What is Vaadin Copilot, why is it inside vaadin-core/dev since 24.3 - not mentioned in any changelog - and why is it loading DLLs for telemetry despite having telemetry disabled? #7
2024-01-12T12:31:43.775+01:00 DEBUG 18488 --- [io-8080-exec-10] c.v.pro.licensechecker.LicenseChecker : Found proKey in C:\Users\xxx\.vaadin\proKey
2024-01-12T12:31:43.838+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.Native : Looking in classpath from jdk.internal.loader.ClassLoaders$AppClassLoader@4617c264 for /com/sun/jna/win32-x86-64/jnidispatch.dll
2024-01-12T12:31:43.838+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.Native : Found library resource at jar:file:/C:/Users/xxx/.m2/repository/net/java/dev/jna/jna/5.13.0/jna-5.13.0.jar!/com/sun/jna/win32-x86-64/jnidispatch.dll
2024-01-12T12:31:43.839+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.Native : Extracting library to C:\Users\xxx\AppData\Local\Temp\jna-1432765156\jna14499820768289914182.dll
2024-01-12T12:31:43.845+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.Native : Trying C:\Users\xxx\AppData\Local\Temp\jna-1432765156\jna14499820768289914182.dll
2024-01-12T12:31:43.848+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.Native : Found jnidispatch at C:\Users\xxx\AppData\Local\Temp\jna-1432765156\jna14499820768289914182.dll
2024-01-12T12:31:43.862+01:00 DEBUG 18488 --- [nio-8080-exec-7] c.v.f.server.communication.PushHandler : New push connection for resource b65d354d-5b38-472e-9259-3eac3c0e179a with transport WEBSOCKET
2024-01-12T12:40:17.029+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Looking for library 'Ole32'
2024-01-12T12:40:17.030+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Adding paths from jna.library.path: null
2024-01-12T12:40:17.030+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Trying Ole32.dll
2024-01-12T12:40:17.030+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Found library 'Ole32' at Ole32.dll
2024-01-12T12:40:18.110+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Looking for library 'OleAut32'
2024-01-12T12:40:18.110+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Adding paths from jna.library.path: null
2024-01-12T12:40:18.110+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Trying OleAut32.dll
2024-01-12T12:40:18.111+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Found library 'OleAut32' at OleAut32.dll
2024-01-12T12:40:18.988+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Looking for library 'kernel32'
2024-01-12T12:40:18.988+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Adding paths from jna.library.path: null
2024-01-12T12:40:18.988+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Trying kernel32.dll
2024-01-12T12:40:18.988+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Found library 'kernel32' at kernel32.dll
2024-01-12T12:40:19.923+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Looking for library 'Advapi32'
2024-01-12T12:40:19.923+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Adding paths from jna.library.path: null
2024-01-12T12:40:19.923+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Trying Advapi32.dll
2024-01-12T12:40:19.924+01:00 DEBUG 18488 --- [io-8080-exec-10] com.sun.jna.NativeLibrary : Found library 'Advapi32' at Advapi32.dll
After reading this I instantly knew that this must be related to OSHI/JNA which is only used inside Vaadin telemetry or pro-key validation which shouldn't happen due to the applications configuration.
After a bit of debugging I found out that this is caused by vaadin-copilot?
```
com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:483)
com.sun.jna.Library$Handler.(Library.java:197)
com.sun.jna.Native.load(Native.java:622)
com.sun.jna.platform.win32.Ole32.(Ole32.java:50)
oshi.util.platform.windows.WmiQueryHandler.initCOM(WmiQueryHandler.java:207)
oshi.util.platform.windows.WmiQueryHandler.initCOM(WmiQueryHandler.java:180)
oshi.util.platform.windows.WmiQueryHandler.queryWMI(WmiQueryHandler.java:126)
oshi.util.platform.windows.WmiQueryHandler.queryWMI(WmiQueryHandler.java:104)
oshi.driver.windows.wmi.Win32ComputerSystemProduct.queryIdentifyingNumberUUID(Win32ComputerSystemProduct.java:41)
oshi.hardware.platform.windows.WindowsComputerSystem.querySystemSerialNumberUUID(WindowsComputerSystem.java:85)
oshi.util.Memoizer$1.get(Memoizer.java:61)
oshi.hardware.platform.windows.WindowsComputerSystem.getHardwareUUID(WindowsComputerSystem.java:56)
com.vaadin.pro.licensechecker.MachineId.getComputerId(MachineId.java:32)
com.vaadin.pro.licensechecker.MachineId.get(MachineId.java:19)
com.vaadin.copilot.analytics.AnalyticsClient.(AnalyticsClient.java:27)
com.vaadin.copilot.Copilot.handleConnect(Copilot.java:39)
com.vaadin.base.devserver.DebugWindowConnection.handleConnect(DebugWindowConnection.java:222)
com.vaadin.base.devserver.DebugWindowConnection.onConnect(DebugWindowConnection.java:202)
com.vaadin.flow.server.communication.PushHandler.lambda$onConnect$3(PushHandler.java:599)
java.base/java.util.Optional.ifPresent(Optional.java:178)
com.vaadin.flow.server.communication.PushHandler.lambda$onConnect$4(PushHandler.java:598)
...
```
![grafik](https://github.com/vaadin/flow/assets/45384811/4b13c306-b82d-472e-8a48-9bad43828300)
That is somehow inside of vaadin-core:
What is vaadin-copilot and why is it there?
I couldn't find any reference to com.vaadin:copilot in the changelogs
When searching the web the only thing that pops up is this a blog post from 2023-06-19 that also doesn't explain much
And why is it inside vaadin-core (as a transitive dependency)? The description of vaadin-core is "This package contains all free Vaadin web components.".
I suspect that this (experimental) dependency was introduced by accident and should not be there.
Expected behavior
com.vaadin:copilot dependency is not included/shipped by default
Description of the bug
Update to Vaadin 24.3+
Start the application
vaadin-core
)vaadin.devmode.usageStatistics.enabled=false
After server startup the following is reported:
After reading this I instantly knew that this must be related to OSHI/JNA which is only used inside Vaadin telemetry or pro-key validation which shouldn't happen due to the applications configuration.
After a bit of debugging I found out that this is caused by vaadin-copilot?
``` com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:483) com.sun.jna.Library$Handler.That is somehow inside of![grafik](https://github.com/vaadin/flow/assets/45384811/67220542-1402-4fcf-8fd2-148dcdd108d9)
vaadin-core
:What is vaadin-copilot and why is it there?
com.vaadin:copilot
in the changelogsvaadin-core
(as a transitive dependency)? The description ofvaadin-core
is "This package contains all free Vaadin web components.".I suspect that this (experimental) dependency was introduced by accident and should not be there.
Expected behavior
com.vaadin:copilot
dependency is not included/shipped by defaultMinimal reproducible example
Update to Vaadin 24.3+
See above
Versions