avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday December 1, 2020, 3:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - drapps [ switch to compact view ]

Pages: [1] 2next
Ahhhh, finally I got around to listening to this! (Still not got around to #2 yet, been listening to 'Symphony of Science - the Quantum World!' on repeat half the night lol)

Nothing to really add to the conversation as such, will comment more after listening to #2 xD

Anyhow, It was a bloody good listen and I highly recommend it to my fellow DC members!

That is awesome! I hope you love episode #2... and all that follow after that! We'll appreciate *any* feedback and thanks for listening! :)

Whoa! Totally missed this... heard most of the intv. right now but I'm really high and would like to do it justice. I'll definitely give it a second (sober) listen. Renegade, you're the resident celeb, I totally blame you for missing this when it was posted (not pimping your fame in the post title and making it seem like just another intv.  :D )

Great work, guys!  :Thmbsup: Looking fwd to more... and P.S. - Renegade, if you don't go on a tangent during one of these and start ranting about Apple I WILL BE DISAPPOINT!!  ;D

Edit: Just read Stephen's post... there's already a part 2?? Fuck, I'm drunk!

ROFL!!!! Thanks for listening! HAHA, we managed NOT to record Ryan's Apple rants. The show is SFW. But man... have we had some LIVELY off the record ones! Oh, and *ahem* maybe Ryan should "come clean" about a recent Appley event in his life (if he hasn't already). :P *DOC RUNS AWAY*

Btw, we have a "rant" segment called "Open Commentary" but we haven't done one for a show yet. I'm still not sure it can be pulled off in a SFW way!

Ryan posted a thread for episode #2 over here: https://www.donation...ex.php?topic=27814.0 btw.

Be well everyone and don't be scared to share the show! :)

Sorry for the late review. Just downloaded and listened to it and I like it. :)

Few suggestions -

1) PDF transcript please (ya know speed of my USB data card ryan  :D)
2) Interviews of developers from codecanyon (envato) or other freeware/shareware authors
3) GTD stuff (interviews or resources?) :P
4) Audio goes up and down, that's the only problem. So please fix that.

Keep up with the podcast  :Thmbsup:

Thanks for listening and for providing feedback!  :Thmbsup:

#1) Working on a solution for transcriptions. Really important to have content like this as accessible as possible! Don't want it "locked up" in audio-only. 

#2) Definitely! I'll reach out to Envato. And we'll be interviewing freeware/shareware/open source authors too. If you have anyone/someone in mind and want to/can intro us, please shoot over an email to  loopback [At] thedocreport [D0TTT] com.

#3) Great topic to cover! Useful for everyone! Now who to interview... There's already a lot of great GTD talks/presentations/interviews out there. Hmmm... (brain working). We can definitely cover some resources in "Helpful How-tos" and/or "Techies Treasure Chest".

#4) It's always just my voice isn't it? :P Maybe, I'm *too* animated for audio... Haha. It'll get better! :)

Thanks again and stay tuned!

Hi DC'ers!

Long time, no Doc!  ;)

Please do check out the show and let us know what you think!

We've aimed to produce a high-quality podcast that's useful for *any* developer.

If you have any suggestions of topics you'd like to "see" (okay, "hear") covered, let us know.

Be well! :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: March 30, 2011, 03:19 PM »
Comprehensive details on what information is collected, for what purpose and at which point during the installation and recommendation process is available here:

Hope everyone is having a good day! :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: March 24, 2011, 02:25 PM »

We only allow two third-party offers per installer and consider an OpenCandy-powered recommendation to be a third-party offer. (We restrict the offering of search toolbars to *one* per installer.)

If anyone is interested, scope out our (always evolving as the software landscape does) Software Network Policies which are what prospective and current partners must adhere to (and their products are tested against) are available here:

Hope everyone is doing well! :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: September 30, 2009, 12:09 PM »
Scancode, et al,

Hey y'all (yeah I said "y'all"), hope you're all having a great Wednesday!

DC<>Users is what makes DC great!

I agree, no question. :)

Regarding the FAQ, Whoops. FIXED!  I added instructions for those publishers that currently don't use an OpenCandy subkey. See Thanks for pointing it out and I appreciate the time you took to read through the faqs. I'm a big fan of a "second set of eyes" especially when they come from the outside looking in.

I have more great news...

Regarding changing OC registry entry location to an OC subkey as a requirement, it was in the pipeline but I wasn't sure we would be able to get it into the version 1.3.1 update (which is rolling out shortly with the NSIS bugfix). But... we did! As of v1.3.1, all ALL OpenCandy publishers are REQUIRED put OpenCandy related registry entries inside an OpenCandy subkey within the publisher's registry key.

Take good care everyone. :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: September 24, 2009, 05:16 PM »
Hi Everyone,

I’m back. Things have been hectic. Of course moving took much longer than I thought; I didn’t realize how hard it would be with the baby and doing 95% of the move myself!



Regarding the registry entries:

I misspoke (miswrote?) and should clarify that currently, per our Publisher’s Kit Integration Guide, it is only a requirement that OpenCandy related registry keys be stored within the publisher’s registry key. We don’t specifically require that they be within an OpenCandy subkey, though most publishers (MediaCoder excluded, obviously  :) ) do put them within an OpenCandy subkey.

