@maxi, I have maintained open source components for Delphi and never earned any $ by it. Open source will not work in a world where people want all for nothing. So I understand a business model. Families rely on them. Issue here is customer connection, quality control and awareness.
So it seems we are stuck
Open source it is not an option because people wont pay anymore to use it. Nevertheless if you pay you dont get support either.
It looks like I need to find some real alternative because putting all my eggs into SC is getting dangerous…
Update: SC has contacted me. Now lets see how they proceed…
Albert - I really appreciate sharing your concerns about security, although this thread was intended to talk about bugs fixing. I realized that security issues are Super important but the bugs are even more important (well we can debate on that ;-). I made this post to see how many people are unhappy with the bug fixing procedures. I got to the point where I’m receiving messages from NetMake stating that I’m very negative or even toxic to the community. If I am the only unhappy person on this forum then perhaps I should completely withdraw here and switch to another product/company. If not then perhaps our global consolidated voice can do (or mean) something to the company and initiate some major changes.
I’m not opting for making SC Open Source because the amount of work that NetMake had put into the product needs to be somehow rewarded. I’m happy to pay them for the product as long as I get at least minimum satisfaction. If I would need to buy SC again today I would not do it - because amount of time I spend on issues and bugs by far exceed amount of time I save by using generator and 4GL features.
I rather agree with the statement that NetMake tries to push in as many features as possible into the product and fix only major critical bugs (which prevent development). This way they can release newer version and charge for an update. This (in a short run) might work for them but not for us - users. In a LONG RUN it doesn’t work for anybody because it destroys company’s image.
When dealing with NetMake and bugs I always try to be polite at the beginning. When I report the issues first time I do it in a gentle manner. After few months of unfixed problem I get bit upset and send more rough messages and if the bug remains unfixed for 2 years or more I get really pissed off! I have limited patience and I do not know about rest of you guys but I cannot stand ignorance for to long.
Main problem with bug fixing (in my opinion is) that company members (on this foruum as well) make a statements like “This has been reported to the bugs department”. Then after this statement months later nothing happens, nothing has been fixed and no reply or message from company has been posted regarding the issue. This is what makes me super mad! Months later when I bring the issue again into public NETMAKE states that they cannot reproduce the problem (while few months earlier they confirmed the bug and stated - it will be fixed in the next release).
I"M NOT SAYING NETMAKE IS NOT FIXING BUGS AT ALL - yes they do, but in minimal amount and only bugs which are super critical. I also do not expect them to fix everything as I realize there are many tools on the market which have bugs and still can be used efficiently. WHAT I SAY (my personal opinion) IS THAT COMPANY IS IGNORANT IN FIXING BUGS WHICH ARE VERY EASY TO FIX.
Here is an example:
http://www.scriptcase.net/forum/forum/scriptcase-8/bugs-aa/71337-net-make-fix-the-connection-message-panel
I reported this issue in 2014 (summer). Then I reported this issue again - nothing. Then I reported this 3rd time (the link above). After the third time Mr. Cavadinha - edited my post (without my permission!) closed the topic (no more comments allowed) and had sent me insulting message
<br /> You need to improve yourself in so many ways that I can’t even start.<br /> Stop rioting with no-reason, if you need attention go seek a psychologist.<br />
It is all because I made third post about fixing the issue. I can only ask what kind of people we dealing with ?
Another words: if the customer asks for to much - hit him with the stick!
Up to now I just thought that my problems are due to me being a beginner in scriptcase. Reading through the post I realize how risky using scriptcase really is. Is there any way out save dumping all effort with scriptcase and go for other solutions?
My minimum requirements are:
- A bug tracking system where I can recognise known bugs, so I do not need to spend time finding out what is already rknown.
- Information of features that just do not work that way (e.g. tab application will not work with form applications). This would greatly save my time.
- A professional way of responding from scriptcase. I have the impression, that they have stopped responding to anything less than paid support requests
Christian Sager
Swissagenda.info
Unfortunately none of your requirements will be met. We are begging for bug tracking for long time (more than 3 yrs) but no results. I have a feeling that NetMake is simply afraid of how many bugs will be listed and the list will show up poor progress. Not sure what the real reason is but this is critical and for many will be deal breaker with SC. In this forum we try to consolidate into 'one voice" hoping that if majority will keep asking for the same the company finally fulfills the request.
@sawjer. The main ‘problem’ is that SC currently is the best product in it’s field. It could be superb if SC managed to get it’s support right. It’s something we (I) have tried for a long time. I have seen SC employees come and go and I have put a lot of effort in it. We are creating major applications in Scriptcase. Before we moved over to scriptcase we have done a lot of research on a lot of products. Believe me or not, Scriptcase has a lot to learn regarding customer connection. But some other product out there are deadly… I realy wouldn’t be around here answering a lot of questions if I didn’t believed in the product. I am not a SC employee!
Dear Albert - I agree with you only partially. By saying “best” we need to look in long term relationship with the product + Company. While the concept behind the product is brilliant and the way one can create fast simple CRUD Apps is outstanding. That being said here come many issues. When somebody develops software the main ingredient for profit is TIME spent.
As many already emphasized on this forum the time needed to create new App or project from scratch is very short and this is a big compliment to the products. After this initial phase the next phase that usually comes in is customization. Basic customization can be done in SC IDE but it is super basic. Everything else needs to be handled through libraries, hand coding and 3rd party tools. Is there anything wrong with that ? No - but one needs to take this into consideration when calculating project development cycle and the time needed. Because of lack of granulation, lack of openness to 3rd party tools and lack of integration with any CMS systems SC project becomes like a single sail boat on the huge ocean. No help no support no nothing.
Here comes the worst part. IT IS THE TIME WE SPENT DEALING WITH UNNECESSARY HEADACHES! DEALING WITH SUPPORT AND BUGS. If one spends 100 hours on development then gets stuck for several weeks (or more often months ) because of the bug in SC it kills the whole idea of 4-Generation Tool and saving time by fast development. The development IS NOT FAST ANYMORE. IF this is not enough we can apply issues with documentation (which is not update, incorrect in many places, has language problems) and we can also apply product examples which often do not work and have bugs and inconsistency in them - WE END UP WITH CRAP! The bottom line then is that instead spending 100 hours + (say: 20 on support and issues) we end up with 1000 hours (or more when including wait for bug fixes). In such case hand coding the project from scratch would be much more efficient.
When building the project we need to calculate few things which most developers do not take into account:
1 - time working on project (itself)
2 - time needed for research (this does not include learning to use SC)
3.- time to deal with NM support (asking simple questions)
4 - time to deal with bugs (this is where the huge waste happens)
5 - time to interact with other users (this usually is user based support)
I bet if everybody starts recording all those aspects (1-5) one might come up with completely different results for (so called) PROJECT DEVELOPMENT TIME
The main problem here is that NetMake does not seem to understand this and they advertise a product as super fast tools to create results. This would be 100% true if one want to create a project based one grid and one form (or something close to that). AFAIK none of the users here create such simple solutions. So the bottom line is that we need to keep bugging NetMake until they improve their service to the point where the time spent on dealing with issues will be acceptable. I can state for myself that time spent on SC (dealing with issues) exceeds my wildest expectations (in very negative way). From being absolute SC enthusiast I turned into big skeptic and unless something happens in the company management I do not see SC development to bright.
Are there other better products on the market ? It is hard to say without trying them. We all only guess. We do research but it is not enough to have solid opinion. I also think that it is worth to pay even 2-3 times more for the product and have better support or less bugs than paying less and wasting lots of time (not to mention irritation).
Arthur, honestly. If I had your vision I would have been gone here ages ago and picked something else. The fact that I’m still around must tell people something, at least if they google here around. They will read my criticism and my views. It doesn’t matter if you are right or wrong, you have to decide what you want to do with a product as Scriptcase. With it’s strong points and their weak points. It’s no use of continuously pressing the negative points, I simply would leave.
If there are better products on the market?: yes you have to try them. We do - last time a few months ago - , we have a business to run. We can’t rely on one product only without an escape. But trying a product is simply something else then judging the organisation around it. Fyi, we have been banned on another popular product just because we had created a list of obvious bugs and issues. The grass on the other side of the river is always greener?
Okay this has gone for far too long without an official answer.
We do care about all the problems and we fix them all.
I am fixing the security issues, there are some of them yeas because some old developers left some openings probably due to lack of attention.
Fear not, this one of our top priorities at the moment.
@aducom @Orion Guys, I never had a chance to have a chat with you, but in general, the feeling that both of you know when to hit us and when to help us.
I respect and appreciate that, thank you.
@maxi Your thoughts are wrong, but thats okay, you have no crystal ball so let me clarify that point. Our support is improving a lot and paid support is improving even more.
We are working very hard to improve SC, its tools and the generated apps. From inside I can tell you, our tool will only grow and improve. Its far from being deprecated or abandoned.
Also, Carlos leaving was a good thing, however for ethical reasons i’m not going deep in that matter.
@topic
We discussed opening our bug tracker system (mantis) to the public, however the executive decision was to not.
I’m one of the guys that thinks this is useful, at least for people who are partners. Its not my call tough, and unfortunately I don’t see this happening anytime soon.
Sorry guys.
This is appreciated good news.
For me the most helpful would be more information what the security module does in general and in particular. This would enable me to make a professional decision if the existing functions are adequate or if additional code is needed.
Regards. Christian Sager
General hints regarding security, only set the main login apps to be allowed to run ‘stand alone’. If you use globals set them to session to prevent them appear in the get or post variables. IF you link applications then use an additional where construction. IF someone is able to pass the run-standalone he/she might get a full list of data. In general all PHP rules apply, it’s a thin line between issues in Scriptcase, PHP, your design or combi of them.
[SIZE=16px]I bought Scriptcase a couple of years ago after getting frustrated with some issues with PHPRunner.
PHPRunner has improved since then – including finally getting true Bootstrap responsive templating.
But my plans to dive into Scriptcase, even while updating my product, and abandon PHPRunner were setback by reading the Forums & Bug reports.
The evidently laggardly concern with moving to Responsive displays stopped my development altogether with Scriptcase.
But I keep hoping Scriptcase will leap to the front of CRUD Rapid Development tools so that I can leave PHPRunner.
So, then, 30 minutes ago I discover this –
https://www.exploit-db.com/exploits/40791/
Once again reporting what I have read over the years about all the SECURITY VULNERABILITIES that would leave a Client’s application wide open to commonly known BadGuy exploits.
The Report also notes multiple times contacting the builders of Scriptcase and not getting any responses as to investigation or improvement of these Code Security issues as of November 11, 2016.
Has the Netmake team Fixed all of these issues?
I tend to think not.
The last 7 updates make no mention of fixing any Security issues.
So, while determined to find an alternative to PHPRunner, which is apparently not going to be Scriptcase, I will throw these options at you –
This is what I am looking at today and this Open Source looks fantastic.
I have learned enough now that I can develop with this CRUD tool and best of all, seeing that Laravel is popular and open source, the coding and templating is not proprietary to the tool. Lots of modules can be added
The Youtube video goes step-by-step using Composer to install Crudbooster.
I am really amazed by how complete this application developer seems to be.[/SIZE]
[SIZE=14px]http://crudbooster.com/[/SIZE]
[SIZE=14px]https://www.youtube.com/watch?v=Afs6MYoj0RM[/SIZE]
[SIZE=14px]https://www.facebook.com/crudbooster/?hc_ref=PAGES_TIMELINE&fref=nf[/SIZE]
Albert - you are right about making decissions and I also noticed there are other products. SC is not the only one but there is one thing you missed to mention. Many of us simply have projects started and cannot just cut off the existing development in SC (although they would want to) because re-developing everything on another platform would simply cost to much. For that reason some of us had to continue with SC despite “bad taste”.
Cavadinha - some of your statements here are not true. Here is just an example (and I can bring many, many more).
I reported this BUG long, long time ago. NetMake members (not sure it was you or someone else) confirmed this and I’ve seen statements like: “it will be fixed in a next release”. I received few emails from you Support tem (obviously noone signs those Emails - which is a shame) asking me what is MEMO() field. For all people working with SQL type databases it’s obvious but for your support team it was not. I explained them and gave them step by step reproduction of the issue. They asked me what database, which SC version etc. Fine. Then after all this several updates were released an no fix was implemented. Most of NetMake communication with me is wasted on arguments weather “it is or it is not a BUG”. This is something that obviously shows that NM developers are unwilling to fix things unless they are super critical. I know there always has to be priority, but all the minor bugs and issues I reported over last 2-3 years could have been fixed in a matter of minutes, and why they are not is still a mistery to me, so I can only have one conclusion - “they do not care”.
I understand that Giu and Albert posts are always toned down due to the fact that they are SC resellers and I accept this fact. I also respect everybody’s opinion, so whatever I post you disagree with, please do not take it personally. I also understand that Mr.Cavadinha is not a decisive person in many aspects and certain things must go through NetMake Management/CEO, but that is the purpose of this thread here to bring more attention to the issues and react accordingly.
@elMavericko The issues reported are known by SC as we have reported them (and more) to SC. The securityoptions for csrf and running applications stand-alone, are some results as a response of scriptcase to our actions towards SC. Unfortunately security issues are discovered from time to time and sometimes it requires some time to have them fixed. SC could provide a better insight regarding bugfixes but that’s an issue that’s been discussed often here. All products have issues, even Laravel you are looking at. Nothing new, there will always be patches and fixes on any application.
@aka, I am not aware that we tone-down, we have a different style. Our resellership has nothing to do with that. I never kept my critisim silent because of it.
I think the purpose of this thread is to make everybody involved aware of certain things.
- There are bugs which are hard to trace and fix and they require time (I have no doubts about it)
- There are minor issues (of them visual) which can be fixed in matter of minutes
- There are language issues (which also should be corrcted by someone who SPEAK ENGLISH)
- Everybody reporting a BUG should post detailed steps on how to reproduce it
- detailed information on system (browser, OS, etc)
Once BUG is posted there should be some follow up (since NM does not agree to make a Bug Management database public). Of course nobody from NetMakeever bothers to follow up. Worse - tens (if not hundreds of bugs) remain unfixed.
Hopefully existing and potential new developers interested in Scriptcase will read through this thread to find out what they will have to face when using NetMake product. I’m not saying that all aspects are negative - there are of course some advantages but my simple experience is like this: the longer I use SC the more I’m discouraged. Among others the main reason for discouragement is bug management.
CONCLUSION
- Since new major releases of SC are roughly about once a year I would expect major bugs fixed between those releases.
- Regarding #2 I would expect all minor fixes be fixed and applied in every single SC update. This is one of the (perhaps some ethical issue because I cannot understand why simple bugs are not corrected when the job requires just a minutes of work. For me it is simply IGNORANCE.
- It was brought number of times on this forum that NetMake should hire a proof reader or some external help with documentation. It would cost less than 1 full license to correct all documentation, interface and help issues.
I recommend to Copy/Paste just a MACRO help page into any editor and run a spell checker. One would immediately see that NetMake did not even bother to check spelling. There are tons of misspelled words. It would take less than 1/2 hr to correct all this. For me it is simply lack of prfessionalism.
That is why I would like to ask everybody on this thread/forum to request those improvements from NetMake. We use product which we pay for and have a right to expect quality. It is not a pair of pants of shoes which one can replace at any given time. Once the project is started most people would not be able to switch to another tool easily OR it would cost lost of time and $$ to do this.
If I would not have any serious projects started with SC I would do it tomorrow but at this stage I cannot. I bet many other developers are in the same situation.
Dear Albert - it is not a question weather other products have OR do not have issues. We know they all DO HAVE ISSUES. The question is if the problems are being fixed and how fast ?
If the bug is not fixed for 3 years (in case of SC) there must be something wrong with the company development OR management.
I’m not an expert in security, but the URLs used to exploit the vulnerabilities look like SC development environment only.
If that’s the case, your statement is not correct as the deployed applications should run on a system where the development environment is not present.
The only potential victims would be SC developers.