Sign In
Register
Help
IMHO, if this feature to check on the authenticity and security of Widgets was offered by a third party such as Little Snitch after discovering a security problem with Widgets, everyone would be clamoring to pay the developer for the utility regardless of the fact of whether or not they told you how they did it.
I do agree though that this could of & should have been avoided if Apple had a Public Relations employe who's job it was to overlook this type of issue.
Maybe a job in waiting for Jeff? /forums/ubbthreads/images/graemlins/smile.gif
Mac OS X "phones home" with 10.4.7 update
MultiQuote
#72
Nobody 
- Power User
-
- Group: Members
- Posts: 58,347
- Joined: 18-October 07
Posted 08 July 2006 - 09:54 AM
I am not sure what the actual protocol creates. According to Apple, "You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it."
Referring back to the 10.4.2 update,
"Description: Dashboard is distributed with Apple-supplied widgets, and users have the ability to add new ones. It is possible for a user to install a new widget with the same internal identifier as an Apple-supplied widget. If this occurs, the newly-installed widget will run in place of the system widget. It may not be clear to users that they are running a widget that they installed as opposed to the Apple-supplied one. This update addresses the issue by alerting users if they try to install widgets that would cause this sort of conflict. This issue does not affect previous releases of Mac OS X."
it would appear that this latest action is a continuation of that strategy. As such, I personally have not problem with it. In effect, if everybody took the time to view the READ ME's which basically every developer encourages, most of the dark side of the issues are non-consequential and forewarned.
As to whether one should have the ability to shut it off, Apples strategy is perhaps based on helping to ensure that the integrity of the OS X operating system is not compromised when another application is installed with the same internal identifier as a Apple-supplied program. Obviously such action could reek significant havoc. As a form to help maintain security and the integrity of my system, I take Apple's side.
Referring back to the 10.4.2 update,
"Description: Dashboard is distributed with Apple-supplied widgets, and users have the ability to add new ones. It is possible for a user to install a new widget with the same internal identifier as an Apple-supplied widget. If this occurs, the newly-installed widget will run in place of the system widget. It may not be clear to users that they are running a widget that they installed as opposed to the Apple-supplied one. This update addresses the issue by alerting users if they try to install widgets that would cause this sort of conflict. This issue does not affect previous releases of Mac OS X."
it would appear that this latest action is a continuation of that strategy. As such, I personally have not problem with it. In effect, if everybody took the time to view the READ ME's which basically every developer encourages, most of the dark side of the issues are non-consequential and forewarned.
As to whether one should have the ability to shut it off, Apples strategy is perhaps based on helping to ensure that the integrity of the OS X operating system is not compromised when another application is installed with the same internal identifier as a Apple-supplied program. Obviously such action could reek significant havoc. As a form to help maintain security and the integrity of my system, I take Apple's side.
#73
MacCheetah3
- Power User
-
- Group: Members
- Posts: 6,645
- Joined: 02-April 01
Posted 08 July 2006 - 11:13 AM
Hi
Originally posted by donikatz
Yes and no. #2 is indeed incorrect off HumanJHawkins' list but #3 isn't. If one doesn't install it, I don't believe any updates are installed. It forces one to download it first and than one can receive only Critical updates via Automatic Update, even if it is deemed pirated.
I'm not overly against these "phone home" actions. Why? The most they seem to do is prevent piracy...If I'm pirating something, I deserve that annoyance. What I am against is things like Windows Activation. Why? Because most of the time, even if I'm starring directly at the CoA, I still have to call M$ and jump through hoops.
The region identification is new to me.
Originally posted by donikatz
In reply to:
FYI-- WGA does NOT block critical security updates. WUS will automatically download all critical updates, just not through the website. nice try, though.
FYI-- WGA does NOT block critical security updates. WUS will automatically download all critical updates, just not through the website. nice try, though.
Yes and no. #2 is indeed incorrect off HumanJHawkins' list but #3 isn't. If one doesn't install it, I don't believe any updates are installed. It forces one to download it first and than one can receive only Critical updates via Automatic Update, even if it is deemed pirated.