OpenCandy files in temp directory:

I/we owe you a big THANKS! You’ve actually discovered a bug with v1.3 of our plug-in that only affects NSIS based installers. Only the dll (OCSetupHlp.dll) should be in a user’s temp directory (when it’s unpacked by the installer) and it should be removed once the publisher’s installation is completed. This doesn’t change what I said above about when a recommendation is accepted. When that happens an OpenCandy folder containing the dll (OCSetupHlp.dll) and the text file (OpenCandy_Why_Is_This_Here.txt) are created within the publisher’s installation directory to facilitate the download and installation of the recommended software and once finished, the folder and files are automatically removed (unless one of those things listed in the OpenCandy_Why_Is_This_Here.txt happens: power goes out, etc... ).

We’re in the process of wrapping up version 1.3.1 which rectifies the issue. It'll take a bit before all our publishers have updated their builds. This bug does not affect OpenCandy publishers with Inno-based installers.

Oh yeah, the FAQs are up (!

Be well everyone  :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: September 13, 2009, 07:42 PM »
Hi scancode (or Scancode) and DC'ers!

Hope all of you are well. I'm in the middle of moving (and re-setting up my lab) right now but I'll be back tomorrow to post more information. I figured I could throw a couple of things out here now.

The FAQs I promised are finally done and are going to be posted tomorrow (what coincidence!). The FAQs include information about the registry entries. Quickly though, even if you don't accept a recommendation, bookkeeping information about the publisher's software you did install (in your case Scancode, MediaCoder) are created within the publisher's registry key inside an OpenCandy key (so in this case it should be HKLM\Software\MediaCoder\OpenCandy\) as well as a non-reversible identifier created via a random number generated which helps us prevent fraud/gaming and also lowers the likelihood that a declined recommendation will be shown again in the future.

Something big I want to announce... We've updated our plug-in (which all publishers are in the process of updating to/re-integrating), to version 1.3, so that OpenCandy provided files are only TEMPORARILY copied to the computer IF a recommendation is accepted and then they are deleted after the recommended software is downloaded and installed. So no more OpenCandy files will be left behind anymore! Which also means (by the very nature of not leaving OCSetupHlp.dll behind) that we have eliminated uninstall tracking for our publishers. It could take up to 4-6 weeks for everyone who participates as a publisher to update their installers with the new plug-in though (based on their release cycles, etc).

Thanks again everyone! Be well. :)

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 30, 2009, 04:24 PM »
Fine, mouser, I'll quit.

I am referring to reply 104 that has not been done.
There is no eula for open source posted with an install of these programs.

As stated in post #104... ALL publishers that were NOT ALREADY disclosing OpenCandy in their EULA have been notified that they need to do so. I expect it may take another couple of weeks or so for them to update their builds. We're on it! :)

In addition, no NEW publishers have been allowed to launch "powered by OpenCandy" installers without disclosing so in their EULA.

Thanks :)

Dr. Apps

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 29, 2009, 03:53 PM »
OK -- here's the deal...

If you're familiar with the GOTD site (, today (5/29) they're offering a copy of StarBurn. StarBurn offers in an very upfront, opt-in/out way to add a toolbar etc -- check out the high % of negative comments & comment ratings, mainly because the add-on's even offered.

It's funny that you posted this because this morning I was scrambling to find out what "Skymediapack" was and whether it was a required component of Starburn. I didn't think it was because I've installed Starburn many times before and never noticed it.

I DON'T think Starburn was "very upfront" about Skymediapack at all. There is ZERO explanation in the Starburn installer of what Skymediapack is, what it does (like change your home page), whether it is optional AND to top it off... it's pre-checked to install (aka opt-out). So, many people are probably installing Skymediapack by accident which is why they're mad. I would be too. I (obviously) didn't install it, but some people in the GiveAwayoftheDay comments are saying that Skymediapack doesn't have an uninstall entry.

The way I look at it, this is exactly the reason why OpenCandy exists. OpenCandy recommendations are crystal-clear that they are optional, there's useful information about what a recommended application (or service) does (app highlights), and all OpenCandy recommendations are OPT-IN.

Dr. Apps

EDITED: forgot the word 'application' and added '(or service)' in the sentence "...about what a recommended does (app highlights)..."

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 18, 2009, 05:49 PM »

"The thing is that OC installs itself(in the program directory as dll and in the registry) and does not tell the user about it even if the user does not want to install the recommended software, based on my experience."

"I asked a similar question some 70 posts ago.... http://www.donationcoder....18297.msg164050#msg164050"

The fact that not ALL publishers (developers recommending other software via OpenCandy) were disclosing OpenCandy in their EULA was an oversight. It was an honest mistake and I apologize.

Effective immediately no NEW publishers will be allowed to release an OpenCandy powered installer without disclosing it in their EULA (along with a link to our privacy policy).

In addition, EXISTING publishers utilizing OpenCandy that have not disclosed so in their EULA (with a link to our privacy policy) are being notified NOW that they MUST update their EULAs.

