Normal view

There are new articles available, click to refresh the page.
Today — 9 July 2025Main stream

Apple has just released major updates to XProtect and XProtect Remediator

By: hoakley
9 July 2025 at 02:45

Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5304, and to XProtect Remediator for all macOS from Catalina onwards, to version 152. As usual, Apple doesn’t release information about what security issues these updates might add or change.

Yara definitions in this version of XProtect add two private rules for Shebang, to match shell scripts by ‘shebang’, and _golang_macho, to match machos compiled by Golang. There are also 19 new rules for a novel family of what appear to be stealers based on the name BONZAI, including MACOS.BONZAIBONANZA.AUTO, MACOS.BONZAIBONANZA.TAAP, MACOS.BONZAIBONANZA.TAFI, MACOS.BONZAIBONANZA.VACA, MACOS.BONZAIBONANZA.VASN, MACOS.BONZAIBONANZA.FU, MACOS.BONZAIBONANZA.SC, MACOS.BONZAIBARRICADE.PE, MACOS.BONZAIBARRICADE.PA, MACOS.BONZAIBARRICADE.KE, MACOS.BONZAIBLASTER.FU, MACOS.BONZAIBLASTER, MACOS.BONZAIBLASTER.TA, MACOS.BONZAIBONDER.SO, MACOS.BONZAIBONDER.PE, MACOS.BONZAIBONDER.TEPL, MACOS.BONZAIBONDER.LA, MACOS.BONZAIBONDER.FU, and MACOS.BONZAIBANANA.

XProtect Remediator doesn’t change the list of scanner modules.

There are changes to the list of Bastion rule 2 paths, and four new Bastion rules 14-17. These cover sending AppleEvents to browsers, the Finder and Terminal, mach-lookup for com.apple.pasteboard.1, and writing to a long list of shell-related hidden directories in the user’s Home folder.

These are probably the greatest changes to XProtect’s Yara rules and Bastion rules for more than a year.

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-152 and XProtectPlistConfigData_10_15-5304.

Sequoia and Tahoe systems only

The XProtect update has already been released for Sequoia and Tahoe via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5304 but your Mac still reports an older version is installed, you may be able to force the update using
sudo xprotect update

Yesterday — 8 July 2025Main stream

More updates for Tahoe: Spotlight (Metamer, Spotcord), text obfuscation (Dystextia) and storage testing (Stibium)

By: hoakley
8 July 2025 at 14:30

This week’s batch of app updates includes two for working with metadata, a fun obfuscator of text, and my in-house performance test for storage. In each case, they have been given a new app icon that should display well in all versions of macOS from Big Sur to Tahoe. Their windows have been overhauled to accommodate Tahoe’s larger controls, and they have been rebuilt.

Spotlight and metadata

Metamer gives access to 16 of the most useful types of metadata that can be saved as extended attributes to any file, and others that are text-based if you wish. It has a built-in scratchpad you can use to assemble groups of keywords, for instance. It thus gives access to a wide range of metadata that you can use in Spotlight search.

Metamer version 1.6 is now available from here: metamer16
from its Product Page, and via its auto-update mechanism.

To accompany that is Spotcord, which scans folders to build vocabularies of keyword metadata (kMDItemKeywords in Spotlight’s terms), subjects and other specified types. Although it can look for those Spotlight derives from image analysis, experience shows that few are likely to be accessible outside Spotlight itself. This is the first release version of Spotcord, which had lingered in beta far too long.

Spotcord version 1.0 is now available from here: spotcord10
and from its Product Page. It doesn’t use the auto-update mechanism, though.

Text obfuscation

Dystextia is a bit of fun using Unicode lookalike characters to obfuscate Roman text. For example, it will convert this line into
Dуstехtіа іs а bіt оf fun usіng Unісоdе lооkаlіkе сhаrасtеrs tо оbfusсаtе Rоmаn tехt.
or even
Dу𝚜𝚝ех𝚝іа і𝚜 а bі𝚝 о𝚏 𝚏𝚞𝚗 𝚞𝚜і𝚗ɡ U𝚗ісоⅾе ⅼоо𝚔аⅼі𝚔е с𝚑а𝚛ас𝚝е𝚛𝚜 𝚝о оb𝚏𝚞𝚜са𝚝е Rо𝚖а𝚗 𝚝ех𝚝․
if you prefer. This is easy to reverse using AI, but throws find and spellchecking out of the window.

Dystextia 1.9 is now available from here: dystextia19
from its Product Page, and via its auto-update mechanism.

Storage performance testing

In contrast, today’s last update is the app I use to measure read and write speeds of storage, from internal SSDs to external hard disks and NAS systems. This offers a flexible range of test methods, all based on the same API calls used by apps to ensure they represent real-world performance. This comes with a detailed Help book that explains how testing and data analysis are performed.

Stibium version 1.2 is now available from here: stibium12
from its Product Page, and via its auto-update mechanism.

Coming next

My next batch of updates concludes the straightforward ones, and will bring Dintch, Fintch and Cormorant.

I currently don’t intend updating any of my command tools like blowhole, as they appear to continue working fine in Tahoe.

I have started work on updates to Unhidden, SilentKnight/Skint, and the Viable family of virtualisers. Each needs more work before they will work properly with Tahoe, in the case of SilentKnight/Skint a complete new version designed for future macOS.

I currently don’t intend updating ArchiChect, Taccy, Signet, Scrub, LockRattler or the command tool silnite for Tahoe, as they’ve now been superseded or outdated. If you want one of those reinstated, please let me know.

Before yesterdayMain stream

Solutions to Saturday Mac riddles 315

By: hoakley
7 July 2025 at 16:00

I hope that you enjoyed Saturday’s Mac Riddles, episode 315. Here are my solutions to them.

1: It came with a tumbler from Camelot in 1993, then opened in 2008.

Click for a solution

PDF

It came with a tumbler (an acrobat) from Camelot (its original internal name) in 1993 (first released on 15 June 1993), then opened in 2008 (when it was adopted as an open ISO standard).

2: Replacement for 3 to avoid royalties with transparency has just turned three.

Click for a solution

PNG

Replacement for 3 (it was developed by Thomas Boutell and others to replace GIFs) to avoid royalties (those were imposed on GIFs because of their use of LZW compression) with transparency (it supports a transparency layer) has just turned three (its latest version 3.0 was released in June this year).

3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.

Click for a solution

GIF

CompuServe (released by CompuServe in 1987) animated (it supports animated images) its palette with 256 colours (it only supports palettes with 256 colours) but we still can’t agree how to say it (there has been a long-running dispute as to whether its ‘g’ is hard like ‘gift’ or soft like ‘gin’).

The common factor

Click for a solution

They were each intended to be portable, universal file formats.

I look forward to your putting alternative cases.

macOS Tahoe extends quantum-secure encryption

By: hoakley
7 July 2025 at 14:30

Much of the data handled on and off our Macs and devices is protected by encryption. That has been designed to ensure encryption can’t be broken in a reasonable amount of time using current and future computing resources. Using conventional computers, for instance, it would take a great many years to break data encrypted using 256-bit AES, so in practice this has been considered to fully secure, for the past.

Threat

For the last 50 years or so, researchers have been working on quantum computers that could radically change that. Instead of using normal binary bits with values of 0 and 1, those use qubits measured in terms of probability, making them non-deterministic. That changes the way they work, and some tough problems in the binary world can be speeded up so much that, given a suitable quantum computer, they could compute in far shorter times. This has already been applied to greatly reduce search times in big data, and has the potential to break most recent forms of encryption.

Progress in making suitably powerful quantum computers to be able to decrypt data encrypted using classical techniques has been slow, but we’re now reaching the stage where that’s likely to be feasible in the next year or three. Now is the time to start deploying more advanced forms of encryption to protect our data from the imminent future.

