One of the key features of third-party protection against malicious software is the scanning of executable code and other files. macOS used to have its Malware Removal Tool MRT, but in the summer of 2022 that was replaced in Catalina and later by XProtect Remediator (XPR), a sibling of the on-demand scanning tool XProtect, used by Gatekeeper to check code before it’s launched. That developed rapidly in the latter half of 2022, and is now one of the frontline protections against malicious software in macOS. This article looks at how XPR changed over the last year.

At least once a day, often shortly after startup, XPR scans the Mac for known malicious software. If it identifies any, it reports that as an endpoint security event and attempts to remove or ‘remediate’ it. Scans consist of running a series of executable code modules, named according to the malware they detect and remediate, and each set of scans is run twice, once as root and a second time as user.

Some scanning modules are executed very quickly, but according to the execution time reported for each, none takes longer than a small fraction of a second, and the complete double set used to take just a few minutes. Over the last year, those few minutes have progressively extended, and by the end of 2024, it’s not unusual to see XPR scans taking over half an hour, most of that time apparently looking for Adload. Activity Monitor reports that modules are run one at a time in a single thread in the background, on the E cores, minimising their impact on the user.

Scanning time and Yara rules

Work by Alden confirmed that some XPR modules use Yara detection signatures, similar to those normally supplied for XProtect’s on-demand scans. Scrutiny of log entries for XPR’s components struck gold, in that most scanning modules report that they have initialised a Yara library early during their scanning, with the characteristic log entry
Initialized libYARA version 3.11

To estimate the actual scanning time for each module that initialised libYARA, I therefore measured the time elapsed between that log entry and the module’s final report. Those are wildly different from the execution time reported by the module: for example, that reported for one Adload scan was 0.0000510 s, but measured as over 24 minutes. As that matched observations in Activity Monitor, I think I know which represents the true scanning time.

By their own admission, 17 of the current 24 scanning modules use Yara definitions in their scans. These are detailed, together with measured scanning times, in the table below.

Total time for modules using Yara definitions was 30 minutes 9.99 seconds, matching times recorded by XProCheck and those observed in Activity Monitor.

Modules taking substantial time, including Adload, Bundlore, Crapyrator, Dolittle, DubRobber, Pirrit and SheepSwap, have substantial rules in the current Yara definitions used by XProtect (the on-demand version), and during 2024 those rules have grown considerably as XProtect has targeted them more aggressively. If XPR were to use XProtect’s Yara rules, that would explain the noticeable increase in time taken by its scanning modules. This may also account for XPR being updated less frequently than in the past: if its detections are at least partly based on those rules, often updated every fortnight, then replacing its scanning modules shouldn’t be required as often.

Scanning modules in XPR, 2024

Adload (Yara-based) is an old adware and bundleware loader dating back to 2016 with a track record of rapid change, enabling it to evade static detection. It normally achieves persistence through a bogus service installed in ~/Library/LaunchAgents/, and Phil Stokes gives fuller details here.

BadGacha remains unidentified, but has in the past reported false positives for helper apps in non-malicious apps.

BlueTop (Yara-based) is a bogus WindowServer app that was part of a Trojan-Proxy campaign investigated by Kaspersky in late 2023.

Bundlore (Yara-based) is an old adware dropper from 2015 or earlier that has become more malicious in the software that it installs, and has been reviewed by several researchers, including Jay Vrijenhoek and Joshua Long.

CardboardCutout remains unidentified.

ColdSnap (Yara-based) is known better as POOLRAT or SimpleTea, a cross-platform component that was part of the 3CX supply-chain attack.

Crapyrator (Yara-based) has been identified as BkDr.Activator, found in many torrents of cracked apps such as MarsEdit, DaisyDisk, and SpamSieve. It uses sophisticated methods, characteristically installing Activator.app in the main Applications folder, prompts for a password and uses that to disable Gatekeeper checks, then kills Notification Centre to cover its tracks. Further details are given here.

Dolittle (Yara-based) has been identified as Genieo, see below.

DubRobber (Yara-based) is known more generally as XCSSET, a versatile and troubling Trojan dropper that changes frequently to escape detection.

Eicar (Yara-based) isn’t malware at all, but a standard non-malicious test of detection methods.

FloppyFlipper remains unidentified.

Genieo, also known as MaxOfferDeal, is another old hand that changes frequently to escape detection. This is so well-known that it qualifies for its own page in Wikipedia.

GreenAcre (Yara-based), also known as OSX.Gimmick, is cross-platform spyware used in targeted attacks, discovered by Volexity in late 2021.

KeySteal (Yara-based), as its name suggests, exfiltrates the contents of keychains. Although it first appeared at least four years ago, it seems to have reappeared in autumn/fall 2022, and has been described in full detail by Luis Magisa and Qi Sun of Trend Micro. It has been found as a malicious version of the ResignTool app, used to change code signatures. It can come correctly signed, and has been delivered in a signed Installer package.

MRTv3 is a collection of malware detection and remediation items inherited from Apple’s old Malware Removal Tool, MRT.

Pirrit (Yara-based) has also been known in many different variants and forms since it first appeared in 2016. For a long time it posed as a Flash Player installer, although it has moved on since then. It has been overviewed recently by Paloalto Networks.

RankStank (Yara-based) is another malicious app at the centre of the 3CX supply chain attack, where it’s found in the 3CX Desktop App, and has been attributed to the Lazarus Group.

RedPine (retired in 2024) is believed to cover TriangleDB malware, sophisticated spyware that has been targeted primarily at iOS devices using malicious Messages. Its scanning module has recently been dropped from XPR.

RoachFlight remains unidentified.

SheepSwap (Yara-based) is believed to be other variants of Adload, see above.

SnowBeagle (Yara-based) has been identified as TraderTraitor from the Lazarus group, and targets crypto trading. It has a CISA Advisory giving details.

SnowDrift (Yara-based) is CloudMensis spyware, another sophisticated malicious app that may masquerade as WindowServer.

ToyDrop (Yara-based) appears to be a variant of Adload (see above), according to the rules in XProtect’s Yara file.

Trovi is believed to be a cross-platform browser hijacker that can affect Safari and others.

WaterNet (Yara-based) is thought to be a version of Proxit malware written in Go.

I’d like to thank Alden, Phil Stokes and others who have been kindly decoding Apple’s bizarre names.

After Ovid has told the bizarre myth of the birth of Adonis, he inserts a more straightforward tale about a couple who race against one another, and their unfortunate fate.

Adonis grew up to be a most beautiful young man. When Cupid was kissing his mother Venus, one of his arrows grazed her breast, and set her heart on fire for the young Adonis. Venus shunned her place with the gods, and spent her time on earth with Adonis. She warned him to keep clear of wild beasts, in order to remain safe. When he questioned that she told him the story of the race between Hippomenes and Atalanta.

As a girl, Atalanta always outran the boys, but had been told by an oracle that she shouldn’t marry. If she didn’t refuse a husband’s kisses, then she’d be deprived of her self. She therefore lived alone, and issued the challenge that she would only marry the man who was faster than her, and beat her in a running race.

Hippomenes was the great-grandson of Neptune, a fast runner, and when he saw Atalanta’s lithe body, fancied he might be able to beat her, and so win her hand in marriage. When he saw her run, though, he realised how fast and beautiful she really was, and challenged her. After she had looked him over, Atalanta was no longer sure that she wanted to win, wondering whether she might marry him. But she was mindful of the prophecy, and left in a quandary.

Hippomenes prayed anxiously to Cytherea (Venus), seeking her help in his challenge. She gave him three golden apples from a tree in Cyprus, and instructed him how to use them to gain an advantage over Atalanta.

The race was started with the sound of trumpets, and the two shot off at an astonishing pace. Atalanta slowed every now and again to drop back and look at Hippomenes, but reminding herself of the prophecy she accelerated ahead. Hippomenes then threw the first of his golden apples, which Atalanta stopped to pick up. This allowed Hippomenes to pass her, but she soon caught him up and resumed the lead. He repeated this with the second golden apple, and again Atalanta stopped to retrieve it, lost her lead, and caught it back up.

Tintoretto’s Race of Hippomenes from 1541-42 is the last of the series of myths that he painted early in his career. Although he painted a fine foreshortened figure of Hippomenes, in omitting his opponent and the crucial golden apples, he has only hinted at the original story.

Guido Reni’s Hippomenes and Atalanta from 1618—19 shows Atalanta picking up the second of the golden apples. Devoid of extraneous details, with its spectators shown only as tokens, the artist concentrates on the forms of the runners, specifically the alignment of their limbs and bodies. He includes some wonderful echoes, such as in their right arms, and his right hand with her left hand. There are also some effective contrasts, between their legs and the alignment of torsos, that emphasise their relative motion.

Jacob Peter Gowy’s Hippomenes and Atalanta (1635-37) also chooses this moment, but distracts more with the crowd of onlookers waving and cheering behind. The runners’ body language isn’t as clear, and their juxtaposition has some awkward moments: it looks as if Hippomenes’ left foot is kicking Atalanta’s left side, for example. But there’s more excitement and the atmosphere of a contest here.

Nicolas Colombel, in his Hippomenes and Atalanta from about 1680, has set the pair into an elaborate landscape, and added a winged Cupid to hint at the stakes. Atalanta is again just about to collect the second golden apple, and there’s less ambiguity in the overlap between the two figures.

Noël Hallé’s The Race between Hippomenes and Atalanta (1762-65) goes even further, in almost every respect. The scene is now of almost epic proportions, spread across a panoramic canvas. At the right are the local dignitaries, and a winged Cupid as a statue, watching on. Atalanta is still picking up the second golden apple, with Hippomenes holding the third behind him, in his right hand, as if he’s getting ready to drop it.

On the last lap, Hippomenes threw the third apple even further away. Venus intervened and forced Atalanta to chase the apple further still, and made it heavier to impede her progress. This allowed Hippomenes to win the race, and claim her as his prize.

Hippomenes failed to give thanks to Venus for her intervention, angering the goddess. When the couple were travelling back a few days later, Venus filled Hippomenes with desire for Atalanta, as the couple were passing by a temple to Cybele, beside which was an old shrine in a grotto. There Hippomenes made love to Atalanta, so defiling that shrine and offending Cybele. For their desecration of a holy place, Atalanta and Hippomenes were transformed into the lions that now draw Cybele’s chariot. Venus finally completes her story by telling Adonis that this is the reason to beware of lions and other savage beasts.

In showing the race, none of the artists gives us a hint of the couple’s eventual fate. It takes Antoine-François Callet’s magnificent Spring, or Zephyr and Flora Crowning Cybele (1780-81), now adorning the ceiling of the Galerie d’Apollon in the Louvre, to show the two lions drawing Cybele’s chariot, and bring closure to the story.

Yesterday I showed how macOS has changed over the last five years, from 10.14 Mojave to 15.2 Sequoia, in terms of architecture and numbers. One figure I gave was how /System/Library increased in the number of bundles it contained from just under 4,800 in Mojave to over 9,000 in Sequoia. Within that folder, greatest growth has been in Private Frameworks, which have risen from under 1,800 to more than 4,300.

In fact, to be more precise, the number of real bundles in the Private Frameworks folder isn’t as large, as my directory crawler that analyses each release of macOS counts most of those frameworks twice, because of their structure. Halving the numbers returned still shows great growth in Private Frameworks, though:

• In macOS 10.14.5 there were at least 273 Frameworks and 878 Private Frameworks.
• In macOS 15.2 there are at least 400 Frameworks and 2,154 Private Frameworks.

Thus public Frameworks have risen to 147% of their number in mid-2019, and Private Frameworks have risen to 245%.

This chart provides better detail of these changes, as it gives the percentage of frameworks that were private over time. That percentage is:
PrivateFrameworks x 100 / TotalFrameworks
where PrivateFrameworks is the corrected (halved) number of Private Framework bundles, and TotalFrameworks is the sum of PrivateFrameworks and PublicFrameworks, the corrected number of public Framework bundles.

Each new major version of macOS over this period has brought a substantial increase in the percentage of Private Frameworks, rising from 76% in May 2019 to 84% in December 2024. Over that period, macOS has become increasingly private. Although the greatest increases have largely coincided with the release of new families of M-series chips, the largest rise of all was of 2.1% with the release of macOS 12.0.1, nine months before the release of M2 Macs.

Apple last explained what Frameworks are over a decade ago, in its programming guide for them. They’re bundles providing resources that can be shared across multiple apps at the same time, and typically include at least one dynamic shared library, together with other resources such as images, strings and header files. Those that Apple makes public, in /System/Library/Frameworks, make up much of the macOS app programming interface (API). An invaluable guide to all public Frameworks across macOS and device operating systems is maintained by Marco Eidinger.

One example that I’m becoming increasingly familiar with is the huge Accelerate library, contained in the public Accelerate Framework. That provides a vast range of mathematical functions used when processing media such as audio and images, support for vector and matrix operations, and much more. Those functions are crafted by specialist engineers who may include different techniques optimised for different hardware resources, and deliver a combination of excellent precision and speed.

Look through Marco’s list and you’ll see a single public Framework for Siri, SiriKit. Compare that with those listed in the Private Frameworks for macOS 15.2 Sequoia, where you’ll find a total of 123 for Siri. Apple explains that Private Frameworks “are appropriate for code modules you want to use in your own applications but do not want other developers to use.”

In the past, developers have been able to browse the contents of Private Frameworks directly, and where they expose header files and other information those have been readily accessible, even if they can’t be used by third-party code. Although independently distributed apps can’t be prevented from using Private Frameworks, it’s one of the guaranteed ways of getting an app rejected from an App Store. More recently, dynamic shared libraries (dyld) have been supplied in huge caches within the OS cryptex installed by macOS. Accessing their contents is more complex, and has been explained by Juan Cruz Viotti.

Undoubtedly, much of what’s contained in Apple’s Private Frameworks is of neither use nor interest to third parties, and it’s up to Apple to determine what it exposes in public Frameworks. But this sustained high growth rate in Private Frameworks over the last five years prompts the question as to how much of macOS is now private and proprietary, rather than being accessible and even, where appropriate, open source. Some of us are old enough to remember a time when it was strongly hinted that source code for APFS would be released, but now its documentation isn’t even being maintained.

Each year I celebrate the lives and works of artists with anniversaries. This coming year there’s a host of major artists, from the pioneering woman painter Sofonisba Anguissola to John Singer Sargent. Here’s the crowded calendar for the coming twelve months.

8 January: in 1925, George Wesley Bellows died. Born in 1882 and brought up in Columbus, Ohio, he was a co-founder of the Ashcan School with his gritty views of life in New York during the early twentieth century, and after the First World War became famous for painting boxing contests.

13 January: in 1625, Jan Brueghel the Elder died. He was born in 1568, son of Pieter Bruegel the Elder, and specialised in landscapes and floral still lifes. He collaborated with his friend Peter Paul Rubens in some of the finest paintings of the early seventeenth century.

13 March: in 1825, the Norwegian landscape painter Hans Fredrik Gude was born. He trained in Düsseldorf, and returned there to teach later, and then in Karlsruhe. In addition to magnificent views of Norway, he painted in Wales and Scotland, and died in 1903.

14 April: in 1925, John Singer Sargent died. He was born in 1856, and trained, worked and lived for much of his life in Europe, first as a sought-after portraitist in Paris, then in London. One of the most prolific and brilliant oil and watercolour artists of the nineteenth and early twentieth centuries, he had a particular affection for Venice.

17 April: in 1825, Henry Fuseli died. Born in 1741 as Johann Heinrich Füssli in Zürich, Switzerland, he fled to England in 1765, where he established his reputation. He specialised in ‘Gothic’ narratives, and was appointed Professor of Painting in the Royal Academy.

9 May: in 1825, James Collinson was born. He was a member of the Pre-Raphaelite Brotherhood, but resigned when he considered it was bringing Christianity into disrepute. He remained an outsider afterwards, and died in 1881.

8 July: in 1925, Robert Polhill Bevan died. Born in 1865, he trained in Paris and was invited to join the Camden Town Group by Walter Sickert. He had a particular interest in the remaining working horses in London, and painted their final years.

17 July: in 1925, Lovis Corinth died. Born Franz Heinrich Louis Corinth in 1858, in a village near what’s now Kaliningrad, he trained in Munich, and painted there and in Berlin. He was a founder member of first the Munich Secession then the Berlin Secession. When at the peak of his career in 1911 he suffered a major stroke, but successfully returned to painting.

28 July: in 1925, Léon Augustin Lhermitte died. Born in 1844, he trained in Paris and immediately specialised in painting rural life in realist style, and established an international reputation.

16 October: in 1925, the Norwegian painter Christian Krohg died. Born in 1852, he trained in Karlsruhe under Hans Gude, then in Berlin. He joined the Nordic Impressionists in Skagen, Denmark, and became a prolific social realist. He also wrote and worked as a journalist, and lived much of his career in Oslo, where he became the first director and professor of the State Academy of Art.

16 November: in 1625, Sofonisba Anguissola died. She was born in 1532 in Cremona, Lombardy, and became one of the first women artists to train in Italy. She enjoyed a long and highly successful career as a portrait painter, and even advised the young Anthony van Dyck.

20 November: in 1625, Paulus Potter was baptised. He was born into an artistic family, and was trained in his father’s workshop. He became one of the first specialist animal artists, but died from tuberculosis in 1654 at the age of only 28.

29 December: in 1925, Félix Vallotton died. Born in Lausanne, Switzerland, in 1865, he trained in Paris, and initially painted in a detailed realist style. He joined the Nabis, then afterwards painted a series of strange domestic interiors, followed by transcendental landscapes.

29 December: in 1825, Jacques-Louis David died. He was born in Paris in 1748, where he trained and rose to become the leading Neoclassical artist. He became involved with the French Revolution, and was close to Robespierre and other leaders, for which he was later imprisoned. He then aligned with Napoleon, and following his fall from power, David went into exile in Brussels.

I hope that you’ll join me in celebrating the lives and works of these painters in the coming year, and wish you a happy and successful New Year.

To celebrate the New Year, I’m taking a look back at how macOS has changed over the last five years, from 10.14 Mojave to 15.2 Sequoia. While you can read about many of the details in articles here and elsewhere, in this article I focus on its architecture, in particular the contents of the main system library folder, together with its bundled apps. Tomorrow I’ll look in more detail at one phenomenon, the rise of Private Frameworks, and what that tells us.

Mojave was in many ways the last of the traditional versions of what started out as Mac OS X, and not just for its support for 32-bit code. It was most significantly the last to integrate both the system and user files in a single volume, by default quaintly named Macintosh HD. Within that, most system files were concentrated in /System/Library, but many sprawled out from there, and bundled apps were installed in the single main /Applications folder. Although there was a separate Recovery volume, Macintosh HD was macOS and more.

Catalina changed that, first by requiring all code to be 64-bit, and by separating almost all macOS system files into a System volume, with user files on the Data volume. At that stage, System was a real volume mounted read-only, but that was just an intermediate step to the modern boot volume group, with the system being an immutable snapshot of the System volume, the Signed System Volume, SSV. The latter first appeared in macOS 11 Big Sur, and with the addition of a paired Recovery volume, continues in Sequoia.

Over that period, the contents of /System/Library grew considerably in size.

In Mojave, there were just under 4,800 bundles in that folder. Catalina’s reorganisation increased that to around 5,500, and each new major version of macOS since has added another few hundred, culminating in 15.2 with just over 9,000 in all.

Much of that growth has been in Private Frameworks to support macOS and its bundled apps and tools, shown in purple in the bar chart above. Public Frameworks have grown from 546 to 800, similar to kernel extensions, and all the remaining folders from 2,000 to 3,000.

Because bundled apps were only separated in Catalina, their numbers only start in late 2019, as shown in the next chart.

There was a marked rise for Big Sur, since when the total has risen more slowly, from about 55 to 64 today. Some have been removed over that time, such as Network Utility, and others have been relegated to /System/Library/CoreServices/Applications, as has Keychain Access in Sequoia.

The timeline of growth in the number of bundles in the System Library folder matches milestones in Mac history. The first steep rise occurred with Catalina’s novel version of the boot volume group, and since then there have been further steep rises immediately before the release of the first of each family of M-series chips.

The largest of those rises was for the M3 (900), with the M1 (600) and M4 (600) also being substantial. Strangely, that for the introduction of the M2 seems to have taken place over six months in advance, and was smaller at 500 bundles.

Of all the system components that should reflect changing Mac hardware, effects should be greatest on kernel extensions.

Over this period of more than five years the number of kernel extensions stored in /System/Library/Extensions has risen from a low of 515 in 10.15 to 930 in 15.2, five years and two months later. Almost all of that occurred with the release of Big Sur, the first version of macOS to support Apple silicon Macs, when kernel extensions rose from 535 (10.15.7) to 788 (11.0.1). Most of those were required to support all the new hardware devices in the M1 chip. Subsequent families of new M-series chips have required few additional kernel extensions, although their number has been rising more rapidly since macOS 13.0 in October 2022.

It’s hardly surprising that, when someone makes the leap from an old Mac running Mojave to a new model with Sequoia, they’ll encounter so many fundamental differences in macOS. After nearly twenty years of steady evolution, in the last five macOS has changed beyond all recognition.

Given how many of those changes have been required for the introduction of Apple silicon Macs, it’s hard to see how Apple could have reduced the frequency of major macOS upgrades over that period. Even if it had been possible for engineers to have taken macOS from 10.14 to 11.0 in a single step, I suspect that no user or developer could have survived such as huge change at once. Yet without those changes, Apple wouldn’t have been able to release the M1 in late 2020, and we’d probably still be using Intel Macs. I will revisit that in more detail at the weekend.

Tomorrow I’ll look in more detail at how its APIs have changed.

The second half of 2024 celebrated the bicentenary of the French artist Eugène Boudin, who more than anyone laid the foundations of Impressionism, both in acting as the young Claude Monet’s teacher and mentor, and pioneering its changes.

Boudin’s The Beach at Villerville from 1864 is a wonderful example of his loose oil paintings of beach scenes on the north French coast, set under a dusk sky.

200th anniversary of Eugène Boudin: Pioneer of Impressionism 1
200th anniversary of Eugène Boudin: Pioneer of Impressionism 2

Over these six months I have tried to gather a more accurate overview of rural life and agriculture between 1500-1930, in a series titled The Real Country. This draws together insights into how those changed as cities grew and the countryside became depopulated but increasingly productive. Contemporary paintings have some fascinating stories to tell, as seen in this copy of Brueghel’s Landscape with the Fall of Icarus from about 1558.

Although its landscape is fictitious, the ploughman in the foreground appears true to life, and his plough typical of much of Europe at that time, as shown in the detail below.

At the very front of the plough is a small jockey wheel, behind which is a vertical metal blade, the coulter or skeith, whose task is to cut into the ground just ahead of the share, a wooden board that turns the surface of the earth to one side. The effect on the ground is to cut furrows into its surface and turn the soil onto ridges. When repeated five or more times over the course of the autumn and winter, this could build ridges high enough for the water to drain into the furrows, and coupled with the action of ground frost could break up even heavy clays into a tilth ready for sowing in the Spring.

Another interesting detail revealed in Brueghel’s painting is how the course of the plough curves, swinging wide to make the turn. As tracks alongside those ploughed strips changed into basic roads, and were then paved or tarmacked in the twentieth century, they retained the curved course of the plough in winding country lanes.

1 Under the plough

Later in the series, I showed examples of paintings of what are today unusual crops.

Emile Claus here shows Flax Harvesting in 1904, near his cottage in East Flanders, Belgium. Flax is a crop of particular relevance to painting, as its seeds are crushed and processed to generate linseed oil, the main drying oil used in oil paint, and the fibres of the rest of the plant are turned into linen, to form the canvases on which that paint is applied.

8 Cash and other crops

More recent paintings grant us views deep into history. The Norwegian artist Harriet Backer is little-known outside the Nordic countries, but painted several views inside country churches that merit wider exposure.

Of the many wonderful later paintings that she made of church interiors, the finest must be Uvdal Stave Church (1909).

Stave churches were once numerous throughout Europe, but are now only common in rural Norway. Their construction is based on high internal posts (staves) giving them a characteristic tall, peaked appearance. Uvdal is a particularly good example, dating from around 1168. As with many old churches, its interior has been extensively painted and decorated, and this has been allowed to remain, unlike many painted churches in Britain which suffered removal of all such decoration.

Backer’s richly-coloured view of the interior of the church is lit from windows behind its pulpit, throwing the brightest light on the altar. The walls and ceiling are covered with images and decorations, which she sketches in, manipulating the level of detail to control their distraction. Slightly to the left of centre the main stave is decorated with rich blues, divides the canvas, but affords us the view up to the brightly lit altar. To the left of the stave a woman, dressed in her Sunday finest, sits reading outside the stalls.

Harriet Backer’s Nordic Light: to 1889
Harriet Backer’s Nordic Light: 1890-1932

I had long put off compiling a series covering the multitude of paintings of the canals of Venice, and finally published them for the period 1825-1910.

Grand Canal, the Rialto in the Distance – Sunrise (1828) is one of Richard Parkes Bonington’s finest oil paintings, made in the studio from graphite and other sketches from 1826. This painting has quite commonly been described as showing sunset, but as the view faces almost due east, must have been set in the early morning.

Canals of Venice: 1825-1870
Canals of Venice: 1875-1895
Canals of Venice: 1895-1903
Canals of Venice: 1903-1910

Another outstanding artist who is little-known outside her native country is the Canadian Emily Carr. My small selection of her paintings forms a series of five articles.

In Carr’s late Dancing Sunlight (1937-40), vortexes of brushstrokes have replaced all solid form. Trees, light, foliage, even the sky have been swept into those strokes sweeping across the canvas like a whirlwind. She had earlier been absorbed by abstract art, but had continued to represent real objects using techniques that restructured them rather than abstracting.

First totems 1892-1911
Haida 1912-1913
1914-1930
Sculptural form 1931-1936
Tombstones 1937-1945

Throughout the year I have added more themes to my compendium of articles to aid the reading of visual art. Sometimes these bring surprises, as they did in discovering one of the earliest depictions of a mermaid in European art, in a Christian religious painting by Lucas Cranach the Elder, from 1518-20.

Cranach’s Saint Christopher shows the saint with his back and legs flexed as he bears the infant Christ on his left shoulder. In the foreground is an unusual putto-mermaid with a long coiled fish tail.

170 Mermaid

Late in the year, I commemorated the centenary of the death of the German artist Hans Thoma.

Thoma developed his own distinctive mythology, as seen in this fascinating painting of Wondrous Birds completed in 1892. The birds shown here aren’t storks or cranes, but are based on the grey heron, a common sight across much of the countryside of Europe. There are various myths and legends associated with storks and cranes, but I’m not aware of any for the heron.

Commemorating the centenary of the death of Hans Thoma: 1, to 1885
Commemorating the centenary of the death of Hans Thoma: 2, from 1886

Most recently I marked the centenary of the death of the great French painter of childhood, Henri Jules Jean Geoffroy.

Geoffroy’s undated painting of It’s Hard to Share shows one of the tribulations of childhood. These young boys have just emerged from a sweet shop, and the child in the centre is reluctant to share the paper cone of sweets he has just bought. His face says it all, as he looks with great suspicion at his less fortunate friend, and a dog also looks up expectantly.

Commemorating the centenary of the death of Henri Jules Jean Geoffroy, painter of childhood

Finally, over a weekend I showed some of the many paintings of the Bay (or Gulf) of Naples, a location that has been justly popular with landscape artists for well over two centuries.

JMW Turner painted the same location and mythological theme in several of his narrative landscapes, including The Bay of Baiae, with Apollo and the Sibyl from 1823. Apollo is on the left, with his lyre, and the dark-haired Sibyl has adopted an odd kneeling position. She’s holding some sand in the palm of her right hand, asking Apollo to grant her as many years of life as there are grains. Opposite the couple, on the other side of the path, under the trees, is a white rabbit.

Paintings of the Bay of Naples: 79 CE to 1857

I leave 2024 pondering why that white rabbit?

There has been at least one fresh article about Macs and macOS published here every day through 2024. Here’s a small selection of articles that you might have missed the first time, or that repay a second reading. Enjoy!

macOS Sequoia

Boot volume layout and structure in macOS Sequoia

Sequoia introduces pinning to iCloud Drive with a detailed account of xattr copying and persistence flags

How Sequoia has changed QuickLook and its thumbnails and why some may no longer work

Using and troubleshooting Spotlight in Sequoia: summary

Apple silicon Macs

Why you shouldn’t try cloning your Apple silicon Mac’s startup disk

How virtualisation came to Apple silicon Macs

Inside M4 chips: CPU core management with links to all the other articles in this series

Security

Securing the modern Mac: an overview

Controlling System Integrity Protection using csrutil: a reference and all about SIP

What do XProtect BehaviourService and Bastion rules do?

Practical tips

What to do when offered a new FileVault Recovery Key

What performance should you get from different types of storage?

How big a backup store do you need?

Is it worth storing Time Machine backups on a faster drive? with a detailed account of I/O throttling policy

Planning complex Time Machine backups for efficiency

Explainers

Ownership means two different things in Macs: how to tell them apart permissions and LocalPolicy meanings

Where has Safari gone, and why are macOS updates larger for Apple silicon? and all about cryptexes

Why % CPU in Activity Monitor isn’t what you think

History, general

The World According to Macintosh (in 1994)

Graphing Calculator and Grapher

Miscellaneous, fun

Mints version 1.18 now shows floating-point numbers in hex

I started 2024 with a new series telling the myths of Ovid’s Metamorphoses in paintings, and that continues into next year. While some of its stories are well-known, others may be less familiar if not obscure. The first episode includes the story of Jupiter and Lycaon, who tries to trick the god into cannibalism, for which he’s transformed into a wolf.

Jan Cossiers’ impressive Jupiter and Lycaon from about 1640 shows Jupiter’s eagle vomiting thunderbolts at Lycaon, who sits opposite the god. Lycaon’s head is thoroughly wolf-like already, as he hurriedly gets up from the table. Thunderbolts are seen behind the pillar in the background, and on the table is something resembling a modern burger bun.

Mediaeval folk mythology developed other tales of humans turning into wolves, although most were temporary transformations associated with cannibalistic episodes. They became progressively refined and popularised into the Gothic ‘horror’ stories of werewolves feeding on human blood, making Ovid’s account the origin of the werewolf.

1 Creation and Lycaon’s cannibalism

The year brought many artistic anniversaries, among them the bicentenary of the death of Théodore Géricault, famous for his vast painting of The Raft of the Medusa.

Towards the end of his brief life, Géricault compiled a series of ten portraits of people suffering from mental illness, then described as monomanias. He was introduced to these patients by one of the early practitioners of psychiatry, his friend Doctor Étienne-Jean Georget (1795-1828), who commissioned him to paint them to show to students as examples.

At the time, the pseudoscience of physiognomy remained popular, even among medical professionals. It claims that you can assess personality or character from a person’s outward appearance, particularly their face. In 1772, Johann Lavater codified what was at heart a pseudoscientific basis for racism and other forms of prejudice. Unfortunately, his writings were widely translated, and were enthusiastically adopted by many artists. Among more recent artists who used physiognomy in their painting are Joshua Reynolds, Henry Fuseli, William Blake and William Powell Frith.

Although intended as a finished portrait, Géricault’s Monomaniac of Envy (The Hyena), from about 1821-23, is surprisingly painterly beyond the woman’s face.

Commemorating the Death of Théodore Géricault: 3 Madness and Death

Another anniversary of note was the centenary of the death of Maurice Prendergast, whose paintings from his visit to Venice are vivacious and colourful.

Towards the end of his visit, Prendergast found a jostle of Umbrellas in the Rain (1899). They’re of any colour but dark grey, and form a brilliant arc across the painting.

In memoriam Maurice Prendergast who died a century ago

Jean-François Raffaëlli was nearly an Impressionist, but incurred the disapproval of Claude Monet by swamping their exhibitions with his paintings. In 1880, Raffaëlli showed thirty-seven, and Monet withdrew in response. The centenary of his death was an opportunity to look at his work with open mind and eye.

Although best-known for his portraits of the urban poor, The Abandoned Road (1904) is one of Raffaëlli’s finest paintings, showing where an old road running along the top of a sea cliff had been lost in a large landslip. The whaleback ridge in the foreground has an almost animal feel to it, and his use of figures and the village church gives the scene a grander scale.

Almost an Impressionist: Commemorating the death of Jean-François Raffaëlli 1
Almost an Impressionist: Commemorating the death of Jean-François Raffaëlli 2

Researching series is often a most rewarding experience, and in 2024 one of the most fascinating has been Sea of Mists, covering the paintings of Caspar David Friedrich and the German Romantics.

Friedrich’s dark Seashore by Moonlight from 1835–6 is full of foreboding, perhaps of his own death. Three small fishing boats are shown at different distances from a rocky shore. Two small rowing boats are just visible in the gloom of the foreground, and there are black shadows of fishing gear. The horizon is lined by the bright reflection of the moon, the brightest tone in the whole painting, and moonlight glints on the central area of sea. The clouds are deep indigo, in smooth folds and curves threatening rain.

German Romantic painters, overview, including contents of this series

Another series came from a personal challenge to compile an alphabet of landscape paintings. Although this grew increasingly difficult towards the end, I think I got there without being over-ingenious. My personal favourite among them is F for flowers.

For Dennis Miller Bunker flowers were an integral part of the country fields he loved to paint. Wild Asters (1889) is a brilliant assembly of different types of mark, from the sinuous curves in the stream to the fine blotches of the aster flowers. Yet the following year the artist was dead from meningitis at the age of only 29.

Contents of the whole series
Flowers

Although I had shown several of JC Dahl’s paintings here previously, Sea of Mists was my first opportunity to look at his work more systematically, alongside that of his colleague and friend Friedrich.

Throughout his career, Dahl made copious oil sketches in front of the motif. He painted this tiny plein air sketch of Dresden at Night in 1845. How he did this in the dark without the aid of modern lighting I have absolutely no idea, but it’s one of the greatest technical accomplishments of nineteenth century painting.

JC Dahl 1818-1827
JC Dahl 1829-1856

Many artists struggle for years until they achieve greatness in a single painting. For Anna Palm de Rosa, who died a century ago, that came in a late night game of cards.

In the summer of 1885, the young Swedish painter Anna Palm visited the artist’s colony at Skagen in Denmark. One night she sketched two of the couples staying in the local hotel as they played cards by candlelight, in A game of L’hombre in Brøndum’s Hotel. There’s a silent tension as all four study their cards amid dense tobacco smoke making it literally atmospheric.

In memoriam Anna Palm de Rosa: painting the card game

Two hundred years ago, there were relatively few major collections of paintings that were open to the public. In Britain, John Julius Angerstein had assembled an art collection, and on 2 April 1824, the British government bought that for £60,000 to establish a national public collection housed in Angerstein’s former town house in London. On 10 May that year, London’s National Gallery first opened to the public, and two articles here celebrate that.

If you’re ever in London, the Wilton Diptych is a must-see. Painted some time between 1395-99, probably as a personal devotional for the king, it’s a jewel fashioned from egg tempera, probably some oils, and gold leaf. It’s one of those few paintings that’s truly breathtaking.

The National Gallery also has nine paintings by Vincent van Gogh.

Perhaps the most popular of all its paintings is his Still Life: Vase with 15 Sunflowers, known as the fourth version of this series, which has the most remarkable background of them all, with a unique metallic sheen that again has to be seen in the flesh.

Celebrating the 200th birthday of London’s National Gallery 1
Celebrating the 200th birthday of London’s National Gallery 2

Another high point of the year was the bicentenary of the birth of Jean-Léon Gérôme, whose paintings illustrate his quest for truth in art.

In The Artist’s Model from 1895, Gérôme attempts the ultimate introspection: he painted himself making a sculpture he had previously painted in a painting as a sculpture. Visual references in the props, paintings seen within the painting, and polychrome sculpture provide a visual summary of his professional career.

His final painting of the personification of Truth, completed in 1896 as his reputation was fast vanishing, is his manifesto not only for his art, but for the new art of photography. He saw visual truth, as demonstrated in his meticulous realism, as the objective for painting. In that, he differed fundamentally from Impressionism, which he viewed as misrepresentation of the way that we see the world, thus visual untruth, unlike photography.

The Quest for Visual Truth: the bicentary of Jean-Léon Gérôme

One artist whose death I will be commemorating in 2025 was the subject of a pair of articles over a weekend, Lovis Corinth. For some years I had an unread copy of a monograph on his painting. As I have explored that more I have come to realise what a great master he was, and how close he came to death when he suffered a major stroke in December 1911. At first his doctors weren’t even confident that he would survive, and when he did regain consciousness, he couldn’t recognise his wife Charlotte. His left arm and leg were completely paralysed; as he had painted his entire professional career with his left hand, it looked as if that career was over.

His first major painting following his stroke returned to an earlier theme of Samson. This autobiographical portrait of The Blinded Samson (1912) expressed his feelings about his own battle against the sequelae of his stroke. In the Samson story, it shows the once-mighty man reduced to a feeble prisoner, forced to grope his way around. No doubt Corinth didn’t intend referring to its conclusion: with the aid of God, he pulled down the two central columns of the Philistines’ temple to Dagon, and brought the whole building down on top of its occupants.

Corinth’s successful rehabilitation and the resumption of his career was largely dependent on his wife Charlotte.

Lovis Corinth and Charlotte Berend: 1 Painting days of wine and roses
Lovis Corinth and Charlotte Berend: 2 Recovering from disaster

My final selection from the first half of the year is from another centenary, this time of the death of Emile Claus.

The Old Gardener (1885) is another of those paintings in which every last detail is perfect, from the backlighting against the darkness of the trees to his gnarled feet.

In Memoriam Emile Claus: Into the light 1
In Memoriam Emile Claus: Into the light 2

I hope that you enjoyed Saturday’s Mac Riddles, episode 288. Here are my solutions to them.

1: Rubberised cloth from Issigonis in 1959 is the smallest.

Click for a solution

Mac mini

Rubberised cloth (Mac, or Macintosh) from Issigonis in 1959 (Sir Alec Issigonis designed the Mini car, launched in 1959) is the smallest (the Mac mini is).

2: Waterproof cloak is in favour of the tower.

Click for a solution

Mac Pro

Waterproof cloak (a mac) is in favour of (pro, as in pros and cons) the tower (the Mac Pro is).

3: Scot with an atelier in between them.

Click for a solution

Mac Studio

Scot (Mac, from the common prefix to Scottish names) with an atelier (a studio) in between them (it’s in between the mini and Pro).

The common factor

Click for a solution

They are all current desktop Macs.

I look forward to your putting alternative cases.

The performance of local drives is complicated enough, but networked storage is even worse. Just over three months ago I published a brief guide to what you should expect from several types of storage, including a little information from network-attached storage (NAS) systems. This article adds more data points to that, to help you decide which NAS to use.

Performance will vary across different NAS manufacturers and models, and figures here are based on those measured on a range of products, with a single system providing those for 10 GbE. However, I believe these should be realistic targets that all better models should be able to achieve if not exceed. All connections were made using recent versions of macOS with their respective SMB support, and no special features like iSCSI were used, to ensure these should be readily achievable during backup and file sharing.

This table compares performance of two types of local storage, hard disks and SSDs, connected via USB 3.2 Gen 2 at 10 Gb/s, with those achieved with five different NAS configurations, all using SMB. Hard disks in NAS systems were configured in RAID 1 (mirror) arrays, while those for SSDs are individual or as JBOD. Write speeds are given for:

• the single 50 MB write test performed by Time Machine before each backup;
• 500 multiple concurrent writes of 4 KB each, performed in those same Time Machine tests;
• calculated net write speed over a first full backup to APFS of at least 180 GB;
• general write speed measurement using my app Stibium, which gives broadly similar results to other leading benchmarking apps.

General read speeds are also obtained using Stibium, and similar to other apps. All speeds are given as MB/s for consistency.

Storage medium

As you’d expect, hard disks are substantially slower than SSDs, although their difference isn’t as clear-cut when the effects of connection speed are taken into account. For example, overall backup speed to SSDs over 2.5 GbE was significantly slower than that to hard disks over 10 GbE.

Connection speed

The other dominant effect is that of connection speed, and the use of SMB over Ethernet. These are clearest when comparing NVMe SSD performance.

In general read/write testing, a local SSD achieves close to the maximum expected performance of 10 Gb/s at just under 1 GB/s. With 10GbE and SMB, write performance is about 60% of that, but 115% for reading. General performance of 2.5GbE is roughly a quarter of that of 10GbE and a local SSD.

Thus, overall performance is determined by a combination of medium, connection speed and type, each of which is rate-limiting. To get best performance improvement, you need to use both a fast storage medium (SSD) and fast networking (10GbE), in a NAS capable of delivering such good performance (processor, memory).

I/O Throttling

Behind all these performance figures lurks the mystery of how much they are affected by throttling by macOS. There would seem little point in spending good money for a higher-end NAS with 10GbE support, buying expensive network switches, and filling that NAS with costly SSDs, if macOS were then to throttle away those gains.

As I’ve explained, prior to changes in the documentation in 2019, I/O policy on throttling explicitly excluded remote volumes mounted through networks, but they’re now explicitly included in currently policy. However, throttling only comes into play when higher-priority I/O is competing for a share of the same disk bandwidth, and it isn’t a general restriction in transfer rate. There’s also evidence, presented there, that macOS runs first full backups at higher Quality of Service (QoS) to allow them to complete faster than scheduled automatic backups.

Unless a client Mac is simultaneously accessing a share on the same NAS or network, it therefore appears unlikely that I/O throttling should significantly reduce the speed of backups.

Recommendations

To improve performance of networked storage, particularly in Time Machine backups to a NAS:

1. Replace the NAS with a system designed for high performance, with processor, memory, 10GbE network connections and SSD slots capable of delivering that.
2. Upgrade your network to support 10GbE between clients and NAS.
3. Add SSDs initially to support caching for hard disk arrays, and eventually as primary backup storage.

Although suitable NAS systems will cost upwards of $/€/£ 1000, they should provide support for ample clients for years to come, and prove a worthwhile investment. Potential for improvement is greater than an order of magnitude: backups that previously had to be left running overnight, taking several hours, could take minutes, such as 180 GB in 8 minutes.

My sincere apologies – the table was omitted from the original version of this article. I have now restored that and hope it makes better sense as a result.

In the first of these two articles tracing the history of paintings of the Bay (or Gulf) of Naples, I reached the late work of Clarkson Frederick Stanfield in the 1850s. Just to recap and save you from having to look back, the Bay sweeps anti-clockwise through three-quarters of circle, from the island of Ischia in the north-west, through the great city of Naples in the north, past the slopes of Mount Vesuvius with the remains of Pompeii, to Sorrento in the south-east, and ends with the island of Capri in the south.

When Edgar Degas was in Italy between 1856-59, he made a number of landscape sketches, some in oil on paper, others like this View of Naples (1860) in watercolour. None seems to have been developed into anything more substantial, though, and he then switched to history painting and portraiture for the next decade or so.

After the rejection of his masterwork Florence from Bellosguardo, the Pre-Raphaelite landscape painter John Brett didn’t hang around in England, but went out to Italy again for the summer of 1863.

Massa, Bay of Naples (1863-64) is perhaps the most spectacular of the oil paintings that Brett completed during this Mediterranean campaign, and appears to have been painted from a vessel on the water.

He had travelled there on board the SS Scotia, although it’s unclear whether that ship served as his floating studio, or he may have transferred to another. The Scotia arrived in the Bay of Naples by 9 September, following which he went to stay in Sorrento, then Capri by November. It’s therefore likely that he continued to work on this finely detailed painting during the winter of 1863-64.

His work wasn’t in vain, as this transformed his career. Alfred Morrison bought this painting for the substantial sum of £250, and Brett was to benefit further from his generous patronage. By August the following year Brett could afford to buy his own yacht, and tried a change of tack: painting the British coast using studies made in front of the motif, and working on his finished paintings in his studio.

Alfred William Hunt’s Bay of Naples – A Land of Smouldering Fire (1871) was probably based on sketches and studies made during his tour of the Mediterranean during the winter of 1869-70. This view is taken from the top of the Vómero, a hill to the west of Naples. In the left foreground is a wall from the fortifications. In the far distance, across the bay, is Vesuvius, still partially lit by the rays of the setting sun.

The Italian Impressionist Giuseppe De Nittis painted this Seascape near Naples in 1873, early in his career.

The following year the Catalan artist Marià Fortuny painted Portici Beach on the waterfront of Naples. Tragically, he contracted malaria while painting there en plein air, and died from that when he was in Rome just a few months later.

Alessandro la Volpe was a local landscape painter, whose View of Capri from 1875 shows the island in a heat haze, from the hills above Sorrento.

Oswald Achenbach’s View of Capri (1884) shows the island from a similar vantage point in the hills above Sorrento. Achenbach was one of several members of the Düsseldorf School who visited Italy on multiple occasions during his career, ending with this extended visit that started in 1882.

Pierre-Auguste Renoir painted Bay of Naples, Evening during his stay of several weeks in Naples in 1881. He had been unable to paint when in Rome earlier, but once he arrived in this city was able to complete figurative works and two matching landscapes of the bay. Although it was recognised that these two views represent morning and evening, for some years they were confused, and this painting was thought incorrectly to show the bay in the morning.

In this painting of Sorrento from 1899, Ukrainian artist Mykhaylo Berkos shows trees growing in an old ruined building facing the Bay of Naples, on the Sorrentine Peninsula closest to Capri.

In his later years, the American landscape artist Charles Caryl Coleman lived on the nearby island of Capri. In 1906, at the start of Vesuvius’ eruption in April, he travelled to the mainland to paint A Shower of Ashes Upon Ottaviano in pastels. This shows the dust- and smoke-laden air of the Naples suburb Ottaviano at ten o’clock in the morning. Although Ottaviano was spared anything worse than dust and smoke in 1906, it was badly damaged during the volcano’s last substantial eruption in 1944.

My last two paintings are both by the Italian-American artist Joseph Stella, who came from the city of Muro Lucano, inland and to the east of Naples.

Stella’s Purissima from 1927 places a mystical woman between the two sacred Ibis birds. In the background is the Bay of Naples, with Mount Vesuvius at the right.

This undated landscape sketch of Vesuvius III probably dates from the same period, and looks south-east across the Bay of Naples, with Castel dell’Ovo nearest.

In the year that we celebrated the fortieth birthday of the original 128K Mac, Apple has ensured we’ve got plenty more to remember in the future. Just as we were starting to get to grips with its third cycle of Apple silicon Macs, it leaped into the start of the fourth, in the first M4 models. We’ve also just about survived the annual purgative macOS upgrade, and even updated the firmware in our Magic Keyboards.

For once, the release of Macs featuring the next family in the M-series was heralded by their appearance in iPads in May. By that stage I had just about worked out what had changed in the CPU cores of the M3 from the previous November. Perhaps my most lasting impression is that code running in a virtual machine on an M3 host is often faster than running native on an M1 from four years ago.

Apple then delivered the smallest Mac ever in the Mac mini, a product line that didn’t even have time for an M3 version. Perhaps inevitably, I and a great many others recognised a new classic in the making, and my Mac mini M4 Pro has displaced my Mac Studio M1 Max from its connection to my Studio Display since it arrived on 8 November. Since then I’ve been stealing a little time to look inside its CPU core management, and have been surprised at how different it is from all the previous Apple silicon Macs I’ve examined.

I’ve also been delighted at how many using older Macs, some as far back as High Sierra, have decided the time is right to migrate to an M4. Leaping forward through all the changes in macOS over those seven hectic years isn’t straightforward, and learning that every one of your apps needs to be replaced must be disquieting. Those of us who have endured the annual pain of architectural changes brought by each new version of macOS can see how concentrating all that into a single migration is going to be intense agony. It’s like having your blisters treated with tincture of benzoin and its couple of minutes of excruciating pain, compared with the prolonged discomfort of leaving the blisters to heal naturally.

While Apple distracted almost everyone with its delayed introduction of AI tools, macOS Sequoia brought plenty of new and changed features that have had greater immediate impact.

Virtualisation of macOS on Apple silicon Macs has for too long been almost wonderful. Sequoia has nudged it slightly closer, but left it even more tantalisingly close, with the addition of limited support for what’s now known as Apple Account. The most obvious missing feature in macOS VMs has been support for App Store apps. Given Apple’s emphasis on their value, it’s extraordinary that VMs can enjoy good iCloud support, but still can’t run any third-party App Store apps. The underlying reason is most likely the authorisation scheme for the use of App Store apps, a tragic example of Apple’s business model thwarting its engineering aims. As far as I can tell, VMs aren’t eligible to use AI either, although for some that may be a blessing.

Sequoia lays the foundations and builds the first storey of a password manager that deserves further development. Its success is going to depend on whether Apple can integrate a modern solution for the login and other traditional keychains, a problem that the Keychain app currently ducks and leaves to Keychain Access, but hiding that still essential utility away in CoreServices won’t make it go away.

iCloud Drive has at last gained the ability to ‘pin’ files and folders to prevent them from being evicted from local storage. However, what at first sight appeared perfect paled when we discovered its idiosyncratic human interface that behaves like nothing else in the Finder, if not the earth. Hopefully an engineer will be along later next year to improve that.

In other ways Sequoia wasn’t so marvellous. One of its smaller changes that has rightly offended many has been the removal of support for third-party qlgenerators, responsible for QuickLook thumbnails and previews of custom document types. Apple had deprecated them way back in Catalina, so we had been warned, but quite a few good apps have lost QuickLook features as their developers haven’t yet implemented the App Extensions required to replace their now non-functional qlgenerators.

There has been a great deal more going on underneath the interface of macOS. As I’ve already explained in more detail, 2024 has been the year of XProtect, not only for its new update mechanism, but for Apple’s heavy assaults on malware including Adload, the subject of a hefty campaign of new detection signatures back in April.

In May, following unsubstantiated reports of the reappearance of old files, there was speculation as to the effectiveness of one of macOS’s more recent boons, Erase All Content and Settings, or EACAS. As so often happens, the rumours failed to stand up to careful scrutiny, and many former owners of Macs breathed easier that they hadn’t passed on all their personal data when they disposed of their previous Macs.

Notable by their absence over the whole of the year have been RSRs, the Rapid Security Responses we had been led to believe would spare us urgent macOS security updates. Although they may have fallen out of favour, the cryptexes they rely on have proved more useful in other ways.

Finally, the fortieth anniversary of the 128K Mac has been marked in another nearly unique event, a firmware update for Apple’s Bluetooth Magic Keyboards that was so stealthy most of us aren’t aware that our keyboards were updated, or maybe they weren’t and it was all a dream. And I managed to get to the end of this review of 2024 without looking in detail at AI. I’m sure there’ll be time for that next year.

I wish you all a peaceful and prosperous New Year.

This weekend we’re not off skiing, but seeking the mild winter in the Bay (or Gulf) of Naples, on the western coast of south Italy. This sweeps anti-clockwise through three-quarters of circle, from the island of Ischia in the north-west, through the great city of Naples in the north, past the slopes of Mount Vesuvius with the remains of Pompeii, to Sorrento in the south-east, and ends with the island of Capri in the south.

Over the centuries it has been visited frequently by artists, many of whom have overwintered here, and on the island of Capri. In this article I show landscape paintings starting from before the catastrophic destruction of the Roman city of Pompeii, and ending just before the birth of Impressionism. I conclude tomorrow with paintings well into the first decades of the twentieth century.

Although it took nearly 1500 years before Giorgione made one of the first ‘proper’ landscape paintings in modern European art, by the first century CE the Romans of Pompeii were only too pleased to see pure landscapes with no discernible narrative content on the walls of their villas.

Above is a port scene found as a fresco in Stabiae, near Pompeii, presumably showing that port at its height just before it was destroyed by the eruption of Vesuvius in 79 CE.

Seventeen hundred years later in Naples, a pioneering Welsh artist created one of the gems now in the National Gallery in London.

Thomas Jones started making landscape sketches in oils in the 1770s. He worked in Italy from 1776 to 1782, around Rome and Naples, where he completed many plein air paintings in oils, including this tiny Wall in Naples from about 1782. He’s now recognised as being the father of Welsh painting, and one of the first painters to make oil sketches in front of the motif.

A little later, a local landscape painter Giovanni Battista Lusieri became one of the first to create true panoramas in his watercolour views of the city. For this View of the Bay of Naples, Looking Southwest from the Pizzofalcone Toward Capo di Posilippo from 1791 he joined several sheets of paper together to depict the northern shore of the bay.

JMW Turner’s second version of Lake Avernus: Aeneas and the Cumaean Sybil, dates from 1814 or 1815, and is true to the spirit of Claude’s earlier landscapes. This is a beautiful setting of Lake Avernus, near Pozzuoli, to the west of the city of Naples. In the distance is Baiae and the cliffs of Cape Miseno. The Sibyl is seen holding aloft a golden sprig rather than a bough, and Aeneas stands with his back to the viewer, as if he too is enjoying the view.

Shortly afterwards, the great French landscape artist Achille Etna Michallon painted this Sea View, Salerno (1822), showing the coast to the south-east of Naples.

At about the same time, the Bay became a focus of attention for JC Dahl and some of the German Romantic artists. Dahl had aroused the interest of Prince Christian Frederik of Denmark, who had become his patron and friend while he was still in Copenhagen. In 1820, the prince invited Dahl to join him in the Bay of Naples to paint there for him.

Dahl’s The Gulf of Naples. Moonlight (1820-21) is deeply influenced by Caspar David Friedrich, with its Rückenfigur wearing a top hat looking out to sea, fishing boats and nets, and the bright moonlight.

His visit to the Bay coincided with an active phase for the local volcano Vesuvius, during which JMW Turner visited and painted an eruption. Although Dahl was sufficiently enthused to make several oil sketches and take some to completion as finished works, he didn’t become as obsessed as others did.

In The Bay of Naples by Moonlight, painted the following year, he has used the warm red light from a more modest eruption to provide colour contrast, and enhance fine details of fishing nets in the foreground.

In 1828 Carl Gustav Carus visited the Bay, where he painted this wonderful view of Castel dell’Ovo in Naples. Given that it was made in oils over a pencil drawing on paper, this appears to have been painted in front of the motif.

Carus appears to have visited Naples on other occasions too. In about 1829-30, he stayed close to Castel dell’Ovo and framed a view from sea level in his Balcony Room with a View of the Bay of Naples (via Santa Lucia and the Castel dell’Ovo). The district of Santa Lucia consists of the waterfront buildings seen here between Carus’ accommodation and the Castel dell’Ovo.

JMW Turner returned to the same location and mythological theme in The Bay of Baiae, with Apollo and the Sibyl in 1823. Apollo is on the left, with his lyre, and the dark-haired Sibyl has adopted an odd kneeling position. She’s holding some sand in the palm of her right hand, asking Apollo to grant her as many years of life as there are grains. Opposite the couple, on the other side of the path, under the trees, is a white rabbit.

When Ivan Aivazovsky was sponsored by the Imperial Academy to study in Europe, he travelled to Italy, where he visited Florence, Amalfi, and Sorrento, then stayed in Naples and Rome until 1842. During this period he painted many beautiful views of the Italian coast, and of Venice.

The Bay of Naples (1841) is a good example of Aivazovsky’s early paintings from Italy, in which he often sought the rich colours of sunrise and sunset. These aren’t large canvases, but he shows fine details such as the rivulets of water falling from the oars.

A later visitor was the accomplished British coastal painter Clarkson Frederick Stanfield.

This view of Ischia and the Castello d’Ischia, near Naples, from 1857, shows how subtle Stanfield could be when depicting the distant snow-capped mountains of Ischia.

This undated view of The Gulf of Pozzuoli appears to be one of his few coastal views in which there is not a breath of wind, and the sea is calm.

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Rubberised cloth from Issigonis in 1959 is the smallest.

2: Waterproof cloak is in favour of the tower.

3: Scot with an atelier in between them.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

Over the last few years the way that Apple and its official authorised service providers handle your Mac has changed. When you take or send in your Mac for repair or service, they no longer start it up in the way that you would, so don’t need to log into it the way that you do. This is why there are hidden FieldService folders or volumes in /System/Volumes, as they will be used during its service. In the past, technicians often needed access to your user account, and you may have been asked to provide your password; now it’s the exact opposite.

Back up

The first and most essential step in preparing your Mac to go away, even for a brief battery replacement, is to ensure that you’ve got at least one full and complete backup on storage that will remain with you. If you use Time Machine, its backups should do fine, but you should check that they don’t exclude folders or volumes that you can’t readily restore. Open Time Machine settings and click on the Options… button to ensure that no significant data are excluded from your Mac’s final backup.

Some repairs will inevitably lead to all your documents and files being wiped. Any that requires the main logic board to be replaced is almost certain to do that, but so can other procedures that you wouldn’t expect to be as radical in effect. Technicians generally work on the assumption that you have already taken care of your own files, so if they do need to erase or replace internal storage, don’t be caught out and lose all your data.

Enable FileVault

Once you’ve backed your Mac up, if FileVault isn’t enabled, turn it on, if your Mac will cope with that. Intel Macs with a T2 chip and Apple silicon Macs don’t encrypt the contents of their internal storage when you do that, as the Data volume is always fully encrypted. All they do is use your password to protect the encryption key that’s already being used to encrypt your data. That’s more than sufficient to prevent anyone who doesn’t know your password from gaining access to anything on your Mac’s Data volume. Although it’s most unlikely that any technician might try to abuse that, FileVault ensures they can’t.

For Intel Macs without a T2 chip, enabling FileVault does require the entire contents of the Data volume to be encrypted, which can take many hours or even days. If you have sufficient advance notice, it’s still worth considering.

If your Mac has a T2 or Apple silicon chip and is going to have its internal storage, or its main logic board, replaced, then you can safely assume that you’ll be restoring it from your backup when that Mac has been repaired. For an extra touch of security, immediately before parting with it you can use the Erase All Content and Settings (EACAS) feature in System Settings > General > Transfer or Reset. That will destroy the encryption keys to its Data volume and ensure that no one will ever be able to access its contents.

Firmware password, Find My Mac

There are a couple of things that you need to do to help the technician:

• If it’s an Intel Mac and you have enabled the Firmware Password feature in Recovery Mode, disable that, or no one will be able to do anything with your Mac.
• If it has a T2 or Apple silicon chip, disable Activation Lock by turning off Find My Mac. This control is buried away in Apple Account in System Settings: click on iCloud, then in the Saved to iCloud section near the top, click on the See All button. The Find My Mac control is about seventh from the top in that list. If you can’t find it, you should be able to remove that Mac from iCloud online in iCloud.com, but that’s more draconian in effect.

Final preparations

If you’re sending your Mac in, you’ll probably receive detailed instructions as how to prepare and package it ready. If you’re taking it in, then technicians normally appreciate it if you bring its power cable. Once it’s ready and shut down, give it a quick clean. That’s important if it’s being repaired under AppleCare+, when signs of neglect or abuse might count against you. Macs that have been used in smoky areas usually accumulate tar deposits that should be carefully removed from around their ports. In more serious cases a deep clean may be needed: a technician told me of an iMac that had been the perch for its owner’s parrot, and had become heavily soiled by the bird’s droppings.

When you’re taking your Mac in, remember to take evidence of its purchase in case that’s needed, and a written record of your user name and password, in case you’re asked to start it up. There’s nothing worse than struggling to remember them when under pressure.

These apply to Macs to be serviced or repaired by Apple technicians, or those of Apple Authorised Service Providers. If your Mac is being maintained by an independent repair shop, then they may require different, so ask them what they need you to do.

Summary

• Back it up fully, as if the internal storage is going to be wiped or replaced.
• Enable FileVault, if feasible.
• Disable any firmware password.
• Turn Find My Mac off.
• Clean it.
• Remember any receipt or other documents, and its power cable.

In the final quarter of the nineteenth century, paintings followed the literary trend into detective stories, first posing the viewer an open-ended narrative, then inviting them to be a detective for problem pictures. Although now remembered for just one of these paintings, William Frederick Yeames was among the leaders, who even depicted a notorious suspicious death.

Yeames was the son of a British consul in Russia and was born in Taganrog, on the shore of the Sea of Azov, to the north of the Black Sea, when it was part of the Russian Empire. His father died when he was only seven, so he was bundled off to Dresden in Germany to be educated, and to start learning to draw and paint. His family brought him back to Britain, where he received private tuition before travelling to Florence at the age of only 17. He studied there, copied the Masters, and finally returned to London in 1859.

He took up residence in Saint John’s Wood, then an affluent and leafy suburb of the city, and formed what became known as the Saint John’s Wood Clique, with Philip Hermogenes Calderon, Frederick Goodall and George Adolphus Storey.

Yeames’ particular interest, and the basis for many of his best paintings, was the Tudor and Stuart period in English history. In Hiding the Priest (1868-74), he shows a ‘priest hole’ used to hide Catholic priests during several purges that took place during the reign of Queen Elizabeth I. A priest is shown ascending into the hidden chamber by ladder, as one of the family, at the left, watches for the arrival of pursuivants who pursued Catholic priests during a purge. The room shown here is now known as the Punch Room, in Cotehele House, a superb sixteenth century manor house on the border between Devon and Cornwall, to the north of Plymouth, England.

For the Poor from about 1875 shows two nuns collecting food door-to-door to feed the poor during a bitter winter, probably on the edge of Dartmoor, Devon.

Yeames became fascinated by the macabre story of Amy Robsart, who had died in suspicious circumstances in 1560.

He introduces her in his 1877 narrative painting. She married Robert Dudley, son of the Duke of Northumberland, shortly before she reached the age of eighteen. He was then condemned to death after his father failed to stop Mary I’s accession as queen in 1553, but was released the following year. Dudley was called to court as Master of the Horse to Queen Elizabeth I when she acceded to the throne in 1558, became a favourite of hers, and allegedly one of her loves if not lovers.

Amy didn’t follow her husband to court, and hardly ever saw him. On the morning of 8 September 1560, when she was staying at a country house near Oxford, she dismissed all her servants, and was later found, as shown here, dead with a broken neck at the foot of the stairs. Although an inquest found no evidence of foul play and returned a verdict of accidental death, Amy’s husband was widely suspected of having arranged her death.

In the gloom above Amy’s body, Yeames shows Anthony Forster, one of Dudley’s men, leading his manservant down the stairs when they discover Amy’s body. The implication here is that Forster murdered Amy on Dudley’s orders, one of many speculative accounts of her sudden death.

