Go Back   vb.org Archive > News and Announcements > News and Announcements
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #31  
Old 05-15-2006, 01:45 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
I spotted Limewire
Well spotted. 1 vb.org bonus point for you.
  #32  
Old 05-15-2006, 02:18 PM
Lottis Lottis is offline
 
Join Date: Sep 2004
Location: Norway
Posts: 299
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by amykhar
you know, any of you who know how to read php could always go read the code in the product installs and such and know immediately who is calling external functions from the code. You don't need staff to tell you who the bad guys are.
Well, not everyone of have that skills, im afraid. I sertanly dont.
I lay all my trust in the coders that gives out there hacks, call me perhaps naive. But i do. And since this is VBorg , i have always tought that this site dident want to bee letting coders do this because of there high reputation as serrious.

Quote:
Originally Posted by MarcoH64
The fact that you install any software, could always possibly open you to unknown harmfull actions by the coder of that software. This is not really something new.
This is new fore me. And i have been here fore 2 years.
I think i have put to mutch trust in the VBorg following up on this issue.

*sorry, fore my bad english*
  #33  
Old 05-15-2006, 02:31 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

BTW - I'm also curious about this - I believe vbulletin itself makes a call back to vbulletin.com everytime you visit your ACP, and passes back your licence code - I don't recall this being mentioned when you install vbulletin, I can't even find it in the licence - does this mean that vB now falls foul of your policy ?
  #34  
Old 05-15-2006, 02:38 PM
Protoman's Avatar
Protoman Protoman is offline
 
Join Date: Jan 2005
Posts: 237
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I believe that's a bit different because it is the original forum software. They're not going to hard code something in that could trash your board.

Products are 3rd party code though, and you could throw just about anything in there to execute.
  #35  
Old 05-15-2006, 02:42 PM
Floris Floris is offline
 
Join Date: Jan 2002
Posts: 1,898
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
BTW - I'm also curious about this - I believe vbulletin itself makes a call back to vbulletin.com everytime you visit your ACP, and passes back your licence code - I don't recall this being mentioned when you install vbulletin, I can't even find it in the licence - does this mean that vB now falls foul of your policy ?
Besides this part from the license agreement, which you click during purchase and before downloading each .zip file. Therefor you agree to it.

Quote:
From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users. The only information verified will be your licence number and the domain on which the software is run. Should Jelsoft discover discrepancies in the software usage, be aware that you may lose your licence and may face legal actions for Software Piracy. Your information will not be shared with 3rd parties. Occasionally, it is necessary to record your IP address for security and performance monitoring.
http://www.vbulletin.com/order/license_agreement.php

Any questions in regards to the Jelsoft License Agreement please redirect them outside of vBulletin.org directly to Jelsoft Sales through: http://www.vBulletin.com/go/sales
  #36  
Old 05-15-2006, 02:45 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lottis
This is new fore me. And i have been here fore 2 years.
I think i have put to mutch trust in the VBorg following up on this issue.
Lottis,

I am there talking in general, all software. Doesn't mattter if it is a php-script, a windows application, or even an application that a company has coded in-house.
  #37  
Old 05-15-2006, 02:54 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Floris
Besides this part from the license agreement, which you click during purchase and before downloading each .zip file. Therefor you agree to it.
Just read it again

Quote:
From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users.
That does not exactly specify that the software has hidden functionality to call home everytime you use your admin cp - at best it's extremly vague.
  #38  
Old 05-15-2006, 02:59 PM
Logikos Logikos is offline
 
Join Date: Jan 2003
Posts: 2,924
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This clears alot of things up. This is the reason why Paul was getting so much heat in the forums. I'm with Paul and TheGeek on this one. I will add my few lines of thought about the situation and move on.

Attemping to click the install link when you install a product is nothing new. I've seen this in a couple of hacks in the past. It just looks for an image of the install URL and uninstall URL. Its completely harmless and in no way shape or form does this create a sercurty issue for users installing these hacks. You should make that completely clear to the users as your main post seems to direct users that there are flaws in hacks here.

Quote:
From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users. The only information verified will be your licence number and the domain on which the software is run. Should Jelsoft discover discrepancies in the software usage, be aware that you may lose your licence and may face legal actions for Software Piracy. Your information will not be shared with 3rd parties. Occasionally, it is necessary to record your IP address for security and performance monitoring.
If vBulletin is allowed to do this, why can't we? vBulletin states that they occasionally will record your ip address for security and performacnce monitoring. vBulletin coder will occasionally record that you have installed this modification for statistical purposes. The only issue I could see is that the authors didn't stat this in the first post. Wouldn't this be allowed if we simply told users about this?

Either way, I will follow the new rule and I don't think this will be fare to remove accounts as this was never mentioned it the TOS of the vB.org site. Another thing I should add is that emails no longer allow me to uninstall hacks from my email. I had recived an update email and I clicked the uninstall link in the email and I was just redirected back to the portal page.
  #39  
Old 05-15-2006, 03:01 PM
Floris Floris is offline
 
Join Date: Jan 2002
Posts: 1,898
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
Just read it again


That does not exactly specify that the software has hidden functionality to call home everytime you use your admin cp - at best it's extremly vague.
Let me quote myself again:

Quote:
Any questions in regards to the Jelsoft License Agreement please redirect them outside of vBulletin.org directly to Jelsoft Sales through: http://www.vBulletin.com/go/sales
  #40  
Old 05-15-2006, 03:03 PM
Rimer dal Rimer dal is offline
 
Join Date: Nov 2005
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

While I see the way you are coming at this issue, It isnt uncommonin the real world for free software to include callback functionality. When I release freeware I never have the intent of stealing inforatopn, but because it is free I know that even if it is a small majority, people are prone to remove information that by downloading and using your software they agreed too. Unlike vB most free software lacks proper legal protection and using acallback, harmless as it is, they ensure the integretity of the software hasn't been compromised as by terms of contract.

Now I agee, it isnt a kind thing to do without warning the users first,but those offenders may be code wise and can expect it. It would defeat the purpose of the validation functions. So if you bann us from using such validationhere you should at least afford the codersthe ability to report websites using their hacks released here outside the terms of the hackand have that user face consequences for their actions.

While it is trust that keeps users here, it is coders that keep the users here in the first place and sofor both groups protection needs to be afforded I feel, not just one side of the crowd, because alone they don't work together.

I hope I made my point clear
-Rimer-

PS: I have not released any hacks here under this account, but the hacks I have released donot include callbacks as they were ports and not mine originally and thus I did not feel obligated to do it since the original author had not. Hwever if I ever release custom hacks id like to see protection afforded to both sides.
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:39 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08529 seconds
  • Memory Usage 2,265KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (11)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete