Re: Pirated WebCat? NOT...

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 49766
interpreted = N
texte = Common guys.First of all, if you donıt have anything to hide, meaning to pirate your number, there is no need to worry.Further on, do any of you work on MacOS X? If so go ahead and install LittleSnitch this is a small application which tells you what program is calling home (as a side note you can also block the connection).Anyhow, the point is that about every second program on my machine is calling home and this is NOT mentioned anywhere in their documentation.It is hard for me to believe that SMSI point of doing this is to snap your data under your nose or anything illegal. We are NOT talking about a little company with some freaks. They are just protecting their hard work over the years and I think that is their right.btw: Did you guys ever think about that with every app you work the developer knows how to crack any of your data, since they are the ones who developed it in the first place!Sincerely, Nitai Aventaggiato CEOOn 25.4.2003 13:51 Uhr, Rene van der Velde wrote:> Well this little story just convinced me NOT to upgrade to 5.0 and I'm > thinking to switch to a different platform alltogether. > > ------------------------ > > On vrijdag, 25 april 2003, Kenneth Grome wrote: >>> Something that also bothers me is the apparent ability that Smith Micro has >>> to retrieve the Serial number from my server. . .what else can you retrieve? >>> If you can get this, can you read database files and decrypt credit card >>> numbers too? Let me know and try to convince me that you >> can't. . . >> >> >> They *CAN* retrieve any piece of information that is accessible to >> any webdna code on the server! >> >> All they have to do is put an internally hard-coded tcpconnect >> context into the webdna engine code, along with the related code that >> looks inside the files stored on the server, and then webdna can >> traverse your entire folder hierarchy and grab any piece of >> information it finds there, then send it to who knows where? >> >> To SMSI's server? >> To someone else's server? >> >> Yes of course this means that the credit cards, which are already >> stored unencrypted in webdna's plan text cart files and webdna >> database files, are potential targets of 'secret acquisition' by >> Smith Micro ... or worse. >> >> What could be worse? >> >> Well, possibly a disgruntled employee (or former employee) who has >> written portions of webdna's internal code, possibly adding his own >> little data grabbing snippets that deliver our customer's credit >> card data to his server, even without the knowledge of others at SMSI >> ... :( >> >> My question is not so much whether the company as a whole is honest >> enough to be trusted to allow this kind of internal data gathering >> capability to exist. Because personally I have never trusted them >> after they (PCS) promised me 50% of the revenues from the sales of >> Typhoon (which I developed with them) only to learn later that they >> would go back on their promises and cut me out of the deal. This >> illustrates a clear lack of integrity for which I have no respect >> whatsoever. >> >> And of course their repeated attempts to bully me into giving them my >> webdna.net domain when I was the first to register it and when I >> owned it long before they ever managed to get a trademark on the >> webdna character string, that is yet another unethical behavior by >> a company who seems to think we own them our trust. >> >> But regardless of these issue which I have personally had with >> PCS/SMSI over the years, I cannot help wondering just how many truly >> trustworthy people actually worked on webdna's engine code? >> >> Or how many not-so-trustworthy people may have had an opportunity to >> slip in their own versions of a 'secret data grabbing' feature that >> is completely unknown to the SMSI management??? >> >> My feeling, based partially on my own experiences in dealing with >> this company and its predecessor, is that SMSI could easily have >> treated their own people with the same kind of disrespect they have >> shown me over the years. And this kind of treatment can cause really >> some people to feel, shall we say, less than happy about SMSI's >> treatment of them -- and possibly even vengeful. >> >> It wouldn't take much tweaking in the engine code by someone who >> doesn't like the fact that he didn't get his promised raise last year >> to create a very serious threat to the security of any site running >> any version of WebDNA with this code in it. >> >> Because of these issues, I feel that there is no possible way that >> SMSI will ever convince me that they can be trusted. I have >> personally had far too many bad experiences with them. It is only >> their word that we have to rely on, and that's what I continue to >> find unbelievable. >> >> I mean, does *anyone* really believe that they were NOT trying to >> sneak this feature into the software? >> >> I'm sorry but I simply do not believe that when this kind of >> 'feature' is added to software that never used to be able to do such >> a thing, it is a BIG DEAL! And if the company were truly an ethical >> company it would make every effort to report and explain this new >> feature immediately, in CAPITAL LETTERS, so everyone would be able to >> rest assured that they were not trying to hide it. >> >> Correct me if I'm wrong here, but I don't think that this is what >> SMSI did ... :( >> -- >> >> Sincerely, >> Kenneth Grome >> ------------------------------------------------------------- >> My programmers will write WebDNA code for you at $27 an hour! >> ------------------------------------------------------------- >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/-- Tools to energize your business Content Management & eBusiness SystemsComputerOil GmbH http://computeroil.com/ Unionstrasse 4 info@computeroil.com 8032 Zürich/Switzerland Tel: +41 (0)43 333 1 555 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Pirated WebCat? NOT... (Bonkers 2003)
  2. Re: Pirated WebCat? NOT... (Dan Strong 2003)
  3. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  4. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  5. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  6. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  7. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  8. Re: Pirated WebCat? NOT... (Jeff Logan 2003)
  9. Re: Pirated WebCat? NOT... (Jay Van Vark 2003)
  10. Re: Pirated WebCat? NOT... (Kimberly D. Walls 2003)
  11. Re: Pirated WebCat? NOT... (Karl Schroll 2003)
  12. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  13. Re: Pirated WebCat? NOT... (Joe D'Andrea 2003)
  14. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  15. Re: Pirated WebCat? NOT... (Donovan 2003)
  16. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  17. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  18. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  19. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  20. Re: Pirated WebCat? NOT... (Pat Holliday 2003)
  21. Re: Pirated WebCat? NOT... (Claude Gelinas 2003)
  22. Re: Pirated WebCat? NOT... (Daniel Schutzsmith 2003)
  23. Re: Pirated WebCat? NOT... (Bob Minor 2003)
  24. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  25. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  26. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  27. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  28. Re: Pirated WebCat? NOT... (Rene van der Velde 2003)
  29. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  30. Pirated WebCat? NOT... (Rob Blair 2003)
Common guys.First of all, if you donıt have anything to hide, meaning to pirate your number, there is no need to worry.Further on, do any of you work on MacOS X? If so go ahead and install LittleSnitch this is a small application which tells you what program is calling home (as a side note you can also block the connection).Anyhow, the point is that about every second program on my machine is calling home and this is NOT mentioned anywhere in their documentation.It is hard for me to believe that SMSI point of doing this is to snap your data under your nose or anything illegal. We are NOT talking about a little company with some freaks. They are just protecting their hard work over the years and I think that is their right.btw: Did you guys ever think about that with every app you work the developer knows how to crack any of your data, since they are the ones who developed it in the first place!Sincerely, Nitai Aventaggiato CEOOn 25.4.2003 13:51 Uhr, Rene van der Velde wrote:> Well this little story just convinced me NOT to upgrade to 5.0 and I'm > thinking to switch to a different platform alltogether. > > ------------------------ > > On vrijdag, 25 april 2003, Kenneth Grome wrote: >>> Something that also bothers me is the apparent ability that Smith Micro has >>> to retrieve the Serial number from my server. . .what else can you retrieve? >>> If you can get this, can you read database files and decrypt credit card >>> numbers too? Let me know and try to convince me that you >> can't. . . >> >> >> They *CAN* retrieve any piece of information that is accessible to >> any webdna code on the server! >> >> All they have to do is put an internally hard-coded tcpconnect >> context into the webdna engine code, along with the related code that >> looks inside the files stored on the server, and then webdna can >> traverse your entire folder hierarchy and