This question has been flagged
3 Replies
6371 Views
v7
Avatar
gunnar

I just got aware of a website called www.sorryopenerp.com which makes OpenERP not look too good. At fist sight the most vulnerable points being

  1. OE transmits infos about your database to the OpenERP.com servers constantly (which might be considered as behavior of spyware).
  2. it is called to be not stable (due to being updated all the time still with the risk of not working as planned after that.)
  3. something called floating point calculation (which as I understand can lead to calculation errors easily)

not sure whether this is a marketing attack by SAP or anything to worry about. Would be interesting to hear some opinions about this here.Due to lack of expertise I can't really verify all this so I'd like to hear what you people think.And maybe also what the company OpenERP thinks.

Avatar
Discard
Daniel Reis

The authors of the campaign are related to the Tryton fork: it used to include a page explaining the advantages of Tryton over OpenERP, but it's been taken out from the site now. However, it's not sponsored by the Tryton Foundation, as stated in the site's disclaimer. Probably it's just a bad taste joke.

gunnar
Author

if you see this as a bad joke I assume you don't agree. So would you say the 3 examples I have posted here are not true (for example OE submitting information to OpenERP servers)? And somebody who is frustrated just spreads some lies to destroy OE reputation? I have never seen such in the opensource world till today though. Unless maybe one would be very frustrated about a company using the label opensource to disguise it's real (evil) intentions. Of course there can be just crazy people out there ... would you categorize this as that ... 'some crazy or frustrated guy letting go his anger'?

Avatar
Grover Menacho
Best Answer

If it's an attack or not finally that doesn't matter, everything has pro and cons. Finally if you don't like how it works you just don't use it.

I think that it's only something that show the cons, the system is not perfect, but as opensource you can fix it to make what you want.

Finding problems is not really important, the important part is trying to find solutions to that problems.

Avatar
Discard
gunnar
Author

I agree everything has pros and cons. And the fact that the sorry openerp campaign is anonymous doesn't really let you take it for 100%. But even if the issues are true for 50% there would be much in it to let you step away from implementing OE though. Especially the transmission of data without consent of the user is something I think is not tolerable. Ubuntu (another company driven open source project) does it too by the way (unitys lense).

Grover Menacho

At the moment I didn't see a code that is allowed to send my info to OpenERP servers. Maybe there are, i'll need to check it. At first I though that it was a revenge because in the past sorrysap.com was against sap too and it was controlled by OpenERP founder. http://v6.openerp.com/node/1291

gunnar
Author

hi Gover, this link should be where the code is https://bazaar.launchpad.net/~openerp/openobject-addons/trunk/view/head:/mail/update.py#L31

Rohit Pawar

http://help.openerp.com/question/23304/worried-about-the-sorryopenerp-campaign/

Avatar
User
Best Answer

It isn't anonymous.

The whois information shows it is by openlabs - an ex-partner of OpenERP.

See

http ://openlabs.co.in/article/sorry-openerp-campaign-official-statement

http ://openlabs.co.in/article/why-openlabs-not-open-erp-partner

Very interesting that 'employees' of a company who's website states "Openlabs is an active member of the openerp community, and reputed for its deep understanding of the framework and offers development, customisation, & support services" is involved in such a discrediting campaign.

Seems they want the work that comes with being an 'active member of the OpenERP community' but also want to spread FUDD about OpenERP.

It is a bad choice for ANY company to engage in such tactics - whether OpenERP for 'sorry sap' or OpenLabs employees for 'sorry openerp'.

Why not just stand on your strengths?

Avatar
Discard
gunnar
Author

ok, so we have an idea where it comes from. But that does not give us any idea how reasonable the allegations are or not. I think the campaign starters have choosen a bad form by being so openly unfriendly. Because it makes it somewhat easy to discredit them as just some madheads throwing mud. I think it would be interesting to look behind that and deal with the facts they present (OpenERP S.A. might see it as 'so called facts' maybe), but if the allegations are (or at least in part) not correct it should be easy to disprove them.

dave ellis

It's open source, all the code is there. If there was any major issues, I'd guarantee the other companies or partners would have something to say. Like I said, yes the passwords are plaintext, but there is a module for that. Let's face it, something like OpenERP should never be exposed to the internet without proper security checks first and a lot of testing. If anyone just installs any software, exposes it to the internet without any checks or testing first are just foolish anyway.

gunnar
Author

http://openlabs.co.in/article/why-openlabs-not-open-erp-partner this is pretty interesting

Rohit Pawar

I think the more interesting discussion is going on here: http://help.openerp.com/question/23304/worried-about-the-sorryopenerp-campaign/

Avatar
dave ellis
Best Answer

The only valid areas that bothered me initially was the plain text passwords for users. Meaning that if your database was hacked, you would have all your users passwords available in plaintext. But with one module, you can hash or encrpyt. I am not sure which they use in OpenERP.

Just needs the person installing to be prompted if they want their user account passwords encrpyting and the pros / cons of doing so. Otherwise people may expose an install to the internet, which I would say is not secure.

Avatar
Discard