uanso:

ThinkMan: 今天把 Macbook Pro 14 （港版）从 15.1 release 版本升级到了 15.2 Public Beta 系统。

开通 Apple Intelligence 后，一直显示以下提示（好几个小时了没有动静）, 有没有遇到同样问题的朋友们：


'macos Apple Intelligence is downloading. Some Apple Intelligence and Siri features may be unavailable until the download is complete.'


期间重启、关闭再打开 AI 功能，都不行😭。

94nb:

macos 之前用 chrome 装的 PT 助手是可以使用的，用了好几个月了，这两天不知道是 chrome 升级了还是咋回事，PT 助手扩展无故消失了，我又重新安装，发现 crx 的无法安装，我又解压后通过解压包安装扩展，能用了几个小时，就没法用了，尝试关掉就再也打不开了，重装了好几次每次都是这样，大家遇到过嘛？

8eacekeep:

一直在用系统自带的，它确实很简约，但感觉 UI 实在有点太丑了，有没有什么比较优雅的推荐？

lambdaX999:

前几天我发帖说发现 bartender 一直在偷偷的录屏，我感觉很慌，于是我想办法找防火墙软件来禁止特定软件联网，于是就找到了 Little Snitch 这款软件，然后不用不知道，一用吓一跳，没想到那么多不起眼的软件偷偷在我后台跑流量，见下图：

当我把一些异常的软件，服务都禁止联网之后，体验明显很多，比如 wps ，我直接禁止联网，再也不能给我弹广告了，还有搜狗输入法，直接禁止联网，用起来安心多了。

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5279. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5278), this version makes a small amendment to the detection rule for MACOS.PIRRIT.CHU.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5279.

For Sequoia only: there’s no sign of this update being made available in iCloud, which now returns an XProtect version of 5278. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

I hope that you enjoyed Saturday’s Mac Riddles, episode 280. Here are my solutions to them.

1: Third prime should run at twice three or four, and four times two.

Click for a solution

(Thunderbolt) 5

Third prime (5) should run at twice three or four (Thunderbolt 5 should deliver 80 Gb/s speed, twice that of TB3 or TB4), and four times two (and four times that of TB2).

2: The third of XV brought AI for some.

Click for a solution

(macOS) 15.1

The third (version of macOS 15, which is shipping in last week’s new M4 Macs) of XV (macOS 15) brought AI for some (it did).

3: If E > P and E + P = GPU what does E equal?

Click for a solution

6

If E > P (6 > 4) and E + P = GPU (Macs with the full base M4 chip have 10-core GPUs) what does E equal? (6, the number of E cores in the full base M4 chip.)

The common factor

Click for a solution

They are properties of the new M4 Macs announced last week.

I look forward to your putting alternative cases.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Third prime should run at twice three or four, and four times two.

2: The third of XV brought AI for some.

3: If E > P and E + P = GPU what does E equal?

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Modern Macs and macOS feature multiple layers of protection, most of which I have recently described. This article tries to assemble them into an overview to see how they all fit together, and protect your Mac from startup to shutdown. There are also many additional options in macOS and third-party products that can augment security, but I’ll here concentrate on making best use of those that come with a modern Mac and macOS. My recommendations are for the ‘standard’ user, as a starting point. If your needs differ, then you may of course choose to be different, but should always do so in the full knowledge of what you are doing and what its penalties are.

Startup

Whether your Mac has a T2 or Apple silicon chip, it’s designed to boot securely, which means that every stage of the boot process, from its Boot ROM to running the kernel and its extensions, is verified as being as Apple intends. To ensure that, your Mac should run at Full Security. For a T2 model, that means disabling its ability to boot from external disks; for an Apple silicon Mac, that means no third-party kernel extensions. If you need to run your Mac at reduced security, that should be an informed decision when there’s no good alternative.

A vital part of the Secure Boot process is the firmware loaded by the Boot ROM. That needs to be kept up to date by updating to the latest minor release of the major version of macOS. That doesn’t prevent your Mac from staying with an older supported version of macOS, as Apple supplies the same firmware updates for all three supported versions of macOS.

The System volume should be signed and sealed, as the SSV created by a macOS installer or updater. System Integrity Protection (SIP) should also be fully enabled, as without it many macOS security features work differently or not at all. Some need to disable specific SIP features, but again that should only be set when you’re fully aware of their effects and consequences, and should be the minimum needed for the purpose.

User Data

Having got the system up and running, the boot process moves to what is in mutable storage on the Mac’s Data volume. In the internal SSD of a modern Mac, that’s always encrypted, thanks to the Secure Enclave. Although that might appear sufficient, you should always turn FileVault on if your Mac starts up from its internal SSD. That ensures the encryption is protected by your password: an intruder then has to know your password before they can unlock the contents of its Data volume. They have limited attempts to guess that password before the Mac locks them out from making any further attempts. As FileVault comes free from any performance penalty, there’s no good reason for not using it.

Good security is even more important for Data volumes on external boot disks, where FileVault is just as important, but needs additional physical measures to ensure the external disk isn’t mislaid or stolen. That’s a more complex issue, for which the simplest solution is to start your Mac up from its internal SSD with the benefit from FileVault there.

Run Apps

With the user logged in successfully, and the Data volume fully accessible, the next stage to consider is running apps and other software. For this there’s another series of security layers.

When an app is launched or other code run, Gatekeeper will first check it, and in many circumstances run a check for malware using XProtect. Those shouldn’t be disabled, or macOS will still make those checks, but will simply ignore the results. XProtect looks for evidence that the code about to be run matches that of known malware. Although on its own this won’t detect unknown malware, it’s an effective screen against what’s most common. You also need to keep your Mac up to date with the latest security data updates, as those can change every week or two as new malware is identified and included.

Currently, no well-known malware has been notarized by Apple, and most isn’t even signed using a trusted developer certificate. Most therefore attempt to trick you into bypassing checks made by macOS. In Sonoma and earlier, the most common is to show you how to use the Finder’s Open command to bypass the requirement for notarization. As that has changed in Sequoia, those who develop malware have had to adapt, and some now try to trick you into dropping a malicious script into Terminal. Expect these to become more sophisticated and persuasive as more upgrade to Sequoia.

There are simple rules you can apply to avoid getting caught by these. The first time you run any new app supplied outside macOS or the App Store, drag the app to your Applications folder and double-click it in the Finder to open it. If it can’t be launched that way, don’t be tempted to use the Finder’s Open bypass, or (in Sequoia) to enable the app in Privacy & Security settings. Instead, ask its developer why it isn’t correctly notarized. Never use an unconventional method to launch an app: that’s a giveaway that it’s malicious and you shouldn’t go anywhere near it.

macOS now checks the hashes (CDHashes) of apps and code it doesn’t already recognise, for notarization and known malware. Those checks are run over a connection to iCloud that doesn’t need the user to be signed in. Don’t intentionally or inadvertently block those connections, for instance using a software firewall, as they’re in your interest.

Private Data

Traditional Unix permissions weren’t intended to protect your privacy. Now so many of us keep important or valuable secrets in our Home folders, privacy protection is essential. While you might trust an app to check through some files, you may not expect or want that app to be looking up details of your bank cards and accounts.

Privacy protection is centred on a system known as TCC (Transparency, Consent and Control), and its labyrinthine Privacy & Security settings. One of the most tedious but important routine tasks is to check through these every so often to ensure that nothing is getting access to what it shouldn’t.

No matter how conscientious we might be, there’s always the request for access that you don’t have time to read properly, or items that end up getting peculiar consents, like a text editor that has access to your Photos library or your Mac’s camera. Take the time to check through each category and disable those you don’t think are in your best interests. If you get through a lot of new apps, you might need to do this every week or two, but it needn’t be as frequent in normal use, and shouldn’t become an obsession.

There’s some dispute over whether it’s better to leave an app turned off in a category that you control, like Full Disk Access, or to remove it. I tend to disable rather than remove, with the intention of removal later, but seldom get round to that.

Downloaded Apps

While macOS continues checking apps in Gatekeeper and XProtect, there are a couple of other important protections you need to know about. Since macOS Catalina, every 24 hours or so macOS runs a paired set of scans by XProtect Remediator, looking for signs of known malware. If it finds any, it then attempts to remove, or remediate, that. The snag is that it does this in complete silence, so you don’t know whether it has run any scans, and you don’t know if it came across anything nasty, or removed it. I like to know about such things, and have written my own software that lets me find out, in SilentKnight, Skint and XProCheck. One day Apple might follow suit.

Some browsers like Safari have a potentially dangerous setting, in which they will automatically open files they consider to be safe, once they have been downloaded. This can include Zip archives that might not be as innocent as you expect. If you leave that behaviour set, you could discover your Downloads folder with all sorts of items in it. I much prefer to turn that off and handle those downloads myself. You’ll find this control in Safari’s General settings, where it’s called Open “safe” files after downloading.

Bad Links

Most of the protection so far relies more on features in your Mac and macOS, and less on your habits and behaviour. But it’s the user who is the kingpin in both security and privacy protection. Nowhere is this more important than dealing with links in web pages, emails, messages, and elsewhere. If you’re happy to click on a link without checking it carefully, you can so easily end up in the company of your attackers, inviting them into your Mac and all your personal data.

Unless it’s a trusted web page or contact, I always inspect each link before even considering whether to open it. For emails, my general rule is never, and I inspect the text source of each message to see what that really links to. It’s harder on the web, where even ads placed by Google can whisk your browser into an ambush. One invaluable aid here is Link Unshortener, from the App Store, which is a ridiculously cheap and simple way to understand just where those cryptic shortened links will take you. If you can’t convince yourself that a link is safe and wholesome, then don’t whatever you do click on it, just pass on in safety.

Summary

That has been a whirlwind tour through getting the best from macOS security, summarised in the following diagram. Fuller details about each of those topics are easy to find using the Search tool at the top right of this page. There’s plenty more to read, and for deeper technical information, try Apple’s Platform Security Guide.

Work and play safely!

I hope that you enjoyed Saturday’s Mac Riddles, episode 279. Here are my solutions to them.

1: The first year it goes from London to Leeds with the First Eleven on its arm.

Click for a solution

2020

The first year (2020, the year Apple silicon Macs were released) it goes from London to Leeds (the M1 motorway in England) with the First Eleven (launched with macOS 11.0 Big Sur installed) on its arm (they use Arm CPUs).

2: When intel brought the fifth big cat in a solo or duo.

Click for a solution

2006

When intel (Intel) brought the fifth big cat (they came with OS X Tiger 10.4.4) in a solo or duo (they had Intel Core Solo or Duo processors in 2006).

3: When 6100-8100 came from the aim of seven.

Click for a solution

1994

When 6100-8100 (first PowerPC models were Power Mac 6100, 7100 and 8100 of 1994) came from the aim (the processors were developed by the AIM Alliance of Apple, IBM and Motorola) of seven (they shipped with System 7.1.2).

The common factor

Click for a solution

They are the years in which Apple released the first Macs in each of its new architectures.

I look forward to your putting alternative cases.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: The first year it goes from London to Leeds with the First Eleven on its arm.

2: When intel brought the fifth big cat in a solo or duo.

3: When 6100-8100 came from the aim of seven.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

I hope that you enjoyed Saturday’s Mac Riddles, episode 278. Here are my solutions to them.

1: Platform executive arranges props and lighting for window groups.

Click for a solution

Stage Manager

Platform (a stage) executive (a manager) arranges props and lighting (what a stage manager does) for window groups (it manages window groups in macOS).

2: Blank characters open in parks for multiple desktops.

Click for a solution

Spaces

Blank characters (spaces) open in parks (open spaces) for multiple desktops (what it provides in macOS).

3: Regulate operational flight to exposé them all.

Click for a solution

Mission Control

Regulate (control) operational flight (a mission) to exposé them all (it does for all apps what Exposé did for single apps, in displaying all open windows).

The common factor

Click for a solution

They are all tools for advanced window management.

I look forward to your putting alternative cases.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Platform executive arranges props and lighting for window groups.

2: Blank characters open in parks for multiple desktops.

3: Regulate operational flight to exposé them all.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

我们还年轻，可不想看到这个世界处在毫无自由、隐私的边缘。

前段时间体验了 Cursor，其中的 Cursor Tab 和 @Codebase 功能确实很强，我现在已经开始付费使用了。

不过也有开发者朋友跟我聊到，Cursor 是很厉害，但是 20 美元/月的价格实在太贵了，如果便宜一点就好了。

所以我给他推荐了一些国内的 ai 代码补全插件——

现有的 AI 编程助手已经有多家巨头在竞争了。光我试用过的就有许多：海外产品有 github Copilot、Amazon CodeWhisperer，国内产品有字节的豆包 MarsCode、阿里的通义灵码、讯飞的 iFlyCode 等等。

目前国内的这几家都是免费或者免费试用中，应该可以满足大多数的需求。最后他看了一圈，来了一句：「难道没有开源的吗？」

于是我去了解了一下，还真有这样的开源插件：Continue。

⏩ Continue is the leading open-source AI code assistant. You can connect any models and any context to build custom autocomplete and chat experiences inside VS Code and JetBrains – continuedev/cont…

🏠 Continue 官网

Continue 是一款 VSCode 和 JetBrains 插件，它本身不提供 AI 模型，但它提供了多种接入 AI 模型的方法，来实现多种场景下的功能。

相比直接用商业插件，用开源插件配合商业模型，更有「用多少花多少」的安心感。更不用说 Continue 还支持连接到本地的模型，如果你的 CPU、显卡性能足够，完全可以在本地跑一个 3B 级别小模型来实现 AI 补全。

首先，安装 Continue 插件非常简单，只需要在 VS Code 的扩展市场中找到并安装即可。

🔗 Continue – VSCode Marketplace

插件的配置就要稍微研究一下了。

由于代码助手的场景很多样，不同的模型的侧重点也不同，不能用一套 openai API 打天下。

比如最常见的 Tab 补全，表现最好的是 3B 大小的模型，因为速度最快。而 Chat 模型则可以用一些 GPT 4o、Claude 3.5 Sonnet 这样的常用对话模型。

Continue 目前根据用途，将模型分为下面这 4 种（下面链接内有更详细的解释）：

目前在线模型中，我比较推荐的还是 DeepSeek，DeepSeek 支持 Chat 和 AutoComplete Model，并且价格也比较低廉，很适合个人使用。

你可以先在 DeepSeek 官网 注册账号并申请 API Key。

拿到 API Key 之后，你就可以根据 Continue 提供的 DeepSeek 配置文件 ，在 Continue 中进行如下配置下面这些配置。

首先在左侧打开 Continue，点击下方的配置按钮，会出现 json 格式的配置文件。

Chat model 配置，可以配置多项。

Autocomplete model，只能配置 1 个。

注意 JSON 格式非常严格，你需要确保你的写法是准确的。

Embeddings model 可以不用配置，VSCode 中 Continue 提供了一个默认配置（使用了 Transformers.js），在默认情况下会在本地计算机运行，无需额外配置。

Reranking model 也是可选配置。主要是对 @Codebase 功能有帮助，能够在向量搜索中找到最相关的代码片段。Continue 推荐使用 Voyage AI 的 rerank-1 （需要申请 Token）。为了简化配置步骤，你可以暂时用 Continue 提供的 Voyage AI 的免费试用配置。后面再按照 详细的配置文档 进行配置。

注意，上面这些只是最基础的配置，如果你有一些特别的需求，比如你希望它始终提供多行的代码补全，就需要附上额外的参数 multilineCompletions 等。再比如 @Codebase 的时候你想让它检索更大范围需要配置 nRetrieve 参数。这部分配置我推荐你自行研究一下它的文档——

🔗 Continue 自动补全文档

🔗 Continue @Codebase 文档

在线模型的使用中，Continue 确实能满足我对本地代码补全的要求。

当你使用 Tab，生成效果和速度跟文章开头提到的那些商业插件不相上下。

当你使用 Chat 面板时，也能给出格式准确的回答。

但是在 AutoComplete 功能方面还是差了一些，相比 Cursor Tab 那种只需要敲 Tab Tab 的模式，爽快感差了一截，但已经能够满足日常使用的需求。

Continue 的官网上还展示了一个 Actions 功能，包括了 @Codebase 和斜杠命令如 /edit、/test 等，从动图上看效果还是很棒的。

我也体验了 @Codebase 的功能，它也会对当前代码库中的内容进行检索，检索的范围似乎比 Cursor 小一些，导致 @Codebase 的结果和体验也比 Cursor 要差一些。

但这不太严谨，只是个人体感，毕竟代码内容千差万别，Prompt 也不同，Cursor 的模型更强（默认 Claude 3.5 Sonnet），加上我没有在 Continue 中完整配置 Reranking model，多个原因共同作用下，才导致的效果不佳。

瑕不掩瑜，我认为 Continue 还是很大程度上满足了日常开发的需求。

接下来再看看 Continue 的舒适区，结合本地模型配置，用自己电脑的性能去跑模型。

本地模型我只推荐自定义 Autocomplete model，因为体量更好，速度更快。过大体量的 Chat model 在本地跑速度还是太慢，生成一条回复能急死人，回复质量也远不如在线模型。

我用的设备是 Macbook Pro M2，模型则是用 LM Studio 来加载和启动。macos 用户可以有其他选择，比如推荐 Jan。

根据 Continue 的推荐，它推荐我们使用开源模型 StarCoder2-3B 作为自动补全模型，我还尝试了 DeepSeek Coder 的 1.3B 模型和 6.7B 模型。

我的个人感受和 Hugging Face 下载地址都附在下方。

StarCoder2-3B （适合 Tab 补全，速度快，效果好）

🔗 second-state/StarCoder2-3B-GGUF 模型下载

deepSeek-coder-1.3B （适合 Tab 补全，速度快，但输出效果一般，存在格式错误）

🔗 TheBloke/deepseek-coder-1.3b-instruct-GGUF 模型下载

deepSeek-coder-6.7B（响应过慢，不适合代码补全）

🔗 TheBloke/deepseek-coder-6.7B-instruct-GGUF 模型下载

所以我的最后还是乖乖用了 StarCoder2-3B。

上面的下载链接列表里，我推荐选择 xxx-Q5_K_M.gguf。这些文件名通常与大语言模型的量化方法有关，目的是减少模型推理的计算复杂度，同时保持较高的精度。过高可能会导致速度变慢。

