New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

registry.my-netdata.io needs more visibility before use #2054

Closed
h1z1 opened this Issue Apr 5, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@h1z1
Copy link

h1z1 commented Apr 5, 2017

Intrigued by the eye candy I was about to install this. Looking over the install script however I'm a bit disturbed. Can you please explain why the beacon to registry.my-netdata.io is not optional and why there is no indication at all of it happening?

https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh : Line 1353 contains:

remote_log() {
        # log success or failure on our system
        # to help us solve installation issues
        curl >/dev/null 2>&1 -Ss --max-time 3 "https://registry.my-netdata.io/log/installer?status=${1}&error=${2}&distribution=${distribution}&version=${version}&installer=${package_installer}&tree=${tree}&detection=${detection}&netdata=${PACKAGES_NETDATA}&nodejs=${PACKAGES_NETDATA_NODEJS}&python=${PACKAGES_NETDATA_PYTHON}&python3=${PACKAGES_NETDATA_PYTHON3}&mysql=${PACKAGES_NETDATA_PYTHON_MYSQL}&postgres=${PACKAGES_NETDATA_PYTHON_POSTGRES}&sensors=${PACKAGES_NETDATA_SENSORS}&firehol=${PACKAGES_FIREHOL}&fireqos=${PACKAGES_FIREQOS}&iprange=${PACKAGES_IPRANGE}&update_ipsets=${PACKAGES_UPDATE_IPSETS}&demo=${PACKAGES_NETDATA_DEMO_SITE}"
}


This is referenced simply on line 1561 as a post install step:

remote_log "OK"

Given the amount of data it leaks and security abuse I don't see why this is needed?

Thanks

@ktsaou

This comment has been minimized.

Copy link
Member

ktsaou commented Apr 5, 2017

Hi,

This is not part of the netdata repo. It is an experimental helper that decides the packages that need to be installed on a system.

This is QA. If you hit this URL you will see there is nothing there. Error 404. The request is just logged on the web server log files, which are rotated daily with a 7 day retention. No database is maintained.

I needed to understand if users are facing issues on specific operating systems, which distros are used (so that I need to focus on them), if the script managed to do the job or not, etc. There are no personal data of any kind.

This is the only use I have every made of this information: #782 (comment)

I think I can remove it now. It is a left-over from the initial versions.

Thank you for reporting it...

@h1z1

This comment has been minimized.

Copy link

h1z1 commented Apr 5, 2017

No worries. Looks like a great project, would hate to see it get a bad wrap over something like that. Not sure if your install steps need to up updated as well? The link to that script came from them:

https://github.com/firehol/netdata/wiki/Installation

I don't see anything in there to say those are for QA? There's nothing wrong with providing usage reporting so long as you're upfront with it :)

@ktsaou

This comment has been minimized.

Copy link
Member

ktsaou commented Apr 5, 2017

ok, so I let it be. It might be handy.
I added a note to the installation page, linking to this issue.

Thanks!

@ktsaou ktsaou closed this Apr 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment