MacTechNotes

Tuesday, July 04, 2006

Dashboard advisory networking

Overview
A number of sites/posts/blogs/etc have recently reported about Apple's new "phone home" feature in Dashboard, added with 10.4.7. While any feature like this really should be optional, and off by default, this will discuss more of the what than what's wrong.

Read on for more detail


The Pieces
There are several pieces to this advisory stuff. There is the mach_init part, com.apple.dashboard.advisoryd, defined by /etc/mach_init.d/dashboardadvisoryd.plist. This is the part which actually communicates back to Apple's website. Renaming this is one method mentioned for disabling the whole show.

The next piece is a launchd daemon, com.apple.dashboard.advisory.fetch, which is the part that is actually kicked off every eight hours (regardless of whether you actually run any Dashboard widgets). Unloading this through launchctl is another method for disabling the phone-home stuff. This queries the mach_init service above.

Finally are a couple of files placed in /var/db by this set of programs. First is .dashboardadvisory.database which is a sqlite3 database and can be viewed with

$ sudo sqlite3 /var/db/.dashboardadvisory.database
SQLite version 3.1.3
Enter ".help" for instructions
sqlite> .schema
CREATE TABLE advisory (ROWID INTEGER PRIMARY KEY AUTOINCREMENT, unique_id INTEGER UNIQUE NOT NULL, hash_usage INTEGER NOT NULL, resource_type INTEGER NOT NULL, hash_type INTEGER NOT NULL, hash BLOB UNIQUE NOT NULL, url TEXT);
...

This is obviously where it will store interesting stuff, though mine is currently without any entries. The other interesting file, which doesn't exist by default, is .dashboardadvisorydisabled which, when present, is meant to keep the daemon from doing anything.

URLs
It looks like there are several URLs which are contacted while it is
running:
http://www.apple.com/widgets/widgetadvisory
is a signed list of "advisories" that will eventually populate (my theory) the .dashboardadvisory.database database. It is simply a bunch of sqlite3 commands (which, to me, seems a bit funky).
Next is
http://www.apple.com/widgets/parser.info
contains nothing; it, as I write this, is empty.
Finally,
http://www.apple.com/widgets/parsers
appears to be something not yet setup, as it gives the good ol' "Page Not Found" error. Seems like they're still in the process of making things actually work...

Future
Hopefully Apple will (perhaps with a security update, or in 10.4.8) switch this to default off, and add a preference to enable it. Also, it'd sure be nice to see a little documentation on how it's meant to work in full. Especially if it's meant to be a Dashbaord widget security part, as I'm sure most know how well closed-door security works in the world of computing.


continues...