grab any piece of >> information it finds there, then send it to who knows where? >> >> To SMSI's server? >> To someone else's server? >> >> Yes of course this means that the credit cards, which are already >> stored unencrypted in webdna's plan text cart files and webdna >> database files, are potential targets of 'secret acquisition' by >> Smith Micro ... or worse. >> >> What could be worse? >> >> Well, possibly a disgruntled employee (or former employee) who has >> written portions of webdna's internal code, possibly adding his own >> little data grabbing snippets that deliver our customer's credit >> card data to his server, even without the knowledge of others at SMSI >> ... :( >> >> My question is not so much whether the company as a whole is honest >> enough to be trusted to allow this kind of internal data gathering >> capability to exist. Because personally I have never trusted them >> after they (PCS) promised me 50% of the revenues from the sales of >> Typhoon (which I developed with them) only to learn later that they >> would go back on their promises and cut me out of the deal. This >> illustrates a clear lack of integrity for which I have no respect >> whatsoever. >> >> And of course their repeated attempts to bully me into giving them my >> webdna.net domain when I was the first to register it and when I >> owned it long before they ever managed to get a trademark on the >> webdna character string, that is yet another unethical behavior by >> a company who seems to think we own them our trust. >> >> But regardless of these issue which I have personally had with >> PCS/SMSI over the years, I cannot help wondering just how many truly >> trustworthy people actually worked on webdna's engine code? >> >> Or how many not-so-trustworthy people may have had an opportunity to >> slip in their own versions of a 'secret data grabbing' feature that >> is completely unknown to the SMSI management??? >> >> My feeling, based partially on my own experiences in dealing with >> this company and its predecessor, is that SMSI could easily have >> treated their own people with the same kind of disrespect they have >> shown me over the years. And this kind of treatment can cause really >> some people to feel, shall we say, less than happy about SMSI's >> treatment of them -- and possibly even vengeful. >> >> It wouldn't take much tweaking in the engine code by someone who >> doesn't like the fact that he didn't get his promised raise last year >> to create a very serious threat to the security of any site running >> any version of WebDNA with this code in it. >> >> Because of these issues, I feel that there is no possible way that >> SMSI will ever convince me that they can be trusted. I have >> personally had far too many bad experiences with them. It is only >> their word that we have to rely on, and that's what I continue to >> find unbelievable. >> >> I mean, does *anyone* really believe that they were NOT trying to >> sneak this feature into the software? >> >> I'm sorry but I simply do not believe that when this kind of >> 'feature' is added to software that never used to be able to do such >> a thing, it is a BIG DEAL! And if the company were truly an ethical >> company it would make every effort to report and explain this new >> feature immediately, in CAPITAL LETTERS, so everyone would be able to >> rest assured that they were not trying to hide it. >> >> Correct me if I'm wrong here, but I don't think that this is what >> SMSI did ... :( >> -- >> >> Sincerely, >> Kenneth Grome >> ------------------------------------------------------------- >> My programmers will write WebDNA code for you at $27 an hour! >> ------------------------------------------------------------- >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/-- Tools to energize your business Content Management & eBusiness SystemsComputerOil GmbH http://computeroil.com/ Unionstrasse 4 info@computeroil.com 8032 Zürich/Switzerland Tel: +41 (0)43 333 1 555 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Nitai @ ComputerOil

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cobalt RaQ Installation (2003) Emailer (1997) Can't load tmpl files (1997) webcat- multiple selection in input field (1997) Showing unopened cart (1997) OT: AppleScript question (2003) Quantity discount on some items? (2000) Security Tip (1996) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) PCS Frames (1997) [table] tag (2003) Databases going to sleep (1998) Whats going on with my SERIAL NUMBER??? (1998) adding shipping cost (1998) WebCommerce: Folder organization ? (1997) Date search bug (1998) How to include weather (2000) Checkboxes to add to cart... (1998) WebCat2b12 forgets serial # (1997) Strange intermittent WebDNA problems Workaround (2008)