Why Should I Trust Damnit?
2 views
Skip to first unread message
Chris
Sep 9, 2008, 11:39:53 AM9/9/08
to Damnit
Your service looks interesting, but I found the blurb on security
unsatisfying. It's nice you're aware of your system vulnerabilities,
but a simple promise to not abuse it doesn't fill me with confidence.
Especially since it's a *free* service, with no apparent business
model, or plans for profitability, the most valuable thing on your
site is your customer's data. Do you really expect people hand their
their most valuable data to a complete stranger, who has no financial
incentive not to be unscrupulous? Especially in the event that you
decide to cancel your service, what's to stop you from selling this
data to the highest bidder?
In all honesty, the bigger problem I see with your service is that
it's simply too easy to implement locally. I've implemented it myself
on several sites with a simple Ajax call to a local web service, which
can either send an email or log the error to a database. It's no more
than a couple dozen lines of code in most languages.
unsatisfying. It's nice you're aware of your system vulnerabilities,
but a simple promise to not abuse it doesn't fill me with confidence.
Especially since it's a *free* service, with no apparent business
model, or plans for profitability, the most valuable thing on your
site is your customer's data. Do you really expect people hand their
their most valuable data to a complete stranger, who has no financial
incentive not to be unscrupulous? Especially in the event that you
decide to cancel your service, what's to stop you from selling this
data to the highest bidder?
In all honesty, the bigger problem I see with your service is that
it's simply too easy to implement locally. I've implemented it myself
on several sites with a simple Ajax call to a local web service, which
can either send an email or log the error to a database. It's no more
than a couple dozen lines of code in most languages.
Justin Meyer
Sep 9, 2008, 12:16:18 PM9/9/08
to Damnit
Wow, Conspiracy much?
A few things ...
First, lets separate the security vulnerabilities from the issue with
the data. They are two very different things.
On the security vulnerability ... If you have Google Analytics, Google
Adsense, a twitter feed on your site, these products do the exact same
thing and impose the exact same risk. Yes they are Google/Twitter.
But I think it's unfair that a small company wouldn't be able to offer
services that use the same technology.
Our Jabbify product (Jabbify.com) has the exact same vulnerability;
but over 200 people use it.
You are about 100% wrong on the trust issue. First, we built DamnIT
for ourselves (as part of F->IT). Much like you have. But instead of
keeping it for ourselves, we decided to clean it up a little, and let
other people use it. It has no 'business' model, but I'm not sure why
that matters. Does a company that is trying to make a profit somehow
seem less greedy than one that isn't? I doubt it. What's to stop
those companies from selling your data?
Also, this is a worthless argument because what data do we have that
anyone would find valuable? We get the information on people's
websites. But most people use it for publicly available websites so
there is no private data. And, even if the HTML returned did carry
private data; it would be very hard to go through 1000s of errors;
parse them; and know which information is valuable; and what is
letting me know that someone likes pictures of kittens. I don't know
what kind of data this could be picking up that someone would want to
buy, or where to sell it. Maybe you mean people's emails? Hmmmm, I
wonder how many 200 emails would go for. I'd love to damage Juipter's
name for maybe 2 cents?
Many of our other products (JavaScriptMVC, EmbeddedJS, F->IT) have no
business model. Yet, the vast majority of our consulting work comes
from people using these products and hiring us. We follow the 100-10
rule - give people $100 of value and expect $10 in return.
On it being easy to implement locally ... I'm happy you implemented it
yourself. I hope you provide it free to people and have them accuse
you of dishonesty.
DamnIT does go beyond just emailing errors. It groups repeat errors,
lets you set status on them, provides as much data as possible in each
browser, etc.
It is easy to do yourself; but these are the things we want to make
very easy for JavaScriptMVC developers. Releasing it as a sister
utility to JavaScriptMVC makes almost too much sense.
A few things ...
First, lets separate the security vulnerabilities from the issue with
the data. They are two very different things.
On the security vulnerability ... If you have Google Analytics, Google
Adsense, a twitter feed on your site, these products do the exact same
thing and impose the exact same risk. Yes they are Google/Twitter.
But I think it's unfair that a small company wouldn't be able to offer
services that use the same technology.
Our Jabbify product (Jabbify.com) has the exact same vulnerability;
but over 200 people use it.
You are about 100% wrong on the trust issue. First, we built DamnIT
for ourselves (as part of F->IT). Much like you have. But instead of
keeping it for ourselves, we decided to clean it up a little, and let
other people use it. It has no 'business' model, but I'm not sure why
that matters. Does a company that is trying to make a profit somehow
seem less greedy than one that isn't? I doubt it. What's to stop
those companies from selling your data?
Also, this is a worthless argument because what data do we have that
anyone would find valuable? We get the information on people's
websites. But most people use it for publicly available websites so
there is no private data. And, even if the HTML returned did carry
private data; it would be very hard to go through 1000s of errors;
parse them; and know which information is valuable; and what is
letting me know that someone likes pictures of kittens. I don't know
what kind of data this could be picking up that someone would want to
buy, or where to sell it. Maybe you mean people's emails? Hmmmm, I
wonder how many 200 emails would go for. I'd love to damage Juipter's
name for maybe 2 cents?
Many of our other products (JavaScriptMVC, EmbeddedJS, F->IT) have no
business model. Yet, the vast majority of our consulting work comes
from people using these products and hiring us. We follow the 100-10
rule - give people $100 of value and expect $10 in return.
On it being easy to implement locally ... I'm happy you implemented it
yourself. I hope you provide it free to people and have them accuse
you of dishonesty.
DamnIT does go beyond just emailing errors. It groups repeat errors,
lets you set status on them, provides as much data as possible in each
browser, etc.
It is easy to do yourself; but these are the things we want to make
very easy for JavaScriptMVC developers. Releasing it as a sister
utility to JavaScriptMVC makes almost too much sense.
Reply all
Reply to author
Forward
0 new messages