Data in transit

In February last year, Apple announced that iMessage was transitioning to the use of protocols that are quantum-secure, and those were introduced the following month in macOS 14.4, iOS and iPadOS 17.4 and watchOS 10.4. When macOS 26 Tahoe and its matching OSes are released in a couple of months, they bring further important steps towards fully secure encryption, in encrypted network connections using quantum-secure mechanisms in TLS 1.3.

Classical encryption is at its most vulnerable when encryption keys are exchanged over the Internet, and public key systems can be completely broken by quantum methods. Thus, Apple’s first changes are being made to protect data in transit, where it can be intercepted and stored for later decryption using a quantum computer. Securing iMessage is an important start, and the new features in Tahoe and its sisters extend similarly improved protection to other data transfers.

Apple’s operating systems provide support for encryption and related techniques in CryptoKit, making quantum-secure methods available to third-party apps as well. For OS 26, CryptoKit gains Module-Lattice based key encapsulation or ML-KEM, part of the FIPS 203 primary standard for general encryption. Signatures gain the Module-Lattice based digital signature algorithm or ML-DSA, part of FIPS 204.

Data in storage

Whereas public key cryptography systems can be completely broken by quantum attacks, the news for symmetric key schemes such as those used in FileVault and APFS encryption is considerably better. Although quantum computers will be able to break classical techniques more quickly, that should prove neither quick nor easy.

In Intel Macs with T2 chips and Apple silicon Macs, encryption keys are protected by the Secure Enclave, never leave it, and are never exposed to the main CPU. Attempts to gain access through the Secure Enclave are subject to robust defences: for example, the Secure Enclave Processor allows only 5 attempts to enter a Mac’s password before it increases the time interval enforced between entry attempts, and after 30 unsuccessful attempts no more are allowed at all, and the Mac has to be fully wiped and reset.

Trying to remove internal storage is designed to frustrate the attacker. Although internal storage is referred to as an SSD, the storage used isn’t complete in the sense that you couldn’t remove it and install it in another computer, and most of its disk controller functionality is performed by sections in the host chip, including its Secure Enclave. Even models like the Mac Studio that have socketed storage don’t make this easy: remove its special SSD module and it won’t work in another Studio unless it has been completely wiped and reset, destroying its keys and contents.

Apple’s strategy for the protection of encrypted internal storage is thus intended to block access at every level, so that post-quantum brute-force decryption would have little if any impact should it become available in a few years. The standard encryption method used, AES-256 in XTS mode, may need to be revised as quantum decryption becomes more feasible, and Apple is now recommending that doubling the key size should be sufficient to make encryption suitably resistant to forcing with a quantum computer.

Summary

  • Future quantum computers will be able to break some classical encryption methods.
  • Public key methods used to protect data in transit across the Internet are the most vulnerable to quantum attack.
  • macOS 14.4 and iOS 17.4 have started progressively replacing iMessage protection to make it resistant to quantum attack.
  • OS 26 will extend that protection to cover connections over TLS 1.3, where supported by servers.
  • Protection already provided to stored data, such as FileVault, is considered to remain robust.
  • Encryption of static data can be made more robust to quantum cryptography by doubling key size from 256 to 512 bits.

Resources

Quantum computing (Wikipedia)
Post-quantum cryptography (Wikipedia)
FIPS 203-206 (NIST standards)
Securing iMessage with PQ3 (Apple)
macOS Tahoe TLS 1.3 support (Apple)
Cathie Yun presentation Get ahead with quantum-secure cryptography, WWDC 2025 (via Apple Developer app etc.)
CryptoKit for developers (Apple)

Can Taiwan Really Disconnect Its Economy From China?

Momentum is building in Taiwan to lessen its business dependency on China, its biggest trading partner. Doing so will not be easy.

© Greg Baker/Agence France-Presse — Getty Images

Many of Taiwan’s biggest companies have grown on the strength of manufacturing investments in China.

Last Week on My Mac: PageRank and plagiarism

By: hoakley
6 July 2025 at 15:00

Yesterday’s brief history of Internet search carries a lot in between its lines, some of it increasingly sinister. From the assumption that search results should be ranked by popularity rather than quality of content, to Google’s latest AI overviews, so much runs counter to all we had come to learn in previous millennia.

Many of our greatest insights and ideas have been far from popular at the time, and some have been so reviled that their authors have been ostracised as a result. Indeed, the origin of the term ostracisation refers to a practice that the ancient Greeks recognised led to popular but flawed outcomes, when the great were rejected by ill-informed opinion of the mob.

By a quirk of fate, the screenshot of Google Scholar in use showed search results from 2011 for the terms autism vaccine, a topic that has recently returned to the headlines. Claims made by some of today’s politicians have been propagated using the same principles as PageRank until millions of people have been fooled into believing what were demonstrably fraudulent results. The mob are about to throw away decades of public health improvements for the sake of palpable lies.

We now have new tools to amplify such nonsense, in ‘AI’ built on large language models, and they’re starting to supplant search. In doing so, they’re going to destroy the raw material they feed on to generate their summaries.

Before about 2000, the great majority of information was printed on paper. There must have been a dozen or more specialist Mac magazines, and a steady stream of popular books about Mac OS and how to get the best from it. Even Apple was a prolific originator of thoroughly well written reference guides in its Inside Macintosh series, published by Addison Wesley. In the following couple of decades, most of those vanished, replaced by websites financed by advertising income, hence the industry dominated worldwide by Google.

Blogs originated in the mid-1990s and by about 2010 had reached a peak in their numbers and influence. Since then many have ceased posting new articles, or simply vanished. The generation that took to the web around 25 years ago are now trying to retire, sick of spam comments and the vitriolic spite of those that abuse them. Unsurprisingly the next generation are less enthusiastic about taking to their blogs, leaving some to make money from ephemeral video performances.

If there’s one thing that Google could have done to further the decline of the remaining online publications and blogs it’s to plunder their contents, massage their words with the aid of an LLM, and present those as overviews. When you’ve researched an article over several days and spent many hours writing and illustrating it, it’s more than galling to see an AI present its paraphrase as its own work.

These AI overviews range from the accurate, through repetitious waffle, to those riddled with errors and contradictions. Had they been written by a human, I’d describe them as a shameless and inaccurate plagiarist who has little or no understanding of what they’re plagiarising.

You can see examples of this by making quick comparisons between Google’s AI overview and the articles that it links to. For instance:

  • Ask Google “what is the boot volume structure in ios?” and compare that overview with this article. For added entertainment, try the same with iPadOS, and spot the differences.
  • Ask “what does runningboard do in macos?” and notice how sources given date from 2019 and 2021, when RunningBoard had only just been discovered. Refer to a more recent account such as that here, to see how out of date that overview is, and how much it has changed in Sequoia.

There’s also an element of unpredictability in those overviews. Repeat one after a couple of minutes, and the results can be quite different.

Although Cloudflare has developed a method that enables commercial publishers to control Google’s ability to scrape their content and plagiarise it, for the great majority of us, there seems little we can do but watch page views continue to fall to levels below those before the Covid pandemic. If you’ve got something better to do with your time than write for your blog, this is when you get seriously tempted.

But Google is digging a deep hole for its future. As the supply of new content to feed its LLM falls, most new articles will be generated by AI. All it will have to plagiarise then will itself be plagiarism, and it will amplify its own errors. By not referring searches to content, Google will also have killed the geese that lay its golden eggs, and lost much of its advertising revenues.

We’ll then be back full circle to curated web directories of the remaining reliable sites.

Saturday Mac riddles 315

By: hoakley
5 July 2025 at 16:00

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: It came with a tumbler from Camelot in 1993, then opened in 2008.

