Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Show excerpts

#1668: Updated Rapid Security Responses, OS public betas, screen saver bug fixed, “Red Team Blues” book review

This week, we have several small bits of news about Apple’s operating systems. First and most importantly, the company pulled and then re-released the Rapid Security Response updates for iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 to address a website loading problem for sites that stumbled on Safari’s 16.5.2 (a) version number. Apple also released public betas for its forthcoming operating systems, but we don’t recommend installing them unless you have dedicated test hardware and know what you’re doing. Finally, although Apple didn’t see fit to tell us in any release notes, a recent update to macOS Ventura fixed a screen saver bug introduced in version 13.3. For something completely different, Adam Engst reviews Cory Doctorow’s tech thriller Red Team Blues. Notable Mac app releases this week include Safari 16.5.2, Fantastical 3.7.16, Bookends 14.2.2, and Thunderbird 115.

Adam Engst 20 comments

Rapid Security Responses for iOS/iPadOS 16.5.1 (c) and macOS Ventura 13.4.1 (c)

Let’s try this again. Apple has rereleased Rapid Security Response updates for iOS 16.5.1 (c), iPadOS 16.5.1 (c), and macOS Ventura 13.4.1 (c) to fix a WebKit vulnerability that could allow malicious Web content to execute arbitrary code. The vulnerability is being actively exploited, and despite the website loading issues with Safari in the previous versions, I encourage you to install these updates as soon as feasible. They loaded quickly, in under 4 minutes on each of my devices, including the necessary restart.

In the event of problems, remember that you can uninstall Rapid Security Responses (but not regular updates) just as quickly as you install them (see “What Are Rapid Security Responses and Why Are They Important?” 2 May 2023).

  • iPhone or iPad: Navigate to Settings > General > About > iOS Version, and then tap Remove Security Response. Tap Remove to confirm.
  • Mac: Go to System Settings > General > About, click the ⓘ next to the macOS version, click Remove & Restart, and confirm the action.

The new versions fix an issue that prevented a few websites from displaying properly in Safari by changing its user agent identifier to remove the parenthetical letter that seems to have confused sites like Facebook and Instagram. Apple also incremented Safari’s build number.

Safari 16.5.2 user agents
To see the User Agent options above, enable the Develop menu in Safari > Settings > Advanced, then look in the Develop > User Agent menu.

While Apple’s choice of letters for Rapid Security Response version numbers is questionable, Meta and other companies whose websites were affected also bear responsibility for not failing gracefully when encountering unexpected user agent identifiers.

Let us know in the comments if you experience any other issues associated with the Rapid Security Response updates.

Adam Engst 5 comments

Recent macOS Update Fixes Multi-Display Screen Saver Bug

When we covered the update to macOS 13.3 Ventura in “Apple Releases iOS 16.4, iPadOS 16.4, macOS 13.3 Ventura, watchOS 9.4, tvOS 16.4, and HomePod Software 16.4” (27 March 2023), Howard Rosenman commented that the Aerial screen saver would no longer show on both of the displays attached to his M2 Mac mini. He was right, and others confirmed that the problem afflicted both Apple and third-party screen savers, such as Aerial and Electric Sheep.

I don’t know when Apple fixed the bug because the company didn’t see fit to mention it in any release notes. Regardless, in macOS 13.4.1, the screen saver again works properly with multiple displays. If, like me, you switched your screen saver module because it wouldn’t show on all your displays, you can now return to your preferred approach in System Settings > Screen Saver.

Screen savers in macOS Ventura

Alas, Apple didn’t tackle the more complex problem of getting the screen saver to display edited or rotated photos rather than the original image (see “macOS Photo Screen Savers Still Don’t Properly Display Rotated or Edited Images,” 5 March 2023).

