Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Where is it described exactly what is collected? Descriptions I see say it is basically ... well, no, I want a full description of all data collected, particularly if it collects versions of software as knowing what version of software I'm running lets you know what I'm vulnerable to. Is the data sent via SSL? Is the data stored encrypted in your data center? I certainly don't want my c library version, mariadb version, etc, sent in clear over the internet where anybody can read it, and I don't want it stored unencrypted at rest somewhere, where someone can just abscond with it. Etc., On Tue, Mar 10, 2015 at 2:22 AM, Federico Razzoli federico_...@yahoo.it wrote: I am no lawyer, but please consider possible legal problems for users. 1) I sign an NDA with my customer 2) I enable Feedback 3) You see things I shouldn't reveal. I know that my data are not sent. And you say it's anonymous. But you will have at least the server's IP and MAC. The real problem is not if we trust trusting YOU (I do) - the real problem is that sending that data could be illegal. Regards Federico Lun 9/3/15, Jean Weisbuch j...@phpnet.org ha scritto: Oggetto: Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4 A: maria-discuss@lists.launchpad.net Data: Lunedì 9 marzo 2015, 22:12 As long as its limited to beta and alpha releases i dont think its that bad to enable it by default as users using these versions should already be aware of their not production-ready state. As it seems to be simple to enable/disable the plugin with the feedback variable, it shouldnt be a problem to deactivate it if the server is upgraded to a GA release. I cant say about the real interest of the harvested informations but it could be of interest to see if a significant number of users are trying to install these versions on exotic architectures/OSes or with a very high cpu count for example. Collecting the libc version (when applicable) could also be interresting i think. Le 09/03/2015 21:47, Adam Scott a écrit : Maybe make it an option when installing? On Mon, Mar 9, 2015 at 1:05 PM, Justin Swanhart greenl...@gmail.com wrote: Hi, I agree with Kristian. Given the way it works, the statistics are really meaningless and I feel you shouldn't drive important choices based on bad statistics. I personally would suggest displaying a link to a feedback/survey form with web downloads and display a message after rpm/deb installation that says something like please visit http://blah/blah/blah/survey to tell us more about the features you use and help direct the future development of MariaDB. This has an added bonus: not all users know about all features, and a list/survey of the important and interesting ones could get more users to use them. Just my $.02 --Justin On Mon, Mar 9, 2015 at 1:19 AM, Kristian Nielsen kniel...@knielsen-hq.org wrote: Michael Widenius mo...@askmonty.org writes: for the alpha so I suggested Sergei today that we should enable it for the beta period of MariaDB 10.0 (10.*1* beta, I guess?) As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? I think it is a bad idea. Please do not do it. Phone-home is a misfeature in any product, and even more so in system software like a database. And besides, the information is much less useful than you think, because of unknown, but probably extreme, data skew. In fact, it will probably be more harmful than useful because people will use bad data to justify bad decisions. Experience supports this point of view with our download numbers
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
I understand that the statistics would have some meaning, and understand that there's no actual data being sent, etc. However, enabling the feedback plugin by default IS going to create a whole lot of negative publicity for MariaDB. Is the limited data the feedback plugin provides worthwhile? Look at the similar situation with Ubuntu/Canonical. No matter how much they argued there was no real risk, they suffered a huge amount of negative publicity and eventually reversed the decision. You can argue that the data passed in that case was far more invasive and that they're unrelated, but there WILL be people who have a valid reason to be upset that their IP etc. has been unknowingly passed on, and saying that you should have switched it off or you shouldn't have been using a beta version is not a valid response after the fact. And then there will be even more people who have no reason to be upset, but will be anyway. Why go through this pain? Rather use this as an opportunity to create a thorough survey (which can provide far more detailed and useful information than the plugin running on a beta version) and engage constructively with the community. The survey has other benefits too, as pointed out elsewhere in the thread - raising awareness of lesser-known features, and just spreading the survey will be marketing for MariaDB. And by all means, give people an option to enable the plugin on installation, as long as it defaults to off. ian On 10/03/2015 13:54, Sergei Golubchik wrote: A survey is a pretty good idea, thanks! It may not provide a much better (as in representative sample) statistics, but it will surely tell the users about the features. ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Justin! On Mar 09, Justin Swanhart wrote: I agree with Kristian. Given the way it works, the statistics are really meaningless and I feel you shouldn't drive important choices based on bad statistics. Of course. This statistics is not *the only* argument. For important decisions there are always many aspects to consider. The statistics is just another data, in addition to and *I* think that every user needs feature X and never uses the feature Y :) I personally would suggest displaying a link to a feedback/survey form with web downloads and display a message after rpm/deb installation that says something like please visit http://blah/blah/blah/survey to tell us more about the features you use and help direct the future development of MariaDB. This has an added bonus: not all users know about all features, and a list/survey of the important and interesting ones could get more users to use them. A survey is a pretty good idea, thanks! It may not provide a much better (as in representative sample) statistics, but it will surely tell the users about the features. Regards, Sergei ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Kristian! On Mar 09, Kristian Nielsen wrote: As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? I think it is a bad idea. Please do not do it. Phone-home is a misfeature in any product, and even more so in system software like a database. Agree. I don't like it myself. Still between that and random development decisions driven by the marketing department, I just might prefer phone-home. And besides, the information is much less useful than you think, because of unknown, but probably extreme, data skew. In fact, it will probably be more harmful than useful because people will use bad data to justify bad decisions. Right, but there are three approaches to this. First, try to get more reports, in the hope that it'll be a representative sample. That's what we're discussing this email thread. Second, take the known skew into account when analyzing the data. For example, see the OS stats chart (http://mariadb.org/feedback_plugin/stats/os/) - it doesn't mean that 96.3% of MariaDB installations are on Windows, it means that we have disproportionally more reports from Windows. And third, use numbers where the skew doesn't matter. For example, total number of installations. Experience supports this point of view with our download numbers. They do not include apt-get / yum / etc. installations, which judging from IRC conversations are the majority. Yet people continuely refer to them as though they mean anything, just because they are there. Of course they mean something. They show, literally, how many times mariadb was downloaded from downloads.mariadb.org. As such, they show that mariadb was downloaded (from all sources) *at least* that many times. Also, one can *reasonably assume* that the number of downloads from all other sources follows the grows of downloads from mariadb.org (unless the number of other sources changes). These numbers mean a lot. They just don't mean the total number of all mariadb installation (from all sources). Which is pretty obvious :) Regards, Sergei ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Adam! On Mar 09, Adam Scott wrote: Maybe make it an option when installing? Yes, that'd be great. On Windows there's a GUI installer, and it has a checkbox for feedback plugin. That's why we get 95% of reports from Windows. Most users don't mind having it enabled, so it seems. So if rpm/deb packages would ask about feedback - that'll help a lot. It just needs be done carefully not to break unattended installs. Regards, Sergei ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Justin! On Mar 10, Justin Swanhart wrote: Where is it described exactly what is collected? Descriptions I see say it is basically ... well, no, I want a full description of all data collected, particularly if it collects versions of software as knowing what version of software I'm running lets you know what I'm vulnerable to. It's explained here: https://mariadb.com/kb/en/feedback-plugin/ Basically :) you can do mysql -e 'select * from information_schema.feedback' report.txt curl -F data=@report.txt https://mariadb.org/feedback_plugin/post and the result will be exactly the same. And you can set --feedback-url to any url of your choice and see exactly what is being sent. Is the data sent via SSL? Yes, by default. Unless you change feedback_url to use http, not https. Is the data stored encrypted in your data center? No, I don't think so. I certainly don't want my c library version, mariadb version, etc, sent in clear over the internet where anybody can read it, and I don't want it stored unencrypted at rest somewhere, where someone can just abscond with it. C library version is not sent, MariaDB version is. But they're not tied to you - nobody can trace these data back, we certainly cannot. Regards, Sergei ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, Federico! On Mar 10, Federico Razzoli wrote: I am no lawyer, but please consider possible legal problems for users. 1) I sign an NDA with my customer 2) I enable Feedback 3) You see things I shouldn't reveal. I know that my data are not sent. And you say it's anonymous. But you will have at least the server's IP and MAC. The real problem is not if we trust trusting YOU (I do) - the real problem is that sending that data could be illegal. Right, this could happen. I have no solution for this, only few assorted thoughts: * not we say it's anonymous, you don't have to trust, you can verify it. It's not a solution, because under NDA you might not be allowed to send even anonymous data. Still you can see what is being sent, no need to trust. * We won't have MAC address. But the IP address will be in the apache logs (even if I'd say we won't log IP addresses you won't be able to verify it). * The idea was to enable feedback plugin in beta and disable it before GA. And beta versions come with a warning don't use in production. Regards, Sergei ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Maybe make it an option when installing? On Mon, Mar 9, 2015 at 1:05 PM, Justin Swanhart greenl...