Something is broken with mdd

There seems to be a problem with the website of mdd:

There seems to be a lot of garbage in the database.

:footprints:

2 Likes

Considering it’s only for testing (so far) it might be because of that. Well, actually, it probably is…

Without knowledge - I am guessing that someone is deliberately throwing junk in the data.

4 Likes

Yup, that is a known issue, we were already aware that sad little script kiddies can easily throw junk data at it. Not all data collected is filtered yet, this will be added in the future. A few minor config rules in the front-end and this junk data will no longer show.

5 Likes

I paused the public dashboard for now. The pollution of the database is irrelevant for the test run.

Thanks for noticing.

5 Likes

Just to say, MDD is a nice little app. Once the bugs are worked out, it should be a really useful tool.

2 Likes

Retrospective prevarication and ad hominem comments do not inspire confidence and probably do not comply with Code Of Conduct standards

If Manjaro Team were aware that someone with limited knowledge could hack the script easily, the script should not have been released for testing, or users should have been informed that the code was not secure

An anonymous data collection using an open source script - that can never be secure - it was to be expected that data pollution would occur.

An extensive validation of possible variations and expected data structure and types is required for such project to provide a somewhat reliable picture.

One can speculate that is the reason why e.g. Ubuntu has not presented recent data - they are so skewed they can not be trusted - or people has forgotten the telemetry exist.

2 Likes

The lack of strong filters was intentional, this was done to not accidentically filter out legitimate data, it allowed us to improve the filters.

The collected data from the testing phase is not important, it will be wiped before the actual rollout.

The script is secure, the script was not hacked. The data collection endpoint is public and anyone can push data to it, it has to be for this to work. On the endpoint not all data is filtered yet, it will be before the actual rollout.

4 Likes