Solved

HTTP request to external content by the Centreon UI

  • 26 December 2023
  • 7 replies
  • 196 views
S

Hi,

I noticed some time ago that the Centreon UI is doing some requests to the WWW just to display the login page! Today I looked closer, hence this post.

URL is 

https://cdn.eu.pendo.io/agent/static/'+apiKey+'/pendo.js

What is it for precisely? May it be disabled? What the consequences using Centreon with no web access or with this particular remote site blocked for any reason?

Am I the only to find this kind of thing to be both a potential security hazard and a sure source of poor UI response time? And so being properly unacceptable as a mandatory or even default functionality?

https://github.com/centreon/centreon/blob/22.10.x/centreon/www/front_src/src/App/initPendo.js

Does somebody know if any serious fork of Centreon has been started by someone? The Centreon project is turning to real crapware. Can’t find a better word…

And please, don’t complain again about me being agressive or disrespectful, because I’m not. I’m the first to be upset and impacted by what Centreon has become those last couple of years, and if I had no respect and if I didn’t have a little hope to be able to continue to use Centreon in the future, I wouldn’t write anything. I criticize nobody but the product. You may disagree with me or do not like how I express myself, but if this is the case, explain why and how I’m wrong.

To anybody having the time to give a look at https://www.pendo.io/ (although all the problems you maybe have to fix with Centreon…), please give your opinion on this “solution” and why you think it is, or it isn’t a good idea to use for Centreon.
  
And Merry Christmas to everybody!
 

icon

Best answer by benoitp 27 December 2023, 09:11

View original

7 replies

B
Userlevel 2
Badge +8

Hello,

I think it’s user tracking, to track where we click, which page we are using or not.

« Maximize engineering resources by only building what customers want to pay for »

 

I can understand why they want to know this but I’m not happy to know that I’m tracked.

 

I can see 2 sides with this method :

1 - They will focus and improved the most used features/pages, and that can be good for average users : simpler software.

2 - They will left behind, or worst, removed the less used features/pages. But that’s what is a good and efficient product : a software who do for the most, but have all the smalls things to match your needs. (you see how many features/flags there is in Curl ? in ‘ls’ ?)

 

I prefer the option 2.

S

Hi,

Thank you for your feedback.

>« Maximize engineering resources by only building what customers want to pay for »

This has the advantage to be crystal clear, they want to make a software that permits them to earn money rather than making a technically good software. Crystal clear but, imho, they’re the victims of an upper commercial bullshit. Because earning money, at least in the domain of software development and on the long term, never originated of aiming for it, but rather in producing good software (there are still few counter-examples, but still).
Actually, in the case of Centreon, although numerous invitations and recommandations to use this awful new “Resources status” page (not presented like this of course…), the pages all my users are still using are the deprecated ones. I probably am the only one forcing me to work with the new imposed (and still highly buggy!) page (at least for 22.10.15, but I’m not optimistic for 23.10, how could I?). I bet the shit we’re talking about ins’t even included in those legacy (but far more usable) pages (mainly the “Services” one) but I don’t find the force to search the code just to confirm this sad intuition.

Even apart of the tracking and bloating aspect, if the product developers needs this kind of “tool” to know what should make a good monitoring software solution, this is incredibly ridiculous, to say the least.

>simpler software

I’m all for the KISS philosophy, and totally agree with your analysis, but a complex problem (like monitoring an information system) will never be addressed by the simplest solutions the sell forces ~~would like to be able~~ have no shame to propose to potential customers. 

>features/flags there is in Curl

Curl and libcurl development is leaded by people with the due respect to the FLOSS philosophy and the users. Not people which consider FLOSS developers as free work force and users as cattle cows.

I’m very concern about Centreon’s future (both the software and the company), not only for my own case but in general. It’s taking the very same path as what’s the original Nagios has taken times ago (maybe not the very same path, but they’re going to the same place: proprietary software). I hope, at least, that every people at the board are conscious of that.

