On 1/31/07, Mike McGrath <mmcgrath@xxxxxxxxxxxxxxxxx> wrote:
Current stats can be found at: http://smolt.fedoraproject.org/stats You can have your machine send its stats by installing smolt with yum and typing "smoltSendProfile"
Is there any mechanism in place to prevent bogus profiles being submitted? It would be stupid and malicious for people to do that but there is no shortage of stupid malicious people. Also there have been people who already edited their kernel dumps to hide that they were using binary-only modules when seeking help. So that would be another class of people who might do this. I can't really think of a way to prevent this sort of thing in an open system but at least there are way to harden against it and detect some tampering and be able to purge it from the database after. Things I can think of to harden: - flood protection: limit to one submission per time period per IP ... tar pitting might make massive corruption too tedious - whitelist of known hardware: might be hard to capture every single different string that could be generated by your hardware detection but at least some fields have a finite number of different things that it could be and might prevent a lot of "D3wd ... I 0wz0r yur 57475!!!" cpu architectures being submitted. - stats query subset of the whole: If you set up the stats query page to only include what the user wants to look for (rather than have global stats including everything submitted), then you have a human in the loop that can choose whether something looks fishy or not and whether they want to include it in their generated stats. Then the existence of vandalized stats won't matter since the users can easily exclude them from their stats. So the user can query "Out of the cpu architectures X, Y and Z, what percentage is X." as they don't care about the "l337" cpu type and don't want to include those in the total number. Just some thoughts. /Mike -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
