This afternoon I run a flow (ISE 8, Linux) and got in the log a warning message. The word 'Warning' was an hyper link so I clicked on it hopping to get a more detailed description of the warning. Few seconds later I was surprise to find myself in Xilinx site in a page that displays the full path of the file I compiled. The path included sensitive information such as my name, the name of my employer and the code name of the project I was working on. Xilinx, please be more sensitive to the privacy of your customers. Jim
ISE sends sensitive information to Xilinx site!
Started by ●May 25, 2006
Reply by ●May 25, 20062006-05-25
Jim wrote:> Few seconds later I was surprise to find myself in Xilinx site in a > page that displays the full path of the file I compiled. The path > included sensitive information such as my name, the name of my employer > and the code name of the project I was working on.Hi Jim, If true that's a horrible thing for them to do, but remember that what you see in your browser window resides on your own computer. I'm no web guru, but it might be possible that the Xilinx website generates Dynamic HTML (or Javascript, etc) that is interpreted by your browser and used to create what you see your screen without actually transferring any sensitive information to Xilinx. For example, when they dynamically create a web page for your browser, they might send a reserved environment variable name instead of the real path (for example), which your browser then renders as the actual absolute path. Perhaps a Xilinx rep could clarify? Ron
Reply by ●May 25, 20062006-05-25
Hi Folks, Altera does the same as well. In Quartus II, they have a feature called "TalkBack" which reports back to Altera via an XML file, details about the software tools you are using(including synthesis, simulation, timing analysis and "others" , design constraints, IP usage, name of top level file, time of compilation etc). Also reported back include hostid, NIC ID and C: drive info), which they state in their EULA (whoever reads that !!!) that they may use to determine the identity of the user. Even if you are disconnected from the Net, all details are saved for later transmission. However, I'm sure it is all used to help the user....hmmm. Bob PS you can disable this feature, but I'll let you read the EULA to enable you to do this. Jim wrote:> This afternoon I run a flow (ISE 8, Linux) and got in the log a warning > message. The word 'Warning' was an hyper link so I clicked on it > hopping to get a more detailed description of the warning. > > Few seconds later I was surprise to find myself in Xilinx site in a > page that displays the full path of the file I compiled. The path > included sensitive information such as my name, the name of my employer > and the code name of the project I was working on. > > Xilinx, please be more sensitive to the privacy of your customers. > > Jim
Reply by ●May 25, 20062006-05-25
The amount of web linkage is getting very annoying. Personally I block all requests with my firewall and run some machines internet isolated but this does lead to occasional other issues as the tools are beginning to assume the connection is always there to web. Question is - how long until license codes for software rely on a web access for authorisation? John Adair Enterpoint Ltd. - Home of Raggedstone1. The Low Cost Spartan-3 Development Board. http://www.enterpoint.co.uk "Jim" <cairosearch@gmail.com> wrote in message news:1148540842.709080.19670@u72g2000cwu.googlegroups.com...> This afternoon I run a flow (ISE 8, Linux) and got in the log a warning > message. The word 'Warning' was an hyper link so I clicked on it > hopping to get a more detailed description of the warning. > > Few seconds later I was surprise to find myself in Xilinx site in a > page that displays the full path of the file I compiled. The path > included sensitive information such as my name, the name of my employer > and the code name of the project I was working on. > > Xilinx, please be more sensitive to the privacy of your customers. > > Jim >
Reply by ●May 25, 20062006-05-25
On a sunny day (Thu, 25 May 2006 01:07:48 -0700) it happened Ron <News5@spamex.com> wrote in <mBddg.484$qy5.339@fe05.lga>:>Jim wrote: >> Few seconds later I was surprise to find myself in Xilinx site in a >> page that displays the full path of the file I compiled. The path >> included sensitive information such as my name, the name of my employer >> and the code name of the project I was working on. > > >Hi Jim, > >If true that's a horrible thing for them to do, but remember that what >you see in your browser window resides on your own computer. I'm no web >guru, but it might be possible that the Xilinx website generates Dynamic >HTML (or Javascript, etc) that is interpreted by your browser and used >to create what you see your screen without actually transferring any >sensitive information to Xilinx. > >For example, when they dynamically create a web page for your browser, >they might send a reserved environment variable name instead of the real >path (for example), which your browser then renders as the actual >absolute path. > >Perhaps a Xilinx rep could clarify? > >RonJust run snort (packet sniffer) snort -i eth0 -v -d > test.txt Thne grep for your project's codename in grep my_secret_project_name test.txt If it shows anything move to Altera.
Reply by ●May 25, 20062006-05-25
On a sunny day (Thu, 25 May 2006 10:30:29 +0100) it happened "John Adair" <removethisthenleavejea@replacewithcompanyname.co.uk> wrote in <1148549430.36769.0@iris.uk.clara.net>:>The amount of web linkage is getting very annoying. Personally I block all >requests with my firewall and run some machines internet isolated but this >does lead to occasional other issues as the tools are beginning to assume >the connection is always there to web. Question is - how long until license >codes for software rely on a web access for authorisation?Or worse, as Billy Windows long time ago suggested: The tool (applictation) will run on the server. So you upload your design.... secure link of course ;-) It has no quite happened that way, although some movies and audio sites try hard. Maybe you then simply pay for access time to the tools. Solves any update problem too.
Reply by ●May 25, 20062006-05-25
Jan Panteltje wrote:> On a sunny day (Thu, 25 May 2006 10:30:29 +0100) it happened "John Adair" > <removethisthenleavejea@replacewithcompanyname.co.uk> wrote in > <1148549430.36769.0@iris.uk.clara.net>: > >> The amount of web linkage is getting very annoying. Personally I block all >> requests with my firewall and run some machines internet isolated but this >> does lead to occasional other issues as the tools are beginning to assume >> the connection is always there to web. Question is - how long until license >> codes for software rely on a web access for authorisation? > > Or worse, as Billy Windows long time ago suggested: > The tool (applictation) will run on the server. > So you upload your design.... secure link of course ;-) > > It has no quite happened that way, although some movies and audio sites > try hard. > > Maybe you then simply pay for access time to the tools. > Solves any update problem too.That, of course, is called "time sharing", and is what we used 30 years ago, before PCs arrived. Back to the future...
Reply by ●May 25, 20062006-05-25
On a sunny day (Thu, 25 May 2006 03:11:39 -0800) it happened David R Brooks <davebXXX@iinet.net.au> wrote in <44759173$0$3638$5a62ac22@per-qv1-newsreader-01.iinet.net.au>:>Jan Panteltje wrote: >> On a sunny day (Thu, 25 May 2006 10:30:29 +0100) it happened "John Adair" >> <removethisthenleavejea@replacewithcompanyname.co.uk> wrote in >> <1148549430.36769.0@iris.uk.clara.net>: >> >>> The amount of web linkage is getting very annoying. Personally I block all >>> requests with my firewall and run some machines internet isolated but this >>> does lead to occasional other issues as the tools are beginning to assume >>> the connection is always there to web. Question is - how long until license >>> codes for software rely on a web access for authorisation? >> >> Or worse, as Billy Windows long time ago suggested: >> The tool (applictation) will run on the server. >> So you upload your design.... secure link of course ;-) >> >> It has no quite happened that way, although some movies and audio sites >> try hard. >> >> Maybe you then simply pay for access time to the tools. >> Solves any update problem too. >That, of course, is called "time sharing", and is what we used 30 years >ago, before PCs arrived. Back to the future...Not all old ideas are bad.... Fire is also an old idea. There are more.
Reply by ●May 25, 20062006-05-25
>>That, of course, is called "time sharing", and is what we used 30 years >>ago, before PCs arrived. Back to the future... > >Not all old ideas are bad.... >Fire is also an old idea. >There are more.So is lighting one by rubbing sticks. Good luck. I don't want to return to what we did 30 years ago. Those of us who had to deal with 1Mb of memory with multiple power rails in three fan-cooled cabinets (and processors in eight) are glad to see the end of them and all the hassle. There's no point pretending that processing power and RAM are still expensive. They're cheap. They're very cheap. That's why we now have it locally. Do you want a server to render your graphics images, too? Or maybe you'd prefer to do everything on a command-line? Get real.
Reply by ●May 25, 20062006-05-25
On a sunny day (Thu, 25 May 2006 14:14:16 +0100) it happened MikeShepherd564@btinternet.com wrote in <slab725a1q4ntho7f45uq7ad04hp6fpk0c@4ax.com>:>>>That, of course, is called "time sharing", and is what we used 30 years >>>ago, before PCs arrived. Back to the future... >> >>Not all old ideas are bad.... >>Fire is also an old idea. >>There are more. > >So is lighting one by rubbing sticks. Good luck. > >I don't want to return to what we did 30 years ago. Those of us who >had to deal with 1Mb of memory with multiple power rails in three >fan-cooled cabinets (and processors in eight) are glad to see the end >of them and all the hassle. > >There's no point pretending that processing power and RAM are still >expensive. They're cheap. They're very cheap. That's why we now >have it locally. Do you want a server to render your graphics images, >too? Or maybe you'd prefer to do everything on a command-line? Get >real.I think you mis the point. Now, to do the synthesis, many people have to buy advanced (very fast) hardware. A FPGA vendor could team up with say (for example) Sun, and you would use their server farm. The FPGA vendor would take care of all updates and software related problems transparent to the customer. Think how many man hours you spend installing, updating, finding install problems, with the XST, things you tried to get it working. And then multiply that by the amount of people using it. At the current cost of manhours, and now you do not need the latest hardware, no new software purchases, site licenses made simple, there could well be a financial advantage. ESPECIALLY if the server farm was significantly faster then the normal high end PC used by (for example) you today. That is also [saving] hours (waiting for a design to finish). Waiting for software to ship, etc etc. If I really listen to your blunt remarks I almost think you have no clue about software at all (regarding the graphics remark). There is only very little data to be transferred (listing and bitfile returned, some graphs, really not a lot), but a lot of calculations to be done by the software. The perfect setup for a client server model. The FPGA vendor could then also team up with other companies to make the best tools availabe at all times to all. That would 4 sure make thing a lot better to work with. There actually exists a PCB manufacturer (cannot remember the name of that company) that lets you do boards that way (with their own soft). People seem to be satisfied with that. So, save time, money, have the latest bugs fixed all the time, save disk space, hardware, no illegal copy problems for the FPGA tool vendor, work faster, it would make sense to work it out in detail.
