Forums » Suggestions
PaKettle, get your reading up to date in the RP section. Obviously you haven't visited there for a while.
I'm not sure a super-obvious joke snippet that no sane person would ever run really counts as the sort of "NEFARIOUS SMOKING GUN" you guys are freaking about.
I'm guessing it's a matter of just being afraid of things you don't know anything about. The fact is, Jews don't drink christian blood in weird rituals, transsexuals aren't in your bathrooms to rape you and while plugins do suck*, there is no epidemic of evil vo hackers stealing your private data.
Sure, it does happen (thanks TGFT!) but removing a function to appease a frothing tide of moral indignation is a crazy way to deal with these sorts of situations.
--------
* Plugins are, as a rule, poorly written, completely unsupported by their authors and have a tendency to break from time to time, either because of an update to the game or because you installed some other plugin that interacts unexpectedly with the existing ones. Just have a scroll through bugs forums.
The worst part is, even if everything goes as it's supposed to, once you install a plugin, you change your experience of the game. That means that when you ask a question, there is less of a chance that other people online know what you're talking about. And if you try to answer a question, Once you install three plugins, chances are, you're the only person playing with that exact combination. Good luck.
I'm guessing it's a matter of just being afraid of things you don't know anything about. The fact is, Jews don't drink christian blood in weird rituals, transsexuals aren't in your bathrooms to rape you and while plugins do suck*, there is no epidemic of evil vo hackers stealing your private data.
Sure, it does happen (thanks TGFT!) but removing a function to appease a frothing tide of moral indignation is a crazy way to deal with these sorts of situations.
--------
* Plugins are, as a rule, poorly written, completely unsupported by their authors and have a tendency to break from time to time, either because of an update to the game or because you installed some other plugin that interacts unexpectedly with the existing ones. Just have a scroll through bugs forums.
The worst part is, even if everything goes as it's supposed to, once you install a plugin, you change your experience of the game. That means that when you ask a question, there is less of a chance that other people online know what you're talking about. And if you try to answer a question, Once you install three plugins, chances are, you're the only person playing with that exact combination. Good luck.
"I'm guessing it's a matter of just being afraid of things you don't know anything about. The fact is, Jews don't drink christian blood in weird rituals, transsexuals aren't in your bathrooms to rape you"
I'm oddly saddened and disappointed to learn this....
I'm oddly saddened and disappointed to learn this....
We're getting rid of code-obfuscation via usage of ascii-codes.
But I'm not removing this function entirely.
We will eventually add a security/permission system that is per-function, so plugins have to be specifically enabled to have access to the network, or messaging people, or functions like this.
But, we're super busy right now and that may be a little while yet.
In the meantime, don't run plugins you don't understand. The community could also nominate people they trust to do periodic code-reviews, like Draugath or Fluffy or whomever, to help this issue. Particular checksums could be posted on audited versions, etc.
We do not have time to audit plugin code, or the money to pay anyone else to do it.. which is a big part of why we don't have a centralized repository or an "easy" installation system, as both of those would imply tacit approval of the plugin contents and functionality. Thus, it will continue to be a pain in the ass, and a use-at-your-own-risk issue for the time being.
But I'm not removing this function entirely.
We will eventually add a security/permission system that is per-function, so plugins have to be specifically enabled to have access to the network, or messaging people, or functions like this.
But, we're super busy right now and that may be a little while yet.
In the meantime, don't run plugins you don't understand. The community could also nominate people they trust to do periodic code-reviews, like Draugath or Fluffy or whomever, to help this issue. Particular checksums could be posted on audited versions, etc.
We do not have time to audit plugin code, or the money to pay anyone else to do it.. which is a big part of why we don't have a centralized repository or an "easy" installation system, as both of those would imply tacit approval of the plugin contents and functionality. Thus, it will continue to be a pain in the ass, and a use-at-your-own-risk issue for the time being.
-1
"I assure you, this scammer plugin that seeks to out your alts is not on Voupr along with many other nefarious plugins that players keep secret."
Well then, it sounds like you just solved the problem without the devs having to do anything at all.
Well then, it sounds like you just solved the problem without the devs having to do anything at all.
What problem have I solved Pizza? I've just pointed out that anyone can hide their code wherever they like and not share it. But hey, why would you want to share your code that outs alts anyway right?
-1 fake news
lol As if the TGFT plug-in scams weren't lesson enough.
"What problem have I solved Pizza? I've just pointed out that anyone can hide their code wherever they like and not share it. But hey, why would you want to share your code that outs alts anyway right?"
You seem to be operating on the assumption that a secret private plugin can somehow out the alts of other players who do not actually install the plugin. That is not supposed to be possible; if it is, it's a bug and exploit that needs to be reported to the devs. Anyway, what this thread is about is mitigating the risk of trojan plugins -- plugins which perform malicious actions against the will of the user. Whatever issues you have with non-shared plugins are completely outside its scope.
You seem to be operating on the assumption that a secret private plugin can somehow out the alts of other players who do not actually install the plugin. That is not supposed to be possible; if it is, it's a bug and exploit that needs to be reported to the devs. Anyway, what this thread is about is mitigating the risk of trojan plugins -- plugins which perform malicious actions against the will of the user. Whatever issues you have with non-shared plugins are completely outside its scope.
Here's a novel idea, take the most popular common plugins and make them actually part of the game. Targetless, multi-aim, trade assist, honk, captains kit etc etc.
"You seem to be operating on the assumption that a secret private plugin can somehow out the alts of other players who do not actually install the plugin."
Nope, you've misunderstood.
"Anyway, what this thread is about is mitigating the risk of trojan plugins..."
Yep, that IS what I'm talking about. A vetted plugin system could do this. Even if the code is unobfuscated, doesn't mean that a player is going to fully understand the functions of said plugin or that a programmer will necessarily spell it out for you.
Guild will take the path of least resistance. Seems like a job for the PCC to me.
Nope, you've misunderstood.
"Anyway, what this thread is about is mitigating the risk of trojan plugins..."
Yep, that IS what I'm talking about. A vetted plugin system could do this. Even if the code is unobfuscated, doesn't mean that a player is going to fully understand the functions of said plugin or that a programmer will necessarily spell it out for you.
Guild will take the path of least resistance. Seems like a job for the PCC to me.
Well, that's why I suggested a community-driven code audit, with checksums posted of the audited versions.
Basically similar to what we do with our Linux downloads.
Basically similar to what we do with our Linux downloads.
Awww man....code-obfuscation via usage of ascii-codes is so much fun though. lulzzzzzzzz
Well, in that case I'm not sure why you didn't understand what I was saying, Ore. Were you being sarcastic when you said "I assure you, this scammer plugin that seeks to out your alts is not on Voupr along with many other nefarious plugins that players keep secret"? That would explain the confusion we're having, because I interpreted that statement literally.
Obfuscation of code is a bad idea for most normal programming. The practice just screams hacker...
There is no reason for a plug-in to use such code.
Any code that is suspect should be posted in the general forum for everyone to review so that everyone will be aware of its true nature.
Allowing any software on your computer that isn't subject to this type of inspection is a severe risk..
Stick to reputable plugs and authors..
There is no reason for a plug-in to use such code.
Any code that is suspect should be posted in the general forum for everyone to review so that everyone will be aware of its true nature.
Allowing any software on your computer that isn't subject to this type of inspection is a severe risk..
Stick to reputable plugs and authors..
+1 to myacumen.
Targetless etc should be part of the game for everyone
Targetless etc should be part of the game for everyone
"that a secret private plugin can somehow out the alts of other players who do not actually install the plugin"
at what point did I say this Rin?
at what point did I say this Rin?
I never said that you said that. I said that you appeared to believe it. This was based on your repeated comments about secret plugins in the middle of a discussion about alt-outing plugins, as though secret plugins are a part of that problem.
There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies. — C.A.R. Hoare, The 1980 ACM Turing Award Lecture
A well written program is obviously well written just by reading it. If you can't read it, then it sucks. Don't run it. -- Roda Slane
A well written program is obviously well written just by reading it. If you can't read it, then it sucks. Don't run it. -- Roda Slane