In 1884, Yeames painted this portrait of Amy Robsart.

Like most of Yeames’ history paintings, And when did you last see your Father? (1878) is plausible but imaginary rather than based on historical records. It shows a Royalist household during the English Civil War between 1642-51. The men present are Roundheads, Parliamentarians, who are trying to locate and capture the head of the household, the small boy’s father.

The boy shown is based on Gainsborough’s famous portrait of The Blue Boy (1779), and modelled here by the artist’s nephew. Although he’s being questioned amicably if not sympathetically, the question put to him in the title of the painting exploits the openness of childhood in an effort to get the boy to betray his father’s whereabouts, an unpleasantly adult trick. Next in line for a grilling is an older girl, who is being comforted by a Roundhead soldier, but is already upset. Their mother and an older daughter wait anxiously at the far left.

Towards the end of the century, Yeames turned these open narratives into increasingly popular problem pictures, culminating in one of the finest of the sub-genre.

Defendant and Counsel (1895) would have been exhibited in London, illustrated as an engraving in newspapers, and no doubt generated a flurry of opinionated letters completing its story, and passing judgement on its subject. It shows an affluent married woman wearing an expensive fur coat, sat with a popular newspaper open in front of her, as a team of three barristers and their clerk look at her intensely, presumably waiting for her to speak.

As she is the defendant, the viewer is encouraged to speculate what she is defending: a divorce claim, or a criminal charge? This also opens the thorny issue of counsel who discover that a defendant is lying, but still mount their defence in court, and may succeed in persuading the court to believe what they know to be false. Like And when did you last see your Father? this may be an exploration of truth and the problems posed by it.

Yeames died at the age of 82, on 3 May 1918, in the Devon Riviera resort of Teignmouth. And when did you last see your Father? was bought by the Walker Gallery in Liverpool shortly after it opened in 1877. A tableau of the painting has also been in Madame Tussaud’s wax museum in London for many of the intervening years. But no one knows who killed Amy Robsart, or whether it was just a tragic accident.

Wikipedia

William Frederick Yeames
Amy Robsart

As the threat landscape and strategies change, different parts of macOS security have been more actively developed. When Java and Flash vulnerabilities were dominant, XProtect’s metadata became vital for blocking older unpatched versions. Then in 2020, Apple grew XProtect’s Yara signatures to detect more malicious software, in 27 updates released that year. That campaign had finished by 2023, when it was only updated once each month, and all eyes were on the youthful XProtect Remediator maturing rapidly in its 18 updates. This article outlines what changed in macOS security protection during 2024, and how Apple has shifted emphasis back to XProtect, together with the importance of CDHashes and notarization.

XProtect

This has definitely been the year of XProtect, which performs on-demand checks of code that’s about to be launched, using a set of Yara rules to detect known malware. Our Macs started 2024 with version 2177, and after a record total of 29 updates for all macOS and a sudden change in version numbering, by the year’s end that has reached 5284. Even more impressive is the growth of XProtect’s Yara detection rules: at the start of 2024 there were about 195 rules taking 167 KB of text; as we pass into 2025, there are now about 328 rules in 921 KB of text. That’s 170% of the number of rules, and over five times the size.

macOS Sequoia has also brought the most substantial change to XProtect itself, in the introduction of a new medium for delivery of updates to its data, suggesting that XProtect is being forked. When macOS 15.0 was first released, XProtect could receive updates via either the old mechanism of Software Update, or through a new connection to iCloud using CloudKit. After a transition period, updates switched to iCloud only with effect from macOS 15.2.

Apple released two test updates for Sequoia only during September, one of which brought a huge increase in Yara rules in a file of 1.2 MB in size. This suggests that Sequoia’s XProtect is likely to see more frequent and larger updates now that this new mechanism has been tried and tested. How that will run alongside updates for older macOS has yet to be demonstrated, and none of this has been documented by Apple.

XProtect Remediator

This runs daily or more frequent background scans looking for the presence of malicious software and remediating it whenever it can. Although most of its scans are brief, those for Adload can now take several seconds or longer. Our Macs started the year with version 122 containing 22 scanning modules. Since then there have been 18 updates, bringing new modules for Bundlore (also the subject of a campaign in XProtect), and the newer Crapyrator and Dolittle (covered by extensive rules in XProtect), while RedPine has been dropped. We end the year with version 149.

For much of the year updates have been released every two weeks, but have reduced to one update each month since the summer. It’s thought that XProtect Remediator also uses XProtect’s Yara rules for detection purposes, so it should have benefitted from all those updates as well.

XProtect Behavioural and Bastion

The most recent of the XProtect trio, this watches for code that breaks its Bastion rules of behaviour by accessing files in specific sensitive locations, and similar. Apple states in its Platform Security Guide that this isn’t used to block apps or for local detection: “In addition, XProtect contains an advanced engine to detect unknown malware based on behavioral analysis. Information about malware detected by this engine, including what software was ultimately responsible for downloading it, is used to improve XProtect signatures and macOS security.”

Its Bastion rules have grown from 7 to 12, adding watched locations in ~/Library and /Users/Shared and more. Apple doesn’t provide any information as to how useful this intelligence is proving.

Gatekeeper

As all those using macOS Sequoia will have discovered by now, it brings a major change to way that Gatekeeper’s checks for notarization can be bypassed. In recent versions of macOS, this has been simple to accomplish using the Finder’s Open command, so simple that malware developers commonly coach the user through this to ensure their unsigned code is run without the defences of macOS. The new procedure requires permission to be granted explicitly in Privacy & Security settings.

This has proved controversial, with some who distribute code that isn’t notarized complaining that it’s getting in the way of users running perfectly benign software. However, it’s an important part of the transition to reliance on CDHashes known to Apple. It has already posed a problem to those distributing malicious code, for which no simple workaround has yet emerged. This has also led to a few legitimate apps being blocked, typically when they have been updated in place without fully updating their CDHashes and notarization ticket.

MRT

The old macOS Malware Removal Tool MRT has been superseded in Catalina and later by a scanner module in XProtect Remediator. MRT was last updated nearly three years ago, with version 1.93 from 29 April 2022 being the last. It hasn’t been entirely forgotten, though, and may still be installed on the latest Apple silicon Macs.

Threat

Fuller accounts of changes in the threat landscape are given by independent security researchers. Moonlock’s was published earlier this month, and I’d expect to see reviews from Patrick Wardle at the Objective-See Foundation and others in the coming days.

The year has seen continuing increase in the number and variety of malicious products for macOS. It’s surprising how many old names like Adload and Bundlore are apparently still thriving, and the emphasis remains on stealers. Recent directed attacks have demonstrated increasing ingenuity and technical skills, and at least one managed to sneak its way through screening by Apple and became notarized, although that has since been revoked.

As ever, threats are most immediate for those who engage in high-risk activities, including downloading cracked commercial products, and dealing in cryptocurrency.

The year ahead

Given that there’s no sign yet that Apple has driven away those who develop and deploy malware, 2025 isn’t likely to be any easier. Most malware has yet to respond to the change brought in bypassing notarization requirements. While there are bound to be more attempts to get malware notarized by Apple, the chances of a notarized app being malicious are likely to remain as close to zero as possible. Greatest risks will continue for those who run unnotarized code from uncontrolled sources.

Apple has put a lot of effort into the changes it has made in XProtect, and will expect to see results in the coming months.

The full festival of Christmas runs on to Twelfth Night on 5 or 6 January, the latter being the Epiphany, celebrating the second of the traditional Adorations, that of the three wise men or magi. For the sake of brevity and simplicity, I bring that forward to this article, together with the Adoration of the shepherds. Twelfth Night is also well known as the play by William Shakespeare, written to serve as entertainment to close the festival of Christmas. As you might expect, that play has nothing whatsoever to do with Christmas.

The three foreign kings or wise men are of particular interest, as the word magi implies their wisdom involves astrology and possibly darker arts, a strange association for the birth of Christ. Most visual artists have therefore opted for the less controversial interpretation as kings, while still showing the star that guided them to Bethlehem.

William Blake’s version of the Adoration of the Kings is more conventional than his Nativity shown in yesterday’s article. It has also retained more of its original beauty, with the three wise men presenting their gifts to Jesus and his parents. At the left, shepherds are outside tending to their flocks of sheep beneath a stylised star, and at the right are the traditional ox and ass.

In the account of the nativity of Christ in the Gospel of Luke, chapter 2, verses 8-15, an angel appeared to shepherds around Bethlehem and announced the nearby birth, the scene shown in Jules Bastien-Lepage’s The Annunciation to the Shepherds of 1875.

This could have been Bastien’s painted manifesto, showing how he builds on tradition rather than discarding it. It strikes a compromise between the gilding and Renaissance look of the angel, the rural realism of the shepherds who have come from Millet rather than Bethlehem, and the controlled looseness and gesture of its darkened landscape. He wastes not a brushstroke in telling its simple story, in the almost averted facial expressions, arms frozen in surprise, hands that have just been tending sheep, even down to the shepherds’ bare and filthy feet.

This exquisite tapestry was designed in 1888 by Edward Burne-Jones, William Morris and the lesser-known John Henry Dearle. This version was woven six years later for the Corporation of Manchester, and is one of ten known examples. The composition was taken from a watercolour by Burne-Jones from 1887, photographically enlarged into cartoons, and finally coloured and decorated with flowers by Morris and Dearle.

In the early twentieth century, the British Impressionist artist Edward Stott painted a few religious motifs, including this undated pastel nocturne of the Adoration of the Shepherds.

Albin Egger-Lienz’s Christmas Eve from 1903 is a reinterpretation of the Adoration of the shepherds set in a Tyrolean cowshed, with skilful use of light. I suspect its title has been mistranslated, and should instead refer to Christmas Night.

Henry Ossawa Tanner’s Angels Appearing before the Shepherds from about 1910 adopts a more radical approach in his mixture of loose brushstrokes, rubbings, and scumbled passages akin to Symbolism. Its colours are constrained, with a single patch of orange at the lower right indicating a small open fire, amid an abundance of blues and greens. The angels at the left are so ethereal that they could at any moment dissipate into a puff of smoke, and the three shepherds look almost insignificant by comparison.

In 1913, Kazimierz Sichulski painted one of his mixed media triptychs showing the Adoration of the Magi. The centre panel is a conventional Nativity, complete with the Holy Family and a regulation ox. The left panel has two of the magi and the ass, and the right completes the set of three magi.

Sichulski also painted this later triptych of Adoration of the Shepherds in 1938, using oils in freer style. This is perhaps set among the Hutsul people of the Carpathian Mountains, one of the artist’s favourite locations.

With those we roll on to the New Year.

Before Apple launched the Macintosh Portable in September 1989, the only way to lug a Mac around was in a hefty case. Although it broke new ground, unless you enjoyed weight-training the Portable’s 7.2 kg mass wasn’t at all convenient. Some of that weight and bulk resulted from its internal lead-acid battery, which Apple claimed was capable of providing its power for 6-12 hours. In practice, unless you flew supersonic on Concorde, it wasn’t likely to last a transatlantic flight.

Two years later, Apple replaced that with PowerBook 100, 140 and 170 Macs, the first that were truly laptops rather than just luggables. Although the 100 still relied on a lead-acid battery, the 140 and 170 introduced 2.5 amp-hour NiCads. This was also the start of much confusion among users over battery care.

Lead-acid batteries live longest when kept fairly fully charged, and like to be trickle-charged whenever possible. At the time, conventional wisdom was that nickel-cadmium (NiCad) batteries were prone to a ‘memory effect’ whereby repeated charge-discharge cycles would somehow result in falling charge capacity until the battery was incapable of delivering any useful working time. As a result, users resorted to all kinds of magic tricks to try to maintain their 2-3 hour battery endurance, the period they could run off battery alone. While these new PowerBooks were less than half the weight of the original Portable, their useful working time on battery was still insufficient for many internal flights within the US or Europe.

In 1992, Apple started introducing new PowerBook models featuring the next generation of batteries, nickel-metal hydride or NiMH, pushing their endurance to as long as 6 hours if you were lucky. Their charge and use characteristics were different from NiCads and lead-acid, and although Apple provided battery management software, many seemed to distrust it and preferred their own routines. Given that at this time a PowerBook could have any of five different battery types (as there were Type I, II and III NiMH), some confusion was inevitable.

This proved just the right market for expensive battery conditioners, aimed at organisations with many PowerBooks, and costing significantly less than all the replacement batteries they claimed to save. To this day I don’t know whether any of their proprietary charge-discharge sequences ever improved either endurance or overall working life, but they seemed a good idea at the time. The PowerBook 520 of May 1994 supported one or two “Intelligent” NiMH batteries with a claimed endurance of up to 5 hours each, and had at last reached the capacity needed to operate a Mac for the duration of a transatlantic flight, so long as you went no further than the East Coast.

Just over a year later, in the PowerBook 190cs, Apple brought the first of the new generation with lithium ion batteries, although in that case it resulted in a small reduction in endurance compared with the NiMH battery in the 190. From 1997. LiIon became standard for almost all the remaining PowerBook models until 2006, when the first MacBook Pro with its shiny new Intel Core Duo processor also brought lithium-polymer, as used today.

Battery capacities had been rising slowly, and that MacBook Pro’s battery provided 60 watt-hours, giving an endurance of ‘up to’ 4.5 hours on a full charge. For the first time, Apple felt confident enough to forecast the working life of a maximum (that ‘up to’ again) of 300 charge cycles.

In the years since, battery capacity has increased further, as has endurance. For example, the 17-inch MacBook Pro from early 2009 had a 95 watt-hour lithium polymer battery claimed to run for ‘up to’ 8 hours from a full charge, and to have a working life of a maximum of 1,000 cycles.

Users were provided with basic power management features in the Energy Saver pane in System Preferences.

There was also an active market in third-party monitoring and management software, here Battery Health Monitor from Sonora Graphics.

This is Energy Saver a couple of years later, in 2011.

This shows the Energy Saver pane, detailed information in System Information, and another third-party utility, coconutBattery Plus by Coconut-Flavour, in 2020.

The next big step up came not with better batteries, but in 2020 with the switch from Intel CPUs to Apple silicon chips. The following year, the 16-inch MacBook Pro with a capacity of nearly 8.7 amp-hours (99.6 watt-hours) was claimed to run for up to 14 hours browsing over Wi-Fi, with the same 1,000 cycle battery working life.

The chart above shows how capacity, expressed here in watt-hours, has increased in major new PowerBook and MacBook Pro models over this period. The most substantial increases occurred in 1997-98 and 2007-08, coinciding with the introduction of LiIon batteries and Intel MacBook Pros.

Claimed endurance on a fully-charged battery has risen exponentially over time, but I doubt whether that will be sustained for much longer.

As you might expect, there’s also a looser non-linear relationship between battery capacity and claimed endurance, although that has altered with the transition to low-power Apple silicon chips.

As many have discovered, even using battery management software in macOS, some batteries die young, and others can swell alarmingly. Over this period of 35 years, Apple has operated various extended battery support schemes, and faced criticism over battery working life. Some have even alleged that battery replacement is a profitable service for Apple. But in the long run, many of us have made increasing use of battery-powered Macs, and they have transformed many lives.

Few modern Christmas traditions have their origin in Gospel accounts of the Nativity. Read those, and you’ll see no mention of the ox and ass that appear inside the shed depicted widely over much the last 1,600 years. Although literary sources for them don’t appear until the eighth century, they started to feature in visual art in about 400 CE, and became frequent in miniatures in manuscripts from the tenth century onwards.

It’s probably Duccio’s Nativity with the Prophets Isaiah and Ezekiel from 1308-11 that formed the prototype for paintings over the following centuries, with its humble shed set into rock, the Holy Family, attendant ox, ass and sheep, shepherds and angels. This triptych was installed at the high altar in the cathedral of Siena, Italy, on 30 June 1311, and remained there for nearly two centuries, only being removed in 1506.

By the dawn of the nineteenth century, artists like William Blake were departing from that well-worn tradition.

By comparison, Blake’s Nativity from 1799-1800 is extraordinary. On the left, Joseph supports the Virgin Mary, who appears to have fainted. Jesus has somehow sprung from her womb, and hovers in mid-air, arms outstretched as if preparing for crucifixion. On the right, Mary’s older cousin Elisabeth greets the infant with her own son John the Baptist on her lap. Although most unconventional, at the top right Blake still includes the familiar oxen, and a cross or star burns bright through the window at the top.

Jean-Léon Gérôme was one of the first to set the traditional Nativity scene inside a different context, as a reminder of the events that were taking place at the eastern end of the Mediterranean during the reign of the Roman Emperor Augustus. In The Age of Augustus, the Birth of Christ (c 1852-54), the emperor sits on his throne, overseeing a huge gathering of people from all over his empire. Grouped in the foreground in a quotation from a conventional nativity is the Holy Family, whose infant son was to transform the Roman Empire in the centuries to come.

Later in the nineteenth century, progressive artists interpreted the traditions amid more contemporary surroundings.

Fritz von Uhde’s Sacred Night triptych, painted in 1888-89, shows three scenes from his contemporary recasting. In the centre is a modern interpretation of the classic Virgin Mary and Child, with the adoration of the magi on the left, and a delightful angelic choir singing amid the barn’s rafters on the right.

Uhde’s undated Christmas Night concentrates on the Nativity, in another atmospheric interpretation of the Holy Family of Joseph, the infant Christ, and the Virgin Mary in their improvised accommodation in Bethlehem.

Maurice Denis also transcribed several Biblical narratives into more recent settings. One of his most impressive is this thoroughly modern Nativity from 1894, where the birth of Jesus takes place in a contemporary French town. However, the artist couldn’t omit the traditional ox and ass behind the Holy Family, and the guiding star still burns bright in the sky.

Eleanor Fortescue-Brickdale’s watercolour of The Nativity is another contemporary interpretation of the cowshed, singular in the dress of the mother attending to her infant. Joseph is absent, though, as is the traditional ass or donkey.

Joseph Stella’s Crèche from 1929-33 is an ingenious framing. At its centre is the Nativity crib so often shown at Christmas, with an audience who might have been drawn from the artist’s home city in Italy, playing traditional bagpipes in homage.

That conveniently leads us to tomorrow’s final article covering paintings of the Christmas festival. Until then, I wish you a very merry Christmas!

It must be a good eight years since Macs have supported USB 3.1 Gen 2 at up to 10 Gb/s, and when USB 3.2 Gen 2×2 ‘SuperSpeed’ 20 Gb/s followed in 2017, we wondered how long it would be before new Macs supported that. Here we are, just about to enter 2025, and we’re still waiting. As my Christmas gift this year, let me explain how your Intel Mac can now use that forbidden fruit, USB 3.2 Gen 2×2 at its full 20 Gb/s, as well as USB4 at a similar speed. Sadly, as I’ll explain later, if you have an Apple silicon Mac, you’ll still have to make do with 10 Gb/s or USB4.

I also apologise that, to pull this trick off, you’re going to need to invest in a new and expensive dock for your Mac, a Kensington SD5000T5 EQ Thunderbolt 5 Triple 4K Docking Station. Look on this as investment in advance for your first Mac with Thunderbolt 5, and in the meantime it should accelerate USB 3.2 Gen 2×2 and USB4 SSDs to use 20 Gb/s instead of a measly 10 Gb/s. You will also probably need your Mac to be running macOS 14 Sonoma or later: I’m grateful to joevt for informing me that this ability appears to have been added to macOS only relatively recently.

I have tested that dock with two Intel Macs, an iMac Pro running Sequoia 15.1.1 and a MacBook Pro 16-inch 2019 (MacBookPro16,1), and it works with both. Full instructions are simple: connect your SSD to the dock, the dock to your Mac and to its power supply. A few instants later, your SSD should connect to your Mac at 20 Gb/s, giving read and write speeds well in excess of the 1 GB/s it was previously limited to, when its connection was restricted to 10 Gb/s.

Connecting up

On some older Macs, connecting the dock might trigger a notification that makes no sense, about connecting the accessory to a Thunderbolt port, as if it wasn’t already. Ignore that, and open System Information. In the USB section, you should see your SSD listed there with the Speed value as “Up to 20 Gb/s”. If it only reports “Up to 10 Gb/s” and you aren’t trying this on an Apple silicon Mac, you could try restarting to see if that enables the SuperSpeed connection.

Results

When connected direct to a Thunderbolt 3 port on an Intel Mac, the best you can hope for from a USB 3.2 Gen 2×2 or USB4 SSD are read/write speeds of around 1.0 GB/s. When connected through this dock, you should see more like:

• 1.8/1.8 GB/s, iMac Pro, macOS 15.1.1, to an OWC Express 1M2 enclosure containing a Samsung 990 Pro 2 TB SSD (USB4)
• 1.8/1.5 GB/s, iMac Pro, to a LaCie Rugged Mini SSD 2 TB (USB 3.2 Gen 2×2)
• 1.6/1.8 GB/s, MacBook Pro 16-inch 2019, macOS 15.2, to the OWC Express 1M2 (USB4)
• 1.6/1.5 GB/s, MacBook Pro 16-inch 2019, to the LaCie Rugged Mini SSD 2 TB (USB 3.2 Gen 2×2).

Apple silicon

Try this to a Thunderbolt 4 / USB4 port on an Apple silicon Mac up to a base M4, or the Thunderbolt 5 / USB4 2.0 port on an M4 Pro or Max, and all you’ll see for the USB 3.2 Gen 2×2 SSD is 10 Gb/s, or 1.0 GB/s, although at least the USB4 drive should run at full speed with any Apple silicon Mac.

You might now be wondering why in the four years since we’ve been buying Apple silicon Macs, Apple hasn’t enabled them to run at 20 Gb/s with USB 3.2 Gen 2×2 drives. Surely that’s just a matter of implementation in firmware? While it isn’t a requirement of USB4 or Thunderbolt 5 hosts, it’s the sort of feature you’d expect in a premium product. Maybe if enough of us asked Apple nicely through Feedback?

Technical

The USB4 specification apparently provides for three different 20 Gb/s connections:

• Tunnelled USB 3.2 Gen 2×2, which isn’t mandatory for any system supporting USB4
• USB4 Gen 2, which can be either 10 or 20 Gb/s, and is mandatory for all hosts, hubs and devices
• USB4 Gen 3, either 20 or 40 Gb/s, which is only mandatory for hubs.

When connected at 20 Gb/s:

• there’s no entry for the drive in NVMe,
• there’s no entry for the drive in PCI,
• the volume’s entry in Storage lists the Protocol as USB,
• the dock’s entry in Thunderbolt/USB4 lists the dock as connected at a speed of 40 Gb/s, and all three downstream TB5 ports as no device connected at a speed of Up to 40 Gb/s (or a speed of 0 Gb/s),
• The USB device tree lists the SSD in the USB3 Hub group, with a Speed of Up to 20 Gb/s.

Summary

If you need to connect USB 3.2 Gen 2×2 or USB4 devices to an Intel Mac, consider whether connecting them via a Thunderbolt 5 dock might not offer them read and write speeds significantly greater than 1.0 GB/s.

Merry Christmas!

I’m celebrating this Christmas in three parts. Today, for Christmas Eve, I ignore the excesses of the contemporary commercial feast and consider those less fortunate. On Christmas Day I’ll show some modern depictions of the Nativity, followed on Boxing Day by those of the Adorations.

In Christian tradition, Christmas isn’t all turkey and tinsel, but centred on a poor family living temporarily in an animal shed when Mary gave birth there.

Fritz von Uhde painted one of his finest modernised religious works, A Difficult Journey, in 1890. This imagines Joseph and the pregnant Mary walking on a rough muddy track to Bethlehem, in a wintry European village. Joseph has a carpenter’s saw on his back as the tired couple move on through the dank mist.

In more northern parts of Europe and North America, this time of year can be particularly challenging.

John Everett Millais’ view of Christmas Eve from 1887 is bleak. Bare trees, barren snow with just tracks, and a few crows foraging. The lights may be lit in the house behind those trees, but out here it feels pretty grim.

Appropriately, Christmas was a time for charity, although perhaps not as ostentatious as that shown by royalty.

The younger Carl Oesterley captured history in his painting of Queen Marie of Hanover Giving Presents to the Poor and Needy (1908). Princess Marie of Saxe-Altenburg, as I believe she’s more properly known, lived between 1818-1907. The artist’s father, Carl Oesterley senior, had been court painter to her family, but in 1866 her father’s kingdom was annexed by Prussia. The Princess married King George V of England, and her family never relinquished the throne. Princess Marie is shown as a saintly figure, bathed in light as the poor and needy, including a sick boy in the bed behind her, worship her grace.

Seven years later, in 1915, when the whole of Europe was engulfed by the Great War, Wojciech Kossak painted this Soldiers’ Christmas. The decorations on the small Christmas tree in the foreground echo the uniforms in their greyness. In the sky, a shellburst acts as a metaphor for the guiding star which led the Magi to the infant Jesus in Bethlehem, but below that celestial light these infantry soldiers must continue to fight.

The war’s end brought the deadly flu pandemic that reached even into the most remote communities, including those hidden among the maze of fjords to the north of Bergen in western Norway.

In Nikolai Astrup’s woodcut print of his family’s Christmas Eve at Sandalstrand from 1918, his wife and young son have fallen asleep exhausted, amid traditional Norwegian decorations, including a well-decked Christmas tree.

In the Norwegian capital of Oslo, then still named Kristiania, the Naturalist painter Christian Krohg saw Christmas Eve as an opportunity for redemption.

In Krohg’s Seamstress’s Christmas Eve from 1921, a young woman is in her garret bed-sit, where she has been toiling long hours at her sewing machine. An affluent couple, relatives or employers perhaps, have just arrived to give the young woman a Christmas tree, a large wicker basket of presents, and more. Maybe that young woman can still be saved from the fate brought on by her sweated labour at the sewing machine, and what was seen as her inevitable decline into prostitution.

Moralising approaches to Christmas had developed during the nineteenth century, initially in literature. A Christmas Carol wasn’t Charles Dickens’ first attempt at a Christmas story, but probably remains the most successful of any writer in the English language. Published on 19 December 1843, its first edition had completely sold out by Christmas Eve, and in its first year it was released in no less than thirteen editions.

One edition of A Christmas Carol published in 1915 was illustrated by Arthur Rackham (1867–1939), who from about 1900 onwards produced some of the finest illustrations using pen, ink and watercolour. If there is one British illustrator of that time whose work consistently demonstrates that illustration can be fine art, it must be the great Arthur Rackham.

In its most memorable scene, the ghost of his former partner Jacob Marley warns the miserly Ebenezer Scrooge that he faces a grim fate, but has one chance of redemption. He’s then visited by three further spirits who show him how.

Just over twenty years later, Victor Hugo’s Les Miserables seized the opportunity to tackle similar themes.

Around 1879-1882, Henri Jules Jean Geoffroy painted this work showing a well-known scene from Les Miserables, of Jean Valjean and Cosette. This shows the hero Valjean when he arrives in Montfermeil on Christmas Eve and discovers young Cosette fetching a pail of water for her abusive guardians the Thénardiers, early in the novel. He walks with her to an inn, where he orders her a meal, and learns about her mistreatment.

It’s relevant that Les Miserables was published while Victor Hugo was in exile on the island of Guernsey, after he had openly declared Emperor Napoleon III a traitor to France, following Napoleon’s seizure of power in 1851. That leads on to my final painting, with greatest relevance to the world today.

In Jacek Malczewski’s Christmas Eve in Siberia from 1892, these men have been deported from their native Poland and imprisoned in the extreme cold and remoteness of Siberia. Although there’s a steaming samovar at the end of the table, they have only had soup and a wedge of bread for their seasonal feast. Following the Polish Uprising in 1863, at least 18,000 were ‘exiled’ to Siberia, many of whom never returned.

This Christmas we should all be thinking of those who, for whatever reason, can’t spend this holiday in safety and comfort with their family.

Finder tags are a popular way to add accessible metadata to files and folders in macOS, with attractive properties:

• Their associated colour tags are easily seen and instantly recognisable.
• Each colour can be associated with one or more text labels.
• The Finder can display tagged items conveniently.
• Tags propagate through iCloud Drive, and can be used fully in iOS and iPadOS.
• Tags are generally preserved within macOS, for example when copying or moving items between volumes.
• Tags are searchable using Spotlight, as their text labels are indexed.

I have explained their use in this article.

Their principle limitation is that they’re limited to 7 colours, together with no colour. That allows you to assign multiple text labels to each colour, but the results of that can be confusing given that Finder display and search are based on their text labels not colours.

Implementation

Finder tags are implemented as extended attributes (xattr), currently of type com.apple.metadata:_kMDItemUserTags. However, historically they can also be implemented alongside other Finder information in com.apple.FinderInfo xattrs.

com.apple.metadata:_kMDItemUserTags xattrs consist of a binary property list containing brief UTF-8 text. This is an NSArray consisting of Strings, each containing a text label, followed by the newline character, followed by the colour number (0-7). The array can be empty. Obviously, labels can’t include the newline character; although they can include the colon character :, that has been reported as causing problems in some versions of macOS and is worth avoiding.

Colour numbers used are:

• none, 0
• grey, 1
• green, 2
• purple, 3
• blue, 4
• yellow, 5
• red, 6
• orange, 7.

Thus a tag name might read Red\n6, or Orange\n7 Green\n2 for two colours, where \n represents the newline character 0a.

When the Finder writes a tag xattr to an item, it also adds a null com.apple.FinderInfo xattr of 32 bytes length, if a xattr of that type isn’t already present.

com.apple.FinderInfo xattrs can be used to store a single colour tag without a text label, although this shouldn’t be encountered any more. When they do, a single byte is set in their fixed length of 32 bytes, the kColor flag just to the right of the Hide extension flag. For instance, <00000000 00000000 00040000 00000000 00000000 00000000 00000000 00000000> sets the Green tag. This scheme uses a different encoding for colour flag values:

• none = 00, 01
• grey = 02, 03
• green = 04, 05
• purple = 06, 07
• blue = 08, 09
• yellow = 0A, 0B
• red = 0C, 0D
• orange = 0E, 0F.

Basic checks

With a selection of tagged items, first verify the colours and text labels are shown correctly in the Finder’s Get Info dialog, and match those against com.apple.metadata:_kMDItemUserTags xattrs inspected using xattred‘s drag and drop interface. Also check com.apple.FinderInfo xattrs, although they shouldn’t have their kColor flag set.

Check tagged items both locally and in iCloud Drive. Note that tags should be preserved even when that file has been evicted from local storage to iCloud, as xattrs are stored locally and retained on dataless files. Tags should also be displayed in apps that support them, and in File Open and Save dialogs.

Problems with these basic checks should make you suspect file system errors in volumes affected. Run Disk Utility’s First Aid on that volume and perform necessary repairs. Although they should be shown in some other file systems, Finder tags are best-supported by HFS+ and APFS volumes and may have limitations in other file systems.

iCloud Drive syncing

Test this with:

• In the Finder, open a user folder in iCloud Drive. Select a file there, and add a Finder tag to it using the contextual menu.
• That should result in an immediate and brief sync up to iCloud, to copy that tag up.
• Check that this change syncs across other Macs and devices connected to the same Apple Account.
• If necessary, add the tag at a known clock time and use that to inspect iCloud systems in the log, using Mints or Cirrus.

