Rails - Nov 2007 - Self destruct your application?

I have dealt with some clients in the past, got screwed a couple of
times, etc. Yes I have contracts, etc. Some of these jobs are so small
that they are not really worth taking legal action. I want to develop a
plugin that can self destruct an application. Is this possible?
Basically I could access a URL with a password, other identification,
etc. and rails would basically delete itself. If I''m doing this through
apache I''m assuminng rails would be run under the apache user, so if I
ran rm -rf RAILS_ROOT would this work?

Thanks for your help!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

This seems like a really bad idea.  I''ve been in your shoes more  
times than I care to admit, so for clients where this situation is a  
potential, I''ve adopted an aggressive strategy for getting payment  
for my work.  I only deploy what they have paid for.  If they demand  
to see working code first, that''s fine, I deploy it to a subdomain  
that I own.

I am up front with my intentions, so there are no surprises.  When  
they have agreed that the code meets what they need, then when  
payment is received (and the check clears) will I push the changes to  
their boxes, or if I''m hosting it, to their domain.

Don''t feel like you will lose business by demanding something like  
this.  You deserve to get paid for your quality work!


--
James Mitchell



On Nov 27, 2007, at 1:49 AM, Ben Johnson wrote:
>
> I have dealt with some clients in the past, got screwed a couple of
> times, etc. Yes I have contracts, etc. Some of these jobs are so small
> that they are not really worth taking legal action. I want to  
> develop a
> plugin that can self destruct an application. Is this possible?
> Basically I could access a URL with a password, other identification,
> etc. and rails would basically delete itself. If I''m doing this  
> through
> apache I''m assuminng rails would be run under the apache user, so
if I
> ran rm -rf RAILS_ROOT would this work?
>
> Thanks for your help!
> -- 
> Posted via http://www.ruby-forum.com/.
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Dude, have you ever heard of backups??? Even if you manage to delete
the code, they can always deploy it again. That''s what the
entertainment industry is suffering to understand...

This is typically not a technology problem. You have to resolve it by
other means. James'' suggestion bellow is very good. Another
alternative is to provide services, not products. That is, host the
solution. Finally, if you really want to solve this using technology,
I would try to use encryption. Perhaps something along the lines of
Zend Guard (http://zend.com/en/products/guard/) in the PHP world.

Best regards, Ricardo

On Nov 27, 4:49 am, Ben Johnson
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> I have dealt with some clients in the past, got screwed a couple of
> times, etc. Yes I have contracts, etc. Some of these jobs are so small
> that they are not really worth taking legal action. I want to develop a
> plugin that can self destruct an application. Is this possible?
> Basically I could access a URL with a password, other identification,
> etc. and rails would basically delete itself. If I''m doing this
through
> apache I''m assuminng rails would be run under the apache user, so
if I
> ran rm -rf RAILS_ROOT would this work?
>
> Thanks for your help!
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

What you''re asking about is unethical. Even if you don''t get
paid, it''s
unethical, and probably illegal if they own the server.

Never deliver a product without receiving compensation. Half-down before you
start, remainder when they approve the project. Only after approval does it
go on their servers. Set up your own servers for them to review, or build in
the cost of a VPS from linode.com into the contract so you can stage their
stuff. There are lots of options.

In business, people will try to take advantage of you if you let them.  If
you''ve done all the work and the client has the end results, why should
he
pay you?



On Nov 27, 2007 12:49 AM, Ben Johnson
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
> I have dealt with some clients in the past, got screwed a couple of
> times, etc. Yes I have contracts, etc. Some of these jobs are so small
> that they are not really worth taking legal action. I want to develop a
> plugin that can self destruct an application. Is this possible?
> Basically I could access a URL with a password, other identification,
> etc. and rails would basically delete itself. If I''m doing this
through
> apache I''m assuminng rails would be run under the apache user, so
if I
> ran rm -rf RAILS_ROOT would this work?
>
> Thanks for your help!
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Brian Hogan wrote:
> In business, people will try to take advantage of you if you let them. 
> If you''ve done all the work and the client has the end results,
why
> should  he pay you?
>
Rather, in any situation some people will try and exact as much for 
themselves as quickly as possible without regard to others, or even 
their own long-term, interests.  However, these people are very much in 
the minority.  Human society, and business interaction is but one facet 
of social interaction, would not function if even a significant minority 
of its members behaved in the fashion described above. They exist, yes, 
but not in any great number.

If people are taken advantage of to the extent that they feel it 
necessary to bobby-trap their products then they are not demonstrating 
any great discrimination in the jobs that they take.  Perhaps their 
choice is driven by pressing economic circumstance but what needs to be 
addressed is ones willingness to enter into unequal relationships and 
not formulating methods of exacting revenge when this becomes evident.

