Bug#745668: Fwd: Bug#745668: Really fixed?

Anton Gladky gladk at debian.org
Sun Apr 27 17:07:48 UTC 2014 

There is the answer of upstream author of ovito.
Please, CC him explicitly in case of respond.

Thanks

Anton



---------- Forwarded message ----------
From: Alexander Stukowski <mail at ovito.org>
Date: 2014-04-26 21:52 GMT+02:00
Subject: Re: Bug#745668: Really fixed?
To: Anton Gladky <gladk at debian.org>
Cc: D Haley <mycae at gmx.com>


Hi Anton,

I’ve sent the following message to 745668 at bugs.debian.org, but I’m not
sure if it was received correctly (It didn't appear in the bug
tracking system so far). So here’s a copy:


As the original author of OVITO, let me give a detailed technical
description of the update notification system in the current version
of OVITO and how the number of installations is tracked:

OVITO displays an informational text in the main window’s right panel
after startup. The text disappears once the user performs an action
such a loading a dataset. The displayed text is a html page, which is
automatically updated from the web server www.ovito.org after each
program start. When a new program release becomes available, the html
page delivered by the web server will contain a note that invites the
user to go to www.ovito.org and download the update with their web
browser. To refresh the html page, OVITO makes an http request of the
form:

 http://www.ovito.org/appnews/v2.3.3/?ovito=00589bb22b8dda22b6f9ef7bc6ed57ea&OS=macosx64

That means the current program version, the unique installation ID (a
16-byte random number generated on first program start and
subsequently stored in the settings store), and the OS type are
encoded in this URL. All HTTP requests get logged by the web server,
and I have a bash script that greps the IDs within a certain time
window and counts unique IDs to estimate the number of active
installations of the program. I need this estimate of the number of
users to justify the development of the software to my employer and
public funding agencies. No full IP addresses are logged by the web
server.

There are now two user options that control this feature: The setting
"updates/transmit_id” controls the transmission of the unique
installation ID. If set to “false", the requested URL will contain
only zeros instead of the ID. The second setting,
"updates/check_for_updates”, controls the fetching of the html page
from the web server. If set to false, the hardcoded default text
supplied with the program will be displayed instead of the online
version (and no http request is made). The default values for both
settings is “true".

The html page displayed at program startup (both the hardcoded one and
the one delivered by the server) contain the following notice:

"Privacy notice: OVITO contacts the web server www.ovito.org on every
program start to update this page and inform you about available
program updates. It may also transmit an installation ID to help the
author collect anonymous usage statistics. You can change this
behavior in the application settings.”

The application settings dialog provides further information (in the
form of tooltips) on the installation ID and why it exists.

The program uses the QSettings class [1] from the Qt library to store
its user settings. The default settings are hardcoded in the C++ code.
For instance, this expression in ModifyCommandPage.cpp states that the
default value for the “updates/check_for_updates” settings is “true":

settings.value("updates/check_for_updates", true).toBool()

The source file GeneralSettingsPage.cpp contains a similar statement.
That means the default values for the two settings I discussed above
appear in two locations of the code. I might change/improve this
situation in the future.

Please understand that for me, the developer, it is desirable to have
this update notification system in place. One reason is of course that
I don’t want users to use outdated versions of the program (and
contacting me with unnecessary support questions/bug reports without
being aware of available updates). I experienced this for quite a
while, because the Debian/Ubuntu package hasn’t been updated for many
years and people were still using an ancient program version (which
didn’t have the update notification yet). The second reason is, as I
said above, that I need some statistics on the total number of users.
This can be decisive for the future of the program and may determine
whether further work on the code will be funded.

Let me know if there are still open questions regarding this.

-Alexander

[1] http://qt-project.org/doc/qt-5/QSettings.html#details

On 26.04.2014, at 17:41, Anton Gladky <gladk at debian.org> wrote:

Dear Alexander,

could you, please, explain in a bug tracker for a wider audience, how the
new logic of this feature will work?

Thank you

Anton

2014-04-26 16:23 GMT+02:00 D Haley <mycae at gmx.com>:

+ layout2->addWidget(_enableUsageStatistics, 1, 0);

It looks like it is still enabled by default?

I might be wrong, as I am unfamiliar with QT's config file system. But its
not clear what the default value is set to. As updates are handled by
apt-get/aptitude, this should be disabled by default. There is no need to
contact a remote server.

More information about the debian-science-maintainers mailing list