Failure to sync the changed tag information with iCloud indicates a problem in syncing with iCloud, and requires separate diagnosis.

Spotlight search

Before looking at search for tags, first confirm normal Spotlight indexing and search function using Mints. If those tests don’t work correctly for search of file contents, address those problems first before assessing tags.

The single most common reason for search failures is that the item being searched for is in a location excluded either from indexing or from returning search results. Check Spotlight or Siri & Spotlight settings for the following:

• That item’s category isn’t excluded from appearing in Spotlight search results. For example, if the Images item in the list there isn’t ticked, then images will still be indexed, but Spotlight won’t return any images in its search results. Unless you have a good reason, the simplest setting here is for all boxes to be ticked.
• That item’s path isn’t within any of the locations listed in Search Privacy…, as those aren’t indexed at all.

There have been additional methods for excluding specific items from being indexed by Spotlight, of which two are currently effective:

• appending the extension .noindex to the folder name (this previously worked using .no_index instead);
• making the folder invisible to the Finder by prefixing a dot ‘.’ to its name;
• putting an empty file named .metadata_never_index inside the folder; that no longer works in recent macOS.

Check that the items you expect Spotlight to find aren’t subject to any of those. Details of those items not synced by iCloud Drive are given in this article.

In addition to those excluded locations, Sequoia (and possibly other recent versions of macOS) generally excludes folders and files within either of the two user-writable Library folders, /Library and ~/Library. Limited indexing is performed within the Application Support folder, but that doesn’t appear to include tags. Although iCloud Drive as a whole is shown as being inside ~/Library, it’s indexed differently, as given above, and that should also include app-specific folders in iCloud Drive.

Before even considering rebuilding a volume’s Spotlight indexes, check whether Spotlight correctly indexes test files created using Mints, when you add tags to them. When tags are added, you may be able to see a short burst of mdworker activity in Activity Monitor, and it should be recorded in the log, as checked using Mints. Full details of diagnosing and fixing problems with Spotlight search are given in this article.

Step summary

1. Verify tags as xattrs both locally and in iCloud Drive, using xattred.
2. Verify syncing in iCloud Drive using Mints or Cirrus.
3. Check Spotlight search is working correctly for other contents, using Mints.
4. Verify tagged items are in a path that isn’t excluded from indexing, and their category is set to return search results, in System Settings.
5. Diagnose any underlying Spotlight problems using Mints.

This third and final article reviewing notable paintings of a century ago covers landscapes in a surprising range of styles.

Félix Vallotton’s view of Château Gaillard at Les Andelys is one of his late transcendental paintings. The ruins of this mediaeval castle tower above this village in northern France. Les Andelys had been the birthplace of Nicolas Poussin in 1594, and grew popular with landscape painters during the nineteenth century.

Robert Bevan, one of the Camden Town Group, painted this view of Aldwych in central London. This is a crescent off the Strand, to the east of Charing Cross. At the left is a motor omnibus, and drinking at the water-trough beneath the memorial is one of the remaining working horses of London, which by now were well in decline.

Bevan’s Mount Stephen from 1924 shows one of the farms close to Luppitt in East Devon, presumably painted during one of Bevan’s summer visits. By this time, the artist had developed cancer of the stomach. He died the following summer, just a month short of his sixtieth birthday.

In Norway, Nikolai Astrup’s rugged rock peaks become the head of a giant owl, peering down at his moonlit unreality. The everyday act of milking a goat becomes strange when it takes place in the dead of night. Marsh marigold flowers, typically seen in the summer sunshine, still glow yellow under his bright yellow moon.

Painted just a year before George Bellows’ sudden death, his Summer Fantasy contrasts with almost all his preceding paintings. Using a formal and classical composition, he brings together images of archetypes in a lush green park, with the Hudson River behind. Ladies in fine, flowing white dresses promenade with their husbands. Horses and their riders, some in the elegance of side-saddle, cross in the middle distance. The sails of boats on the river are backlit by the setting sun.

This has been interpreted as an allegory of life: from the baby in the pram in the right foreground, through marriage, to the final years. But we will never know where it was going to lead Bellows’ brush in the future. For in the New Year of 1925, he suffered appendicitis, which he left untreated. This led to peritonitis, from which he died on 8 January.

Théo van Rysselberghe’s Les Fonds de Saint-Clair looks likely to have been painted in a single plein air session, with areas where the application of paint has been so light that the canvas texture shows through. This is possibly a picturesque ravine near the north coast of France, to the east of Le Havre.

Pierre Bonnard had moved south from Paris, and spent much of his later life living in Le Cannet, where he painted at least two variations of this view of a Pink Palm at Le Cannet.

Bonnard’s Landscape with Mountains is a view further inland.

With the increasing time he spent on the French Mediterranean coast, maritime motifs become more frequent in Bonnard’s paintings from this time. In a Boat, Promenade at Sea shows three figures who appear to be out for a ‘promenade’ inshore.

Meanwhile, Lovis Corinth was painting avidly at his mountain chalet near Walchensee, in Bavaria.

The Jochberg at Walchensee shows this 1567 metre high mountain dividing the Walchensee from the Kochelsee.

Corinth’s view of Walchensee, Vegetable Garden was painted away from his normal vantage point, to include the colours and textures of this vegetable patch.

Finally, Corinth’s Walchensee is a watercolour sketch of the lake reportedly painted on vellum.

I hope that you enjoyed Saturday’s Mac Riddles, episode 287. Here are my solutions to them.

1: Comfort for the organ cabinet and shows entries from 2.

Click for a solution

Console

Comfort (to console) for the organ cabinet (a console) and shows entries from 2 (what it does).

2: Mass of wood measures a ship’s speed for the jottings of your Mac.

Click for a solution

log

Mass of wood (a log) measures a ship’s speed (a ship’s log, which originally used a wooden log) for the jottings of your Mac (what it contains).

3: Guide points the way to measure performance in 2.

Click for a solution

Signpost

Guide (a signpost) points the way (what a signpost does) to measure performance in 2 (signposts are log entries used to measure performance).

The common factor

Click for a solution

They are all concerned with a Mac’s log.

I look forward to your putting alternative cases.

They might all connect to the same ports, but Thunderbolt 3, 4, 5, USB 3 and USB4 are disturbingly different, and few deliver the performance that their up-tos promise. From the figures that I see here at the moment, the most reliably performant in widely available products is USB4, but that’s not supported by Thunderbolt 3 on Intel Macs. When your SSD needs to work well with both Mac architectures, you’re normally limited to using Thunderbolt 3, often the least up-to of them all.

Earlier this month, joevt asked whether “you might be able to connect Thunderbolt 4 dock to have a Thunderbolt 3 host communicate with a USB4 device?” This article tries to answer that, and compares performance of a TB4 hub and a TB5 dock across the range of Mac Thunderbolt ports. In doing so, I think I have discovered how to get an Intel Mac to use USB 3.2 Gen 2×2 at 20 Gb/s, something I’ve not seen before.

Testing

Three Macs were used for testing:

• iMac Pro (Intel, T2 chip) with macOS 15.1.1, over a Thunderbolt 3 port without USB4 support.
• MacBook Pro (M3 Pro) with macOS 15.2, over a Thunderbolt 4/USB4 port.
• Mac mini (M4 Pro) with macOS 15.2, over a Thunderbolt 5 port.

These represent the three main Thunderbolt ports available in recent Macs: vanilla TB3 in all Intel models, TB4 and USB4 in most Apple silicon Macs up to the base M4 chip, and the latest TB5 alias USB4 2.0 in M4 Pro and M4 Max models.

The hub used was a Satechi Thunderbolt 4 Slim Hub, with one TB4 upstream and 3 TB4 downstream ports. The dock was a Kensington SD5000T5 EQ Thunderbolt 5 Triple 4K Docking Station, with one TB5 upstream and 3 TB5 downstream ports. Cables used were CalDigit TB4 and Apple TB5 as appropriate.

Test SSDs were a Thunderbolt 3 OWC Envoy Pro FX 4 TB, and a USB4 OWC Express 1M2 enclosure containing a Samsung 990 Pro 2 TB SSD, chosen for their consistent and representative performance.

All transfer rates were measured using Stibium with a total of 53 GB of test files of between 2 MB and 2 GB being written or read in random order, according to the test. All apparently anomalous or unexpected results were repeated to confirm they weren’t exceptional, and were reproducible.

Can a TB4 or TB5 hub/dock connect Intel Macs faster to USB4?

When connected via the TB4 hub to the Intel Mac, the USB4 SSD operated at USB 3.2 Gen 2 speed, with read/write of 0.97/0.99 GB/s, as expected. However, when connected via the TB5 hub, it operated at twice that speed, achieving USB 3.2 Gen 2×2, with read/write speeds of 1.83/1.81 GB/s. This was reported in System Information as being at 20 Gb/s, and is the first time I have seen any peripheral connected to a Mac operating at that transfer rate.

However, the Thunderbolt 3 SSD was slower to read when connected through the TB5 dock: through the TB4 hub read speed was 2.62 GB/s, and for the TB5 dock 2.13 GB/s. Thus, when connected via the TB5 dock, TB3 and USB4 performance were similar.

Consolidated results for all tests are given in the summary table above.

TB4 hub performance

As should be expected, all speeds measured through the TB4 hub were limited to within the approximately 3 GB/s transfer rates normally delivered by the 32 Gb/s available in Thunderbolt 3 and 4. That led to a reduction in read speeds of the USB4 SSD from 3.2-3.5 GB/s when connected directly to an Apple silicon Mac, to 2.9 GB/s when accessed through the TB4 hub.

However, write speeds for the TB3 SSD were further reduced to half TB3, at about 1.4 GB/s. I reported this previously when originally testing TB4 hubs with TB3 SSDs, and can only presume it’s a limitation imposed by the chipset used in some TB3 SSDs, as it doesn’t affect all, and doesn’t affect USB4 through the TB4 hub. This isn’t predictable.

TB5 dock performance

Speeds measured through the TB5 dock were generally at least as good as those through the TB4 hub with three notable exceptions:

• Write speed from a TB5 port to a TB3 SSD through a TB5 dock fell to 0.42 GB/s, little more than 10% of that of a direct connection and similar to that expected from a SATA SSD operating over USB 3.2 Gen 2. This is a catastrophic effect for which I can offer no explanation, despite demonstrating it on several different occasions with the same combination of host port, dock and SSD.
• Write speed from a TB5 port to a USB4 SSD through a TB5 dock fell to 2.3 GB/s, about 62% of that expected.
• Write speeds to a TB3 SSD through a TB5 dock occur at about half the expected speed, just as those through a TB4 hub.

There’s currently a problem with writing from a TB5 host port to either TB3 or USB4 SSDs through a TB5 dock. As the first TB5 hubs become available in the New Year, it will be interesting to see whether they too exhibit similar limitations. Hopefully this will prove to be a firmware problem that can be fixed easily.

TB4 hub or TB5 dock?

Neither the TB4 hub nor the TB5 dock can be recommended without significant reservations, as neither delivers comparable performance to direct connections. For the TB4 hub, those limit all USB4 performance to a maximum of about 3 GB/s, and halve TB3 write speeds. For the TB5 dock, write speeds are again limited, catastrophically in the case of TB3 SSDs from a host TB5 port.

The only way to determine whether your intended combination of Mac, hub or dock, and SSD will deliver the performance you expect is to test them in combination yourself. That hasn’t changed since the introduction of the first TB4 hubs, and the addition of TB5 has only complicated this, as it’s just another up-to where anything could happen.

Conclusions

• If a USB4 SSD is to be used with an Intel Mac, connecting it via a TB5 dock could almost double its performance, but a TB4 hub doesn’t help.
• Connecting a TB3 SSD to any Mac via a TB4 hub or TB5 dock is likely to reduce its write speed to about 1.5 GB/s or less.
• Connecting a USB4 SSD to an Apple silicon Mac via a TB4 hub will reduce its read and write speeds below 3 GB/s.
• Some combinations of host port, hub/dock and SSD can result in more severely impaired performance. Those are unpredictable, and can only be discovered by careful testing in combination.
• Thunderbolt 3, 4, 5 and USB4 are up-tos that can sometimes perform remarkably poorly.

The most painted of the poems of Alfred, Lord Tennyson are those of his Arthurian narrative Idylls of the King, that I have recently incorporated into my long series on paintings of Arthurian legends. Among those The Lady of Shalott remains the most popularly depicted. Several other poems of Tennyson have featured in notable paintings.

The Sleeping Beauty is a ‘fairy’ story widespread through most of Europe, best known from the version of the brothers Grimm, and retold by Tennyson initially in his 1830 poem of the same name, expanded into The Day-Dream of 1842.

The central story tells of a princess, who has seven good fairies as her godmothers. An eighth and evil fairy was overlooked, and seeks a way to get revenge. She puts a curse on the princess that she will prick her hand on the spindle of a spinning wheel and die. One good fairy tries to reverse this, changing the spell so that it will put her into a deep sleep for a century, and can only be awakened by a kiss from a prince.

Royal edict then forbids all spinning throughout the kingdom, but when the princess is a young woman, she discovers an old woman spinning, and pricks her finger on the spindle. She then falls asleep. The king summons the good fairy to try to address the problem. Her solution is to put everyone in the castle to sleep, and to summon a forest with brambles and thorns around the castle, to prevent anyone from entering.

A prince later hears the story of the Sleeping Beauty, and rises to the challenge to penetrate the trees and bramble thickets around the castle. He discovers the sleeping princess, kisses her, and she and the rest of the castle wake up. The prince and princess marry, and they all live happily ever after.

A pupil of the Pre-Raphaelites working long after most of the them had died, John Collier chooses part of the story before the climax, in his Sleeping Beauty of 1921. Here the princess and her two companions are shown asleep, with the dense woodland and brambles seen through the window.

The same year that his first version of The Sleeping Beauty was published, Tennyson wrote a poem drawn from William Shakespeare’s comedy Measure for Measure, and the character of Mariana.

Set in Vienna, the play relates the events which take place when the Duke of Vienna makes it known that he is going away on a diplomatic mission. His deputy, Angelo, assumes control, although the Duke doesn’t actually go away at all, but remains in disguise to observe Angelo’s behaviour in his feigned absence.

Angelo has been betrothed to Mariana, but her dowry was lost at sea, so he has refused to marry her, leaving her isolated and in perpetual sadness, with no promise of any solution. During the Duke’s feigned absence, it becomes clear that Angelo lusts after another, Isabella, a novice nun who is the sister of Claudio, who Angelo has engineered to become sentenced to death for fornication. Angelo offers Isabella a deal to spare her brother’s life, in which she lets him deflower her.

The disguised Duke arranges a ‘bed trick’ in which it is actually Mariana who Angelo has sex with, which could be construed as consummation of their frozen marriage. Angelo then has sex with Mariana, believing her to be Isabella, but reneges on the deal to spare Claudio. The Duke arranges for a similar head to be sent to Angelo to ‘prove’ Claudio’s execution, in the ‘head trick’.

The Duke then ‘returns’ to Vienna, and is petitioned by Isabella and Mariana, for their claims against Angelo. Angelo attempts to lay blame against the Duke when he was disguised as a friar, so the Duke reveals his role, and proposes that Angelo be executed. Eventually it’s agreed that Angelo is made to marry Mariana, and revealed that Claudio was not executed.

Tennyson’s Mariana focusses solely on her ‘despondent isolation’ before most of the events of Shakespeare’s play. Its 84 lines end with the summary
Then, said she, “I am very dreary,
He will not come,” she said;
She wept, “I am aweary, aweary,
O God, that I were dead!”

A couple of years later, Tennyson rewrote the poem and published his new version under the title Mariana in the South in 1832. That follows more closely the tragic circumstances of The Lady of Shalott, ending in Mariana’s death. This leaves us with a choice of two or even three different Mariana narratives, and a fourth if we include Elizabeth Gaskell’s novel Ruth, published in 1853, which was apparently inspired by Millais’ painting below.

Some of John Everett Millais’ sketches for his major painting of Mariana have survived, and show how from early on in its development, the figure’s posture and location had been decided.

The final version of Mariana (1851) was first shown at the Royal Academy in 1851, together with lines 9-12 of Tennyson’s original Mariana:
She only said, “My life is dreary,
He cometh not,” she said;
She said, “I am aweary, aweary;
I would that I were dead!”

Millais’ superb and richly-coloured painting is full of symbols: fallen leaves to indicate the passage of time, her embroidery as a means of passing that time, the Annunciation in the stained glass contrasting her with the Virgin’s fulfilment, the motto ‘in coelo quies’ (in heaven is rest), and the snowdrop flower in the glass meaning consolation. Mariana’s posture is intended to indicate her yearning for Angelo.

Marie Spartali Stillman’s accomplished watercolour of Mariana from 1867 may have been inspired by Millais’ painting, and uses the same basic setting of Mariana gazing out of a window with yearning. However she dispenses with Millais’ complex symbols, and fills her paper with Mariana herself, relying on her facial expression and body language alone.

When first exhibited at the Dudley Gallery, it was well received, but didn’t sell. It then vanished until its re-discovery in the 1980s. It has been suggested that this painting may have been inspiration for Rossetti’s versions.

Rossetti made two quite different studies before painting his finished work of 1870, that are generally accepted as being part of his Aesthetic style rather than the earlier Pre-Raphaelite.

The Heart of the Night (Mariana in the Moated Grange) (1862) is an intriguing watercolour study quite unlike any of the other depictions of Mariana, but clearly referring to Tennyson’s first poem. The figure is obviously yearning deeply, but instead of facing a window, she inhabits the dark. Some symbols are apparent in the distance, including a spinning wheel indicating time, and there are love letters scattered in the foreground.

Rossetti’s next study of 1868 is transformed by his use of Jane Morris (wife of William Morris) as the model, and this probably developed from a study of her head alone. There is also a link to reality, in that the Morris’s marriage was going through a difficult period, and Jane and Rossetti were becoming increasingly close.

Rossetti’s finished painting of Mariana (1870) strangely reverts to that of Shakespeare’s play, and depicts the moments in Act IV scene 1 in which a boy sings to Mariana. Rossetti dresses the woman in the same blue as Millais, and uses Jane Morris as his model. Mariana now sits full of yearning, her embroidery on her lap, as she listens to the boy’s song, bringing in the art of music. There appears little in common with Stillman’s painting, though.

Philip Hermogenes Calderon’s sketchy painting is even more obviously linked to the Shakespeare play, and those same events in Act IV scene 1. The boy is not shown in song, though, as he stares at Mariana’s face, which we cannot see, as she is looking into the canvas. Her purity is confirmed by the white lily flowers.

Valentine Cameron Prinsep’s Mariana (c 1888) was intended to serve as an illustration for a printed edition of Shakespeare’s play; this version was printed by Goupil in Paris in 1896. Instead of following Rossetti and Calderon, he uses a similar composition to Stillman. Mariana is here dressed in white, symbolising her purity, and stares out of anachronistic diamond-pane windows, full of yearning.

Henrietta Rae painted her version of Mariana in 1892, and appears again to refer to Marie Spartali Stillman’s painting of 1867, with its bottle-glass windows, although her composition looks original.

Almost fifty years after Millais’ first painting, John William Waterhouse chose to use Tennyson’s later reworking of his poem, Mariana in the South.

One study has survived, showing how Waterhouse has moved closer to popular images derived from The Lady of Shalott. The moated grange is now kept in permanent darkness, shutters closed. Mariana yearns in front of a large mirror, as if dressing herself in preparation for her death.

Waterhouse’s finished Mariana in the South (c 1897) places her in a posture more closely derived from that of Millais. On the floor are some of her love letters, and there is a large red rose of love on her breast. At the left edge, on a distant mantleshelf, a candle burns its vigil for her lost betrothal, and her prayers that she will one day marry. This matches Tennyson’s words “And in the liquid mirror glowed the clear perfection of her face” from his second version of the poem.

In early 1835, Tennyson wrote a brief elegy describing his emotion of loss following the death of his close friend and fellow poet Arthur Henry Hallam in 1833, titled Break, Break, Break. It was published in 1842.

This remarkable painting by Elihu Vedder is one of the earliest symbolist images made by an American artist. Its origins are probably in sketches he made in 1866 and 1867, according to Regina Soria. The earlier of those was a response to Tennyson’s poem Break, Break, Break, pondering the memory of loved ones when contemplating the sea, as Vedder shows here.

I wonder whether we’ll look back at 2024 as the year that Apple Intelligence came to our Macs and devices?

While there are plenty of nay-sayers, and those who still accuse Apple of falling behind, there can be few who aren’t aware of what’s available to those who have bought a recent Mac or one of the higher-end iPhones or iPads. Since Apple’s attempt to hijack the established abbreviation AI at WWDC last summer, we have heard little else. There can have been few minor updates that were sold as heavily as the autumn’s x.1 and x.2 releases for their lavishly preannounced new features.

We’ve been beta-testing some of those features for as long as we’re normally allowed for a whole major release of macOS. Over that period, the number of users who have switched to English (US) as their primary language must have been substantial. It’s the first time I have kept one of my Macs running beta-releases long after the annual macOS upgrade, and I only reverted when 15.2 was released with AI support for English (UK).

Although these AI features have their uses, and for many should prove quietly revolutionary, I’m not convinced that they transform our Macs or devices into anything even remotely intelligent, and a far cry from the great thinkers in Raphael’s masterpiece The School of Athens. The central figures here are Plato (left) and Aristotle (right). Seen further to the left in profile is Socrates, and below him is Pythagoras writing in a book while a boy holds in front of him a small blackboard showing the theory of harmony.

Contrast that hullabaloo about AI with Apple’s complete silence on security, specifically the changes brought in its front-line malware detection feature XProtect in macOS Sequoia, since its release on 16 September. Prior to that, XProtect’s data bundle, including its Yara file of detection signatures for malicious software, had been maintained by the general macOS update service through softwareupdated. The diagram below outlines this long-established process.

When Sequoia 15.0 was released, that changed to what has turned out to be an intermediate invoking both the old mechanism and the new.

For the first couple of weeks of that, XProtect updates were chaotic:

• 13 Sep (approx) Software Update Service stopped providing regular XProtect updates
• 13 Sep (approx) XProtect version 5273 available from Software Update Service for Sequoia only
• 16 Sep macOS 15.0 released, with version 5273 available from Software Update Service for Sequoia only; upgraded Macs updated to 5273 by copying from secondary to primary locations; 5273 not provided from iCloud, where 5272 remained the current version
• 18 Sep Software Update Service resumed delivery of 5272 to Sonoma and earlier
• 18 Sep Software Update Service started delivery of 5274 to Sonoma and earlier; 5273 no longer available for Sequoia, with 5272 still available from iCloud
• 24 Sep Software Update Service delivered 5275 for Sequoia; no change to Sonoma and earlier, and 5272 still available from iCloud.

Then, just as we were getting the hang of it, Sequoia 15.2 excised the old mechanism, as we discovered last week when Apple released the first update to XProtect since 15.2.

Throughout all of this, Apple has remained completely silent. What’s even more surprising is that in the last few days, Apple has updated its definitive guide to security for Macs and all its devices. Although not all localised English translations have yet been synced with its US or Canadian English versions, the account of XProtect now has a published date of 19 December 2024, but doesn’t mention September’s changes.

There are those who insist that none of this is our concern, we should just let Apple do whatever it deems appropriate, and we shouldn’t even know what version of XProtect’s data is installed, as macOS takes care of all that for us. However, the security of my Mac is very much my business. If I were to unwittingly install malware that stole sensitive information, those are my banking details at risk, not Apple’s. Should I suffer financial loss as a result, would Apple provide unlimited compensation?

Hardly. Read sections 8 and 9 of Apple’s licence for macOS Sequoia, and the onus is clearly placed on the user. Just to emphasise this, further down that licence, in the Apple Pay & Wallet Terms and Conditions, is the express statement: “You are solely responsible for maintaining the security of your Mac Computer, Supported Devices, your Apple Account, your Touch ID information, the passcode(s) to your device(s), and any other authentication credentials used in connection with the Services (collectively, your “Credentials”).” The next time someone says that you should leave the security of your Mac to Apple, remind them of that.

Apple also encourages us to take an active part in our Mac’s security protection, and provides us with tools for doing so. The description given in man xprotect is a good example: “xprotect is used to interact with XProtect. It is useful for administrators or users who want to manually invoke XProtect functionality.”

Information about XProtect updates is exposed in the GUI, in System Information, where each update including those delivered by both old and new mechanisms is listed, together with its version number. That in itself is puzzling, as recent entries incomprehensibly duplicate older XProtectPlistConfigData entries with newer XProtectCloudKitUpdates.

So if AI doesn’t bring us the School of Athens, what has macOS Sequoia achieved so far? For this second image I turn to Lovis Corinth’s first major painting after his near-fatal stroke just before Christmas in 1911, an autobiographical portrait expressing his frustrations, in The Blinded Samson from 1912.

Please don’t breathe a word of this over on Apple Support Communities, though, where it seems your Mac’s security should be like mediaeval religion, a matter of blind faith and the suppression of knowledge. It’s high time for a Renaissance, much more Enlightenment, and a modicum of Intelligence.

A few weeks ago I featured paintings of one of Boccaccio’s stories from his Decameron, retold in 1818 by the British poet John Keats (1795-1821) in his Isabella, or the Pot of Basil. Today’s article looks at paintings inspired by some of Keats’ other writings, and tomorrow those based on the works of Tennyson.

Keats completed and published his poem Endymion in 1818, when he was only twenty-three. This elaborates on the story of the shepherd of the same name who became the object of affection from the goddess Selene. However, instead of using her name, Keats used an alternative name for the goddess Artemis, who later became confounded with Selene.

George Frederic Watts’ painting of Endymion (1872) may well refer to Keats’ poetic reinterpretation, showing Endymion making love with the Titan goddess of the Moon, Selene. This is one of Watts’ most painterly works, and appears to have come straight from his emotions. This also marks his transition from painting Pre-Raphaelite staples such as mediaeval knights and legends, to his later works that were more allegorical if not frankly symbolist.

Edward Stott’s Trees Old and Young, Sprouting a Shady Boon for Simple Sheep from 1888 is unusual as it’s one of his few paintings with a literary reference, its title being a quotation from Endymion. However, its shepherdess is neither Endymion nor Selene/Cynthia.

The following year, Keats wrote the narrative poem The Eve of St. Agnes, which was published a year later, remains one of his finest works, and has formed the basis for at least three major paintings by Pre-Raphaelites.

Madeline has fallen in love with Porphyro, who is an enemy to her family. Older women have told Madeline that she can receive sweet dreams of love on the night of St. Agnes Eve, preceding the day on which the patron saint of virgins is celebrated, 21 January.

On that night, Porphyro gains entry to the castle where Madeline lives, and looks for Angela, who remains a friend to his family despite the feud. Angela reluctantly agrees to take him to Madeline’s room, so that he can gaze at her sleeping there. She takes him there, where he hides in a large wardrobe and watches her prepare for bed, seeing her full beauty in the moonlight.

He creeps out to prepare a meal for her, but she wakes, and seeing the same figure she had just been dreaming, takes him into her bed. She then wakes fully and realises her mistake. They declare their mutual love before escaping from the castle past drunken revellers, and flee into the night.

In this study for William Holman Hunt’s The Flight of Madeline and Porphyro During the Drunkenness Attending the Revelry from 1848, he shows the climax of the poem. Madeline and Porphyro, dressed in their cloaks, are creeping past the drunken bodies of those who have been at the feast. Through the arches at the left the drinking and feasting can be seen still in progress. In the foreground one of the revellers is clutching an empty cask of drink, while other remains of the drinking are scattered on the floor to the right. Two large dogs appear to be somnolent and not reacting to events.

Madeline’s face has a neutral expression, and she has her right arm across Porphyro’s chest to restrain him, her left hand in contact with his right hand on the hilt of his (smaller) sword, as if to restrain him from drawing it. Porphyro’s face shows tension, almost amounting to anger, perhaps, as his left hand holds a door behind him, at the right edge of the painting. That door bears a key, suggesting it’s an outer door. His right hand grips the handle of his sword, as if about to draw it.

Instead of Holman Hunt’s elaborate and ingenious composition, Arthur Hughes opts for a triptych, read from left to right. At the left, Porphyro is approaching the castle. In the centre, he has woken Madeline, who has not yet taken him into her bed. At the right, he almost quotes from Holman Hunt’s version, showing the couple’s escape over drunken revellers. There is also a second, undated version in the Ashmolean, Oxford, in which the painting at the left shows a slightly later moment, where Porphyro meets Angela at the entrance to the castle.

Hughes felt the need to provide the viewer with an excerpt of the original text:
They told her how, upon St Agnes’ Eve,
Young virgins might have visions of delight,
And soft adorings from their loves receive
Upon the honey’d middle of the night.
If ceremonies due they did aright,
And supperless to bed they must retire,
And couch supine their beauties lily white,
Nor look behind, nor sideways, but require
Of heaven with upward eyes for all that they desire.

This painting was very well received when shown at the Royal Academy in 1856, with the critic John Ruskin and painter Dante Gabriel Rossetti being enthused by it.

John Everett Millais’ The Eve of St Agnes from 1863 is one of the few Pre-Raphaelite paintings to have been purchased by the British Royal Collection: despite the great achievements of the movement, their works were not favoured by Queen Victoria.

This shows Madeline completing the rituals prescribed for the night, as she prepares to undress for bed, in verses 25-26 of Keats’ poem:
Full on this casement shone the wintry moon,
And threw warm gules on Madeline’s fair breast,
…her vespers done,
Of all its wreathed pearls her hair she frees;
Unclasps her warmed jewels one by one;
Loosens her fragrant boddice; by degrees
Her rich attire creeps rustling to her knees:
Half-hidden, like a mermaid in sea-weed,
Pensive awhile she dreams awake, and sees,
In fancy, fair St. Agnes in her bed,
But dares not look behind, or all the charm is fled.

This curiously static scene from an action-packed narrative was painted from life: Millais used the King’s Bedroom in the Jacobean house at Knole Park, near Sevenoaks in Kent, with his wife Effie as his model. The special bull’s eye lantern producing the eerie lighting effect was a detail over which he took meticulous care. The end result is another evocative, sensual painting that’s almost devoid of narrative.

Before The Eve of St. Agnes was published, Keats wrote La Belle Dame Sans Merci, a ballad about a femme fatale, derived in part from a fifteenth century poem by Alain Chartier. This concerns a fairy who seduces a knight with her eyes and singing, then condemns him to an unpleasant fate. It was published in its original version in 1819, and in a revised version in 1820. It includes the the verses

I met a lady in the meads,
Full beautiful, a fairy’s child;
Her hair was long, her foot was light,
And her eyes were wild.

I made a garland for her head,
And bracelets too, and fragrant zone;
She looked at me as she did love,
And made sweet moan.

I set her on my pacing steed,
And nothing else saw all day long,
For sidelong would she bend, and sing
A faery’s song.

Walter Crane is one of the earlier artists to represent this in a painting, with subsequent similar depictions by Arthur Hughes and Frank Dicksee. The ‘belle dame’ of the title is shown riding side-saddle on the knight’s horse, flowers in her long, flowing tresses, and the knight clad in armour and heraldic overgarments, holds her hand.

Early in 1821, when he was only twenty-five, John Keats died of the complications of tuberculosis.