Wednesday, 25 August 2010

Autodesk’s CIP – The Truth Slowly Being Revealed?

Disclosure: The name of one individual mentioned in this post has been encoded to unjustifiably protect the person’s identity**. The identity of the second individual has been altered similarly in the interest of equality only.

(Paul) “I pity your shortsightedness. It must kill you to know I hold the answer you are seeking.”

There are several people who have, over time, taken the opportunity to ridicule me as an individual and what I have said in relation to Autodesk’s intrusive licensing and Customer Involvement Program (CIP): but one of the most curious is 78 174 and in common with 86 of Autodesk, 174 claimed CIP data is “easily readable”

In fact these two individuals have several things in common when it comes to tackling my comments about CIP. One is they have both openly claimed CIP data is human readable. A second point, users have nothing to fear and the third – and most importantly – neither individual have, when asked to do so, provided details or evidence in support of their assertions.

This makes 78 174’s statement, “It must kill you to know I hold the answer you are seeking.” quite poignant and worthy of challenge.

Let’s look at what led up to 174 making the statement and why it may be the harbinger of the demise of this person’s credibility.

Following my blog entry titled ‘Rabid Dog puts CIP Data Up For Sale’, 78 (and others) and I exchanged e-mails and within one of those communications 78 made the statement, CIP files were "not encrypted. It's an XML derivative (easily readable)". It would be of no surprise, to those following what I am doing, to see me leap on this comment and follow up with 78, and I did with the following question;

“This is what we have been asking for 78. All the data we have found, generated by CIP, is encrypted and not 'human readable'. If what you 'indicate' is correct please tell me where it is to be found.”

For a critic this was an obvious course of action; an opportunity to demonstrate to all just how wrong I was and (maybe) have always been. 78 responded with, “If you know you can turn it off then what is the issue?” To which I responded, “Simple, we have a recorded instance where CIP having been turned off at installation was found to have been activated by something other than operator intervention! It caused and remains a problem. So returning to point 2; where is the XML file 78. Provided I can validate, having that data could shut this one aspect of my concerns about Autodesk down. I would be only too happy to publish the findings and, openly state I was either wrong in the first place or the situation has changed for the better.”

78’s reply, “Considering your propensity to use private emails in a public post I think this is the end of our conversation.” A curious answer considering I have always maintained I was prepared to publish and admit that I was “wrong in the first place or the situation has changed for the better.” Secondly, and I repeat, it was 78’s opportunity to ‘cover my face in egg’; an ideal opportunity for a very vocal critic. Interestingly though 78 chose to follow through with “I pity your shortsightedness. It must kill you to know I hold the answer you are seeking.”

Now which ever way you look at 78’s statement you have to wonder about why this person chose to criticize (me) in the first place. Has 78 a grudge to vent? It doesn’t worry me in the slightest that s/he may have information that I have been looking for; but it does worry me 78 seems to think it is appropriate to deny important information to others who have the same concerns as I do. 78’s statement will be remembered by me not only for the meanness of character it portrays but for its childishness in the face of opportunity.

As for my ‘shortsightedness’; what shortsightedness I would ask. Is it shortsighted of a business person to read terms and conditions and or seek to understand how customers’ business computers are being used by software developers without authorization – for the developers own business purposes? Is it 78 who is being shortsighted in not releasing the information s/he has; or is there another reason for 78’s reticence?

So let’s look at what is actually know about CIP data. The first point to make is Autodesk state the data collected is encrypted (and therefore not ‘human readable’). This differs of course from what both 86 of Autodesk and 78 174 have stated – why? The second thing we know is that even though Autodesk were unwilling to tell me where the data was to be found, a portion was found. I say a ‘portion’ only because I cannot be sure all of it has been found. What has been found, has been validated as being Autodesk generated CIP data and, it would appear, ‘the crucial’ files are encrypted and not - ‘read easily’ – as claimed by 174 - without translation. One to Autodesk and zero to 86 and 78.

Following are two portions of CIP data. The first a segment of the data forming part of a customer’s data, set ready for the un-authorized transmission to Autodesk.

__6ss_,5'9Z#KyeDESK_mc_mask_ ___
S_Jpa_}uqu_`.7+%120z?6V__mw_ ___
Mf$mc_mask_}Z ____U#Gc_mask_aI ____KG)~_squ>KUTODESK_mc_m}2?G3__O
_NI_}t_s}r_p_4 .?U.6_qlR95!"Qx~ODESK_mc_b2'*G$KyeDESK_b4R41<"]5KyeDESK_:"J=.:%Ga__RFTGI_9*^(|qz_xDL_WSCZ_uw_sLYk_aUTODEO_Z,7Vm(7v_sDVQioSK_mc_mask_aI_____ _$'_opc~_IU4'!2?o_rn_odR5____[~a_mc_mask_aUTS__ _G/cZ)|qz_wWJSE>0/o__h___

The second portion provides the proof it is Autodesk behind the unconscionably intrusive, unauthorized data collection and transmission.

info Mon Oct x 200x 10:54:32.156000 pid:2xx8 tid:1x4 Transcripts C:\Documents and Settings\xxxx\Application Data\Autodesk\xxx...\{6BF97520-15F8-4437-B98C-533F8695DE9A}.zip of 116210 bytes is being sent to

No points to be won here but neither does it do much for 86 and 78; unless, of course they now choose to come clean. 86 is going to be constrained by Autodesk but 78 now has a little problem - credibility. As an industry participant 78 now needs to reveal what s/he truly knows and come to realize, I have (had for some time) Autodesk CIP data and understand how damaging it could be if the full details were revealed.

As I have done in the past I will allow others to draw their own conclusions about what these two individuals actually know, about CIP, if anything? I am not saying the two are completely wrong, they may just be ‘mushrooms’ spreading the spores they have been engineered to do; but as it stands, both these persons made statements for which neither were prepared to provide supporting evidence and, in the process, they have, contributed to the deception and customers concern and confusion in relation to the efficacy of Autodesk’s CIP.

Or did they simply lie? If so why?

Now let’s briefly return and again look at who may have been the most shortsighted: me for identifying potential business problems and bringing them into the open? Autodesk for thinking they could initiate and continue to do what they are doing (unnoticed)? 86 of Autodesk and or 78 174 for tromping out a different story - seemingly thinking they were defending Autodesk? Or industry (commentators and customers) who just sit on their hands thinking, and saying, there is nothing they can do to influence Autodesk or change the situation?

Autodesk’s activity, in relation to software licensing, subscription terms and conditions and CIP, is unconscionable and conduct customers should neither accept nor allow to continue. Those who choose to say, without having the full facts, or supporting evidence, Autodesk’s customers have nothing to fear from Autodesk’s terms and conditions and or CIP are standing on insecure ground.

It is easy, for the gutless, to throw stones at me but now having shown a small portion of the CIP data to hand, it is also easy to see why I never believed 86 and 78’s claims CIP data was ‘human readable’ and, knowing the data is not what customers would like to see leaving their computers it now, more than ever, allows others to see why I have asked the questions, I have, of Autodesk.

For me, getting answers to my questions remains something I will pursue until all are addressed properly and I am satisfied!

If my concerns were or are misplaced or wrong Autodesk, prove me wrong. As a customer it is not necessary for me to justify my position. As the vendor it is your obligation to justify, to your customers, your position and a socially responsible company would do so!

If my concerns were or are misplaced or wrong 86, prove me wrong. As a customer it is not necessary for me to justify my position to you. However, as a spokesperson for the vendor it is your obligation to be truthful when dealing with customers and a socially responsible individual would do so!

If my concerns were or are misplaced or wrong 78 174, prove me wrong. I have set out only to improve the knowledge available in our industry. I have done what my customers expect of me as their supplier and consultant; that alone justifies my position. Yours, 78 174 as an outspoken defender of another’s actions, with apparent ‘inside’ information, is the obligation to reveal what you ‘know’; a socially responsible individual** would do so!

I look forward to be proven wrong and have always said so – but which one of you three can do it now?

Which one of you three are going to tell Autodesk customers the truth about CIP and Autodesk’s terms and conditions and, who is going to be able to do it in a manner that would ensure, what ever the truth is, you can be believed?

For CIP; Autodesk’s actions to date, compromised by the apologists, has made the withdrawal of CIP or total transparency the only options available to Autodesk; are they a socially responsible company and up to the task or not?

For Autodesk’s software and subscription terms and conditions – well; truth supported by transparency are the only tools left for Autodesk to use. But? Given ‘the water that has passed under the bridge’, would any Autodesk staff member or legal representative ever be able to convince, Autodesk’s customers, or me, Autodesk’s answers and actions can be trusted?

In closing, I must repeat 78’s comment;

(Paul) “I pity your shortsightedness. It must kill you to know I hold the answer you are seeking.”

**You just gotter love this person; when serious business stuff is being debated this was 174’s best shot, a real professional! Add, s/he has not the guts to have a name attached to the comments you may conclude what the individual, now known as 78 174, says (about CIP) is just a load of bovine mushroom food!

No comments:

24th May 2007

Buyer Beware…’, was the title of a letter published in the Sydney Morning Herald on the 24th May 2005. It detailed a fundamental shift in the use of a particular EULA away from being a tool that defined the rules of use for software – reasonable - to a legally enforceable contract containing a number of questionable conditions including one granting the licensor, "the right to conduct an audit on your premises or by electronic means"; unreasonable!

The EULA moved from being a contract defining what you can and cannot do with software to a contract, if accepted unchallenged, that specifically gives the licensor access to your premises, business, design and computing systems!

Caveat emptor, the Blog, is an extension of that original letter and highlights my original, unanswered, requests relating to the addition of Audit clauses in my existing Subscription and Licence contracts. Requests for information and detail that I, as an established licence holder and customers, have every right to; and information the licensor should be compelled and obligated to provide!

If my goal is considered offensive, unjustified or unreasonable it will only be by those who believe protecting their IP is more important than that of others. To them I make no apology; if the issues raised previously had been broached correctly, and in the first instance, they would have long ago passed by.

Caveat venditor: ‘Like a dog with a bone’, I have absolutely no intention of letting go of these issues until they all are sensibly discussed and answered as I believe they should be!