-file changes, thus increasing snapshot and backup size.
• Store large files on volumes not being backed up to minimise local snapshot size.
• If you need multiple backup settings, use a third-party utility in addition to TM.
• To ensure iCloud Drive files are backed up, either turn off Optimise Mac Storage (Sonoma and later), or pin essential files (Sequoia).

Further reading

Time Machine in Sonoma: strengths and weaknesses
Time Machine in Sonoma: how to work around its weaknesses
Understand and check Time Machine backups to APFS
Excluding folders and files from Time Machine, Spotlight, and iCloud Drive

The first twenty or so chapters of Miguel de Cervantes’ groundbreaking modern novel Don Quixote consist of a series of largely self-contained comic misadventures. After the knight and his long-suffering squire Sancho Panza release a group of convicts, they fear for their safety, so head for the mountains. Once there, events become more interrelated and complex, presenting even greater challenges to those who tried to paint them in standalone works, rather than illustrations accompanying the text.

The pair find a hoard of gold coins apparently abandoned with a notebook in a travel bag. Then Don Quixote catches a glimpse of a man leaping around the bushes half-naked, and suspects that he’s the owner of the bag and its coins. A little way around the hillside, they find a dead mule whose owner they think had carried that bag.

This scene must have fascinated the French artist Honoré Daumier, who painted a series of oil sketches of it in about 1867.

In the first, the knight leads his squire towards the dead mule.

This rough oil sketch shows them drawing even closer.

Sancho Panza and Don Quixote in the Sierra is more generic, and omits the dead mule altogether.

A little later, Sancho Panza’s donkey is stolen, so the knight dispatches him on his own horse Rocinante to obtain three replacement donkeys, and deliver a letter to the Lady Dulcinea, Quixote’s semi-imaginary ‘lady’ of his chivalric quests. Meanwhile, the knight laments and feigns madness for the lady. Panza meets their village priest and barber, and they agree to deceive Quixote in a bid to persuade him to return to the village for his madness to be treated.

As the three head back towards Don Quixote, they meet Dorotea, who had previously been tricked and seduced. She agrees to dress up as a fine lady and pose as Princess Micomicona, who purports to have come all the way from Guinea to ask a boon of the knight.

Pedro González Bolívar’s painting of The Introduction of Dorotea to Don Quixote from 1881 shows their meeting. Without that background information, this would prove impossible to read.

Don Quixote is persuaded to leave the mountains and return home with them, but that’s the start of another series of misadventures. During these, Dorotea’s true identity is revealed, and at dinner Don Quixote gives a long and impassioned speech in which he argues surprisingly rationally in favour of the pre-eminence of arms over learning.

This is recorded in Manuel García Hispaleto’s painting of Don Quixote’s Speech of Arms and Letters from 1884. Sancho Panza stands immediately behind the knight, at the head of the table, on the right. Seated along the table’s length are a man who has just arrived from Algiers with a Moorish woman, the village priest, and others.

Don Quixote’s madness only continues, and eventually he has to be bundled into an oxcart and taken home.

On a Sunday when all the locals are out in the square, the oxcart bearing Don Quixote enters his village at noon, as shown in Hippolyte Lecomte’s undated Don Quixote’s Homecoming. At the left, Don Quixote’s niece or housekeeper holds her hands up in horror at his condition. To the left of the cart are the priest and barber, still mounted. Sancho Panza is riding his donkey, and has been greeted by his wife and their children, who are more interested in how many fine skirts he brought back for her, and how many pairs of shoes for their children.

The priest and barber leave Don Quixote alone to recover for a month after their return, then reassess him, as shown by Miguel Jadraque in this Visit of the Priest and Barber to Don Quixote from 1880. Don Quixote is becoming animated with them as he sits up in bed. In the left background are the knight’s niece and housekeeper, praying in vain for his recovery.

Don Quixote and Sancho Panza then leave on their third sally, which first takes them on a futile mission to El Toboso in quest of the Lady Dulcinea. After that, they head towards the city of Saragossa, and meet a cart full of players in costume, who create mayhem.

Carlos Vásquez Úbeda shows this encounter in his undated painting of Don Quixote. At this stage, the pair are still on their mounts, but shortly afterwards a clown causes Rocinante to bolt and throw Don Quixote, and one of the other players rides off on the squire’s donkey. For once, Sancho manages to persuade his master not to retaliate, and they continue on their way without coming to grief.

Later, they meet a group from a village, and are invited to attend a wedding there the following day.

The wedding brings an elaborate deception in which the bride’s first suitor appears to impale himself on his own sword so that he can marry the bride as his dying wish, but then miraculously comes back to life, to cheat the groom from marrying the bride as had been expected. Manuel García Hispaleto’s painting of The Marriage of Basilio and Quiteria from 1881 shows the priest officiating in the centre, as the bride to the right is married to the dying suitor, who is supported by Don Quixote with his lance. The groom stands at the front of the tent at the right, staring in disbelief at what’s going on.

The newlyweds entertain Don Quixote and Sancho Panza for three days, enabling them to visit the Cave of Montesinos and the Lakes of Ruidera nearby. Gustave Doré, whose illustrations for the whole book have been used by others as the basis for further illustrated editions, painted this non-narrative scene of Don Quixote and Sancho Panza Entertained by Basil and Quiteria in about 1863.

In the middle of Cervantes’ second book of Don Quixote, the knight and his squire Sancho Panza become guests of a Duke and Duchess who had already read Cervantes’ first book, and set out to trick the pair into further comical misadventures. Soon after their arrival, the Duke’s chaplain asserts that Don Quixote isn’t a knight errant at all, causing the knight to deliver a searing riposte.

Out of the blue, maids arrive to wash and lather the knight’s beard, and that of the Duke, in a procedure that defuses a tense situation by transforming it into the absurd. Columbano Bordalo Pinheiro’s painting of Don Quijote in the Duke’s House from 1878 shows this bizarre moment, with the rotund figure of Sancho Panza at the left, the gaunt Don Quixote in the centre, and the Duke and Duchess seated at the right, in obvious amusement.

Although Cervantes had completed Don Quixote in 1615, and it quickly became popular across Europe, it appears to have been painted infrequently before the nineteenth century. Only Valero Iriarte seems to have painted its comical adventure stories in the previous century. Although Eugène Delacroix painted the non-narrative Don Quixote in his Library in 1824, Cervantes’ novel was generally ignored by the major narrative artists of the nineteenth century, who continued depicting mostly classical myth.

These paintings demonstrate how modern fiction can form the basis for successful narrative painting, even though that has remained unusual.

Early this coming week those fortunate enough to have an Apple silicon Mac will be able to update Sequoia to version 15.1 and try out Writing Tools at last. I’ve been testing and using them since the first beta of 15.1 back when the daylight lasted well into the night. I’ve been surprised at how lukewarm some have been at their arrival, particularly as most of those comments have come from those who make a living from their writing.

Perhaps the best way to show what Writing Tools can do is with an example, using the text from yesterday’s article A brief history of Mac firmware, a little over a thousand fairly technical words. I concentrate here on Writing Tools’ summary modes rather than its rewriting features, although they’re also thoroughly sound and useful in the right context.

Summary

Producing a succinct single paragraph summary is a challenge for even the most literate of humans. I’m impressed with Writing Tools’ 62 word offering of:
Mac firmware has undergone significant changes, from the Macintosh ROM in Classic Macs to Open Firmware in PowerPC models and EFI in Intel Macs. EFI, later evolving to UEFI, provides hardware access and boot services, while Apple silicon Macs employ a verified chain of trust for enhanced security. Firmware updates are now integrated into macOS installers and updaters, ensuring security and accessibility.

Key points

With so much information in the original, a key point summary should provide a better reflection of my original thousand words. Rather than reproducing the full 250 words generated by Writing Tools, here’s an excerpt covering one of the more challenging sections:

• Firmware Security Issue: Researchers demonstrated proof-of-concept attacks on Mac firmware, highlighting potential vulnerabilities.
• Firmware Update Policy Change: Apple transitioned from separate firmware updates to delivering them through system upgrades and updates.
• Firmware Security Concern: In 2017, Duo Labs researchers discovered many Macs running outdated firmware, raising security concerns.
• Apple’s Response: Apple hired security researchers and developed eficheck, a tool to check and report firmware versions to Apple.

I don’t think I could better that.

