Re: Pirated WebCat? NOT...

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 49790
interpreted = N
texte = Let me reiterate what I have explained before on this talk list concerning this issue, hopefully more clearly. The 4.X WebDNA engine contains a capability to establish a connection to a remote SMSI license log, and report Serial number, software version number, OS platform type, hostname, and IP address. This is clearly stated in the license agreement.No other information is transmitted. It is NOT POSSIBLE for this capability to capture any other information. We don't retrieve anything ... the WebDNA engine transmits outbound the listed information, and nothing more. There is no inbound probe from an SMSI server. No other code was secretly added by anyone. No disgruntled former employees or associates ... including Ken ... have access to the product source code. I know precisely what is or isn't added to the product by whom because ALL changes are under a source code revision control system, and Scott Anderson controls the product builds. Nothing gets into the product without Scott's and my knowledge, in Scott's case, nothing changes in engine without his direct knowledge, and I think Scott and I have both displayed a high degree of professionalism and integrity to this community.The ONLY information that is transmitted is already known or knowable by other means in a general way ... our sales records have information on the serial number, version number, and OS platform of the product purchased, and if your website is on the public Internet, I can find information on the IP address and hostname using tools such as nslookup and whois. This log entry just matches it all up together so we can see how many times a serial number is active on what version and OS platform. NOTHING ELSE.This information serves two specific purposes: it allows us to see what versions and OS platforms are most popular in actual use, helping us to focus our manpower resources on areas from support, platform certification, and new product features that most benefit the demographics of our user community; and, it allows us to verify compliance with our licensing terms.And I won't even try to address Ken's 50% of Typhoon issue ... if there was a written contract, it should have been addressed at the time PCS was purchased by SMSI as a material contractual obligation. If this is a case of verbal agreements with former PCS company owners, these don't usually survive acquisitions, so please don't try to paint us with that brush to support your accusations. I also have a problem with characterizing a professional business offer to 'purchase' the webdna.net domain from Ken in exchange for WebDNA license(s) as BULLYING. But Ken wanted too much for it, and we frankly didn't care enough about the Webdna.net domain to offer more, so we simply said keep it. I honestly hope Ken does well with it to promote WebDNA and his own business.Phil Bonesteele Director e-business Products & Services-----Original Message----- From: Kenneth Grome [mailto:kengrome@webdna.net] Sent: Friday, April 25, 2003 12:05 AM To: WebDNA-Talk@talk.smithmicro.com Subject: Re: Pirated WebCat? NOT...>Something that also bothers me is the apparent ability that Smith Micro has >to retrieve the Serial number from my server. . .what else can you retrieve? >If you can get this, can you read database files and decrypt credit card >numbers too? Let me know and try to convince me that you can't. . . They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server? To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :( -- Sincerely, Kenneth Grome ------------------------------------------------------------- My programmers will write WebDNA code for you at $27 an hour! -------------------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Pirated WebCat? NOT... (Bonkers 2003)
  2. Re: Pirated WebCat? NOT... (Dan Strong 2003)
  3. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  4. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  5. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  6. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  7. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  8. Re: Pirated WebCat? NOT... (Jeff Logan 2003)
  9. Re: Pirated WebCat? NOT... (Jay Van Vark 2003)
  10. Re: Pirated WebCat? NOT... (Kimberly D. Walls 2003)
  11. Re: Pirated WebCat? NOT... (Karl Schroll 2003)
  12. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  13. Re: Pirated WebCat? NOT... (Joe D'Andrea 2003)
  14. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  15. Re: Pirated WebCat? NOT... (Donovan 2003)
  16. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  17. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  18. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  19. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  20. Re: Pirated WebCat? NOT... (Pat Holliday 2003)
  21. Re: Pirated WebCat? NOT... (Claude Gelinas 2003)
  22. Re: Pirated WebCat? NOT... (Daniel Schutzsmith 2003)
  23. Re: Pirated WebCat? NOT... (Bob Minor 2003)
  24. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  25. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  26. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  27. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  28. Re: Pirated WebCat? NOT... (Rene van der Velde 2003)
  29. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  30. Pirated WebCat? NOT... (Rob Blair 2003)
Let me reiterate what I have explained before on this Talk List concerning this issue, hopefully more clearly. The 4.X WebDNA engine contains a capability to establish a connection to a remote SMSI license log, and report Serial number, software version number, OS platform type, hostname, and IP address. This is clearly stated in the license agreement.No other information is transmitted. It is NOT POSSIBLE for this capability to capture any other information. We don't retrieve anything ... the WebDNA engine transmits outbound the listed information, and nothing more. There is no inbound probe from an SMSI server. No other code was secretly added by anyone. No disgruntled former employees or associates ... including Ken ... have access to the product source code. I know precisely what is or isn't added to the product by whom because ALL changes are under a source code revision control system, and Scott Anderson controls the product builds. Nothing gets into the product without Scott's and my knowledge, in Scott's case, nothing changes in engine without his direct knowledge, and I think Scott and I have both displayed a high degree of professionalism and integrity to this community.The ONLY information that is transmitted is already known or knowable by other means in a general way ... our sales records have information on the serial number, version number, and OS platform of the product purchased, and if your website is on the public Internet, I can find information on the IP address and hostname using tools such as nslookup and whois. This log entry just matches it all up together so we can see how many times a serial number is active on what version and OS platform. NOTHING ELSE.This information serves two specific purposes: it allows us to see what versions and OS platforms are most popular in actual use, helping us to focus our manpower resources on areas from support, platform certification, and new product features that most benefit the demographics of our user community; and, it allows us to verify compliance with our licensing terms.And I won't even try to address Ken's 50% of Typhoon issue ... if there was a written contract, it should have been addressed at the time PCS was purchased by SMSI as a material contractual obligation. If this is a case of verbal agreements with former PCS company owners, these don't usually survive acquisitions, so please don't try to paint us with that brush to support your accusations. I also have a problem with characterizing a professional business offer to 'purchase' the webdna.net domain from Ken in exchange for WebDNA license(s) as BULLYING. But Ken wanted too much for it, and we frankly didn't care enough about the Webdna.net domain to offer more, so we simply said keep it. I honestly hope Ken does well with it to promote WebDNA and his own business.Phil Bonesteele Director e-business Products & Services-----Original Message----- From: Kenneth Grome [mailto:kengrome@webdna.net] Sent: Friday, April 25, 2003 12:05 AM To: WebDNA-Talk@talk.smithmicro.com Subject: Re: Pirated WebCat? NOT...>Something that also bothers me is the apparent ability that Smith Micro has >to retrieve the Serial number from my server. . .what else can you retrieve? >If you can get this, can you read database files and decrypt credit card >numbers too? Let me know and try to convince me that you can't. . . They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server? To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :( -- Sincerely, Kenneth Grome ------------------------------------------------------------- My programmers will write WebDNA code for you at $27 an hour! -------------------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Phillip Bonesteele

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA 4.5 & iTools 7 (2003) popups, netscape vs explorer (1997) WebCatalog keeps quiting on Solaris, and support isn't su (2000) Testing (2003) PCS Frames-Default page is solution! (1997) Help formatting search results w/ table (1997) [WebDNA] Better names ... (2012) upgrading (1997) Stock Quotes (2000) bug in [SendMail] (1997) Country & Ship-to address & other fields ? (1997) Just Testing (1997) Re:Remote stockroom ? (1998) emailer (1997) emailer (1997) bug in [SendMail] (1997) Printing a final order (1997) Instructions for Digest (1997) (1997) Uploading Files (2000)