Zicutake USA Comment | Search Articles

#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington

#Language and Life

#Language and Life

What’s in the High Sierra 10.13.4 update?

Posted: 30 Mar 2018 10:21 AM PDT

Apple was a little more forthcoming in the list of improvements and fixes in macOS High Sierra 10.13.4, although it still doesn’t seem to account for a 2.3 GB update, even allowing for all the EFI firmware upgrades which came with it.

My list of components of macOS Sierra 10.12.6 which are included in 10.13.4 released on 29/30 March 2018 includes:

  • Updated versions of App Store, Automator, Calculator, Calendar, Chess, Contacts, Dashboard, Dictionary, DVD Player, FaceTime, Font Book, iBooks, Image Capture, Launchpad, Mail, Maps, Messages, Mission Control, Notes, Photo Booth, Photos, Preview, QuickTime Player, Reminders, Safari (11.1), Siri, Stickies, System Preferences, TextEdit, and Time Machine.
  • Updated versions of the utilities Activity Monitor, AirPort Utility, Audio MIDI Setup, Bluetooth File Exchange, Boot Camp Assistant, ColorSync Utility, Console, Digital Color Meter, Disk Utility (fewer errors seen), Grab, Grapher, Keychain Access, Migration Assistant, Script Editor, System Information, Terminal, and VoiceOver Utility.
  • Updated Audio Plug-Ins.
  • Updated fonts, including Charter, DIN Alternate Bold, DIN Condensed Bold, Gujarati Sangam MN, Rockwell, Apple Color Emoji, ArabicUIDisplay, ArabicUIText, GeezaPro, and the SFNSDisplay family.
  • Updated Messages plugins for AIM, Bonjour and Jabber.
  • Updated PDF services to save to iCloud Drive and to Web Receipts.
  • Updated QuickTime codecs for Apple Intermediate and Apple MPEG2, and several other components.
  • Updated Spotlight importers for iBooks Author, iWork and Microsoft Office.
  • Several updated Widgets.
  • Updated Accessibility support.
  • Updates to many Automator support components.
  • Most Core Services components updated.
  • Most kernel extensions updated.
  • APFS updated to version 748.51.0 (from 748.41.3 in 10.13.3), with new versions of all its tools.
  • Updated most frameworks, public and private.
  • Updated Perl 5.18
  • Updated most Preference Panes.
  • Updated many Spotlight importers.
  • Updated TCL 8.5.
  • In /bin, updated versions of launchctl and other tools.
  • In /sbin, several updates including launchd, reboot and shutdown.
  • Updated many tools in /usr/bin, /usr/sbin and /usr/libexec.

The bundled EFI firmware update should increment the reported Boot ROM version of every Mac, apart from those which have already undergone update during beta-testing of this update. I have updated my full listing of version numbers to take this into account.

Apple doesn’t explain what has changed in the EFI updates; from reports during 10.13.4 beta-testing, these should include further fixes for Meltdown/Spectre vulnerabilities.

macOS High Sierra 10.13.4 fixes APFS encryption password disclosure bug

Posted: 30 Mar 2018 07:05 AM PDT

The latest update to High Sierra, bringing it to 10.13.4, does fix the bug discovered by Sarah Edwards when making an APFS encrypted volume in Disk Utility – in both its original form (fixed in 10.13.2) and the form which remained into 10.13.3.

Although erasing a disk and creating an APFS container still result in execve() calls from diskmanagement which enter the full command and parameters into the log in plain text, those do not contain sensitive information such as a passphrase. The call to encrypt an APFS volume, whether freshly created or already existing, doesn’t use that execve() call, and there is no trace of the encryption passphrase in the unified log.

That is a very quick turnaround by Apple, in fixing the remaining bug in less than a week, and reinforces my opinion that this was an oversight of which Apple had been unaware.

Hopefully Apple will soon amend the list of security fixes for the 10.13.4 update to credit Sarah Edwards with reporting this bug, and making it explicit that it is now fixed.

