Good, fast and appreciated reaction from Datastax.

Also thanks to Radim for the warning.

Alain, Opscenter-free user.


2013/6/20 Nick Bailey <nick@datastax.com>
Thanks everyone. We always appreciate constructive criticism.

Regarding what OpsCenter collects, we completely agree it should be documented more clearly. You can expect to see an update to the documentation later today. I will update this thread once that goes live.

Regarding notifying the user when installing, we agree this process should be more transparent to the user. Adding that information as well as making it easier to disable will be a high priority for the OpsCenter team. Obviously that will take more time than documentation, but hopefully that feature will be out soon as well.

-Nick

On Thu, Jun 20, 2013 at 7:57 AM, Peter Lin <woolfel@gmail.com> wrote:
I use Cassandra, but I don't use OpsCenter.

Seems like it would be in everyone's best interest to clearly define what data OpsCenter collects today, what OpsCenter won't collect and a promise to users none of the data will be used without first getting a customer's approval.

I can understand the desire to collect general statistics, since it helps developers get a sense of how cassandra is used in production. I'm guessing these types of security issues can be easily addressed by improving EULA, documentation and communication.

my bias 2 cents as a user.

peter




On Thu, Jun 20, 2013 at 8:49 AM, Radim Kolar <hsn@filez.com> wrote:

OpsCenter collects anonymous usage data and reports it back to DataStax. For example, number of nodes, keyspaces, column families, etc. Stat reporting isn't required to run OpsCenter however. To turn this feature off, see the docs here (stat_reporter):
You never informed user that installing your crap will get him spyed upon. Thats very different from Firefox which asks for permission before sending data back and presents both choices to user.
 1. You do not have documented what information and how often you are going to spy
 2. how you are processing this information, which is required by EU law.
 3. In your crap EULA you demand right to present any user of your spyware to public for PR purposes.
 4. You guys tried to add spyware into apache cassandra and got huge negative response on cassandra-dev. You will simply never learn lesson.

I dont trust Datastax:
1 .I am responsible for data security because we have sensitive data in database. Because you are spying by default, we can not trust that due to our admin mistake your spyware will not be left enabled.
2. We can not trust you that configuring that particual option really turns spying off. There might be bug in code or option can change name
3. We do not like to be spyed by software holding sensitive data
4. Spying is not anonymous - you will get IP address of reporter - you will see what company is using your product and from keyspace/CF names you can easily guess for what it is beeing used. If you do not spy keyspace/CF names yet you can do it in future since you have no clear privacy "what we spy" policy.

I improved cassandra nagios plugin to fit our needs and give red stop sign to sw made by datastax.