当你把 StarCoder2-3B 模型放到 LM Studio 的模型目录中并启动后，LM Studio 会在 localhost:1234 上启动一个 AI 服务器后端（Jan 的端口是 1337）。

然后你需要回到 Continue 插件配置中，配置如下信息——

这里常见的错误是，你必须满足 JSON 格式要求。tabAutocompleteModel 后面是 {}，意味着只能配置一个，所以记得把刚刚配置的 DeepSeek 删掉。

这样一来，就可以纯用本地电脑性能实现自动补全了，不用为商业 AI 服务花一分钱了。

我分别在 Macbook Pro M2 和 RTX 3070Ti 的配置下进行了尝试。

在使用 GPU 时，代码补全速度非常快，几乎和云端解决方案没有区别。

而在 CPU 环境下，虽然响应速度稍有下降，但依然能流畅运行。

可以看到，速度方面非常 OK，代码质量也基本满足要求。甚至从响应速度上说，比在线版本还要快不少。

这种本地处理的方式尤其适合对隐私有较高要求的开发者，因为所有的数据处理都在本地进行，不用担心代码被上传到云端。

不过，需要注意的是，Continue 对硬件配置还是有一定要求的。尤其是当你使用更复杂的模型时，低配置的机器可能会有些吃力并且发热严重。

因此，如果你希望获得更好的体验，还是建议使用配置较高的开发环境。

总体来说，Continue 是一款非常值得推荐的 VS Code 插件，特别适合那些重视隐私、安全性，并希望利用本地 AI 模型提高开发效率的开发者。

虽然在性能上需要依赖较高的硬件配置，但它提供的灵活性和本地化的处理能力，完全可以弥补这一点。

如果你有兴趣尝试 AI 驱动的代码补全，并且希望数据完全掌控在自己手中，那么 Continue 无疑是一个非常好的选择。

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5278. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5277), this version adds three new definitions for MACOS.ADLOAD.I, MACOS.SOMA.G and MACOS.SOMA.H.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5278.

For Sequoia only: there’s no sign of this update being made available in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

I hope that you enjoyed Saturday’s Mac Riddles, episode 277. Here are my solutions to them.

1: Volatile anaesthetic to catch fish over coaxial cable.

Click for a solution

Ethernet

Volatile anaesthetic (ether) to catch fish (net) over coaxial cable (used for most Ethernet connections, although twisted pair and fibre-optic are also used).

2: Flight terminal for wireless in cards and base stations.

Click for a solution

AirPort

Flight terminal (an airport) for wireless (it’s wireless networking) in cards and base stations (first available in base stations and cards from 1999).

3: Neighbourhood chat between a twisted pair came with the LaserWriter.

Click for a solution

LocalTalk

Neighbourhood (local) chat (talk) between a twisted pair (it used twisted-pair cables) came with the LaserWriter (released with and supported by Apple’s LaserWriter printer in 1985).

The common factor

Click for a solution

They are all physical network systems that have been supported by Macs.

I look forward to your putting alternative cases.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Volatile anaesthetic to catch fish over coaxial cable.

2: Flight terminal for wireless in cards and base stations.

3: Neighbourhood chat between a twisted pair came with the LaserWriter.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5277. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5276), this version contains extensive changes, largely of an editorial nature. It adds one new detection rule for MACOS.PIRRIT.CHU, and removes rules for OSX.Genieo.C, OSX.Genieo.B, OSX.Genieo.A and OSX.Leverage.a.

Many rules have changes to their detection hashes, where existing SHA1 hashes are replaced with SHA256. Among the rules changed by this are 36:

• OSX.Proton.B
• OSX.Vindinstaller.A
• OSX.OpinionSpy.B
• OSX.InstallImitator.C
• OSX.Eleanor.A
• OSX.InstallImitator.A
• OSX.VSearch.A
• OSX.Machook.A
• OSX.Machook.B
• OSX.iWorm.A
• OSX.iWorm.B/C
• OSX.NetWeird.ii
• OSX.NetWeird.i
• OSX.GetShell.A
• OSX.Abk.A
• OSX.CoinThief.A
• OSX.CoinThief.B
• OSX.CoinThief.C
• OSX.HellRTS.A
• OSX.MacDefender.B
• OSX.QHostWB.A
• OSX.Revir.A
• OSX.Revir.ii
• OSX.Flashback.A
• OSX.Flashback.B
• OSX.Flashback.C
• OSX.FileSteal.ii
• OSX.MaControl.i
• OSX.Revir.iii
• OSX.Revir.iv
• OSX.SMSSend.i
• OSX.SMSSend.ii
• OSX.eicar.com.i
• OSX.AdPlugin.i
• OSX.AdPlugin2.i
• OSX.Prxl.2

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5277.

For Sequoia only: so far, I have seen no sign of this update in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that is complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

I hope that you enjoyed Saturday’s Mac Riddles, episode 276. Here are my solutions to them.

1: Armour, postal matter or electronic message delivered in 2001.

Click for a solution

Mail

Armour (as in chain mail), postal matter (general meaning) or electronic message (mail) delivered in 2001 (it first appeared in the first version of Mac OS X, inherited from NeXTMail).

2: Originally Minotaur, from first release in 2004 it reads the news as well as the Andersons’ puppets.

Click for a solution

Thunderbird

Originally Minotaur (its original name), from first release in 2004 (version 1.0) it reads the news as well (it’s a news reader too) as the Andersons’ puppets (Gerry and Sylvia Anderson’s TV series ‘Thunderbirds’).

3: Those attending the important came with a PIM in 2000, but was replaced by outlook 10 years later.

Click for a solution

(Microsoft) Entourage

Those attending the important (an entourage) came with a PIM (it included personal information manager features) in 2000 (when it was released, in Office 2001), but was replaced by outlook 10 years later (it was tragically replaced by the inferior Outlook in 2010).

The common factor

Click for a solution

They have all been major mail client apps for Mac OS.

I look forward to your putting alternative cases.

Over the last forty years, one of the essential virtues of the Mac’s interface has been its consistency. From the outset, Apple has ensured the Finder behaves according to a small set of rules that are readily learned, often without conscious effort. These form a grammar grounded on those of languages like English, of subject-verb-object. Select a file, do something with it, and it changes state.

Drag a file from its current folder and drop it onto another, and it’s moved or copied from one to the other. The outcome depends on context, where performing that action within the same storage volume results in the file being moved, but between folders in different volumes it’s copied instead. Folders play two roles: as enclosing elements, and as objects in their own right. Drag a folder from one place to another, and you expect its entire contents to go with it, but apply a tag to a folder, and only that folder gains the tag.

iCloud Drive has never quite conformed to the same grammar. Change its mode by enabling the Optimise Mac Storage setting and it stops behaving so consistently. Files that appear to be present turn out to lack data content, and have to be marked as evicted exceptions. Folder commands to control download and eviction depart further from established norms. Select all, and if there are more than ten items selected, Remove Downloads is no longer available in the contextual menu. Can the Finder no longer cope with certain actions when they’re applied simultaneously to more items than we have fingers?

There is a workaround, though: select just the enclosing folder, and Remove Downloads on that. If you then want to download individual items within that evicted folder, you do so by selecting them and using Download Now, which oddly doesn’t seem constrained to the same limit of ten. You can thus have a hybrid folder, with some items downloaded, others evicted, and the folder itself continues to display the icon indicating its contents remain evicted.

Now consider Sequoia’s new pinning behaviour. Pin a folder and its contents are shown as being pinned, as you’d expect. Select one or two of those individual files, though, and there’s no option offered to unpin them. The only way to do that is to unpin the whole folder, then pin individual items within that folder. But like the Remove Downloads command, that too won’t work for more than ten items at once. Move a new item inside a pinned folder, and it automatically becomes pinned, and can’t be individually unpinned as long as its enclosing folder remains pinned.

If you have a folder of 100 files, and want to pin all of them bar one, this becomes laborious. If you pin the folder, you can’t unpin that one file, so you must leave the folder unpinned and instead pin the individual files inside it, no more than ten files at time.

Against the Finder’s consistent model, eviction and downloading are well-behaved, as you can

1. select the folder, and apply the action to it,
2. select the exception(s), then apply the inverse action to them,

requiring just two selections and two actions.

On the other hand, pinning behaves inconsistently, as you must:

1. select a group of no more than ten files, apply the action to them,
2. repeat that as many times as necessary, until only the files you want pinned have been pinned.

Consistency is often taken as a mark of reliability. iCloud Drive comes from a position of lower reliability, and inconsistencies in its human interface only serve to reduce the user’s trust.

Explaining this idiosyncratic behaviour is more important still. Instead of being designed for the human, its interface has been determined by its engineering, in a step back to computers that preceded the Mac. This reflects an API that is every bit as awkward as its human interface. In common with other properties of files in iCloud Drive, developers are prevented from discovering how iCloud Drive handles them. For example, Apple makes checking whether a file is evicted as difficult as possible, as there’s no property or attribute that records that.

