[Macworld.com]

Apple should have let people know about the Widget update mechanism included in the recent OS X 10.4.7 update. But the feature itself is nothing to worry about, Rob Griffiths says. [more]

[galendw]

Excellent article. I agree completely.
Thanks for saying what needed to be said.

[Nobody]

Get Little Snitch and turn it off.

[wardoggie]

I never thought I needed Little Snitch, but this incident has me thinking I might get it sooner rather than later.
Nice article, BTW. /forums/ubbthreads/images/graemlins/grin.gif I, too, think Apple's spin doctors missed a golden opportunity to turn a little negative into a positive.

[nnager]

Outstanding recommendation on the user options, Rob. I hope Apple developers are listening and will incorporate it in the very next update.
Respectfully, Norm

[fds]

I wonder where all these wild misconceptions are coming from.
About Dashboard Advisory:
It does not send any, let me repeat, any information about you or your use of Mac OS X to Apple. The only user identifiable information they could get is your IP address, which is unavoidable, and it could also serve as a counter of people running Mac OS X 10.4.7 or later, since that's when this feature was introduced.
It does not seem to send any information however on what widgets you have running.
The tool simply retrieves the following two addresses, without sending any information back, that is, no cookies, no parameters, no nothing:
http://www.apple.com.../widgetadvisory
http://www.apple.com...ets/parser.info
Regarding the iTunes MiniStore:
No, there was no "swift update" released to let you turn off the MiniStore, as the button to switch it off was always there to begin with immediately the moment it was introduced. The only change made in response to the outcry over it was updating the online content shown in the MiniStore to have a big notice pointing out the button to turn it off in case you didn't notice.

[dcipjr]

Very well done, Rob.
Personally, I too am OK with the new feature, but I don't like how Apple didn't tell us about it, and I'm somewhat concerned about possible future implications. I'm not convinced that the Mac OS is going to integrate a WGA-style system or anything like that -- I would just appreciate that, in the future, Apple would let us know about software that phones home, and give us an option to deactivate it.

[michaelb]

It's unfortunate Apple did this at the same time the WGA brohaha was making the rounds...
All too easy for ill-informed journalists (I'm looking at you CNET) to treat them as one and the same.
Agree it should have been opt-in, or opt-out without resorting to the Terminal.
Bad Apple, one less kudo cookie for you.

[iollmann]

Rob, I think you're making a mountain out of a molehill here. This looks to me like a security feature. In order to be effective, security features sometimes need to be held to a different standard. For example, I could claim that my account password was sensitive information so I shouldn't have to provide it to the OS when I log in. Even though it is true that the information is sensitive, that is obviously a ridiculous position to take.
In this case, it looks kind of like Apple is trying to crack down on what it sees as a security hole and save users a ton of grief. Maybe there is some way to do it -- I'm no security expert!!! -- but it seems to me that if you wanted to have signed verifiable applications, you kindof have to have an external database of application signatures and checksums somewhere. ...and that means phoning home.
A security feature that you can opt-out of is no security feature.
Ian
The above is my personal opinion and not necessarily that of my employer.

[griffman]

Actually, my position is more of trying to make a molehill out of a mountain. My point is that this isn't really a bad thing, I just object to hidden feature additions and things I can't control.
And I do believe it should still should be optional -- or at least have a non-automaic mode. After all, OS updates themselves, which usually include numerous important security fixes, are optional (nobody forced us all to install 10.4.7). So I'm not sure why widgets get such a higher priority treatment.
-rob.

[mmouse47]

Just to defend Apple a bit -- they did mention this "feature" in the detailed 10.4.7 release notes. It is just so vaguely (and poorly) described, that one would have to guess what it means:
http://docs.info.app...l?artnum=303771
Under "Other":
"You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it."
I still don't understand how to usefully invoke this functionality, but there is Apple's warning. /forums/ubbthreads/images/graemlins/smile.gif

[iollmann]

In reply to:

---

I just object to hidden feature additions and things I can't control.

---

What fraction of the actual changes in any particular update do you predict Apple will think is significant enough to describe to customers in a top level document like that? Do you really want the configurability to opt-out of all of them?
Here are some more things that didn't make it in at all.
Ian

[sandman619]

Wow, what a pointless article. While I'm not a programmer, these little apps use some programming code (Java I recall), so a poorly written widget could cause problems with other widgets and even dashboard too, correct? Then a benevolent appl that does nothing more than check for updates, which can resolve problems caused by a poorly designed widget simply by notifying the user of a newer version seemes like a thoughtful addition to an OS that Vista could only hope to be in a few years when finally released. Since many users can't even fix their windows properly, it makes sense that Apple gives them a tap on their shoulder to update their malfunctioning or out-of-date-gonna-cause-conflicts widgets of which they have hundreds and can't remember which they have. <breathe> Think that there could be a reason for adding such a thing to an update or is the only possbile explanation that Steve Jobs plans is really bent on world domination via an evil army of widgets he's soon to unleash on us poor unsuspecting mice?

[griffman]

Did you even read what I wrote? I agree with your position -- I think it's a good thing. However, I do not think it's a good thing when a system starts contacting the net in the background and doesn't tell me it's going to start doing so. It's a small thing, but it reflects on the fact that the machine is mine, not Apple's, and I would like to know when it starts heading out to the internet of its own accord.
As to making it optional -- if it's so important that these things are updated, then why are the big, much more important System Updates optional? That makes no sense.
-rob.