Adam Engst 31 comments

Apple Opens Public Betas for macOS 14 Sonoma, iOS 17, iPadOS 17, watchOS 10, tvOS 17, and HomePod Software 17

Want to help Apple find bugs and get a glimpse of the future in the process? You can now install public betas of Apple’s forthcoming 2023 operating systems: macOS 14 Sonoma, iOS 17, iPadOS 17, watchOS 10, tvOS 17, and HomePod Software 17. For our favorite features, see “12 Compelling Features Coming to Apple’s Operating Systems in 2023” (5 June 2023) and “Another Dozen Compelling Features Coming to Apple’s Operating Systems in 2023” (7 June 2023).

Apple's 2023 public beta operating systems

You will need compatible hardware; for the specifics, see “The Real System Requirements for Apple’s 2023 Operating Systems” (19 June 2023). I strongly recommend installing only on dedicated test hardware. You would be nuts to run one of these betas on a device you rely on for, well, anything. You’re likely to run into incompatibilities and bugs—that’s the entire point of a beta program.

Although I always recommend making a backup before installing an update to any operating system, you shouldn’t install these betas on anything you can’t erase at the drop of a hat without fear of data loss.

To be safe, avoid connecting your primary iCloud account with the betas to avoid a bug causing an upstream problem. You wouldn’t want beta iCloud Drive code to corrupt important data you use on your everyday devices.

If it sounds like I’m trying to dissuade you from installing the public betas, I am. If you don’t know what you’re getting yourself into, you could lose data or waste a lot of time recovering from problems. Conversely, if you’ve done this before and are comfortable with the technical implications, have fun! I certainly intend to.

To try one or more of the betas, go to Apple’s public beta page, read the FAQ, and sign up for the beta program. Once you’re in, you enroll your devices, after which the betas appear in Software Update.

Finally, remember that the main reason to test public betas is so you can report bugs, so revisit David Shayer’s advice in “How to Report Bugs to Apple So They Get Fixed” (17 June 2020).

Adam Engst 13 comments

BookBITS: “Red Team Blues” by Cory Doctorow

Book reviews are unusual for TidBITS, and I don’t intend to share my Libby activity with you regularly. But Cory Doctorow’s novel Red Team Blues merits mention. In part, that’s because the fictional world it depicts could be pulled from Silicon Valley headlines and backchannel forums of today. But I also found it intriguing based on some things that Cory has written about the role of fiction in the modern world.

I’m not close friends with Cory, and we’ve met in person only a handful of times. Nor have we exchanged significant amounts of email or interacted much in online communities. But we have orbited similar spaces in the Internet world for decades, him with Boing Boing, the Electronic Frontier Foundation, and his books, and me with TidBITS, Info-Mac, the Internet Starter Kit, and Take Control. He’s one of those people who has long been a fixture of my Internet firmament, even if that means exchanging email only every 5 or 10 years.

Our last exchange came in 2020 after I read a piece he’d written for Slate titled “The Dangers of Cynical Sci-Fi Disaster Stories.” I was drawn in by the subtitle: “I’m changing how I write fiction—for the benefit of the real world.” I’m suspicious that our shared fictions subtly affect our responses to real-world problems, and that was the focus of Cory’s piece.

Made-up stories, even stories of impossible things, are ways for us to mentally rehearse our responses to different social outcomes. Philosopher Daniel Dennett’s conception of an intuition pump—“a thought experiment structured to allow the thinker to use their intuition to develop an answer to a problem”—suggests that fiction (which is, after all, an elaborate thought experiment) isn’t merely entertainment.

In response to that, I emailed Cory, writing:

I’ve long been uncomfortable with a great deal of mainstream entertainment, whether we’re talking about science fiction books, movies, TV shows, or video games. It’s easy to brush aside concerns by saying that people can tell the difference between fact and fiction, but I think our fiction has gotten so good and so compelling—and in the case of visual genres, so realistic—that at some low level, we really are having trouble separating what’s real from what’s imagined. The intuition pump is a nice way to encapsulate that. The stories may be compelling, but they seldom resonate with how I see real people acting in everyday life or address the messiness of the real-world issues we have to deal with.

His reply drew a fine-line distinction between how we act and how we expect others to act. We know we’re good people because we’re in our own heads. But we’re not in other people’s heads, so their actions are often mysterious, allowing the fiction we consume a stronger vote in how we imagine others might behave. He said:

I think there’s a subtle, crucial difference between the idea that fiction inspires us to violence and the idea that it makes us anticipate violence on the part of others.

In the Slate piece, he explains that he realized this after moving to California from firearm-free London, where he lived after growing up in Toronto. Initially, he was shocked by the prevalence of gun stores—did all his neighbors really possess lethal weapons? The gun stores faded into the background until the pandemic hit and people lined up around the block to buy handguns. Why? To protect themselves once civilization broke down. He writes in the article:

I think that our pulp fiction has done us a disservice, creating a commonsense assumption that we are one power failure away from Mad Max: Fury Road. The reality is ever so much messier, full of people trying to do the right thing—which still causes high-stakes, serious conflicts, but they’re conflicts of good faith and sincere disagreement.

The conflicts in Red Team Blues aren’t so much good faith and sincere disagreement, but each of the main parties acts rationally within its worldview, lending a frustrating sense of “Well, of course they’re going to do that” to the plot while leaving our hero to navigate the rocky rapids of a situation beyond his direct control.

Red Team Blues book cover

Red Team Blues is the present-day story of Martin Hench, a 67-year-old “digital forensic accountant” who specializes in recovering money squirreled away by modern-day thieves in cryptocurrencies, holding companies, and offshore accounts. He’s called in by Danny Lazer, a long-time friend who spent decades writing cryptographic code and battling with the NSA before hitting it big with a company that sold crypto libraries and workflows to the tech world. Lazer has leveraged his fortune to create Trustlesscoin, a new cryptocurrency that avoids the environmentally damaging proof-of-work approach by—with some poetic license—running code on the secure enclaves embedded in iPhones and other smartphones.

To have the option of rolling back an early mistake, something that’s generally impossible with a blockchain, Lazer has illicitly acquired the signing keys for the secure enclaves. The laptop containing those keys was stolen and Lazer’s hardware key was pickpocketed, meaning that the keys used by Apple, Samsung, and other manufacturers are in the wind, and the billion dollars in Trustlesscoin is at risk. Given that Hench’s fee is a flat 25% of the value of the recovered assets, $250 million is impossible to turn down.

Getting the MacGuffin laptop back is the first order of business, but Hench’s success there lands him in a war between a Mexican drug cartel and a powerful Azerbaijani family bent on revenge for the killing of a member who participated in the laptop theft. An ethically dubious Department of Homeland Security seems happy to let it all continue in the name of the status quo. Leads crop up, friends weave in and out of the plot, and Hench motors around northern California in the Unsalted Hash, a very slightly used forty-foot touring bus acquired in lieu of payment from a rock star whose manager absconded with $2 million. At 67, Hench avoids physical confrontation but isn’t above going to ground—literally—in a homeless camp when he needs to lie low for a few days.

I haven’t spent much time in San Francisco since Macworld Expo ended in 2014, but the Bay Area of Red Team Blues feels real, and I can’t help but wonder if Cory had first-person sources for his gut-wrenching depictions of homelessness. What felt the most real, however, were the characters. Not the specific people in the book, but the old tech world types. The aging crypto hacker, the data center security guy, the early-days secretary who works her way up through customer service and documentation to retire as a VP. (Whose finances Hench rescues from a grifter ex-husband, triggering a romance subplot.) I don’t know these people, but I know people like them, and Cory’s characters rang true. They’re part of that tech world orbit I was talking about, the outer rings of which contain those of us who connected via UUCP, harangued against DRM and shrink-wrap licenses, tilted at the windmill of digital identity, and worried that AOL would be the end of the Internet. Our lives aren’t as interesting as Martin Hench’s or his friends, but that’s merely because we don’t have Cory Doctorow scripting them. And the world of Red Team Blues may be more exciting than ours, but its solutions still prime your intuition pump with well-intentioned people trying to do the right thing rather than copping out with a hail of bullets.

