Secret Sauce at MacDev|360
In December 2010 I had the opportunity to speak at the MacDev|360 conference in Denver. Since this was the first big Mac-focused thing I’d had the opportunity to speak at (everything since 2008 had been all iPhone, all the time), I decided to delve into my archive somewhat and pull out the knowledge I’d gained while working on MacAdministrator, where I’d implemented OpenDirectory plugins, authorization plugins, and even process injection and runtime function patching.
When Time Machine appeared, with support built into Mail, Address Book, iPhoto, and more, there was unfortunately no API for anyone outside of Apple to use, so I took it upon myself to figure out how that was working, and to demonstrate how to integrate it into an app directly.
Alas, the private API parts were rather undermined by the recent release of the Mac App Store, where no private API usage would ever pass muster, but the information was there, so it seemed like it would be interesting to somebody, at least.
The official schedule blurb read like this:
Secret Sauce: How to use or duplicate Apple’s private functionality
Ever wanted to hook your own data into Apple’s Managed Client infrastructure? Watched Address Book or iPhoto’s integration with the Time Machine user interface in envy? Wished you could implement your own login dialog or account access filters on the Macintosh? Come and See as we open the seventh seal and gaze deep into the workings of some of OS X’s most coveted internal > workings.
The presentation described how the system crash reporter worked—and how you could write your own. This would segue nicely into performing remote stack traces (using private API, to keep the topic more brief). Next I went through the private API used by Apple’s apps to implement an in-app Time Machine experience.
You can access the presentation as either PDF slides or via Keynote’s HTML viewer:
Code used in the talk is available on Github:
Along with the presentation, I wrote a paper going into the same subjects in more detail, along with information on authorization and authentication, a primer on Mach messaging and the Mach Interface Generator (MiG), lots of information on the MCX managed-client system on OS X and the OpenDirectory system that underlies it, and a full write up of the Time Machine private APIs. I had intended to do a chapter on the authorization system that lies behind all those pop-ups asking for your password, from config files through OpenDirectory and into authorization system plugins (the OS X login window UI is actually a SecurityAgent plugin that displays when the system asks to authorize the system.login.console right, and that right runs through a whole heap of rules to do a lot of different things). Alas, I got incredibly sick while I was trying to finish things up and spent the entire day in my room in a semi-fever, and writing this chapter was too much for me. I missed most of the conference, and had to hold onto the podium while giving my talk to avoid falling over at one point. If there’s video anywhere (there used to be, but the site isn’t live any more) then you’ll see what I’m talking about; I was in something of a fever dream throughout the presentation.
The paper has been on my Dropbox for the longest time, but it was only ever referenced by the presentation itself, so now it’s here in all its (unfinished) glory.