Does Revolution need a 'smolt' utilty?

A while back the Fedora guys started using an application they call ’smolt’ to gather statistics about Fedora installations. Basically this runs at install time and gathers hardware related details about the platform e.g. processor speed/type, memory size/type, disk size/format, motherboard type etc. etc. and sends it back to a central server in Fedora land where the data is databased and presented graphically to users. Have a look here to get a feel for this http://smolt.fedoraproject.org/.

They use this data to help answer questions like ’how many installations does this bug affect’ and to generally track how many installs are done etc. so they can get a feel for the breadth and depth of the Fedora userbase. So, for Revolution we could do a similar thing, not with hardware details but with things like OS, Hosting provider, selected language(country) and version installed/upgraded etc. This data can be used in many ways, marketing people for instance like stuff like this.

There are some privacy issues here, the sending of the data must be by affirmative opt in, i.e. if the user does nothing no data is sent, also no matter how you analyse the data you should not be able to track it back to a person/address etc. I believe Fedora doesn’t even store IP addresses here but as you can see from the link above this is doable.

It would need some work, a new page in the installer and a server side component somewhere in modxcms land to receive and database the data, the graphics need not be great initially, maybe just html tables. I can get the details of how Fedora does all this down to the code if needed.

Feature Request?

I was involved with both smolt (beta testing it) and fedora for years. Now smolt has been transported to many different distributions.

Web servers already can get any information they need for their type of "smolt", and have been able to for years.

Simple scripts can be written with output going to a text file to be included along with the information taken from phpinfo() for example.

The very LAST thing a web server wants to do is announce is its OS version, disk information, disk structure, memory levels, Apache Version, or any other version information for that matter, In fact many of us wisely, do not even report what we are using to the various clients which connect to us. It will just say FTP Server, or SSH Server, or SMPT Server or linux (without distro, version, or other revealing info).

I have around a dozen simple layers of security, I use or have created for use on web servers, and In almost a decade I have never been hacked, and only compromised once, and that even locked the user down to a chrooted directory so I could obtain information on him.

One of the beautiful things about Modx, and especially Revolution is that a site visitor looks at what appears to be an html page, when in fact it is much more than that. Most hackers / crackers just keep going because it "appears" that nothing special is going on, and that no hackable php, asp, ruby, or perl action is sitting there waiting for their undivided attention.

If you were wanting to do anything like what you are suggesting, I would suggest obtaining a html profile (use the smolt uuid of a given system and view the system at smolt.org and view source) and making that a chunk, or creating a special privileged user page, if people really need to see it. In over twenty years of working in the computer industry with five different operating system families, I know this:

• users don’t care how or why it works, they just want it to work


• users typically don’t need to know why or how it works and when they do need to know the developers failed and are to blame
• if someone wants to know how or why it works, then making them jump through hoops keeps the bad guys at bay, while leaving the door open for knew legitimate people to get involved

That could be interesting. I think some basic php settings (memory, extensions, etc.), MySQL versions, server OS, etc. would be very great stats to collect indeed. Privacy issues to be sure, but I’d think the information could be anonymized enough to ally concerns. Would be even better to use as a response mechanism should any issues or security concerns be identified. Those folks could get a proactive email with relevant details.

Now having time to tackle this is definitely outside of available bandwidth at the moment!

wshawn,

The very LAST thing a web server wants to do is announce is its OS version, disk information, disk structure, memory levels, Apache Version, or any other version information for that matter, In fact many of us wisely, do not even report what we are using to the various clients which connect to us. It will just say FTP Server, or SSH Server, or SMPT Server or linux (without distro, version, or other revealing info).

Very valid, I’m not saying we do this, we don’t necessarily want or need a UUID, just a count of ’how many Revolution installations are on Apache xx’. I don’t see how this can be traced back to any of your installations, or anybody’s at all for that matter. OK, we may need to encrypt the sent data somehow so it cant be sniffed in transit so to speak.

If you were wanting to do anything like what you are suggesting, I would suggest obtaining a html profile (use the smolt uuid of a given system and view the system at smolt.org

This is not what I’m suggesting, i dont care about any data on smolts site about anything, I was suggesting we use use a ’smolt’ like mechanism to gauge installation information for Revolution, sorry if this didn’t come across.

rthrash,
Yes, I realise its even more work to add to the ever increasing pile! I don’t think we could do your security e-mail suggestion straight off anyway, we wouldn’t know who to mail in my scheme. Its really just for stats.