- Changing Stories: Ovid’s Metamorphoses on canvas, 62 – The Greeks attack Troy
- Apple has pushed updates to MRT and XProtect security data
- Behind the Scenes: Open Directory and Kerberos
Posted: 01 Dec 2017 04:30 AM PST
Ovid concluded Book 11 of his Metamorphoses with the story of Aesacus, who was transformed into a diver (bird). Book 12 opens by re-introducing Priam, Aesacus’ father and the king of Troy, and Aescaus’ brother Paris, whose abduction of Helen triggered the Greeks to launch ‘a thousand ships’ to start their war against Troy.
The Greek fleet gathered at Aulis in Boeotia, where they made sacrifices to Jupiter in preparation for their departure.
During these, they saw an omen:
In spite of these attempts at propitiation, the sea remained stormy. Some claimed this was because Neptune had helped build the walls of Troy (as Ovid had told earlier, in Book 11), but Calchas said that it would require the sacrifice of a virgin to satisfy Diana, whom Agamemnon, leader of the Greek forces, had offended:
Thus it was Agamemnon’s sacrifice of his virgin daughter, Iphigenia, which propitiated Diana, and brought the calm needed by the fleet to sail against Troy. But Ovid is meticulous in leaving open whether the princess was really killed, or a deer acted as her proxy. This accommodated the many variants of this story, with their conflicting outcomes.
Although Ovid’s first little story, of the snake eating the birds, doesn’t appear to have been painted much, if at all, the sacrifice of Iphigenia has remained a favourite with artists even into modern times.
Among the earliest post-classical depictions is Domenichino’s fresco in Viterbo, Italy, of The Sacrifice of Iphigenia from about 1609. The princess kneels, her wrists bound together, as an axe is about to be swung at her neck. Onlookers at the left are distraught, as Agamemnon at the right watches impassively. But in the distance, Diana is leading a deer towards the altar, hopefully about to make the substitution.
Charles de La Fosse’s The Sacrifice of Iphigenia (1680), now hanging in the Versailles palace, uses a powerful triangular composition to arrange the figures, with Diana at the top, telling Agamemnon to spare the young woman, to his evident surprise. His large sacrificial knife, dropped from Agamemnon’s right hand, rests by Iphigenia’s right foot. At the lower right, one of the Greek warriors, possibly Achilles himself, is still resigned to her sacrifice, but the warrior standing above is already smiling with relief.
Many other artists painted this story in the meantime, but to my eye the next outstanding work is Tiepolo’s The Sacrifice of Iphigenia almost a century later, in 1770.
Iphigenia sits, almost spotlit with her pale flesh, as the priest, perhaps Agamemnon himself, looks up to the heavens, the knife held in his right hand. In a direct line with that hand, comes Diana in her characteristic divine cloud, ready with the deer. Below is a group of women, already holding the sacred bowl up to catch the sacrifical victim’s blood, and in the left distance are some of the thousand ships of the Greek fleet, waiting to sail.
My next choice is an unusual painting by Jacques-Louis David, who develops the story using other sources, and packs his figures close together to great effect, in The Anger of Achilles (1819). The twist here is that Iphigenia had already been promised as a bride to Achilles, by her father, and the announcement of her impending sacrifice throws Achilles into a rage.
Achilles, at the left, reaches for his sword in an uncomfortable manoeuvre with his right arm. A rather masculine and tearful woman just to the right of him is Queen Clytemnestra, Iphigenia's mother, and her right hand rests on Iphigenia's shoulder. Iphigenia is dressed as a bride, and looks wistful, staring into the distance, her face empty of outward emotion. At the right, Agamemnon appears emotionless, but indicates firmly to Achilles for him to restrain his emotions.
Over a century later, more modern artists continued to paint this story. Louis Billotey (1883-1940), who had won the Prix de Rome in 1907 but is now forgotten, painted his version of Iphigenia in 1935. Clytemnestra looks very distant at the left as she leads her daughter towards the sacrificial altar beside her. Diana, marked only by her bow and hunting dog, stands at the right, as the deer runs past.
