internals: update for macOS 14.4 Sonoma

it’s a fixed version that does not participate in 'nix flake update'

Makefile

@@ -9,8 +9,9 @@ CHECK_TARGETS = check_files check_binaries check_manifests check_services
 all: $(DB).lz check
 
 ifneq ($(wildcard $(MY_INTERNALS)),)
-internals.txt: $(MY_INTERNALS)
-	textutil -cat txt "$<" -output $@
+internals.tsv: $(MY_INTERNALS)
+	printf 'Term\tDescription\n' > $@
+	textutil -cat txt $@ "$<" -output $@
 	xattr -c $@
 endif
 
@@ -27,8 +28,8 @@ $(DB).lz: $(DB)
 	rm -rf dyld
 endif
 
-check: internals.txt
-	@LANG=en sort --ignore-case $< | diff -uw $< -
+check: internals.tsv
+	@(head --lines=1 ; LANG=en sort --ignore-case) < $< | diff -uw $< -
 	@$(MAKE) --silent --jobs=1 $(CHECK_TARGETS)
 
 define VIEW
@@ -49,34 +50,43 @@ sqlite: $(DB)
 
 # MARK: - data extraction helpers
 
-NIX = $(shell nix-build --no-out-link -A nixFlakes '<nixpkgs>')/bin/nix
-ACEXTRACT = $(shell \
-	$(NIX) --experimental-features 'nix-command flakes' build --no-write-lock-file .\#acextract && \
+ACEXTRACT = $(shell nix build --no-write-lock-file --no-warn-dirty .\#acextract && \
 	readlink result && rm result)/bin/acextract
-DSCU = $(shell \
-	$(NIX) --experimental-features 'nix-command flakes' build --no-write-lock-file .\#dyld-shared-cache && \
-	readlink result && rm result)/bin/dyld_shared_cache_util
+DSCEXTRACTOR = $(shell nix build --no-write-lock-file --no-warn-dirty .\#dsc-extractor && \
+	readlink result && rm result)/bin/dyld-shared-cache-extractor
 
-dyld: /System/Library/dyld/dyld_shared_cache_$(shell uname -m)
-	$(DSCU) -extract $@ $<
+$(DB_TARGETS)::
+	# evaluate helper tools to catch Nix build errors early
+	: $(ACEXTRACT)
+	: $(DSCEXTRACTOR)
+
+dyld: /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Cryptexes/OS/System/DriverKit/System/Library/dyld/dyld_shared_cache_x86_64h
+	if ! test -x $(DSCEXTRACTOR) ; then \
+		printf '\033[1mdscextractor tool unavailable\033[m\n' >&2 ; \
+		echo 'FAIL;' ; \
+		exit 1 ; \
+	fi
+	for i in $+ ; do $(DSCEXTRACTOR) $$i $@ ; done > /dev/null
 	find $@ -type f -print0 | xargs -0 chmod a+x
 
+XCODE = $(lastword $(wildcard /Applications/Xcode.app /Applications/Xcode-beta.app))
+
 prefix = $$(case $(1) in \
 	(macOS) ;; \
 	(macOS-dyld) echo $(dir $(realpath $(firstword $(MAKEFILE_LIST))))/dyld ;; \
-	(iOS) echo /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot ;; \
-	(tvOS) echo /Applications/Xcode.app/Contents/Developer/Platforms/AppleTVOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/tvOS.simruntime/Contents/Resources/RuntimeRoot ;; \
-	(watchOS) echo /Applications/Xcode.app/Contents/Developer/Platforms/WatchOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/watchOS.simruntime/Contents/Resources/RuntimeRoot ;; \
+	(iOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/iOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
+	(tvOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/tvOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/tvOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
+	(watchOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/watchOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/watchOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
 	esac)
 
 find = \
 	{ \
-		$(2) find /Library /System /bin /dev /private /sbin /usr ! \( -path /System/Volumes/Data -prune \) $(1) 2> /dev/null | sed 's/^/macOS /' ; \
-		cd /Applications/Xcode.app/Contents/Developer ; find Library Toolchains Tools usr $(1) | sed 's|^|macOS /Applications/Xcode.app/Contents/Developer/|' ; \
+		$(2) find /Library /System /bin /dev /private /sbin /usr ! \( -path /Library/Developer/CoreSimulator/Volumes -prune \) ! \( -path /System/Volumes/Data -prune \) $(1) 2> /dev/null | sed 's/^/macOS /' ; \
+		find $(XCODE)/Contents/Developer $(1) | sed 's|^$(XCODE)|macOS /Applications/Xcode.app|' ; \
 		test -d "$(call prefix,macOS-dyld)" && cd "$(call prefix,macOS-dyld)" && find . $(1) | sed '1d;s/^\./macOS-dyld /' ; \
-		cd $(call prefix,iOS) ; find . $(1) | sed '1d;s/^\./iOS /' ; \
-		cd $(call prefix,tvOS) ; find . $(1) | sed '1d;s/^\./tvOS /' ; \
-		cd $(call prefix,watchOS) ; find . $(1) | sed '1d;s/^\./watchOS /' ; \
+		cd "$(call prefix,iOS)" ; find . $(1) | sed '1d;s/^\./iOS /' ; \
+		cd "$(call prefix,tvOS)" ; find . $(1) | sed '1d;s/^\./tvOS /' ; \
+		cd "$(call prefix,watchOS)" ; find . $(1) | sed '1d;s/^\./watchOS /' ; \
 	}
 
 file = SELECT id, $(1) FROM files WHERE os = '$$os' AND path = '$$(echo "$$path" | sed "s/'/''/g")'
@@ -114,8 +124,8 @@ db_binaries:: dyld
 		if test -r "$(call prefix,$$os)$$path" && file --no-dereference --brief --mime-type "$(call prefix,$$os)$$path" | grep -Fq application/x-mach-binary ; then \
 			objdump --macho --dylibs-used "$(call prefix,$$os)$$path" | \
 				sed "1d;s/^.//;s/ ([^)]*)$$//;s/'/''/g;s|.*|INSERT INTO linkages $(call file,'&');|" ; \
-			codesign --display --entitlements - "$(call prefix,$$os)$$path" 2> /dev/null | \
-				sed 1d | plutil -convert json - -o - | \
+			codesign --display --xml --entitlements - "$(call prefix,$$os)$$path" 2> /dev/null | \
+				plutil -convert json - -o - | \
 				sed "/^<stdin>: Property List error/d;/^{}/d;s/'/''/g;s|.*|INSERT INTO entitlements $(call file,json('&'));\n|" ; \
 			strings -n 8 "$(call prefix,$$os)$$path" | \
 				LANG=C sed "s/'/''/g;s|.*|INSERT INTO strings $(call file,'&');|" ; \
@@ -130,8 +140,24 @@ db_manifests::
 		test -r "$(call prefix,$$os)$$path" && plutil -convert json "$(call prefix,$$os)$$path" -o - | \
 			sed "/: invalid object/d;s/'/''/g;s|.*|INSERT INTO info $(call file,json('&'));\n|" ; \
 	done
+	$(call find,-type f -name 'TemplateInfo.plist') | while read -r os path ; do \
+		test -r "$(call prefix,$$os)$$path" && { \
+			echo '<dict>' ; \
+			PlistBuddy -c 'Print Definitions:Info.plist\:NSExtension' "$(call prefix,$$os)$$path" ; \
+			PlistBuddy -c 'Print Definitions:Info.plist\:EXAppExtensionAttributes' "$(call prefix,$$os)$$path" ; \
+			PlistBuddy -c 'Print Options:0:Units:Swift:Definitions:Info.plist\:NSExtension' "$(call prefix,$$os)$$path" ; \
+			PlistBuddy -c 'Print Options:0:Units:Swift:Definitions:Info.plist\:EXAppExtensionAttributes' "$(call prefix,$$os)$$path" ; \
+			echo '</dict>' ; \
+		} 2> /dev/null | plutil -convert json - -o - | \
+			sed "/Property List error:/d;s/'/''/g;s|.*|INSERT INTO info $(call file,json('&'));\n|" ; \
+	done
 
 db_assets::
+	if ! test -x $(ACEXTRACT) ; then \
+		printf '\033[1macextract tool unavailable\033[m\n' >&2 ; \
+		echo 'FAIL;' ; \
+		exit 1 ; \
+	fi
 	printf '\033[1mcollecting asset catalog information...\033[m\n' >&2
 	echo 'DROP TABLE IF EXISTS assets;'
 	echo 'CREATE TABLE assets (id INTEGER REFERENCES files, name TEXT);'
@@ -154,15 +180,15 @@ $(DB_TARGETS)::
 	echo 'COMMIT TRANSACTION;'
 
 
-# MARK: - check targets for internals.txt
+# MARK: - check targets for internals.tsv
 
-check_files: internals.txt $(DB)
+check_files: internals.tsv $(DB)
 	printf '\033[1mchecking files...\033[m\n' >&2
 	grep -ow '~\?/[^,;]*' $< | sed -E 's/ \(.*\)$$//;s/^\/(etc|var)\//\/private&/' | \
 		sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM files WHERE path GLOB '&';|" | \
 		sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
 
-check_binaries: internals.txt $(DB)
+check_binaries: internals.tsv $(DB)
 	printf '\033[1mchecking command line tools...\033[m\n' >&2
 	grep -o 'command line tools\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
 		sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM files WHERE executable = true AND path GLOB '*/&';|" | \
@@ -176,13 +202,13 @@ check_binaries: internals.txt $(DB)
 		sed "s/'/''/g;s/.*/SELECT count(*), '&' FROM strings WHERE string GLOB '*&*';/" | \
 		sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
 
-check_manifests: internals.txt $(DB)
+check_manifests: internals.tsv $(DB)
 	printf '\033[1mchecking extension points...\033[m\n' >&2
 	grep -o 'extension points\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
-		sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM info, json_each(plist, '$$.NSExtension') WHERE key = 'NSExtensionPointIdentifier' AND value = '&';|" | \
+		sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM (SELECT value FROM info, json_each(plist, '$$.NSExtension') WHERE key = 'NSExtensionPointIdentifier' UNION SELECT value FROM info, json_each(plist, '$$.EXAppExtensionAttributes') WHERE key = 'EXExtensionPointIdentifier') WHERE value = '&';|" | \
 		sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
 
-check_services: internals.txt $(DB)
+check_services: internals.tsv $(DB)
 	printf '\033[1mchecking launchd services...\033[m\n' >&2
 	grep -o 'launchd services\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
 		sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM services, json_each(plist) WHERE key = 'Label' AND value = '&';|" | \

flake.lock

@@ -0,0 +1,93 @@
+{
+  "nodes": {
+    "acextract": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1556467432,
+        "narHash": "sha256-Yh437j5HLwh+s2qBKo3YruBHSJxqH142LuM/Unf+rV4=",
+        "owner": "bartoszj",
+        "repo": "acextract",
+        "rev": "df3b018d53cd4b684a5f6d63535dcc4156be1a97",
+        "type": "github"
+      },
+      "original": {
+        "owner": "bartoszj",
+        "repo": "acextract",
+        "type": "github"
+      }
+    },
+    "command-line": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1556260068,
+        "narHash": "sha256-3BvUfIbbSsv8AHeg+nEjGVNDbgSOf/P7l6EFo+DvE/I=",
+        "owner": "iHTCboy",
+        "repo": "CommandLine",
+        "rev": "b8209dc17ac1dd0f97ebfbd6a77a0633552626ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "iHTCboy",
+        "repo": "CommandLine",
+        "type": "github"
+      }
+    },
+    "dsc-extractor": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1702321461,
+        "narHash": "sha256-bV0MesIw0lVrhNuEkfexTFhQ73EynryQskvk8egecEs=",
+        "owner": "keith",
+        "repo": "dyld-shared-cache-extractor",
+        "rev": "c28b25abf09d9affa96fc1bdcaa6d7aef1f64032",
+        "type": "github"
+      },
+      "original": {
+        "owner": "keith",
+        "repo": "dyld-shared-cache-extractor",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1707205916,
+        "narHash": "sha256-fmRJilYGlB7VCt3XsdYxrA0u8e/K84O5xYucerUY0iM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8cc79aa39bbc6eaedaf286ae655b224c71e02907",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "acextract": "acextract",
+        "command-line": "command-line",
+        "dsc-extractor": "dsc-extractor",
+        "nixpkgs": "nixpkgs",
+        "snap-util": "snap-util"
+      }
+    },
+    "snap-util": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1647211082,
+        "narHash": "sha256-zQ/0Cpo6CCeKXafeERjBCQ2gv9396c7UZU+VmViQVIc=",
+        "owner": "ahl",
+        "repo": "apfs",
+        "rev": "2bcf604966949f618e6a6ce33ca8ae1721494e6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ahl",
+        "repo": "apfs",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -9,12 +9,8 @@
 			url = "github:iHTCboy/CommandLine";
 			flake = false;
 		};
-		dyld-shared-cache = {
-			url = "github:antons/dyld-shared-cache-big-sur";
-			flake = false;
-		};
-		snapshot-header = {
-			url = "https://opensource.apple.com/tarballs/xnu/xnu-6153.141.1.tar.gz";
+		dsc-extractor = {
+			url = "github:keith/dyld-shared-cache-extractor";
 			flake = false;
 		};
 		snap-util = {
@@ -22,78 +18,124 @@
 			flake = false;
 		};
 	};
-	outputs = { self, nixpkgs, acextract, command-line, dyld-shared-cache, snapshot-header, snap-util }: {
-		acextract =
-			with import nixpkgs { system = "x86_64-darwin"; };
-			let xcode12 = makeSetupHook {
-				deps = [ (xcodeenv.composeXcodeWrapper { version = "12.5"; }) ];
-			} "${xcbuildHook}/nix-support/setup-hook";
-			in stdenv.mkDerivation {
-				name = "acextract-${lib.substring 0 8 self.inputs.acextract.lastModifiedDate}";
-				src = acextract;
-				nativeBuildInputs = [ xcode12 ];
-				preBuild = "LD=$CC";
-				# FIXME: want to have submodule support for Nix flakes, workaround by explicit instantiation
-				postUnpack = "rmdir source/CommandLine ; ln -s ${command-line} source/CommandLine";
-				installPhase = ''
-					mkdir -p $out/bin
-					cp Products/Release/acextract $out/bin/
-				'';
-				dontStrip = true;
-			};
-		dyld-shared-cache =
-			with import nixpkgs { system = "x86_64-darwin"; };
-			stdenv.mkDerivation {
-				name = "dyld-shared-cache-util-${lib.substring 0 8 self.inputs.dyld-shared-cache.lastModifiedDate}";
-				src = dyld-shared-cache;
-				nativeBuildInputs = [ xcbuildHook ];
-				xcbuildFlags = [
-					"-scheme dyld_shared_cache_util"
-					"-configuration Release"
-					"GCC_PREPROCESSOR_DEFINITIONS=CC_DIGEST_DEPRECATION_WARNING=\\\"\\\""
-				];
-				installPhase = ''
-					mkdir -p $out/bin
-					cp Products/Release/{dsc_extractor.bundle,dyld_shared_cache_util} $out/bin/
-				'';
-			};
-		snap-util =
-			with import nixpkgs { system = "x86_64-darwin"; };
-			stdenv.mkDerivation {
-				name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
-				src = snap-util;
-				nativeBuildInputs = [ (xcodeenv.composeXcodeWrapper { version = "12.5"; }) ];
-				preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
-				installPhase = ''
-					mkdir -p $out/bin
-					cp snapUtil $out/bin/.snapUtil-wrapped
-					cat > $out/bin/snapUtil <<- EOF
-						#!/bin/sh
-						if csrutil status | grep -Fq disabled && sysctl kern.bootargs | grep -Fq amfi_get_out_of_my_way ; then
-							exec -a ./snapUtil $out/bin/.snapUtil-wrapped "\$@"
-						else
-							echo 'snapUtil requires SIP and AMFI to be disabled:'
-							echo '• boot recovery system'
-							echo '• run ‘csrutil disable’'
-							echo '• run ‘nvram boot-args=amfi_get_out_of_my_way=0x1’'
-							exit 1
-						fi
-					EOF
-					chmod a+x $out/bin/snapUtil
-				'';
-				postFixup = ''
-					cat > snapUtil.entitlements <<- EOF
-						<?xml version="1.0" encoding="UTF-8"?>
-						<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-						<plist version="1.0">
-						<dict>
-							<key>com.apple.developer.vfs.snapshot</key>
-							<true/>
-						</dict>
-						</plist>
-					EOF
-					codesign -s - --entitlement snapUtil.entitlements $out/bin/.snapUtil-wrapped
-				'';
-			};
+	outputs = { self, nixpkgs, acextract, command-line, dsc-extractor, snap-util }: {
+		packages.x86_64-darwin = let
+			xcode = (nixpkgs.legacyPackages.x86_64-darwin.xcodeenv.composeXcodeWrapper {
+				version = "15.2";
+			}).overrideAttrs (attrs: { __noChroot = true; });
+
+		in {
+
+			acextract =
+				with nixpkgs.legacyPackages.x86_64-darwin;
+				let xcodeHook = makeSetupHook {
+					name = "xcode-hook";
+					propagatedBuildInputs = [ xcode ];
+				} "${xcbuildHook}/nix-support/setup-hook";
+				in stdenv.mkDerivation {
+					name = "acextract-${lib.substring 0 8 self.inputs.acextract.lastModifiedDate}";
+					src = acextract;
+					nativeBuildInputs = [ xcodeHook ];
+					__noChroot = true;
+					preBuild = "LD=$CC";
+					# FIXME: want to have submodule support for Nix flakes, workaround by explicit instantiation
+					postUnpack = "rmdir source/CommandLine ; ln -s ${command-line} source/CommandLine";
+					# FIXME: fix for Swift compiler crash
+					patchPhase = ''
+						patch -p0 <<- EOF
+							--- acextract/CoreUI.h
+							+++ acextract/CoreUI.h
+							@@ -24,6 +24,7 @@
+							 //  SOFTWARE.
+
+							 @import Foundation;
+							+@import CoreGraphics;
+
+							 // Hierarchy:
+							 // - CUICatalog:
+							--- acextract/Operation.swift	2021-10-20 10:35:39.000000000 +0200
+							+++ acextract/Operation.swift	2021-10-20 10:35:46.000000000 +0200
+							@@ -24,6 +24,7 @@
+							 //  SOFTWARE.
+
+							 import Foundation
+							+import ImageIO
+
+							 // MARK: - Protocols
+							 protocol Operation {
+							@@ -152,7 +153,7 @@
+							             throw ExtractOperationError.cannotCreatePDFDocument
+							         }
+							         // Create the pdf context
+							-        let cgPage = CGPDFDocument.page(cgPDFDocument) as! CGPDFPage // swiftlint:disable:this force_cast
+							+        let cgPage = cgPDFDocument.page(at: 0)!
+							         var cgPageRect = cgPage.getBoxRect(.mediaBox)
+							         let mutableData = NSMutableData()
+							 
+						EOF
+					'';
+					installPhase = ''
+						mkdir -p $out/bin
+						cp Products/Release/acextract $out/bin/
+					'';
+					dontStrip = true;
+				};
+
+			dsc-extractor =
+				with nixpkgs.legacyPackages.x86_64-darwin;
+				stdenv.mkDerivation {
+					name = "dsc-extractor-${lib.substring 0 8 self.inputs.dsc-extractor.lastModifiedDate}";
+					src = dsc-extractor;
+					nativeBuildInputs = [ cmake ];
+				};
+
+			snap-util =
+				with nixpkgs.legacyPackages.x86_64-darwin;
+				let snapshot-header = fetchFromGitHub {
+					owner = "apple";
+					repo = "darwin-xnu";
+					rev = "xnu-6153.141.1";
+					hash = "sha256-/2aR6n5CbUobwbxkrGqBOAhCZLwDdIsoIOcpALhAUF8=";
+				};
+				in stdenv.mkDerivation {
+					name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
+					src = snap-util;
+					nativeBuildInputs = [ xcode ];
+					preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
+					installPhase = ''
+						mkdir -p $out/bin
+						cp snapUtil $out/bin/.snapUtil-wrapped
+						cat > $out/bin/snapUtil <<- EOF
+							#!/bin/sh
+							if csrutil status | grep -Fq disabled && sysctl kern.bootargs | grep -Fq amfi_get_out_of_my_way ; then
+								exec -a ./snapUtil $out/bin/.snapUtil-wrapped "\$@"
+							else
+								echo 'snapUtil requires SIP and AMFI to be disabled:'
+								echo '• boot recovery system'
+								echo '• run ‘csrutil disable’'
+								echo '• run ‘nvram boot-args=amfi_get_out_of_my_way=0x1’'
+								exit 1
+							fi
+						EOF
+						chmod a+x $out/bin/snapUtil
+					'';
+					__noChroot = true;
+					postFixup = ''
+						cat > snapUtil.entitlements <<- EOF
+							<?xml version="1.0" encoding="UTF-8"?>
+							<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+							<plist version="1.0">
+							<dict>
+								<key>com.apple.developer.vfs.snapshot</key>
+								<true/>
+								<key>com.apple.private.apfs.revert-to-snapshot</key>
+								<true/>
+							</dict>
+							</plist>
+						EOF
+						codesign -s - --entitlement snapUtil.entitlements $out/bin/.snapUtil-wrapped
+					'';
+				};
+		};
 	};
 }