List

The third type of summary suitable for that article is a detailed list. This strips everything else out to leave terse factual sentences. For the whole text, it reduces to 833 words, a reflection on its already dense information. You’re unlikely to want to use this with longer passages, but here’s the same section given as key points above:

• In March 2015, two security researchers from LegbaCore demonstrated proof-of-concept attacks on the BIOS of several computers.
• The attacks could have been used to implant malicious code.
• Later that year, Kovah and Trammell Hudson turned their attention to Macs.
• They demonstrated a firmware worm named Thunderstrike 2.
• For the first nine years of Intel Macs, Apple had provided EFI firmware updates separately from updates to OS X.
• In 2015, Apple changed the way that it supplied firmware, delivering it only as part of system upgrades and updates.
• Although older separate firmware updates are still available, those were the last.
• In 2017, Rich Smith and Pepijn Bruienne of Duo Labs discovered that many Macs were running outdated firmware.
• Their concern was about the security risk posed by outdated firmware.
• Apple had already been busy hiring Xeno Kovah and Corey Kallenberg who started work there in November 2015, and Nikolaj Schlej, another firmware security researcher, who joined them the following August.
• They developed a new tool eficheck, released in High Sierra on 25 September 2017.
• eficheck checked current firmware against a local database of versions known to be ‘good’, and with the user’s permission sent a report to Apple in the event that it found discrepancies.

Table

The fourth summary option is to generate a table. Unfortunately, my example wouldn’t produce a useful table without substantial additional knowledge. However, I’ve found this useful on long passages from fiction, where it can summarise relationships between different characters, and similar tasks.

On device and on target

Once Sequoia 15.1 has been released and I’ve had a chance to explore the internals of Writing Tools further, I’ll look at its processing and energy costs. Two important features distinguish it from other contemporary AI tools: all data remains on-device throughout, and it’s primarily using your text rather than a large language model built from vast quantities of text garnered from around the internet.

Privacy doesn’t generally worry me particularly, as much of what I write on Macs is destined in some way or another to be published, whether it’s in an article here, one in the magazines that I write for, or source code that will be built into apps. However, I do take exception to others making money out of my labours without my express consent, so I’ll generally be only too happy to keep my AI on-device.

I also think it’s important to draw a clear distinction between what Writing Tools offers, and the likes of ChatGPT. Now that I’m testing Sequoia 15.2 beta, I have been looking at that contrast. While you can’t ask Writing Tools questions (why would you want to when you have the whole text and its summaries?), I thought I’d see how ChatGPT answered one of my stock test questions for AI: what is the SSV?

At my first asking, ChatGPT didn’t have sufficient context, and told me that it’s a side-by-side vehicle, so I refined my question to what is the SSV in macOS?

Although much of its answer was correct and informative, the second sentence stated with complete confidence that the SSV was introduced in macOS Catalina, which is of course completely incorrect, as Catalina has a read-only System volume but not a Signed System Volume as was introduced in Big Sur. But you’d only spot that serious factual error if you already knew the answer.

Give me Writing Tools and my own fact-checking, thank you.

Telling a story in a painting intended to be viewed independently of its literary account requires great skill. Illustrations have the advantage that they’re going to be seen alongside the words, but a narrative painting could be exhibited almost anywhere. The most popular solution is to depict the best-known myths and legends, typically from classical times, stories that all educated viewers should be familiar with.

Painting a modern novel is even more of a challenge, making those showing Miguel de Cervantes’ epic Don Quixote, published in 1605 and 1615, among the boldest of all narrative paintings. A few years ago I published a long series of summaries of the book accompanied by paintings and illustrations. This weekend I look at just the former, from outside the immediate context of the literary account, considering whether they work as narrative paintings.

Cervantes himself spent at least two periods in prison, and it’s claimed that he started work on Don Quixote during the second of those. Mariano de la Roca’s painting of Miguel de Cervantes imagining El Quixote from 1858 may be as fictitious as the book, but reveals a clear vision of the knight and his squire, Sancho Panza. Their mounts are caricatured, but Don Quixote is fully detailed complete with the barber’s basin he wears as a helmet.

Nils Kreuger’s portrait of Don Quixote’s Horse Rocinante from 1911 is non-narrative, but nevertheless a fine painting, with the knight seated against the base of a tree and staring into the distance.

Quixote’s first, solo and briefest sally takes him to an inn, where he insists the innkeeper dubs him as a knight, as depicted by Valero Iriarte, who is now known almost exclusively for his paintings of this book.

Iriarte’s first scene of Don Quixote at the Inn (c 1720) shows one of the earliest comic events in the book, in which the landlord pours wine into a hollowed-out length of cane to enable the aspiring knight to drink through his helmet. Immediately beforehand, the two women had fed him, as his hands had been fully occupied in holding up his cardboard visor. To anyone familiar with the opening chapters of Cervantes’ book, this would have been instantly recognisable.