I’ll finish with saying that, while affirmed to me twice that I was wrong, then being told it isn’t an issue (!), I have a clear idea of why they turned away from the publicly and anonymously (ie: without requiring the creation of an account), solution that Github was providing to get feedback from the community (which includes customers), and rather incite people to use the functionally poor solution (compared to Github) that the place I’m expressing my concerns right now is. I don’t think I even have to explicitly tell what it is. Or is it just a financial decision? Github being too expensive? Please let me know.
I won’t even be surprised if the decision is made to simply get rid of my post just because they don’t want anyone to read this, blindly try to convince themselves (or not) that I’m totally wrong about all what I wrote above.

With all the due respect to the people who created Centreon and lead it to what is was still some years ago (which I believe are, for some, still part of the board): “Don’t magically expect me to be wrong, but prove me I am.”

Fabrix
Rank
Userlevel 5
Badge +11

Hi @Stéphane

Most teams are currently on vacation, and clarification regarding the issues raised in this post will be provided upon their return.

Rest assured that your comments will not be deleted. However, rudeness is not tolerated within the community. You are welcome to share your thoughts on the product without resorting to rude or offensive language. As previously emphasized twice, referencing The Watch's code of conduct, I regret to inform you that I must restrict your account.

At Centreon, we have always encouraged feedback and consistently gather insights from our users to continually improve the product. All our teams, including our CEO, are easily reachable here on The Watch or through various communication channels. We welcome debates, constructive exchanges, and ideas without hesitation, but it is crucial that these interactions occur with respect.

Wishing everyone a wonderful vacation and an early Happy New Year 2024,

Here to help you enjoy your experience on The Watch ¯\_ (ツ) _/¯
AltGr
Userlevel 1
Badge +4

@Stéphane yes telemetry can be disable, look at https://docs.centreon.com/fr/docs/23.04/security/user-data-storage/what-is-centreon-ceip/

Uncheck “Send anonymous statistics” from the Administration > Parameters > Centreon UI menu.

rchauvel
Rank
Userlevel 5
Badge +17

We use Pendo.io for multiple purposes:

  • Telemetry data so we can make informed product decisions based on our install base typology (e.g. version deployed, browsers used, language settings) and its use of the product (e.g. pages visited, features used)
  • Informing users in-product based on their profile through the Resource Center (Centreon logo at the bottom left of the screen)
  • Guiding users to improve their adoption of Centreon with in-product guides (e.g. when a feature changes or with new features)

We have decided to use a 3rd party for these necessary capabilities precisely because we want our product teams to focus on developing the monitoring solution vs being pulled away on non-core developments.

Note that we only track anonymous data per our terms and conditions:

While using Centreon’s Products, Centreon collects anonymous and non-personal data concerning, in particular and without this list being limitative, the servers use, hosts, metrics, services, pollers and usage statistics of the software suite. This information is used for the sole purpose of improving the Product(s) and the user experience and for no other purpose.

S

@Stéphane yes telemetry can be disable, look at https://docs.centreon.com/fr/docs/23.04/security/user-data-storage/what-is-centreon-ceip/

Uncheck “Send anonymous statistics” from the Administration > Parameters > Centreon UI menu.

It is unchecked already. I’m using 22.10 though but the documentation is the same than for 23.04 for that matter.

Also, the link to the CEIP documentation in the tooltip is broken (which is another problem).

I really can’t understand how you guys can consider this as a “best answer” while I appreciate the feedback. I hope that the reason is that this is actually fixed in 23.04+. Does someone can check and confirm it? Plus, 22.10 is supposed to still be supported. 

 

S

 

  • Guiding users to improve their adoption of Centreon with in-product guides (e.g. when a feature changes or with new features)

 

I don’t know how to feel about this point, really. Aren’t the technical and functional qualities of the product that should foremost improve their adoption of Centreon? I may have miss the point, we will have the occasion to talk about this next monday, don’t bother answer that here and now if you don’t think it is necessary.

Reply


Terms & ConditionsCookie settings