2: Replacement for 3 to avoid royalties with transparency has just turned three.

3: CompuServe animated its palette with 256 colours but we still can’t agree how to say it.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

A brief history of Internet search

By: hoakley
5 July 2025 at 15:00

Searching the Internet, more recently its web servers, has proceeded in four main phases. Initially, humans built structured directories of sites they considered worth visiting. When those couldn’t keep pace with the Internet’s growth, commercial search engines were developed, and their search results were ranked. Around 2000, Google’s PageRank algorithm became dominant for ranking pages by their popularity. Then from late 2024 that is being progressively replaced with AI-generated summaries. Each of these has been reflected in the tools provided by Mac OS.

Directories

In the earliest years of the Internet, when the first web servers started to appear, and files were downloaded using anonymous FTP, users compiled their own lists by hand. Some curated directories were made public, including one maintained by Tim Berners-Lee at CERN, and another at NCSA. Individuals started using Gopher, a client to discover the contents of servers using the service of the same name. The next step was the development of tools to catalogue Gopher and other servers, such as Veronica and Jughead, but it wasn’t until 1993 that the first search engine, W3Catalog, and a bot, the World Wide Web Wanderer, started to transform Internet search.

Berners-Lee’s directory grew into the World Wide Web Virtual Library, and still exists, although it was last updated several years ago, most is now hosted elsewhere, and some is broken. The most famous directory was originally launched in 1994 and was then known as Jerry and David’s Guide to the World Wide Web, later becoming Yahoo! Directory. This offered paid submission and entry subscriptions, and was closed down at the end of 2014.

The favourite of many (including me) was launched as GnuHoo in 1998, and later that year, when it been acquired by Netscape, became the Open Directory Project, then DMOZ, seen here in the Camino browser in 2004. Although owned by AOL, it was maintained by a volunteer community that grew rapidly to hold around 100,000 links maintained by about 4,500 volunteers, and exceeded a million links by the new millennium. DMOZ closed in 2017 when AOL lost interest, but went on as Curlie using the same hierarchy.

Sherlock was first released in Mac OS 8.5 in 1998. As access to the web grew, this came to encompass remote search through plug-ins that worked with new web search engines.

Those were expanded in Sherlock 2, part of Mac OS 9.0 from 1999 and shown above, and version 3 that came in Mac OS X 10.2 Jaguar in 2002.

Indexing and ranking

Human editors couldn’t keep pace with the growth of the web, and demand grew for searching of indexes. This posed the problem of how to rank pages, and development of a series of ranking algorithms, some of which were patented. The first to use links (‘hyperlinks’) was Robin Li’s RankDex, patented in 1996, two years before Sergey Brin and Larry Page’s PageRank that brought their success in Google.

Ranking search results wasn’t new. In the late twentieth century, sciences started measuring the ‘impact’ of published papers by counting their citations in other papers, and university departments and scientific journals laid claim to their greatness by quoting citation and impact indexes. Early search ranking used features such as the frequency of occurrence of the words in the search term, which proved too crude and was manipulated by those trying to promote pages for gain. The obvious replacement was incoming links from other sites, which also quickly became abused and misused.

Research into networks was limited before 1998, when Jon Kleinberg and the two founders of Google entered the field. As with citation indexes before, they envisaged link-based ranking as a measure of popularity, and popularity as a good way of determining the order in which search results should be presented. They also recognised some of the dangers, and the need to weight incoming links to a page according to the total number of such links made by each linking site. Oddly, Kleinberg’s prior work wasn’t incorporated into a search engine until 2001, by which time Brin and Page were powering Google to dominance, and in June 2000 provided the default search engine for Yahoo!

This is Yahoo! Search seen in Firefox in 2007, by which time it was using its own indexing and search engine.

PageRank and algorithms

Google grew prodigiously, and became rich because of its sales of advertising across the web, a business dependent on promotion of its clients, something that could be achieved by adjusting its PageRank algorithm.

Although it’s hard to find now, at one time Google’s Advanced Search was widely used, as it gives more extensive control. Here it’s seen in Safari of 2011.

Google Scholar gives access to published research in a wide range of fields, and was introduced in late 2004. Here it’s seen in use in 2011, listing work that’s recently become topical again. Scholar doesn’t use the same PageRank-based algorithm for ranking its results, but does give substantial weight to citation counts.

When Apple replaced Sherlock with Spotlight in Mac OS X 10.4 Tiger in April 2005, web search defaulted to newly-arrived Safari and Google’s search engine. Its major redesign, in OS X 10.10 Yosemite in 2014, merged web and local search into Global Spotlight, the search window that opens from the Spotlight icon at the right end of the menu bar. That in turn brought Spotlight Suggestions, which became Siri Suggestions in macOS Sierra.

spotlighticloud

This shows a search in Global Spotlight in macOS 10.12 Sierra, in 2017.

Apple has never explained how Siri Suggestions works, although it appears to use machine learning and includes partial results from web search probably using Google. It offers a taste of what is to come in the future of Internet search.

Summarising

Google started the transition to using Artificial Intelligence in 2024, and that September introduced Audio Overview to provide spoken summaries of documents. This year has brought full AI overviews, in which multiple pages are summarised succinctly, and presented alongside links to the pages used to produce them. Although some can be useful, many are vague and waffly, and some blatantly spurious.

We’ve come a long way from Tim Berners-Lee’s curated directories, and PageRank in particular has transformed the web and more besides.

References

Wikipedia:
Gopher
Web directory
Search engine
Google Scholar

Amy N Langville and Carl D Meyer (2006) Google’s PageRank and Beyond: the Science of Search Engine Rankings, Princeton UP. ISBN 978 0 691 12202 1.

What’s the future for your Intel Mac?

By: hoakley
4 July 2025 at 14:30

From its first announcement of Apple silicon Macs on 22 June 2020, there has been speculation as to when support of Intel models will cease. Now Apple has given exceptionally clear details of its future intentions, and we have a clearer idea of what’s coming in macOS Tahoe, we can make plans at last. This article looks at the years ahead. In each case, major events are scheduled to occur with the annual transition of macOS to the next major version, normally in September-October.

2025

Final security update for macOS 13 Ventura, ending support for:

  • iMac 18,1-3
  • MacBook 10,1
  • MacBook Pro 14,1-3.

If you’re still running Ventura on a Mac capable of Sonoma or later, now is the time to plan the upgrade.

2026

Final security update for macOS 14 Sonoma, ending support for:

  • MacBook Air 8,1-2.

First release of an Arm-only version of macOS, 27. However, that and all its updates will continue to include full support for running Intel binaries using Rosetta 2 translation. macOS 27 will be the last major version that supports Rosetta 2 fully in Virtual Machines.

2027

Final security update for macOS 15 Sequoia, ending support for:

  • iMac 19,1-2
  • iMac Pro
  • Mac mini 8,1
  • MacBook Air 9,1
  • MacBook Pro 15,1-4 16,3.

First release of macOS 28, with full Rosetta 2 support removed. Limited Intel binary support will continue for “older unmaintained gaming titles” only. As a result, virtual machines running macOS 28 will no longer be able to run most Intel binaries.

2028

Final security update for macOS 26 Tahoe, ending support for all remaining Intel models:

  • iMac 20,1-2
  • Mac Pro 7,1
  • MacBook Pro 16,1-2 16,4.

T2 firmware updates are almost certain to cease with the end of support for macOS 26. Major third-party vendors are likely to stop providing Universal binaries, as they too drop support for macOS 26 and Intel models. Apple may decide to remove x86 support from Xcode 29, but hasn’t yet made any statement either way.

Benefits of upgrading macOS in Intel models

Although macOS Sequoia and Tahoe have brought some new features for Intel Macs, much of Apple’s emphasis now requires Arm systems. Major reasons for upgrading your Intel Mac to the most recent version of macOS it can run include:

  • Third-party support. Major software vendors like Microsoft normally only support their products on versions of macOS still supported by Apple.
  • Safari is only updated in supported versions of macOS.
  • Bug fixes. Although new versions bring their own bugs, the chances of an existing bug being fixed in the current release of macOS are far greater than it being fixed in an older version.
  • Security vulnerabilities. Only the current version of macOS gets a full set of fixes in each round of security updates, and the older two supported versions often lag the current one.
  • Enhancements. Some new features are still provided for both platforms.
  • Compatibility. If you already use Apple silicon Macs, or intend doing so, they are more compatible when running the same version of macOS. One topical example is Tahoe’s new ASIF disk image format.
  • Quantum-secure encryption. Apple has already started to transition to cryptographic techniques designed to remain secure as and when quantum computers are used in the future to break older methods. This started with iMessage last year, and Apple has announced that macOS 26 Tahoe will support quantum-secure encryption in TLS. This is unlikely to be added retrospectively to older versions of macOS.

I hope you find that helpful in your planning, and wish you success in whatever you choose.

More updates for Tahoe: Aliases (Alifix), special files (Sparsity), file types (UTIutility) and language (Nalaprop)

By: hoakley
3 July 2025 at 14:30

This week I have another group of four little utilities whose windows have been overhauled, and have new app icons to meet the requirements of macOS Tahoe. Each of these new versions requires macOS Big Sur or later.

Finder aliases

If you have old Finder aliases that need to be checked and repaired, Alifix will do that job with you. Use it to scan a folder containing those aliases, and it will warn you which can’t be resolved any longer, and can rewrite those that need to be updated.

Alifix version 1.4 is now available from here: alifix14
and from its Product Page. As it seldom needs updating, it doesn’t use the auto-update mechanism.

APFS sparse and clone files

As you can tell by its name, Sparsity started off as a means of creating APFS sparse files for test purposes. In addition to that, it has a valuable scanning feature that will detect and report details of all sparse, clone and purgeable files in a selected volume or folder. Information reported includes both the nominal and actual size of each file, so you can see which sparse files are saving the most space on disk.

Sparsity version 1.4 is now available from here: sparsity14
and from its Product Page. It too doesn’t use auto-update.

UTI file types

Give UTIutility a filename extension and it will tell you its Uniform Type Indicator (UTI, also UTType), traditional Mac OSType, MIME type, Pasteboard type, and a list of UTIs it conforms to. You can also find the same information from those other properties. This too has a crawler that will search through a volume or folder and compile a list of all the UTIs it encounters there. Its Help book contains an extensive reference to UTIs to help you get the most out of them.

UTIutility version 1.4 is now available from here: utiutil14
and from its Product Page. It doesn’t use auto-update.

Natural language

For many years, macOS has had built-in features to handle and parse natural languages including French, Spanish and German. Nalaprop uses these features to analyse text files, or text pasted into the left view in its main window. That text can then be parsed by downloadable linguistics modules supplied by Apple, and each word displayed in colour according to that word’s part of speech or grammatical type. From that it can automatically construct dictionaries or concordances of words used in that text, arranged by part of speech, and giving word frequency for each.

Nalaprop comes with a multilingual demonstration file to show how well it copes with language transitions.

Here it has parsed and coloured the text in the middle according to part of speech, for two languages, English and French. To the right of those is the dictionary it has compiled, ending verbs and starting the list of nouns. At the far right is a colour key for parts of speech.

In this demonstration, Charles Dickens’ novel David Copperfield has been parsed, a total of nearly 360,000 words. Currently such large documents are analysed in the main thread, so you’re likely to see a spinning beachball during parsing, but can still switch freely to other apps when that’s taking place. Those with Apple silicon Macs will see that analysis is performed in a single thread running on one P core, so all the other P cores remain free to run other tasks. I was hoping to use different threads for this, but it proved too complicated to incorporate in this particular version.

Nalaprop version 1.4 is now available from here: nalaprop14
from its Product Page, and via its auto-update mechanism.

Enjoy!

Here are the 21 icons for those of my apps so far ported to be compatible with Tahoe.

You don’t have to collect all in the series, though.

Should you try the public beta-release of Tahoe?

By: hoakley
2 July 2025 at 14:30

Some time in the next week or two, Apple is expected to release its first public beta of macOS 26 Tahoe. This article is intended to help you decide whether to risk or resist that tempting offer.

As with Sequoia last year, to install the public beta-release you no longer have to download a special enabler from a closed website. This is now done through an extra option in Software Update. All you need to do is sign up here, and once the public beta is released you should see it offered in Software Update, when your Mac is signed in using the Apple ID you signed up with. There’s also an option there that caters for those who wish to use a different Apple ID for betas.

Can your Mac run Tahoe?

Tahoe is officially supported on just four models of Intel Macs with T2 chips, and all Apple silicon Macs. It’s expected that at least some older Macs will be able to run Tahoe using OCLP, but won’t do so until that has been updated later this year.

The full list of supported models is:

  • MacBook Pro 16-inch 2019, and 13-inch 2020 with four Thunderbolt ports,
  • iMac 2020,
  • Mac Pro 2019,
  • all Apple silicon Macs.

As in Sequoia, Apple Intelligence is only available on Apple silicon models.

What do you get in the beta?

Apple’s official account of new features is fairly detailed. I have drawn attention to a new disk image format in this article.

Changes are dominated by Liquid Glass and other features in its new interface, which is still evolving. This brings changes in app icons, and may require further work to adjust interface elements to accommodate its changes.

Other significant new features include:

  • Magnifier app using a connected camera;
  • Journal app now available in macOS;
  • Phone app available in macOS;
  • Metal version 4.

Apple provides extensive release notes for betas.

Although Tahoe is thoroughly macOS version 26, you will discover that it can also pose as version 16, as explained here.

Can you lose that Mac?

The next question you should ask is whether you could afford to completely lose your Mac for a while, as a result of a problem with the beta. Although that’s most unlikely to happen, it’s a risk you’ve got to be prepared for when you install any pre-release version of macOS.

Never, under any circumstances, install a beta of macOS on any Mac you rely on for production. Betas invariably involve firmware updates, so even if you install the beta on an external disk, it will change your Mac’s firmware. Undoing that is hard enough for an Apple silicon model, and it’s not possible on Intel Macs. All you can then do is wait for another beta, or maybe the final release in the autumn/fall, which should update the firmware to something more compatible.

Betas also normally come with updated versions of key components such as iCloud, the APFS file system and Time Machine. Consider carefully what havoc they could produce if there’s a bug affecting other storage used by that Mac, and its backups.

If the worst comes to the worst, you could end up having to restore that Mac to an older version of macOS. Apple explains how to do that, and you should read that account carefully before making any decision. If you’re thinking of installing betas on an Apple silicon model, beware that process requires another Mac running Apple Configurator 2, or macOS Sonoma or later, and restoring it in DFU mode.

Internal or external SSD?

One way to reduce the risk posed by beta versions of macOS is to install them on external storage. While that can enforce some degree of separation and protection, it still means that firmware is updated, and still brings significant risk of disaster. Don’t try this with a production Mac, even from an external disk.

If you’re going to install the beta on an external disk, you’ll need to be comfortable with the procedure for Apple silicon Macs. Although it does become straightforward with practice, some seem unable to get it to work at all. Intel Macs are far simpler, of course, although one important catch with T2 models is that you have to downgrade their security using Startup Security Utility in Recovery mode, if you haven’t already done so, or they can’t boot from an external disk. This article steps through the procedure.

Multiple systems on the same disk

You can also install multiple boot volume groups on the same disk, letting you choose which version of macOS to start up from. This provides even less separation or protection than installing them on separate disks, so should never be attempted on any production Mac.

Apple recommends that you do this into separate boot volume groups within the same APFS container, which has the great advantage that they share the same free space within that container. However, there are times when that can work against you, and you may prefer to opt for separate containers instead. The choice is yours.

Virtual machine

Some consider the best way of keeping out of trouble when running beta versions of macOS is to install them into a Virtual Machine (VM). This can’t alter the firmware of the Mac hosting the VM, and that alone makes it far safer. This is simplest on Apple silicon Macs, with their extensive built-in support for running virtualised macOS. Use any of the virtualisers, including Parallels, UTM, and my own Viable. Full instructions for Viable are given here, with additional information for Tahoe here.

iCloud

Some betas bring substantial changes to iCloud, and in the past that has caused lasting havoc to accounts and on iCloud storage. I’m not aware of any particular issues that have been reported in this respect with Tahoe betas, but many testers prefer to use a different iCloud account for Macs when running beta-releases of macOS.

Kernel panics

If you do decide to install the Tahoe beta, or have already done so, I have a big favour to ask on behalf of tens of millions of users, and most of Apple’s engineers. By all means take a good look at its new features, and give Apple plenty of feedback on what you think of them. But please pay careful attention to the basics, exercising your Mac with peripherals such as external displays and hubs. Should you discover problems, please work with Apple to ensure that it knows what they are. If you can, test out features such as Time Machine (being careful not to put your existing backups at risk), which seldom get much attention from beta-testers.

In particular, send Feedback reports on any kernel panic your Mac encounters when running a beta. The normal system report, sent after your Mac has restarted, is helpful, but further details are much better still. Even betas should never suffer kernel panics; if yours does, please help Apple’s engineers fix that problem before Tahoe is released.

For those who do beta-test Tahoe, I wish us success, and hope you enjoy testing, and helping Apple make Tahoe even better for all of us.

Apple has released an update to XProtect for all macOS

By: hoakley
2 July 2025 at 02:00

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5303. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds two new rules, for MACOS_SOMA_JUEN and MACOS_SOMA_LLJU, continuing to extend its coverage of the Amos/Soma family of malware.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5303

Sequoia systems only

This update has just now been released for Sequoia via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5303 but your Mac still reports an older version is installed, you may be able to force the update using
sudo xprotect update

Update:

The update was released via iCloud at 2010 GMT.

How to stop Safari quitting unintentionally

By: hoakley
1 July 2025 at 14:30

I don’t always hit the right keyboard shortcuts. Of those that I commonly get wrong, by far the most serious are Command-W and Command-Q in Safari. While the former just closes the frontmost window, the latter quits the whole app, and can lose the contents of online forms. Why can’t Safari show a confirmation alert before quitting, so I can cancel those unintentional quits?

No alert is going to stop you from using the wrong keyboard shortcut. All it will do is annoy you every time you want to quit Safari and press the correct keys. At worst, when you press Command-Q but intended Command-W, you’ll accidentally click on the wrong button in the alert and go ahead with quitting Safari. The error isn’t quitting the app, it’s pressing the wrong keys, and you’ll continue to do that unless you train yourself out of it, or change your practice to make it more robust.

Historically, keyboard shortcuts for quitting apps and closing windows have long been set as Command-Q and Command-W, as Q stands for Quit and W for Window. It’s unfortunate that the two keys are immediately adjacent, so making it easy to press the wrong one, particularly if you hunt and peck for keys rather than being a touch typist.

If you’re having this problem in Safari, then you’re most likely doing the same in other apps, although its impact there may not be as apparent. That’s because most other apps track changes made in open documents for this purpose, but that’s not something that Safari can do with web pages, as entering your own text within them is tracked by the remote web server, not the browser. This should be mitigated by any website that you’re entering text into: the server should either record those entries as you make them, or at least give you the option of saving them. That’s a basic expectation of accessible website design.

Solution

You may find it helpful to enable Ask to keep changes when closing documents in Desktop & Dock settings. Coupled with disabling the control below, to Close windows when quitting an application, that should bring more protective app behaviour.

It might seem tempting to try changing the shortcut for Quit, but as far as I can see, you can’t do that for all apps. Changing it for just one or a few introduces a major inconsistency, and only increases the risk of error.

The best way you’re going to address this is to remove its root cause, by not pressing Command-Q when you don’t want to quit Safari, and that requires you to close windows a different way. Readily available in macOS is the choice of:

  • closing windows by clicking on their red Close button at the top left;
  • using the Close command in the File menu;
  • assigning a different key combination, and using that to close windows in all apps.

Although you don’t appear able to change the shortcut for Quit in all apps, you can for Close. Open Keyboard settings, click on Keyboard Shortcuts…, then on App Shortcuts at the left. Click on the + tool to add a new shortcut, and set that for All Applications, with a Menu title of Close, and a shortcut of something like Command-Shift-M. You may find Apple’s list of keyboard shortcuts helpful to ensure there are no conflicts. Whichever you choose, you should apply it consistently across all your apps. This keeps it standard and simple and makes it automatic.

Of those three options, my preference is invariably for the first, using the window’s Close button. That’s because it works independently of whichever window is at the front and ‘in focus’. With a little care checking which window you apply it to, it should be completely free of error. The disadvantage of both the Close menu command and its shortcut Command-W is that you might have a different window in focus, so sometimes you will end up closing the wrong one by mistake.

Training

Once you have chosen which to use, train yourself rigorously to use that, and that alone. When working with single-window apps you have the choice of using either, and you should consciously go through the process of thinking that through before deciding which control to use, to remind yourself of what you are doing and why.

The goal is to make closing windows and quitting apps, including Safari, thoroughly reliable processes, so you never make a mistake. That makes any warning alert superfluous, and you’ll then agree that it would only serve to irritate. That’s why better interface guidelines caution against displaying an alert unless there’s a compelling reason to do so, and not routinely whenever quitting an app.

Solutions to Saturday Mac riddles 314

By: hoakley
30 June 2025 at 16:00

I hope that you enjoyed Saturday’s Mac Riddles, episode 314. Here are my solutions to them.

1: Expedition for a panther now in visionOS too.

Click for a solution

Safari

Expedition (a safari) for a panther (it was first bundled with Mac OS X Panther in 2003) now in visionOS too (it’s now bundled in visionOS).

2: Polished plate is now 1’s most serious competitor.

Click for a solution

Chrome

Polished plate (chrome) is now 1’s most serious competitor (on Apple’s platforms, it is Safari’s main competitor).

3: Web pet only lasted a year before the exploder.

Click for a solution

Cyberdog

Web (cyber) pet (dog) only lasted a year before the exploder (released in 1996, it was dropped the following year, for Microsoft Internet Explorer to become the bundled web browser in Mac OS X).

The common factor

Click for a solution

They’ve each been web browsers for Mac OS.

I look forward to your putting alternative cases.

Updates to Apfelstrudel (Unicode), AppexIndexer (Appexes), Ulbow (logs) and Versatility (versions)

By: hoakley
30 June 2025 at 14:30

In this last batch of updates to my apps for the next few weeks, there are four more popular tools, covering Unicode normalisation, appexes, logs, and document versions.

Unicode normalisation

Perhaps the earliest problem with APFS was its lack of Unicode normalisation for file and folder names. This has been a standard way to address accented and other characters that appear identical but have different codes. Apple addressed that, first in providing a normalisation layer on top, then by incorporating it into APFS. However, it can still prove a problem, both within apps and when working with other file systems. Apfelstrudel is a simple app that reveals any potential problems with normalisation, and helps you use the form most appropriate. Version 1.6 has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards.

Apfelstrudel 1.6 is now available from here: apfelstrudel16
from its Product Page, and via its auto-update mechanism.

Appexes

App extensions, or appexes, are numerous in recent versions of macOS, and widely used by apps. This simple utility shows all those managed by PlugInKit, complete with their UUIDs, to help you manage them. Version 1.1 has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Sonoma 14.6 onwards.

AppexIndexer 1.1 is now available from here: appexindexer11
and from its Product Page. It doesn’t yet support auto-update.

Logs

Until I started development of LogUI, Ulbow was my preferred app for browsing the Unified log. It has extensive features, with full support for the use of predicates, a chart showing the most frequent sources of log entries, and support for creating and using logarchives, including those from iOS and iPadOS. Unlike LogUI, it uses the log command to obtain log extracts, enabling it to show entry times in nanoseconds. It also displays extracts in Rich Text rather than as a list. Version 1.11 fixes a crashing bug when handling some logarchives, has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards, and is recommended for all users.

Ulbow 1.11 is now available from here: ulbow111
from its Product Page, and via its auto-update mechanism.

Document versions

While Revisionist (also recently updated) provides a suite of tools to work with macOS document versions, Versatility handles one of those tasks with greater ease, creating version archives, and reconstituting them into documents. Simply drop a file onto its window and it will be converted into a folder containing each saved version as a separate document. Drop one of those archive folders onto its window and it will be reconstituted into a document with all those previous versions. This makes it simple to preserve versions when moving documents between volumes or computers, and for archival purposes. Version 1.1 has been rebuilt with a new app icon ready for macOS 26 Tahoe, and supports macOS from Big Sur onwards.

Versatility 1.1 is now available from here: versatility11
from its Product Page, and via its auto-update mechanism.

Next updates

Most of my other apps that haven’t yet been updated for Tahoe should still run perfectly well, although their app icons won’t appear the same as before. I’m now turning my attention to the successor to SilentKnight and Skint, and my virtualisers Viable, ViableS, Vimy and Liviable. Once I’m done with those, I’ll return and complete my other apps.

Enjoy!

Last Week on My Mac: Plan ahead with this summer’s mallyshag

By: hoakley
29 June 2025 at 15:00

Summer is an unpredictable time of year. With the Atlantic hurricane season already upon us, we could see searing heat or devastating storms. So it is with the announcements made at WWDC earlier this month: do we have time to try out some of the new features coming in three months, or must we get on with wrangling deprecations and changes looming in macOS Tahoe?

A glance through Apple’s beta release notes might suggest it should prove innocuous, and the great majority of code that’s already happy in Sequoia should have no problems in Tahoe, and so far that’s my experience. That should leave us plenty of time to adjust our app icons so they display properly in the Dock and elsewhere, but it’s there it gets more subtly complicated.

Fix app icons

I don’t think I can over-stress the importance of using Icon Composer for creating replacement app icons. If you don’t, then Tahoe seems determined to deface many traditional icons so they become almost illegible and unusable. The only exemptions are those already conforming to the fixed outline of a square with rounded corners. Any irregularity such as putting a pixel outside that, and they’re relegated to the sin bin.

Here are two icons for the same app viewed in Tahoe. The left one uses a traditional AppIcon.icns icon image, while that on the right is the same circular PNG that has been applied using Icon Composer and added as a .icon file. So far my attempts to get this to work using Xcode 16.4 have been unsuccessful, and the only solution has been to use a beta-release of Xcode 26.

Overhaul controls

That brings with it another problem, as it automatically converts AppKit and SwiftUI layouts so they use Tahoe’s new interface style, and that can generate further work. If you look closely at Apple’s demos of Tahoe at WWDC, you may notice that its controls have changed in size and shape. Not only do most have more rounded corners, but they also have different dimensions.

Interface conversion for apps that use AppKit or SwiftUI is clever, as it preserves the original for use in previous versions of macOS, and only adopts the new style when in Tahoe. Build your app with its smart new Tahoe-compatible icon and run it in Sequoia, and it looks just the same as it did.

This demo, Mallyshag, looks the same in Sequoia, but has become a mess in Tahoe because of those changed control dimensions.

Those three buttons are significantly wider, so now overlap one another and are wider than the text box below. They need a careful overhaul before they’re ready for Tahoe. Conversion can also have unexpected side-effects: for example, I’ve had some selectable text fields changed to be editable as well. You can see an example that I missed in the left view in XProCheck’s window. I now check carefully through every detail in windows that have been migrated by Xcode to support Tahoe.

This doesn’t just apply to AppKit windows in Interface Builder. Although SwiftUI dynamically positions controls, I’ve found it necessary to increase the minimum width of some views to ensure they remain fully usable.

Aside from any code changes needed, migrating an app to Tahoe thus requires:

  • creation of a new app icon using Icon Composer;
  • adding the .icon file to the Xcode project and setting it as the app icon;
  • careful checking and rectification of all windows and their contents.

NSLog

There’s one last thing that may have escaped your attention in Apple’s release notes: NSLog. When Apple introduced the Unified log in macOS Sierra, it preserved the longstanding use of NSLog as a means of making entries with a minimum of fuss. More formal methods are more cumbersome, although they’re also more powerful, so NSLog still remains popular with developers, at least until Tahoe’s change.

A long way down the release notes, and oddly announced under the subheading of New Features, Apple states that NSLog will no longer record anything of use in its entries in the Unified log, although they’ll still be reported in full in Xcode and to stdout. One of the other purposes of my test app Mallyshag was to verify just what is now recorded by NSLog.

This is the entry obtained using LogUI when running either version of the app in macOS 15.5:

And this is the extent of entries seen in macOS 26:

So what in earlier macOS might have been a useful
Error number 1467296 in Mallyshag
is redacted to the contentless stub <private>.

If you still use NSLog, you’ll almost certainly want to move on to a better alternative, again being careful to avoid ending up with its contents redacted.

Outcomes

Come the release of macOS 26 Tahoe, there’ll be three groups of apps:

  • those that haven’t been ported at all, whose icons will be almost unrecognisable;
  • those whose icons display correctly, but with flaws in interface controls;
  • those that work as expected, with conformant icons and controls.

Some will also write dysfunctional messages in the log, because they’re still using NSLog, although few users are likely to notice that.

That doesn’t take into account those apps relying on alternatives to AppKit and SwiftUI for their interface, as those have a great deal of ground to cover in just a few months if they’re going to be ready in time for Tahoe’s release.

That’s why I’ve started unusually early in getting my apps ready for the autumn/fall. I’m sure that summer still has some surprises in store.

Mallyshag?

This is a local Isle of Wight name for a caterpillar, usually a large and hairy one. It just seemed appropriate.

merianlappet
Maria Sibylla Merian (1647–1717), Metamorphosis of the Lappet (after 1679), watercolour, 19.3 x 15.9 cm, Städelsches Kunstinstitut und Städtische Galerie, Frankfurt am Main, Germany. Wikimedia Commons.

Saturday Mac riddles 314

By: hoakley
28 June 2025 at 16:00

Here are this weekend’s Mac riddles to entertain you through family time, shopping and recreation.

1: Expedition for a panther now in visionOS too.

2: Polished plate is now 1’s most serious competitor.

3: Web pet only lasted a year before the exploder.

To help you cross-check your solutions, or confuse you further, there’s a common factor between them.

I’ll post my solutions first thing on Monday morning.

Please don’t post your solutions as comments here: it spoils it for others.

A brief history of web browsers

By: hoakley
28 June 2025 at 15:00

Although taken for granted now, Apple didn’t release the first version of Safari until January 2003. Before that was a succession of interesting experiments to try. Those started with Netscape Navigator in 1994, which lasted until 2007, although by then it was little used on Macs.

