incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Capriolo <edlinuxg...@gmail.com>
Subject Re: opscentrer is spying
Date Fri, 21 Jun 2013 01:36:47 GMT
Really? if you care about security, you deny all outbound traffic anyway
and phone home software does not work.... That which is not specifically
allowed is denied.
That is how we realized quartz does phone home.

Understandably most people don't like phone home features, but i do see
that knowing something like the most common jvm could help developers make
better software.

With open source or free software it is very hard to count the insta
ll base.i could Argue both sides of this.



On Thursday, June 20, 2013, Radim Kolar <hsn@filez.com> wrote:
>
>> OpsCenter collects anonymous usage data and reports it back to DataStax.
For example, number of nodes, keyspaces, column families, etc. Stat
reporting isn't required to run OpsCenter however. To turn this feature
off, see the docs here (stat_reporter):
>
> You never informed user that installing your crap will get him spyed
upon. Thats very different from Firefox which asks for permission before
sending data back and presents both choices to user.
>  1. You do not have documented what information and how often you are
going to spy
>  2. how you are processing this information, which is required by EU law.
>  3. In your crap EULA you demand right to present any user of your
spyware to public for PR purposes.
>  4. You guys tried to add spyware into apache cassandra and got huge
negative response on cassandra-dev. You will simply never learn lesson.
>
> I dont trust Datastax:
> 1 .I am responsible for data security because we have sensitive data in
database. Because you are spying by default, we can not trust that due to
our admin mistake your spyware will not be left enabled.
> 2. We can not trust you that configuring that particual option really
turns spying off. There might be bug in code or option can change name
> 3. We do not like to be spyed by software holding sensitive data
> 4. Spying is not anonymous - you will get IP address of reporter - you
will see what company is using your product and from keyspace/CF names you
can easily guess for what it is beeing used. If you do not spy keyspace/CF
names yet you can do it in future since you have no clear privacy "what we
spy" policy.
>
> I improved cassandra nagios plugin to fit our needs and give red stop
sign to sw made by datastax.
>

Mime
View raw message