index.html

@@ -12,7 +12,7 @@ class Converter {
 	generate() {
 		const dl = document.createElement("dl");
 		dl.setAttribute("class", "row");
-		for (const rowText of this.text.split("\n"))
+		for (const rowText of this.text.split("\n").slice(1))
 			if (rowText.length && rowText.toLowerCase().includes(this.filter.toLowerCase()))
 				dl.append.apply(dl, this.generateRow(rowText));
 		return dl;
@@ -54,7 +54,7 @@ class Converter {
 
 document.addEventListener("DOMContentLoaded", event => {
 	// load main content
-	fetch("internals.txt").then(function(response) {
+	fetch("internals.tsv").then(function(response) {
 		if (!response.ok) return "";
 		return response.text();
 	}).then(function(text) {

internals.tsv

@@ -1,27 +1,32 @@
+Term	Description
 1TR	One True Recovery; booting into macOS recovery on Apple Silicon by holding the power button to verify physical presence; enables interaction with SEP to change Boot Policy
 AA	Apple account
+AA	Apple Archive, see also Apple Encrypted Archive; command line tools: aa, aea, compression_tool
 AAC	Automatic Assessment Configuration; AutomaticAssessmentConfiguration.framework; puts device in a locked mode for exam-style test applications
 AAT	Apple Advanced Typography; font format and rendering engine
 Accounts	launchd service: com.apple.accountsd; /System/Library/Accounts
-ACDE	Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system? server: appleconnect.apple.com
+ACDE	Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system?
 ACFS	Apple Clustered File System; deprecated file system for Xsan; acfs.framework
-Acoustic ID	Siri feature to recognize songs
-Action	extension type for quick interaction with foreign content within a host app; extension points: com.apple.services, com.apple.ui-services
+Acoustic ID	song recognition and matching with Apple catalog, playback on HomePod; /System/Library/Components/AudioDSP.component
 Activation	cryptographic check-in with iCloud to lock devices reported by the user as lost; verified by iBoot; MobileActivationMacOS.framework; launchd service: com.apple.mobileactivationd; servers: humb.apple.com, albert.apple.com
 Activity	jobs, coarse-grained work units of applications; tracked by the system across XPC, bears a QoS class for scheduling; low-level mechanism not to be confused with User Activity
 AE	Apple Events; messaging system to invoke application functionality; CoreServices.framework/AE.framework; launchd services: com.apple.coreservices.appleevents, com.apple.AEServer (AE over network)
+Aegir	astronomy watch face and lock screen; /System/Library/CoreServices/AegirProxyApp.app
 AGC	Apple Graphics Control, management of multiple displays and display port connections; launchd service: com.apple.displaypolicyd
+AHAP	Apple Haptic Audio Pattern; file format for simultaneous audio and haptic data; CoreHaptics.framework
 AIR	Apple Intermediate Representation; synthetic bytecode architecture target for GPU binary toolchain
-ALF	Application-Level Firewall, launchd service: com.apple.alf (socketfilterfw)
+ALF	Application-Layer Firewall, launchd service: com.apple.alf (socketfilterfw)
 Alloy	substrate for communication between user devices over Bluetooth and devices to iCloud, implemented over IDS; /System/Library/IdentityServices/ServiceDefinitions; launchd service: com.apple.identityservicesd
 ALS	Ambient Light Sensor, AmbientDisplay.framework
 Amber	Swift UI; SwiftUI.framework
-AMFI	Apple Mobile File Integrity, checks code integrity based on code signature, stronger enforcement with hardened runtime, validates entitlement restrictions; launchd service: com.apple.MobileFileIntegrity (amfid, invoked by kernel through host special port 18); disabled by setting amfi_get_out_of_my_way=0x1 in boot-args
+AMFI	Apple Mobile File Integrity, checks code integrity based on code signature, stronger enforcement with hardened runtime, validates entitlement restrictions and environment constraints (launch constraints, library constraints); launchd service: com.apple.MobileFileIntegrity (amfid, invoked by kernel through host special port 18); disabled by setting amfi_get_out_of_my_way=0x1 in boot-args
 AMP	Apple Media Protocol? former parts of iTunes for iPod and iOS device access in Finder, Home Sharing; AMPDevices.framework, AMPSharing.framework; launchd services: com.apple.AMPDeviceDiscoveryAgent, com.apple.AMPDevicesAgent, com.apple.amp.mediasharingd
 AMP	Asynchronous Multiprocessing; performance and power-efficiency cores on Apple Silicon
 AMS	Apple Media Services; formerly the iTunes stores and media services: App Stores, Apple Music, Apple TV, iCloud media library, Apple Podcasts, Podcast sync, Books Store, Books sync; AppleMediaServices.framework; server: phobos.apple.com
 AMX	Apple Matrix Extension; ARM instruction set extension for matrix operations
+ANE	Apple Neural Engine, hardware accelerator for neural network operations; ANECompiler.framework, ANEServices.framework; launchd service: com.apple.aned
 Anisette	two-factor authentication creates security codes on trusted devices using TOTP, probably using Circle keys, checked by HSA; AuthKit.framework; launchd service: com.apple.akd
+AOP	Always On Processor, part of Apple SoCs, runs RTKit as operating system
 AOS	Apple Online Services? historical name for iCloud
 Apache	built-in web server; command line tool: apachectl
 APFS	Apple File System; copy-on-write file system with support for volume space-sharing, per-file encryption, and snapshots
@@ -29,24 +34,27 @@ APNS	Apple Push Notification service, server infrastructure for remote push noti
 App Nap	quiescence detection for applications and corresponding self-demotion in scheduler parameters, implemented within application frameworks and RunningBoard, listens for occlusion notifications from WindowServer
 App Sandbox	Seatbelt-based sandbox for apps; /System/Library/Sandbox/Profiles/application.sb; enabled with com.apple.security.app-sandbox entitlement; launchd service: com.apple.secinitd
 AppleCare	extended warranty; NewDeviceOutreach.framework; launchd service: com.apple.ndoagent
-APT	Adaptive Picture Timing? ProMotion; dynamic screen updates with 120Hz base frequency
+APT	Adaptive Picture Timing? ProMotion; dynamic screen updates with 120Hz base frequency; AppleDisplayTCONControl.framework
+Ask To	parental-controlled user can ask parent for exceptions; launchd service: com.apple.asktod; AskToCore.framework
 ASL	Apple System Logger, superseded by Unified Logging; /etc/asl; stored in /var/log/asl; launchd service: com.apple.syslogd; command line tool: syslog
 ASR	Apple Software Restore; restore entire volumes from sources like disk images (HDI, SIU), also restores based on APFS snapshots and snapshot deltas; command line tool: asr
 Assertions	power state management allowing applications to prevent sleeping; launchd service: com.apple.powerd; command line tools: caffeinate, pmset
 Assessment	checking of System Policy; term also used for AAC
 Asset Cache	discretionary caching server for Mobile Assets, Packages, iOS updates, App Store content, ODR, MMCS data; launchd services: com.apple.AssetCache.builtin, com.apple.AssetCacheLocatorService, com.apple.AssetCacheManagerService, com.apple.AssetCacheTetheratorService; command line tools: AssetCacheLocatorUtil, AssetCacheManagerUtil, AssetCacheTetheratorUtil
-Assistant	Siri; dictation and semantic understanding, Intent is communicated to and enacted on the client, uses TTS; /System/Library/Assistant, AssistantServices.framework; server: *.siri.apple.com
+Assistant	Siri; dictation and semantic understanding, Intent is communicated to and enacted on the client, uses TTS for output, Snippets to embed mini UIs into responses; /System/Library/Assistant, /System/Library/Snippets, AssistantServices.framework; server: *.siri.apple.com
 ATS	App Transport Security, sandbox mechanism only allowing TLS-secured connections
 ATSUI	Apple Type Services for Unicode Imaging; rendering engine superseded by CoreText.framework, font management; ApplicationServices.framework/ATS.framework; launchd service: com.apple.xtyped (fontd); command line tools: atsutil
 ATT	App Tracking Transparency; apps declare user tracking on app store
-Attestation	cryptographic proof of connection to genuine remote SEP; used for web authentication; online service signs a GID-based challenge response? used to pair RemoteXPC channel? stripped down variant used to securely identify Touch ID keyboards
+Attestation	cryptographic proof of a genuine SEP; used for web authentication and app attestation; DeviceCheck.framework; SEP responds to challenge using hardware-key (GID, PKA), online service verifies; used to pair Touch ID keyboards, used to pair RemoteXPC channel?
 Authorization	discretionary access control policies for high-level services; similar to PAM; policy stored in /var/db/auth.db
-Avatar	Memoji; AvatarKit.framework
+Avatar	Memoji and Animoji, including pre-rendered iMessage stickers; AvatarKit.framework
 AVB	Audio Video Bridging, low-latency audio over Ethernet; launchd service: com.apple.avbdeviced; command line tool: avbdiagnose, avbutil
 AWD	Apple Wireless Diagnostics, sends system telemetry to Apple; CoreAnalytics.framework, WirelessDiagnostics.framework; launchd services: com.apple.awdd, com.apple.analyticsd
 AWDL	Apple Wireless Direct Link; secondary WiFi interface that runs in parallel to an active WiFi access point connection, similar to WiFi Direct (p2p interface), uses a randomized MAC, used for peer-to-peer networking: AirDrop, AirPlay; DeviceToDeviceManager.framework
-Bento Box	UI with aggregated Control Center widgets
+Background Assets	assets that an app extension loads without the app being launched; BackgroundAssets.framework; extension point: com.apple.background-asset-downloader-extension; launchd service: com.apple.backgroundassets.user
 Bezel	on-screen overlays for hardware volume buttons, screen brightness, Bluetooth HID, and others; /Library/Application Support/Apple/BezelServices, launchd services: com.apple.loginwindow, com.apple.OSDUIHelper
+Bifrost	emergency satellite connectivity; /System/Library/LocationBundles/Bifrost.bundle
+Biome	CloudKit-synced real-time streaming and processing for donated and invoked Intents; BiomeStreams.framework, BiomeSync.framework; local processing in Poirot database (?): PoirotSQLite.framework, PoirotUDFs.framework; launchd services: com.apple.BiomeAgent, com.apple.biomesyncd
 Blast Door	sandboxed sanitization process for untrusted  iMessage input; BlastDoor.framework
 BOM	Bill of Materials; format to store contents of installer Packages; command line tool: lsbom
 Bonjour	mDNS; launchd service: com.apple.mDNSResponder.reloaded; command line tool: dns-sd
@@ -54,50 +62,65 @@ Boot Cache	disk cache pre-heating at boot time with typically loaded application
 Boot Policy	decides by signature check which OSes can be booted, boot-time equivalent for System Policy; LocalPolicy stores user settings, configurable from 1TR, stored by SEP, enforced by iBoot; command line tools: bputil, kmutil (to enroll custom kernels)
 BPR	Boot Progress Register; set-only flags to track boot mode (normal, DFU, recovery), part of Keybag class key derivation within SEP, so passcode-protected keys are inaccessible in DFU and recovery
 Bridge	T2 ARM CPU in Intel Macs to drive Touch Bar and Boot Policy; runs bridgeOS, a derivative of watchOS; boots the platform and the Intel CPU, communication from macOS uses RemoteXPC; launchd service: com.apple.multiversed; /System/Library/MultiversePlugins
+Brook	hand washing encouragement on watch; BrookServices.framework
 Bulletin Board	application push notification management, aggregates local and remote push notifications; BulletinBoard.framework
 Cache Delete	cleanup for various caches; /System/Library/CacheDelete; launchd service: com.apple.cache_delete (deleted)
 CAML	Core Animation Markup Language; XML file format for layers, shapes and animations
 Carousel	derivative of SpringBoard for Watch home screen, watch face, and notification center
+CDM	Continuous Dialog Manager; dialog with Siri; ContinuousDialogManagerService.framework, Marrs.framework; 
+CEC	Consumer Electronics Control; remote control for HDMI-connected devices; CoreRC.framework, IOCEC.framework
 Celestial	media streaming used by ReplayKit for game broadcasts; Celestial.framework
-Certificates	validity checked using OCSP stapling, locally installed CRLs, and transparency logs; /System/Library/Security/Certificates.bundle; /var/db/crls; launchd services: com.apple.trustd, com.apple.trustd.agent, com.apple.ocspd; command line tool: crlrefresh
-Circle	cryptographic primitive to exchange public keys of all trusted devices of one user, signed by all Circle peers; iCloud identity keypair as an additional Circle peer, triggers countersigning from all trusted devices, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle; used by CKKS; KeychainCircle.framework; command line tools: tpctl, otctl (Octagon trust is newer?)
-CKKS	CloudKit Key Sync, end-to-end secure syncing for credentials, seeded by Circle, transferred items stored ephemerally using OTR protocol; currently includes ApplePay, AutoUnlock, CreditCards, DevicePairing, Engram, Health, Home, Manatee, SOS, WiFi and other keys; launchd service: com.apple.secd; command line tool: ckksctl
-Classroom	launchd service: com.apple.studentd
-Cloud Pairing	part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.cloudpaird
+Certificates	validity checked using CRLs, OCSP stapling, and transparency logs; /System/Library/Security/Certificates.bundle; launchd services: com.apple.trustd, com.apple.trustd.agent, com.apple.ocspd; command line tool: crlrefresh
+Chamois	Stage Manager
+CHIP	Connected Home over IP; Matter; integrated into HomeKit; HomeKitMatter.framework
+Circle	cryptographic primitive to exchange public keys of trusted devices of a user, signed by Circle peers; iCloud identity added as additional Circle peer, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle; per-device Circles stored in CKKS for two-factor accounts (Octagon); KeychainCircle.framework; command line tools: otctl (Octagon)
+CKKS	CloudKit Key Sync, end-to-end secure syncing for credentials, seeded by Circle; currently includes ApplePay, AutoUnlock, CreditCards, DevicePairing, Engram, Health, Home, Manatee, SOS, WiFi and other keys; launchd service: com.apple.secd; command line tool: ckksctl
+Clarity	customizable accessibility mode for simplified UI; ClarityFoundation.framework
+Classroom	school teachers can create assignments for student iPads and track progress in Schoolwork app; ClassKit.framework; launchd service: com.apple.studentd
+Cloud Pairing	part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.BTServer.cloudpairing (cloudpaird)
 CMAS	Commerial Mobile Alert System, now known as Wireless Emergency Alerts (WEA)
 Commpage	user-mapped kernel data, like vdso/vsyscall on Linux; mapped at 0x7fffffe00000
 Communications Filter	recipient blocking for iMessage, FaceTime, Mail; launchd service: com.apple.cmfsyncagent
 Companion	iPhone that is paired with Watch; communication uses Alloy over IPsec over Bluetooth
+Contact Key Verification	code for manual verification of iMessage keys; code identifies a long-lived account key stored in iCloud Keychain, which signs all ESS device keys
 Continuity	umbrella term for Handoff, Sidecar, SMS relay, Universal Clipboard, Watch unlock, WiFi call relay and others; SMS relay works by proxying to iMessage, other services use Alloy
+Control Center	icons in menu/status bar and Bento Box controls UI, gradually replaces SystemUIServer on macOS; handles incoming AirPlay content; launchd services: com.apple.controlcenter, com.apple.SystemUIServer.agent
 CPML	CorePrediction Machine Learning; CPMLBestShim.framework
 CRD	Conference Room Display; Apple TV mode
+Cryptex	Cryptographically sealed Extension of SSV, mount-invisible extension of the root volume, allows lightweight updates as part of Rapid Security Response; /System/Cryptexes (mountpoint), /System/Volumes/Preboot/*/cryptex1/current/*.dmg (disk images)
+CSR	Configurable Security Restrictions; XNU subsystem that is the basis for SIP
 CTK	Crypto Token Kit; smart card management, also for the Secure Element on iOS? launchd service: com.apple.ctkd; command line tool: sc_auth
 CTS	Centralized Task Scheduling; execution of DAS tasks; /System/Library/UserEventPlugins/com.apple.cts.plugin
 CVMS	Core VM Server/Service? compilation of GPU shaders; launchd service: com.apple.cvmsServ
 DAAP	Digital Audio Access Protocol; used by Home Sharing (with Rapport token) and by the Remote app to control Apple TV (with pairing token); payload unencrypted; DAAPKit.framework; Bonjour services: _atc._tcp, _home-sharing._tcp, _mediaremotetv._tcp, _touch-able._tcp
 Daily Briefing	Siri giving an overview of information for the day; SiriDailyBriefingInternal.framework
-DART	DMA Address Relocation Table; IOMMU implementation in Apple silicon, positioned in front of peripheral devices, offers sub-page protection; SART: streaming variant for high-throughput devices (like NVMe)
+DART	DMA Address Relocation Table; IOMMU implementation in Apple silicon, positioned in front of every DMA-capable co-processor and peripheral, offers sub-page protection; SART: streaming variant for high-throughput devices (like NVMe)
 DAS	Duet Activity Scheduler; scheduling policy engine behind NSBackgroundActivityScheduler and XPC activities; /System/Library/DuetActivityScheduler; launchd service: com.apple.dasd
 Data Detectors	text analysis to highlight phone numbers, street addresses, and the like; DataDetectors.framework
 Data Vault	directories with the UF_DATAVAULT special flag; CSR limits access to one application
 DAV	Distributed Authoring and Versioning; network protocol on top of HTTP for syncing calendars (CalDAV), contacts (CardDAV), and formerly also bookmarks (BookmarkDAV)
-DCIM	Digital Camera Images; DCIMServices.framework
+DCP	Display Co-Processor
+DDE	Device Discovery Extension; detects devices on local network without app access to local network; DeviceDiscoveryExtension.framework, DeviceDiscoveryUICore.framework; extension point: com.apple.discovery-extension
 DEP	Device Enrollment Program; devices check in with Apple during Setup Assistant to query for their enrollment status, retrieve MDM server URL to fetch initial configuration profile
+Developer Mode	enables launching of self-compiled apps in iOS, rough equivalent to System Policy; command line tool: devmodectl
 DFR	Dynamic Function Row?, TouchBar; /System/Library/CoreServices/ControlStrip.app; DFRFoundation.framework
 DFU	Device Firmware Update; special boot mode where iOS has not booted and the system can be installed over the Lightning connection
 Differential Privacy	crowdsourcing without user tracking; privacy budget for management of anonymity set; used for keyboard words, emoji, Spotlight searches, Parsec deep links, HealthKit usage, Safari telemetry; /System/Library/DifferentialPrivacy; stored in /var/db/DifferentialPrivacy; launchd service: com.apple.dprivacyd
+Digital Separation	safety check feature to inhibit sharing relationships; DigitalSeparation.framework
+DMC	Device Management Client; part of MDM; DMCUtilities.framework
+DMC	Disk Mount Conditioner; simulates slow IO devices; command line tool: dmc
 DND	Do Not Disturb
-Domain Association	signed files in .well-known directory on websites; equivalent to Entitlements for websites
 DSID	Destination Signaling Identifier, unique ID for IDS login on a specific device
 DTrace	system-wide tracing infrastructure, command line tools: dtrace, *.d, dappprof, dapptrace, dtruss, errinfo, execsnoop, fddist, fs_usage, imptrace, iopattern, iopending, iosnoop, iotop, lastwords, latency, opensnoop, plockstat, rwsnoop, sampleproc, sc_usage, topsyscall, topsysproc
-Duet	telemetry collection engine for system and user events, forecasting by machine learning, backend for DAS, Proactive, Relevance, Screen Time, thermal and battery management; /System/Library/DuetKnowledgeBase; CoreDuet.framework, CoreKnowledge.framework, CorePrediction.framework; launchd services: com.apple.coreduetd, com.apple.knowledge-agent
-Dyld Shared Cache	dynamic linker cache, stores all system libraries in prelinked form, original library files are removed; /System/Library/dyld; command line tool: update_dyld_shared_cache
+Duet	telemetry collection engine for system and user events, forecasting by machine learning, backend for DAS, Proactive, Relevance, Screen Time, thermal and battery management; /System/Library/DuetKnowledgeBase; CoreDuet.framework, CoreKnowledge.framework, CorePrediction.framework, CascadeEngine.framework (link to Biome); launchd services: com.apple.coreduetd, com.apple.knowledge-agent, com.apple.ospredictiond
+Dyld Shared Cache	dynamic linker cache, stores all system libraries in prelinked form, original library files are removed; /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld; command line tools: dyld_info, dyld_usage, update_dyld_shared_cache
 EAS	Exchange Active Sync; network protocol for accessing Microsoft Exchange servers
-Energy Impact	unitless metric for per-application energy consumption, machine-specific coefficients; /usr/share/pmenergy, /usr/share/kpep; launchd services: com.apple.sysmond, com.apple.thermald; command line tool: powermetrics
+EDR	Extended Dynamic Range; rendering with transfer function extending beyond sRGB white; implemented natively on XDR displays and by backlight modulation on others; HDRProcessing.framework
+Energy Impact	unitless metric for per-application energy consumption, machine-specific coefficients; /usr/share/pmenergy, launchd services: com.apple.sysmond, com.apple.thermald; command line tool: powermetrics
 Engram	Messages in iCloud; devices store received iMessages in CloudKit; Engram.framework
 Entitlements	capability-like attributes bound to executables by code signing; some entitlements like App Sandbox restrict ambient authority, some gradually relieve those restrictions (using Seatbelt), some services or system calls grant privilege based on caller entitlements
 ESS	IDS user directory, public key distribution for iMessage and CloudKit sharing, uses Transparency; server: *.ess.apple.com; launchd service: com.apple.identityservicesd
-Event Monitor	simple rules engine for running commands on various systen events; apparently not used by default; /etc/emond.d, /var/db/emondClients; launchd service: com.apple.emond
+Eye Relief	screen distance warning for handheld devices; /Applications/EyeReliefUI.app
 FaceTime	video calls, employs the ICE (establishing peer-to-peer connection), STUN (session credential exchange) and SRTP (encrypted media streaming) protocols; FTServices.framework; launchd services: com.apple.videoconference.camera (avconferenced)
 FairPlay	DRM system used by app and media stores; CoreADI.framework, CoreFP.framework, CoreLSKD.framework; launchd services: com.apple.adid, com.apple.fairplayd (invoked by kernel through host special port 17), com.apple.lskdd; credentials stored in /var/db/fpsd
 Family Circle	Family Sharing; launchd services: com.apple.familycircled, com.apple.askpermissiond
@@ -105,44 +128,51 @@ FDE	Full Disk Encryption, FileVault; command line tool: fdesetup, sysadminctl
 FDR	Factory Data/Device Reset? ensures that no downgrades are performed? servers: skl.apple.com, gg.apple.com; /System/Library/FDR
 Feldspar	Apple News; Silex.framework
 FiDES	Fi? Distributed Evaluation Service? aggregates Differential Privacy data for unlinkability? maybe private federated learning? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework; server: fides-pol.apple.com
-Find My …	location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; launchd service: com.apple.icloud.fmfd (find my friends)
+File Provider	infrastructure and extension system for syncing with cloud providers; placeholder files based on SF_DATALESS attribute in APFS; FileProvider.framework; locally stored in ~/Library/CloudStorage; command line tool: fileproviderctl
+Find My	location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; FMCore.framework, FMF.framework; launchd service: com.apple.icloud.fmfd (find my friends)
 Firmlink	bi-directional non-symbolic link between the read-only system volume and the data volume, additional symlinks and mountpoints in the root directory are virtually allocated; /usr/share/firmlinks, /etc/synthetic.conf
+Focus	restriction modes for notification presentation; focus filters for in-app display restrictions, communicated by Intents; Focus.framework, DoNotDisturb.framework; local settings in ~/Library/DoNotDisturb
 FollowUp	user interaction for Secure Backup wrapping with device passcode, CoreFollowUp.framework; launchd service: com.apple.followupd
-FoundationDB	fundamental iCloud storage database, marketed as CloudKit, separated into containers; records, blobs, and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit
-FPR	Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages per thread; used for JIT protection and by AMFI to freeze user code after checking
-FUD	Firmware Update Daemon; /var/db/fud; launchd service: com.apple.MobileAccessoryUpdater
+FoundationDB	fundamental iCloud storage database, marketed as CloudKit, separated into containers; records, blobs, and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users by GroupKit; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit; command line tool: cktool
+FPR	Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages (the CTRR region) per thread; used for JIT protection and by AMFI to freeze user code after checking
+FSKit	user space file system support; kernel stub file system is /System/Library/Extensions/lifs.kext; file systems are in /System/Library/ExtensionKit/Extensions/com.apple.fskit.*; launchd service: com.apple.filesystems.fskitd; extension point: com.apple.fskit.fsmodule
+FUD	Firmware Update Daemon; /var/db/fud; launchd service: com.apple.accessoryupdaterd
+Game Mode	auto-activates when games are shown full screen, throttles background work, lowers audio and input latency; launchd service: com.apple.gamepolicyd
 GID	group ID key, shared across all devices of the same SoC generation, derived keys are used to prove device type over the network, only accessible by SEP
 Gizmo	Apple Watch; watch settings managed by Companion; /Applications/Bridge.app, /System/Library/BridgeManifests
+Group Activities	SharePlay; sharing of media content and programmatic state over FaceTime calls; GroupActivities.framework, CopresenceCore.framework; launchd service: com.apple.telephonyutilities.callservicesd
+GroupKit	groups of IDS users with shared CloudKit (PCS) access; GroupKit.framework
 GSS	Generic Security Service; part of Kerberos; GSS.framework; launchd service: com.apple.gssd (invoked by kernel through host special port 19); command line tool: gsstool
 GXF	Guarded Execution Feature/Fault, additional exception levels on Apple Silicon, lateral to the usual exception levels; page tables remain the same, but interpretation of permission bits changes by way of FPR, genter and gexit instructions; implements lightweight intra-address-space protection contexts
 HAP	Home Automation Protocol; CoreHAP.framework
 HDA	High Definition Audio; HDAInterface.framework
 HDI	Hard Disk Image; command line tool: hdiutil
-HDR	High Dynamic Range; video with wide-range transfer function; HDRProcessing.framework
 HeadBoard	derivative of SpringBoard for tvOS home screen; /Applications/HeadBoard.app, /Applications/PineBoard.app
 HLS	HTTP Live Streaming
 HSA	Hardware Security Architecture; version 1 used for two-step verification, SOS with iCSC; version 2 for two-factor authentication, CKKS and Secure Backup with iCDP
-HSM	Hardware Security Module; HSM fleet runs escrow service for Secure Backup; public keys for authenticating the HSM services in /System/Library/Security/Certificates.bundle/Contents/Resources/AppleESCertificates.plist
-Hyperion	iCloud Photos, uses CloudKit; launchd service: com.apple.cloudphotod; command line tool: cpldiagnose
+HSM	Hardware Security Module; HSM fleet runs escrow service for Secure Backup
+Hyperion	iCloud Photos, uses CloudKit; launchd service: com.apple.cloudphotod
 IAP	iPod Accessory Protocol; IAP.framework
 iBoot	boot loader stage after boot ROM or UEFI (macOS on Intel); intermediate Low-Level Bootloader (LLB); DFU mode is implemented here; /System/Library/CoreServices/boot.efi
 iCDP	iCloud Data Protection, codename for a set of enhancements to iCloud privacy: device passcodes used as iCSC for Secure Backup, root keys for CKKS-enabled services only synced between devices and not stored at Apple; launchd service: com.apple.cdpd
 iCloud	umbrella term for a conglomerate of services, consists of FoundationDB containers with PCS views for key management, supported by CKKS; uses IDS and APNS; some services under the iCloud name are actually served by AMS, IMAP, or DAV
 iCSC	iCloud Security Code, credential wrapping for Secure Backup, previously used a separate code, with HSA2/iCDP uses device passcodes
 IDAM	Inter-Device Audio and MIDI; audio connection between devices
-IDS	Identity Service, also IDMS, Apple ID identity management for all of Apple’s online services; APNS topics for signaling and messaging, see also Alloy, ESS, FaceTime, iMessage; authentication to services with Kerberos
+IDS	Identity Directory Service, also IDMS, Apple ID identity management for all of Apple’s online services; APNS topics for signaling and messaging, see also Alloy, ESS, FaceTime, iMessage; authentication to services with Kerberos
+IDV	Identity Verification? Touch ID and Face ID; /System/Library/AccessibilityBundles/CoreIDVUI.axbundle
 IM	Instant Messaging; usually means iMessage and FaceTime
 IMG4	boot files (Mach-O binaries or configuration data) with ASN.1 signature, contains RemotePolicy certificate constraints to restrict Boot Policy evaluation
-Intent	use-case-driven interaction with 3rd-party apps from a host app; used for Siri, Maps, Widgets (configuration); extension points: com.apple.intents-service, com.apple.intents-ui-service
+Intent	use-case-driven interaction with 3rd-party apps from a host app; used for Siri, Maps, Shortcuts, Widgets (configuration); definition file or programmatically using AppIntents.framework; command line tool: appintentsmetadataprocessor (Xcode extracts Intent definition at compile time); extension points: com.apple.intents-service, com.apple.intents-ui-service
 IOKit	device driver subsystem for in-kernel and DriverKit drivers, command line tool: ioreg
-Ironwood	dictation, customized on server with selected user data (contacts, app names, music titles, HomeKit names, Siri Shortcut phrases), not tied to Apple ID; server: guzzoni.apple.com
+Ironwood	dictation, customized on server with selected user data (contacts, app names, music titles, HomeKit names, Siri Shortcut phrases), not tied to Apple ID; SpeechRecognitionCore.framework, ASRBridge.framework; server: guzzoni.apple.com
 ISP	Image Signal Processor; camera imaging circuit in iPhones
 ITML	iTunes Markup Language; metdata tagging for media services; ITMLKit.framework
 ITP	Intelligent Tracking Prevention, cross-site tracking defenses in Safari, statistics and user interaction classify sites, cookies are partitioned and access is restricted
 JARVIS	Just A Rather Very Intelligent Scheduler, Mesos cluster manager for Siri, iCloud, AMS
-Jellyfish	Animoji
+Jellyfish	Animoji; /Applications/Jellyfish.app
 Jetsam	reclaiming of purgeable memory and termination of apps during memory pressure
 JSC	JavaScript Core; JavaScriptCore.framework; command line tool: jsc
+Kalamata	codename for the transition from x86 to ARM-based Apple Silicon
 Kerberos	single-sign-on mechanism; Heimdal.framework; command line tools: kinit, ktutil
 Kext	kernel extension mechanism, loaded at boot time as part of a Kext Collection; /Library/Extensions, /Library/StagedExtensions (for user approval), /System/Library/Extensions; command line tool: kextutil (manages deprecated runtime loading)
 Kext Collection	prelinked sets of kernel extensions; /System/Library/KernelCollections (for boot and system kexts), /Library/KernelCollections (for auxiliary third-party kexts); the latter is only loaded at a lower-security Boot Policy; launchd service: com.apple.kernelmanagerd (invoked by kernel through host special port 15); command line tool: kmutil
@@ -150,14 +180,16 @@ Keybag	storage of protection class keys for Keychain and filesystem, protected b
 Keychain	storage for credentials; launchd service: com.apple.securityd; command line tools: certtool, security, systemkeychain
 KIP	Kernel Integrity Protection, locking of physical memory pages to prevent changes to kernel
 Launch Services	management for application launches, association of UTIs to apps, uses Spotlight to update cached info; launchd services: com.apple.coreservices.launchservicesd, com.apple.lsd; CoreServices.framework/LaunchServices.framework; command line tools: lsappinfo, lsregister
+Live Files	user mode filesystems, currently FAT, ExFAT, NTFS on external storage; UserFS.framework, UVFSXPCService.framework; launchd service: com.apple.filesystems.userfsd
 Liverpool	PCS codename for CloudKit
 LKDC	Local Key Distribution Center, Kerberos on client machines
 LSM	Latent Semantic Mapping, text analysis, used for spam filtering, command line tool: lsm
 Mac Buddy	historic name for Setup Assistant
 MAC Policy	Mandatory Access Control subsystem in XNU, based on TrustedBSD, implements policy hooks for restricted kernel operations; current policies: AMFI, Seatbelt, Quarantine, CSR
-Machine Learning	Vision.framework, Espresso.framework, Futhark.framework, PhotoAnalysis.framework
+Machine Learning	Vision.framework, Espresso.framework, Futhark.framework, PhotoAnalysis.framework; used for Live Text and Visual Lookup; launchd service: com.apple.mediaanalysisd
 Madrid	iMessage; /System/Library/Messages
 Manatee	PCS key for some CloudKit containers are synced via CKKS, so data is unreadable to Apple (credential management codenames: Plesio, Stingray, Cuttlefish)
+Mandrake	emergency siren on Apple Watch Ultra; /Applications/Mandrake.app
 Mangrove	transfering UI tiles over XPC; Mangrove.framework, IOSurface.framework
 Marco	Marco.framework, something about IDS and communication (iMessage, Calls), logging?
 Marklar	codename from the PowerPC era for the port to x86, served the transition to Intel CPUs
@@ -168,121 +200,153 @@ MDS	Module Directory Services, ancient part of the old security APIs (CSDA, CSSM
 Memory Debugging	uses Taskport; command line tools: heap, leaks, malloc_history, stringdups, vmmap
 Mesa	Touch ID; /Library/Catacomb; /var/db/bkad.db
 Metadata	Spotlight; file indexing on macOS; CoreServices.framework/Metadata.framework, CoreServices.framework/SearchKit.framework; stored in .Spotlight-V100; launchd service: com.apple.metadata.mds; command line tools: mddiagnose, mdfind, mdimport, mdls, mdutil; in addition to auto-indexing, apps can explicitly register searchable items; CoreSpotlight.framework; launchd service: com.apple.corespotlightd
+MLHost	background machine learning service; launchd service: com.apple.mlhostd; /System/Library/MLHost; DeepThought.framework, LighthouseBackground.framework, LighthouseBitacoraFramework.framework, 
 MMCS	MobileMe Chunk Storage, used by iCloud, splits blobs into chunks and stores them at Apple/AWS/GCP with convergent encryption (content hash as key); MMCS.framework
 Mobile	prefix for iOS
 Mobile Assets	demand-downloaded system components like fonts, dictionaries, linguistic data; stored in /System/Library/Assets; launchd services: com.apple.languageassetd (language-dependent assets), com.apple.mobileassetd; server: mesu.apple.com
 Mobile Device	connectivity to iOS devices over USB or WiFi (AirTrafficHost) for syning, development, and debugging; MobileDevice.framework; launchd service: com.apple.usbmuxd; Bonjour service: _apple-mobdev2._tcp
 MOC	Managed Object Context; Core Data object space
 Mondrian	photo collage arrangement in Photos.app; Mondrian.framework
-MRT	Malware Removal Tool; /Library/Apple/System/Library/CoreServices/MRT.app
+MRT	Malware Removal Tool; /Library/Apple/System/Library/CoreServices/MRT.app; superseded by XProtect
 Multipeer Connectivity	ad-hoc networking; Bonjour for discovery; WiFi, AWDL, Bluetooth, or Ethernet as transport; optional encryption and certificate-based authentication; MultipeerConnectivity.framework
 Nano	prefix for watchOS
-Neural Engine	hardware accelerator for neural network operations; ANECompiler.framework, ANEServices.framework; launchd service: com.apple.aned
+Nearby Interaction	proximity-based interaction between devices; proximity measured using ultra wideband or derived from other technologies; used for Universal Control, tapping phones for AirDrop; NearbyInteraction.framework, Proximity.framework; launchd service: com.apple.nearbyd
 Newton	fall detection on watchOS
 NLP	Natural Language Processing; NLP.framework; related to mecabra libraries, a linguistic engine for Chinese and Japanese; /usr/share/mecabra, /usr/share/tokenizer
-Notarization	app security scan by Apple; cryptographic proof stapled to code signature, tested at launch by System Policy; for non-notarized apps sends code hash to Apple; command line tools: altool, stapler
+Notarization	app security scan by Apple; cryptographic proof stapled to code signature, tested at launch by System Policy; for non-notarized apps sends code hash to Apple; command line tools: notarytool, altool, stapler
 Noticeboard	User Notifications for Software Update and App Store, Noticeboard.framework; launchd services: com.apple.noticeboard.state (nbstated), com.apple.noticeboard.agent (nbagent)
 Notifications	system notification bus, unrelated to the local/remote push notifications; launchd service: com.apple.notifyd, com.apple.kuncd (invoked by kernel through host special port 10); command line tool: notifyutil; complemented by framework-level notification system (CFNotification, NSNotification); launchd services: com.apple.distnoted.xpc.daemon, com.apple.distnoted.xpc.agent
-NSP	Network Service Proxy; per-app VPN and proxy settings; launchd service: com.apple.networkserviceproxy
-OAH	Rosetta
+NSP	Network Service Proxy; per-app VPN and proxy settings, implements Private Relay; launchd service: com.apple.networkserviceproxy
+OAH	Rosetta; ahead-of-time compiler for Intel code on Apple Silicon, usable from Linux VMs by way of a custom binformat; /usr/libexec/rosetta
 ODR	On-Demand Resources; loaded from App Store; launchd service: com.apple.appstored
 Onboarding	data protection splash screen shown by service-connected apps; /System/Library/OnBoardingBundles; OnBoardingKit.framework
 Open Directory	directory service for user, group, and machine management; plugin-based to use different backend stores (LDAP, Active Directory), local accounts in /private/var/db/dslocal; launchd service: com.apple.opendirectoryd; command line tools: dscacheutil, dscl, dsconfigad, dsconfigldap, dseditgroup, dsenableroot, dserr, dsexport, dsimport, dsmemberutil, odutil
+OpenBSM	Open Basic Security Module; deprecated security audit subsystem; /etc/security, /var/audit; launchd service: com.apple.auditd; command line tool: audit
 Opus	create slide shows from photos; Slideshows.framework
 OSA	Open Scripting Architecture; scripting of applications from different fontend languages (currently AppleScript and JavaScript); backed by Apple Events; command line tools: osacompile, osadecompile, osalang, osascript, sdef, sdp
 OTUT	One-Time Unlock Token; security mechanism to allow keybag unwrapping after updates
 PAC	Pointer Authentication Codes; pointers signed in unused bits to prevent ROP attacks
 Packages	unit of software installation; command line tools: pkgutil, installer, softwareupdate; launchd services: com.apple.softwareupdated, com.apple.bootinstalld, com.apple.installd, com.apple.system_installd, com.apple.uninstalld; /var/db/softwareupdate, /Library/Apple/System/Library/Receipts (system), /System/Library/Receipts (read-only), /private/var/db/receipts (App Store)
+Packet Filter	network traffic filtering subsystem from OpenBSD; command line tool: pfctl
 Parsec	Spotlight web results and searching of crowdsourced User Activity deep links; server: *.smoot.apple.com; launchd services: com.apple.parsecd, com.apple.parsec-fbf (Feedback Flush to Differential Privacy)
+Party Studio	Karaoke mode on tvOS, where video from a paired phone is shown with effects; /System/Library/PrivateFrameworks/PartyStudio.*
+Passkey	keypair used for authentication instead of password, synced via SOS, implements WebAuthn standard; keys can be used to login on separate device via QR code and Bluetooth proximity proof; AuthenticationServices.framework
 Password Breach	monitoring of Keychain passwords against a breach database; round-robin matching in fixed-size batches, local match against common leaks, remote match using hash prefix; launchd service: com.apple.Safari.passwordbreachd
 Pasteboard	storage for cut, copy, and paste; type of content remembered as UTI; launchd service: com.apple.pboard; command line tools: pbcopy, pbpaste
-PCS	Protected Cloud Storage; key management for separate iCloud storage compartments (PCS calls them views), each can contain FoundationDB plus bulk data stored by MMCS; see also iCDP, CKKS, Manatee; ProtectedCloudStorage.framework; /System/Library/Preferences/ProtectedCloudStorage; command line tool: pcsstatus
+PAT	Private Access Tokens; blind challenge-response authentication; Apple server attests user validity to token issuer, issuer performs blind signature, websites receiving the token cannot identify user; used for Private Relay, can replace CAPTCHAs
+PCS	Protected Cloud Storage; key management for separate iCloud storage compartments (PCS calls them views), each can contain FoundationDB plus bulk data stored by MMCS; see also iCDP, CKKS, GroupKit, Manatee; ProtectedCloudStorage.framework; /System/Library/Preferences/ProtectedCloudStorage; command line tool: pcsstatus
 PCSC	Personal Computer Smart Card; PCSC.framework, uses CTK
 PDE	Print Dialog Extension; old name, not a proper Extension
-Pegasus	picture-in-picture video playback; Pegasus.framework (iOS), PIP.framework (macOS)
+PEC/PIR	Private Encrypted Compute and Private Information Retrieval; used for parental controls for media and web; CipherML.framework; launchd service: com.apple.ciphermld
+Pegasus	meaning 1: picture-in-picture video playback; Pegasus.framework (iOS), PIP.framework (macOS); meaning 2: online search query engine for visual lookup; PegasusKit.framework
+People	contacts with Apple ID accounts within Group Activities and Shared With You
 Pepper	UI elements for Watch home screen and Chat, like Quickboard (canned replies), Animoji; PepperUICore.framework
-Persona	separation of sub-user-identities, like when using a private and managed Apple account; PersonaKit.framework; ~/Library/Personas; /System/Library/UserManagement
+Persona	separation of sub-user-identities, like when using a private and managed Apple account; PersonaKit.framework; ~/Library/Personas; /System/Library/UserManagement; command line tool: umtool
+PHASE	Physical Audio Spatialization Engine; 3D sound rendering engine; Apple devices map audio sources (even mono and stereo) to virtual speakers in a 3D sound stage, which is simulated by the physical speakers via a head-related transfer function; PHASE.framework
 Piano Mover	Mail Drop; bulk mail attachments transfered over PCS; not to be confused with storage for iMessage attachments, which uses a CloudKit container
 Plugin	Extensions, XPC services bundled with apps or frameworks, discovery by Launch Services; launchd service: com.apple.pluginkit.pkd; command line tool: pluginkit
+PMC	Performance Monitoring Counters; Recount.framework; /usr/share/kpep
 PMP	Port Mapping Protocol; Apple alternative to UPnP, Bonjour service: _acp-sync._tcp
+Poster	iPhone lock screen; PosterBoard.framework, PosterKit.framework; /Library/Wallpaper
 PowerUI	battery management like smart charge and power save, learns from Duet and other data; PowerUI.framework; /var/db/PowerUI; launchd service: com.apple.PowerUIAgent
