Mints: a multifunction utility

Mints is a growing collection of tools which provide tailor-made log extracts for investigating problems and exploring macOS, collate various information about a Mac which can be difficult to find elsewhere, perform a set of tests on Spotlight, and provide specialist tools for certain types of data. It’s aimed primarily at the advanced user, system administrator, support folk, and developers, although its tools are simple to use.

Mints is supplied as a Universal App for for High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura and Sonoma, and the current version can be downloaded from here. If you want the previous version, which still supports Sierra, then that’s available from here.

Version 1.19, released on 1 March 2024, improves iCloud log excerpts in Sonoma.

Known issues:

There are some oddities with the Spotlight/Check Search window which can make multiple windows appear at times. These occur when you perform multiple tests in the same session, and are simple to deal with, by closing the additional windows.

The app’s features are available from buttons on its main window, the Visual Look Up command in the Window menu, and commands in the Data… section of its Window menu.

mints1161

The rest of this page provides further information and links to various article which may help you get the most out of its tools.

Log Windows

mintsb105

Each of the buttons to open a log window works in the same way, with identical controls. Simply set the time Period relative to the local time, and click on the Get log button. Mints then uses an appropriate predicate to fetch just entries relevant to that topic. They are then displayed using colour to distinguish the sub-system for each entry.

Mints needs to be run from an admin user account to reliably obtain log extracts. This is a limitation imposed in the log show command in macOS. The latest versions of these apps won’t run when the current user isn’t a member of the admin group (80), but display an explanatory alert and quit.

Many of the most valuable log entries are those classified as Info. These are progressively weeded from the log, so it’s important to obtain log extracts as soon as you can after any test or event. This is explained here.

The predicates used are:

subsystem == “com.apple.clouddocs” OR subsystem == “com.apple.cloudkit” OR subsystem == “com.apple.mmcs” OR processImagePath CONTAINS[c] “cloudd” OR processImagePath CONTAINS[c] “bird” OR processID = 0 (for iCloud before Sonoma)
subsystem == “com.apple.FileProvider” OR subsystem == “com.apple.cloudkit” OR subsystem == “com.apple.mmcs” OR processImagePath CONTAINS[c] “cloudd” OR processImagePath CONTAINS[c] “bird” OR processID = 0 (for iCloud in Sonoma)
subsystem == “com.apple.TCC” OR subsystem == “com.apple.launchservices” OR subsystem == “com.apple.securityd” OR subsystem == “com.apple.sandbox” OR processImagePath CONTAINS[c] “tccd” OR processImagePath CONTAINS[c] “sandboxd” OR processID = 0 (for TCC)
subsystem == “com.apple.TimeMachine” OR (subsystem == “com.apple.duetactivityscheduler” AND eventMessage CONTAINS[c] “Rescoring all”) OR (subsystem == “com.apple.xpc.activity” AND eventMessage CONTAINS[c] “com.apple.backupd-auto”) OR eventMessage CONTAINS[c] “backup” OR eventMessage CONTAINS[c] “Time Machine” OR eventMessage CONTAINS[c] “TimeMachine” (for Time Machine)
subsystem == “com.apple.duetactivityscheduler” OR subsystem CONTAINS “com.apple.xpc” OR processID = 0 (for DAS scheduling)
subsystem == “com.apple.spotlightserver” OR subsystem CONTAINS “com.apple.spotlightindex” OR subsystem CONTAINS “com.apple.DiskArbitration.diskarbitrationd” OR processImagePath CONTAINS[c] “mdworker_shared” OR processImagePath CONTAINS[c] “mds_stores” (for Spotlight)
subsystem == “com.apple.AppStore” OR subsystem == “com.apple.AppleMediaServices” OR subsystem == “com.apple.appstored” OR subsystem == “com.apple.JetEngine” OR processID = 0 (for the App Store)
subsystem CONTAINS[c] “com.apple.diskmanagement” OR subsystem CONTAINS[c] “com.apple.mobileaccessoryupdater” OR subsystem CONTAINS[c] “com.apple.DiskArbitration.diskarbitrationd” OR senderImagePath CONTAINS[c]
“IOAccessoryManager” OR senderImagePath CONTAINS[c] “apfs” (for Disk Mount)
subsystem == “com.apple.VisionKit” OR subsystem == “com.apple.espresso” OR subsystem == “com.apple.siri.argos” OR subsystem == “com.apple.mediaanalysis” OR subsystem == “com.apple.CoreRecognition” OR subsystem == “com.apple.trial” OR subsystem == “com.apple.pegasuskit” OR subsystem == “com.apple.coreml” OR processImagePath CONTAINS[c] “mediaanalysisd” (for Look Up)
subsystem == “com.apple.trial” OR subsystem == “com.apple.triald” OR subsystem == “com.apple.cloudkit” OR processImagePath CONTAINS[c] “triald” OR processImagePath CONTAINS[c] “mediaanalysisd” (for Trial).