Pinning is similarly convoluted, and currently undocumented. When pinned individually, files are given a distinctive extended attribute, but when pinned by virtue of any of their enclosing folders being pinned, that xattr is attached not to the files, but to the folder. To check whether any given file in iCloud Drive is pinned, an app therefore has first to check whether that file has the xattr, then to traverse its path upward and look for the xattr on every folder in that path.

Thus the human interface for pinning is determined not by the Finder’s consistent grammar, but by the implementation of this feature in iCloud Drive’s virtual file system. The sooner consistency is restored, the better for the Finder and its users.

我们还年轻，可不想看到这个世界处在毫无自由、隐私的边缘。

有人说 windows 11 适合大多数普通用户，即便个人需求不同，也可以在此基础上进一步调整（折腾）。仔细一想，更新使用 Windows 11 这段时间我确实进行了不少调整，稳定使用好一阵子之后，许多折腾过程被我逐渐淡忘。

于是想着写下本文作为记录，以便回顾，顺带给也有意深入调整 Windows 11 的朋友一些参考。

Windows 10 在初次使用的时候可以跳过网络连接设置，选择「离线账户」。这样可以避免微软账户的一些设置，但也会导致一些功能无法使用。而 Windows 11 在安装时──至少从 UI 来看──会强制要求连接网络并登录 Microsoft 账户。

如果你只想通过离线账户使用，或碰上微软服务抽风偏偏又无法登录的情况，在这一步可通过 Shift + F10 调出命令行，输入 oobe\BypassNRO。命令执行后系统将自动重启，此后初始化过程中的网络配置会额外出现「我没有 Internet 连接」选项，再点击「继续执行受限设置」后续即可配置离线账户。而如果你已经联网，看到强制要求登录 Microsoft 账户界面后才寻找使用离线账户账户的方法，此时只通过上面的命令是不够的——至少从我唯一的一次经历来看输入命令后重启后仍然会自动配置好网络，此时则需要先输入 devmgmt 打开设备管理器、禁用无线网卡，然后再输入 oobe\BypassNRO。

截至目前通过这些额外的手段还是能够使用离线账户，但微软如此收窄用户选择的空间，很难不让人揣测其意图，甚至给人留下一种不断侵蚀用户隐私和选择权的糟糕印象，毕竟在线账户只会让微软更轻松地收集各种用户数据，包括使用习惯、偏好设置等个人信息，而这些收集行为也不只在本设备，通过在线账户，微软也能更轻松地跟踪用户在不同设备间的行为，构建更完整的用户画像……收集到的数据则可以用于精准投放广告、出售给第三方广告商、通过与其他微软服务的集成二次扩大数据共享范围。

要知道 Microsoft 账户隐私设置界面着实复杂，迈过离线账户的坎，后面想要完全控制自己的隐私选项难度就不低了。

除了预装系统的 OEM 设备，新设备至少第一次的完整的更新是必要的，这些更新包含正常使用的驱动等。如果 Windows 更新无法为你下载安装特定版本的驱动，你也可以前往对应设备厂商的官网手动下载安装，如： 

至于特殊的「鸡生蛋」情况──无线网卡驱动──没有无线网卡驱动无法联网、无法联网就无法通过 Windows 更新升级无线网卡驱动，可以通过 USB 网卡或者手机共享网络连接，或者直接下载驱动到 U 盘，然后在设备管理器中手动更新。对于 OEM 设备可以去对应官网寻找驱动支持，对于个人 DIY PC 主要前往主板官网下载最新驱动，当然如果你知道具体网卡型号（例如常用的 Intel AX210）也可以直接去对应官网下载。

说到 OEM 设备，OEM 厂商关于硬件的支持性应该优于更广泛的 Windows。倘若 OEM 厂商有提供完整的硬件驱动管理工具，这些工具优先级应该高于 Windows Update。为避免 OEM 驱动管理与 Windows 更新工作重复、覆盖乃至冲突，可以按照如下流程操作：

说回 Windows 更新本身。对于目前桌面端主要使用的三大（类）系统──Windows、macOS、各 Linux 发行版──相较于更加专用的各 Linux 发行版和产品线单一又严格由 Apple 控制淘汰周期的 macOS，兼容性最好的 Windows 在更新上也更容易受兼容性带来的多样性所困，从而很难实现更新行为和质量的一致性。这也是为什么每每听闻 Windows 更新问题时，总有人说「从来没遇到过」，也总有另一些人抱团抱怨仿佛 Windows 都快完全不可用了那般。

其实如今没必要过于抵制 Windows Update，更新内容本身带来的问题几乎没法举例，更多主要是更新过程中的意外。如果你很清楚自己在做什么，也可以尝试推迟 Windows 更新。除了在更多选项中至多推迟五周外，还可以通过修改注册表推迟任意长度时间：

你可以填写一个很大的天数，然后在需要更新的时候点击 Windows 更新中点「继续更新」即可方便地跳过更新推迟，在此之前不会收到任何更新检测或提示，更不会自动更新。

上述通过注册表推迟更新的操作可以通过脚本完成：

再配合任务计划程序实现自动化。这样就可以根据自己的节奏推迟更新、累计更新，例如每六周推迟五周等。

至于彻底禁止 Windows 更新，其实上文提到的通过注册表推迟到一个不可能的天数便可达到类似效果，除此以外还可以通过编辑组策略、修改更新服务器到一个空地址、借助诸如 Windows Update Blocker 等第三方工具等。这里不再一一赘述。

本篇围绕 Windows 11 系统本身的设置调整展开，尽量不涉及第三方软件、工具，若非要涉及也是主要是在辅助调整设置（例如把隐藏的系统设置项调出来）而不提供额外功能。

任务栏、开始菜单最直接的调整在「设置 > 个性化」中。

在任务栏设置中，我们要做的第一件事就是把塞满广告和各种无用信息的小组件整体关闭，然后根据个人习惯调整其他设置，比如我会将搜索仅显示图标、任务栏左对齐、永远合并任务栏按钮。

在开始菜单设置中，记得关掉第一面的所有推荐内容，并在「文件夹」中打开设置方便快速进入。

搜索栏在任务栏中的开始菜单附近，但是它的设置项目却在「隐私和安全性 > 搜索权限」中。而微软也往此处插入了一些「推荐内容」，需要在关闭设置项目最后的「显示搜索要点」。

在 Windows 11 中，即便解锁任务栏，我们也不能像 Windows 10 那般将任务栏拖动到屏幕左右侧，只能在底部。虽然通过修改注册表可以强行改动任务栏位置，但是会导致 UI 错位。更推荐的方法是使用第三方工具将整个任务栏回退到 Windows 10 模式，例如后面会介绍的 ExplorerPatcher。 

除了任务栏和开始菜单，很多人在 Windows 11 中最先接触到的变化可能是右键菜单。其实如果不带成见来看，Windows 11 的右键菜单在设计上更加简洁、更符合整体设计语言，且按钮排布更加宽松，没有按钮增多时密密麻麻的视觉压迫感，也更适合触摸操作等非精确点击。

问题是，宽松的按钮排布，代价是并非所有功能都能直接在右键菜单中找到，部分功能被隐藏在「显示更多选项」中，且这些更多选项并非像「新建」那样以二级菜单展开，而是完全退回到类似 Windows 10 的右键菜单。在桌面/文件资源管理器按住 Shift 右键也能直接唤出这种经典风格的右键菜单，除了真的需要考虑触摸可用性，为什么不一开始就显示完全呢？

倘若你不想节外生枝使用复杂插件，其实直接修改注册表的方法也并不繁琐。

注销或重启文件资源管理器即可生效，右键菜单将恢复到 Windows 10 风格。

在我自己的日常使用习惯中，无论在 Windows 还是 macOS，虚拟桌面都是高频使用的功能。对于临时被打断或者由于时间问题没有完成的工作，在确保保存后我会将其原封不动放在原位置并新建一个虚拟桌面继续其他工作。同时在处理多个任务时候，我也会尽可能保证一个虚拟桌面内是一个相对独立的任务，相当于在标签页、窗口之上再加一层桌面维度，检索时更加快捷。

如此频繁的使用，自然容易在 Windows 10 升级到 Windows 11 感受到一些细微的变化。对于单次虚拟桌面切换来说动画是更加丝滑了——Windows 11 非线性动画的加速、减速比起 Windows 10 更加自然。但多次切换就有点灾难了，在 Windows 10 按住 Ctrl + Win 并多次按左右方向键时，滑动动画经历「加速 > 连续的桌面滑动（哪怕有来回）> 减速」停到目标桌面，而在 Windows 11 中，多次切换时，每次都会经历完整的「加速 > 减速」动画，相当于把单次切换简单的拼接起来，这样的动画在频繁切换时会显得有些拖沓。

以上都是针对快捷键切换虚拟桌面的情况，对于触控板切换来说动画都是尽量跟手的，而连续切换之间的停顿也符合直觉（毕竟触控板没法像快捷键那样连续多次按方向键，中间肯定也有停顿对应）。

网络上暂时没有找到将动画回退到 Windows 10 版本的方法，所以我简单粗暴地关闭了这个动画——在「设置 > 辅助功能 > 视觉效果 > 动画效果」开关可以关闭虚拟桌面切换动画，但是这样也会波及其他动画效果；在高级系统设置（cmd/Win + R: sysdm.cpl）中的性能设置中视觉效果页关闭「对窗口内的控件和元素进行动画处理」也可以关闭虚拟桌面切换动画，但同样也会波及诸如 Win + Tab 窗口动画效果，不过从描述来看想必波及的范围更小。

我个人有个癖好是桌面不出现任何图标、任务栏只留一个文件资源管理器、所有应用在开始菜单以磁帖排布。在注意力有些散漫的时候 Win + D 回到桌面欣赏下壁纸休息——不得不承认 Windows 11 背景设置中的「Windows 聚焦」挺好看，同时又不会过分吸睛，应该是和 Bing 每日壁纸同源的。

在「设置 > 个性化 > 主题 > 桌面图标设置」中可以关闭桌面图标。遗憾的是当清空桌面图标后，角落「Learn about this picture」更加显眼，且没有显式关闭设置，除了再次借助 ExplorerPatcher，也可以通过修改注册表实现：

这样桌面就只剩下壁纸了。如果你第一次这么设置会发现有一尴尬之处──回收站怎么进？确实一般情况下回收站都是放在桌面的。这时可以通过在文件资源管理器的地址栏中输入 shell:RecycleBinFolder 打开回收站，然后将其固定到快速访问中，这样就可以在文件资源管理器的侧边栏方便访问回收站。

硬件部分关于屏幕、缩放、渲染等内容会占用太多篇幅且涉及技术原理部分可操作性不强。这里直接给结论：

在 Windows 10 之时我还能接受通过 noMeiryoUI 软件方式修改默认系统字体为更纱黑体，配合 MacType 软件实现更好的字体渲染效果（一定程度上抵消 ClearType 在高分屏的负优化）。虽然 noMeiryoUI 依然兼容 Windows 11，Windows 11 上更多的系统组件、官方应用并不默认遵守该设置，导致字体修改效果十分有限。

因此在 Windows 11 上我选择一种比较 dirty 但是好用的手段──将其他字体（例如更纱黑体）重新打包成伪装的「微软雅黑」并移动至 Windows 字体文件夹下以欺骗系统。chenh96/yahei-sarasa 提供了一个截止本文修改时仍运行良好的 Python 脚本自动将更纱黑体伪装为微软雅黑和宋体。

目前主要有三种方法将伪装字体替换系统默认字体：

这里仅展示第一种方法，不需要任何额外工具。在 Windows 恢复模式中的命令行使用 xcopy 将伪装的微软雅黑移动到相应文件夹下：

覆盖后重启即可。请特别注意不要在任何有用于演示、汇报用途的 Windows 设备上进行此操作，以免一些不必要的麻烦。

Windows 的色彩管理仍是一个相对混乱的领域，短期内是不指望能和 macOS 相提并论。但是 Windows 11 还是比前代 Windows 10 在 HDR 支持上有 明显改进，至少算是过了及格线。

在开启 HDR 之前，还请确保屏幕至少支持 HDR 600 标准，HDR 400 可以当作不支持看待（注意区别于 HDR true black 400，这是 OLED 标准，甚至严格过 HDR 1000）。OLED 和 MiniLED 屏幕往往效果更好。

全局开关在「设置 > 系统 > 显示 > HDR」。开完先别急，点击下面的「HDR Display Calibration」，这里可以矫正 HDR 显示效果。

「自动 HDR」功能可以将仅支持 SDR 的游戏转化为 HDR 输出，效果挺不错。但如果你的设备使用较新的 N 卡，那更推荐关闭此功能 Windows 11 的自动 HDR，用 NVIDIA app 内的 RTX HDR 替代。由于 HDR 会尽可能用尽显示器硬件性能，不能通过调整显示器亮度来改变内容整体亮度，在开启 HDR 显示时只能通过设置「SDR 内容亮度」将桌面调整至不开 HDR 相近效果。

在开启 HDR 模式下就是纯 HDR 信号输出，不存在区域渲染，原本 SDR 内容也会通过算法转化为 HDR 输出，这其中必然是会丢失信息的。目前消费级 HDR 显示器素质良莠不齐。如果在开启 HDR 模式看 SDR 内容时发现颜色「寡淡」，有可能是眼睛已经被各种「鲜艳模式」惯坏了，毕竟在开启 HDR 后系统会自动对 SDR 内容做 sRGB 限缩，从某种意义上这才是「正确」的颜色，除此以外就是显示器还跟不上，前者可以尝试常驻 HDR 模式适应，后者建议常用 Win + Alt + B 快捷开关 HDR 仅在消费 HDR 内容时开启。

「Wintel 联盟」现在似乎已经很少提起，当初意图取代 IBM 公司在个人计算机市场上的主导地位，直至现在 Microsoft 和 Intel 的合作依然紧密。Intel 新大小核处理器在 Windows 10 上有许多调度问题促使其用户不得不选择 Windows 11。

如果你在电源设置中发现缺少某些设置项目，除了一个个查注册表，更方便的方法是通过 PowerSettingsExplorer 这个仅调用 Power Management Functions 接口的小工具来调出那些被隐藏的选项。在 Windows 11 中与大小核调度策略有关的隐藏高级电源设置有：

在「高性能」电源计划中，这三个的设置按顺序是「0 – 自动 – 自动」，调度策略是「大核 > 小核 > 大核超线程」；如果将后两个设置同时设为「高性能处理器」，那么调度策略变为「大核 > 大核超线程」。总体而言异类策略 0 优先使用大核，对应的异类策略 1 优先使用小核。异类策略 4 比较奇怪，它是「节能」电源计划的默认设置，但是在烤鸡、游戏挂机等测试场景大小核调度策略几乎和「高性能」一致，怀疑是高负载场景积极调度、中低负载再节能的策略。

其实预设的几种电源计划均挺符合直觉的，没必要过于纠结。即便有极端省电需求也不建议完全小核优先，其实该设置中的所谓「高效处理器」也就是小核还真未必比限制后的大核能效比高。看看对功耗更加敏感的移动端，都有越来越多大核的势头，乃至天玑的全大核构想。当然移动端大核甚至还没够到桌面端的小核，不能简单横向比较。不过时至今日我依然对桌面端异构架构持保守态度。

以上都是针对 Intel 新处理器的情况，对于 AMD 全大核处理器，Windows 11 的大小核调度反而引入额外问题导致游戏场景表现甚至不如 Windows 10。众所周知，锐龙 CPU 各核心都有成为 CPPC 属性，代表各个核心的「体质」，在 AMD 官方工具 Ryzen Master 中可以查看的金、银核心分别就是 CPPC 最高的两个核心，而 Windows 11 会将 CPPC 最低核心视为小核（高效处理器）进行调度。通过上述真正大小核的 Intel 处理器上观测的不同异类调度策略并在 AMD 全大核处理器上对应测试，发现 Windows 11 对 AMD 处理的调度的确遵循 N-1 个高性能处理器和 1 个高效处理器的策略。这样默认的调度策略会更不倾向调用所谓的小核，这种不对称可能会导致更多的跨核行为、特别是游戏场景频繁地 L3 缓存争用造成无端性能损失。

之前的民间偏方，在 BIOS 开 PBO、XMP/EXPO 的同时顺手把 CPPC 关掉，或许也是由此而来。

早在去年 UP 主 @开心的托尔酱 在视频 关于 Windows 系统对 AMD 的负优化—异类线程调度 就有提到这个问题。而在最近 AMD 在社区更新 关于 Zen 5 游戏性能提升远不及理论的回应，宣布 Windows 11 24H2 将通过优化「branch prediction」 来提升 AMD Zen3/4/5 系列处理器的性能表现，部分游戏甚至有 10% 以上提升，要知道 Zen 5 由于相较于前代提升过于微妙有被戏称「Zen 5%」，更有特例 5700X3D 在 Windows 11 上性能表现比 Windows 10 差 15%……该说锐龙 CPU 首发一如既往地一言难尽呢、还是说与 Windows 合作不够紧密呢？

当然，尽管 Windows 几个电源设置的预设符合直觉无需额外调整，电源设置里还是有很多可玩性的，例如不用重启调整 CPU 睿频参数等。具体不再展开，感兴趣可以参阅 Windows 电源设置注释。

Windows 11 在「设置 > 账户 > Windows 备份」中可以设置包括文件、设置等备份选项，但似乎必须绑定微软账户使用，对于离线账户并不友好。且这种方法不支持备份系统。

个人认为更好用的还属控制面板中的「备份和还原（Windows 7）」，不仅支持对系统分区全量备份，还支持制作系统镜像和系统恢复盘。虽然 Windows 在 知识库 中鼓励大家尽可能使用设置取代控制面板，无奈前者体验还偏偏不如后者。

此外，Dism++ 也提供系统备份功能，同时支持不添加文件的增量备份（不算快照）。Dism（Deployment Imaging and Management）是 Windows 自带的一个工具，用于安装和维护 Windows 映像，Dism++ 只是将常用命令封装成 GUI 便于操作，并没有额外单独实现，这种备份也算是半官方方法。

还有两个系统功能看似很好用但是我不推荐：一是系统检查点，它本意主要用于系统更新失败的回滚，很难说胜任纯粹的系统备份，对个人文件的行为很奇怪经常在回滚的时候搞得一团糟；而文件历史，它默认备份整个用户目录，需要自己一个个排除，且该功能仅放置于控制面板，微软对此也并不算上心，一个 bug 三五年不修。

话说回来，目前单独备份系统的意义远不如备份文件，通过链接把一些应用的数据文件夹（例如微信保存的文件）link 到其他分区、外置存储乃至云端上，更多链接操作留到后续关于快捷创建链接的工具那一部分。

Windows 11 正常要求硬件支持 TPM 2.0。TPM 芯片是一种安全加密处理器，包含多个物理安全机制以防篡改。BitLocker 会将专用密钥存储在 TPM 芯片内，在除了更改 TPM、BitLocker 检测到 BIOS 或 UEFI 配置、关键操作系统启动文件或启动配置的更改之外的情况下，BitLocker 会自动解锁，用户登录无需进行任何额外交互即可解锁。无其他加密手段建议对系统盘开启 BitLocker，这已经是 Windows 集成最高、最无感的方式。

关于几个关键问题：

如果真有换设备需求，但是事先忘记解锁 BitLocker，会导致无法访问数据吗？

不会。在创建加密的时候 BitLocker 同时会创建恢复密码，可以将其打印或存在安全位置。检测到硬件更改后 BitLocker 进入恢复模式，用户输入恢复密码可以重新访问数据。

备份工具是否支持 BitLocker 加密盘？

对于基于文件系统的备份方式来说，理论上解锁后 BitLocker 是透明的，先解锁再备份即可。对于分区的备份方式，理论上可以不解锁整个区拷走，但是加密后不知道哪一部分是空的会导致备份文件更大且不好压缩，虽说 BitLocker 通过长长一串恢复密码也可以离线挂载，但不建议盲目还原。

BitLocker 是否会影响性能？

理论上会，但实际上体感不明显。别单看开 BitLocker 后硬盘读写速度有的下降超 10%，解密过程应是压力越大损耗越明显，所以不能根据硬盘测速这一极端压力情况下的性能损耗来界定 BitLocker 的性能损耗。

BitLocker 闭源，微软可以添加后门，如何保证安全？

你说得对，可以尝试开源方案 VeraCrypt，支持 Windows 11 系统加密，在普通分区加解密上还提供更好的跨平台支持，但是 VeraCrypt 不支持 TPM 且由于理念不合永远不会支持，在和 Windows 集成上肯定也不如 BitLocker 无感。看你愿不愿意拿所谓的安全换便利了。

平心而论，这个软件本身并没有什么问题，但是大陆用户对「电脑管家」的 PTSD、早期仅在中国区推送和不事先提醒地静默安装才是其被人诟病的原因。

后来，我的区域美国、语言英语的 Windows 11 也被推送，Reddit、Discord 也有相关讨论，才得知微软打算全球推送。单看软件本身，清理、加速、系统保护项、应用管理、常用小工具（截图、字幕、翻译、词典、以图搜图等）还有快捷修复建议，其实就是可能原本在设置里藏很深的 Windows 已有功能的拿出来，不需要联网也没有广告，不像小组件和 Office Plus 那样尽塞垃圾。

如果抛开前两点，静默安装也确实不厚道，用户的诟病并非完全无端。不过实现手段其实不是 Windows 更新而是 Edge 后台下载安装包安装。所以它就单纯是个软件，看不惯直接卸载就好。Edge 自从某次我重装系统后，在搜索 Chrome、进入 Chrome 官网时用大半个页面阻挠我安装 Chrome 我就已经心留芥蒂，出了这一茬直接让我彻底禁用 Edge，还不能简单卸载，留到后面 Remove MS Edge 插件部分。

除了深入设置、注册表、组策略等方法调整系统外，还有一些第三方插件可以帮助我们更好地使用 Windows 11。当然这里提到的插件依然主要针对系统调整，不发散到更广泛的效率提升上。

Windows 本身其实一直缺乏一个好用的包管理器，不提不如 Linux 各发行版的，就连 HomeBrew 类似产品都没有。微软官方推行的 WinGet 严格意义上称不上包管理器，它并没有提供统一的包格式，而是依赖于各个软件的安装程序下载下来静默安装，正如 HomeBrew Cask。Scoop 才稍微有些包管理器的感觉，安装同时也能自动配置环境变量，在迁移时备份还原更方便。如果不介意添加多余的工具，用 UniGetUI 可以一次性管理 WinGet, Scoop, Chocolatey, Pip, Npm, .NET Tool 和 PowerShell Gallery 多个包管理器。

仅关于 Scoop 的安装，在 PowerShell 中输入以下命令即可：

倘若你还希望使用 UniGetUI，可以在 PowerShell 中输入以下命令通过 Scoop 安装：

Windows 并不像 macOS 通过三个应用分别控制桌面、Dock 栏、Finder，而是通过一个「资源管理器」一并控制。而 Windows 11 相较于 Windows 10 许多令人不满的改动──任务栏、开始菜单、右键菜单──都可以通过介入资源管理器来调整。

虽然前面系统设置部分已经提到部分调整手段，但是这些调整往往需要手动修改注册表等隐藏更深的手段。如果你不想折腾，亦或是觉得这些调整不够全面，可以尝试 ExplorerPatcher 这款开源插件，不仅可以将任务栏、开始菜单、右键菜单一并调回 Windows 10 风格，还有许多诸如屏蔽 Office Key、禁止文件高级搜索、取消窗口圆角等功能。

虽然在部分时刻，例如系统更新后，ExplorerPatcher 偶有失效，但考虑到开源插件能做到这种程度，完全配得上其自称的「增强 Windows 上的工作环境」宗旨，无需吝啬赞美。

开源项目 Power plan switcher 可以在系统托盘中切换电源计划，支持快捷键、自动切换等功能。

一般来说对于长期接通电源或者没有续航焦虑的设备可以常驻「高性能」或「卓越性能」电源计划，这些计划的默认设置已经十分符合直觉，无需额外微调。

而对于笔记本电脑，它有时接通电源有时使用电池，前往控制面板翻出电源计划设置十分麻烦。PowerPlanSwitcher 可以不仅在系统托盘中切换电源计划，还支持在电源状态变化（从 AC 供电到电池供电）时自动切换对应电源计划。

官方称该软件支持 Windows 10，但实际上在 Windows 11 上也能正常使用。

Microsoft PowerToys 是一组实用工具，可帮助高级用户调整和简化其 Windows 体验，从而提高工作效率。

——Microsoft PowerToys

作为一款出现在 Microsoft 知识库的官方工具，可能考虑到不用像 Windows 那样背负沉重的历史包袱，PowerToys 工具箱中的绝大多数功能都轻量、专一且直击用户需求，被誉为 Windows 用户必备瑞士军刀，且在 GitHub 上完全开源，算是微软给我留下正面印象的产品之一。

早在 Windows 95 时代，PowerToys 就集成了包含了 Tweak UI 在内的共计 15 个小工具，Tweak UI 可以调整 Windows 中原本需要修改注册表才能访问的较为晦涩的设置。微软在 2019 年接管并重新推出 PowerToys，目前也已经有如下我认为很好用的功能：

同时还有诸如 Color Picker、Image Resizer、Text Extractor 等一众小工具，让你免去管理一堆小工具的烦恼、也减少众多工具中出现某几个断更的风险。PowerToys 也有丰富的 第三方插件，例如 PowerTranslator 在 PowerToys Run 中直接翻译文本、
EverythingPowerToys 在 PowerToys Run 中通过 Everything 检索文件、
ChatGPTPowerToys 在 PowerToys Run 中调用 chatgpt、
PowerToys-Run-Spotify 在 PowerToys Run 中让 Spotify 放歌等等。

各个工具具体用法这里不再赘述，PowerToys 每个工具页面都有详尽的描述。

单看 PowerToys Run 中的文件搜索功能其实比较孱弱，而 Windows 资源管理器的搜索效果更是惨不忍睹。Everything 通过访问 NTFS 文件系统的 USN 日志，在数秒内检索 TB 级别硬盘，并实时监测所有文件的增改情况，同时支持通过正则表达式进行文件精确匹配，还可通过插件与 PowerToys Run 联动。

自从某次我重装系统后，Edge 在搜索 Chrome、进入 Chrome 官网时用大半个页面阻挠我安装，反而彻底让我将 Edge 定位明确为 Chrome 下载器。更改默认浏览器后某些链接还是会给我跳转到 Edge 打开，之后还闹出自动下载静默安装微软电脑管家一事。