I'm not overly against these "phone home" actions. Why? The most they seem to do is prevent piracy...If I'm pirating something, I deserve that annoyance. What I am against is things like Windows Activation. Why? Because most of the time, even if I'm starring directly at the CoA, I still have to call M$ and jump through hoops.
The region identification is new to me.
#74
tomtom
- Member
-
- Group: Members
- Posts: 886
- Joined: 06-January 06
Posted 08 July 2006 - 11:25 AM
71 comments already - a record or a near record.
People worry me sometimes.
Not withstanding what Apple is trying to do to help us, I have to ask myself what on earth do folks have on their PC's to get so worked up over nothing at all.
People worry me sometimes.
Not withstanding what Apple is trying to do to help us, I have to ask myself what on earth do folks have on their PC's to get so worked up over nothing at all.
#75
ladyuser101
- Member
-
- Group: Members
- Posts: 362
- Joined: 12-February 06
Posted 08 July 2006 - 12:43 PM
Good post on the issues OM_user.
Realistically, by the time Apple checks my widget file set for rogue widget use every eight hours, the damage to my computer, if there are malware widgets out there or to come, would have been done. If a widget is not Apple approved, what happens to it on my computer? What happens if I run a non-Apple approved beneficial widget that controls the MBP fan or allows a CPU speed bump or removes blocks on Apple approved DVD writers or removes all region controls on DVDs? What would happen to those beneficial widgets under the widget check system?
Since I have already given personal information (PI) to Apple when I registered my hardware/software, what marketable info can be tied to my PI through widget checking such as my IP, my ISP, and my browser records?
It seems odd to me that Apple wants to check my minor level widget integrity instead of my greater importance system integrity. Since they want to check without saying anything, the question is why?
Realistically, by the time Apple checks my widget file set for rogue widget use every eight hours, the damage to my computer, if there are malware widgets out there or to come, would have been done. If a widget is not Apple approved, what happens to it on my computer? What happens if I run a non-Apple approved beneficial widget that controls the MBP fan or allows a CPU speed bump or removes blocks on Apple approved DVD writers or removes all region controls on DVDs? What would happen to those beneficial widgets under the widget check system?
Since I have already given personal information (PI) to Apple when I registered my hardware/software, what marketable info can be tied to my PI through widget checking such as my IP, my ISP, and my browser records?
It seems odd to me that Apple wants to check my minor level widget integrity instead of my greater importance system integrity. Since they want to check without saying anything, the question is why?
#77
macretiree
- Member
-
- Group: Members
- Posts: 60
- Joined: 20-May 06
Posted 08 July 2006 - 01:16 PM
In reply to:
I have to ask myself what on earth do folks have on their PC's to get so worked up over nothing at all.
I have to ask myself what on earth do folks have on their PC's to get so worked up over nothing at all.
Personal privacy?
What gets you worked up? Counting posts?
Other posts in the 70's: Judge temporarily halts Louisiana violent game law (74) or MacBook: What you need to know (73).
How about 23 things we want in Leopard (249); Apple's greatest hits: 30 significant products (132); Apple introduces 17in MacBook Pro (114); Apple launches new Mac-Windows TV ads (108).
How about views: Phone home (1968), Apple replaces eMac (3836), Apple releases 10.4.7 (5633), or Disk Utility (27,708).
Isn't the definition of a Mac fanatic just someone who loves Mac more than you do?
I'm personally glad to see people explore issues and contribute ideas and express views. That's what makes our community worthwhile.
#78
jmincey
- Veteran
-
- Group: Members
- Posts: 4,228
- Joined: 27-August 04
Posted 08 July 2006 - 01:30 PM
"Take the iTunes Mini Store debacle. When I saw it, the first thing I thought was that communication was implicit in its use."
Communication is implicit in the use of iTMS but not in iTunes in general. Until the MiniStore debacle, I could use iTunes strictly as a music player of files in my library without any concern whatsoever that my listening habits would be monitored or that any data would be transmitted to remote servers. It's only when I access iTMS (through iTunes) that I communication is implicit in the nature of the function.