"Let's say I install something containing OC and decline the recommended application. Then the next time because of the stuff they left on a user's system, they know what I previously installed, so they don't offer me that, and they know what I declined and won't offer me that again, either. After awhile, after a sizable portion of the world's developers are using OC in their installers (which is what they are hoping for), it would be possible to gather a pretty large list of what a user has installed on their system and what they are not interested in, in a single shot."

OpenCandy's recommendation engine doesn't function to build a database of what software people have installed on their system. It's function is to make a "good" recommendation. So if 90% of computers install "Bob's Bodacious Biorhythms" software when it's recommended by "Julio's Horoscope Creator" then statistically we (and Julio) are probably making a "good" recommendation. The inverse, if "Joe's Awesome Task Manager" recommending "Frank's Fantastic File Syncing Tool" results in zero installs then it tells us that "Joe's Awesome Task Manager" should look into recommending something else.

"But if it is harmless and not capable of doing anything, what would be the reason for leaving it and any registry entries related to it on a user's system after the install process is completed, unless it is to activate and/or retrieve other data later, such as the next install of anything containing OC?"

The OC dll is also called during uninstallation.

We provide (aggregate, non-personally identifiable) statistics back to publishers about installation and uninstallation of their software. The idea being that anonymous statistics like (a high percentage of) uninstallations can help a developer recognize if something needs to be fixed, changed, enhanced in their software (though they're going to have to reach out to their users to find out the actual reasons). 

"Combine that with the data they can collect from your IP address when it contacts their servers, and they can pretty much know where you live, your connection type, what ISP you use, whether you install software at night more than during the day, on weekends rather than during the week, and a ton of other statistical data about you,too. Even without knowing your actual identity and precise street address, they can know a lot about you. This is what is not told to the user, and it's this type of information collecting the user doesn't know about and hasn't consented to."

The key words are "can collect". We don't. As I've stated previously (and as written in our privacy policy), we don't store your IP address (we do use it to determine what COUNTRY you are in), we don't care about your ISP, connection type, or when you install software. The user is told and consents to it when they accept the EULA for the publishers software they are installing.

"Why is it I had to point out what is installed where? And not OC's webpage."

We are currently in the process of re-architecting our entire website. Currently it has ZERO flexibility to work with content. Also, previous to me being hired at OpenCandy there wasn't a single/central person (who had time and was responsible for) getting content/information on the website. So a lot of the information I've provided here will be available on our website as well. :)

"What exactly is that dll doing in it's own folder as well as other programs, after the install, nothing? Is it waiting on input? Is it sending anything anywhere?"

Answered above in response to @app103. It does not send anything, anywhere except during installation or uninstallation of a publisher's software. The information sent is disclosed in our privacy policy.

"No, Dr apps I don't see you as a tech, as in computer technician.
Unless you are just not saying. Cause you haven't said anything that leads me to think that you know much more then anyone with google and some scanners."

Ouch! ;)

I am. It's what I've been during for years. This thread hasn't afforded me the opportunity to prove my "geek cred". But I'm around (on Twitter, now here, and hopefully I'll launch my new blog soon)... So, there will be plenty of opportunities for me to share my tech knowledge. :)

"And most troubling is the lack of willingness to disclose the users of OC. If it's so great then why is it not revealed before installs. There's other questions not answered
as well."

Answered above in response to @app103. ALL Publishers MUST disclose OpenCandy via their EULA.  Publishers are free to decide for themselves if they want to talk about OpenCandy on their websites (though we encourage them to blog/inform their community about us!), some of them already do (I linked to some, a bunch of posts back). Also, we have "Powered by OpenCandy" on every recommendation screen and we have a link to our site in the downloader. I also mentioned earlier in this thread that we plan to have an OpenCandy link (and possibly a link to specific information about the recommended program) in the recommendation screen but due to technical issues it hasn't been implemented yet.

BTW, our privacy policy is available here: Also, if anyone wants to check out our SDK and documentation, it's available here: (I didn't link to the direct download of our SDK because when it's updated the file name changes).

Thanks. :)

Dr. Apps

Difficult to answer, really. Depends much on the category, but I suppose in general an application is useful if it's something I'd miss if it was removed. Maybe I'll find some better answers once I get around to reinstalling Windows... nlite is very useful in that context ;)

That's a great example. Since nLite is extremely useful but only used once every <insert how often you re-install Windows here>. Thanks!

Basically the same things I look for in a woman:  it does what it says it will do, or more, but never less.  It doesn't thrash my machine.  It isn't priced beyond the value of its functionality to me.  And in descending order of importance: it's fast, simple, and looks pretty.  8)


General Software Discussion / Re: What the hell is OpenCandy?
« on: May 17, 2009, 01:02 PM »
"...or is it just a dll/library that is part of the installer and only runs during installation and uninstallation?"

Yes, that's exactly right. :)

"This is about the time when andrew is probably regretting he ever joined in this discussion, since answering the posts in this thread has become a full time job for him  huh

If it's any comfort -- i do think the thread is an overall positive thing for OC -- in letting you explain the workings of it to people who might be initially skeptical.  Not everyone will like it, but at least this thread will be a place they can find out more and see both sides discussed reasonably."

