Tracking environment changes #2
Comments
|
I have not thought that far ahead, but you are not the first one to ask about this, so I guess it should be considered. Any ideas? |
|
If you are not storing each submission, maybe do a comparison of the data being submitted and save it only if it has changed. It looks like you are sending stats every 12 hours , so storing each submission could become fairly massive. While providing the most data for analysis, I'm not sure if you'd need all of it. |
|
You could just have a table where you store the change. But then I'm not sure if it is that important. The purpose of the plugin is to get data of current installations. We don't need to know who updated to which PHP version. We just want to know what PHP versions are used by how many people. |
While I agree with that, it may also be helpful to know the rate of change. For example, if we are unsure about raising the minimum version of PHP, knowing how quickly people are upgrading, on average, might help that decision. In my opinion, the more data you have, the better, even if you don't plan on using it right away. |
Google and Facebook for sure share this opinion. 😄 Back to topic: It sure would be nice to have this data if possible. However if it generates a huge amount of data (what it probably will), then I'd more in favor of dropping that data and just stick with a live view without history. |
|
There is still a lot of architecture to figure out. Overnight we had some guy think he was being funny or something and send in totally bogus stats, like Joomla 1.0 running on PHP 6.4.0, which obviously would never occur. So, we really need to find a way to validate the incoming data to ensure it has not been tampered with. Thats my top focus right now. |
|
I think in these early stages of testing you want to capture all the data |
Actually I would say this is a good tester. I'd like to see more of those. Don't just test the obvious but also try to hack around the system 😃 |
|
Well there is no way to prevent spoofing, so I am not sure what to do about that. |
|
We can put constraints on the data, but there is nothing preventing someone from just spamming the site with their preferred setup, and saying 'Look at all the users on PHP 5.4.19 and running 3.x! We should totally drop support for everything else!' |
|
You could do some ip checking to prevent the same guy sending data multiple times with different ids. Or limit it at least to a certain value or something. To be a bit realistic: The more plugins are installed, the less a single user faking the data will have any impact on the outcome. So just promote the plugin well and the fakes become irrelevant 😄 |
|
Another verification could be that the server makes a 'callback' to the plugin, verifying the id and maybe a property somehow. This would make it a bit harder to fake it. Just an idea. |
|
What is firing the callback to the server? |
|
It would make it more of a pain to fake, but still 100% possible. |
|
The problem we have to address is that our plugin offers nothing to the user. WordPress uses this data to provide detailed update checks, and if an update is not compatible with the environment, they do not allow the user to install it. We have nothing to offer the user, at least along those lines. I think keeping it as a plugin for 1.7-3.x, and then rebuilding the installer / updater to actually support PHP version checks for 4.0 will allow us to make this info mandatory and useful, thus less susceptible to spoofing. |
|
I think the 'give something back to user' would be solved if the stats plugin would be a part of the code Joomla update system - It's already built into the distribution and performing checks cyclically. There would be an added value for extension developers too - they could provide only relevant updates in the response body. |
How do you plan on tracking environment changes? Is this something that will be tracked and stored for later analysis?
The text was updated successfully, but these errors were encountered: