Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C0D4310B18 for ; Thu, 20 Jun 2013 21:15:45 +0000 (UTC) Received: (qmail 52169 invoked by uid 500); 20 Jun 2013 21:15:43 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 52147 invoked by uid 500); 20 Jun 2013 21:15:43 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 52138 invoked by uid 99); 20 Jun 2013 21:15:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 21:15:43 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of nick@datastax.com designates 209.85.212.179 as permitted sender) Received: from [209.85.212.179] (HELO mail-wi0-f179.google.com) (209.85.212.179) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 21:15:37 +0000 Received: by mail-wi0-f179.google.com with SMTP id hj3so5620wib.12 for ; Thu, 20 Jun 2013 14:15:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=Aa6s+BvAnL0H4c6Bxy59fBFIxhR/F1DFvUXK5wWjf+o=; b=NP2y0Y8HR5ZCUduwvnG+0yEMsIAUEaXrkuLSwjKRtvzVkjrFqOCtFsbAb+hBNXBW8X wxpDylLjE0nGzq4vTqU1KW3TlA8NZHd6EQmrWbRjZ83NcS+CGamQqUlI8AiNiZIqgP4j eTJ6qbc02Geqbg5jpknr2/sFOWNawpA3Vn06JhdRRJJ9QfwSdDFdHuoh/lZF0OSemXus lUhGjMcqkkKkth9DiwNz2LYgFkoK8Cxylqfkz1rXdLh//zZe8teaL7+bMnUl11/yBCqL MKFXxxgU+BB+40jOvTIF/Azt6fkxnBPIE6e3DTwLWNDBi5AEs4WsdyZ03HkJ4kkcZorC PSwA== X-Received: by 10.194.48.49 with SMTP id i17mr7193880wjn.55.1371762916921; Thu, 20 Jun 2013 14:15:16 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.170.230 with HTTP; Thu, 20 Jun 2013 14:14:56 -0700 (PDT) In-Reply-To: References: <51BE5C5D.6020709@filez.com> <51C2FA5E.9040600@filez.com> From: Nick Bailey Date: Thu, 20 Jun 2013 16:14:56 -0500 Message-ID: Subject: Re: opscentrer is spying To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=047d7ba976fa61233704df9c7129 X-Gm-Message-State: ALoCoQn5eJgqy2usrQJKLNqQnyuxmfXP5fiTl44Dn1VO2beJrpeAwIfZTMOu4VZlliBtO4nQ1J2T X-Virus-Checked: Checked by ClamAV on apache.org --047d7ba976fa61233704df9c7129 Content-Type: text/plain; charset=ISO-8859-1 It is 'bdp_version' even though it is a list. That is a bit confusing. Thanks, I've added that additional feedback to our tracker. -Nick On Thu, Jun 20, 2013 at 3:47 PM, Dave Finnegan wrote: > Nick, > > Just a nit, but is it 'bdp_version' or 'dbp_versions'? > > > - 'bdp_version': A list of the different DataStax Enterprise versions > in the cluster. > > Also, is this "report" available from OpsCenter? Seems like it would be > nice to display a message to the user about what we send, and then provide > a link to see the actual values that we are sending. Just a thought. > > Thanks, > Dave > > > On Thu, Jun 20, 2013 at 4:31 PM, Nick Bailey wrote: > >> As promised, updated docs detailing the data collected by OpsCenter are >> now live. >> >> >> http://www.datastax.com/docs/opscenter/configure/configure_opscenter_adv#stat-reporter-interval >> >> -Nick >> >> >> On Thu, Jun 20, 2013 at 12:34 PM, Alain RODRIGUEZ wrote: >> >>> Good, fast and appreciated reaction from Datastax. >>> >>> Also thanks to Radim for the warning. >>> >>> Alain, Opscenter-free user. >>> >>> >>> 2013/6/20 Nick Bailey >>> >>>> Thanks everyone. We always appreciate constructive criticism. >>>> >>>> Regarding what OpsCenter collects, we completely agree it should be >>>> documented more clearly. You can expect to see an update to the >>>> documentation later today. I will update this thread once that goes live. >>>> >>>> Regarding notifying the user when installing, we agree this process >>>> should be more transparent to the user. Adding that information as well as >>>> making it easier to disable will be a high priority for the OpsCenter team. >>>> Obviously that will take more time than documentation, but hopefully that >>>> feature will be out soon as well. >>>> >>>> -Nick >>>> >>>> On Thu, Jun 20, 2013 at 7:57 AM, Peter Lin wrote: >>>> >>>>> I use Cassandra, but I don't use OpsCenter. >>>>> >>>>> Seems like it would be in everyone's best interest to clearly define >>>>> what data OpsCenter collects today, what OpsCenter won't collect and a >>>>> promise to users none of the data will be used without first getting a >>>>> customer's approval. >>>>> >>>>> I can understand the desire to collect general statistics, since it >>>>> helps developers get a sense of how cassandra is used in production. I'm >>>>> guessing these types of security issues can be easily addressed by >>>>> improving EULA, documentation and communication. >>>>> >>>>> my bias 2 cents as a user. >>>>> >>>>> peter >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Jun 20, 2013 at 8:49 AM, Radim Kolar wrote: >>>>> >>>>>> >>>>>> OpsCenter collects anonymous usage data and reports it back to >>>>>>> DataStax. For example, number of nodes, keyspaces, column families, etc. >>>>>>> Stat reporting isn't required to run OpsCenter however. To turn this >>>>>>> feature off, see the docs here (stat_reporter): >>>>>>> >>>>>> You never informed user that installing your crap will get him spyed >>>>>> upon. Thats very different from Firefox which asks for permission before >>>>>> sending data back and presents both choices to user. >>>>>> 1. You do not have documented what information and how often you are >>>>>> going to spy >>>>>> 2. how you are processing this information, which is required by EU >>>>>> law. >>>>>> 3. In your crap EULA you demand right to present any user of your >>>>>> spyware to public for PR purposes. >>>>>> 4. You guys tried to add spyware into apache cassandra and got huge >>>>>> negative response on cassandra-dev. You will simply never learn lesson. >>>>>> >>>>>> I dont trust Datastax: >>>>>> 1 .I am responsible for data security because we have sensitive data >>>>>> in database. Because you are spying by default, we can not trust that due >>>>>> to our admin mistake your spyware will not be left enabled. >>>>>> 2. We can not trust you that configuring that particual option really >>>>>> turns spying off. There might be bug in code or option can change name >>>>>> 3. We do not like to be spyed by software holding sensitive data >>>>>> 4. Spying is not anonymous - you will get IP address of reporter - >>>>>> you will see what company is using your product and from keyspace/CF names >>>>>> you can easily guess for what it is beeing used. If you do not spy >>>>>> keyspace/CF names yet you can do it in future since you have no clear >>>>>> privacy "what we spy" policy. >>>>>> >>>>>> I improved cassandra nagios plugin to fit our needs and give red stop >>>>>> sign to sw made by datastax. >>>>>> >>>>> >>>>> >>>> >>> >> > > > -- > Dave Finnegan > Sales Engineer > DataStax > dave@datastax.com > 845.418.6121 > > --047d7ba976fa61233704df9c7129 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
It is 'bdp_version' even though it is a list. That= is a bit confusing.

Thanks, I've added that a= dditional feedback to our tracker.

-Ni= ck


On Thu,= Jun 20, 2013 at 3:47 PM, Dave Finnegan <dave@datastax.com> = wrote:
Nick,

Just a nit, bu= t is it 'bdp_version' or 'dbp_versions'?

    'bdp_version': A list of the different DataStax Enterprise versions= in the cluster.
Also, is this "report" available from OpsCenter?=A0 Seems li= ke it would be nice to display a message to the user about what we send, an= d then provide a link to see the actual values that we are sending.=A0 Just= a thought.

Thanks,
Dave


On Thu, Jun 20, 2013 at 4:31 P= M, Nick Bailey <nick@datastax.com> wrote:
As promised, updated docs d= etailing the data collected by OpsCenter are now live.

<= a href=3D"http://www.datastax.com/docs/opscenter/configure/configure_opscen= ter_adv#stat-reporter-interval" target=3D"_blank">http://www.datastax.com/d= ocs/opscenter/configure/configure_opscenter_adv#stat-reporter-interval<= span>

-Nick=


On Thu, Jun 20, 2013 at 12:34 PM, Alain RODRIGUEZ <arodrime@gmail.com> wrote:
Good, fast and appreciated = reaction from Datastax.

Also thanks to Radim for the war= ning.

Alain, Opscenter-free user.


2013/6/20 Nick Bailey = <nick@datastax.co= m>
Thanks everyone. We always=A0appreciate=A0constructive cri= ticism.

Regarding what OpsCenter collects, we completely= agree it should be documented more clearly. You can expect to see an updat= e to the documentation later today. I will update this thread once that goe= s live.

Regarding notifying the user when installing, we agree = this process should be more transparent to the user. Adding that informatio= n as well as making it easier to disable will be a high priority for the Op= sCenter team. Obviously that will take more time than documentation, but ho= pefully that feature will be out soon as well.

-Nick

On Thu, Jun 20, 2013 at 7:57 AM, Pete= r Lin <woolfel@gmail.com> wrote:
I use Cassan= dra, but I don't use OpsCenter.

Seems like it would be in = everyone's best interest to clearly define what data OpsCenter collects= today, what OpsCenter won't collect and a promise to users none of the= data will be used without first getting a customer's approval.

I can understand the desire to collect general statistics, since = it helps developers get a sense of how cassandra is used in production. I&#= 39;m guessing these types of security issues can be easily addressed by imp= roving EULA, documentation and communication.

my bias 2 cents as a user.

=
peter




On Thu, Jun 2= 0, 2013 at 8:49 AM, Radim Kolar <hsn@filez.com> wrote:

OpsCenter collects anonymous usage data and reports it back to DataStax. Fo= r example, number of nodes, keyspaces, column families, etc. Stat reporting= isn't required to run OpsCenter however. To turn this feature off, see= the docs here (stat_reporter):
You never informed user that installing your crap will get him spyed upon. = Thats very different from Firefox which asks for permission before sending = data back and presents both choices to user.
=A01. You do not have documented what information and how often you are goi= ng to spy
=A02. how you are processing this information, which is required by EU law.=
=A03. In your crap EULA you demand right to present any user of your spywar= e to public for PR purposes.
=A04. You guys tried to add spyware into apache cassandra and got huge nega= tive response on cassandra-dev. You will simply never learn lesson.

I dont trust Datastax:
1 .I am responsible for data security because we have sensitive data in dat= abase. Because you are spying by default, we can not trust that due to our = admin mistake your spyware will not be left enabled.
2. We can not trust you that configuring that particual option really turns= spying off. There might be bug in code or option can change name
3. We do not like to be spyed by software holding sensitive data
4. Spying is not anonymous - you will get IP address of reporter - you will= see what company is using your product and from keyspace/CF names you can = easily guess for what it is beeing used. If you do not spy keyspace/CF name= s yet you can do it in future since you have no clear privacy "what we= spy" policy.

I improved cassandra nagios plugin to fit our needs and give red stop sign = to sw made by datastax.







--
Dave Finnegan
Sales Engineer
Data= Stax
dave@datasta= x.com
845.418.6121


--047d7ba976fa61233704df9c7129--