@gmail.com wrote: Hi, I agree with Kristian. Given the way it works, the statistics are really meaningless and I feel you shouldn't drive important choices based on bad statistics. I personally would suggest displaying a link to a feedback/survey form with web downloads and display a message after rpm/deb installation that says something like please visit http://blah/blah/blah/survey to tell us more about the features you use and help direct the future development of MariaDB. This has an added bonus: not all users know about all features, and a list/survey of the important and interesting ones could get more users to use them. Just my $.02 --Justin On Mon, Mar 9, 2015 at 1:19 AM, Kristian Nielsen kniel...@knielsen-hq.org wrote: Michael Widenius mo...@askmonty.org writes: for the alpha so I suggested Sergei today that we should enable it for the beta period of MariaDB 10.0 (10.*1* beta, I guess?) As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? I think it is a bad idea. Please do not do it. Phone-home is a misfeature in any product, and even more so in system software like a database. And besides, the information is much less useful than you think, because of unknown, but probably extreme, data skew. In fact, it will probably be more harmful than useful because people will use bad data to justify bad decisions. Experience supports this point of view with our download numbers. They do not include apt-get / yum / etc. installations, which judging from IRC conversations are the majority. Yet people continuely refer to them as though they mean anything, just because they are there. - Kristian. ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi, I agree with Kristian. Given the way it works, the statistics are really meaningless and I feel you shouldn't drive important choices based on bad statistics. I personally would suggest displaying a link to a feedback/survey form with web downloads and display a message after rpm/deb installation that says something like please visit http://blah/blah/blah/survey to tell us more about the features you use and help direct the future development of MariaDB. This has an added bonus: not all users know about all features, and a list/survey of the important and interesting ones could get more users to use them. Just my $.02 --Justin On Mon, Mar 9, 2015 at 1:19 AM, Kristian Nielsen kniel...@knielsen-hq.org wrote: Michael Widenius mo...@askmonty.org writes: for the alpha so I suggested Sergei today that we should enable it for the beta period of MariaDB 10.0 (10.*1* beta, I guess?) As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? I think it is a bad idea. Please do not do it. Phone-home is a misfeature in any product, and even more so in system software like a database. And besides, the information is much less useful than you think, because of unknown, but probably extreme, data skew. In fact, it will probably be more harmful than useful because people will use bad data to justify bad decisions. Experience supports this point of view with our download numbers. They do not include apt-get / yum / etc. installations, which judging from IRC conversations are the majority. Yet people continuely refer to them as though they mean anything, just because they are there. - Kristian. ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Michael Widenius mo...@askmonty.org writes: for the alpha so I suggested Sergei today that we should enable it for the beta period of MariaDB 10.0 (10.*1* beta, I guess?) As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? I think it is a bad idea. Please do not do it. Phone-home is a misfeature in any product, and even more so in system software like a database. And besides, the information is much less useful than you think, because of unknown, but probably extreme, data skew. In fact, it will probably be more harmful than useful because people will use bad data to justify bad decisions. Experience supports this point of view with our download numbers. They do not include apt-get / yum / etc. installations, which judging from IRC conversations are the majority. Yet people continuely refer to them as though they mean anything, just because they are there. - Kristian. ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
[Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
Hi! We had originally planned to enable the feedback plugin by default for the Alpha and Beta stages of MariaDB 10.1, but we forgot to do this for the alpha so I suggested Sergei today that we should enable it for the beta period of MariaDB 10.0 We agreed that before doing this we would have a discussion on the maria developer list to explain why we would like to do this. The reason we would like to enable it is to get information about which features people are testing and using in MariaDB 10.1, so that we can concentrate our testing and bug fixing during the beta phase for those areas that people are actually using. This would help our development work a lot and would also help us to plan for MariaDB 10.2 development. Anyone will be able to disable the feedback plugin by adding: --feedback=OFF to their my.cnf file. In MariaDB 10.1 gamma/release we would make it default OFF again. We will of course inform everyone about this change, including how to disable the feedback, in the MariaDB changelog and release notes. We do of course hope that as many as possible will have it on, even after gamma, to help us with our development work! Information about the MariaDB feedback plugin and the statistics it provides can be found at: http://mariadb.org/feedback_plugin https://mariadb.com/kb/feedback-plugin As most MariaDB users should know, the feedback is totally anonymous and no private or sensitive information is being sent. Any comments, suggestions or recommendations? Regards, Michael Widenius Creator of MySQL and MariaDB ___ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp