macOS Archive
Little did we realise then that Sierra was going to change all that, and by Mojave we’d be enduring 4,000 and more log entries in a second, when our Macs were feeling loquacious. That was because Apple introduced the Unified log, with its entries written not in plain text but compressed binary format. This was the death-blow for the casual reader of logs: for a start, the replacement Console app was unable to access any log entries made in the past, and its tools were, and remain, woefully inadequate for tackling the increasing torrent of log entries. Despite its many great strengths, the Unified log has suffered two problems that are limiting its usefulness in Sonoma: its diminishing period of coverage, and censorship. This article highlights some real problems with the logs in macOS. Logs are so crucial in finding out why something is happening to a system so having them limited or restricted would drive me nuts.
When Apple decides to end update support for your Mac, you can either try to install another OS or you can trick macOS into installing on your hardware anyway. That’s the entire point of the OpenCore Legacy Patcher, a community-driven project that supports old Macs by combining some repurposed Hackintosh projects with older system files extracted from past macOS versions. Yesterday, the OCLP team announced version 1.0.0 of the software, the first to formally support the recently released macOS 14 Sonoma. Although Sonoma officially supports Macs released mostly in 2018 or later, the OCLP project will allow Sonoma to install on Macs that go back to models released in 2007 and 2008, enabling them to keep up with at least some of the new features and security patches baked into the latest release. OpenCore Legacy Patcher is an indispensable tool for Mac users, since a lot of machines no longer support by Sonoma are perfectly fast and capable enough to run Apple’s new release. No longer supporting machines that are only five years old is absolutely bonkers, and should simply not be legal. It’s a sad state of affairs people will have to resort to community tools, but at least the option is there.
Apple released macOS 14.0 Sonoma today, and what’s the best way to celebrate the new release? Why, the Ars Technica review, of course. So macOS Sonoma is a perfectly typical macOS release, a sort of “Ventura-plus” that probably has one or two additions that any given person will find useful but which otherwise just keeps your Mac secure and avoids weird iCloud compatibility problems with whatever software is running on your phone. You probably don’t need to run out and install it, but there’s no real reason to avoid it if you’re not aware of some specific bug or compatibility problem that affects the software you use. It’s business as usual for Mac owners. Let’s dive in. You can download and install it from the usual place if your Mac supports it.
In the last few years, several other vendors have begun selling Mac ROM SIMMs too. Friendly competition is great, but it creates a potential dilemma for me if someone buys another vendor’s ROM SIMM and reprograms it with BMOW’s base ROM in order to get the on-the-fly ROM disk decompression and other features. It could turn into a situation where my base ROM software is subsidizing another competing product. To compound the problem, I didn’t have any clear usage policy or “license” for the base ROM to say whether this type of use was OK. Furthermore my FC8 compression algorithm is free open-source, but the BMOW base ROM which incorporates it is not. This all created a large gray area. I hope to clarify this now by making the BMOW base ROM image explicitly free for personal use with anybody’s own Mac ROM SIMM, no matter what vendor they purchased it from. This is the simplest and best way of resolving the ambiguity for the benefit of the classic Mac community. I only ask that you don’t resdistribute the base ROM image elsewhere – come back to the BMOW Mac ROM-inator II details page if you need to download the image. Excellent move.
A third XProtect was discovered in Ventura, this time observing potentially malicious behaviour such as attempts to access private data for browsers and messaging apps. This XProtect Behaviour Service (XBS) has used a set of Bastion rules embedded in the strings in syspolicyd to record behaviours in a new database, but so far has been an observer and hasn’t blocked such behaviours. Security researchers have already been able to discover its records of novel malicious code, and Chris Long has documented how to access its database, but so far syspolicyd has only watched and recorded. Recent descriptions of Bastion rules have identified four, last updated in syspolicyd in macOS 13.5 on 24 July 2023. Those changed on 8 August, when Apple released its first update to the Bastion rules, and again a month later on 1 September, when they changed again. There’s now a fifth Bastion rule, and XBS appears to be getting ready to fly for the first time. If you had told me in 2005 or so, when I was a fervent Mac user, that one day, macOS would come with an extensive set of antivirus and antimalware tools that ran silently in the background, checking everything you do on your computer – I’d have thought you were crazy. But here we are.
I’ve been working off and on doing further Mac-ification to my updated fork of MacLynx, the System 7-compatible port of the venerable text browser Lynx for classic 68K Macintoshes (and Power Macs) running A/UX 3.x or System 7.x and later. There’s still more to do, but a lot has been worked in since I last dropped beta 4, so it’s time for another save point. Meet MacLynx “beta 5”. Extraordinary work, and a great way to keep an old Mac connected to the web.
macOS Catalina and later include an anti-malware scanning service, XProtect Remediator (XPR), that periodically checks your Mac for known malware. If it detects anything untoward, it tries to remove it in a process Apple terms remediation. Because this is all performed as a background service, XPR doesn’t inform you when it scans, or when it detects and remediates malware. Instead it records those events in the log, and in Ventura and later makes them available to third-party software through Endpoint Security events. To help you keep track of this, three of my utilities report on XPR: SilentKnight runs a quick check on the last 24 hours, as can Mints, and XProCheck provides detailed reports for periods of up to 30 days. Every few weeks I get a flurry of comments here, and emails, when those using XProCheck, or browsing the log, notice warnings and strange behaviour by XPR. This article explains what’s happening, and why it’s perfectly healthy. It seems absolutely bizarre to me that such malware scans just happen in the background without informing the user when it finds anything. That feels a lot like treating the symptoms while the patient’s sleeping, without informing them they’re sick.
31 years ago Tetris Max for the Macintosh was born, an improved clone of Tetris, and it became an insanely popular Mac game during the 1990s. I may or may not have had some involvement in its development. Macintosh System 6 was the current OS version at the time of the game’s release, but System 7 was introduced shortly afterwards. It’s recently come to my attention that the final version of Tetris Max (v2.9.1) may not work when running System 6 on certain Mac hardware, even though the game was advertised as System 6 compatible. I haven’t yet been able to fully verify this myself, but there’s a Macintosh Garden bug report from ironboy36 in 2022, and more recently a detailed bug report complete with video (thank you James!). Obviously I need to fix this stuff ASAP – 31-year-old bug be damned. And I need your help! Consider this a group debugging effort. This is such a cool story. If anyone can contribute to fixing this – please help them out.
One of the coolest things to come along in the 68K Mac homebrew community is the ROM Boot Disk concept. Classic Macs have an unusually large ROM that contains a fair bit of the Mac OS, which was true even in the G3 New World Mac era (it was just on disk), so it’s somewhat surprising that only one Mac officially could boot the Mac OS entirely from ROM, namely the Macintosh Classic (hold down Cmd-Option-X-O to boot from a hidden HFS volume with System 6.0.3). For many Macs that can take a ROM SIMM, you can embed a ROM volume in the Mac ROM that can even be mirrored to a RAM disk. You can even buy them pre-populated. How’s that for immutability?Well, it turns out Apple themselves were the first ones to implement a flashable Mac OS ROM volume in 1994, but hardly anyone noticed — because it was only ever used publicly in a minority subset of one of the most unusual of the Macintosh-derived systems, the Apple Interactive Television Box (a/k/a AITB or the Apple Set Top Box/STB). And that’s what we’re going to dig into — and reprogram! — today. I had never heard of this obscure Apple product, so I was like a kid in a candy store reading this. Great weekend material.
A year ago, we compiled a model list of Macs spanning over two decades, complete with their launch dates, discontinuation dates, and all the available information about the macOS updates each model received. We were trying to answer two questions: How long can Mac owners reasonably expect to receive software updates when they buy a new computer? And were Intel Macs being dropped more aggressively now that the Apple Silicon transition was in full swing? The answer to the second question was a tentative “yes,” and now that we know the official support list for macOS Sonoma, the trendline is clear. The only thing this article makes clear is that if Apple truly cared about its customers, it would post exactly how much longer each Mac is planned to be supported.
As some of us learned in the last week, it’s easy to uninstall a troublesome Rapid Security Response (RSR). Several naturally asked why that isn’t possible with a macOS update, pointing out that it was available and worryingly popular between High Sierra and Catalina 10.15.2, since when the ability has been lost. The answer is as straightforward as you’d expect: the updates themselves, as well as the update process, have become more complicated than they used to be, and rollback would be difficult to implement. As such, the advice for those unhappy with a new macOS version is as simple as it is disruptive: For those who decide that they want to roll back a macOS update on an Apple silicon Mac, by far the simplest procedure is to back the Mac up fully, put it into DFU mode, use Configurator 2 to restore the IPSW image for the previous version of macOS including its firmware, then to migrate the backup to that fresh boot disk. That also caters for all problems that may have arisen with the update. Apple always moves forwards, never backwards – even when you might want to.
