Gossamer Forum
Home : Products : Gossamer Links : Pre Sales :

Gossamer Links 3.0.0 update system and activation

 
Gossamer Links 3.0.0 update system and activation
There has been some confusion regarding the update system being used by Gossamer Links 3.0.0, and the activation system behind it.

First, to address the update system. Some have expressed concern about what the update system sends to Gossamer Threads servers; the update system sends information as follows.

When checking for available updates:
  • reg_number=... - your registration number - obviously, only license owners are able to update the software.
  • init_path=... Your program init path (i.e. admin path) - we use this only as a means to identify distinct copies of our program, in an attempt to avoid license abuse. As mentioned in the "Gossamer Links 3.0.0 license clarifications thread, we're currently in the process of adding the ability for a secondary testing installation for license holders.
  • product=... The name associated with the product - for Gossamer Links this is 'Links', for Gossamer Mail it will be 'GMail', and so on.
  • product_version=... The version of your product (i.e. 2.99.1, 3.0.0, etc.)
  • update_version=... The version of the GT::Update module - in case we need to set up a workaround due to added features in later versions.


When actually downloading updates to install, one request for each file is sent containing the above parameters as well as:
  • update_id=... - the ID of the update you are downloading. For example, the fileman update uploaded yesterday has an ID of 22.
  • file_id=... - the specific file id of the update, for each file contained in the update. For the fileman update, the ID's are 35, 36, and 38.
  • file_path=... - this applies only to version updates, it specifies the path of the file being downloaded - for example, for the 3.0.0 update this would be set to 'glinks-3.0.0/install.cgi' when downloading install.cgi.


Rest assured that no other data is transmitted - the full paths listed in the update section of the admin panel are generated entirely on your server - Gossamer Threads is never sent anything other than the main admin path. Furthermore, the update system in no way provides a backdoor into admin panels: the download system has been specifically designed to only download very limited information from our servers - no code is or can be sent from Gossamer Threads servers as part of checking for updates. Updates themselves may contain code as part of the update, however rest assured that only product development staff have access to add or remove updates.

The updates themselves are checked at most once every 5 minutes, and are checked both on the "Updates" -> "Show Updates" menu (which is the default page when clicking "Updates") and on the admin panel Home page. The latter can be disabled from the Setup -> Misc. Options page if desired.


As for the activation system, product activation is not a required feature for a core Gossamer Links installation. The admin path checking only affects the update and plugin system. Again, it is not required for a Gossamer Links installation and in most cases, even when it *is* set, it should be an automatic process that isn't usually a problem.

Gossamer Threads Development Team

Last edited by:

GT Dev Team: Apr 12, 2005, 5:43 PM
 
Re: [GT Dev Team] Gossamer Links 3.0.0 update system and activation In reply to
Instead 'init_path' wouldn't be better to use 'domain'?
Licenses are domain based, and not path based. Just my 2 cents.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
 
Re: [webmaster33] Gossamer Links 3.0.0 update system and activation In reply to
Using 'domain' wouldn't work on my system- I've got 4 installations on different paths.
 
Re: [Alba] Gossamer Links 3.0.0 update system and activation In reply to
But I suppose you have 4 licenses bought.

Path doesn't guarantees, that an abusing user doesn't use multiple copies on multiple computers, using same paths, but different domains.
If GT wants to make sure user is not abusing license, should watch domain name, too. If not 'domain' instead 'init_path', then 'domain' as additional parameter...

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

Last edited by:

webmaster33: Apr 13, 2005, 4:21 AM
 
Re: [webmaster33] Gossamer Links 3.0.0 update system and activation In reply to
Quote:
But I suppose you have 4 licenses bought.

Yes

I use the multilingual plugin on one of the installations, building different language/static pages to different domain names- while using the installation path/domain name for cgi functions/database.

Last edited by:

Alba: Apr 13, 2005, 4:34 AM
 
Re: [webmaster33] Gossamer Links 3.0.0 update system and activation In reply to
The domain name is sent in the HTTP / FTP request. Its' not something GT has to request :)

It's "public" information.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
 
Re: [pugdog] Gossamer Links 3.0.0 update system and activation In reply to
Yes, true :-)
I just wanted to point, that currently, the IP/domain seems to be not used on the GT::Update interface.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
 
Re: [pugdog] Gossamer Links 3.0.0 update system and activation In reply to
Quote:
The domain name is sent in the HTTP / FTP request. Its' not something GT has to request :)


I wasn't complaining about the update system! Just pointing out why I thought paths were the right way to go.
 
Re: [Alba] Gossamer Links 3.0.0 update system and activation In reply to
It wasn't a criticisim, or directed at you specifically, just an observation that in order to use "/path/to/admin/" you have to know what server it's on :) or it would be like talking to yourself in a Grand Canyon sized room, wearing ear plugs and blind folded and gagged.

Gforum logs IP #'s, most forums do. The plugin download system for paid plugins I think tracks IP's (or used to). The Click_Track table tracks IP's.

I just don't know why all of a sudden this became such an issue.

This isn't M$ with all sorts of back-door, hidden bombs and unknown routines. It's pure perl, and the response routines are available to view in your admin directory. Again, this isn't at "you" but the "you" of all Links users.

It was always a pain, to have to remember my ID, log on to the licensed area, download the file, upload it to the server, un zip, untar, extract, and try to follow what it was doing and what it was and wasn't upgrading, that this "smart download" was the biggest, best feature to be built into Links since the plugin system!

We did a lot of debugging on the plugin system, and I'm sure the download/upgrade system is going to go through a lot of debugging and banging as well. But, none of us ever regretted the plugin system, whether we use it or not (people still hard-code changes into links), and I'm sure none of us will ever regret this feature either!

I have so many auto-update features enabled in Windows that I *DO* worry about, and would like to see what data they are sending, that this "trivial" issue, that -- from the first time it was announced -- promised to make my life really easier, is not something that even concerned me (and as I've said, I'm paranoid). (The multiple license issue does, but not the concept or process.).

What does Norton, McAffee, those other virus and spyware updaters, or Windows Update itself send back and forth?? You can't look at the code, and you have no idea where they are really going. We are so used to Windows popping up bogus messages, we "ok" anything anyway.

We use them, because we "have to" or we'd spend more time trying to keep updated than using the machine. But everytime windows starts an auto download, I wonder just what it's doing.

And, as pointed out, there are a large number of people running multiple links installs on a single domain, to deliver different information or services. In that case, you'd only be able to tell them apart from their install path.

For most people, though, the real concept here is that Glinks does *NOT* "phone home" in operation. You don't need an active Internet connection or have to worry about a "time out" because it failed 10 times to connect to a GT server. You can run it behind a private concrete, h-bomb proof firewall without a problem.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
 
Re: [pugdog] Gossamer Links 3.0.0 update system and activation In reply to
Quote:
hidden bombs and unknown routines
Just a small note. This is not 100% true. Gossamer Forum has a timebomb implemented, and has hidden tracking codes.
Not that this is not understandable. GForum is shareware, so somehow they should limit functionality after 30 days. Just wanted to note, that there was hidden codes in other apps.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
 
Re: [webmaster33] Gossamer Links 3.0.0 update system and activation In reply to
Hi,

None of our products contact Gossamer unless it's via the plugin system (i.e. you ask to see what plugins are available for download), or via the new Update system (checking for new updates and downloading and installing updates). There are no hidden "phone-home".

Gossamer Forum does disable the admin after 30 days, but it says that as soon as install it.

I'm locking this thread, if you have any questions about this, please contact me.

Cheers,

Alex
--
Gossamer Threads Inc.