Originally Posted by Nathan

The reason Zend optimizer is closed-source is because it works with encoded php scripts and they do not plan to make it easier for anyone to write similar encoding apps. At least thats what I am guessing.

This arguing back and forth about open or closed source is useless. You obviously have a fundamental difference in thinking in this area. We prefer to encode our source code to protect it against tampering with and steeling by our competition. If you do not agree with that... thats not my problem. I have good reasons and all our clients and a LOT of other people agree.



Why in gods name would we not promote our program as the best out there? You want us to say "We are great, but program XYZ is really better."???? Are you totally losing your mind now? We WOULD sue you if you went, got nats from us, then put a shaving system around it, and then used NATS and shaved around it. Of course we would friggin sue you. You just caused major harm to OUR business and ALL of our clients! Why in gods name would we NOT sue you!?

If have not said its impossible. I have said its not as easy as you think ;) Read what I write.



5 Minutes, good. :) You kick ass. I still do not agree that it is that easy though.

Originally Posted by Dragon Curve

Firstly - how are your features oh so much better? Because honestly I don't see anything so incredible. It's a well put together system, but it's not rocket science.

Originally Posted by Dragon Curve

The fact is, you're talking about me as an "open-source lover" as if there's something horribly wrong about that. And you're arguing that open-source software has FAR more bugs (you actually said that). And yet, you're running that. So why didn't you develop in Windows, with ASP.Net and SQL Server?

Originally Posted by Dragon Curve

Oh, and when was the last time you wrote an Apache module? I'm sorry, never? I've written quite a number of them and trust me, the source is essential. No book could replace being able to actually see how things are working. Talk from experience, not your time at the local bookstore.

Originally Posted by Dragon Curve

No, you didn't say that. You said that open-source software has a lot more security flaws. Which is false.

What is also false, is that Apache, MySQL, sendmail, etc. is part of a Unix system. No, it's not. Apache, MySQL, sendmail and the like are applications that run most often on Unix systems. Apache and MySQL both have Win32 ports.

Originally Posted by Dragon Curve

Now, compare Apache to IIS over the last three years and honestly tell me Apache has had more flaws. Do the same with any two open-source vs. closed-source applications.

Originally Posted by Dragon Curve

I only say you have no clue, because you simply don't. Go visit bugtraq, read it for a few months. There are security companies who just constantly audit the open-source code. So let's think logically. The open-source code is getting audited by numerous, separate people ALL the time. The closed-source code is audited by the developers and that's it.

Logically, what is going to have more bugs? Seriously, you'd have to be extremely naive to think open-source is going to be buggier. That is one of the many advantages of open-source software.

Originally Posted by Dragon Curve

The Zend suite of software is an attempt to push PHP commercial. The Zend engine in PHP is completely open-source and if the encoder was half decent, there would be no problem pushing it open-source.

Originally Posted by Dragon Curve

Saying your program is the best is one thing. Telling people you'll sue them is another. You're over the top.

Sue this, sue that. Americans. That's one grand thing that we have here. If you even dreamt about sueing me for something like that, it'd get thrown out of court here so fast your lawyers would still be getting into their suits.

Originally Posted by Dragon Curve

The great thing here is we have no DMCA copyright laws. I could legally decompile your source code, modify it with shaving and use it. And you wouldn't be able to do sweet fuck all to stop me. =)

Read what I wrote. You still haven't replied to my "10 line source code" post. Why is that not possible hey? It's just as easy as I think and you know it.

Originally Posted by Dragon Curve

Still, you can go on and on saying how difficult it is, how near impossible it is. If you want to see if it really can be done, then let me. I'll prove to you that I can successfully create a transparent NATS shaver in under 5 minutes. Oh wait, shit I'm sorry, you'd sue me! Ah well, I guess we should all go back and lull in our false sense of security.

Originally Posted by Nathan

LOL... 10 lines of code to do that? Dude, you are not as good as you think you are...

Also, great system, just shitty when a reseller checks your cascade with his reseller code and somehow notices that, hmmm... why the fuck does NATS send the resellerid 0 or at least one that is not me to the friggin biller. Now that is weird huh?

Originally Posted by Nathan

I agree, it is not rocket science. Still funny that somehow our cascade system is more advanced, our programs system is more advanced, our resellers system is more advanced, our stats system is more advanced, than anything I have seen out there. Configurability is the key here.




Because almost noone on this friggin planet uses IIS or windows servers in general. If 99% of the web would run on IIS, would you only code for Apache? No of course you would not.
I am not saying I love windows, I hate the bugs it has, I hate how unstable it once was (it isn't anymore in my oppinion). It really is bad sometimes.
WHERE have I said open-source apps have MORE bugs than closed-source ones? If I did say that, I appologize, I did not mean it that way. I can not find me saying that in this thread though.



LOL. You crack me up man. You do not even know who I am dude. Why are you judging me like this? Who are you to know if I ever wrote an apache module or not?!





I actually did not say that either. I said that open-source software has a lot of security flaws. NOT a lot MORE security flaws.

Of course Apache and so not part of the unix system itself. But _YOU_ put IIS in the same line as windows yourself. So do not do that either.



Yet again, I have not said closed-source apps are more secure! I said open-source apps are FAR FROM FLAWLESS. _READ_ what I write damnit.



