My admin is dependant on cUbecart server. Why?

[Guest cwalter]

Hi

I found it a bit of a worry yesterday during the cubecart.com down time. I was unable to access my admin area, my webpage had an error due to the key.php file not being able to update. I was advised this was due to the issues with the cubecart.com down time.

My concern is that i have purchased my cubecart software so i am not sure why it still needs to depend on the cubecart.com server to keep running. What if the cubecart.com server goes down again, what if one day cubecart.com decides to close up shop, bigger companies have closed it doors so we can't say that will never happen. I would like to feel secure knowing my purchased software will contunue working if these things were to happen. These are all risks i now have to consider.

I do not feel comfortable knowing that my administration is dependant on cubecart.com server, especially since i have purchased the software and i pay my own hosting company to host my site.

Is anyone able to explain why it needs to keep regenerating a key.php file, especially since it did it the first time when it's installed. Also what other areas are dependant on cubecart.com?

Thanks

cwalter

[Ausy]

I am sure an expert will answer but I presume they have to check you have a valid liceince. I doubt this particular issue is going to happen again. With regard to Cubecart.com ever closing, I am pretty confident that the people involved, no matter what, would not leave there customers in the **** and render stores un un-usable. I don't know the people personally but I do know they will do their upmost to help when you need it.

[Guest EverythingWeb]

Okay, let me try and answer a few of the questions. Please understand that I don't work for Devellion/CubeCart, but merely volunteer moderate on here, and have a large number of store licenses for ourselves & customers.

I was unable to access my admin area, my webpage had an error due to the key.php file not being able to update

The CubeCart server move, which started just over 2 weeks ago, shouldn't have affected anyones stores. The move to the 1st of the new servers (as it became) went smoothly and everything was running fine, however as the licensing system in CubeCart calls home every two weeks, within a few days, reports started coming in that some stores couldn't access the licensing server. This, after much MUCH dialogue between CubeCart and the server provider, was found to be being caused by a firewall outside of CubeCarts control, which the Datacentre didn't seem to want to do much to help about.

As their senior admins couldn't figure out a way to help CubeCart achieve what it needed, CC took the decision to move server hosts to a new datacentre, where there weren't these firewall issues. This move had more problems owing to the "highgly recommended" server management company which CubeCart rightly put their trust in.

Once all the issues were sorted stores are now able to talk to the licensing server without issue.

Had the server move gone as expected, no-one would ever have noticed. Sotres would have picked up the new IP address of the licensing server and carried on away validating every two weeks.

This two-week call-home is to allow, as a lot of software vendors do, the control to disable a license, should the payment be found fraudulent after the order has been processed, etc etc. It's an important function to maintain the licensing model for CubeCart, so that the developing company earn their revenue to pay the developers to keep on, well, developing.

what if one day cubecart.com decides to close up shop

As this information is in the public domain, I don't mind telling you that Devellion Ltd, the company behind CubeCart is extremely Financially robust. I certainly don't forsee *any* problems, and if I did, with a lot of business to protect (mine + my customers) I wouldn't be putting my trust in Devellion. I know the guys there very well, and they work extremely hard to produce CubeCart and support its many diverse users.

why it needs to keep regenerating a key.php file, especially since it did it the first time when it's installed.

As I've said above, the local key.php is a way to stop the store having to call-home every time you use it. It's designed to seamlessly sit in the background, checking occasionally you're still licensed.

Also what other areas are dependant on cubecart.com?

Only the Admininistration panel is dependant on the licensing server. In case there are ever server issues (which I believe there wont be from now on) then the idea is that the front end of the shop isn't affected, so that people can still browse and order from your store. No information is ever lost.

The only other thing dependant on cubecart.com is the version check on the admin home page, but this wont cause a fatal issue if it cant work, so no worries there. And the RSS feed if you still have it pointed to the cubecart.com one. Again, its non critical so wouldn't cause you any issues.

Hope this goes some way to explaining the situation.

[Guest cwalter]

Hi Everythingweb

To explain myself better, I am not saying cubecart will close, what i am saying is that you never can predict what will happen to a company, i have seen many big companies, airlines, hotel chains all go broke and close up shop. So no one can really predict the future.

My point i am trying to make is that i am not comfortable with having my business dependant on another persons server. you say had everything gone as expected than we would not have noticed. But things did not go as expected and i did notice as i was locked out for a long time. There may be situations in the future that will not go as expected, so do you think its fair that it effects other business?

Like i said, i paid for my licence and a couple more over a year ago so i can't understand the need for this dependancy or fraud check or whatever you want to call it.

