ROOM ZKE
Translation Page | USAComment.com
USAComment.com
Zicutake USA Comment | Search Articles



#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
PROXY LIST
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML  Smiley face Conversion to JavaScript 
 Smiley face Mining Satoshi | Payment speed 
 Smiley face
CREATE ADDRESS BITCOIN
Online BitTorrent Magnet Link Generator
JOURNAL WORLD:

SEARCH +8 MILLIONS OF LINKS ZICUTAKE STATE

#Language and Life

#Language and Life


The ‘app’ you can’t trash: how SIP is broken in High Sierra

Posted: 02 Jan 2018 08:36 AM PST

When you install something, you expect to be able to remove it too. But when a reader came to uninstall BlueStacks, an Android emulator, from his Mac running High Sierra 10.13.2, he found the way blocked. The Finder kindly informed him that “The operation can’t be completed because you don’t have the necessary permission.”

The moment that we see the word permission, all becomes clear: it’s a permissions problem. So the next step is to select the offending item in the Finder, press Command-I to bring up the Get Info dialog, and change the permissions. It does, though, leave the slight puzzle as to why the Finder didn’t simply prompt for authentication instead of cussedly refusing.

Sure enough, after trying that, the app still won’t go and the error message is unchanged.

Another strange thing about this ‘app’ is that it’s not an app at all. Tucked away in a mysterious folder, new to High Sierra, in /Library/StagedExtensions/Applications, its icon is defaced to indicate that the user can’t even run it. Neither did the user install it there.

Trying to remove it using a conventional Terminal command
sudo rm -rf /Library/StagedExtensions/Applications/BlueStacks.app
also fails, with the report Operation not permitted.

High Sierra leaves the user wondering what has happened. There’s nothing in Apple’s scant documentation to explain how this strange situation has arisen, and seemingly nothing more that the user can do to discover what is wrong, or to do anything about it.

The clue comes from probing around in Terminal, specifically using a command like
ls -lO /Library

Try that in High Sierra, and you’ll see
drwxr-xr-x@ 4 root wheel restricted 128 2 Jan 13:03 StagedExtensions

There are two relevant pieces of information revealed: the @ sign shows that directory has extended attributes (xattrs), and the word restricted that it is protected by System Integrity Protection (SIP). A quick peek inside /Library/StagedExtensions/Applications/BlueStacks.app shows that it is a stub of an app, lacking any main code, but it does contain a kernel extension (KEXT) which is also protected by SIP, by virtue of being inside a SIP-protected folder.

> ls -lO /Library/StagedExtensions/Applications
drwxr-xr-x 3 root wheel restricted 96 2 Jan 13:03 BlueStacks.app

So how did this third-party kernel extension end up in this mysterious folder, complete with SIP protection? Surely SIP is there to protect macOS, not third-party app components installed later by the user? Who or what enabled SIP on that extension, and how can it be removed?

Perhaps not unsurprisingly, even Apple’s developer documentation doesn’t seem to answer any of those questions. So here is what I have been able to discover.

High Sierra has a new mechanism for handling third-party kernel extensions (User-Approved Kernel Extension Loading, or UAKL), which requires the user to authorise them. When a third-party installer tries to install a kernel extension, you see the warning

sipperms01

Assuming that you open Security preferences, you will there click on the Allow button to permit the extension to be loaded.

sipperms02

High Sierra then packages the extension in the form of a non-executable stub app, which it installs in /Library/StagedExtensions/Applications. What you see there looks like a mutated form of the app.

sipperms03

When you then try to remove the app proper, you and it will both think that it has gone for good.

sipperms04

But in truth, its kernel extension has been left in /Library/StagedExtensions/Applications/, looking just like an app.

In its infinite wisdom, Apple has given the folder /Library/StagedExtensions the full protection of SIP, by attaching a com.apple.rootless xattr to it.

sipperms05

My reading of that xattr is that only Apple’s KernelExtensionManagement service can give permission for changes to be made within that folder, and the folders within it.

So now the user cannot touch that residual extension, and they certainly can’t uninstall, move, or trash it. Until the user can gain access to that volume with its SIP inactive, that stub app and the extension inside it stay put. It has been suggested that macOS automatically cleans /Library/StagedExtensions, although I have yet to see any evidence of that occurring. Thus SIP prevents the user from uninstalling a third-party app which the user installed, even though the kernel extension might be rendering macOS unstable, or have other significant side-effects.

The solution is to restart in Recovery mode, and delete the stub app using Terminal there, with a command like
rm -rf /Volumes/Macintosh\ HD/Library/StagedExtensions/Applications/BlueStacks.app

You don’t need to alter SIP there, as SIP is only applied to the startup volume. As you have now started up from the Recovery volume, SIP no longer protects the contents of your normal startup volume.