The general trend of macOS releases over the past few years is that it has been moving closer and closer to the look and feel of iOS. The icons have become iOS icons, and their shape has become the iOS shape, and you can now use your iPhone as the Mac’s webcam, etc. etc. This occasionally comes at the expense of other functionality (ask me how I feel about the new Settings menu), but it is the direction that Apple has clearly been heading in since (arguably) Big Sur. Every so often, other splashy features are announced (Stage Manager, Universal Control, Quick Notes) that I write a lot about and then never end up using ever again. So, good news for Continuity fans: that’s basically what’s going on with Sonoma. Ventura looked a heck of a lot like iOS, and Sonoma looks even more like iOS. I turned my office’s Mac Studio on after installing the developer beta and thought, for a second, that I might be hallucinating my iPhone’s lockscreen. It’s remarkably reminiscent. It’s crazy how Microsoft always seems to be doing things about 10 years before everyone else catches on, for better or worse. I’m not a fan of the iOS look, and it looks whacky and childish to me when ported to the Mac – especially since macOS has also become almost Windows-like by having so many application frameworks, some from iOS, some from macOS, and some a weird combination of the two. It’s making macOS far messier and more inconsistent than it used to be, leaving the Linux desktop as the last bastion of people who value a dekstop-first, consistent interface. If you told me this 10-15 years ago, I’d have called you crazy, but we’re now living in a world where a GTK or QT desktop is far more consistent and focused on the desktop than Windows and macOS, which both feel lost in the woods at the moment.
macOS is fortunate to have access to the huge arsenal of standard Unix tools. There are also a good number of macOS-specific command-line utilities that provide unique macOS functionality. There’s some real cool stuff in here.
In this blog we’ll look at what it takes to construct an in-memory loader for Mach-O bundles within MacOS Ventura without using dyld. We’ll walk through the lower-level details of what makes up a Mach-O file, how dyld processes load commands to map areas into memory, and how we can emulate this to avoid writing payloads to disk. I also recommend reading this post alongside the code published here to fully understand the individual areas called out. In keeping with Apple’s migration to ARM architecture, this post will focus on the AARCH64 version of MacOS Ventura and XCode targeting macOS 12.0 and higher. With that said, let’s dig in. This is well beyond my pay grade, but I’m sure some of the more advanced macOS nerds among you will love this.
Apple today announced macOS Sonoma, the latest version of its Mac operating system. Launching this fall, macOS Sonoma includes several new features, including desktop widgets, Apple TV-like aerial screensavers, enhancements to apps like Messages and Safari, a new Game mode that prioritizes CPU and GPU performance for gaming, and more. Apple also showed off iOS 17, watchOS 10, and iPadOS 17. iOS 17 features personalized contact posters with photos, Memojis, and eye-catching typography that appear during calls and in the updated address book. A new Live Voicemail feature brings live-transcription in real-time, allowing old-school call screening. Users can now pick up the phone mid-voicemail and transcription is handled-on device. Developer betas will be available starting today, with the final releases expected in the Fall.
MacDock is like the Dock in modern macOS. To use it, simply launch the program. MacDock will be visible at the bottom of your screen. You will see your running applications on the list (limited to 7 applications). Clicking on any of them switches you to the app. I love little projects like these. Even today, they make using older systems just a little bit less alien.
While trying to fix my printer today, I discovered that a PDF copy of Satoshi Nakamoto’s Bitcoin whitepaper apparently shipped with every copy of macOS since Mojave in 2018. I’ve asked over a dozen Mac-using friends to confirm, and it was there for every one of them. The file is found in every version of macOS from Mojave (10.14.0) to the current version (Ventura), but isn’t in High Sierra (10.13) or earlier. A peculiar find indeed, considering the utter uselessness and wastefulness that is cryptocurrency.
A bit of background. When macOS Monterey was announced, Apple added an orange dot indicator that appears on top of everything whenever the microphone is in use. Kidding, it was quite a nice privacy addition actually. We could finally see in realtime when an app used the microphone, and what app that is. But this wasn’t something that everyone wanted. And so begins a detailed article about to hide the orange dot indicator. Can it be done without disabling System Integrity Protection?
While developing mirrord, which heavily relies on injecting itself into other people’s binaries, we ran into some challenges posed by macOS’s SIP (System Integrity Protection). This post details how we ultimately overcame these challenges, and we hope it can be of help to other people hoping to learn about SIP, as we’ve learned the hard way that there’s very little written about this subject on the internet. Potentially useful information for macOS developers.
One unfortunate fact of my life is that I have to deal with an obscure database whose macOS drivers require the addition of a directory to DYLD_LIBRARY_PATH for their Python driver to find them. To make matters worse, Apple’s CLI tools strip that variable away as part of macOS’s System Integrity Protection (SIP) before running a command. Given that DYLD_* environment variables are a known attack vector for Mac malware, that’s a good thing in general. However, sometimes one needs a workaround to get the job done. Some of this made sense to me.