Changing Stories: Ovid’s Metamorphoses on canvas, 81 – Pythagoras and vegetarianism

Posted: 30 Mar 2018 04:30 AM PDT

Ovid opens the fifteenth and final book of his Metamorphoses by continuing his account of the early rulers of Rome. With the apotheosis of Romulus, the next is his successor Numa, whom he uses as narrator for an overview of the Metamorphoses in Pythagorean philosophical terms.

The Story

Fame nominates Numa as successor to Romulus as the ruler of Rome. Numa had left Cures, the town of his birth, to travel to Crotona (Crotone), in the far south of the Italian peninsula, where he visited Croton, its ruler.

This is Ovid’s cue for a story about Myscelus, who founded Crotona. Hercules appeared to him in a dream, and told him to travel to the river Aesar, despite his being forbidden from leaving his native land of Argos. Driven by dreams of Hercules, Myscelus tried to leave but was accused of treason, and appealed to Hercules to save him from the mandatory death penalty.

At that time, trial juries voted by casting black or white pebbles into an urn; being undoubtedly guilty, all those cast in Myscelus’ case were black when they were placed in the urn:
It was an ancient custom of that land
to vote with chosen pebbles, white and black.
The white absolved, the black condemned the man.
And so that day the fateful votes were given:
all cast into the cruel urn were black!
Soon as that urn inverted poured forth all
the pebbles to be counted, every one
was changed completely from its black to white,
and so the vote adjudged him innocent.
By that most fortunate aid of Hercules
he was exempted from the country’s law.

Myscelus was therefore able to sail to found Crotona on the River Aesar.

After he had fled Samos, Ovid tells us that Pythagoras lived in exile at Crotona, and this leads to a long discourse on his doctrines and philosophy. Having assured us of Pythagoras’ diligent observation of the world around him and careful analysis of what he saw, Ovid starts with an exhortation to vegetarianism.

Within this discourse, Ovid makes reference to preceding sections and themes of Metamorphoses. Pythagoras’ words hark back to the Golden Age, which was covered in Book 1. Pythagoras lays claim to reincarnation too, saying that in a previous life he had been Euphorbus, who had been killed by Menelaus in the Trojan War. This leads Pythagoras on to discussing change and transformation, the central theme of these fifteen books.

Pythagoras sees change in the waves of the sea, in the sequence of day and night, in the four seasons, in the ageing of humans, and in the transformation of the elements (earth, air, water, and fire):
Nothing retains the form that seems its own,
and Nature, the renewer of all things,
continually changes every form
into some other shape. Believe my word,
in all this universe of vast extent,
not one thing ever perished. All have changed
appearance. Men say a certain thing is born,
if it takes a different form from what it had;
and yet they say, that certain thing has died,
if it no longer keeps the self same shape.
Though distant things move near, and near things far,
always the sum of all things is unchanged.
For my part, I cannot believe a thing
remains long under the same form unchanged.
Look at the change of times from gold to iron,
look at the change in places. I have seen
what had been solid earth become salt waves,
and I have seen dry land made from the deep;
and, far away from ocean, sea-shells strewn,
and on the mountain-tops old anchors found.
Water has made that which was once a plain
into a valley, and the mountain has
been levelled by the floods down to a plain.
A former marshland is now parched dry sand,
and places which endured severest drought
are wet with standing pools. Here Nature has
opened fresh springs, but there has shut them up;
rivers aroused by ancient earthquakes have
rushed out or vanished, as they lost their depth.

Pythagoras then illustrates this constant change with a long list of places whose geography had changed in recorded history, and of locations which cause change in those who visit them. After those, he returns to the theme of change in animals, telling the legend of the Phoenix which is reborn from the ashes of its parent. This leads on to consideration of some great cities which have fallen, and the chance to point out that Troy never fell completely, as it reached its destiny of founding the city and empire of Rome.

