Re: Pirated WebCat? NOT...
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 49790
interpreted = N
texte = Let me reiterate what I have explained before on this talk list concerningthis issue, hopefully more clearly. The 4.X WebDNA engine contains acapability to establish a connection to a remote SMSI license log, andreport Serial number, software version number, OS platform type, hostname,and IP address. This is clearly stated in the license agreement.No other information is transmitted. It is NOT POSSIBLE for this capabilityto capture any other information. We don't retrieve anything ... theWebDNA engine transmits outbound the listed information, and nothing more.There is no inbound probe from an SMSI server. No other code was secretlyadded by anyone. No disgruntled former employees or associates ...including Ken ... have access to the product source code. I know preciselywhat is or isn't added to the product by whom because ALL changes are undera source code revision control system, and Scott Anderson controls theproduct builds. Nothing gets into the product without Scott's and myknowledge, in Scott's case, nothing changes in engine without his directknowledge, and I think Scott and I have both displayed a high degree ofprofessionalism and integrity to this community.The ONLY information that is transmitted is already known or knowable byother means in a general way ... our sales records have information on theserial number, version number, and OS platform of the product purchased, andif your website is on the public Internet, I can find information on the IPaddress and hostname using tools such as nslookup and whois. This log entryjust matches it all up together so we can see how many times a serial numberis active on what version and OS platform. NOTHING ELSE.This information serves two specific purposes: it allows us to see whatversions and OS platforms are most popular in actual use, helping us tofocus our manpower resources on areas from support, platform certification,and new product features that most benefit the demographics of our usercommunity; and, it allows us to verify compliance with our licensing terms.And I won't even try to address Ken's 50% of Typhoon issue ... if there wasa written contract, it should have been addressed at the time PCS waspurchased by SMSI as a material contractual obligation. If this is a caseof verbal agreements with former PCS company owners, these don't usuallysurvive acquisitions, so please don't try to paint us with that brush tosupport your accusations. I also have a problem with characterizing aprofessional business offer to 'purchase' the webdna.net domain from Ken inexchange for WebDNA license(s) as BULLYING. But Ken wanted too much for it,and we frankly didn't care enough about the Webdna.net domain to offer more,so we simply said keep it. I honestly hope Ken does well with it topromote WebDNA and his own business.Phil BonesteeleDirector e-business Products & Services-----Original Message-----From: Kenneth Grome [mailto:kengrome@webdna.net] Sent: Friday, April 25, 2003 12:05 AMTo: WebDNA-Talk@talk.smithmicro.comSubject: Re: Pirated WebCat? NOT...>Something that also bothers me is the apparent ability that Smith Micro has>to retrieve the Serial number from my server. . .what else can youretrieve?>If you can get this, can you read database files and decrypt credit card>numbers too? Let me know and try to convince me that you can't. . .They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server?To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :(-- Sincerely,Kenneth Grome-------------------------------------------------------------My programmers will write WebDNA code for you at $27 an hour!--------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Let me reiterate what I have explained before on this Talk List concerningthis issue, hopefully more clearly. The 4.X WebDNA engine contains acapability to establish a connection to a remote SMSI license log, andreport Serial number, software version number, OS platform type, hostname,and IP address. This is clearly stated in the license agreement.No other information is transmitted. It is NOT POSSIBLE for this capabilityto capture any other information. We don't retrieve anything ... theWebDNA engine transmits outbound the listed information, and nothing more.There is no inbound probe from an SMSI server. No other code was secretlyadded by anyone. No disgruntled former employees or associates ...including Ken ... have access to the product source code. I know preciselywhat is or isn't added to the product by whom because ALL changes are undera source code revision control system, and Scott Anderson controls theproduct builds. Nothing gets into the product without Scott's and myknowledge, in Scott's case, nothing changes in engine without his directknowledge, and I think Scott and I have both displayed a high degree ofprofessionalism and integrity to this community.The ONLY information that is transmitted is already known or knowable byother means in a general way ... our sales records have information on theserial number, version number, and OS platform of the product purchased, andif your website is on the public Internet, I can find information on the IPaddress and hostname using tools such as nslookup and whois. This log entryjust matches it all up together so we can see how many times a serial numberis active on what version and OS platform. NOTHING ELSE.This information serves two specific purposes: it allows us to see whatversions and OS platforms are most popular in actual use, helping us tofocus our manpower resources on areas from support, platform certification,and new product features that most benefit the demographics of our usercommunity; and, it allows us to verify compliance with our licensing terms.And I won't even try to address Ken's 50% of Typhoon issue ... if there wasa written contract, it should have been addressed at the time PCS waspurchased by SMSI as a material contractual obligation. If this is a caseof verbal agreements with former PCS company owners, these don't usuallysurvive acquisitions, so please don't try to paint us with that brush tosupport your accusations. I also have a problem with characterizing aprofessional business offer to 'purchase' the webdna.net domain from Ken inexchange for WebDNA license(s) as BULLYING. But Ken wanted too much for it,and we frankly didn't care enough about the Webdna.net domain to offer more,so we simply said keep it. I honestly hope Ken does well with it topromote WebDNA and his own business.Phil BonesteeleDirector e-business Products & Services-----Original Message-----From: Kenneth Grome [mailto:kengrome@webdna.net] Sent: Friday, April 25, 2003 12:05 AMTo: WebDNA-Talk@talk.smithmicro.comSubject: Re: Pirated WebCat? NOT...>Something that also bothers me is the apparent ability that Smith Micro has>to retrieve the Serial number from my server. . .what else can youretrieve?>If you can get this, can you read database files and decrypt credit card>numbers too? Let me know and try to convince me that you can't. . .They *CAN* retrieve any piece of information that is accessible to any webdna code on the server!All they have to do is put an internally hard-coded tcpconnect context into the webdna engine code, along with the related code that looks inside the files stored on the server, and then webdna can traverse your entire folder hierarchy and grab any piece of information it finds there, then send it to who knows where?To SMSI's server?To someone else's server?Yes of course this means that the credit cards, which are already stored unencrypted in webdna's plan text cart files and webdna database files, are potential targets of 'secret acquisition' by Smith Micro ... or worse.What could be worse?Well, possibly a disgruntled employee (or former employee) who has written portions of webdna's internal code, possibly adding his own little data grabbing snippets that deliver our customer's credit card data to his server, even without the knowledge of others at SMSI ... :(My question is not so much whether the company as a whole is honest enough to be trusted to allow this kind of internal data gathering capability to exist. Because personally I have never trusted them after they (PCS) promised me 50% of the revenues from the sales of Typhoon (which I developed with them) only to learn later that they would go back on their promises and cut me out of the deal. This illustrates a clear lack of integrity for which I have no respect whatsoever.And of course their repeated attempts to bully me into giving them my webdna.net domain when I was the first to register it and when I owned it long before they ever managed to get a trademark on the webdna character string, that is yet another unethical behavior by a company who seems to think we own them our trust.But regardless of these issue which I have personally had with PCS/SMSI over the years, I cannot help wondering just how many truly trustworthy people actually worked on webdna's engine code?Or how many not-so-trustworthy people may have had an opportunity to slip in their own versions of a 'secret data grabbing' feature that is completely unknown to the SMSI management???My feeling, based partially on my own experiences in dealing with this company and its predecessor, is that SMSI could easily have treated their own people with the same kind of disrespect they have shown me over the years. And this kind of treatment can cause really some people to feel, shall we say, less than happy about SMSI's treatment of them -- and possibly even vengeful.It wouldn't take much tweaking in the engine code by someone who doesn't like the fact that he didn't get his promised raise last year to create a very serious threat to the security of any site running any version of WebDNA with this code in it.Because of these issues, I feel that there is no possible way that SMSI will ever convince me that they can be trusted. I have personally had far too many bad experiences with them. It is only their word that we have to rely on, and that's what I continue to find unbelievable.I mean, does *anyone* really believe that they were NOT trying to sneak this feature into the software?I'm sorry but I simply do not believe that when this kind of 'feature' is added to software that never used to be able to do such a thing, it is a BIG DEAL! And if the company were truly an ethical company it would make every effort to report and explain this new feature immediately, in CAPITAL LETTERS, so everyone would be able to rest assured that they were not trying to hide it.Correct me if I'm wrong here, but I don't think that this is what SMSI did ... :(-- Sincerely,Kenneth Grome-------------------------------------------------------------My programmers will write WebDNA code for you at $27 an hour!--------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Phillip Bonesteele
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebDNA 4.5 & iTools 7 (2003)
popups, netscape vs explorer (1997)
WebCatalog keeps quiting on Solaris, and support isn't su (2000)
Testing (2003)
PCS Frames-Default page is solution! (1997)
Help formatting search results w/ table (1997)
[WebDNA] Better names ... (2012)
upgrading (1997)
Stock Quotes (2000)
bug in [SendMail] (1997)
Country & Ship-to address & other fields ? (1997)
Just Testing (1997)
Re:Remote stockroom ? (1998)
emailer (1997)
emailer (1997)
bug in [SendMail] (1997)
Printing a final order (1997)
Instructions for Digest (1997)
(1997)
Uploading Files (2000)