Re: Compass Software

["Joe Lucia" <joe@xxxxxxxxxxxxxxxxxxxxx>]

> The fact that the site *is* secured at all should tell you that they don't
> want "just anyone" to access the software.  The fact that the softwares EULA
> also indicates it's intented to be used by qualified service personnel
> should also tell you that they don't want "just anyone" to have access to
> it...  You seem to miss these important points (as does the individual that
> provided you with the user id and password.  If you were to call one of your
> local dealers and ask them to supply you with access the Honeywell Dealer
> site, what would they say??

The community is a big place and the password has been posted often
enough to be found somewhere on the Internet (never by ME, I wouldn't
do that).  That's just bad security.  I'm not suggesting just anyone
SHOULD have access, I'm just saying if they were SERIOUS about just
professionals having it, then they would secure it better.  I have no
sympathy for anyone who doesn't secure a secured site properly.  EULA's
are useless to the end-user, they just don't care because no one will
sue them because there is no standard to go by to determine who
qualifies as a "Professional".

Legally speaking, you are correct in every way.  But, the Internet is a
big world, Warnings and EULA's are impossible to enforce in this
scenario.  You Must secure your data/information/applications properly
or the undesirables Will get it.

> Boy are *you* wrong.  Cars are "programmed" at the factory.  Yes, the Dealer
> has to do very little in the way of "intervention", because they *do* work
> "out of the box".   GM (Ford, Chrysler, etc.) won't give you access to
> programming though, and there's no way for you to alter critical functions.
> On GM vehicles equipped with "Onstar", you also don't have the option of
> using another provider.  With the panel software you can pretty well do
> anything you want (including "nulling" the zones, telco numbers and account
> codes).

You are talking about a peice of hardware that is completely programmed
and configured and ready to go and doesn't need any end-user or dealer
tweaking, compared to a piece of hardware that has no useful smarts
until it is configured properly.  You can't alter the core programming
on an Alarm Panel either, you can only muck with parameters.  Mucking
up the right parameters in a perfectly good car/alarm system can make
critical functions fail.  I know people who have the hardware and
software to pull-over and plug in their laptop to their truck to change
it's performance (because the configured it for better off-road
performance but then it performed terribly once back on the freeway).
Not a dealer or technician, just a guy who knows computers and cars and
the right sources of the necessary equipment.  Sure the stuff isn't
available to the general public, but there is ALWAYS a way to get it,
as we've just seen here, there is always some who Was in the business
but now isn't and feels they have no obligation to anyone to keep the
secrets.  It is unfortunate, so we must be prepared for them by
securing things by USER not by COMMUNITY.  There is always a user in
the community that will become corrupt.  It's inevitable.

> That won't help.  If, for instance the end-user wants to use the software he
> purchases from some online retailer on his own system, he has to call his
> Dealer and get the access codes (and in some instances the CSID number which
> the software "writes" to the panel on the initial download).  I know of no
> Dealer that would give that informtaion out to an end-user.  Doing so would
> compromise every panel they have that uses that same software.

True, the installer code could be necessary.  The CSID can be reset to
blank if you know the installer code.

I'd just default my panel according to the documentation and start from
scratch (I already know what my zones are and how they should respond).


> If you were my customer and decided you wanted to program your own equipment
> using Dealer software, I'd say...  "Sure, send me a cheque for the balance
> of your contract, then we'll default your panel and you can find yourself
> another monitoring centre and servicing Dealer.  Good-bye!!"

I would do the same thing :)  I'm not saying I'd like to support an
end-user doing this.  Nor would I expect to be supported if I were the
end-user.  I also expect to be completely responsible for any
programming errors that might cause undesirable results.  I pity the
Monitoring Centers that must deal with the end-user-do-it-yourselfers
but I'm glad They are doing it instead of me.

> There is a way to program the panel without the Alpha keypad.  You have to
> be familiar with the panel's reponses though to do it.  I couldn't "teach"
> you how to, nor would I want to.  The method is far more prone to error if
> you're unfamiliar with the equipment.  Leave the programming of the panel to
> someone that is trained to do so.  If you don't like the fact that they're
> going to "restrict" you then your option is to have the system defaulted to
> a local panel, purchase a remote dialler module and program that to call
> your cell phone.  Of course, you could always call up "NextAlarm" and have
> them send you their dialler.  From what I've read and seen in this group
> though, I'd have some concerns on how they deal with their customers as
> well...

You are correct.  I started down that road, programming it blind,
realizing the prompts are still there as expected, but found the
manual's examples didn't have every scenario so I had too much trouble
predicting what to enter next.  If I had done it before with an Alpha
keypad, then it would not have been a problem to figure out, but I
hadn't.

We, as a Monitoring Center, will not monitor for an End User for
many/all of these reasons.  You never know how much the end-user knows
about everything involved in programming and monitoring an alarm
system.  I would always recommend a Professional Installer who *has
experience* with the equipment being installed.  ESPECIALLY if it is
being Monitored since that is usually where the confusion of codes and
zones and formats hits home.  Most installers don't even realize how
complicated Monitoring can be for so many different systems and formats
and concepts (every dealer has a different concept of how his customers
signals should be handled).

I expect an End-User could call Honeywell and sweet-talk the password
out of them by pretending to be a Dealer.  I don't expect Honeywell has
any way or would wish to spend the time to confirm who is a
"Professional" and who is not.

Still, don't give out the username and password if it is not yours to
give and this discussion would never have started.