A contractor can usually get a very good sense of the type of people 
that they are dealing with by doing a credit check on them.  If the 
client is not worth bothering with then rarely will you be the first 
supplier that they have stung.  The $50-100.00 spent is well worth the 
investment.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

It really wasn''t meant to be a deep question. Whether you like it or
not
this world is full of scumbags. A lot of time projects deal with more 
than just money, such as equity, or stipulations based on the success of 
the project. Things that occur after the project has launched. I 
understand that a solid contract is the best method for making sure you 
get what you are entitled too, but sometimes turning off the project is 
a quicker means of getting their attention and being treated fairly.

Put yourself in that situation. You were promised X dollars if the 
project reached a certain success point. It reached that point and you 
got no money. You could wait a year to get your money or you could 
probably get it in the next week if you turn the project off. What would 
you prefer?
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> It really wasn''t meant to be a deep question. 
I submit that contemplating a destructive, and potentially illegal, act 
is a very deep question that requires a very carefully considered 
answer.

> Put yourself in that situation. You were promised X dollars if the 
> project reached a certain success point. It reached that point and you 
> got no money. You could wait a year to get your money or you could 
> probably get it in the next week if you turn the project off. What would 
> you prefer?
This begs the question of what was promised and how it was to be 
measured.  Whenever one is working with independent contractors there 
are risks assumed on both sides that neither may have given much thought 
to.

One can liken the situation of web app design to that of home 
renovation.  As a home owner you run a risk of spending money for shoddy 
or incomplete work.  As a contractor you run the risk of dealing with a 
high maintenance client that does not have a clue about what will 
satisfy their desires.  Sometimes these risks create conflict and anger, 
but coming back in the middle of the night and tearing off someones roof 
is simply not to be contemplated, no matter what the rights and wrongs 
of th dispute.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> Put yourself in that situation. You were promised X dollars if the 
> project reached a certain success point. It reached that point and you 
> got no money. You could wait a year to get your money or you could 
> probably get it in the next week if you turn the project off. What would 
> you prefer?
The largest single hit that I ever took was for 16k in 1998.  I took the 
legal route and discovered that enforcing the contract would cost 
between 10 and 25k. SO I ate it.  In that case a credit check would have 
revealed nothing because the cause of the dispute was personal antipathy 
towards me by a principle of the firm.   However, I must say that I 
never once thought about trashing the the work that I had performed.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

You are wrong because to put the roof back on would take as much work as 
it took to put it there in the first place. Software can essentially 
have an on / off switch. I could have what took months to complete up 
and running in minutes.

It is not unethical at all, keep in mind that you are the one that is 
owed money. At the point of "self destructing" the software you are 
certain that you are being screwed. It''s not something I would do on a 
hunch. I would be 100% certain that my client is trying to screw me. 
This is a last end all option.

Everyone has their own way of dealing with problems, leave that to the 
person. This thread was not meant to become a lecture on morals. I just 
wanted to simply know the best method for self destructing my project.

Let''s try another scenario. Let''s say I build a rails project
for a
client of mine. Now they are using this project to take over the world. 
In order for me to save the world I must self destruct my project. How 
would I do this?
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I feel this approach is pointless. A client can always mine your code and remove
your ''self
desctruct'' sequence. Anyone who is out to screw a developer is going to
be on guard (paranoid)
because they know their days are numbered.

-- Long
http://MeandmyCity.com/ - Find your way
http://edgesoft.ca/blog/read/2 - No-Cookie Session Support plugin

----- Original Message ----- 
From: "Ben Johnson"
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
To: <rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
Sent: Tuesday, November 27, 2007 1:50 PM
Subject: [Rails] Re: Self destruct your application?

>
> You are wrong because to put the roof back on would take as much work as
> it took to put it there in the first place. Software can essentially
> have an on / off switch. I could have what took months to complete up
> and running in minutes.
>
[snip]


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Oh for goodness sake, just answer the question...

I think that relying on the application to be able to delete itself is
too dependant on things that you don''t have any control over (file
ownership/permissions being the key here).  I''m also leery of the
legal aspects of deleting something (even if it is stolen software) on
someone else''s machines.

If you are intent on being able to "turn off" your code there are two
things that jump out at me right away...

1) Add some kind of "software key" to your application... it could be
a table with "authorization" and "expiration" columns, or a
file in
config/ or something like that.  Check for that somehow (before_filter
on all/key controllers?) and if the authorization has expired,
redirect to a "Your licence to use reallycoolwebapp 2.0 has expired"
When they pay in full you can either grant a licence that never
expires, or just turn off the licence check totally.

2) Add some kind of "call home" mechanism to the application, so that
on a regular basis the app checks with you to make sure it can still
be run.  You maintain a webserver that chucks out an XML file (or
something) that grants the app permission to continue running.  If the
client refuses to pay, you revoke the licence on your end, and
reallycoolwebapp 2.0 is turned off for them.

As a non-compiled language, anything you try to do risks being found/
disabled by the client.  #2 might be slightly more resilient to that,
but I would imagine that someone could just turn off the entire
checking mechanism without too much work.  You could try hiding it in
your own plugin, that might make it a little more obscure.  However
doing #2 requires that you keep that server up forever...


If I were to do either of the above options (or anything else like
this)

On Nov 27, 1:59 pm, "Long"
<long...-bJEeYj9oJeDQT0dZR+AlfA@public.gmane.org>
wrote:
> I feel this approach is pointless. A client can always mine your code and
remove your ''self
> desctruct'' sequence. Anyone who is out to screw a developer is
going to be on guard (paranoid)
> because they know their days are numbered.
>
> -- Longhttp://MeandmyCity.com/- Find your
wayhttp://edgesoft.ca/blog/read/2- No-Cookie Session Support plugin
>
> ----- Original Message -----
> From: "Ben Johnson"
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
> To: <rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> Sent: Tuesday, November 27, 2007 1:50 PM
> Subject: [Rails] Re: Self destruct your application?
>
> > You are wrong because to put the roof back on would take as much work
as
> > it took to put it there in the first place. Software can essentially
> > have an on / off switch. I could have what took months to complete up
> > and running in minutes.
>
> [snip]
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Nov 27, 2007 1:50 PM, Ben Johnson
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Let''s try another scenario. Let''s say I build a rails
project for a
> client of mine. Now they are using this project to take over the world.
> In order for me to save the world I must self destruct my project. How
> would I do this?
:~) I love it!

When you get it figured out, will you release it as a plugin?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The majority of the responses (including yours) seem to say "it is not
worth doing since the client
can get around it". I dont see how that is not a valid answer...

-- Long


----- Original Message ----- 
From: <andrew.ohnstad-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: "Ruby on Rails: Talk"
<rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
Sent: Tuesday, November 27, 2007 2:25 PM
Subject: [Rails] Re: Self destruct your application?

>
> Oh for goodness sake, just answer the question...
>
> I think that relying on the application to be able to delete itself is
> too dependant on things that you don''t have any control over (file
> ownership/permissions being the key here).  I''m also leery of the
> legal aspects of deleting something (even if it is stolen software) on
> someone else''s machines.
>
> If you are intent on being able to "turn off" your code there are
two
> things that jump out at me right away...
>
> 1) Add some kind of "software key" to your application... it
could be
> a table with "authorization" and "expiration" columns,
or a file in
> config/ or something like that.  Check for that somehow (before_filter
> on all/key controllers?) and if the authorization has expired,
> redirect to a "Your licence to use reallycoolwebapp 2.0 has
expired"
> When they pay in full you can either grant a licence that never
> expires, or just turn off the licence check totally.
>
> 2) Add some kind of "call home" mechanism to the application, so
that
> on a regular basis the app checks with you to make sure it can still
> be run.  You maintain a webserver that chucks out an XML file (or
> something) that grants the app permission to continue running.  If the
> client refuses to pay, you revoke the licence on your end, and
> reallycoolwebapp 2.0 is turned off for them.
>
> As a non-compiled language, anything you try to do risks being found/
> disabled by the client.  #2 might be slightly more resilient to that,
> but I would imagine that someone could just turn off the entire
> checking mechanism without too much work.  You could try hiding it in
> your own plugin, that might make it a little more obscure.  However
> doing #2 requires that you keep that server up forever...
>
>
> If I were to do either of the above options (or anything else like
> this)
>
> On Nov 27, 1:59 pm, "Long"
<long...-bJEeYj9oJeDQT0dZR+AlfA@public.gmane.org> wrote:
> > I feel this approach is pointless. A client can always mine your code
and remove your ''self
> > desctruct'' sequence. Anyone who is out to screw a developer
is going to be on guard (paranoid)
> > because they know their days are numbered.
> >
> > -- Longhttp://MeandmyCity.com/- Find your
wayhttp://edgesoft.ca/blog/read/2- No-Cookie Session
Support plugin
> >
> > ----- Original Message -----
> > From: "Ben Johnson"
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
> > To: <rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> > Sent: Tuesday, November 27, 2007 1:50 PM
> > Subject: [Rails] Re: Self destruct your application?
> >
> > > You are wrong because to put the roof back on would take as much
work as
> > > it took to put it there in the first place. Software can
essentially
> > > have an on / off switch. I could have what took months to
complete up
> > > and running in minutes.
> >
> > [snip]
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> Basically I could access a URL with a password, other identification,
> etc. and rails would basically delete itself. If I''m doing this
through
> apache I''m assuminng rails would be run under the apache user, so
if I
> ran rm -rf RAILS_ROOT would this work?
That is highly unprofessional and probably illegal. How do you think 
your customer will react if he finds that you have implemented a 
sabotage mechanism in his application?
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andreas S. wrote:
> Ben Johnson wrote:
>> Basically I could access a URL with a password, other identification,
>> etc. and rails would basically delete itself. If I''m doing
this through
>> apache I''m assuminng rails would be run under the apache user,
so if I
>> ran rm -rf RAILS_ROOT would this work?
> 
> That is highly unprofessional and probably illegal. How do you think 
> your customer will react if he finds that you have implemented a 
> sabotage mechanism in his application?
I dont really care what he thinks, keep in mind this guy is screwing me. 
Meaning he is doing something to me so wrong and illegal that it''s
worth
doing this. I also checked with an attourney and it''s not illegal.
It''s
similar to a car company repossessing your car. He got something he 
didn''t pay fully for, you are taking it back.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> Andreas S. wrote:
>> Ben Johnson wrote:
>>> Basically I could access a URL with a password, other
identification,
>>> etc. and rails would basically delete itself. If I''m doing
this through
>>> apache I''m assuminng rails would be run under the apache
user, so if I
>>> ran rm -rf RAILS_ROOT would this work?
>> 
>> That is highly unprofessional and probably illegal. How do you think 
>> your customer will react if he finds that you have implemented a 
>> sabotage mechanism in his application?
> 
> I dont really care what he thinks, keep in mind this guy is screwing me. 
I''m not talking about the sabotage itself, but about the inclusion of a
sabotage mechanism. You would have to do that before you knew whether he 
is screwing you.
> It''s similar to a car company repossessing your car.
It''s more similar to a car rental company installing a block of C4 with
a timer under the hood.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Why not just start a smear campaign against this person/company. If this 
app is for a company that wants to get their services out to a wide 
group of people why not make it known that you built this app for them 
and they didn''t pay for it and ask the question of "Do you really
want
(as a consumer) to engage in business practices with someone that 
behaves like this?" In the end you may prevent enough people from doing 
business with them that they may regret not paying because in the end 
they would have lost more in lost business because they didn''t pay then
if they did. If legal action doesn''t work and I would hope that ethical
sensibility would always prevail, then you have to hope that public 
opinion will succeed.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Again, since this is software (digital information) and a non-compiled
language, only encryption might work..