Boot uses the predicate eventMessage CONTAINS[c] "=== system boot"

iCloud

iCloud Drive in Sonoma: Optimise Mac Storage or not?
Desktop & Documents Folders in iCloud Drive
iCloud Drive in Sonoma: Clones, sparse files, versions and more
iCloud Drive in Sonoma: Mechanisms, throttling and system limits
Mints and Cirrus updated for Sonoma’s iCloud Drive logs
Testing iCloud using Cirrus (this feature is common to Mints and Cirrus)
iCloud does throttle data syncing after all

TCC

Diagnosing privacy protection problems in Catalina (this feature is common to Mints and Taccy)

Here are some key log entries which you’re likely to come across. In each case, they relate to my app xattred, which has been notarized.

[LaunchServ] LaunchedApplication: "/Applications/xattred.app/Contents/MacOS/xattred", psn=[ 0x0/0xd51d51]
The app xattred.app has been launched by LaunchServices, which is the start of all the TCC checks.

[TCC] AttributionChain: ACC:{ID: co.eclecticlight.xattred, PID[28287], auid: 501, euid: 501, binary path: '/Applications/xattred.app/Contents/MacOS/xattred'}, REQ:{ID: com.apple.WindowServer, PID[200], auid: 88, euid: 88, binary path: '/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer'}
TCC has established an Attribution Chain for the request. This gives the process which is making the request, here WindowServer, and the app which is responsible for satisfying TCC’s requirements, xattred.app. This is particularly important with command tools and other processes which have no GUI to interact with the user.

[tccd] SecTrustEvaluateIfNecessary
This marks a call to evaluate security certificates if required, in this case initiated by tccd.

[securityd] asynchronously fetching CRL (http://crl.apple.com/root.crl) for client (tccd[310]/0#-1 LF=0)
The security certificate is being checked by securityd.

[TCC] /Applications/xattred.app/Contents/MacOS/xattred (offset 0) linked against SDK version 0xa0e00
TCC has checked the app, and discovered that it was built against macOS 10.14 SDK. It therefore applies the latest and most stringent privacy rules.

[TCC] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: co.eclecticlight.xattred, PID[28287], auid: 501, euid: 501, binary path: '/Applications/xattred.app/Contents/MacOS/xattred'}, REQ:{ID: com.apple.appleeventsd, PID[68], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
As a notarized app, the runtime is ‘hardened’. This requires it to have an entitlement in order to access AppleEvents automation services. The app doesn’t have that entitlement, so cannot use those services.

[TCC] matchesCodeRequirementData: SecStaticCodeCheckValidity() static code (0x7fae018388d0) from co.eclecticlight.xattred : anchor apple generic and identifier "co.eclecticlight.xattred" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = QWY4LRW926); result: 0
TCC has checked the code requirement for the app, and it has passed those checks.

[TCC] Handling access request to kTCCServiceSystemPolicyAllFiles, from co.eclecticlight.xattred, default_allow: 0, allowed: 0, prompt_count:0, update_access: 0, preflight: no
TCC is here checking whether the app has Full Disk Access.

[TCC] Handling access request to kTCCServiceCalendar, from co.eclecticlight.xattred, default_allow: 0, allowed: 1, prompt_count:1, update_access: 0, preflight: no
This test included opening a protected file with the user’s Calendars folder. This is the access request to TCC to permit that.

[TCC] Received synchronous reply <dictionary: 0x7fefe3e12530> { count = 1, transaction: 0, voucher = 0x0, contents = "result" => <bool: 0x7fffa7a20be8>: true}
This is a typical successful reply from TCC to a request to access protected folders or services.

[sandbox] kTCCServiceCalendar granted by TCC for xattred
Apps which run in a sandbox (App Store), or in this case are hardened, will also record the granting of requests to access protected folders or services.

Time Machine

Time Machine in Sonoma: How to check backing up
Reading a normal backup in Catalina using Mints
Time Machine to APFS: How processes have changed
Time Machine to APFS: Initiating an auto backup
Time Machine to APFS: Backing up

You may also wish to use T2M2.

Trial

What is triald and why is it taking so much disk space?
Digging deeper into Trial using Mints

Visual Look Up

Mints now opens up access to Visual Look Up
Introduction to Visual Look Up
How Visual Look Up works in detail 1: paintings on Intel and M1 Macs

App Store

How to get the best out of the App Store
Inside the App Store: how it delivers your apps

Disk Mount

How does an Apple silicon Mac mount a Thunderbolt disk?
Dive into APFS in Mints version 1.11

DAS Scheduling

Scheduling and dispatch of backups and other background activities
How macOS schedules and dispatches background tasks using CTS 1
How macOS schedules and dispatches background tasks using CTS 2
How macOS schedules and dispatches background tasks using CTS 3
What happens when background scheduling fails
Time Machine to APFS: Initiating an auto backup

Boot

Mints 1.5 reports recent boots and solves normalization

Spotlight log extracts and testing

Spotlight on search: How to diagnose and fix problems
How to restore Spotlight search of Rich Text files
Full release of Mints 1.0 is now available, and diagnoses Big Sur’s Spotlight bug
Diagnosing a Spotlight bug in Big Sur: failure to index RTF content
How to test Spotlight out in 30 seconds with Mints 1.0b11

Environment

Controlling processes and environments
sudo vulnerability check

Mach Absolute Time

Inside M1 Macs: Time and logs
Mints now tells you the (Mach absolute) time

Software Update

Mints now lists firmware and recovery versions, and more
How to find full Software Update information
An atlas of recovery and boot volumes: High Sierra to Monterey

XProtect Remediator

Monitor macOS anti-malware scans with Mints version 1.9
Introducing XProtect Remediator, successor to MRT
Changing anti-malware tools in macOS
macOS now scans for malware whenever it gets a chance
Hunting malware protection in the log

Unified log

Gaining control over your Mac’s log

SSD Disk Check

Mints version 1.13 fixes a crashing bug
Mints version 1.12 reveals SMART indicators for some SSDs

Miscellaneous info

Mints can now reveal your Mac’s logic board ID

Sysctl Information

mints1162

Sysctl Information page
Exploring sysctl’s secrets with a new version of Mints

Universal Binary Checker

mintsb402
Magic, lipo and testing for Universal binaries

Data: Inode

Resolve inode numbers to file paths in Mints 1.15

Data: Doubles

Can you trust floating-point arithmetic on Apple Silicon?

Data: Normalizer

Mints 1.5 reports recent boots and solves normalization
Apfelstrudel and unorml
28 years after Unicode, we still can’t handle accents: PDF + macOS + URL = chaos

Floating Point Explorer

mints1183

Mints version 1.18 now shows floating-point numbers in hex
Explore floating-point number formats in Mints 1.17 – a short demonstration

26Comments

Add yours

1

timjph on August 28, 2022 at 5:41 pm
Reply

I came across a really strange effect using Mints running on an M1 MacBook Pro. When I run Mints 1.8 on macOS 12.5.1 the system creates an copy structure in /private/**/AppTranslocation/ which then has the property of failing fts_read:

sudo ls -l /private/var/folders/18/965vbqm51995z0fc5r567hsc0000gn/T/AppTranslocation/1767887C-71F5-4524-81D9-89E21C36BB89/d
total 0
drwxr-xr-x@ 3 th staff 96 20 Aug 19:08 Mints.app
ls: fts_read: Result too large

Quiting the application causes this entry to be removed, leaving only the AppTranslocation directory:

sudo ls -l /private/var/folders/18/965vbqm51995z0fc5r567hsc0000gn/T/AppTranslocation
total 0

The consequence of this seems to be to fail TimeMachine if the app is running (log from a previous run – each time Mints is run a different UUID is created):

22-08-28 12:13:39.157 TimeMach Failed to enumerate URLs under /private/var/folders/18/965vbqm51\
995z0fc5r567hsc0000gn/T/AppTranslocation/F8EE56C5-8229-44F1-8650-EAA5314FAE5C for SnapshotStorage \
reuse with error Error Domain=NSCocoaErrorDomain Code=256 “The file “F8EE56C5-8229-44F1-8650-EAA53\
14FAE5C” couldn’t be opened.” UserInfo={NSURL=file:///private/var/folders/18/965vbqm51995z0fc5r567\
hsc0000gn/T/AppTranslocation/F8EE56C5-8229-44F1-8650-EAA5314FAE5C, NSFilePath=/private/var/folders\
/18/965vbqm51995z0fc5r567hsc0000gn/T/AppTranslocation/F8EE56C5-8229-44F1-8650-EAA5314FAE5C, NSUnde\
rlyingError=0x14510e120 {Error Domain=NSPOSIXErrorDomain Code=34 “Result too large”}}

Does this make any sense at all? I initially thought there was a file system problem, but I wonder if the fts_read fail is due to some apple bug or an infinite link loop of some sort.

Best wishes,

Tim

LikeLiked by 1 person
- 2
  
  hoakley on August 28, 2022 at 8:24 pm
  Reply
  
  Thank you.
  No, I have no idea what that is. However, it means that you’re running Mints in translocation, which is a well-known cause of bizarre problems with many apps.
  I suggest you move Mints to your main Applications folder and run it from there. If the translocation folder persists in causing TM problems, just delete it, as it will be recreated as necessary.
  FYI Mints is a straight AppKit app, and does nothing clever apart from checking its own signature on opening, and creating a regular preferences file. So whatever is going on here is a figment of macOS security.
  Howard.
  
  LikeLike
  - 3
    
    timjph on August 28, 2022 at 10:15 pm
    Reply
    
    I think I understand how Mints was running in Translocation – I had copied the directory into the Applications folder, so the App wasn’t at the top level, but inside a mint18 subdirectory. Moving the App to the top directory fixed it. Apparently that’s enough to trigger Translocation. However its still a mystery to my why an app running in Translocation should trigger what looks like a filesystem error fts_read, which then seems to upset timemachine too.
    Tim
    
    LikeLiked by 1 person
    - 4
      
      hoakley on August 29, 2022 at 3:20 pm
      
      I think that’s probably just a bug. I’ve had users reporting all sorts of problems as a result of apps being run in translocation, none of which have anything to do with assumptions about file paths. By far the best solution is to install apps straight into one of the standard folders.
      Howard.
      
      LikeLike
5

joevt on February 20, 2023 at 4:20 pm
Reply

I used the Universal Binary Checker in Mints 1.10 (120) to look at /System/Library/Extensions/IOPCIFamily.kext on Monterey 12.6.2 on an Intel Mac.

It says:

Listing of all bundles which have ARM64 code in the folder /System/Library/Extensions/IOPCIFamily.kext:

/System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily

Found 1 items which have ARM64 code, out of 6 scanned in /System/Library/Extensions/IOPCIFamily.kext (including Mach-O files)

If kexts no longer contain executable binaries, then what is this looking at?

LikeLiked by 1 person
- 6
  
  hoakley on February 20, 2023 at 4:49 pm
  Reply
  
  The bundle. Bundles can also declare their support for different architectures, even when they don’t contain any binary code.
  Howard.
  
  LikeLike
- 7
  
  joevt on February 21, 2023 at 7:16 am
  Reply
  
  I think I got Monterey and Ventura confused. I also got confused by the layout of the IOPCIFamily.kext. On Monterey, the kext does have a binary executable but it’s in the root of the kext instead of the usual place: Contents/MacOS. That kext has been that way since at least Mac OS X 10.4 Tiger. So for Monterey, Mints.app reported correctly that the kext has one ARM64 item.
  
  I wonder why some kexts have Contents/MacOS and some do not. It’s a very small number of kexts. The following command searches all versions of macOS (Tiger to Ventura) on my Mac Pro 2008 (except Big Sur which can’t be mounted from Monterey for some unknown reason – same as my Mac mini 2018 running Ventura which currently can’t boot Big Sur even though it could previously and it also can’t boot the Big Sur installer):
  
  find /Volumes/*/System/Library/Extensions/*.kext -type f -depth 1 -not -name ‘*.plist’ | sed ‘/.*\//s///’ | sort -u
  
  AppleBacklightExpert
  AppleIntelGMAX3100FB
  AppleIntelIntegratedFramebuffer
  AudioAUUC
  IOGraphicsFamily
  IONDRVSupport
  IOPCIFamily
  
  Ventura’s IOPCIFamily.kext has Contents but not Contents/MacOS and doesn’t have a binary executable. In this case Mints.app reports correctly that the kext has zero ARM64 items.
  
  LikeLiked by 1 person
  - 8
    
    hoakley on February 21, 2023 at 11:16 am
    Reply
    
    Thank you.
    However, in the test that Mints does is checks whether it’s looking at a bundle. If it is, then it asks whether the bundle declares itself as supporting ARM64, which can be different from whether all its contents do. It’s perfectly feasible, for example, for a bundle to contain an x86 executable, and that should be reported separately when it looks inside the bundle.
    Howard.
    
    LikeLike
  - 9
    
    joevt on February 21, 2023 at 3:54 pm
    Reply
    
    Universal Binary Checker doesn’t appear to report x86 info, at least on my Intel Mac. It only reports ARM64 info. Is the behaviour different when running on an Apple Silicon Mac?
    
    What part of a bundle has the ARM64 declaration? Is a kext a bundle? I don’t see anything in the Info.plist of a kext that looks like an architecture declaration.
    
    Universal Binary Checker has two options for the Universal Binary Checker: “Check all bundles” and “Check Mach-O”. I believe kexts usually don’t contain bundles, therefore only the “Check Mach-O” option will list an ARM64 binary in the IOPCIFamily.kext.
    
    The messages produced by Universal Binary Checker are sometimes strange. With only “Check all bundles” selected, it says:
    
    Listing of all bundles which have ARM64 code in the folder /System/Library/Extensions/IOPCIFamily.kext:
    Found 0 items which have ARM64 code, out of 0 scanned in /System/Library/Extensions/IOPCIFamily.kext
    
    That seems fine since the kext is not a bundle (actually, see below for more info on that).
    
    With only “Check Mach-O” selected, it says:
    
    Listing of all apps which have ARM64 code in the folder /System/Library/Extensions/IOPCIFamily.kext:
    /System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily
    Found 1 apps which have ARM64 code, out of 6 scanned in /System/Library/Extensions/IOPCIFamily.kext (including Mach-O files)
    
    That is fine if you equate “app” and “executable binary (or Mach-O file)”. However only one of the files was an executable, so maybe it should say “found 1 out of 1 executable which have ARM64 code, out of 6 total files scanned …”
    
    With both options selected, it says:
    
    Listing of all bundles which have ARM64 code in the folder /System/Library/Extensions/IOPCIFamily.kext:
    /System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily
    Found 1 items which have ARM64 code, out of 6 scanned in /System/Library/Extensions/IOPCIFamily.kext (including Mach-O files)
    
    But /System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily is not a bundle. Maybe it should report two separate lists: list of bundles (empty in this case) and list of mach-o (contains /System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily).
    
    I’m not sure what it means to have both options unselected. It says:
    
    Listing of all apps which have ARM64 code in the folder /System/Library/Extensions/IOPCIFamily.kext:
    Found 0 apps which have ARM64 code, out of 0 scanned in /System/Library/Extensions/IOPCIFamily.kext
    
    It seems it’s looking for Mach-O because it says “apps” but it doesn’t find any since the option was not selected. Maybe the Scan button should be disabled if both options are not selected.
    
    Actually, if I tell Universal Binary Checker to scan /System/Library/Extensions, then it does report /System/Library/Extensions/IOPCIFamily.kext as a bundle containing ARM64 code so my statement above that a kext is not a bundle is wrong. With both options selected, it will mix executables and bundles in the same list like this:
    
    /System/Library/Extensions/IOPCIFamily.kext
    /System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily
    
    Like I said above, those should be in separate lists, or each item’s type should be indicated: bundle for the kext and mach-o for the executable. Or perhaps it’s sufficient for a bundle to end in a / character since bundles are always directories?
    
    Given the results of scanning “/System/Library/Extensions”, it seems to me that if I tell Universal Binary Checker to scan a directory, it should check if that directory is itself a bundle. So if I ask it to scan “/System/Library/Extensions/IOPCIFamily.kext” as in the above examples, it should report the bundle “/System/Library/Extensions/IOPCIFamily.kext” and the executable “/System/Library/Extensions/IOPCIFamily.kext/IOPCIFamily” just like it does when I ask it to scan “/System/Library/Extensions”.
    
    LikeLiked by 1 person
    - 10
      
      hoakley on February 21, 2023 at 4:25 pm
      
      “Is the behaviour different when running on an Apple Silicon Mac?” No. It reports total numbers checked, and those found to contain ARM64 code or ARM64 as a supported architecture. It’s described in detail in the Help book (have you looked at that? It has two pages detailing this tool).
      “What part of a bundle has the ARM64 declaration?” I don’t know, but bundles contain an accessible property executableArchitectures, which reveals which that bundle supports. That’s what Mints inspects, as well as all Mach-O executables, as described in the Help book.
      “Is a kext a bundle?” It depends. That’s up to macOS to decide. This feature is primarily intended for checking apps, libraries, and other code *outside* macOS. I never dreamed for a minute that anyone would use it to check macOS kexts.
      I’m sorry that you find this feature in Mints falls short of what you require. Maybe for your specific purpose, you’d be better off writing your own script to do whatever you’re trying to do? It certainly isn’t what I had in mind for that tool in Mints. Sorry.
      Howard.
      
      LikeLike
    - 11
      
      joevt on February 22, 2023 at 5:06 am
      
      In my comments, if you replace the kext example with an app or library example, then most of my observations about the Universal Binary Checker still apply. The Universal Binary Checker seems to work just as well for kexts as it does for apps and libraries except for Ventura since the kexts in Ventura don’t contain the executable binary that the bundle check and mach-o check require. While kexts in Ventura aren’t recognized as bundles, they may contain bundles (or plugins) which in turn contain executables and Universal Binary Checker will report all those bundles and executables.
      
      Mints.app was brought to my attention when someone tried to use my fork of pciutils and directhw to do lspci or setpci on an Apple Silicon Mac. I had recently updated them to work for all versions of macOS on PowerPC, Intel, and Apple Silicon Macs but I don’t have an Apple Silicon Mac to test. Apparently, the same DirectHW.kext code that works on PowerPC and Intel Macs causes a panic or something on an Apple Silicon Mac. The user performing the testing used Mints.app to verify that the Monterey version of IOPCIFamily.kext contained ARM64 code. Looking at the disassembly of the ARM64 code, it can be seen that IOPCIBridge doesn’t have a kIOPCIDiagnosticsClientType user client for Apple Silicon Macs. Of course, the same is true for PowerPC Macs because PowerPC Macs are limited to Mac OS X 10.5 Leopard and that user client has existed only since OS X 10.10 Yosemite. PowerPC and Apple Silicon Macs don’t have the AppleACPIPlatformExpert user client (which has existed since Mac OS X 10.4 Tiger for Intel Macs) because they don’t have ACPI so they must use the user client of DirectHW.kext. The user clients are used by user space apps to perform PCI config space register accesses. Maybe Apple has removed the ability for arbitrary kexts to do config space register accesses. Or maybe there’s a bug in my DirectHW.kext – with the way it enumerates host PCI bridges or something.
      
      LikeLiked by 1 person
    - 12
      
      hoakley on February 22, 2023 at 9:22 pm
      
      Thank you.
      I wish you success in tracking this down.
      Howard.
      
      LikeLike
13

martinwinter on March 28, 2023 at 2:49 pm
Reply

I am currently dealing with a strange keychain issue on a hosted Mac mini. The Keychain section of Mints also does not detect this scenario, so I thought it might be interesting (and perhaps even helpful) to share it:

There is in fact a difference between the _login_ keychain and the _default_keychain, though I have not yet found official documentation about this. On this Mac, the commands `security login-keychain` and `security default-keychain` do indeed show two different files. The strange thing is that the login keychain is listed under “Custom Keychains” in Keychain Access.

The problem I have is that after every restart, Spotlight and sometimes Git cause the keychain password dialog for the default keychain to open, which incidentally also does not have the same password as the login password.

LikeLiked by 1 person
- 14
  
  hoakley on March 28, 2023 at 7:17 pm
  Reply
  
  Thank you.
  The key words here are “a hosted Mac mini”. I’m sorry, but my tools aren’t designed to address whatever happens on hosted Macs. On regular Macs running macOS, the default keychain *is* the login keychain, and Mints reports what macOS thinks is the default.
  I have absolutely no idea how a hosted Mac handles keychains, although I’m sure the hosting support folk could explain.
  The reason for macOS is simple: a single password gains you admission to your user account, unlocks FileVault, and unlocks the login keychain, as the default. If you don’t believe me, then try changing the password on the login keychain alone – logging in suddenly gets very complex!
  Howard.
  
  LikeLike
  - 15
    
    martinwinter on March 29, 2023 at 9:40 am
    Reply
    
    Hi Howard, thanks for the timely reply. I should have been more precise with my terms: It is a dedicated server, not hosted, so we do manage it ourselves (we use it as a build server). I did figure it out in the end – a colleague of mine had included an Azure Pipelines step which used `security default-keychains -s` to set the default keychain .
    
    All I meant to point out in respect to Mints is that it might be a good idea for it to display this discrepancy between login and default keychains if it should arise. Also, I noticed that the `security list-keychains` command does not always reflect the contents of the `~/Library/Keychains` folder, so comparing the two might be another good indicator for problems.
    
    LikeLiked by 1 person
    - 16
      
      hoakley on March 29, 2023 at 3:53 pm
      
      Thank you for clarifying.
      As I wrote, Mints isn’t intended for this sort of application, I’m afraid. Any discrepancy will be shown in the location of the default keychain, at least on a normal user Mac.
      Howard.
      
      LikeLike
17

hhanche on April 16, 2023 at 9:09 am
Reply

Howard,

This may seem like a trivial complaint, but to me, it is sort of major: The green coloured text in Mints (and Ulbow, too) is almost unreadable to me.