Iriarte’s second scene is set inside the inn, with Don Quixote Dubbed a Knight (c 1720). Quixote is on his knees ready for the ceremony, while the fat innkeeper stands behind with his back to the viewer, busy rehearsing his reading. To the left of Quixote is a young lad holding a candle, and a prostitute is holding the knight’s lance as she’s negotiating with her next customer, to the right. Again, Iriarte tells the story true to Cervantes’ account, and it’s readily recognisable.

After a couple of tragi-comic adventures, Don Quixote returns home battered and bruised.

One of his neighbours came past with a donkey, on which the knight was placed. To avoid any embarrassment, they don’t enter the village until after dark. Wilhelm Marstrand’s undated painting captures the sense of defeat during Don Quixote’s First Ride Home.

Don Quixote recruits Sancho Panza to be his squire during the fortnight he spends at home after that first sally. The pair then ride out together and engage in the most famous of their adventures, when Quixote attacks a windmill, convinced that it’s a giant.

José Moreno’s painting of Don Quixote and the Windmills from about 1900 portrays the climax perfectly, as the knight and his charger are hoisted aloft by one of the windmill’s sails, as it rotates with the wind.

Don Quixote and Sancho Panza then endure further misadventures, during which the knight loses part of his helmet and some of his left ear. They accept the hospitality of some goatherds for the night, and the following morning attend the burial of a local scholar whose death resulted from his unrequited love for a young shepherdess. She appears at the burial and denies responsibility, as painted by Cecilio Pla and Valero Iriarte.

Pla’s Marcela the Shepherdess from 1905 shows her standing defiantly above the scholar’s grave.

Valero Iriarte’s Story of Shepherds Grisóstomo and Marcela (c 1701-44) is overambitious in its detail. The shepherdess stands at the far right, well away from the burial taking place at the far left. Between them are Sancho Panza and Don Quixote, engaged in conversation.

The pair become involved in further unfortunate incidents, culminating in Don Quixote leaving an inn without paying for their accommodation. The knight then makes another spectacular error when he mistakes flocks of sheep for armies about to join in battle, a story that sticks in the mind.

As Johann Baptist Zwecker shows in his painting of Don Quixote from 1854, the knight then charges at the armies of sheep with his lance, to the annoyance of the drovers, who retaliate by knocking out several of his teeth with their slingshot.

A turning point in this second sally occurs when the pair free a dozen convicts who turn on them by bombarding them with rocks, then run away. Fearing that they are in danger, the knight and his squire ride off to hide in the mountains, as shown below in Adrien Demont’s painting of Don Quixote from 1893.

Tomorrow I’ll show paintings of what happened next.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: The first year it goes from London to Leeds with the First Eleven on its arm.

2: When intel brought the fifth big cat in a solo or duo.

3: When 6100-8100 came from the aim of seven.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Firmware, software that’s intimately involved with hardware at a low level, has changed radically with each of the different processor architectures used in Macs.

Classic Macs based on Motorola 68K processors come with their own Macintosh ROM. That changed after the first PowerPC models of 1994, and the Power Macintosh 9500 from 1995 supports Apple’s version of Open Firmware. That had originated as OpenBoot in Sun Microsystems’ SPARC-based computers, and is based on the language Forth. Macs with Open Firmware can be booted into an interactive interface that makes it relatively straightforward to support and bring up new hardware. It’s also a security nightmare.

Firmware version numbering was elaborate, with a ROM revision, here $77D.45F6, a Boot ROM version of $0004.25f1, and a Mac OS ROM file version of 8.4, for this Power Mac G4 running Mac OS 9.2.1 in 2002. Apple supplied separate Mac OS ROM file updates as needed.

EFI

In 1998, Intel started work on the original Extensible Firmware Interface (EFI) as its intended replacement for the BIOS in PCs. By the time Apple was beginning its transition from PowerPCs in 2006, EFI was changing into Unified EFI (UEFI), and has since progressed as far as version 2.10 in 2022.

Once an Intel Mac has cleared its initial self-test routines (POST), and key custom chips like the SMC are running, EFI firmware is loaded next. The purpose of the EFI phase and the boot loader boot.efi is to augment the basic facilities provided by BootROM to the point where the macOS kernel can be loaded with its extensions. Key to this is providing access to the Mac’s hardware through the device tree, IODeviceTree, listing and relating all the devices in that Mac. This is built by boot.efi and passed to the kernel when it loads, and forms the basis for IOKit within macOS.

Model-specific boot.efi software also provides ongoing and additional support for boot services, including memory management, basic functions for timers and events, and for hardware access. It supports basic console protocols for input and output, and access to storage systems. Runtime services extend these to give access to variables stored in the NVRAM, and to GUIDs/UUIDs used for key variables in the EFI phase and later. Most importantly, boot.efi looks for startup key commands, originally named snag keys by Apple, such as Command-R to run in Recovery mode, Command-S and -V for Single User and Verbose modes, and Shift for Safe mode.

When Apple introduced Boot Camp in 2006, it made changes to boot.efi to support booting from operating systems other than macOS. This essentially provides a suite of drivers supporting Mac hardware in terms of a Windows hardware platform, engaged when the Mac is to be booted in that operating system rather than macOS.

Firmware security

In March 2015, two security researchers from LegbaCore, Xeno Kovah and Corey Kallenberg, demonstrated proof-of-concept attacks on the BIOS of several computers including Dell, HP, and other PCs that could have been used to implant malicious code. Later that year, Kovah and Trammell Hudson turned their attention to Macs, demonstrating a firmware worm named Thunderstrike 2.

For the first nine years of Intel Macs, Apple had provided EFI firmware updates separately from updates to OS X. That year, Apple changed the way that it supplied firmware, delivering it only as part of system upgrades and updates. Although older separate firmware updates are still available, those were the last.

Then in 2017, Rich Smith and Pepijn Bruienne of Duo Labs discovered that many Macs were running outdated firmware. Their concern was less about potential bugs and other problems, and more about the security risk posed. Apple had already been busy, hiring Xeno Kovah and Corey Kallenberg who started work there in November 2015, and Nikolaj Schlej, another firmware security researcher, who joined them the following August. They developed a new tool eficheck, released in High Sierra on 25 September 2017. Each week until it was dropped from Sonoma, eficheck checked current firmware against a local database of versions known to be ‘good’, and with the user’s permission sent a report to Apple in the event that it found discrepancies.

Back in late 2017, this iMac17,1 was reported as running Boot ROM version IM171.0105.B26.

T2 firmware

In 2016, the year before Smith and Bruienne’s report, Apple introduced first the T1 chip, then hot on its heels the T2 the following year. With two separate CPUs in each T2 Mac, there are two separate sets of firmware, one EFI and the other known as iBridge or BridgeOS. Following the established pattern, both are only updated by macOS installers and updaters.

After standard power-on self-test and SMC initialisation, the T2 sub-system establishes the level of Secure Boot in force, and, if that’s Full or Medium Security, boot.efi is checked before being loaded, providing security throughout the boot process.

Apple silicon Macs

The introduction of Macs using the M1 family of chips in 2020 brought complete change in firmware to support Secure Boot, and moves away from UEFI completely. The aim of boot security in Apple silicon Macs is to provide a verified chain of trust through each step in the boot process to the loading of macOS, that can’t be exploited by malicious components. This consists of four main stages:

• The Boot ROM in the hardware.
• The Low-Level Bootloader, LLB, or first stage.
• iBoot, or second stage.
• The macOS kernel, which loads all its required kernel extensions.

One of many changes made from UEFI is that startup key combinations have been replaced by the Power button to engage Recovery and other special startup modes, which has both improved security of Recovery mode and made its features more accessible. Instead of the user having to memorise a list of different key combinations required to access different features, all are now integrated within a single environment.

Apple silicon Macs are the first Macs whose firmware can be both upgraded and downgraded by restoring them from IPSW image files when the Mac has been put into DFU mode. For the time being, at least, all Apple silicon Macs run a unified firmware version tied not to the chip or model, but to the macOS version, and only delivered in IPSW files and macOS updates.

Painting in the Dutch Golden Age underwent remarkable evolution. In the fifty years between the 1620s and the French invasion of the Dutch Republic in 1672, established genres grew novel sub-genres, with artists specialising in each. These included ‘genre’ scenes of everyday life, with artists devoted to painting taverns, women working, festivities, markets, or domestic interiors. The latter appear to have been among the first such depictions in modern art.

During the 1650s, interiors started to become distinct from other scenes of everyday life, as the significance of their figures diminished, although few if any dispensed with them altogether.

Gerard ter Borch (1617–1681) specialised in domestic interiors, some containing open-ended narratives to encourage the viewer to speculate on their resolution. Two centuries later, those were to be become popular again, particularly in Britain, where they were known as problem pictures and featured in the press.

Ter Borch’s The Messenger, usually know as Unwelcome News, from 1653, develops his favourite theme of the arrival of a message. The young man at the left is still booted and spurred from riding to deliver a message to this couple. Slung over his shoulder is a trumpet, to announce his arrival and assert his importance. The recipient wears a shiny breastplate and riding boots, and is taken aback at the news the messenger brings. His wife leans on her husband’s thigh, her face serious.

The scene is the front room of a house in the Golden Age. Behind them is a traditional bed typical of living areas at the time, with some of their possessions resting on a table between the couple and their bed. Hanging up on a bedpost is the husband’s sword, and behind them are a gun and powder horn. Is this letter news of his recall to military service, perhaps? Will he soon have to ride away from his wife, leaving her alone to bring up their family?

Although the three figures take the limelight, ter Borch picks out the mundane details of the room behind them instead of letting them fade into darkness.

Three Figures Conversing in an Interior is another of ter Borch’s narrative genre works, and more popularly known as Paternal Admonition (c 1653-55). Standing with her back to us, wearing a plush going-out dress, is the daughter. To her left is a table, on which there’s a small reading stand with books, almost certainly including a Bible.

Her parents are young, and they too are fashionably dressed. Her mother appears to be drinking from a glass, but her father is at the very least cautioning his daughter, if not giving her a thorough dressing-down. He wears a sword at his side. Behind them is a large bed, and to the right the family dog looks on from the darkness.

Ter Borch’s half-sister Gesina appears to have been his model for Woman Writing a Letter (c 1655), which makes obvious his connection with Vermeer. Move this woman to a desk lit through windows at the left, light her surroundings, and you have a painting similar to Vermeer’s interiors. This shows a heavy decorated table cover pushed back to make room for the quill, ink-pot, and letter. Behind the woman is her bed, surrounded by heavy drapery, and at the lower right is the brilliant red flash of the seat.

The Letter from about 1660-62 returns to ter Borch’s favourite theme of the reading and writing of letters. Two young women are working together, apparently replying to the letter being read by the woman on the right. A boy, perhaps their younger brother, has just brought in a tray bearing an ornate pitcher of drink. In front, a small dog is curled up asleep on a stool. Above them is an unlit chandelier suspended from a hanging ceiling.

Other specialists in genre painting like Gabriël Metsu also ventured towards interiors. His Washerwoman from about 1650 looks authentic and almost socially realist: the young woman is a servant, dressed in her working clothes, in the dark and dingy lower levels of the house. She looks tired, her eyes staring blankly at the viewer. She’s surrounded by the gear she uses, including a rope and pitcher to the right, and an earthenware bowl on display below it. The mantlepiece in the background features a blue and white plate.

It’s easy to mistake Pieter de Hooch’s A Woman Drinking with Two Men from about 1658 for a Vermeer, and like the latter he decorates the far wall with a contemporary map. The Eighty Years’ War had not long ended, and the Dutch Republic was flourishing. Discarded objects are scattered on its black-and-white tiled floor. There’s a large and empty fireplace, and above it hangs a religious painting.

It was Jan Vermeer whose few surviving works explored interiors the most.

In his Milkmaid from about 1660, a woman servant is pouring milk from a jug, beside a tabletop with bread. In the left foreground the bread and pots rest on a folded Dutch octagonal table, covered with a mid-blue cloth. A wicker basket of bread is nearest the viewer, broken and smaller pieces of different types of bread behind and towards the woman, in the centre. Behind the bread is a dark blue studded mug with pewter lid, and just in front of the woman (to the right of the mug) a brown earthenware ‘Dutch oven’ pot into which the milk is being poured. An ultramarine blue cloth (matching the woman’s apron) rests at the edge of the table. There are many other intriguing details in this interior.

Vermeer’s Young Woman with a Water Pitcher from slightly later is another fine example, this time with more obvious control of focus effects for which his paintings are renowned. Details in this interior include the ornate tablecloth, a small lockable chest on the right of the table, the map hanging behind, and the window she is holding with her right hand.

Interiors then vanished from painting until their rebirth in the nineteenth century.