不过 Edge 是不能够简单直接卸载的，可能会导致一些依赖系统 WebView 的应用出问题，而且可能在某次重启后惊觉 Edge 又回来了。

Remove MS Edge 这个工具旨在通过可执行文件或批处理脚本以静默方式彻底卸载 Microsoft Edge，并提供保留 WebView 选项。

虽然 PowerToys 的 Keyboard Manager 也能完成一些键盘映射的工作。但是 AutoHotKey 作为完整脚本语言，功能更加强大，可以实现更多的自定义功能。

例如我对于大写锁定键的需求很小，但是却又有频繁的中英文输入法切换和自定义快捷键需求。自定义快捷键时一般会引入 Hyper 键 的概念，在 Windows 上即同时按下 Ctrl、Shift、Alt、Win 四个键，这样可以避免与系统快捷键冲突。

我希望产生下述行为：

这种行为仅通过 PowerToys Keyboard Manager 是难以实现的，但是通过 AutoHotKey 可以轻松实现：

同样的，在 macOS 中文输入法会自动将 Shift + [/] 映射为部分中文排版更推荐的直角引号「/」，而 Windows 自带输入法并没有这个功能。除了更换输入法、全局替换掉某个键、设置字典打出一对引号等方法，通过 AutoHotKey 识别当前输入法状态并映射不同的按键不失为一种更优雅的解决方案。

在 Windows 上也有自带的 Win + V 的高级剪贴板功能，甚至可以和微软账户绑定实现云同步。但是这个功能对我而言比较花里胡哨，UI 确实更加现代化也与系统保持一贯风格。不过系统自带的剪贴板历史过于循规蹈矩，保存的历史条目太少不说，在隐身浏览器模式下乖乖不记录。Ditto 作为一款开源剪贴板增强工具，UI 更加简洁紧凑，可以保存更多历史记录、支持搜索、支持自定义快捷键、同时还有清除格式等高级粘贴功能。

配合 AutoHotKey 设置的 Hyper 键，我一般通过 Hyper + V 调出 Ditto 剪贴板历史记录。

C++ 编写的小工具具有不俗的性能，在保存 300 条目且不随时间清空的情况下，调出和检索都察觉不到卡顿，且占用极低只用个位数 MB 内存。

在 macOS Finder 中，Quick Look 赋予空格快速预览文件夹属性或者多种文档内容功能——俗称「一指禅」。Windows 用户一直垂涎这种功能，虽然 Windows 资源管理器也可以通过侧边栏预览，但是这种方式开启后任何选中都会预览，占用大量资源，同时支持的文件内容类型也有限，还会有反馈带来奇怪 bug。

这催生了 Windows 同名第三方开源插件 QuickLook，行为几乎与 macOS Quick Look 一致，通过空格快速预览，同时支持通过 引入插件的插件 形式支持预览 markdown、jupyter notebook、电子书等更多格式文件，并且支持在 Directory Opus、Files、OneCommander 等第三方文件管理器中使用。

MacBook 触控板和妙控板凭借着超大的触控面积、以假乱真的震动体验和 macOS 软硬结合，造就了曾经以及当下最优秀的触控板体验。许多 macOS 用户或许和我一样并不愿意使用鼠标，而是更倾向于触控板。其中稍微有些弯弯绕绕就属 macOS 的三指拖拽，如此好用的功能就藏在辅助功能里。

当然随着微软给出精确式触控板的驱动和建议硬件规格，也体现出 Windows 对于触控板的上心，目前绝大多数 Windows 设备触控板也都支持精确式触控板，相当一部分产品日用体验已足够优秀。可惜的是即便系统对于多点触控的支持已经覆盖从二指到四指，但是三指和四指滑动手势略有重合且使用频率不高，Windows 也没有给出类似 macOS 的三指拖拽功能。

好在可以通过插件 ThreeFingerDragOnWindows 在 Windows 上实现 macOS 的三指拖拽，依赖 .NET 运行环境实现。使用前请确保通过触摸板设置中禁用「轻点两次并拖动以多选」行为和所有默认的三指轻扫行为，这样拖动操作才不会受到干扰。

相较于 Windows 10 主题色、背景和明暗模式的割裂设置，Windows 11 将更统一、更完善的「个性化 – 主题」设置提到更优先位置，并提供若干预设主题。但是 Windows 11 仍然没有 macOS 那样的自动切换深色模式功能。Windows Auto Dark Mode 支持通过设定固定时间或跟随该定位的日出日落时间自动切换深色模式，同时可以自定义深色、浅色模式对应主题。

在前文提到：

目前单独备份系统的意义远不如备份文件，通过链接把一些应用的数据文件夹（例如微信保存的文件）link 到其他分区、外置存储乃至云端上……

所谓「链接」，在文件系统中指的是软链接（符号链接）和硬链接──两种创建文件引用的方法。软链接（符号链接）是指向另一个文件或目录的路径，可以跨文件系统，类似于快捷方式；如果原文件被删除，软链接会失效。硬链接是直接指向文件数据的引用，两个文件共享相同的物理数据块，它们的内容完全一致，删除一个硬链接并不会影响到文件的实际数据，只有所有硬链接都删除时，数据才会被清除。硬链接只能在同一文件系统中创建，其实文件管理器上的几乎所有文件都可以被看作是硬链接。

更详细关于链接的介绍可以参阅少数派文章 符号链接、硬链接及其在 Windows 上的应用举例。我对 Link Shell Extension 的初识也正是在这篇文章中。一个最常见的案例是，对于 小而美 微信可以将其 Files 文件夹移动至 OneDrive，然后通过符号链接将其链接回原位置，这样既可以保证微信正常运行，又可以实现微信保存的文件备份。该插件的智能多版本硬链接功能会自动分析和前一次的差异并对不变的内容创建硬链接，实现增量备份，但该功能不能链接到外部存储，仅适合在同盘做备份版本管理。

特别注意，少数派文章中介绍的「中键拖动」快速创建链接操作不适用于 Windows 11，正确操作应当修改为使用右键拖动。

虽然 Windows 自带输入法对于绝大多数用户已经足够好用。但是我有跨设备需求，特别是需要兼容 macOS 和 Windows 双系统，这导致明明两者的系统自带输入法都可圈可点我都率先排除。而高度自由、高度定制的 RIME 进入我考虑范围。在 Windows 上通过 Weasel、在 macOS 上通过 Squirrel 实现 RIME 输入法的部署，在 Linux 上还有诸如 ibus-rime 等多种版本。

但 RIME 的高度自由伴随的也是较高准入门槛。好在开源项目 oh-my-rime 及其 配套配置教程 算是相当程度上降低这种门槛。但这种打包配置并未限制你设置自由度，你依然可以根据自己的需求自行修改配置文件，例如取消 Shift 切换中英文、更改翻页快捷键和以词定字快捷键等等。

许多功能和其他配置在 oh-my-rime 项目教程中也有提及，这里单独展开讲一下多设备同步。虽然该教程中也完整提到同步设置，但是同步行为是要用户手动触发的，而平时工作中很可能忘记触发。更优雅的方案是通过 Windows 的计划任务触发同步：

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Armour, postal matter or electronic message delivered in 2001.

2: Originally Minotaur, from first release in 2004 it reads the news as well as the Andersons’ puppets.

3: Those attending the important came with a PIM in 2000, but was replaced by outlook 10 years later.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

When the first Macs with internal hard disks started shipping in 1987, they were revolutionary. Although they still used 800 KB floppy disks, here at last was up to 80 MB of reliable high-speed storage. It’s worth reminding yourself of just how tiny those capacities are, and the fact that the largest of those hard disks contained one hundred times as much as each floppy disk. By the 1990s, with models like the Mac IIfx, internal hard disks had doubled in capacity, and reached as much as 12 GB at the end of the century.

Over that period we discovered that hard disks also needed routine maintenance if they were to perform optimally, and all the best users started to defrag their hard disks.

Consider a large library containing tens or even hundreds of thousands of books. Major reference works are often published in a series of volumes. When you need to consult several consecutive volumes of such a work, how they’re stored is critical to the task. If someone has tucked each volume away in a different location within the stack, assembling those you need is going to take a long while. If all its volumes are kept in sequence on a single shelf, that’s far quicker. That’s why fragmentation of data has been so important in computer storage.

The story of defragging on the Mac is perhaps best illustrated in the rise and fall of Coriolis Systems and iDefrag. Coriolis was started in 2004, initially to develop iPartition, a tool for non-destructive re-partitioning of HFS+ disks, but its founder Alastair Houghton was soon offering iDefrag, which became a popular defragging tool. This proved profitable until SSDs became more widespread and Apple released APFS in High Sierra, forcing Coriolis to shut down in 2019, when defragging Macs effectively ceased.

All storage media, including memory, SSDs and rotating hard disks, can develop fragmentation, but most serious attention has been paid to the problem on hard disks. This is because of their electro-mechanical mechanism for seeking to locations on the spinning platter they use for storage. To read a fragmented file sequentially, the read-write head has to keep physically moving to new positions, which takes time and contributes to ageing of the mechanism and eventual failure. Although solid-state media can have slight overhead accessing disparate storage blocks sequentially, this isn’t thought significant and attempts to address that invariably have greater disadvantages.