Finally, Pythagoras returns to the subject of vegetarianism:
Away with cruel nets and springs and snares
and fraudulent contrivances: deceive
not birds with bird-limed twigs: do not deceive
the trusting deer with dreaded feather foils:
do not conceal barbed hooks with treacherous bait:
if any beast is harmful, take his life,
but, even so, let killing be enough.
Taste not his flesh, but look for harmless food!

The Paintings

Sadly, coverage of the opening of this book in visual art has been essentially absent, but Pythagoras has inspired some great paintings, and is my focus here.

A great many prints and other representations of Pythagoras recall the first image that I have been able to find, by Raphael.

Raphael (1483–1520), The School of Athens (c 1509-11), fresco, dimensions not known, Palazzo Apostolico, Rome, Italy. Wikimedia Commons.

In his magnificant fresco in the Palazzo Apostolico, The School of Athens painted in about 1509-11, Raphael includes Pythagoras at the lower left corner.

Raphael (1483–1520), The School of Athens (detail) (c 1509-11), fresco, dimensions not known, Palazzo Apostolico, Rome, Italy. Wikimedia Commons.

This detail shows Pythagoras writing in a large book, with a chalk drawing on a small blackboard in front of his left foot. Others are looking over his shoulder and studying what he is doing.

Despite the popularity of Ovid’s Metamorphoses over the centuries, very little seems to have been written or painted about its lengthy advocacy of a vegetarian diet and lifestyle. It did, though, inspire one exceptional painting.

Peter Paul Rubens (1577–1640) and Frans Snyders (1579–1657), Pythagoras Advocating Vegetarianism (1618-20), oil on canvas, 262 x 378.9 cm, The Royal Collection of the United Kingdom, England. Wikimedia Commons.

Peter Paul Rubens collaborated with Frans Snyders to paint Pythagoras Advocating Vegetarianism in about 1618-20. The mathematician and philosopher sits to the left of centre, with a group of followers further to the left. The painting is dominated by its extensive display of fruit and vegetables, which is being augmented by three nymphs and two satyrs. One of the latter seems less interested in the food than he is in one of the nymphs.

Fyodor Bronnikov (1827—1902), Pythagoreans Celebrate Sunrise (1869), further details not known. Wikimedia Commons.

Today, Pythagoras is best known for his geometric discoveries, rather than the doctrines detailed by Ovid. Fyodor Bronnikov’s painting of Pythagoreans Celebrate Sunrise from 1869 is perhaps more in keeping with the Classical perception. These followers are decidedly musical, holding between them four lyres, a harp, and a flute, and worshipping the rising sun.

The English translation of Ovid above is taken from Ovid. Metamorphoses. Tr. Brookes More. Boston. Cornhill Publishing Co. 1922, at Perseus. I am very grateful to Perseus at Tufts for this.

What’s in Sierra Security Update 2018-002?

Posted: 30 Mar 2018 04:09 AM PDT

The following components of macOS Sierra 10.12.6 have been updated in Security Update 2018-002 released on 29/30 March 2018:

  • Bluetooth File Exchange
  • Grapher
  • Keychain Access
  • Terminal
  • Audio Plug-Ins (in /Library)
  • WebServer (in /Library)
  • Dictionary Widget
  • Automator, various actions
  • several Core Services, including AirPlay, RAID Utility, Screen Sharing, Wireless Diagnostics, Certificate Assistant, ControlStrip, DiskImageMounter, Network Setup Assistant, SetupAssistant, backupd
  • most kernel extensions in /System/Library.Extensions
  • APFS, which is brought to version 0.3 (24907), and other file systems
  • many frameworks in /System/Library/Frameworks, particularly ATS, with Ruby 2.0 and Perl 5.16 and 5.18
  • several Preference Panes
  • many private frameworks
  • QuickTime
  • several tools in /sbin, many in /bin including curl, hdiutil, log, perl, and many in /usr/libexec
  • several dylibs in /usr/lib
  • Apache 2
  • CUPS and postfix
  • many tools in /usr/sbin
  • emacs 22.1.

As is usual, these extend well beyond the short list of security fixes provided by Apple.

Installed separately at the same time is an update of the Gatekeeper database to version 138 dated 29 March 2018.

Additionally, EFI firmware updates are installed for all Macs, incrementing the reported Boot ROM version. This iMac17,1 went from 0147 B00 to 0151 B00. I have now updated my list of EFI firmware versions to reflect these changes.

Apple doesn’t explain what has changed in the EFI updates; from reports during 10.13.4 beta-testing, these are very likely to include further fixes for Meltdown/Spectre vulnerabilities.

Although a separate download, Safari 11.1 also brings several improvements and fixes.

macOS High Sierra 10.13.4, Sierra and El Cap Security Update 2018-002, and Safari 11.1 released (updated)

Posted: 30 Mar 2018 02:33 AM PDT

Overnight (UTC), Apple has released the update to High Sierra 10.13.4, Safari 11.1, and security updates to El Capitan and Sierra.

Fixes and improvements to High Sierra include:

  • adds support for eGPUs (external graphics processing units), although these are currently only usable by specific hardware and specific apps;
  • adds Business Chat to Messages (currently US-only);
  • adds a new privacy explainer when Apple features prompt for personal info;
  • fixes graphics issues in certain apps on iMac Pro models;
  • fixes web link previews in Messages;
  • several improvements to Safari, including jump to rightmost tab with Command-9 shortcut;
  • System Image Utility can now create NetInstall images that erase and install macOS to a named target volume.

There is no mention of any extension of APFS support to include Fusion Drives, and the APFS documentation no longer makes any reference to Fusion Drives, which appears ominous.

I will look in detail at the complete content of the 10.13.4 update in a future article.

Important security fixes include:

  • sysadminctl no longer exposes passwords;
  • ATS vulnerability to crafted symlinks;
  • CoreText vulnerability to crafted strings;
  • mounting a malicious disk image could result in app launching;
  • five kernel vulnerabilities, including two affecting 10.11 and 10.12 as well as 10.13;
  • malicious apps could bypass code-signing checks;
  • handling of malicious S/MIME HTML email;
  • malicious logging of keystrokes in WindowServer;
  • Gatekeeper data is updated to version 138.

All Macs should undergo EFI update with this installation. Updating Sierra typically brings two complete chimed restarts, and is quite a lengthy process. No mention is made by Apple of the EFI firmware update, nor do the security release notes explain that further fixes are included there, although they are believed to address Meltdown/Spectre issues.

I have now updated my list of EFI firmware versions to reflect these changes.

Unusually, these updates were not released simultaneously with the corresponding iOS and other updates, but were delayed by several hours. I have now confirmed that 10.13.4 does fix recently-reported issues with unintentional release of APFS encryption passwords in the log.

As usual, the updates are available from the App Store. Standalone updates are also now available from:

  • here for High Sierra 10.13.4
  • here for the Combo update for High Sierra 10.13.4
  • here for Sierra Security Update 2018-002
  • here for El Capitan Security Update 2018-002

The latter were not made avilable until 1200 UTC 30 March.

(Updated again 1550 UTC 30 March to include EFI update info.)

Inside iCloud Drive: uploading a file

Posted: 29 Mar 2018 11:30 PM PDT

Having got Cirrus as a tool to look at what iCloud does, here’s what I have seen when copying a single 1 MB file from a local folder into the top level of my iCloud Drive. This account is based largely on what happens in High Sierra 10.13.3, although it is broadly similar to the sequences that I have seen in Sierra 10.12.6. High Sierra’s log messages are, in this case, rather clearer.