Best regards, Ricardo

On Nov 28, 12:42 pm, Ben Johnson
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Andreas S. wrote:
> > Ben Johnson wrote:
> >> Basically I could access a URL with a password, other
identification,
> >> etc. and rails would basically delete itself. If I''m
doing this through
> >> apache I''m assuminng rails would be run under the apache
user, so if I
> >> ran rm -rf RAILS_ROOT would this work?
>
> > That is highly unprofessional and probably illegal. How do you think
> > your customer will react if he finds that you have implemented a
> > sabotage mechanism in his application?
>
> I dont really care what he thinks, keep in mind this guy is screwing me.
> Meaning he is doing something to me so wrong and illegal that it''s
worth
> doing this. I also checked with an attourney and it''s not illegal.
It''s
> similar to a car company repossessing your car. He got something he
> didn''t pay fully for, you are taking it back.
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Been there and it sucks.

I am a passionate programmer so I will put code in for free just because 
I love it.
But when its time for the customer to pay and he doesn''t, but still 
continues to use youre product where you put tons of hours in, you feel 
it in your gut every time that website ist still up.
Trust me on that.
So if you have a feeling in the first place you are gonna be screwed, 
walk away !
If youre not sure but want the deal built that code that will nuke it 
into orbit when needed.
Yep, I am still pissed writing this down and thinking about that ass*le.

What have I learned?
Serve the app yourself.
When they pay you give them the code.

A little cool trick I did with 1.1.6 ( wow thats old ) was the 
following.
Don''t know if it still works.
But it was just simple deployment.
sudo script/server -d
Now in production all the controller code was loaded.
So I just fired up textmate and deleted the controller code.
Worked like a charm.

Eventually the f*cker restarted his Mac and he was screwed
:-)
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

As for file backups, that is relatively easy to get around.  Have all
the data in subversion EXCEPT one critical file.  For the project that
I''m on right now, that would be the post-checkout script. That script
is run-once per checkout, so if I were concerned, I would keep it off
the hard drive.  Have capistrano tunnel back to run the script.  Have
a phone-home action that deletes a bunch of files if it fails.
Specify that their rights to the software expire if payment is not
prompt.  Test everything.  Sleep well.

Me?  I''m on salary.  :D

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---