Re: Compass Software

["Frank Olson" <Please-use-the-email-links@xxxxxxxxxxxxxxxxxxxxxx>]

"Joe Lucia" <joe@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1129845504.667835.307230@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


> The community is a big place and the password has been posted often
> enough to be found somewhere on the Internet (never by ME, I wouldn't
> do that).  That's just bad security.  I'm not suggesting just anyone
> SHOULD have access, I'm just saying if they were SERIOUS about just
> professionals having it, then they would secure it better.  I have no
> sympathy for anyone who doesn't secure a secured site properly.  EULA's
> are useless to the end-user, they just don't care because no one will
> sue them because there is no standard to go by to determine who
> qualifies as a "Professional".

One company's idea of "securing" the dealer section of their website is
always open to criticism.  I have no problem with the way Honewell/Ademco
have gone about doing it.  It's Dealers like us that must accept the
responsibility of what *we* do with the information.  Mr. Bass is *not* a
Dealer.  He runs an online store that caters specifically to
Do-It-Yourselfers.  I have no problem with "DIY".  In fact I've helped many
find the products they need and a reputable online retailer that will
provide the support they require.  Unfortunately Mr. Bass seems to think
that because the Honeywell site can be accessed by a "universal" log-in, and
others have already disseminated that information over the web, it's
perfectly alright for him to continue to do so...  That's *not* what an
ethical Dealer would do...


>
> Legally speaking, you are correct in every way.  But, the Internet is a
> big world, Warnings and EULA's are impossible to enforce in this
> scenario.  You Must secure your data/information/applications properly
> or the undesirables Will get it.

Agreed.


>
>> Boy are *you* wrong.  Cars are "programmed" at the factory.  Yes, the
>> Dealer
>> has to do very little in the way of "intervention", because they *do*
>> work
>> "out of the box".   GM (Ford, Chrysler, etc.) won't give you access to
>> programming though, and there's no way for you to alter critical
>> functions.
>> On GM vehicles equipped with "Onstar", you also don't have the option of
>> using another provider.  With the panel software you can pretty well do
>> anything you want (including "nulling" the zones, telco numbers and
>> account
>> codes).
>
> You are talking about a peice of hardware that is completely programmed
> and configured and ready to go and doesn't need any end-user or dealer
> tweaking, compared to a piece of hardware that has no useful smarts
> until it is configured properly.  You can't alter the core programming
> on an Alarm Panel either, you can only muck with parameters.

You obviously aren't familiar with DSC or you wouldn't say this.

> Mucking
> up the right parameters in a perfectly good car/alarm system can make
> critical functions fail.  I know people who have the hardware and
> software to pull-over and plug in their laptop to their truck to change
> it's performance (because the configured it for better off-road
> performance but then it performed terribly once back on the freeway).
> Not a dealer or technician, just a guy who knows computers and cars and
> the right sources of the necessary equipment.  Sure the stuff isn't
> available to the general public, but there is ALWAYS a way to get it,
> as we've just seen here, there is always some who Was in the business
> but now isn't and feels they have no obligation to anyone to keep the
> secrets.  It is unfortunate, so we must be prepared for them by
> securing things by USER not by COMMUNITY.  There is always a user in
> the community that will become corrupt.  It's inevitable.

I'm not suggesting Mr. Bass has "become corrupt".  All I'm saying is that
his ethics as an online retailer differ hugely from those of the
participants here.  I'm also saying that if you're going to participate here
(in a forum of largley alarm professionals), you're expected to follow some
basic guidelines and principles.  Mr. Bass has demonstrated on more than one
occasion that he considers such practices (and Professional ethics)
completely irrevelent.  He's often attacked the trade as well in support of
his "DIY Mantra" in this forum.  It's only one of several reasons why he's
not well liked or respected here.


>
>> That won't help.  If, for instance the end-user wants to use the software
>> he
>> purchases from some online retailer on his own system, he has to call his
>> Dealer and get the access codes (and in some instances the CSID number
>> which
>> the software "writes" to the panel on the initial download).  I know of
>> no
>> Dealer that would give that informtaion out to an end-user.  Doing so
>> would
>> compromise every panel they have that uses that same software.
>
> True, the installer code could be necessary.  The CSID can be reset to
> blank if you know the installer code.

Once again, you demonstrate a lack of knowledge when it comes to Ademco
panels.  If the CSID of the downloading computer doesn't match the CSID in
the panel, it doesn't matter if you have the installer code or not.  The
panel will refuse to connect.


>
> I'd just default my panel according to the documentation and start from
> scratch (I already know what my zones are and how they should respond).

Feel free.


>
>> If you were my customer and decided you wanted to program your own
>> equipment
>> using Dealer software, I'd say...  "Sure, send me a cheque for the
>> balance
>> of your contract, then we'll default your panel and you can find yourself
>> another monitoring centre and servicing Dealer.  Good-bye!!"
>
> I would do the same thing :)  I'm not saying I'd like to support an
> end-user doing this.  Nor would I expect to be supported if I were the
> end-user.  I also expect to be completely responsible for any
> programming errors that might cause undesirable results.  I pity the
> Monitoring Centers that must deal with the end-user-do-it-yourselfers
> but I'm glad They are doing it instead of me.

I don't believe any UL (or ULC) listed monitoring centre would accept an
end-user programming their own equipment.  If you know of one, I'd be
interested in hearing about it...


>
> I expect an End-User could call Honeywell and sweet-talk the password
> out of them by pretending to be a Dealer.  I don't expect Honeywell has
> any way or would wish to spend the time to confirm who is a
> "Professional" and who is not.

You're wrong about that too.


>
> Still, don't give out the username and password if it is not yours to
> give and this discussion would never have started.


I think you're barkin' up the wrong tree there bud...  I'm not the one that
provided the info.  No alarm professional worth his salt would do that
either.