My site has over over 1,400 products available and i offer a service that is attended to daily, which menas my admin is just as important as my front end. I am running 4.2.2 and a lot of hard work and effort goes into maintaining its stability so when i am locked out of my site due to server errors that are not under my control it kinda makes it hard to stomach, especially since i put in so many hours making sure things run smoothly.

I understand cubecart.com had a few issues and i do understand the worked around the clock to get back online but i still don't think its right that my site is controlled by the company i bought my software from.

I hope you understand what i'm trying to say

cwalter

[Guest Brivtech]

Protecting an intellectual property with over 99% of it's source code available to view and edit is a difficult task. Do you sacrifice the available code by encryption, or use a licensing key system? It's a difficult choice, and CubeCart has always been about easy customisation because of that access to the code. I have used other systems in the past that also had licensing systems running in the background. Others were not suitable for modifying to my needs because of the encryption. CubeCart has been by far the best solution for me. Without some control, there is nothing stopping people simply copying and installing multiple copies of the software, without the developers getting anything back for their time, resources, security audits, translations, etc. It actually costs a lot to develop a system like this, and obviously when it earns someone an honest living, they don't want to see it lost, especially when it's all they've been doing (and know?) since they left university.

In such an eventuality, either CubeCart or a third party could provide a file that bypasses the licensing system, which releases you from the aforementioned dependance on the CubeCart server. Obviously in such a situation, there would be no further official updates to the software, but as all the rough-work has been finished, and the latest version is very stable, this wouldn't really be much of a problem. Also...

This is all conjecture of course, what you are stating is extremely doubtful, and you should take into consideration that there is a huge community that provides third party modifications and services to the CubeCart software, and again, in such an eventuality that CubeCart stopped overnight, this community would keep it going for a long time afterwards - There are plenty of candidates who would most probably take on the software in an official capacity - Many of the contributors within this community earn their living from supporting CubeCart with their wares. For them to switch to another system would not be an option.

I have it on good authority that CubeCart is certainly alive, and there is always much happening behind the scenes with development and improvement. I understand your concerns, but for the reasons I explained, there is plenty of backup, and alternative methods to ensuring that you won't ever be left with something you can't use. I use CubeCart for my own business and my clients, and I have 100% confidence in this.

[bsmither]

Curious to know if there's an "Un-License Me!" switch. In other words, once the changes (whatever) get implemented for having supplied a License code (or whatever), and there does come another cluster-f (like whatever just happened), what does a store owner do that very second to restore the ability to administrate the store even if it means the "Powered By..." phrasing returns. (It's not that disreputable to have that showing, IMHO. OK, I'm referring to CC3 - maybe this topic relates to CC4.)

[Guest EverythingWeb]

This topic does relate to CC4. CC3 stores aren't reliant at all on the cubecart.com server, only at the very second when you punch in your Copyright Removal Key, it goes off and checks it, before/after that it never communicates with cubecart.

[Guest hennaboy]

I find it suprising that people have not come across call home in scripts before.

My server control panel calls home, CC4 calls home, gallery script calls home.....i could go on.

Its all part of professional software. If you spend that amount of time and money on a product in a business where a great deal or piracy goes on then you have to take steps to keep your investment.

At the end of the day. Some couldnt get to their admin ....i didnt experience this and i access my admin daily throughout the day. If I had then having read the posts by Al about the firewall issues then id have sat back and waited.

I chose CC due to the active development which is a good sign that there is weight behind a product. At the end of the day stuff happens that is out of anyones control. It gets resolved as quickly as possible and things roll on.

The earlier server move to a 8core server with better backups etc I commented on.....now if you want to feel secure that this company is here to stay then look at that. Those aint cheap!

Plus you always got to remember - the call home is written into the software script(s) therefore if anything did ever happen then its always reasonable to say that the script(s) could be rewritten to stop the call home.

[Guest cwalter]

Obviously everyone seems to be fine with this key.php file having to check with cubecart server.

All i can say is wait until the day you are locked out of your business for a day and you can't get in even if you already paid for it.

Doesn't feel very nice at all.

cwalter

[Guest Brivtech]

It's all relative though - Loads of things could go wrong that don't even have anything to do with CubeCart - These are some things I've experienced over the years:

- Local ISP switchover goes wrong (from one wholesale supplier to another) - 10 days without service - They spent a week denying there was a problem, followed by a few more days waiting for things to update when they realised the problem and did something about it.

- Lightning hit local phone exchange - 2 weeks without service - after much testing and replacing equipment their end, it turned out that my own router had also become affected and needed replacing.

- RAID Hard drive failure - Was without my beloved computer for 2 days while I had to buy, install new equipment and re-install programs and restore data. Lost several days work when this happened. This wasn't a webserver, but my own computer that I do most of the design work on.

Anything can happen at any time! You should build a disclaimer into your Terms and Conditions just in case you are ever affected, no matter how reliable YOU are.

I had a friend who ordered a Tazer from the USA - not knowing they were illegal in the UK. The police did a dawn raid on his house under the Terrorism Act (assuming he was a dealer, and hoping to find wholesale quantities of them), and in the process took all of his computer equipment - They only returned it 2 months later. In the mean time, his wife couldn't complete her coursework for a NVQ qualification she was studying for. Imagine if they needed their computer for a web-business.

There's also been several incidents of ships dragging anchors across undersea internet cables, causing outages. I could go on all day!

The point it, anything can happen, by any means. While I sympathise with you for the inconvenience you faced, there are plenty of other things that should concern you more.

[Guest hennaboy]

All very true.....hear what happened at the Houston DC owned by the Planet? Last month a high volt system in the power room blew taking out 3 walls and switching off thousands of servers. The fire dept ordered them to not use the backup power supply until it was deemed safe.

I think it was 4-5 days later when service was nearly restored after getting equipment from everywhere possible and having teams working shifts around the clock.

Nobody was hurt and they honoured their SLA agreement. Point is as Brivtech mentioned....it happens but it doesnt mean to say that the company has gone bust or anything!

Ive moved house and had to go to a internet cafe to get into the admin. Ive had to access it from different countries....ive moved over 300miles whilst running a internet based mail order business. YES im more than happy for CC to call home and verify its a legitimate licence.

If it was urgent and I had to get the customer details then I would go to my payment processor an retrieve the info from them and give them a call providing an explanation. Customers only get upset if they dont receive their goods or dont know why their goods may be a day or so late.

[Guest Brivtech]

You could always pull off orders directly from the database if you can't get into CC admin in a worst case emergency scenario.

As a suggestion, I'm going to propose that if a license can't be verified (under particular conditions, like a server or connection outage), that a period of 7 days read only access to CC admin would at least help store owners to retrieve orders for a period while things are being resolved.

[bsmither]

Obviously everyone seems to be fine with this key.php file having to check with cubecart server.

Criky, mate... do you realize how much presuming went into that statement?

Yes, loads of things could go wrong: your town could be flooded, you could be abducted/adopted by alien creatures, the Holy Divine Supreme Being could say, "That's it! Enough's enough! I'm shutting it all down!" That, and almost all of what Brivtech mentioned comes with full-disclosure.

But did the CC4 license give full disclosure? Perhaps the real beef here is that maybe cwalter did not read the EULA. Today it describes in general terms what happened, the consequences, and rectification.

There have always been major concerns by major players in the industry over phone-home activity - generally a concern over consent, security and privacy. When such activity becomes egregious in frequency and/or concealed/encrypted content transmitted, it then becomes indistinguishable from spyware regardless of the intent or claims of the publisher.

True, the technique employed in CC4 is, to a degree, common. But as is now evident, perhaps a bit flawed. At least give the admin a short duration "Emergency Notice".

NOTE: CC4 failed to contact its licensing/update server. You have a five-day period to contact the publisher to determine what recourse you have, if any.

Too much for a $200 application? You get a 30-day trial. Five days is only a common courtesy.

[Guest cwalter]

Hi bsmither, Just reading your reply and the only sentence that made any sense to me was this " True, the technique employed in CC4 is, to a degree, common. But as is now evident, perhaps a bit flawed. At least give the admin a short duration "Emergency Notice".

I have no idea what the rest of your reply means. I may just be a little naive in regard to this issue, because honestly i have no idea what your talking about.

All i am asking for is the call back feature to be disabled, especially after payment has been recieved. This way in the future if cubecart.com has another sever crash than my business will not be effected.

Nothing to do with flooded towns or aliens.

[Guest Brivtech]

All i am asking for is the call back feature to be disabled, especially after payment has been recieved. This way in the future if cubecart.com has another sever crash than my business will not be effected.

Read this: http://forums.cubecart.com/index.php?showt...mp;#entry153545

There's now a backup server so this shouldn't happen again. They do try hard you know.

[Guest cwalter]

yes this is good, and thank you to the cube cart team for a prompt solution.

However i still don't see the need for this call back feature, and i am still uncomfortable with the fact that i can be locked out of my business at any time whilst it is under the control of cubecart.

Cubecart v3 did not need this feature and we all spent the money that was required to upgrade so why does this little call back control system need to be used. Who knows why, i definitly don't. I guess i just got to learn to live with it.

[Guest Brivtech]

Well, if it hasn't been answered for you within this lengthy topic by now, I guess it never well.