Telemetry code executes and throws in container, even with telemetry disabled about baybe HOT 6 CLOSED

@monken
now 1) telemetry execution order has been fixed and 2) requests usage has been replaced by socket, thanks for the suggestions!

from baybe.

Hey @monken

1. Yep, seems like a design flaw in telemetry. Possibly simply solved by further shifting where the user and hostname are hashed. Will look into it, doesnt seem urgent from your side

2. Was quite tricky to test all cases for this telemetry module because we simply couldn't think about all machine/setup combos let alone have access to them, thanks for the report

3. We need the HTTP request to find out whether the user is within the Merck VPN. If you have a more suitable idea how to test this please let me know (one slight complication was also that the actually telemetry endpoint is not a HTTP but an opentelemetry backend with GRPC protocol if I remember correctly)

4. Didnt know about the rainbow tables, thats tricky indeed, we are shortening the hash which should further increase the amount of possible texts for a given hash, but I guess thats not worth a lot. Any idea how to solve that or use another method for the ideally fully-non-reversible indicator?

from baybe.

You could just do a DNS lookup instead

import socket
socket.gethostbyname('verkehrsnachrichten.merck.de')

Should fail immediately if you are not on the internal network and doesn't require a heavy library like requests. Would it be possible it have an install target like baybe[notelemetry] that doesn't ship with this code at all? I really dislike the idea that an import statement triggers any sort of network request.

4. Don't collect user data :)

from baybe.

Hi @monken, thanks for the valuable input. I guess @Scienfitz can have a look into the socket thing and also see how we can further tweak the telemetry part.

Regarding baybe[notelemetry]: unfortunately, pip has no opt-out mechanism, so we really have no idea how we could handle the problem any better. Let us know if you have a better solution.

Regarding don't collect user data: @Scienfitz, I guess we could actually drop the hashes entirely? As far as I remember, it was only do disambiguate between devs and non-devs, but we could simply leave the hashes empty for non-devs?

from baybe.

removing the hash would mean we cant track roughly the number of unique users, a main metric we wanted
How much is the technical reversibility of usernames for company-internal users actually a problem?

I would support removing requests but there were additional requirements for this to work on the premade sagemaker kernels on UPTIMIZE AWS which had some sort of issue with it. So Id have to check that again to verify. requests and opentelemetry* can already be uninstalled if desired after #194 is merged

from baybe.

the telemetry execution order had beenc hanged to not execute anything when its disabled, this should fix this Issue
will possibly also move towards socket instead of requests but will have to test a bit

from baybe.