If you have memories of that 1990s tech universe, you’ll enjoy Red Team Blues. Like all of Cory’s books, you can buy it direct as a DRM-free EPUB or MobiPocket. It’s $15, or $20 for an audiobook version read by (of course) Wil Wheaton, or a bit more if you want a dead-tree hardcover copy.

Oh, and the title? In the security world, red teams play offense—they attack systems and look for holes that will grant them entry. Blue teams are defensive; they design and maintain internal defenses and react to red team attacks. As Martin Hench—a lifelong red team guy—says, when you’re on the blue team, you have to be perfect, whereas the red team merely has to find a single mistake. Once you’ve finished the book, you may gain a better appreciation for what it’s like for companies like Apple that are stuck playing on the blue team.


Safari 16.5.2 Adam Engst 11 comments

Safari 16.5.2

Apple has released Safari 16.5.2 for macOS 12 Monterey and macOS 11 Big Sur to fix a WebKit vulnerability addressed in recent updates to iOS, iPadOS, and macOS (see “Rapid Security Responses for iOS/iPadOS 16.5.1 (c) and macOS Ventura 13.4.1 (c),” 13 July 2023). Although Apple had to pull and then rerelease the Rapid Security Responses due to website loading problems caused by the 16.5.2 (a) version number in Safari’s user agent identifier, this version of Safari seems to have sidestepped those issues because it never included the problematic (a). We recommend updating right away. You can download Safari 16.5.2 only via Software Update. (Free, release notes, macOS 11+)

Fantastical 3.7.16 Agen Schmitz No comments

Fantastical 3.7.16

Flexibits has issued Fantastical 3.7.16, adding support for scheduling Skype Calls. The calendar app can now schedule Openings up to 180 days in the future, improves reliability when finding and filtering events using Shortcuts, improves support for connecting to US government and 21Vianet instances of Microsoft 365, makes Interesting calendars accessible when using VoiceOver, fixes a bug that caused Microsoft 365 accounts to sync inconsistently, resolves an issue that prevented Fantastical from changing guest permissions for Google Calendar events, and fixes a bug that caused search results not to be visible without scrolling. ($56.99 annual subscription from Flexibits and the Mac App Store, free update, 70 MB, release notes, macOS 11+)

Bookends 14.2.2 Agen Schmitz No comments

Bookends 14.2.2

Sonny Software has released Bookends 14.2.2 with enhancements and bug fixes for the reference management tool. The update revises how columns are handled in the multi-column reference list with drag-and-drop capabilities, improves right-click options for manipulating reference columns, enables you to right-click the column header to select a sort option for the single-column reference list, improves the PDF annotation popover user interface, updates the RIS.fltr so that it recognizes PDFs exported by Zotero with the Export Library menu option, and addresses an error that occurred when editing labels in Settings. ($59.99 new with a 25% discount for TidBITS members, 109.6 MB, release notes, macOS 10.13+)

Thunderbird 115 Agen Schmitz 2 comments

Thunderbird 115

It has been some time since we last covered Thunderbird, but Mozilla subsidiary MZLA Technologies has now released Thunderbird 115 (aka, Supernova) with significant visual and technical modernizations. The update introduces a new Card view with updated folder, message list, and message display panes, while retaining the legacy Table view for veteran users. It also brings an improved “mini-month” layout to the calendar (along with improvements to the day/week/month grid), adds an “eye-catching” Tags view to the folder pane, improves the address book with a new tabular view, adds support for opening external EML files in a tab, and provides a variety of encryption improvements. (Free, 133.3 MB, release notes, macOS 10.12+)