 Preferences	storage for user-configurable settings; launchd services: com.apple.cfprefsd.xpc.daemon, com.apple.cfprefsd.xpc.agent; stored in Library/Preferences, command line tool: defaults; interaction with Synced Defaults per /System/Library/DefaultsConfigurations
+Preview Shell	skeleton for on-device UI previews during development; /System/Library/CoreServices/PreviewShell.app; PreviewShellKit.framework, XOJIT.framework (code live patching)
+Private Relay	two-hop onion routing with one entry and one exit node; Apple operates entry, third-party services operate exit nodes; QUIC for payload, ODoH for DNS, approximate IP geolocation via Waldo, authentication via PAT
 Proactive	umbrella term for suggestions and completions based on Duet forecasting and User Activity context, also marketed as Siri features; PersonalizationPortrait.framework
+Provenance	per-file origin tracking, extended attribute com.apple.provenance stores ID into /var/db/SystemPolicyConfiguration/ExecPolicy
 QoS Classes	inheritable property for Activities; semantic priorities, influences scheduling parameters; initially set at user-level, priority inheritance within GCD queues and across XPC in kernel?
 Quagga	framework for QR and barcode decoding; Quagga.framework
+Quick Action	extension type for quick interaction with foreign content within a host app; extension points: com.apple.services, com.apple.ui-services
 Quick Look	file preview and thumbnail generation; comand line tool: qlmanage
 RAOP	Remote Audio Output Protocol, AirPlay; Bonjour service: _raop._tcp
 Rapport	device pairing by proximity using Alloy, with PIN entry, or using iCloud; once paired, devices can access services; used for HomeKit, HomePod, AirPlay, Home Sharing, SideCar; Rapport.framework; launchd service: com.apple.rapportd; Bonjour service: _companion-link._tcp
 Recents	recently used items (not files) in various applications, synced with Synced Defaults; CoreRecents.framework, /System/Library/Recents; launchd service: com.apple.recentsd
 Relevance Engine	backend for Siri suggestions (for example of Siri Shortcuts), Widget smart stacks (also Siri watch face); consumes Duet knowledge and app-provided timelines with relevance hints; /System/Library/RelevanceEngine; launchd service: com.apple.relevanced
+Remote Pairing	Mobile Device pairing without wired connection; RemotePairingDevice.framework; Bonjour services: _remotepairing._tcp, _remotepairing-manual-pairing._tcp
 RemoteXPC	connection to a non-SoC-integrated SEP like Bridge; uses HTTP/2 over a network interface, Bridge connected over USB, secured using Attestation; RemoteServiceDiscovery.framework, TrustedAccessory.framework; launchd service: com.apple.remoted, com.apple.tracd; command line tool: remotectl
 Revisions	document autosave and auto-versioning; stored in .DocumentRevisions-V100; GenerationalStorage.framework; launchd service: com.apple.revisiond
 Routine	frequently visited locations on iOS, interacts with Duet; launchd service: com.apple.routined
 RTC	Real-time Telemetry and Crash reporting; RTCReporting.framework; launchd service: com.apple.rtcreportingd
-RunningBoard	runtime management of apps, paradigm: app as service process invoked by system, check-in by frameworks, handles process assertions (frontmost app, see App Nap), memory pressure (see Jetsam) and compute resources (GPU), replacement for TAL?; launchd service: com.apple.runningboardd; /System/Library/RunningBoard
+RTKit	operating system used on Apple Silicon for firmware of co-processors
+RunningBoard	runtime management of apps, paradigm: app as service process invoked by system, check-in by frameworks, handles process assertions (frontmost app, see App Nap), memory pressure (see Jetsam) and compute resources (GPU), replacement for TAL?; launchd service: com.apple.runningboardd; /System/Library/LifecyclePolicy, /System/Library/RunningBoard
+Safety Monitor	Check In; short-term location sharing in iMessage until a destination is reached; /Applications/SafetyMonitorApp.app
 SBPL	Sandbox Profile Language; a TinyScheme-based embedded DSL for Seatbelt profiles
 SCIP	System Coprocessor Integrity Protection; like KIP, but for SEP, ISP, Motion coprocessor
 Screen Reader	VoiceOver and Braille; /System/Library/ScreenReader; ScreenReader.framework
-Screen Time	digital wellbeing and parental controls system, uses Device Management as policy engine, self-enforced within the application by frameworks; launchd services: com.apple.ScreenTimeAgent, com.apple.dmd
+Screen Time	digital wellbeing and parental controls system, uses Device Management as policy engine, self-enforced within the application by frameworks; DeviceActivity.framework, ManagedSettings.framework, FamilyControls.framework; launchd services: com.apple.ScreenTimeAgent, com.apple.dmd
 SDB	SQL Database; CoreSDB.framework, used by iCloud communication
 Search Party	portion of Find My service for offline devices; devices emit public part of rotating key pair via Bluetooth LE, other devices encrypt current location with this key and send to Apple, private key shared over CloudKit
 Seatbelt	process sandbox by filtering system calls; profiles written in SBPL; /System/Library/Sandbox/Profiles, /usr/share/sandbox; default file access policy asks for TCC confirmation before access to folders with user data (like Documents) is allowed; command line tool: sandbox-exec; launchd service: com.apple.sandboxd (invoked by kernel through host special port 14 for logging)
 Secure Backup	escrow part of CKKS; escrow key individually wrapped with passcodes of trusted devices, stored in HSM to prevent brute forcing, uses SRP so passcodes are not visible to iCloud, limited number of recovery attempts; protocol called Lakitu, uses FollowUp; launchd service: com.apple.SecureBackupDaemon (com.apple.sbd); CloudServices.framework
 SEP	Secure Enclave Processor; dedicated ARM core for security services, runs L4/Darbat-based sepOS, inline encryption to DRAM, manages AES keys in storage DMA engine, factory-paired channels to Touch ID/Face ID hardware, Secure Element, Neural Engine; SEP can use but not read UID and GID keys; credential verification performed by hardware lockbox with retry count enforcement
+Sequoia	translation; downloadable language models can run on-device; /Applications/SequoiaTranslator.app, Translation.framework
 Seymour	Apple Fitness+; workout videos integrated with Watch sensors; SeymourCore.framework
+SF Symbols	scalable UI symbols; rendered with various color treatments; SFSymbols.framework
+Shared File List	lists of recently opened files from apps that are stored with Launch Services; command line tool: sfltool; also manages login items and app-installed background daemons
+Shared With You	collaboration features between apps and iMessage; content shared via iMessage is surfaced in apps (Swift Transferable protocol), content in apps can be collaboratively edited and connected to an iMessage group; collaborations are expressed by keys derived from participant device keys, padded with a number of random keys to prevent tracking of device count, a merkle tree of those keys is used to prove inclusion of a specific device to an app; SharedWithYou.framework
 Sharing	umbrella term for wireless proximity services: AirDrop, Continuity, Instant Hotspot, WiFi sharing; used by loginwindow for Watch unlock; Sharing.framework; launchd service: com.apple.sharingd; also serves connection sharing and remote disk
-Shazam	music recognition service; ShazamKit.framework; launchd service: com.apple.shazamd
+Shazam	audio (especially music) recognition service; ShazamKit.framework; launchd service: com.apple.shazamd; command line tool: shazam
 Shoebox	Passbook
-Sidecar	using iPhone/iPad as Mac accessory: camera for photos and scanning, annotations, external display over low-latency WiFi (llw interface) using avconferenced encoding; SidecarCore.framework; launchd services: com.apple.sidecar-display-agent (SidecarDisplayAgent), com.apple.sidecar-relay (SidecarRelay)
+Sidecar	using iPhone/iPad as Mac accessory: external camera and microphone (ContinuityCapture), camera for photos and scanning (DocumentCamera.framework), external display over low-latency WiFi (llw interface) using avconferenced encoding; SidecarCore.framework; launchd services: com.apple.sidecar-display-agent (SidecarDisplayAgent), com.apple.sidecar-relay (SidecarRelay)
 Signpost	telemetry API to report points of interest in code; launchd service: com.apple.signpost.signpost_reporter
-Simulator	running an iOS/tvOS/watchOS personality on macOS, uses sandboxing and a separate Mach bootstrap namespace for container-like isolation, command line tool: simctl
+Simulator	running an iOS/tvOS/watchOS personality on macOS, uses sandboxing and a separate Mach bootstrap namespace for container-like isolation; installable simulators as disk images in /Library/Developer/CoreSimulator/Images; command line tool: simctl
 SIP	System Integrity Protection or rootless mode; collection of kernel-level security restrictions regarding file system modification, unsigned Kexts, Taskport access, NVRAM access, DTrace; /System/Library/Sandbox/rootless.conf; command line tool: csrutil, rootless-init
+Site Association	signed files in .well-known directory on websites; equivalent to Entitlements for websites, associates domains with app IDs for Universal Links; command line tool: swcutil
 SKP	Sealed Key Protection; measurement of system state (boot chain IMG4 manifests, BPR, Boot Policy data, UID key, user passcode) to derive Keybag keys
 SKS	Secure Key Store; handling of keybag keys within the SEP
 SkyLight	WindowServer; SkyLight.framework
 Skywalk	network subsystem in XNU, links together actual technologies (Bluetooth, WiFi, Thunderbolt) and interfaces/tunnels; transacts in nexus (for conduits) and agent (for endpoints) objects; DriverKit network drivers use Skywalk; command line tool: skywalkctl
+SLC	System-Level Cache, architectural feature of Apple Silicon; cache located within SoC at controllers for external DRAM, serves all compute units and stages transfers between them
 Social Gaming	Game Center; multiplayer gaming services on top of CloudKit, shared storage and low-latency multicast for multiplayer sessions; launchd service: com.apple.gamed
 Sock Puppet	Watch interaction that requires Companion device
-SOS	Secure Object Sync; syncing backend for iCloud Keychain, not to be confused with the emergency call feature; transferred items previously staged in Synced Defaults, now uses CKKS; launchd services: com.apple.secd (access to local keychain), com.apple.security.cloudkeychainproxy3 (connects to Synced Defaults), com.apple.security.keychain-circle-notification
+SOS	Secure Object Sync; syncing backend for iCloud Keychain, not to be confused with the emergency call feature; transferred items previously staged in Synced Defaults, for two-factor accounts in CKKS; launchd services: com.apple.secd (access to local keychain), com.apple.security.cloudkeychainproxy3 (connects to Synced Defaults), com.apple.security.keychain-circle-notification
 SPI	System Private Interface; /System/Library/PrivateFrameworks
 SpringBoard	iOS home screen; like Dock (Launchpad, Mission Control, desktop picture), Control Center, SystemUIServer (menu extras icons), loginwindow (lock screen), and WindowServer (compositor) on macOS; /System/Library/CoreServices/SpringBoard.app, /Applications/PreBoard.app, BaseBoard.framework, FrontBoard.framework, SplashBoard.framework; launchd service: com.apple.backboardd (compositor)
 SPRR	Shadow Permission Remap Register? feature of Apple Silicon to dynamically reintepret page permissions
 SRP	Secure Remote Password; standard cryptographic protocol for proving knowledge of a secret such that attackers cannot brute-force the secret; AppleSRP.framework
 SSO	Single Sign-On
 SSV	Signed System Volume, als called Authenticated Root Volume (ARV); macOS boots from blessed read-only APFS snapshot, merkle-tree and root-hash stored in Preboot volume; modifications require disabling root authentication with csrutil from recovery, then the live filesystem can be mounted, modified, and re-blessed; command line tools: apfs_systemsnapshot, bless, csrutil
-Stark	CarPlay
+Stark	CarPlay; companion apps on iOS: /Applications/AutoSettings.app, /Applications/CarCamera.app, /Applications/Charge.app, /Applications/Climate.app, /Applications/Closures.app, /Applications/Media.app, /Applications/TirePressure.app, /Applications/Trip.app
 Stockholm	Secure Element in Apple SoCs, a processor running crypto protocols on keys it protects; used for Apple Pay and Car Key; related codenames: Icefall, Warsaw
 Storage Management	freeing up disk space by managing bulky items; UI in System Information.app; StorageManagement.framework; launchd service: com.apple.diskspaced; extension point: com.apple.storagemanagement; extends Cache Delete service
 Suggestions	semantic analysis of mails and websites to suggest contacts, calendar events and the like; launchd services: com.apple.suggestd, com.apple.reversetemplated; custom JavaScript parsers in /System/Library/AssetsV2/com_apple_MobileAsset_CoreSuggestions
-Symbols	debug symbols for backtraces; CoreSymbolication.framework; launchd services: com.apple.coresymbolicationd; command line tools: symbols, symbolscache
+Symbols	debug symbols for backtraces; CoreSymbolication.framework; launchd services: com.apple.coresymbolicationd; command line tools: atos, symbols, symbolscache
 Symptoms	network diagnostics; Symptoms.framework; /var/networkd/db/netusage.sqlite; launchd service: com.apple.symptomsd (invoked by kernel through host special port 27)
 Synced Defaults	simple key-value store for applications, no user control over data; can use iCloud key-value backend (old) or Manatee container (new, marked as com.apple.kvs) as storage; launchd service: com.apple.syncdefaultsd; locally stored in ~/Library/SyncedPreferences
 System Configuration	SystemConfiguration.framework; launchd service: com.apple.configd; command line tool: scutil
-System Extension	user-level components formerly in the kernel; currently either a DriverKit, Network, or Endpoint Security extension; /System/DriverKit, /System/Library/DriverExtensions; command line tool: systemextensionsctl; launchd services: com.apple.sysextd, com.apple.nesessionmanager, com.apple.endpointsecurity.endpointsecurityd
+System Extension	system-wide components formerly implemented as insecure plugins or kexts; current extension types: DriverKit, FSKit, Network, Endpoint Security, Core Media IO; /System/DriverKit, /System/Library/DriverExtensions; command line tool: systemextensionsctl; launchd services: com.apple.sysextd, com.apple.nesessionmanager, com.apple.endpointsecurity.endpointsecurityd; command line tool: eslogger
 System Policy	Gatekeeper; policy engine for application launches and kext loading, malware signatures from /Library/Apple/System/Library/CoreServices/XProtect.bundle; /var/db/SystemPolicy; launchd service: com.apple.security.syspolicy (invoked by kernel through host special port 29); command line tool: spctl
+Tailspin	sampling of process stack traces; launchd service: com.apple.tailspind; command line tool: tailspin
 TAL	Transparent App Lifecycle; process for macOS apps started and stopped independently of the user launching and quitting app; also handles session restore across reboots; ~/Library/Saved Application State; launchd service: com.apple.talagent
 Taskport	Mach kernel concept for ptrace-like access to task internals; access policy implemented by daemon; launchd service: com.apple.taskgated (invoked by kernel through task special port 9); command line tool: DevToolsSecurity
 TCC	Transparency, Consent, and Control; user control over app access to privacy-related services (kTCCService*); TCC.framework; launchd services: com.apple.tccd, com.apple.tccd.system; command line tool: tccutil; stored in /Library/Application Support/com.apple.TCC, ~/Library/Application Support/com.apple.TCC, /var/db/locationd (for kTCCServiceLocation)
+Template App	code-less app-bundle, passed to an actual executable by LauncServices; created when adding websites in Safari to Dock/Springboard; run by /System/Volumes/Preboot/Cryptexes/App/System/Library/CoreServices/Web App.app
 Time Machine	automatic backup service, command line tools: tmdiagnose, tmutil
-Tin Can	Walkie Talkie on watchOS
+Tin Can	Walkie Talkie on watchOS; /Applications/TinCan.app
 Tones	ringtones; ToneLibrary.framework
-Tourist	backend for user-visible tips and hints; launchd service: com.apple.touristd
 Translocation	app binary copied on launch to dedicated location; initiated by Launch Services for security (prevents path traversal for apps quarantined by System Policy) or path normalization (iOS apps do not expect to be moved, but can be moved on macOS)
-Transparency	key transparency for ESS keys? Transparency.framework; launchd service: com.apple.transparencyd; server: init-kt.apple.com
-TTS	Text To Speech, command line tool: say; /System/Library/Speech; synthesizer engines: MacinTalk (historic), Polyglot (phoneme-based?), Gryphon (current, DNN-based?)
+Transparency	key transparency for ESS keys, based on CONIKS, devices audit IDS records against transparency logs, log hashes gossiped over iMessage to detect split-view attacks; Transparency.framework; launchd service: com.apple.transparencyd; server: init-kt.apple.com
+TSS	Tatsu Signing Server; online verification for firmware signatures; server: gs.apple.com
+TTS	Text To Speech, neural-network-based synthesis engine (Gryphon); command line tool: say; /System/Library/Speech, /System/Library/TTSPlugins
 TVML	TV Markup Language; declarative UI language for TV apps; TVMLKit.framework
-Ubiquity	iCloud Drive; uses CloudKit, codename Bladerunner; CloudDocs.framework; command line tools: fileproviderctl; launchd service: com.apple.bird (iclouddrive-agent); locally stored in ~/Library/Mobile Documents (was supposed to move to Library/CloudStorage/iCloud Drive and iclouddrivectl but this was reverted)
+Ubiquity	iCloud Drive; codename Bladerunner, uses CloudKit; CloudDocs.framework; launchd service: com.apple.bird; locally stored in ~/Library/Mobile Documents (was supposed to move to Library/CloudStorage/iCloud Drive but this was reverted)
 UID	unique ID key, used as root key for cryptographic subsystems, generated during manufacturing by SEP and fused into hardware, only accessible by SEP
 Unified Logging	system-wide logging and Activity tracking; launchd service: com.apple.logd, com.apple.diagnosticd; command line tool: log; /dev/oslog; data stored in /var/db/diagnostics, support files in /var/db/uuidtext
-User Activity	abstraction behind deep-linking into apps with structured context data (people, places); used for Universal Links (with schema.org on websites), Handoff, Parsec, Siri Shortcuts, Proactive; UserActivity.framework; launchd service: com.apple.coreservices.useractivityd
+USD	Universal Scene Description; storage format for 3D assets; /usr/lib/usd
+User Activity	abstraction for deep-linking into apps with structured context (people, places); used for Universal Links (schema.org on websites), Handoff, Parsec (app links in search), Siri Shortcuts, Quick Note (context awareness), Proactive; UserActivity.framework; launchd service: com.apple.coreservices.useractivityd
 User Notifications	user interface for notification center; launchd service: com.apple.usernoted
 UTI	Uniform Type Identifiers; system for document types; file extensions and MIME types are mapped to UTIs, UTIs form a conformance graph, apps register their UTIs with Launch Services; /System/Library/CoreServices/CoreTypes.bundle; also Apple’s hardware devices are represented as UTIs
 VA	Video Acceleration; AppleGVA.framework, AppleVA.framework, AppleVPA.framework
-Viceroy	video conferencing used by FaceTime and ReplayKit
+VDAF	Verifiable Distributed Aggregation Function; part of Differential Privacy; VDAF.framework
+Viceroy	video conferencing used by FaceTime and ReplayKit; ViceroyTrace.framework
+Virtualisation	running virtual machines on macOS; Hypervisor.framework (for basic VMs and vCPUs), Virtualization.framework (brings a robust set of device models)
 VSDB	volume status database; /var/db/volinfo.database; command line tool: vsdbutil
-Waldo	Apple VPN service? seen in NSP, server: waldo.apple.com
+Waldo	selects edge servers based on approximate location, part of Private Relay, seen in NSP
 WFS	WebDAV File Sharing; built-in file sharing with Apache; /etc/wfs; command line tool: wfsctl
-Widgets	content excerpt from apps; provided via a timeline of view hierarchies, configuration uses Intents, technically very similar to complications on  watch face; extension point: com.apple.widgetkit-extension
+Widgets	content excerpt from apps; provided via a timeline of view hierarchies, configuration uses Intents; visible on home screen, lock screen, as live activities, as watch complications; WidgetKit.framework; extension point: com.apple.widgetkit-extension; launchd service: com.apple.chronod (timeline management and sync)
 Willow	HomeKit; end-to-end-encrypted communication protocol and API for IoT-accessories; pairing with SRP using code printed on device, credential sync by CKKS, transported over Alloy, remote access using Apple TV as proxy; launchd service: com.apple.homed
+Window Manager	implements Stage Manager; /System/Library/CoreServices/WindowManager.app
+Workflow	Shortcuts; user-programmable system-wide automation, built-in triggers cause a chain of actions to run; actions are synthesized from User Activities and Intents provided by apps; WorkflowKit.framework, ActionKit.framework; locally stored in ~/Library/Shortcuts; launchd service: com.apple.siriactionsd (voice-triggered shortcuts); command line tool: shortcuts
 xART	eXtended Anti-Replay Technology; persistent storage for SEP, used by Mesa; /System/Volumes/xarts; launchd service: com.apple.xartstorageremoted; command line tool: xartutil
-XCS	Xcode Server; continuous integration server; command line tools: xcscontrol, xcsdiagnose
+XCS	Xcode Server; continuous integration server; command line tools: xcscontrol, xcsdiagnose
+XProtect	signature-based malware scanner and remediation service; /Library/Apple/System/Library/CoreServices/XProtect.bundle