Fragmentation on hard disks comes in three quite distinct forms: file data across most of the storage, file system metadata, and free space. Different strategies and products have been used to tackle each of those, with varying degrees of success. While few doubt the performance benefits achieved immediately after defragging each of those, little attention has been paid to demonstrating more lasting benefits, which remain more dubious.

Manually defragging HFS+ hard disks was always a questionable activity, as Apple added background defragmentation to Mac OS X 10.2, released two years before Coriolis was even founded. By El Capitan and Sierra that built-in defragging was highly effective, and the need for manual defragging had almost certainly become a popular myth. Neither did many consider the adverse effects on hard disk longevity of those intense periods of disk activity.

The second version of TechTool Pro in 1999 offered a simplified volume map for what it termed optimisation, offering the options to defragment only files, or the whole disk contents including free space.

By the following year, TechTool Pro was paying greater attention to defragging file system metadata, here shown in white. This view was animated during the process of defragmentation, showing its progress in gathering together all the files and free space into contiguous areas. TechTool Pro is still developed and sold by MicroMat, and now in version 20.

A similar approach was adopted by its competitor Speed Disk, here with even more categories of contents.

By 2010, my preferred defragger was Drive Genius 3, shown here working on a 500 GB SATA hard disk, one of four in my desktop Mac; version 6 is still sold by Prosoft. One popular technique for defragmentation with systems like that was to keep one of its four internal disks empty, then periodically clone one of the other disks to that, and clone it back again.

Alsoft’s DiskWarrior is another popular maintenance tool, shown here in 2000. This doesn’t perform conventional defragmentation, but restructures the trees used for file system metadata, and remains an essential tool for anyone maintaining HFS+ disks.

Since switching to APFS on SSDs several years ago, I have missed defragging like a hole in the head.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5276. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for Sequoia (5275), this version removes all the new-style rules that had been added to that and 5273. Relative to the general release version 5274, and 5275, it adds one new rule for MACOS.PIRRIT.BM.OBF.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5276.

For Sequoia only: so far, I have seen no sign of this update in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

I hope that you enjoyed Saturday’s Mac Riddles, episode 275. Here are my solutions to them.

1: Traced in epidemics and in emergencies, it replaced 2.

Click for a solution

Contacts

Traced in epidemics (contact tracing) and in emergencies (emergency contacts), it replaced 2 (Contacts replaced Address Book in Mountain Lion in 2012).

2: Formal speech and memory location publication until superseded by 1.

Click for a solution

Address Book

Formal speech (an address) and memory location (an address) publication (book) until superseded by 1 (from the first beta of Mac OS X until 2012, when Contacts replaced it).

3. Packed lunch came in 2008 to integrate 2 with a table of dates.

Click for a solution

Bento

Packed lunch (in Japan, bento) came in 2008 (first released by FileMaker in 2008, and discontinued in 2013) to integrate 2 with a table of dates (what it did so well: it was a lightweight database that integrated address book and calendar data).

The common factor

Click for a solution

They all work with address book data.

I look forward to your putting alternative cases.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Traced in epidemics and in emergencies, it replaced 2.

2: Formal speech and memory location publication until superseded by 1.

3. Packed lunch came in 2008 to integrate 2 with a table of dates.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

One of the most fundamental questions you can ask is what’s in my Mac, and what’s connected to it? From the size of its memory to the extensions it has loaded, we often need to know all about Mac internals. As Macs became more configurable and were offered with options, this became increasingly important.

From as early as System 4.1 in 1987, Macs could deliver more detailed information, that was gathered together in a new app, Apple System Profiler, in System 7.6 at the start of 1997. The following screenshots show Apple System Profiler at the height of its maturity, in System 9.0.4 during the Spring of 2000.

This Mac is a Power Mac G4 (AGP Graphics) model from 1999-2000, one of Apple’s distinctive ‘blue and white’ tower systems with a single-core PowerPC 7400 processor running at 450 MHz. It has 512 MB of memory and internal ATA hard disks. Notable by their absence from this overview are UUIDs, as they were seldom used at that time.

Two of its three internal expansion slots were occupied by a SCSI card, to connect to SCSI peripherals, and its display card driving the monitor.

With just two 12 Mb/s USB ports, one is wired to a USB hub, and has five peripherals connected to it, including a USB to serial adaptor.

Such information has also been critical for those developing software and hardware for the Mac, and in System 6.0.4 of 1989 Apple introduced a new dictionary of a Mac’s capabilities in its Gestalt system, whose name in English means an organised whole that’s perceived as more than the sum of its parts, an appropriate description of both a Mac and its OS.

In those days, Apple liked four-byte character codes, such as the Type and Creator codes used for all files in classic Mac OS, so each Gestalt was assigned a four-character identifier by Apple. When an app wanted to know which version of QuickTime was running, for example, all it had to do was call for the particular Gestalt value for that code.

Gestalt should have been a perfect solution, being concise, straightforward and accessible. But adoption was slow, and most important information was never added to its dictionary.

With the arrival of Mac OS X, Gestalt was carried over in its Carbon interfaces, but it slowly withered and died, being deprecated in 2012 when OS X 10.8 was released. You can find its remains still in Apple’s developer documentation.

In 2011, Mac OS X 10.7 replaced what had become shortened to System Profiler with the redesigned System Information, which has remained in macOS ever since.

For comparison, here’s an iMac Retina 27-inch in 2015, and a more modern USB hub supporting up to 480 Mb/s, in System Information.

Data gathered by System Information is also available to apps, although many developers prefer to delve into the mine of data in IOKit instead. There are times when I wonder what would have happened had Gestalt proved as successful as it deserved.

I hope that you enjoyed Saturday’s Mac Riddles, episode 274. Here are my solutions to them.

1: Exam success with a group of letters like open sesame.

Click for a solution

Passwords

Exam success (a pass) with a group of letters (a word) like open sesame (a famous fictional password).

2: 1 in 2007 and 16 this year like raid 1 for a new pairing.

Click for a solution

iPhone Mirroring

1 in 2007 (the year of the first iPhone) and 16 this year (iPhone 16) like raid 1 (also known as mirroring) for a new pairing (this app pairs your Mac with your iPhone).

3: Dumping grounds for gratuities and little hints.

Click for a solution

Tips

Dumping grounds (waste tips) for gratuities (tips) and little hints (what they are). (Note that although this app has been in /System/Library/CoreServices in previous macOS, it has now graduated to the main Applications folder.)

The common factor

Click for a solution

They are all additions to the main Applications folder in macOS Sequoia.

I look forward to your putting alternative cases.

macOS Sequoia 15.0 and the security updates to Sonoma 14.7 and Ventura 13.7 brought firmware updates to most supported models. Over the weekend I have updated the databases used by SilentKnight, and the relevant articles listing them here, including new information for Macs running Sequoia, published a few minutes ago.

Which Macs get firmware updates?

For many years now, firmware updates have only been supplied in macOS updates and upgrades, and haven’t been offered as separate installations. It therefore follows that the only Macs that can receive firmware updates are those still supported by one of the three supported versions of macOS.

If the most recent version of macOS your Mac can install (without using OCLP) is Monterey, that automatically means that it can’t get any further firmware updates, as the final version of Monterey was 12.7.6, released on 29 July 2024. In practice, though, Apple normally stops revising EFI firmware well before that event, and this year has followed that pattern again.

Macs no longer supported

With the start of the Sequoia cycle, Apple appears to have ceased revising EFI firmware for the following models, all of which were originally released in June 2017:

• iMacs introduced in June 2017 – iMac18,1, iMac18,2, iMac18,3
• MacBook from June 2017 – MacBook10,1
• MacBook Pros from June 2017 with a T1 chip – MacBookPro14,1, MacBookPro14,2, MacBookPro14,3

The last firmware update for those is dated 23 June 2024, and supplied in the Ventura 13.7 security update.

These have occurred slightly earlier than would have been expected, just 7 years after that model’s first release. It was previously more usual to see support extend for 8 or more years after release.

Intel (EFI) model still supported

The only Intel Macs without a T2 chip that are still supported with EFI firmware updates are iMac 2019 models, designated iMac19,1. Not only do they continue to receive firmware updates, but they’re still supported by macOS Sequoia. In theory, that could enable them to continue to receive firmware updates until the summer of 2027, when maintenance of Sequoia is expected to cease. However, I suspect that it’s more likely that firmware support for them will be discontinued in June 2026, 7 years after their release. They’re already the last Intel Mac without a T2 chip to be supported by Sequoia.

Intel Macs with T2 chips

All other Intel Macs still supported by Sequoia have T2 chips, which have a common firmware installer. However, their release dates range from December 2017 (iMac Pro) to August 2020 (iMac Retina 5K 27-inch). Apple has already stopped current macOS support for two T2-equipped MacBook Air models (2018 and 2019), so it’s possible the list of Intel Macs supported by macOS 16 next year will be shorter than that for macOS 15 this year.

In 2026, when support for Sonoma stops, this should mean that, for the first time, some Macs with T2 chips will only be able to run older versions of their firmware, while others will continue to receive updates.

OpenCore Legacy Patcher

Macs that can have OCLP installed so they can run unsupported versions of macOS don’t receive any further firmware updates. They’re stuck with the last version released in their last supported macOS update.