"If I didn't like it, I turned it off. And yet, that was a huge issue, particularly for you."
And how does Apple notify the user about how he can turn off the widget monitoring/update function? This goes to the heart of my objections:
1. Is the user notified?
2. Does the user have control over the function?
3. Can the user disable the function if he wants no data going back and forth?
Yes, the user can disable the widget update function -- but no thanks to Apple. So I maintain that while communication is implicit in the operation of many widgets, this auto-monitoring/validation function is external and not the least bit implicit. As a result, it's not reasonble to expect the ordinary user to just assume such behavior, and thus Apple should provide specific notification.
Communication is implicit in the use of iTMS but not in iTunes in general. Until the MiniStore debacle, I could use iTunes strictly as a music player of files in my library without any concern whatsoever that my listening habits would be monitored or that any data would be transmitted to remote servers. It's only when I access iTMS (through iTunes) that I communication is implicit in the nature of the function.
"If I didn't like it, I turned it off. And yet, that was a huge issue, particularly for you."
And how does Apple notify the user about how he can turn off the widget monitoring/update function? This goes to the heart of my objections:
1. Is the user notified?
2. Does the user have control over the function?
3. Can the user disable the function if he wants no data going back and forth?
Yes, the user can disable the widget update function -- but no thanks to Apple. So I maintain that while communication is implicit in the operation of many widgets, this auto-monitoring/validation function is external and not the least bit implicit. As a result, it's not reasonble to expect the ordinary user to just assume such behavior, and thus Apple should provide specific notification.
#79
lahgitana
- Newbie
-
- Group: Members
- Posts: 9
- Joined: 08-July 06
Posted 08 July 2006 - 01:42 PM
thanks for help. herewith:
Last login: Sat Jul 8 08:49:20 on ttyp1
Welcome to Darwin!
localhost:~ Laurel$ sudo mv /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist /System/Library/
Password:
mv: /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist: No such file or directory
localhost:~ Laurel$
Last login: Sat Jul 8 08:49:20 on ttyp1
Welcome to Darwin!
localhost:~ Laurel$ sudo mv /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist /System/Library/
Password:
mv: /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist: No such file or directory
localhost:~ Laurel$
#81
sheldonc
- Member
-
- Group: Members
- Posts: 55
- Joined: 05-May 01
Posted 08 July 2006 - 01:44 PM
Personally, I'm not too worried, either. Heck, with people like Jeff Mincey on patrol, Apple better watch out!
Seriously, Widgets are a fairly significant opening that Apple may be a bit concerned about security-wise. I'm happy they want to, somehow, with as little disruption as possible, try to affirm that the ones I may have installed aren't going to bugger everything up. Three times a day does seem a bit heavy handed, and the fact that Apple could have told us about it would have gone a long way to stemming some of the tide of panic-striken users. It maybe harmless, but in the light of today's paranoia-heightened public, even the most innocuous of these things need to be handled carefully.
People, the real worry is what our gov't is doing these days regarding our privacy. But that's another issue. As for the Widget thing, if you really care, unplug your internet when you're not using it.
Regardless, thanks all for bringing this to light. I'm going to continue to let mine run for now.
BTW, avoid buying copies of J.D. Salinger's "Catcher in the Rye." They all have GPS chips implanted in the spines so they can track the whackos who actually read it.
(JUST KIDDING!)
Seriously, Widgets are a fairly significant opening that Apple may be a bit concerned about security-wise. I'm happy they want to, somehow, with as little disruption as possible, try to affirm that the ones I may have installed aren't going to bugger everything up. Three times a day does seem a bit heavy handed, and the fact that Apple could have told us about it would have gone a long way to stemming some of the tide of panic-striken users. It maybe harmless, but in the light of today's paranoia-heightened public, even the most innocuous of these things need to be handled carefully.
People, the real worry is what our gov't is doing these days regarding our privacy. But that's another issue. As for the Widget thing, if you really care, unplug your internet when you're not using it.
Regardless, thanks all for bringing this to light. I'm going to continue to let mine run for now.
BTW, avoid buying copies of J.D. Salinger's "Catcher in the Rye." They all have GPS chips implanted in the spines so they can track the whackos who actually read it.
(JUST KIDDING!)
#83
d00d
- Advanced Member
-
- Group: Mac User
- Posts: 12,149
- Joined: 24-April 01
Posted 08 July 2006 - 01:50 PM
"Communication is implicit in the use of iTMS but not in iTunes in general. Until the MiniStore debacle, I could use iTunes strictly as a music player of files in my library without any concern whatsoever that my listening habits would be monitored or that any data would be transmitted to remote servers. It's only when I access iTMS (through iTunes) that I communication is implicit in the nature of the function."
Let me refresh your memory. You play a song. A little bar at the bottom shows selections from the iTMS relating to the song. The communication is implied. There was a button to turn it off. You still had a problem with that. That was my point. That's all I was saying, so stop dragging what I'm saying off into unrelated territory.
I understand what you want. I already agreed that better disclosure and a way to turn it off in a GUI would have been nice. Do I really care about this incident? No. I've really wasted way too much time both thinking about it and "discussing" it. I'm going to move on to more important things.
Let me refresh your memory. You play a song. A little bar at the bottom shows selections from the iTMS relating to the song. The communication is implied. There was a button to turn it off. You still had a problem with that. That was my point. That's all I was saying, so stop dragging what I'm saying off into unrelated territory.
I understand what you want. I already agreed that better disclosure and a way to turn it off in a GUI would have been nice. Do I really care about this incident? No. I've really wasted way too much time both thinking about it and "discussing" it. I'm going to move on to more important things.
#84
jmincey
- Veteran
-
- Group: Members
- Posts: 4,228
- Joined: 27-August 04
Posted 08 July 2006 - 01:54 PM
"Widgets are a fairly significant opening that Apple may be a bit concerned about security-wise. I'm happy they want to, somehow, with as little disruption as possible..."
Just for the record, I agree completely. It doesn't contradict a word I've said in this thread.
"...the fact that Apple could have told us about it would have gone a long way to stemming some of the tide of panic-striken users...
I'll make a deal with you. I won't call you complacent, naive, and lazy if you don't call me panic-stricken and paranoid. Both of these extreme characterizations miss the mark and do a disservice to the discussion.
I don't suggest that those who oppose my point of view are gullible and asleep at the switch, and yet what I get from others is that I'm a conspiracy theorist, doomsayer, and panicky. I'm nothing of the sort. I need not be panic-stricken merely to want my computer to contact remote networks only with my knowledge or consent.
That's not unreasonable, is it?
"... the real worry is what our gov't is doing these days regarding our privacy."
It's ironic that you raise this point since so many Americans tend to be blase about this issue as well. In any case, as citizens and consumers, can't we have more than one concern?
"As for the Widget thing, if you really care, unplug your internet when you're not using it."
I see. It's better to disconnect from the internet altogether than just to insist that Apple notify us and give us an easy way to disable the function if we don't want it. Please tell me you know how impractical and absurd this position is.
Just for the record, I agree completely. It doesn't contradict a word I've said in this thread.
"...the fact that Apple could have told us about it would have gone a long way to stemming some of the tide of panic-striken users...
I'll make a deal with you. I won't call you complacent, naive, and lazy if you don't call me panic-stricken and paranoid. Both of these extreme characterizations miss the mark and do a disservice to the discussion.
I don't suggest that those who oppose my point of view are gullible and asleep at the switch, and yet what I get from others is that I'm a conspiracy theorist, doomsayer, and panicky. I'm nothing of the sort. I need not be panic-stricken merely to want my computer to contact remote networks only with my knowledge or consent.
That's not unreasonable, is it?
"... the real worry is what our gov't is doing these days regarding our privacy."
It's ironic that you raise this point since so many Americans tend to be blase about this issue as well. In any case, as citizens and consumers, can't we have more than one concern?
"As for the Widget thing, if you really care, unplug your internet when you're not using it."
I see. It's better to disconnect from the internet altogether than just to insist that Apple notify us and give us an easy way to disable the function if we don't want it. Please tell me you know how impractical and absurd this position is.
