v11 telemetry improvements discussion

Post

Posted
Rating:
Item has a rating of 5 (Liked by Adam Edington)
#9880 (In Topic #3452)
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’

Learn about how we're improving v11's telemetry so automatic errors reported can be fixed quickly

Hello everyone!

You may or may not know that we have changed how telemetry works in v11 compared to v10. For those who don't know, telemetry is the system / process where a Composr website automatically forwards errors encountered (and basic statistics) to the Composr homesite for review by the core developers. There are two settings you can control on your site whether or not it does this.

In version 10, telemetry was e-mail based. When your site encountered an error, it would send an email to a special address which was monitored by an automated tool. The automated tool would parse the sent message and appropriately organize it so the developers can be made aware of issues people are encountering. I cannot speak on the effectiveness of this system because it was entirely run by Chris Graham. As far as I know, it was not very effective especially with organization and communication back to the webmaster of the site which sent the error in the first place.

The system has been changed in version 11. E-mails are becoming a less reliable means to transmit telemetry information. As spam attacks grow, more webhosts are denying the ability to send e-mails, and more e-mail providers are getting strict on spam filtering. For this reason, v11 (as of alpha1) will now transmit telemetry information via web API calls. There are a couple challenges with doing this though:
  • If Composr is in a dire state, using heavy libraries like CURL is just asking for more problems (and PHP does not have a reliable native HTTP solution).
    • Our solution: raw fsock requests will be used
  • Some of the error messages may contain very sensitive information like full server file paths and POSTed data in web forms. This shouldn't be transmitted raw as an attacker could snatch it.
    • Our solution: v11 will require PHP's libsodium (which should be available by default as of PHP 7) and will ship with a public key. It will use the public key to encrypt what it sends to the Composr homesite. And the Composr homesite will use the public/private key pair to decrypt it. Only the core developers will have access to the private key. And a new public/private key pair will be rotated on every minor release of Composr for extra security.
Additional changes coming in alpha3: I've made some improvements to the Composr error log and the UI. Now, when your site sends an error to us, an additional line will be added to errorlog.php under the relevant error saying "TELEMETRY somenumber". The number is an ID referencing the report number. When you view the error log on the Admin Zone, the site will generate links you can click for errors that were relayed to the developers. And you can check the status of the relayed error at any time including notes left by the developers (which may include a link to a hotfix). Here is an example from an error my development site reported: https://composr.app/telemetry/4.htm . It is intentionally very vague as these pages are public. So we give no indication as to what the error was, who reported it, etc (it is assumed if you clicked on a link from the Admin Zone error log to view the page that you already know what error it is for). The "notes" field will contain any notes left by the developers, such as a link to a fix or whatnot.

Please let me know any thoughts you may have to this new system. So far, it has already helped me fix a few unreported v11 bugs.

Be aware this is not a replacement for reporting bugs to the tracker. And not all errors will get auto-reported. Always report things to the tracker if you believe it is a bug. That way the developers can better communicate with you on the issue, and you can be awarded points for your report (which may put you on the community stars page).

Attached are a couple screenshots. 2024-04-27 19.48.18 composr.app 043adb1532ca.jpg2024-04-27 19.48.18 composr.app 043adb1532ca.jpg f0Hg1DFjbr.png

Last edit: by Patrick Schmalstig

  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top

Post

Posted
Rating:
Item has a rating of 5 (Liked by Adam Edington)
#9882
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’
Additional screenshots to show you what things look like in telemetry on the core developer's end (for transparency)

cCnFmfox8v.pngThe above is a list of sites who opted in to sending basic statistics to Composr. I blurred out the ones who asked not to be featured (except for composr.app (the top one) and my own two sites which should say yes instead of no). So this is what statistics the developers have and receive.


2024-04-27 20.14.44 composr.app 56512659eb23.jpgThe above is the screen for viewing a table of relayed error messages. I created a dummy error for demonstration.

2024-04-27 20.15.24 composr.app 655ef39da955.jpgThe above is viewing a specific relayed error.
  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top

Post

Posted
Rating:
Item has a rating of 5 (Liked by Patrick Schmalstig)
#9891
Adam Edington
Avatar
Site staff
Adam Edington is in the usergroup ‘Super-moderators’
That's a lot more useful for sure, nice job.
Online now: No Back to the top
1 guest and 0 members have just viewed this.
Back to Top