Now I am not a youngster anymore, and my cataracts may be adding to the problem – but green text on a white background has been bothering me for as long as have been using modern computers – and by modern, I mean one with a colour screen (I started out with paper tape and punch cards).

The problem is not with green per se, but that it is invariably way too bright. The resulting contrast against the white background is too low, so I have to squint to read it, and get serious eye strain from looking more than a minute or so. As a result, I derive no benefit from your otherwise nice colour schemes, as I find myself copying all the text into a text editor if I need to study it closely.

I think a good starting point would be a saturated green at around 60% brightness. That is, hsl(120 100% 30%), rgb(0% 60% 0%) or hwb(120 0% 40%) if you speak css. Possibly a tad brighter. That should be bright enough to stand out, yet dark enough to be readable.

What do you think?

Other than that, these apps (and your great explanations of the unified log) are tremendously helpful. Thank you.

LikeLiked by 1 person
- 18
  
  hoakley on April 16, 2023 at 7:26 pm
  Reply
  
  Thank you.
  I’m sorry about that, and intend (when I get time) to add a feature to allow you to customise the colours used. However, this is rather more complex that might appear, as the colours used also have to change when you change from Dark to Light mode, and back again. So you actually need two colour settings for each, to work with appearance modes.
  I do intend getting round to it sometime, though.
  Howard.
  
  LikeLike
  - 19
    
    hhanche on April 17, 2023 at 10:42 am
    Reply
    
    Thank you. A way to customise the colours may indeed be useful, but as you say, that is more complex and can take time. In the meantime, why not change the hard coded value? Anything darker than the present would be a help. I strongly suspect I am far from the only one finding the current green hard to read, I am just more vocal about it than most. There is a useful contrast checker at https://webaim.org/resources/contrastchecker/. The lightest green I can make to pass the test is about #228822. But even I would be satisfied with a somewhat brighter green than that.
    
    LikeLiked by 1 person
    - 20
      
      hoakley on April 17, 2023 at 2:30 pm
      
      Have you tried using Dark Mode?
      The problems with simply changing one colour are that would then also be applied in Dark Mode – these days, you have to specify both colours – and what you might like will not be the choice of many others. Your colour choice might be worse for the 1 in 20 males with limited colour vision, for instance. The colours currently used are system standards intended to work best across the population as a whole.
      I will implement this properly, but have a limited number of hours in the day. Please be patient and try Dark Mode as a workaround for the time being, as it makes all syntactically coloured text much clearer to read.
      Howard.
      
      LikeLike
21

Brandon on September 24, 2023 at 10:25 pm
Reply

Is pegasuskit related to the pegasus malware? I can’t find info on what espresso, pegsuskit etc actually are and there’s logs under them

LikeLiked by 1 person
- 22
  
  hoakley on September 25, 2023 at 7:38 am
  Reply
  
  No. If you’d like to look in the article above, you’ll see three articles about visual look up linked. They explain how PegasusKit and Espresso are involved in VLU, and what to expect to see in the logs.
  Howard.
  
  LikeLike
23

tempelmann@gmail.com on January 20, 2024 at 1:03 pm
Reply

Thanks for keeping it backward compatible down to High Sierra, BTW!

LikeLiked by 1 person
- 24
  
  hoakley on January 20, 2024 at 2:11 pm
  Reply
  
  No problems – the limit here is support by the current Xcode, which is currently at High Sierra.
  Howard.
  
  LikeLike
25

mrjozo on March 26, 2024 at 6:29 pm
Reply

On my MBP, running Sonoma 14.4.1 Intel and Mints 1.9, when I run the Spotlight test, and then click “Check Search,” the results window pops up and immediately problem report pops up notifying me that mdimport quit unexpectedly. Is this an indication that there is an issue with mdimport? Any pointers on how to troubleshoot further?

LikeLiked by 1 person
- 26
  
  hoakley on March 26, 2024 at 6:31 pm
  Reply
  
  Yes. That’s the time you need to take to the log. Before that, I’d try restarting and trying again.
  Howard
  
  LikeLike