The story of Iphigenia’s sacrifice, no matter how it ends, is a glimpse back into a dark and distant past, at humans whose commitment to savage rituals overrode their humanity to one another, a story told with clarity in these paintings. Let’s hope that this isn’t also a vision of where we are already heading now.
The English translation of Ovid above is taken from Ovid. Metamorphoses. Tr. Brookes More. Boston. Cornhill Publishing Co. 1922, at Perseus. I am very grateful to Perseus at Tufts for this.
Filed under: General, Language, Life, Painting
Posted: 01 Dec 2017 01:30 AM PST
Apple has just pushed silent updates to the configuration data for its malware removal tool MRT, and to those for XProtect.
These bring the MRT app to version 1.26, and XProtectPlistConfigData to version 2097.
Added to XProtect’s detection list are OSX.ParticleSmasher.A and OSX.HiddenLotus.A, and existing protection against OSX.Hmining.D has been updated.
You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by LockRattler for Sierra and High Sierra, available from Downloads above.
Filed under: Macs, Technology
Posted: 30 Nov 2017 11:30 PM PST
Perhaps the most peculiar thing about the recent root user vulnerability in High Sierra is the fact that it occurred in one of the older corners of macOS, in Open Directory, which was introduced in Mac OS X Server 10.2 in 2002.
It’s a system within macOS which seems to have changed relatively little for the last decade, but has apparently changed greatly in the step from Sierra to High Sierra, which took it from version 417.50.4 (10.12.6) to the current 483.20.7 (10.13.1 updated).
Open Directory quietly assists a lot of different services in macOS, but in this context is most important for handling information about users, specifically for authenticating users in conjunction with the Apple Password Server (APS, not to be confused with Apple Push Service and its daemon
The normal user interface to Open Directory is through the Directory Utility app, now inconveniently hidden away in /System/Library/CoreServices/Applications, although it can be opened through the Users & Groups pane if you prefer. This offers three tabs:
Directory Utility’s menu is also where you can enable and disable the root user, should you need to.
Should you ever wish to configure
Often the best way to see how macOS systems work is to browse their entries in the log. Unfortunately, the unified log protects the privacy of most
Twenty seconds or more later, the login window is displayed:
Once the user has completed logging in, Apple Password Server recognises the change in users, and initiates setting the system up for the user. If that is the primary admin user account, the user ID will be 501:
Armed with the user password, the user’s login keychain can now be unlocked, and the user’s operating environment set up for them:
Shortly after this, the first messages from
This sequence of events appears quite similar in High Sierra, although because of changed privacy settings the user ID of 501 is often substituted by
So far, I have only referred to local login and authentication using Password Server. When you connect to your Mac to use it as a file server, or using a remote control system such as Apple’s Remote Desktop, different services will be used to accomplish authentication. One of those is Kerberos, which allows a single sign-on for multiple services.
When you connect to a Mac to share files, the process of authentication may quite possibly proceed using the Kerberos Key Distribution Centre, KDC, which in turn works with the Open Directory service. Kerberos has been part of Mac OS X for even longer than Open Directory, as it was introduced in version 10.1.
Kerberos operates a complex sequence of exchanges, involving ‘tickets’ with short periods of validity, to grant access to services. From the first step, Kerberos depends on access to a directory server, which is normally Open Directory. Hence the close relationship between shared services, Kerberos, and Open Directory.
What was wrong in High Sierra, and was fixed by the recent security update, was that Open Directory was checking attempts to log on as, for example, root, but was not refusing them for recognised users which were not supposed to be able to log on. When the root user is disabled, Open Directory should have automatically refused, but instead accepted and created a new account with an empty password.
When this bug was fixed by the first release of the security update, the local Kerberos Key Distribution Centre required rebuilding before file sharing services would be allowed to authenticate using Kerberos, hence Apple’s additional instruction to run the
Filed under: Macs, Technology
|You are subscribed to email updates from The Eclectic Light Company. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|