Can also see the dilemma NDSP stood in: Either you (try to) satisfy the costumers directly by fulfilling your business plan, or you lose them on putting your manpower into closing security holes. It’s a small scale “devils alternative” where no solution is satisfactory.
Not writing I agree, but I do understand.
Bless
In my rarely humble opinion: it’s not a dilemma. The answer is always security. Your customer data is more important than anything.
Hi! I got a bit late to the conversation and it´s already evolved but just going back to this to close the topic a bit- from the image i thought by takedown they meant takedown even though they were supportive of the project, my mistake, i´m glad they are supportive and they aren´t taking it down.
And I would just like to tell you I think you´ve done nothing wrong, if anything they should hail you for being on their side. And as you say, their development shouldn´t even be affected since what you are doing is not something they can change with updates and is not a security threat… it´s like changing the stereo system in your own car.
Anyway, you have my support, hopefully there won´t be much need to defend yourself anymore and i´d be excited to see what you do next and hopefully neural supports you and implements your work and rewards you.
@JohnnyWombwell will do, sadly i´ve read othe forums and that seems to be the general consensus. the lack of attention to detail and updates that have taken ndsp years is what is general maintenance on the competition which is fulfilled every month or so… i still love my qc but it´s disheartening to see and obviously makes me think twice before buying ndsp again over competition
I agree… i like the unit and this is not much of a threat to me but I will definitely not be trusting ndsp in the future unless something changes drastically
@kNow2 my friend but the course of events has proved it´s not a dilemma, there are screenshots of people letting neural know about this security issues for over a year and them acknowledging them but not solving them.then they lied and said they just found out and are solving it due to “public pressure”
In course of the events it is a dilemma - unless one believes the negligence was done on purpose.
You and I and most other’s agree on security first according to GDPR, but mistakes will happen, and then one would find oneself in a dilemma. Lose customers one way or the other, in maybe trying to stall it.
Bless
That is still in the middle of the existence of the QC. What you do about a dilemma is the following course of events. And what NDSP didn’t do doesn’t change the past.
And please don’t answer backwards.
Bless
I am not an expert on security, but I do try and exercise some modicum of caution on connected devices. Maybe I am not understanding the full scope of the problem here. It seems like the first order of business is to get out a new firmware version that disables the logging and subsequent email of it to Neural. I know this is problematic as it will remove an important tool for Neural support to use while troubleshooting but it would only be temporary until they can modify the logging to remove any critical user data such as passwords.
Now I know that pushing out a quickfix in a timely fashion can often depend on how well your developers have established your version management (SVC). In this case though it seems that a minor modification to the current 2.0.1 firmware would be all that is required. Use blunt force and just disable the logging in a 2.0.2 version until you can push out a version that sanitizes the log properly for delivery to Neural.
Updates for the QC can currently only be performed via Wi-Fi. Something that I hope Neural addresses at some point, perhaps with the editor rollout; providing a computer and USB method for upgrade as well. The problem with a Wi-Fi based approach only is that it places an additional burden on testing and QA to ensure a new firmware version can’t break the ability of the QC to update via Wi-Fi.
It does appear that between the already documented ‘Recovery’ process for reapplying firmware and the rollback process that Neural support has had some users with firmware issues execute when contacted directly, that they may have already ensured a path back from a flawed firmware rollout. So maybe this is no longer even a concern, just thought I would mention it. The obvious goal being for Neural to never find themselves in a situation where every unit has to be sent back to the factory for firmware reinstallation.
Anyway, to sum up this long screed. If I were Neural I would get out a non-logging version of the firmware/OS right away.
There it is. NDSP quantified the risk in this manner. Was it negligent? I have opinions, but I don’t have the legal background to say.
Well we can all speculate, but who’s perfect right? Thanx @SkeletronPrime for the screenshot. It’s a newer statement, so that doesn’t count as a history lesson 
Bless
I don’t think RexRemus works for NDSP. He’s a mod on Discord.
@RexRemus is also a Mod in here @Aleksi 
.
As a whole it doesn’t matter much to me being “right” and/or “wrong”, as long as somebody gets some perspective from it.
Also😉:
“One shouldn’t be sad about a fiasco, ‘cause it amuses a lot of people”.
So this is a checking out from this debate. Please respect that 
Bless
Mods on Discord and on here should probably have a huge disclaimer saying that they don’t work at NDSP, because this is not the first time I’ve seen people thinking that their posts are official statements.
Yes, that will definitely stop people from spreading misinformation 
It is a bit problematic though when you have people screenshotting comments by mods thinking they work for Neural and saying stuff like “There it is! Neural said this!” Media literacy is not strong on the internet.
I’m not playing this game. This is an official NDSP forum and if an NDSP mod posts something, I will consider it endorsed by NDSP.
I am a fan of NDSP and the mods, but let’s not get weird here.
You can’t make a comment about how “we’re” quantifying a security issue and then say lol just kidding, NDSP? Who’s that? Stop it.
Yes, it needs to be VERY clear that NONE of the mods represent Neural DSP - none of work FOR NDSP - we are members of the community, so do not take anything any of us say as “gospel” from NDSP!
The was entirely my OWN personal speculation, NOT a statement on how or why Neural did what they did, how they did it
There’s no game, literally YOU are making the “game”. What I posted has NOTHING to do with NDSP or their actions regarding this issue
Fine. I respect that. I’m sure you understand why I took your use of “we’re” the way I did. Thanks for clarifying.
Just to further clarify - that means mods are doing their work here pro bono, and are not paid by NDSP for the moderation?
If so - that is good, and chapeau bas for your work!
i dont´quite understand, i´d say doing nothing is still something, that´s why it was a negligence on their part.
i also don´t know what answering backwards mean xp
may the lord bless you too
Well, I spent some time thinking things through this weekend.
I don’t really want to be arguing with mods or anyone about the way things are being handled now or in the future - at the end of the day it’s just gear and I’d rather not be part of the problem.
Wishing you all the best. The QC is on eBay and I have an FM9 Turbo en route.
