From: Dominique L. <Dominique.Leuenberger@TMF-Group.com> - 2008-03-18 12:52:34
|
Joerg, good.. I think we go on the same track here... >>> On 3/18/2008 at 15:31, Joerg Henrichs <jo...@lu...> wrote: > I thought so - just wanted to ask :)) (btw, what provider, I might be > interested in moving my web server as well). I just move all my stuff over to lylix.net (if you want to sign up, tell me.. I can give you a referrer link :) ) The price range is rather big.. starting from 10 USD up to whatever you want to pay I guess.. they have a redundant server farm (3 locations atm) and the speed looks good too.. I did not migrate all my system there yet (working on it). Technical support replies normally the same day. (enough of publicity here) >> >> One thing though: be sure to leave an option to disable the 'phone >> home' feature... there are plenty of people that just don't like such >> a behavior of a program, and if it can not clearly be disabled (sort >> of on first start asking: do you agree if we do so and user can >> choose to switch off) we will get very fast a bad reputation for >> this action. > Yes, I know - I called this idea 'vague' or so in some mail/posting - > for exactly that reason. Main problem: we have to offer the player > something in return, why else would they do it? > One option would be: we integrate this with the unlock-system - to get > access to XYZ, you have to enable this :) > (again, this is more like brainstorming, currently I am not too serious). > > And we might want the server to be able to switch this off, e.g. in case > that the load should get too high (you never know), we might want to > disable this generally. > > Hmm.. would be a good option (should it really get to high in the load). But I would say the user should at least be informed should we decide to switch it down (having a pop up on his STK screen, telling him about this change...). >> The script collecting the data should somewhat also be 'secured' >> against fraudulent http GETs or PUTs though.. we'd have to come up >> with >> something there I guess... > That's more difficult - after all, it's open source. If anybody wants to > fake the statistics, it will always be possible.We could use a delay, > e.g. at least 10 seconds between accesses from one IP address. > Absolutely... we can not make it secure, but at least a bit obscure... like having checksums over everything... maybe using sort of handshake on the server, like give me a policy token, I use it to encrypt it banally and send it to you (stops some small no-brainer scripts just from GETting the site over and over... the token would be valid once only). But of course, as we're in OSS scene, we can not avoid it completely... > >> For the PHP script: once we have a interface between stk and the >> server defined, I could actually implement something for it.. I have >> quiet some php knowledge. > Good - now we should only define the details (what to collect, how to do > it without upsetting players). > Yes... let's brainstorm what information we want to have in the DB... don't worry about database layout and HTTP interface yet... that we'll bring up later... and for the DB design I'll take care of. Dominique |