Again, I have not said closed-source has less bugs than open-source. READ damnit. READ.



You do not want to get it right? Its about interlectual property. The second you push something open-source people can easily copy what you do. Why in gods name would anyone want to do that if they sell the app for a lot of money?!?!

There might be people that think its intelligent. I am not one of them.

Originally Posted by Nathan

I'm german. ;)

I would not be so sure about this. Is it legal in Australia to defraud someone that sells you something? (Traffic) I doubt it is.



Again, it might not be illegal to decompile source, change and use it in your fine Australia. I do doubt that taking away money from someone that sells you traffic is legal in Australia though.

I actually did reply to that great 10 line source code post ;)



Dragon, (or do I call you Curve? or Dragen Curve?) our goal is to keep our clients from even trying to defraud anyone. How in gods name is this a BAD thing? Whats your problem with that? Read jeyeff's post in this thread again, its a very wise one. (He is not a client btw, at least I do not know him.)

Originally Posted by Dragon Curve

So we insert the member into the members table in our wrapper with the 0 campaign ID. Then we continue to pass the normal campaign ID to signup.php and we wrap process_epoch.php etc. We could even write an .htaccess which would do that automatically so anything hitting process_* would have that replaced. Then we could catch where it's redirecting to, and simply change the member ID being passed along. We could even clean up the member signup.php would create, if it did any.

Simple.

Originally Posted by Nathan

Ok, now you also have to wrap all poll_ scripts because they will pickup the sales that did not correctly register with process_ or which somehow got the reseller dropped.

Of course wrapping that tends to get more and more complicated since those scripts pull data from another URL and uses it directly. So you would really have to rewrite those scripts instead.

This does nolonger take 5 minutes, do you agree? Now you have to do all kinds of things to modify and wrap and whatnot scripts in NATS. The effort is growing and growing and growing. And you never know, maybe we have more scripts that do checks of the posted data compared to the data we pull from the billers.. Hmm.... you wanna risk being cought shaving and lose your face? Or might you want to prefer to maybe just not shave and put all this effort in another place and actually try to make a good affiliate program?

At some point, Dragon, the effort gets too big to actually make it interesting to try to circumvent every little thing in NATS. Why not just write your own app instead? Sounds way easier to me than to risk us finding you shave and losing your integrity in this biz forever.

Thanks for proving my points ;)

Originally Posted by Dragon Curve

Nobody runs IIS? HAHAHAHA. This is too much.

Originally Posted by Dragon Curve

How would I know if you've never written an Apache module? The way you talk about it. Go on - am I right?

Originally Posted by Dragon Curve

I get your intellectual property speech. And like I said, if you'd read, that's fair enough. But my argument is that it's not as secure, which is very valid.

Originally Posted by Dragon Curve

I still stand by that I could achieve this in less than 5 minutes. Complete transparency. I'm serious - take me up on the offer and I'll prove it to you. Until then, your points will never be proven.

I'm not condoning shaving in any way. I'm merely saying I could EASILY do it.

Moreover, you overestimate the attention to detail of most people. I'd be willing to bet my left nut that you could do something as simple as wrapping just the track.php and signup.php and nobody would be any the wiser - even if the reseller ID of 0 was being sent through.

I could create complete transparency in under 5 minutes, with very few lines of code - and I'm more than happy to do so if you'd like. The only real way you can prove it's not transparent, is to have me do it.

But since it's clear that's not what you want, we can only speculate. Any decent programmer could write shaving around NATS. It's a fact.

Originally Posted by Dragon Curve

Oh and one more thing - how many of those poll scripts are actually pulling the campaign from the biller? gxb and tel2_helper? No need to use those billers then.

Originally Posted by Nathan

Compared to other servers, it virtually is nobody. Ok, maybe what, 10-20% on the whole net? Thats not a lot though. Only 2 clients of ours used IIS till now. I was talking about this industry mainly.



No, you are not. ;) I actually wrote quite a few for myself and modified a few others to my liking. I do have a book btw, did not have to read through source to learn how to do it. ;)



Yes, you are correct, some closed-source apps are not as secure as other open-source apps. Statistically speaking, closed-source apps probably are less secure, you are right. But there now and then are closed-source apps which have not had any security problems yet. MS software is not really a great example for closed-source apps ;)

Originally Posted by Nathan

Which client of ours do you work for? You have never told me that.

The point also is not that RESELLERS might not see you shaving. Its _US_ you have to worry about the most here. ;)

Your ideas are good. Wrapping stuff might help, but EVENTUALLY, if you make it TRANSAPRENT and I see the usual stuff in all URLS, we _WILL_ catch the sale and assign it to the reseller. UNLESS you take NATS, totally write a copy of it yourself, and then claim you still use NATS but you really do not.

This totally defeats the purpose. We _WILL_ catch you.

Originally Posted by Dragon Curve

20% of the internet is virtually nobody? Uhhh..

Oh really, I'm intrigued. What did your Apache modules actually do? Out of pure curiousity of course =)

And you stand by that NATS is 100% secure?

Originally Posted by Dragon Curve

Ah so you check every reseller on every single client you have. You must have a huge team to do that.

Originally Posted by Dragon Curve

And you stand by that NATS is 100% secure?