Zicutake [Audio]

USAComment.com
Zicutake USA Comment | Search Articles










Zicutake Formation University:

USAComment.com | Search Articles of Onion.to
Search Articles of Onion.to:

Shorten that long URL into a tiny URL:
Example, enter the url: http://zicutake.usacomment.com = Tinyurl.com/hox5dyn


USAComment.com | TALK

 
Tweets by Zicutake


SEND YOUR HISTORY:

Contact Us

Friday, December 1, 2017

#Language and Life

#Language and Life


Changing Stories: Ovid’s Metamorphoses on canvas, 62 – The Greeks attack Troy

Posted: 01 Dec 2017 04:30 AM PST

Ovid concluded Book 11 of his Metamorphoses with the story of Aesacus, who was transformed into a diver (bird). Book 12 opens by re-introducing Priam, Aesacus’ father and the king of Troy, and Aescaus’ brother Paris, whose abduction of Helen triggered the Greeks to launch ‘a thousand ships’ to start their war against Troy.

The Story

The Greek fleet gathered at Aulis in Boeotia, where they made sacrifices to Jupiter in preparation for their departure.

During these, they saw an omen:
the Greeks observed an azure colored snake
crawling up in a plane tree near the place
where they had just begun their sacrifice.
Among the highest branches was a nest,
with twice four birds — and those the serpent seized
together with the mother-bird as she
was fluttering round her loss. And every bird
the serpent buried in his greedy maw.
All stood amazed: but Calchas, who perceived
the truth, exclaimed, "Rejoice Pelasgian men,
for we shall conquer; Troy will fall; although
the toil of war must long continue — so
the nine birds equal nine long years of war."
And while he prophesied, the serpent, coiled
about the tree, was transformed to a stone,
curled crooked as a snake.

In spite of these attempts at propitiation, the sea remained stormy. Some claimed this was because Neptune had helped build the walls of Troy (as Ovid had told earlier, in Book 11), but Calchas said that it would require the sacrifice of a virgin to satisfy Diana, whom Agamemnon, leader of the Greek forces, had offended:
The public good at last prevailed above
affection, and the duty of a king
at last proved stronger than a father’s love:
when Iphigenia as a sacrifice,
stood by the altar with her weeping maids
and was about to offer her chaste blood,
the goddess, moved by pity, spread a mist
before their eyes, amid the sacred rites
and mournful supplications. It is said
she left a hind there in the maiden’s place
and carried Iphigenia away. The hind,
as it was fitting, calmed Diana’s rage
and also calmed the anger of the sea.
The thousand ships received the winds astern
and gained the Phrygian shore.

Thus it was Agamemnon’s sacrifice of his virgin daughter, Iphigenia, which propitiated Diana, and brought the calm needed by the fleet to sail against Troy. But Ovid is meticulous in leaving open whether the princess was really killed, or a deer acted as her proxy. This accommodated the many variants of this story, with their conflicting outcomes.

The Paintings

Although Ovid’s first little story, of the snake eating the birds, doesn’t appear to have been painted much, if at all, the sacrifice of Iphigenia has remained a favourite with artists even into modern times.

domenicinosacrificeiphigenia
Domenichino (1581–1641), The Sacrifice of Iphigenia (c 1609), fresco, dimensions not known, Palazzo Giustiniani-Odescalchi, Viterbo, Italy. Wikimedia Commons.

Among the earliest post-classical depictions is Domenichino’s fresco in Viterbo, Italy, of The Sacrifice of Iphigenia from about 1609. The princess kneels, her wrists bound together, as an axe is about to be swung at her neck. Onlookers at the left are distraught, as Agamemnon at the right watches impassively. But in the distance, Diana is leading a deer towards the altar, hopefully about to make the substitution.

dela_fossesacrificeiphigenia
Charles de La Fosse (1636–1716), The Sacrifice of Iphigenia (1680), oil on canvas, 224 x 212 cm, Château de Versailles, Versailles, France. Wikimedia Commons.

Charles de La Fosse’s The Sacrifice of Iphigenia (1680), now hanging in the Versailles palace, uses a powerful triangular composition to arrange the figures, with Diana at the top, telling Agamemnon to spare the young woman, to his evident surprise. His large sacrificial knife, dropped from Agamemnon’s right hand, rests by Iphigenia’s right foot. At the lower right, one of the Greek warriors, possibly Achilles himself, is still resigned to her sacrifice, but the warrior standing above is already smiling with relief.

tiepolosacrificeiphigenia
Giovanni Battista Tiepolo (1696–1770), The Sacrifice of Iphigenia (1770), oil on canvas, 65 × 112 cm, Private collection. Wikimedia Commons.