Haha. :) Nah, I don't regret it at all. Sure, it's taken quite a bit of time though :) But it's helped me confirm I made the right decision to join OC, because through explaining what we are doing I've gotten some positive feedback from people, that, on the whole, are just like me... security and privacy minded techies.

"He is a salesman mostly, not a tech, nothing wrong with that."

Fair enough, I'm part salesman. I've been selling myself as well as inanimate objects since I was 12 years old. It started with comic books and baseball cards, then burritos, then financial plans because I believed in trying to help people create a legacy, then IT services to help secure Windows machines for small businesses and home users. And now I'm with OpenCandy because I believe our technology will help fuel innovation & competition in the developer community which in turn will benefit the user community. And I'm proud that we do it in a way that doesn't trample over user's privacy and rights.

I'm definitely a tech (techie), but I'm just not a developer, programmer, coder or engineer (guess those terms are relatively interchangeable). I've personally asked pretty much every question that has been asked on this thread before I accepted my position at OpenCandy. I've asked it to our engineers, our business development team, our founders, and everyone else. I've digested it and I'm putting it out here as best I can in the terms that I'm most familiar with. Of course, if I haven't answered a question (technical or otherwise) clearly enough, please let me know. :)


As cmpm confirmed -- it's just an extra dll that the setup program loads.

Which is how i assumed it worked when andrew explained that OC can be integrated into Inno Setup and NSIS Installers.  And that's really a very clever, non-intrusive way of doing it, which i think should be applauded.  Much of the resistance from people on this thread may result from the fact that people assume that OC is installing some standalone program that is running in the background, etc.

Really OC is not doing anything all that different from what many installer tools from larger companies *already do* (i.e. show some blurbs during installation, offer to let people download another related program from the company, etc.); OC just seems to offer an easier and standard way to do this for the developer who is creating the install package.

I think it's pretty clever actually.

:up: And, at least with OpenCandy, you DON'T have the classic: Click Next -> Next -> Next -- "OMG! How did I get BrandX toolbar?"


ok here is my bet, I am putting my 100$ if anyone wants to bet on it.

I am %100$ sure that in 2 years OC will become an application that will try to install hidden stuff and spy on your download-installation activity. If anyone wants to bet I am accepting bets. Since we do not want to gamble lets keep the amount not more than 100$.

I'll bet $100 against that. It'll never happen. We will NEVER install hidden stuff or spy on people.


"i think it should be pretty clear by now that if OC start to make some evil changes  -- you can be we will all be screaming bloody murder here on this forum :)"

Amen to that! I'd be here screaming bloody murder too because I'd leave the company in a heartbeat if that ever happened (which it won't).


"I have teamed up with a company with a proven track record of abusing the trust of everyone. But don't worry, the founder of the company says he saw the light and he is all reformed now.

What company has a proven track record of doing that? Certainly not OpenCandy.

The business decisions that were made at DivX were made and done... at DivX. This is about OpenCandy. Our business decisions are driven from our vision (which I've covered extensively in my other posts on this thread) and our mission is to carry out that vision in a user-centric and user-friendly way that provides a measurable value to users (discovery of great software).

And regarding what DivX did (which I said I didn't approve of), they stopped doing it in 2004.

"I trust him, because the guy that he sent to talk to me seems like a likable guy, and that is what is really important. Whatever the nice guy says about him must be true and his motives must be pure & honorable, just because the nice guy says he believes it.

Of course I don't have any proof that the nice guy is telling the truth or that he believes what he is saying..."

The proof about what I'm saying about OpenCandy is being verified (in real time) by people like @mouser and @cmpm.

The proof that I believe what I'm that I'm saying it. Just like the proof that you believe what you are saying is that YOU are saying it.

I didn't blindly believe what the folks at OpenCandy told me previous to, and during my interview. I did research, I asked the hard questions. I wanted to know that joining OpenCandy (if I was hired) actually aligned with who I am as a person (which at the end of the day is a user advocate).

@app103 If I ever see you broken down on the side of the road........................................ You guessed it. I'd be the person that stops to help... and yes, I'll still help even if it's you! :)

Off-topic: I started a thread entitled "What makes an application "useful"?" at https://www.donation...ex.php?topic=18350.0 Check it out and share your thoughts.

Thanks again everyone. :)

Dr. Apps

Sounds like an easy question, doesn't it? But when you really get down to it, it's a really complex question because usefulness means different things to different people. It also means different things depending on the category of application. So this thread will be a place where people can leave their opinions (in general or citing specific software) about what they think makes an application "useful".

Things to consider

Is it based on frequency of use? Firefox vs. WinDirStat, one you use everyday (or is it every minute of everyday) and one you use on occasion when you need to find out why that terabyte drive has 83 megs left.

Is is based on whether you leave the program installed or not? Personally, I install and install... but I rarely uninstall (I'll do disable services or the application itself from starting up automatically if I don't use it though).

Is it based on how well the program solves a problem you have?

Is it based on how the program looks?

I figured these are a few good questions that should spark people's minds and kick things off.

So what makes an application useful to you?

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 16, 2009, 02:45 PM »
Apology accepted @superboyac. And sorry about the signature everyone. There wasn't anything subversive or psychological about it. I'm kind of an old school/old fashioned guy and sometimes I'm perhaps a little too formal... My father was pretty strict which is probably the reason (I also tend to be overly polite). In this case I thought the right thing to do was put my info in the bottom of my posts, not knowing that some people like to hide (I didn't even know you could hide) signatures on DC. I should have spent time going through my profile and putting my signature in there. Side note: If anyone here every meets me in person, you'll notice I'm even worse at saying goodbyes. I'm the type of person that worries that every time I say goodbye to a person (even if I'm supposed to see them the next day) that it could be the last time I ever seen them.

And now for my shocking (and slightly embarrassing) revelation: Until now the only time I'd ever posted on a forum was about 10 years ago... on a Volkswagen forum. :) When I started the Appsolute Tech Show (my defunct podcast about great Windows/Mac/Linux software) it was the first time I was using my tech knowledge to give back to the online community (I've been doing it offline for a long time). From there I discovered Twitter and thought it would be a good place to help people with hardware/software problems and post when updates to software that I loved were available. So, historically, I've pretty much kept to myself on the internet. Which explains why I'm still learning forums and good "netiquette". :)

To that end: I added my signature via the DonationCoder profile settings and I will no longer manually put it in the body of my posts. :)


No personal offence taken. When I interviewed for my position at OpenCandy I was skeptical as well. I'd been around long enough that MY intuition was telling me something could be fishy. But something in my head made me make the decision to get on a plane for the first time in 15 years and fly 3000 miles to meet with the OpenCandy team (the whole story is here: http://www.opencandy.../blog/entry.php?id=7). My intuition was wrong (which is rare)... I made the right choice to visit with the team because I found people that are passionate about solving a problem: regular people still have trouble discovering great software and developers still need new (or better) methods of distributing software and some developers (like freeware and open source) would like to make money (outside of donations or Cafepress t-shirts) from their existing software distribution but do it in a way not previously possible (user-friendly, opt-in recommendations for software they personally use and/or love).

We all have to find a way to make a living. To me the greatest thing you can do is to find a way to get paid doing something you love and are passionate about. I'm passionate about software and have personally (face to face) introduced hundreds of people to software they had no idea existed. Now I have the chance to reach even more people.


I think I understand what you are asking, but if I miss something, please let me know. :)

@cmpm "Is it a download that will install in the computer?"

You mean OpenCandy right? OpenCandy is a plugin that developers integrate into their software installer to make recommendations. The OpenCandy plugin has absolutely no functionality outside of the software installer it was integrated with. If you choose to accept a recommendation, then the OpenCandy download manager (which is part of the plugin) will open up and download the installer for the software you choose to install. That's it. The OpenCandy plugin/download manager has no persistent functionality.

@cmpm "Probably like one of those update checkers."

I think I covered that in the previous question. But no, OpenCandy is not like an update checker, it's only functionality is allowing a developer to recommend software during installation of their software and to download the recommended software if the user chooses to accept the recommendation.

@cmpm "Is it web based or a program to be installed?"

OpenCandy's technology includes both an installer plugin and our backend technology which instructs the installer which software it can recommend based on the pool of applications the developer chose.

@cmpm "Hope you get the thing in the open soon.
Then it can be tested."

It can be tested today. OpenCandy recommendations are in millions of downloads every month. To see it in action you can check out some of the programs I mentioned a few posts up.

@Carol Haynes

"When you install an application are the recommended title installers included in the download or does the installer download the extra software as required by the user? If the latter is the case then this is a better alternative than every bit of software you download including extra crap - I am personally sick of wasting time and bandwidth downloading Yahoo toolbar every time I download a shareware trial or update an application (like CCleaner). If the installer merely contain the suggestion and a pointer that to me would be a step forward."

OpenCandy = No extra software bundling! That's one of the unique things about how the OpenCandy system works. The only thing included is the OpenCandy plugin that goes in the installer of the application that wishes to recommend other software (installer plugin is about 300k). Only WHEN/IF the user chooses to ACCEPT a recommendation does our download manager launch to download the accepted program's installer.

@Carol Haynes "How easy wold this system be to spoof and cause real mayhem across the internet - if there is no control over where you choose to download applications from I think there is a serious potential for major abuse of people's systems."

Good news: OpenCandy can't be spoofed like that!:) Each developer (who has been approved) that uses OpenCandy to recommend software receives a unique API keys specific to their installer. So the only software that can be recommended is the software that developer chose to recommend.

The installer for an ACCEPTED recommendation is downloaded via our download manager from a repository of installers on Amazon S3 that we maintain.

Those installers are the exact ones available from a developers website (that's were we get them from for open source software such as Audacity or Flock and for companies paying to have their software recommended they directly provide their installer directly to us for auditing and subsequent uploading into our download repository). Each time an application (recommended via OpenCandy) is updated, we check the new installer to ensure it's still "kosher" before we upload the updated installer into our repository. This is to ensure a previously reputable developer hasn't gone rogue and decided to throw their reputation out the windows all the sudden and decide "Hey, let's put a keylogger in our program).

@Carol Haynes "In the long post above a number of checks are listed. I have serious problems with some of those checks - McAfee SiteAdvisor is known to be broken because they don't update their system often enough. I have also found a number of legitimate sites blocked by some of the free HOSTS files you mentioned (and is one of the reasons I gave up using a downloadable HOSTS file for security - there is no way anyone can check 170000 entries manually so how do you know they are legitimately blocked)."

None of those checks are perfect in and of themself, they are all part of the puzzle of ensuring the software in our network is good. By having a multi-tiered approach to auditing software we can do the best job possible of keeping out the bad eggs.

When I go to a site I believe is legimate and is blocked by my hosts files, I do research to figure out why and then I make the decision to unblock or leave them blocked. I've definitely come across my fair share of legimate sites (Softpedia,,,, etc) that are blocked by those lists and I unblocked them. My hosts files is a good first line of defense. :)

Regarding SiteAdvisor, I've seen a decent amount of false positives there as well. Take FileMenuTools for example from LopeSoft (http://www.lopesoft....en/fmtools/info.html and no he DOESN'T participate in OpenCandy and probably doesn't know about us at all, I just LOVE FileMenuTools). I trust his software and it's safe, but he has some links to other sites labeled RED by McAfee
(http://www.siteadvis...m/sites/ and so, his site is labeled RED.

Here's a great example of how combining those checks helped me prevent one such "baddie" from joining OpenCandy:

My second day on the job at OpenCandy we received an email from a developer who filled out our web form and said "I'd like to commit $15k to pay developers to recommend my software". That in itself was unusual; my teammates said that we don't get a lot of requests in that manner because we weren't very well known.

The software they wanted to recommend was a "system utility". Now, I'd never heard of this software before, which isn't necessarily a red flag, but certainly strange because I download and test a LOT of software (in April 2009 I downloaded over 1755 installers/zip files for shareware, freeware and open source software -- a total of 18.5GB). The first thing I did was go to their website, hmmm "Page not found". I fired up HostsMan to check to see if I blocked them via my hosts files. Sure enough I did. But that's not so weird, because yes, some legitimate sites get blocked by the hosts file block-lists I use. Then I went to SiteAdvisor and saw that they were labeled RED and there was a bunch of horror stories about this company's poor business practices. Next I went to to see if their software was listed for download. Oddly, it was. The SiteAdvisor comments were bad enough to mean exclusion from our network. But I still decided to search for other independent reviews of this software -- I DID NOT find a SINGLE one! Long story short, I did more digging and discovered even more disturbing things about the "company" behind the software. Mind you, this is my SECOND day on the job. I'm in my "lab" pacing around in circles wondering what's going to happen when I tell my bosses/teammates what I found and if everything I believed about what we are trying to do at OpenCandy (help users discover great software) was going to hold true. So I called my bosses/teammates and said "It's great that someone wants to spend $15k to have their software recommended via OpenCandy, unfortunately we ABSOLUTELY CANNOT allow this company or it's products in our network!" I then explained my findings and held my breath... The next words out of everyone's mouth was "THANKS DOC, AWESOME JOB! That's why you're here, to make sure stuff like that ISN'T in our network!" You have no idea how much of a relief that was to me. It again confirmed that the whole team was committed to doing the right thing.. Even, in a case like this, when it means having to forgo revenue.

@Carol Haynes"prefer that you list your recommendations simply with a link tot he developers website and preferably a link to a trusted download website where apps are test for spyware and allow user feedback."

Since I've covered our mission/vision throughout this post (in short: to help users discover great software while helping developers expand their distribution or make money from their existing distribution). And I've explained the extraordinary measures we take to ensure only good software is in our network (heck as illustrated above, a piece of software that was good enough for wasn't good enough to be in the network) and how we take into account a variety of measures to make that happen.

I'll briefly explain why we do it the way we do.

I'm working on getting some hard statistics (they really don't exist in the software world), but this is what I know: There is a dropoff from someone visiting a developers website, finding where the download is, downloading the application and then installing it. From what developers have told us and from other info around the net, the dropoff between someone downloading and installing a piece of software is at least 50%. That means that for every 100 people that download an application, less than 50% actually install it (for various reasons).

That's where OpenCandy comes in. If a developer acting as a publisher (those who recommend software) believes that another application can provide value or solve a problem for their users, then they want to do whatever they can do to EASILY make that happen. Yes, you can just put a link in the developer's website (and as discussed earlier we'll be incorporating informational links into the recommendation screens soon), but then the likelihood of the person actually visiting the site, downloading the app, and installing it gets lower and lower each and every step of the process. With an OpenCandy recommendation the user gets to see a few bulletpoints about the recommended application's main features and can decide right then if it's software they're interesting in using.

-Users already in the process of installing software provide a great engagement point to discover other software they may find useful.

-Being able to download the installer for an ACCEPTED recommendation instantly (after the install for the original software they were installing completes) translates into a higher likelihood the user will actually install the software. It also leads itself to a higher quality user for the developer of the recommended application since the user read the information about the recommended software and CONSCIOUSLY chose to install it.

I hope this info helps. It's the weekend and I want to spend some time with my daughter ( But I'll try to be around if anybody has questions/comments/concerns/ideas. Thanks for the lively discussion! :)

Dr. Apps (I'm still going to put that)

EDITED: I hope this answer this info helps to I hope this info helps.

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 15, 2009, 08:39 PM »
Adding using/testing the program would be essential.
Or have them tested independently by a number of resources.
I currently have 20 feeds for software.
They all test and run the software themselves and give a review.

Yes, that's part of the approval process... In addition to the testing I've done (over the past 9+ years) and continue to do to this day, I (we) also rely heavily on third party reviews. My top/favorite download/review sites are Betanews, Majorgeeks, Filehippo, GivewayoftheDay, Elite Freeware, DonationCoder, Confessions of a Freeware Junkie, Freeware Genius, MSFN, NeoWin, Snapfiles, and Softpedia... I've been frequenting those sites for years to discover software and read reviews to try to find the "diamonds in the rough". I also frequent developers' forums, security forums, user help forums, etc...  :)

@cmpm Recommendations based on what I already use......
or based on what someone wants me to use.
Either way, what I use is being monitored for sales.

Open source and freeware publishers recommending other freeware or open source software has nothing to do with sales. In that case, they do it because they love an app and believe their users could benefit or derive value from using it as well. :)

I don't believe it's spyware or adware...


... but a way to sell.

Yes, for commercial software developers, using OpenCandy is a way to increase their distribution in an effort to acquire more paying customers. :)

@drapps From the publisher side (those who recommend) a few apps you can check out are MediaCoder, MediaInfo and Startup Manager to see the (high) quality of software they are recommending.

@cmpm What publisher is recommending these programs for instance?

In the case of those programs (MediaCoder, MediaInfo and Startup Manager) they cross-recommend each other (with the exception that MediaCoder doesn't recommend Startup Manager via OpenCandy).

Thanks. :)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 15, 2009, 03:09 PM »
Thanks for the reminder from your earlier post.

The current software outlets are quite sufficient and list the products/applications that are useful to me.

And, well, I would like to see what softwares signup with OC.
So we will see. That will be very revealing I think.


From the publisher side (those who recommend) a few apps you can check out are MediaCoder, MediaInfo and Startup Manager to see the (high) quality of software they are recommending.

We've been in a "closed beta" since October 2008 and we've focused exclusively on getting the developers of the high-quality applications we (personally) know and love to participate in the network. We've also been reaching out to developers of great applications on the Top 50 and Top 50, as well as other highly regarded apps (the awesome apps out there that are still largely undiscovered and thus don't have the download volume it takes to be included on "Top 50" lists).

Also, just to reiterate, the developers (acting as publishers) in our network ARE and ALWAYS will be the ones who picks the software they want to recommend (from the available pool of applications that have passed our strict guidelines).

If you haven't seen the YouTube video I put up yesterday, it's available here:

Thanks :)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 15, 2009, 12:49 PM »
@cmpm: Is the software through OC inspected in any way.
Such as Softpedia and MajorGeeks and many others.
What are the standards set to be a part of OC?

The installer issue aside, I'm talking quality and safety.
As well as ad-free operation of the product as discussed.
And full disclosure of info collecting practices of the products included in OC's opt-in.

Excerpt from my long post

@drapps said

What happens when a developer wants to participate (as a publisher or advertiser) in the OpenCandy network

-I check the Hosts file providers to see if a potential developer that wants to participate in OpenCandy is on those lists.

-I check McAfee SiteAdvisor and WoT.

-I check the potential publisher’s and advertiser’s installers using Virus Total.

-I check antispyware forums to see if user’s have any issues with the software.

-I look at the company’s business practices in general.

In addition, our software guidelines (which we be available soon for all to see) were built on top of AND further enhance policies created by, StopBadware, and the Antispyware Coalition. As well as our own ideals…

I (and the rest of the OpenCandy team) don't want ANY software in our network that we wouldn't use ourselves (or recommend to our mother, father, sisters, brothers, best friends, etc..). That's a big part of what I do at OpenCandy, I make sure potential members of our network meet that quality/security/privacy bar. :) I accomplish that by going through the steps outlined above, as well as by downloading, installing and testing each piece of software myself.

Hope that helps. :)


Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 14, 2009, 02:41 PM »
Watched the demo video -- very helpful to see it in action.

I stand by everything i've said above -- seems fine to me, and i like how it launches the normal installer for the recommended program if the user chooses to install it, so user can always change their mind and cancel, or uninstall later, etc.

Couple things came to mind watching it:

  • Developers need to very clearly identify whether the program being recommended is freeware or shareware -- you wouldn't want people installing programs they think are free only to find out they are shareware.
  • It would be nice to add to the OpenCandy recommendation screen a link where the user can Learn more about the recommended program (taking them to it's web page), and maybe a link to OpenCandy page describing what it is.


Agree on both counts.

#1) Yes, we have explicit wording on the recommendation screen that says if an application is a trial (as opposed to free or open source). :)

#2) Coming soon! We are currently working on and testing a new version of our engine which will allow for links on the recommendation screen (such as a link to a landing page on the OpenCandy website explaining what's going on).

Thanks! :)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 14, 2009, 01:18 PM »
Ok, the demo video is up!

See here:

Thanks! :)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 14, 2009, 11:44 AM »
If you haven't, I'd be happy to post a video on YouTube
i think that would be a good idea  :up:


Ok, I'll create one and upload it. I've never actually posted a video on YouTube (don't make fun of me). So it may take me a few more minutes than a YouTube veteran. :)

EDIT: It's going to take me a couple of hours to get a video up since the (Windows) machines in my lab are running Vista SP2 (I'm a TechNet subscriber) and we haven't enabled recommendations to be shown on Vista SP2 machines yet. I'm going to install Vista SP1 in order to get a video made. Stay tuned! :) Sorry.

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 14, 2009, 11:33 AM »
Just out of curiosity, what made the developers decide to use the word "open" as part of the product name? I'm curious since doing so usually makes people think such products are GPL/FOSS applications.

I wasn't a founder of OpenCandy but I do know that the world "open" was used because our network is open for any developer to use. I'm sure our name also has something to do with how hard it is to name a company these days and get the associated URL.

I'm also a little puzzled by this comment you made:

@drapps: I didn’t expect to wake up this morning to a Google Alert about OpenCandy being raked over the proverbial coals.

It seems to me that running an early warning system such as this indicates that there has been serious concern on the part OpenCandy about negative comments to the extent that "Big Brother Google" is being used to seek out and monitor them. I think this says quite a bit about the mindset of the company.

Which leads me to this question: How much negative pushback are you getting with this? Since you're monitoring via Google, I'd guess you'd have some very solid statistics you could share with us on on that topic beyond the usual "overall response has been very positive" PR boilerplate.

The word I track with Google Alerts is 'opencandy'. They isn't any connotation attached to it (negative or positive).

I use Google Alerts for the same reason anyone (person, company or organization) uses Google Alerts -- to find where the conversation is. It doesn't say anything negative about the mindset of our company or any company (person or organization) to want to be able participate in conversations about them. To me it says something positive -- it says that a company/person/organzation is willing to listen and discuss things openly (as I've done here).

Personally, I know a lot of everyday people who use Google Alerts to watch for mentions of their name or blog. I wouldn't be surprised if Mouser used Google Alerts so that he can know when someone mentions DonationCoder. I also received quite a few Google Alerts yesterday about the TechCrunch post regarding handshaking and how those attending the OpenCandy board of directors meeting didn't shake hands (to prevent spreading germs) and instead did the "fist bump". The handshaking topic was something written about by Michael Arrington of TechCrunch last week.

By the way, I'm not a PR person (by training, nature, or past history). I was chosen by OpenCandy to represent them because once I met with them and understood what they was doing I was really excited about it. You're not going to see or hear me use "boilerplate PR speak". It's just not who I am.

I was wondering, how many people here have seen what an OpenCandy powered recommendation looks like? If you haven't, I'd be happy to post a video on YouTube so you see how recommendations are presented to users.

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 14, 2009, 08:43 AM »
I have a question that needs clarification, if another developer wants to recommend an application through OpenCandy, without that developer being an OpenCandy member, can he do that?

In other words, if I were an OpenCandy member and wanted to recommend one of mouser's apps in the installer of one of mine, and he wasn't a member, could I do that?

@app103 (Sorry I went to bed right before you posted that last night.)

Yes, you could. But we think the right thing to do is for you (as a publisher) is to ask permission from the developer(s) whose software you want to recommend -- if that developer doesn't already participate in the OpenCandy network. In addition, the EULA of the software being recommended must allow the distribution of its installer.

RE: Installers vs. Zip

Many open source projects offer installer and installer-less builds of their software.

The link I posted above to MediaInfo's site mentions how its developer still offers a zip file for people that want to download and install MediaInfo without seeing an OpenCandy recommendation (though this could also be accomplished by blocking internet connectivity of the installer version). We don't force any developer recommending software via OpenCandy to abandon their zip installers (if they have them). They are free to do whatever they want. If they want to recommend software using OpenCandy, yes, they can only do it via an installer platform we support (currently that's NSIS, Inno or Installshield), but they are still free to offer any installer (zip or otherwise) with or without OpenCandy included if they choose to do so.

Hope that helps.  :)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 13, 2009, 08:47 PM »
We DON'T know that "you" rejected an recommendation. We DO know when "a user" who completes installation of an application powered with OpenCandy rejects a recommendation. The way we see/store that information is in the aggregate like this: A computer installing <insert publisher's app> running an English version of Windows Vista located in the USA rejected an offer of <recommended application>. This aggregate information helps us improve recommendations. Much the same way Google AdWords works (but to me in a much less intrusive manner.)

Dr. Apps
Software Community Guru

General Software Discussion / Re: What the hell is OpenCandy?
« on: May 13, 2009, 08:16 PM »
In my experience with regular (normal, novice, whatever we should call them) users, they prefer installers because they aren't sure what to do with zip files. I'm a techie, but personally I don't have a preference of installer vs. zip file. As long as an application with an installer includes a 'Custom' install option where I can choose where to install the app and select/deselect shortcuts and stuff like that, I'm happy.

Plus (if necessary for some apps, like Spiceworks for example) installers help ensure prerequisites like .Net, VC++ redistributables, Ruby, PHP, Python, certain necessary patches, etc are installed. Nothing worse than trying to run an app and find out you need to download and install something to make it actually run. :)

Dr. Apps
Software Community Guru

Pages: [1] 2next