Forums » Community Projects
Changes:
*Plugin list and search results can now be sorted by name, rating and number of users
*Added XML versions of the plugin list, search page, version list, and my plugins
These changes complete my pre-release to-do list, so I'm going to start looking for a more permanent hosting solution, and hopefully people can start uploading content and testing it out in the mean time. If all goes well, I'll migrate everything to a new server and make an official post to the general forum within a week or so.
Also, if anyone needs any API features that these four XML pages don't provide, speak now, as it'll be easier to modify the API before people actually start relying on it not changing. I might be being a bit optimistic about people actually using the XML files in Soon(TM)-ish future, but who knows, maybe someone will be bored over the holidays and feel like writing an auto-updater. ;-)
*Plugin list and search results can now be sorted by name, rating and number of users
*Added XML versions of the plugin list, search page, version list, and my plugins
These changes complete my pre-release to-do list, so I'm going to start looking for a more permanent hosting solution, and hopefully people can start uploading content and testing it out in the mean time. If all goes well, I'll migrate everything to a new server and make an official post to the general forum within a week or so.
Also, if anyone needs any API features that these four XML pages don't provide, speak now, as it'll be easier to modify the API before people actually start relying on it not changing. I might be being a bit optimistic about people actually using the XML files in Soon(TM)-ish future, but who knows, maybe someone will be bored over the holidays and feel like writing an auto-updater. ;-)
I'm not sure I understand your sentiments. You offer it for free in one location, so what's wrong with placing it in another centralized and dedicated location where it will be easier for people to find?
Thanks for the encouragement. I've written 2,500 lines of code in one week in the hopes that it will be useful to the community, and because I haven't bought a domain name or paid hosting yet you refuse to use it? This is also why I haven't prematurely spent a bunch of money; if people aren't going to use this then I'm not going to waste money on an unused domain name and hosting package.
Uhm... Ok. That's just a little sad.
I'm not sure if you read the thread title before clicking on it, but the "Early Test" part might help explain a few of your woes. Once I've finished up the last few features and everything has been extensively tested then I'll look into a more permanent hosting solution and transfer everything to that. Until then, comments and suggestions are helpful but preemptive incensed complaints are a just a bit rude.
Anyway, thanks to everyone else for what have thus-far been very constructive suggestions.
Woah hold on there partner. I was actually looking for a yes/no answer and not an angry reply full of personal attacks. Apologies if it came off a little harsh, but it wasn't intended as a 'preemptive incensed complaint'. I'll be nice and try to explain why I don't want me plugins listed on your site rather than escalate this into a pissing contest- I am concerned about security, wasting of resources, and public image.
That's not to say I'm against a centralized plugin system! But doesn't VO-wiki already do this? On the wiki is a big list of plugins, each with a little blurb and then a link to the plugin developer's thread in Community Projects- do you actually need to reinvent the wheel when perhaps a collaboration between the wiki owners could produce a better solution with only minor tweaking?
Being overly paranoid, security strikes me as one of biggest issues here. On the wiki, security is simple. You're linked to the developer's page in community forums. An alert user can double check to make sure they're at the developer's forum thread before downloading and prevent having, say, their entire space fortune of imaginary money sent to the first guy with two v's in their ingame nick. How are you certain that Scuba Steve 9.1, who claims to have written TCS, is actually myself and not someone else uploading a maliciously modified copy of TCS? Are you going to upload a copy of it yourself? Are you going to generate MD5 checksums of the one in my thread and the one submitted to make sure they match? What's to prevent Scuba Steve 9.1 claiming to have an update that's not out on toastercrush.com yet due to hosting issues? etc
And my biggest security problem is the free domain name. What's to stop me or anyone else from making a functional copy of your website, throw it up on calder.byethost7.com, and fill it with maliciously modified plugins? Hell, even 'byethost8.com' bugged me when I visited the damn thing since the domain is sketchy in the first place.
Following that- what is so bad with the current vo-wiki system that you need to recreate a new plugin repository? And again, if I'm a plugin developer (and hey I am), are you going to expect me to make sure the plugin hosted on my site and the one on yours are the same version myself? You never answered my initial question of, "is this opt in?", so I can only assume the worst and figure you'd upload my plugins to your site and I'd only find out about it when I push out a new update and nobody has it since neither you nor I have taken the time to make sure your plugin site is up to date.
Having to check more than one place to make sure people are getting the right version of plugin x, y, or z is going to end up multiplying work required to update a plugin and waste resources. Are you willing to put in the hours to keep up with plugin authors and make sure their plugins are up to date and actually their plugins, or are you just going to call it a day when you have the site up?
And lastly- the VOUPR vs VPR thing. It bugs me the two acronyms are that close together, especially since you're referring to it with an acronym. I have not, am not, and will not ever associate myself in positive light with the VPR guild. I can easily see Joe SpaceCadet getting VOUPR and VPR mixed together and assuming the two are linked- and so plugins listed on the VOUPR site(so graciously provided by VPR guild) must be VPR endorsed.
Which is cool and all until you start associating an organization I have a very bad relationship with my very widely used set of plugins and people start being mislead into thinking that I do not have a bad relationship with VPR at all. Of course, if that were my only issue I would swallow my pride and ignore it. It's not the only issue, or even close to the biggest issue.
Of course, what you're doing doesn't matter at all to me if you don't list my plugins on your page.
Thanks for the encouragement. I've written 2,500 lines of code in one week in the hopes that it will be useful to the community, and because I haven't bought a domain name or paid hosting yet you refuse to use it? This is also why I haven't prematurely spent a bunch of money; if people aren't going to use this then I'm not going to waste money on an unused domain name and hosting package.
Uhm... Ok. That's just a little sad.
I'm not sure if you read the thread title before clicking on it, but the "Early Test" part might help explain a few of your woes. Once I've finished up the last few features and everything has been extensively tested then I'll look into a more permanent hosting solution and transfer everything to that. Until then, comments and suggestions are helpful but preemptive incensed complaints are a just a bit rude.
Anyway, thanks to everyone else for what have thus-far been very constructive suggestions.
Woah hold on there partner. I was actually looking for a yes/no answer and not an angry reply full of personal attacks. Apologies if it came off a little harsh, but it wasn't intended as a 'preemptive incensed complaint'. I'll be nice and try to explain why I don't want me plugins listed on your site rather than escalate this into a pissing contest- I am concerned about security, wasting of resources, and public image.
That's not to say I'm against a centralized plugin system! But doesn't VO-wiki already do this? On the wiki is a big list of plugins, each with a little blurb and then a link to the plugin developer's thread in Community Projects- do you actually need to reinvent the wheel when perhaps a collaboration between the wiki owners could produce a better solution with only minor tweaking?
Being overly paranoid, security strikes me as one of biggest issues here. On the wiki, security is simple. You're linked to the developer's page in community forums. An alert user can double check to make sure they're at the developer's forum thread before downloading and prevent having, say, their entire space fortune of imaginary money sent to the first guy with two v's in their ingame nick. How are you certain that Scuba Steve 9.1, who claims to have written TCS, is actually myself and not someone else uploading a maliciously modified copy of TCS? Are you going to upload a copy of it yourself? Are you going to generate MD5 checksums of the one in my thread and the one submitted to make sure they match? What's to prevent Scuba Steve 9.1 claiming to have an update that's not out on toastercrush.com yet due to hosting issues? etc
And my biggest security problem is the free domain name. What's to stop me or anyone else from making a functional copy of your website, throw it up on calder.byethost7.com, and fill it with maliciously modified plugins? Hell, even 'byethost8.com' bugged me when I visited the damn thing since the domain is sketchy in the first place.
Following that- what is so bad with the current vo-wiki system that you need to recreate a new plugin repository? And again, if I'm a plugin developer (and hey I am), are you going to expect me to make sure the plugin hosted on my site and the one on yours are the same version myself? You never answered my initial question of, "is this opt in?", so I can only assume the worst and figure you'd upload my plugins to your site and I'd only find out about it when I push out a new update and nobody has it since neither you nor I have taken the time to make sure your plugin site is up to date.
Having to check more than one place to make sure people are getting the right version of plugin x, y, or z is going to end up multiplying work required to update a plugin and waste resources. Are you willing to put in the hours to keep up with plugin authors and make sure their plugins are up to date and actually their plugins, or are you just going to call it a day when you have the site up?
And lastly- the VOUPR vs VPR thing. It bugs me the two acronyms are that close together, especially since you're referring to it with an acronym. I have not, am not, and will not ever associate myself in positive light with the VPR guild. I can easily see Joe SpaceCadet getting VOUPR and VPR mixed together and assuming the two are linked- and so plugins listed on the VOUPR site(so graciously provided by VPR guild) must be VPR endorsed.
Which is cool and all until you start associating an organization I have a very bad relationship with my very widely used set of plugins and people start being mislead into thinking that I do not have a bad relationship with VPR at all. Of course, if that were my only issue I would swallow my pride and ignore it. It's not the only issue, or even close to the biggest issue.
Of course, what you're doing doesn't matter at all to me if you don't list my plugins on your page.
Whether you intended to or not, the legitimate question in your last post was rather drown out by the rest. I'm glad you brought up some real issues in this one though, so let's see how we can address those.
That's not to say I'm against a centralized plugin system! But doesn't VO-wiki already do this?
No. There are a few problems with the VO wiki that I wanted to address. First, there is no machine-readable standard for plugin presentation, which all but removes the possibility of ever having a plugin auto-updater. Second, the process of finding and downloading plugins involves reading through the list for something that seems useful, going to the forum thread or other website, finding the latest version and downloading it. I think this could be simplified and cleaned up with an interface and site specifically designed for this purpose. Third, if you have a dozen or so plugins installed, the process of keeping them all up to date or even checking if they're current is rather ridiculous. You go into the plugin's code, look for some version identifier, find the forum thread or website and compare. That can and has been radically simplified in VOUPR. I would encourage you to take a look at the site and test it out a little just to see what has been improved.
Being overly paranoid, security strikes me as one of biggest issues here. On the wiki, security is simple.
First, if you're going to be this paranoid, then lets dispense of any false illusions of "security" provided by the wiki.
1. Anyone can edit it to make the download link point wherever they want.
2. Not all plugins point to a forum thread, so if someone edited a plugin to point to an external website, people would go right ahead and download it anyway.
3. Even excluding anyone being able to edit it because its a wiki, it doesn't use HTTPS and is thus susceptible to man-in-the-middle attacks by corrupted routers. While it would be ridiculous to hack someone's router just to change a VO-wiki page that gets served to them, but nevertheless a security vulnerability.
How are you certain that Scuba Steve 9.1, who claims to have written TCS, is actually myself and not someone else uploading a maliciously modified copy of TCS?
Again, this is handled much better by VOUPR than by the VO-wiki. When you create a plugin, you are given sole managerial status over that plugin. You can add other managers as you wish, but only managers may edit details or upload versions, insuring that Scuba Steve 9.1 cannot. ;-)
And my biggest security problem is the free domain name.
As I've said, this is for testing purposes only; I'll migrate everything to a paid, (and slightly less shady) host as well as buy a domain name before unleashing this on the General forum. If you have any suggestions on good hosting sites, I would greatly appreciate it!
And again, if I'm a plugin developer (and hey I am), are you going to expect me to make sure the plugin hosted on my site and the one on yours are the same version myself?
This is also a lot easier in VOUPR then the current system. Instead of modifying a forum thread or website and then changing the VO-wiki entry, you can simply click 'Upload' and attach the compressed plugin directory.
You never answered my initial question of, "is this opt in?"
The plugin maintainers would ideally be the manager for each plugin, but like Ohloh's system they don't necessarily have to be. After a week on the General forum I'll probably just go through the wiki page and upload those that haven't been added already. I can always just transfer managerial status to them later.
Having to check more than one place to make sure people are getting the right version of plugin x, y, or z is going to end up multiplying work required to update a plugin and waste resources.
That's exactly what I'm trying to address in the first place. If you have a problem with the "My Plugins" page which allows you to easily see which versions you have and need, then I'll address that. If, however, you haven't even tried using it then I'm wasting my time.
Of course, if that were my only issue I would swallow my pride and ignore it. It's not the only issue, or even close to the biggest issue.
Then lets concentrate on getting the other issues addressed so you can "swallow your pride". :D
That's not to say I'm against a centralized plugin system! But doesn't VO-wiki already do this?
No. There are a few problems with the VO wiki that I wanted to address. First, there is no machine-readable standard for plugin presentation, which all but removes the possibility of ever having a plugin auto-updater. Second, the process of finding and downloading plugins involves reading through the list for something that seems useful, going to the forum thread or other website, finding the latest version and downloading it. I think this could be simplified and cleaned up with an interface and site specifically designed for this purpose. Third, if you have a dozen or so plugins installed, the process of keeping them all up to date or even checking if they're current is rather ridiculous. You go into the plugin's code, look for some version identifier, find the forum thread or website and compare. That can and has been radically simplified in VOUPR. I would encourage you to take a look at the site and test it out a little just to see what has been improved.
Being overly paranoid, security strikes me as one of biggest issues here. On the wiki, security is simple.
First, if you're going to be this paranoid, then lets dispense of any false illusions of "security" provided by the wiki.
1. Anyone can edit it to make the download link point wherever they want.
2. Not all plugins point to a forum thread, so if someone edited a plugin to point to an external website, people would go right ahead and download it anyway.
3. Even excluding anyone being able to edit it because its a wiki, it doesn't use HTTPS and is thus susceptible to man-in-the-middle attacks by corrupted routers. While it would be ridiculous to hack someone's router just to change a VO-wiki page that gets served to them, but nevertheless a security vulnerability.
How are you certain that Scuba Steve 9.1, who claims to have written TCS, is actually myself and not someone else uploading a maliciously modified copy of TCS?
Again, this is handled much better by VOUPR than by the VO-wiki. When you create a plugin, you are given sole managerial status over that plugin. You can add other managers as you wish, but only managers may edit details or upload versions, insuring that Scuba Steve 9.1 cannot. ;-)
And my biggest security problem is the free domain name.
As I've said, this is for testing purposes only; I'll migrate everything to a paid, (and slightly less shady) host as well as buy a domain name before unleashing this on the General forum. If you have any suggestions on good hosting sites, I would greatly appreciate it!
And again, if I'm a plugin developer (and hey I am), are you going to expect me to make sure the plugin hosted on my site and the one on yours are the same version myself?
This is also a lot easier in VOUPR then the current system. Instead of modifying a forum thread or website and then changing the VO-wiki entry, you can simply click 'Upload' and attach the compressed plugin directory.
You never answered my initial question of, "is this opt in?"
The plugin maintainers would ideally be the manager for each plugin, but like Ohloh's system they don't necessarily have to be. After a week on the General forum I'll probably just go through the wiki page and upload those that haven't been added already. I can always just transfer managerial status to them later.
Having to check more than one place to make sure people are getting the right version of plugin x, y, or z is going to end up multiplying work required to update a plugin and waste resources.
That's exactly what I'm trying to address in the first place. If you have a problem with the "My Plugins" page which allows you to easily see which versions you have and need, then I'll address that. If, however, you haven't even tried using it then I'm wasting my time.
Of course, if that were my only issue I would swallow my pride and ignore it. It's not the only issue, or even close to the biggest issue.
Then lets concentrate on getting the other issues addressed so you can "swallow your pride". :D
You never answered my initial question of, "is this opt in?"
The plugin maintainers would ideally be the manager for each plugin, but like Ohloh's system they don't necessarily have to be. After a week on the General forum I'll probably just go through the wiki page and upload those that haven't been added already. I can always just transfer managerial status to them later.
Now, i see that you want your site to have all plugins but if someone specifically says he doesn't want it i don't think you should upload them.
Or put just a link to their website instead of local downloads.
Btw of it being easier, that depends, if you don't have a place to host stuff, and will make the repo your main place to upload it might well be easy.
But if you are already putting it elsewhere it might not necessarily be.
Also, When you create a plugin, you are given sole managerial status over that plugin.
But that means that if plugin isn't yet uploaded someone other than the author may do so and become the manager, possibly without the author ever knowing.
The plugin maintainers would ideally be the manager for each plugin, but like Ohloh's system they don't necessarily have to be. After a week on the General forum I'll probably just go through the wiki page and upload those that haven't been added already. I can always just transfer managerial status to them later.
Now, i see that you want your site to have all plugins but if someone specifically says he doesn't want it i don't think you should upload them.
Or put just a link to their website instead of local downloads.
Btw of it being easier, that depends, if you don't have a place to host stuff, and will make the repo your main place to upload it might well be easy.
But if you are already putting it elsewhere it might not necessarily be.
Also, When you create a plugin, you are given sole managerial status over that plugin.
But that means that if plugin isn't yet uploaded someone other than the author may do so and become the manager, possibly without the author ever knowing.
The problem with that though, is that it makes auto-updating impossible by adding a non machine-readable page into the chain. The other problem is that I then have to start worrying about links dying and the like. That said though, I'll consider doing the external link thing if people have serious objections.
What would your serious objections be?
But that means that if plugin isn't yet uploaded someone other than the author may do so and become the manager, possibly without the author ever knowing.
Yeah, I thought of this after I'd posted too... :D There are a number of ways I can think of resolving this, none of which are that great.
1. Link VOUPR users to VO Forum users. This would require passing your VO username and password over a non SSL-ed connection though, which is bad...
2. Require plugins to be confirmed by a group of moderators first. This, of course, requires moderators.
3. Require users to make a confirmation code post on the forums to link their accounts. This clutters up the forums
4. Whenever a user creates a plugin it sends me an email and I check it over to make sure it's actually them. This involves more work for me.
Anyway, hopefully someone has a better idea!
EDIT: 5. Users must request special plugin maintainer status before they can register plugins. This way we would only have to confirm only plugin managers and the rest can use the current expedited registration.
What would your serious objections be?
But that means that if plugin isn't yet uploaded someone other than the author may do so and become the manager, possibly without the author ever knowing.
Yeah, I thought of this after I'd posted too... :D There are a number of ways I can think of resolving this, none of which are that great.
1. Link VOUPR users to VO Forum users. This would require passing your VO username and password over a non SSL-ed connection though, which is bad...
2. Require plugins to be confirmed by a group of moderators first. This, of course, requires moderators.
3. Require users to make a confirmation code post on the forums to link their accounts. This clutters up the forums
4. Whenever a user creates a plugin it sends me an email and I check it over to make sure it's actually them. This involves more work for me.
Anyway, hopefully someone has a better idea!
EDIT: 5. Users must request special plugin maintainer status before they can register plugins. This way we would only have to confirm only plugin managers and the rest can use the current expedited registration.
Changes:
*Added detailed description for command/key info
See: http://calder.byethost8.com/voplugins/plugin.php?name=combatassist
*Added detailed description for command/key info
See: http://calder.byethost8.com/voplugins/plugin.php?name=combatassist
Also it seems you don't list author anywhere, having my plugins listed without it would make me sad.
Ah, can do. We wouldn't want you to be said, Mick! ;-)
EDIT: Done.
Changes:
*Plugins now have an authors section in which to attribute credit
EDIT: Done.
Changes:
*Plugins now have an authors section in which to attribute credit
I've got to hand it to you; this is turning out to be very good. I'm very optimistic :-)
I can't log in now, apparently.
Thanks skelbley!
And sorry for the inconvenience, Mick. I had to switch the database's password storage over to MD5 hashes for cookie security, and that required resetting everyone's passwords. Explained here: http://www.vendetta-online.com/x/msgboard/9/22429?page=2#278741
Anyway, you can log in with six spaces as your password and then change it back on the Settings page.
And sorry for the inconvenience, Mick. I had to switch the database's password storage over to MD5 hashes for cookie security, and that required resetting everyone's passwords. Explained here: http://www.vendetta-online.com/x/msgboard/9/22429?page=2#278741
Anyway, you can log in with six spaces as your password and then change it back on the Settings page.
Ya know, would not a mail with randomly generated pass be kinda... safer?
Yeah, but you, skelbley and myself were the only people who had registered when I made that change, so I figured it wouldn't be too big a security flaw.
I might do that for a 'forgot password' feature though...
I might do that for a 'forgot password' feature though...
Ah, heh, fair enough :)
Actually, I think I'll just leave the 'Contact Admin' button at the bottom for when you lose your password. The problem is that you'd necessarily need to send a password email in plain-text, and I'm not sure about the encryption on the outgoing SMTP server.
Alright, CrazySpence has agreed to host the site, and it's now up and running downright snappily on the server here: http://www.voupr.com . I'll post on the General forum later this week if no-one has any suggestions on Spence's ad location.
The confirmation email needs to be updated to the new url.