Many other artists painted this story in the meantime, but to my eye the next outstanding work is Tiepolo’s The Sacrifice of Iphigenia almost a century later, in 1770.

Iphigenia sits, almost spotlit with her pale flesh, as the priest, perhaps Agamemnon himself, looks up to the heavens, the knife held in his right hand. In a direct line with that hand, comes Diana in her characteristic divine cloud, ready with the deer. Below is a group of women, already holding the sacred bowl up to catch the sacrifical victim’s blood, and in the left distance are some of the thousand ships of the Greek fleet, waiting to sail.

davidangerachilles
Jacques-Louis David (1748–1825), The Anger of Achilles (1819), oil on canvas, 105.3 x 145 cm, Kimbell Art Museum, Fort Worth, TX. Wikimedia Commons.

My next choice is an unusual painting by Jacques-Louis David, who develops the story using other sources, and packs his figures close together to great effect, in The Anger of Achilles (1819). The twist here is that Iphigenia had already been promised as a bride to Achilles, by her father, and the announcement of her impending sacrifice throws Achilles into a rage.

Achilles, at the left, reaches for his sword in an uncomfortable manoeuvre with his right arm. A rather masculine and tearful woman just to the right of him is Queen Clytemnestra, Iphigenia's mother, and her right hand rests on Iphigenia's shoulder. Iphigenia is dressed as a bride, and looks wistful, staring into the distance, her face empty of outward emotion. At the right, Agamemnon appears emotionless, but indicates firmly to Achilles for him to restrain his emotions.

billoteyiphigenia
Louis Billotey (1883-1940), Iphigenia (1935), media and dimensions not known, Musée d’Art et d’Industrie de Roubaix, Roubaix, France. Wikimedia Commons.

Over a century later, more modern artists continued to paint this story. Louis Billotey (1883-1940), who had won the Prix de Rome in 1907 but is now forgotten, painted his version of Iphigenia in 1935. Clytemnestra looks very distant at the left as she leads her daughter towards the sacrificial altar beside her. Diana, marked only by her bow and hunting dog, stands at the right, as the deer runs past.

The story of Iphigenia’s sacrifice, no matter how it ends, is a glimpse back into a dark and distant past, at humans whose commitment to savage rituals overrode their humanity to one another, a story told with clarity in these paintings. Let’s hope that this isn’t also a vision of where we are already heading now.

The English translation of Ovid above is taken from Ovid. Metamorphoses. Tr. Brookes More. Boston. Cornhill Publishing Co. 1922, at Perseus. I am very grateful to Perseus at Tufts for this.


Filed under: General, Language, Life, Painting

Apple has pushed updates to MRT and XProtect security data

Posted: 01 Dec 2017 01:30 AM PST

Apple has just pushed silent updates to the configuration data for its malware removal tool MRT, and to those for XProtect.

These bring the MRT app to version 1.26, and XProtectPlistConfigData to version 2097.

Added to XProtect’s detection list are OSX.ParticleSmasher.A and OSX.HiddenLotus.A, and existing protection against OSX.Hmining.D has been updated.

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by LockRattler for Sierra and High Sierra, available from Downloads above.

I maintain lists of the current versions of security data files for Sierra on this page, for High Sierra on this page, and for El Capitan on this page.


Filed under: Macs, Technology

Behind the Scenes: Open Directory and Kerberos

Posted: 30 Nov 2017 11:30 PM PST

Perhaps the most peculiar thing about the recent root user vulnerability in High Sierra is the fact that it occurred in one of the older corners of macOS, in Open Directory, which was introduced in Mac OS X Server 10.2 in 2002.

It’s a system within macOS which seems to have changed relatively little for the last decade, but has apparently changed greatly in the step from Sierra to High Sierra, which took it from version 417.50.4 (10.12.6) to the current 483.20.7 (10.13.1 updated).

Open Directory quietly assists a lot of different services in macOS, but in this context is most important for handling information about users, specifically for authenticating users in conjunction with the Apple Password Server (APS, not to be confused with Apple Push Service and its daemon apsd).

The normal user interface to Open Directory is through the Directory Utility app, now inconveniently hidden away in /System/Library/CoreServices/Applications, although it can be opened through the Users & Groups pane if you prefer. This offers three tabs:

  • Services, which lets you select between different directory services,
  • Search Policy, which determines search policies, and
  • Directory Editor, which lets you view and change settings for individual users, and so on.

Directory Utility’s menu is also where you can enable and disable the root user, should you need to.

opendirectory

Should you ever wish to configure opendirectoryd, the Open Directory service, you’ll need to use the odutil command, which is complex and extensive, and as ever is documented in man odutil.

Often the best way to see how macOS systems work is to browse their entries in the log. Unfortunately, the unified log protects the privacy of most opendirectoryd entries, turning them into
14:13:18.697835 opendirectoryd queuing request to connection - '<private>'
14:13:18.698957 opendirectoryd Client: <private>, UID: 501, EUID: 501, GID: 20, EGID: 20

in Sierra, and making them almost vanish in High Sierra, so my log transcripts are here drawn from the earlier version of macOS. opendirectoryd still keeps its own traditional text logs, in /var/log/opendirectoryd.log, but these are mostly diagnostic information for its activities, rather than a detailed account of its transactions.

opendirectoryd initialises quite early during startup, at that stage for user ID 0, root:
0:02.078206 opendirectoryd Client: <private>, UID: 0, EUID: 0, GID: 0, EGID: 0
0:02.253659 <APSDaemon: 0x7fd203628570>: Finishing login of uid 0

(Times are given as minutes:seconds elapsed since startup, iMac17,1.)

Twenty seconds or more later, the login window is displayed:
0:27.322536 Login Window Application Started

Once the user has completed logging in, Apple Password Server recognises the change in users, and initiates setting the system up for the user. If that is the primary admin user account, the user ID will be 501:
0:34.654357 Login Window login proceeding
0:48.504283 <APSDaemon: 0x7fd203628570>: Change in users with uid new = (501), logged out = ()
0:48.504737 <APSSystemUser: 0x7fd203616b30>: Initializing system user with uid 501
0:48.504795 <APSDaemon: 0x7fd203628570>: Starting login of uid 501

Armed with the user password, the user’s login keychain can now be unlocked, and the user’s operating environment set up for them:
0:48.510472 com.apple.securityd 0x6180000786c0 opened /Users/hoakley/Library/Keychains/login.keychain-db: 1612808 bytes
0:48.510683 <APSSystemUser: 0x7fd203616b30>: Changing status for uid 501 from logged out to logged in
0:48.510696 <APSCourier: 0x7fd20351eac0>: Logging user with uid 501 into environment production
0:48.562940 com.apple.securityd SecKeychainLogin result: 0, password was supplied

Shortly after this, the first messages from opendirectoryd for user ID 501 start to appear:
0:48.570038 opendirectoryd Client: <private>, UID: 501, EUID: 501, GID: 20, EGID: 20

This sequence of events appears quite similar in High Sierra, although because of changed privacy settings the user ID of 501 is often substituted by <private>. Surrounding messages usually make it obvious when that is the case.

So far, I have only referred to local login and authentication using Password Server. When you connect to your Mac to use it as a file server, or using a remote control system such as Apple’s Remote Desktop, different services will be used to accomplish authentication. One of those is Kerberos, which allows a single sign-on for multiple services.

When you connect to a Mac to share files, the process of authentication may quite possibly proceed using the Kerberos Key Distribution Centre, KDC, which in turn works with the Open Directory service. Kerberos has been part of Mac OS X for even longer than Open Directory, as it was introduced in version 10.1.

Kerberos operates a complex sequence of exchanges, involving ‘tickets’ with short periods of validity, to grant access to services. From the first step, Kerberos depends on access to a directory server, which is normally Open Directory. Hence the close relationship between shared services, Kerberos, and Open Directory.

What was wrong in High Sierra, and was fixed by the recent security update, was that Open Directory was checking attempts to log on as, for example, root, but was not refusing them for recognised users which were not supposed to be able to log on. When the root user is disabled, Open Directory should have automatically refused, but instead accepted and created a new account with an empty password.

When this bug was fixed by the first release of the security update, the local Kerberos Key Distribution Centre required rebuilding before file sharing services would be allowed to authenticate using Kerberos, hence Apple’s additional instruction to run the configureLocalKDC command to restore authentication for those services. I also suspect that those who followed my initial advice, to restart their Macs after installing the update, may not have had any problems with authenticating for file sharing, as that should have had the same effect.


Filed under: Macs, Technology