This is such a good piece of security that, when some malware does manage to slip an evil kernel extension past a user and is rewarded with the protection of SIP, neither the user nor any anti-malware tool will be able to remove that extension, unless the user restarts from a different boot volume, or KernelExtensionManagement allows it.

Unless I’m missing something here, this doesn’t seem particularly good.

(Thanks to @Roller_ for the novel problem.)


Filed under: Macs, Technology, xattr

Loving Beauty: Gustav Klimt, 1, decorator and painter

Posted: 02 Jan 2018 04:30 AM PST

The art of Gustav Klimt (1862–1918) is often criticised as being of no relevance to the history of art, despite its innovation and great popularity. This series commemorates the centenary of Klimt’s death during the influenza pandemic of 1918, and traces the development of his art through his career, regardless of the opinion of modern critics.

Klimt is now known largely for his paintings of women in his distinctive version of Art Nouveau style, which are often openly erotic. One of my aims is to set these in the greater context of his life and work. In this I will look at paintings which are not wrapped in gold leaf, and many in which there is not a single human to be seen.

He began life as the son of an engraver, who in better times seems to have worked in gold. Living on the outskirts of the city of Vienna, the family income collapsed in 1873 when father’s work dried up, and Gustav Klimt and his six siblings were raised in poverty. In 1883, when he completing his schooling, Klimt went on to study architectural painting at the Vienna School of Arts and Crafts, now part of the University for Applied Arts in Vienna.

klimtfable
Gustav Klimt (1862–1918), Fable (1883), oil on canvas, 84.5 × 117 cm, Museen der Stadt Wien, Vienna, Austria. Wikimedia Commons.

At the time, along with much of Vienna, Klimt was under the influence of the painter Hans Makart, and his early paintings such as Fable (1883) follow Makart’s classicist style and motifs. This academic nude is surrounded by creatures who feature in popular fables, such as those of Aesop, including a sleeping lion, white mice, storks, and a fox.

Klimt, together with his younger brother Ernst who followed Gustav in the same training, won a scholarship which relieved the family’s poverty, but he also supplemented their income by painting miniature portraits and preparing technical drawings. The two brothers teamed up with a third student at the school, forming an interior design contractors later known as the Kunstlercompagnie (The ‘Company of Artists’). From 1880, they carried out work on a series of decorative commissions in Vienna and beyond.

klimtidyll
Gustav Klimt (1862–1918), Idyll (1884), oil on canvas, 49.5 × 73.5 cm, Museen der Stadt Wien, Vienna, Austria. Wikimedia Commons.

Idyll (1884) is an example of the mixture of classicist figurative painting and ornamentation which was typical of Klimt’s commercial work at the time. Over these early years in his career, it ensured that he was adept at painting both male and female nudes.

klimttheatretaormina
Gustav Klimt (1862–1918), Theatre at Taormina (1886-88), oil on canvas, 750 x 400 cm, Burgtheater, Vienna, Austria. Wikimedia Commons.

In 1887, the Kunstlercompagnie was commissioned to paint the walls of two large staircases in Vienna’s newly-built theatre. Among the theatrical scenes believed to have been painted by Gustav Klimt there is Theatre at Taormina, which was completed for its opening by Emperor Franz Joseph I in 1888.

Taormina is a village on the edge of the city of Messina on the east coast of Sicily, Italy, which in classical times was colonised by Greeks. The ruins of this ancient theatre still stand on the hillside, although the current structures appear to have been built in Roman times over an older Greek layout.

klimtallegorysculpture
Gustav Klimt (1862–1918), Allegory of Sculpture (1889), black chalk, graphite and tooled gold, 41.8 x 31.3 cm, Museen der Stadt Wien, Vienna, Austria. Wikimedia Commons.

With the success of his decorative work, Klimt and his brother were able to travel at last, and visited Innsbruck, Salzburg, and the Königsee in 1888, going further afield in later years. His graphite and chalk drawing of the Allegory of Sculpture (1889) was one of a series which he made between 1886-89 for a tribute to Archduke Rainer, and later published in a series of graphic works.

In the summer of 1890, Gustav and Ernst visited Venice and Carinthia, in the far south of Austria. The following year, their company was commissioned to make paintings for the staircases of the new Art and Natural History Museums in Vienna, but in 1892, brother Ernst died, and the company was dissolved.

klimtgirlsoleander
Gustav Klimt (1862–1918), Two Girls with an Oleander (1892), further details not known. Wikimedia Commons.

Klimt then concentrated on fine art painting, initially in works such as Two Girls with an Oleander (1892). The head of the nearer of the two young women is based on Francesco Laurana’s portrait bust of Isabella of Aragon (1488), which was and remains in the Kunsthistorisches Museum in Vienna.