Netscape is seen here in 2000, following my successful purchase of downloadable versions of Conflict Catcher and Suitcase from Casady & Greene’s online store.

Two years later, and I’m browsing Amazon’s listing of my never-published book that was slated for 31 March the following year. I’m so glad I never pre-ordered it.

Netscape had been at the front of browser development, leading with on-the-fly page display, cookies and JavaScript. But in 1996, it was challenged by Microsoft’s Internet Explorer, and Apple’s more innovative Cyberdog. The latter was sadly abandoned the following year, leaving the way clear for Apple to replace the bundled Netscape with Internet Exploder, as it quickly became nicknamed.

This is Microsoft Internet Explorer in 2001, providing the front end to Mac OS X Server through Webmin.

Cookie settings in Explorer were highly detailed in 2005.

Many of us abandoned Internet Explorer for alternatives such as Camino. That had originated within Netscape as Chimera in 2002, based on its Gecko layout engine, with a native Mac OS X front end. The following year it was rebranded as Camino, and amazingly lasted until 2012.

There were other competitors, such as Omni Group’s OmniWeb, which had been developed for NeXTSTEP since 1995, then moved to Mac OS X until 2012.

This is OmniWeb in 2007, showing the different browsers it could identify itself as, including a single version of Safari 1.0.

In January 2003, Apple launched the first beta-release of its own browser, Safari, and bundled it in Mac OS X 10.3 Panther when it was released that October. Since then Safari has been a regular fixture in successive versions of Mac OS X, OS X, and macOS. For several years, it was the only browser on iOS and iPadOS.

This is Safari 1 showing the front page for Apple’s developer site in 2004, complete with the offer to download Xcode version 1.5 with dead code stripping as a new feature. That year, Mozilla Firefox was released as an alternative, and has continued to support Macs ever since.

Mac OS X 10.4 Tiger came with Safari as the only bundled browser when it was released in April 2005, although it took Safari 2.0.4 in early 2006 before it was stable.

Page loading was slow in 2005, when Apple’s front page took a total of over 16 seconds to load fully, but that only used 6.8 MB of memory. By contrast, today Apple’s front page only takes a couple of seconds but requires over 200 MB.

There were times when the only way ahead with these early versions of Safari was to completely reset it, emptying its cache, and even removing all passwords and AutoFill text. This is Safari 2 in 2006.

Prominent among the plugins in 2006 was the dreaded Shockwave Flash, which had only recently been taken over by Adobe when it acquired Macromedia the previous year. Details of plugins are here being displayed on an internal web page within Safari 2.

Safari 3, bundled in Mac OS X 10.5 Leopard in October 2007, brought the claim that it was then the fastest browser, but it was troubled by bugs and security problems at first.

Safari 3 had already grown extensive preferences, covering the use of plugins, Java, JavaScript and cookies, seen here in 2007.

Its successor, Safari 4, followed in the summer of 2009, ready for Mac OS X 10.6 Snow Leopard, with further performance improvements, particularly in its JavaScript engine.

By 2009, Safari 4 was able to warn the user if it was about to visit a site blacklisted by the Google Safe Browsing Service. At least when that service was available. That year also saw Preview and Beta releases of Google Chrome, now Safari’s most serious competitor on Apple’s hardware.

Safari 5 was released a year later, in 2010, and was bundled in Mac OS X 10.7 Lion in 2011. This brought Reader mode and opened the door to third-party extensions.

Safari’s hidden Debug menu provided a collection of tools for web developers, and more recently has become the even more extensive Develop menu.

By the release of macOS 10.12 Sierra in 2016, Safari had reached version 10.

By 2016, close control over Adobe Flash Player had become critical, as a result of its frequent exploits, although it remained highly popular with content developers before Adobe finally killed it at the end of 2020.

Since 2021, with the release of macOS 12 Monterey, Safari 15 and its successors have been able to perform on-the-fly translation, as demonstrated here.

Safari is now the bundled browser in macOS, iOS, iPadOS and visionOS, and this year is set to leap in version number from 18 to 26 with the arrival of Tahoe and its sister OSes. It has been a long and sometimes troubled journey over those 22 years, and despite strong competition from Google Chrome and Chromium-based browsers, it remains the browser of first choice for a great many using Apple’s hardware products. I hope my screenshots have brought back more happy memories than traumatic moments.

Reference

Wikipedia.

Updates to Cirrus (iCloud), Revisionist (versions), Spundle (sparse bundles) and T2M2 (Time Machine)

By: hoakley
27 June 2025 at 14:30

This next batch of updates to my apps includes more popular tools, covering iCloud, document versions, sparse bundles, and Time Machine backups.

iCloud

Cirrus gives you detailed insight into what’s stored in iCloud Drive, provides a ready-made log browser for checking what’s going on, and a simple test for syncing. Version 1.16 has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards.

Cirrus 1.16 is now available from here: cirrus116
from its Product Page, and via its auto-update mechanism.

Document versions

Revisionist gives you direct access to versions of documents saved automatically by macOS, and a powerful suite of tools to work with them. You can run checks to discover which documents have saved versions, then browse those, previewing them with Quick Look. It can save individual versions as new files, and create archive folders containing all versions, that can be reconstituted into the original with those versions preserved. Version 1.10 has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards.

Revisionist 1.10 is now available from here: revisionist110
from its Product Page, and via its auto-update mechanism.

Sparse bundle disk images

Spundle creates and maintains sparse bundle disk images, offering a range of supported file systems, and features such as compaction to maintain their efficiency. Version 1.9 has an overhauled window, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards.

Spundle 1.9 is now available from here: spundle19
from its Product Page, and via its auto-update mechanism.

Time Machine backups

The Time Machine Mechanic, T2M2, is the standard utility for checking your Mac’s Time Machine backups. It checks and reports on their performance, free space on backup storage, how much has been transferred in each backup, and much more. Version 2.03 has an overhauled interface, and has been rebuilt with a new app icon ready for macOS 26 Tahoe. This version supports macOS from Big Sur onwards, backing up to APFS.

Depending on any changes finalised in the full public release of Tahoe later this year, I may need to make further adjustments to its code.

T2M2 2.03 is now available from here: t2m2203
from its Product Page, and via its auto-update mechanism.

Enjoy!

Read PDF better with a new version of Podophyllin

By: hoakley
26 June 2025 at 14:30

A quick check of just one of my working volumes revealed that it contains over 20,000 PDFs, the earliest dating from 1994, just a year after its introduction. Six years ago, I had become fed up with trying to use other PDF readers and set out to write my own, that soon became Podofyllin. It has some unique features, of which the most important to me is that it can’t and won’t change a PDF. Podofyllin is the latest app I have rebuilt, tweaked and given a new icon to, primarily for compatibility with macOS 26 Tahoe.

What I hadn’t realised was that, at some time during Sequoia, one of Podofyllin’s key features had quietly stopped working, apparently as a result of a silent change in macOS. This update fixes that, and restores (almost) full functionality, with just one feature still absent.

Perhaps its most important feature after preserving original PDFs unchanged, is its support for opening multiple views of the same document. Shown above are three different windows, each showing the same document, and at the lower left Writing Tools is just about to produce a summary from one of them.

The main window has thumbnails on the left, a conventional rendered page view in the middle, and the whole text content to the right. You can also open an unlimited number of accessory windows, each displaying different pages from the same document.

Another unique feature (the recently troublesome one) is a window to display the contents of the PDF file in raw format, so you can inspect its structure, metadata, and more.

This source code window shows two versions of the code, one as written in the file, the other ‘flattened’ as used in Quartz 2D to render it, together with a summary. Quite a few PDFs contain hidden content, usually left over from an earlier edit. Some save contents in versions, and for those Podofyllin can recreate and save those as separate PDF documents.

The one feature that used to work in the past that I still can’t revive is exporting page contents in Rich Text format, something I suspect isn’t working in macOS.

I have also taken the opportunity to overhaul the Help file thoroughly, to make it more accessible and navigable.

Podofyllin 1.4 is now available from here: podofyllin14
from its Product Page, and via its auto-update mechanism.

Like other recent updates, this new version requires Big Sur or later. If you’re still running Catalina or earlier, please check Podofyllin’s Help document, as that explains how you can disable its auto-update mechanism.

I’m delighted to welcome the prodigal Podofyllin back at last.

How keys are used in FileVault and encryption

By: hoakley
25 June 2025 at 14:30

We rely on FileVault and APFS to protect our secrets by encrypting the volumes containing our documents and data. How they do that is a mystery to many, and raises important questions such as the role our passwords play, and how recovery keys work. This article attempts to demystify them.

Naïve encryption

A simple scheme to encrypt a disk or volume might be to take the user password, somehow turn it into a key suitable for the encryption method to be used, and employ that to encrypt and decrypt the data as it’s transferred between disk storage and memory.

There are lots of weaknesses and difficulties with that. Even using a ‘robust’ user password, it’s not going to be memorable, sufficiently long or hard to crack, and there’s no scope for recovery if that password is lost or forgotten.

FileVault base encryption

In Macs with T2 or Apple silicon chips when FileVault is disabled, everything in the Data volume stored on their internal SSD is still encrypted, but without any user password. This is performed in the Secure Enclave, which both handles the keys and performs the encryption/decryption. That ensures the keys used never leave the Secure Enclave, so are as well-protected as possible.

Generating the key used to encrypt the volume, the Volume Encryption Key or VEK, requires two huge numbers, a hardware key unique to that Mac, and the xART key generated by the Secure Enclave as a random number. The former ties the encryption to that Mac, and the latter ensures that an intruder can’t repeat generation of the same VEK even if it does know the hardware key. When you use Erase All Content and Settings (EACAS), the VEK is securely erased, rendering the encrypted data inaccessible, and there’s no means to either recover or recreate it.

This scheme lets the Mac automatically unlock decryption, but doesn’t put that in the control of the user, who therefore needs to enable FileVault to get full protection.

FileVault full encryption

Rather than trying to incorporate a user password or other key into the VEK, like many other encryption systems FileVault does this by encrypting the VEK using a Key Encryption Key or KEK, a process known as wrapping.

filevaultpasswords1

When you enter your FileVault password, that’s passed to the Secure Enclave, where it’s combined with the hardware key to generate the KEK, and that’s then used together with hardware and xART keys to decrypt or unwrap the VEK used for decryption/encryption.

This has several important benefits. As the KEK can be changed without producing a new VEK, the user password can be changed without the contents of the protected volume having to be fully decrypted and encrypted again. It’s also possible to generate multiple KEKs to support the use of recovery keys that can be used to unlock the VEK when the user’s password is lost or forgotten. Institutional keys can be created to unlock multiple KEKs and VEKs where an organisation might need access to protected storage in multiple Macs.

APFS encryption

True FileVault requires all keys to be stored in the Secure Enclave, and never released outside it. Intel Macs without T2 chips, and other protected volumes such as those on external storage can’t use that, and in the case of removable storage need an alternative that stays on the disk. For that, APFS uses the AES Key Wrap Specification in RFC 3394, using a secret such as a password to maintain confidentiality of every key.

APFS also uses separate VEKs and KEKs, so enabling the use of multiple KEKs for a single VEK, and the potential to change a KEK without having to decrypt and re-encrypt the whole volume, as in FileVault. In APFS, VEKs and KEKs are stored in and accessed from Keybags associated with both containers and volumes. The Container Keybag contains wrapped VEKs for each encrypted volume within that container, together with the location of each encrypted volume’s keybag. The Volume Keybag contains one or more wrapped KEKs for that volume, and an optional passphrase hint. These are shown in the diagram below.

apfsencryption1

Apple’s documentation refers to several secrets that can be used to wrap a KEK, including a user password, an individual recovery key, an institutional recovery key, and an unspecified mechanism implemented through iCloud. Currently, for normal software encryption in APFS, only two of those appear accessible: a user password is supported in both Disk Utility and diskutil‘s apfs verb, while diskutil also supports use of an institutional recovery key through its -recoverykeychain options. Individual and iCloud recovery keys only appear available when using FileVault, in this case implemented in software, either on Intel Macs without a T2 chip, or on all Macs when encrypting an external volume.

Because keybags are stored on the disk containing the encrypted volume, if the disk is connected to another Mac, when macOS tries to mount that volume, the user will be prompted to enter its password, and can then gain access to its contents. When FileVault is used to protect a Data volume on the internal SSD of a T2 or Apple silicon Mac, that volume can only be unlocked through the Secure Enclave of that Mac, and it isn’t possible to unlock it from another Mac (that’s also true when FileVault hasn’t been enabled on that volume).

Apple has released an update to XProtect for all macOS

By: hoakley
25 June 2025 at 05:09

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5302. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds a new rule for MACOS_SOMA_FA_LE, again extending coverage of the Amos/Soma family of malware.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5302

Sequoia systems only

This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5302 but your Mac still reports an older version is installed, you may be able to force the update using
sudo xprotect update

More updates: xattred, Precize and DelightEd. From xattrs to Rich Text

By: hoakley
24 June 2025 at 14:30

Here are three more updates to some of my most popular apps, primarily for improved compatibility with macOS 26 Tahoe, but with improvements in their interface for other versions of macOS from Big Sur onwards.

xattred 1.6

This toolset for working with extended attributes (xattrs) has several improved window layouts, a couple of fixes in its code to cope with deprecations, and a new icon that should work far better with Tahoe, without compromising its appearance in older macOS.

xattred 1.6 is now available from here: xattred16
from its Product Page, and via its auto-update mechanism. If you’re still using it in Catalina or earlier, please disable its auto-update as detailed in its Help book, so you can remain with version 1.5 or earlier.

Precize 1.16

This provides a great deal of useful information about files, from their inode number, detailed size including that of extended attributes, and access to bookmarks and their analysis. I have tweaked its main window to improve its interface, rebuilt it, and provided it with a new app icon that should be an improvement on all versions of macOS from Big Sur onwards.

Precize 1.16 is now available from here: precize116
from its Product Page, and via its auto-update mechanism. If you’re still using it in Catalina or earlier, please disable its auto-update as detailed in its Help book to remain using your earlier version.

DelightEd 2.4

This text-only Rich Text editor was originally developed to work better with Dark mode, when it was introduced in Mojave. Since then I have used it to produce all the Rich Text I use in apps, ensuring it continues to work properly across both Light and Dark modes. It also has unusual features to support interlinear text. This version has had a few tweaks in its window layout, and has been rebuilt to make it fully compatible with Tahoe and features like Writing Tools, as well as gaining an updated app icon.

DelightEd 2.4 is now available from here: DelightEd24
from its Product Page, and via its auto-update mechanism. If you’re still using it in Catalina or earlier, please disable its auto-update as detailed in its Help book so you can remain with an earlier version.

In the works

I’m currently in the throes of producing a new version of my PDF reader Podofyllin, which I use daily. Unfortunately, this will remove its ability to view the code inside PDFs, as Apple appears to have disabled all the features it relied on to perform that, and they no longer work in Sequoia. However, it still has some unusual features, such as opening multiple views of the same PDF, and can’t edit or save any changes to the original file.

I have spent some time inside Viable, my macOS virtualiser, trying to get it to use the new ASIF disk image, but so far have been unable to get it to work. I will be pursuing that when I get the time.

Enjoy!

❌
❌