The intent to move/copy a file to iCloud Drive lands first with CloudDocs, which posts an [INFO] message for the File System Event:
[INFO] ┏300e fsevent:1/1 path:'/Users/hoakley/Library/Mobile Documents/com~apple~CloudDocs/co.eclecticlight.Cirrus.data' flags:ItemCreated|ItemInodeMetaMod|ItemIsFile|ItemCloned id:7162257441594918141 path:'/Users/hoakley/Library/Mobile Documents/com~apple~CloudDocs/co.eclecticlight.Cirrus.data' parentFileID:451060 fileID:4298998158 size:1000000 mtime:1522257049 atime:1522257049 mode:-rw-r--r-- documentID:898 generationID:1 fd:25 refs:1 appLibrary:com.apple.CloudDocs

Among the steps undertaken next is the retrieval/generation of a QuickLook thumbnail, which in this case failed, as there is no known QuickLook plugin for a file with the extension .data.

This is presumably the (very early) point at which the file appears at its destination, as CloudDocs calls for the file to be uploaded there. This is performed under the control of CloudKit, which classifies this as a ‘Modify Records Operation’ with a shortened name of Upload:
Starting operation <CKModifyRecordsOperation: 0x7fac2de9d800; operationID=CAE6ED2BDDA40DEA, qos=Utility, operationGroup={
operationGroupID = D1B7E9A397DBFB5A;
"shortened-name" = Upload;
}, >

This triggers a complex sequence of state transitions in cloudd/CloudKitDaemon, which I remarked on and illustrated before.

CloudKit then adds a child operation to the Upload to fetch a record from the PCS cache; as this is a new file, there is no such record, so CloudKit creates a new one. It then proceeds to start the upload of the asset:
Starting <CKDUploadAssetsOperation: 0x7fd5500667c0; qos=Utility, operationID=87D4E51BE1F7D829, operationGroupID=D1B7E9A397DBFB5A, operationGroupName=Upload, flags=background|allows-cellular, runningFor=0.0005819797515869141, sourceApplicationBundleID=com.apple.bird, applicationSecondaryID=4/com.apple.clouddocs.com.apple.CloudDocs:2,%>

cloudd then registers the item to be transferred with MMCS, passing it the options. In those, it checks whether the current network might have a caching server; in this case, the answer is no.

MMCS then activates and chunks the data to be transferred, and asks for a Put complete request. It then goes idle again.

CloudKit next adds a child operation to request an asset token, the URL for the user partition in iCloud. This leads through a series of exchanges to CloudKit providing MMCS with another set of options, to put the item to iCloud. Once again, MMCS chunks the data to be transferred, which is then passed up to the iCloud servers.

CloudKit then announces that it has completed the Upload Assets operation:
Finished operation <CKDUploadAssetsOperation: 0x7fd5500667c0; qos=Utility, operationID=87D4E51BE1F7D829, finishedChildOpIDs=[EB58BEE5851875C4], requestIDs=[6B0E8CE9-FDD3-4B60-B28D-64178C19BFBC], operationGroupID=D1B7E9A397DBFB5A, operationGroupName=Upload, stateFlags=executing, flags=background|allows-cellular, state=Complete, runningFor=0.6047440767288208, MMCSMetrics=<CKDOperationMetrics: 0x7fd55048daf0; startDate=2018-03-28 17:10:51 +0000, duration=0.000, queueing=0.000, executing=0.000, bytesUploaded=0, bytesDownloaded=0, connections=0, connectionsCreated=0, requests=0>, sourceApplicationBundleID=com.apple.bird, applicationSecondaryID=4/com.apple.clouddocs.com.apple.CloudDocs:2,%>
and that it has completed the operation to modify records:
Finished operation <CKDModifyRecordsOperation: 0x7fd55040ba80; qos=Utility, operationID=CAE6ED2BDDA40DEA, finishedChildOpIDs=[BE71CBAFB4A35CE2, 87D4E51BE1F7D829], requestIDs=[6B0E8CE9-FDD3-4B60-B28D-64178C19BFBC], operationGroupID=D1B7E9A397DBFB5A, operationGroupName=Upload, stateFlags=executing, flags=background|allows-cellular, state=Complete, runningFor=0.6184440851211548, MMCSMetrics=<CKDOperationMetrics: 0x7fd55048daf0; startDate=2018-03-28 17:10:51 +0000, duration=0.000, queueing=0.000, executing=0.000, bytesUploaded=0, bytesDownloaded=0, connections=0, connectionsCreated=0, requests=0>, sourceApplicationBundleID=com.apple.bird, applicationSecondaryID=4/com.apple.clouddocs.com.apple.CloudDocs:2,%>
and that completes the whole upload.

CloudDocs finally publishes a notice announcing the completion of the upload:
[NOTICE] finished uploading 1 items (1.0 MB) in com.apple.CloudDocs

This appears in little more than a second after the start of the whole sequence, at which stage the Finder’s iCloud sync progress indicator is still incomplete. In this case, there were two further series of exchanges involving cloudd, CloudKit, and CloudDocs. The first performed a ‘sync up’ to modify records, and involved cloudd and CloudKit.

The second was triggered by an incoming message from APS, Apple’s Push Service, which was initially handled by CloudDocs. This triggered a CloudKit operation to fetch record zone changes, or a ‘Sync down (push triggered)’. My interpretation of that is that the iCloud service pushed my Mac a request for it to synchronise with iCloud Drive, which was to propagate the change that had just been made in its contents, by my Mac!

Eventually, CloudDocs reported:
[NOTICE] received 2 edited items from the cloud for com.apple.CloudDocs

It then applied the changes, which reflected the upload of my test file to iCloud Drive:
[INFO] ┏3250 Apply Changes[1:2669]: attempting to apply update
server item: i:com.apple.CloudDocs:C8B0A06D-6F4F-4EF3-84E9-84BF56E0FDB8 rk:2669 pcs:u st{p:root[1] n:"co.eclecticlight.Cirrus.data" doc etag:f02 bt:1522257049 m:rw-} ct{etag:f01 mt:1522257049 sz:1.0 MB (1000000) n:"co.eclecticlight.Cirrus.data" sig:010e78c62cca2c81bb0a765659bbb2991f0676f172 device:2}
local item: r:1116 i:com.apple.CloudDocs:C8B0A06D-6F4F-4EF3-84E9-84BF56E0FDB8 al:1 up:idle uv:1 st{p:root[1] n:"co.eclecticlight.Cirrus.data" doc etag:f02 bt:1522257049 m:rw- doc:898 ino:4298998158 gen:1 sc:docs} ct{etag:f01 mt:1522257049 sz:1.0 MB (1000000) n:"co.eclecticlight.Cirrus.data" sig:010e78c62cca2c81bb0a765659bbb2991f0676f172 device:2} thumb{greedy}

This was about 3.5 seconds after the start of this series of processes, and roughly coincided with the moment that the progress icon was removed from the Finder window. The upload was complete.

I have summarised the main blocks of exchanges, using the same colour code as in Cirrus, in the following diagram, which gives you an idea of how complex it is to execute a single action. Look through the log entries in Cirrus, and you should be able to trace the processes.


These should give you an idea of the sequence of events which you should see during a normal and successful upload of a test file to iCloud Drive. They exclude all the network transfer work, which is performed by com.apple.mDNSResponder, com.apple.network, nsurlsessiond, and the like. Those subsystems are not covered in Cirrus: if you suspect that the problems lie there, open the same time period using Consolation 3, and you can trudge through that detail.

I have also not considered the role of com.apple.duetactivityscheduler (DAS), the dispatching system which seems to schedule the transfer of data. If you are still running Sierra, you should bear in mind that Macs which are left running Sierra continuously for periods over five days can suffer failure of the DAS subsystem; that could explain failure to transfer files to iCloud. A simple indicator of that problem is the resulting failure in timed automatic Time Machine backups, another feature dispatched by DAS.

You can examine DAS in detail using Consolation 3, or DispatchView (from Downloads above).