The following year, he visited Hungary to paint an interior view of a theatre which won him a silver medal later that same year, and a gold medal in Antwerp in 1895.

klimtseatedgirl
Gustav Klimt (1862–1918), Seated Young Girl (1894), media not known, 140 x 96 cm, Die Sammlung Leopold, Vienna, Austria. Wikimedia Commons.

He also returned to painting portraits. Not, this time, small watercolours, but more substantial works in oils like this Seated Young Girl (1894).

In 1894, Klimt was awarded the commission to paint the ceilings in a new Great Hall for the University of Vienna.

klimtlove
Gustav Klimt (1862–1918), Love (1895), oil on canvas, 60 × 44 cm, Museen der Stadt Wien, Vienna, Austria. Wikimedia Commons.

Some of these early paintings were unashamedly romantic, such as Love (1895).

klimtblindman
Gustav Klimt (1862–1918), The Blind Man (1896), media not known, 66 x 53.2 cm, Die Sammlung Leopold, Vienna, Austria. Wikimedia Commons.

This portrait of The Blind Man (1896) is very loose in its facture, an experiment in his style which Klimt didn’t pursue.

In 1897, Klimt was a founder-member of the Vienna Secession, and was elected its first president. Like the Munich and Berlin Secessions, in 1892 and 1893, this moved against the prevailing classicism – that of Klimt’s former inspiration, Hans Makart, in particular – and conservativism in art more generally. That summer was the first which he spent with Emilie Flöge (his brother’s widow’s sister) and her family in the Tyrol.

With work being started on the new exhibition building for the Secession, Klimt was hard at work on the paintings for the Great Hall of the university, and had to hire additional studio space to cope.

klimtladycapehat
Gustav Klimt (1862–1918), Portrait of a Lady with Cape and Hat (c 1897-98), black chalk and sanguine on paper, Albertina, Vienna, Austria. Wikimedia Commons.

Portrait of a Lady with Cape and Hat (c 1897-98), drawn in black chalk and sanguine, is a closer precursor to the highly distinctive portraits which he was starting to paint.

References

Wikipedia.

Stephan Koja (2006) Gustav Klimt, Landscapes, Prestel. ISBN 978 3 7913 3717 3.
Rainer Metzger (2005) Gustav Klimt, Drawings & Watercolours, Thames & Hudson. ISBN 978 0 500 23826 4.
Various larger format books contain most or all of his figurative paintings.


Filed under: General, Life, Painting

You can now really edit extended attributes with xattred

Posted: 01 Jan 2018 11:30 PM PST

To celebrate the New Year, I thought that it was time to turn my extended attribute (xattr) editor, xattred, into a tool which can actually edit xattrs usefully at last.

In the first wave of changes, which resulted in the unreleased version 0.5a1, I have completely rewritten the xattr handling code to use a couple of custom classes. This has enabled the Table View to work much better now, so I have removed the general listing of xattrs from the lower text view. This gives the app a much cleaner interface, and prepares the way for further features.

I also worked out how to decode a high proportion of xattrs which are stored as binary property lists. These are much like the .plist property list files used to store app preferences and more, but have to be unravelled from their binary formats. With over a hundred different xattrs containing these, trying to build a large table of their structures was clearly not a good way ahead. Some xattrs can use more than one structure too.

Over the New Year, I have been able to take this further, to the next alpha version, 0.6a1, which at last adds support for cut, copy, and paste. There are two slight snags with this: first is that, for the moment, there is no undo. If you have to work on important files or folders, then please use copies and not originals (which is wisest when working with xattrs at the best of times).

The other dafter issue is that, although cut, copy, and paste now work fine from buttons, they are not yet available from the Edit menu, I’m afraid. The very few documents which discuss implementing these features for custom data (as xattrs have to be) claim that they ‘just work’, but my menu commands never become enabled, despite all the code being present and ready to run. So I have instead tied these features to buttons for the time being.

xattred03a01

Now, xattred can:

  • Add a genuine quarantine flag to any item; this makes it ideal for anyone who wants to check that their signed app will pass Gatekeeper’s full checks.
  • List and show the contents of all xattrs attached to a file or folder. Contents are shown as hexadecimal, UTF or ASCII text, and as a decoded binary property list, as appropriate.
  • Cut, Copy, and Paste xattrs from one item to another. This works for any xattr with any type of content, including arbitrary binary content.
  • Save to text files the contents of individual xattrs.

I am not aware of any other GUI tool which offers these facilities, and copying xattrs between files at the command line is not an easy task.

My next two tasks are to implement Undo (and hopefully enable the Edit menu commands), and to provide a xattred editor which lets you create new xattrs, and edit the content of existing ones.

This new alpha release, which runs on Sierra and High Sierra, is here: xattred06a1
and in Downloads above.


Filed under: Macs, Technology, xattr