[Sparkle] Appfresh abuse

Andy Matuschak andy at andymatuschak.org
Thu May 22 21:48:12 PDT 2008 

Sorry you've been having trouble, Charles. I'm really surprised to  
hear it's been costing you so much—I've always thought bandwidth was  
so cheap! Do you think you could share some gb estimates to help us  
understand what kind of numbers you're talking about?

I'm not such a fan of actually implementing some kind of anti-parasite  
kind of thing in Sparkle: I think extensions like this are a great  
idea, at least in theory. But things like delta updates would help.

A stopgap solution for you:
1. Change the SUFeedURL key to something else.
2. Remove your appcast URL from iusethis.com.

- Andy Matuschak

On May 22, 2008, at 5:07 PM, Charles D. H. Williams wrote:

> I am experiencing problems caused by an application called AppFresh  
> which appears to be becoming quite popular and is already costing me  
> a significant amount of bandwidth. This is because a lot of people  
> download my application (MacSpice), never get to grips with it and  
> have it lying around for a rainy day. I publish frequent updates.
>
> I only want users to check my AppCast and download my application if  
> they have actually run it recently. AppFresh seems to want to  
> download every update even for dormant users. This is wasting  an  
> ever-increasing amount of BW and is interfering with my ability to  
> collect usage statistics.
>
> I contacted the developer of AppFresh and asked him to modify the  
> behaviour of AppFresh slightly and his reply was less than  
> cooperative:
>
> "I'm sorry if AppFresh leads to more downloads of up-to-date  
> software, but that's exactly what our goal is."  "May I suggest  
> using Amazon's S3 hosting service ... hosting costs have never been  
> an issue for me ... You might want to ask for donations on your  
> website to cover the bandwidth costs incurred by the users of your  
> software ..." "Should you choose to block the download, we'll be  
> happy to inform complaining users about your decision, or we might  
> need to stop using an AppFresh-specific User-Agent string to ensure  
> user happiness."
>
> Now, I am entirely happy to provide free downloads for active users  
> (i.e. ca 2% of installed copies) of MacSpice but I object to having  
> to cover the bill for AppFresh pointlessly inciting potentially ca  
> 50,000 dormant users to download every minor release versions which  
> often appear at appear at weekly, sometimes daily, intervals.
>
> As its author has threatened to use fraudulent User-Agent strings to  
> defeat simple attempts to block AppFresh, I think it would be  
> prudent to install some anti-parasite protection into Sparkle. I  
> have in mind some form of authentication/authorization mechanism  
> perhaps like a simplified form of kerberos.
>
> What do others think?
>
> Charles
>
> _______________________________________________
> Sparkle mailing list
> Sparkle at lists.andymatuschak.org
> http://lists.andymatuschak.org/listinfo.cgi/sparkle-andymatuschak.org

More information about the Sparkle mailing list