[Sparkle] Appfresh abuse
Rob Napier
robnapier at gmail.com
Thu May 22 20:34:25 PDT 2008
Looks like AppFresh uses iUseThis to track versions of anything it can't
natively handle. You'd probably have to lie in your Info.plist (rather than
just omit information) to avoid it, which starts to sound like an arms race.
You mention frequent updates, which makes me think that these tend to be
small? I'm wondering if the effort required in fighting would be better
spent on the Sparkle patching feature that has come up from time to time
(how's that one going Andy?) If the patches are small, then maybe the 50k
non-users could be made a non-issue?
I really, really need to get my day job under control and dig through my
ever-growing backlog on PandoraBoy so I can finally get back to trying to
help with Sparkle.... I keep thinking I'm almost there, but there's no way
it'll be before WWDC.
-Rob
P.S. I was always a fan of pSpice back in the days I needed such a thing,
but I can certainly see how folks might not come to grips with this class of
program as you say....
On Thu, May 22, 2008 at 8:19 PM, Pierre Bernard <pierre.bernard at houdah.com>
wrote:
> The easiest solution would probably be to remove out the appcast URL from
> your Info.plist. Put it in some other PLIST or hardcode it. AppFresh would
> no longer detect Sparkle compatibility.
>
> Or do they keep appcast URL on file?
>
> Pierre
>
>
>
> On 23 May 2008, at 02:07, Charles D. H. Williams wrote:
>
> I am experiencing problems caused by an application called AppFresh which
>> appears to be becoming quite popular and is already costing me a significant
>> amount of bandwidth. This is because a lot of people download my application
>> (MacSpice), never get to grips with it and have it lying around for a rainy
>> day. I publish frequent updates.
>>
>> I only want users to check my AppCast and download my application if they
>> have actually run it recently. AppFresh seems to want to download every
>> update even for dormant users. This is wasting an ever-increasing amount of
>> BW and is interfering with my ability to collect usage statistics.
>>
>> I contacted the developer of AppFresh and asked him to modify the
>> behaviour of AppFresh slightly and his reply was less than cooperative:
>>
>> "I'm sorry if AppFresh leads to more downloads of up-to-date software, but
>> that's exactly what our goal is." "May I suggest using Amazon's S3 hosting
>> service ... hosting costs have never been an issue for me ... You might want
>> to ask for donations on your website to cover the bandwidth costs incurred
>> by the users of your software ..." "Should you choose to block the download,
>> we'll be happy to inform complaining users about your decision, or we might
>> need to stop using an AppFresh-specific User-Agent string to ensure user
>> happiness."
>>
>> Now, I am entirely happy to provide free downloads for active users (i.e.
>> ca 2% of installed copies) of MacSpice but I object to having to cover the
>> bill for AppFresh pointlessly inciting potentially ca 50,000 dormant users
>> to download every minor release versions which often appear at appear at
>> weekly, sometimes daily, intervals.
>>
>> As its author has threatened to use fraudulent User-Agent strings to
>> defeat simple attempts to block AppFresh, I think it would be prudent to
>> install some anti-parasite protection into Sparkle. I have in mind some form
>> of authentication/authorization mechanism perhaps like a simplified form of
>> kerberos.
>>
>> What do others think?
>>
>> Charles
>>
>> _______________________________________________
>> Sparkle mailing list
>> Sparkle at lists.andymatuschak.org
>> http://lists.andymatuschak.org/listinfo.cgi/sparkle-andymatuschak.org
>>
>
> - - -
> Houdah Software s. à r. l.
> http://www.houdah.com
>
> HoudahGeo: One-stop photo geocoding
> HoudahSpot: Powerful Spotlight frontend
>
>
>
>
> _______________________________________________
> Sparkle mailing list
> Sparkle at lists.andymatuschak.org
> http://lists.andymatuschak.org/listinfo.cgi/sparkle-andymatuschak.org
>
--
Rob Napier -- Software and Security Consulting -- http://robnapier.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andymatuschak.org/pipermail/sparkle-andymatuschak.org/attachments/20080522/f788e83c/attachment.htm>
More information about the Sparkle
mailing list