Lots of drama here… jees
I brought evidentes, only evidentes of exploits from addons creators.
So, maybe IMC can “wake up” and do anything more relevant than show lists of banneds “random named bots”.
Fact:: The client has a serious security flaw.
ALL of others shitposts, dramas, paranoias, haters and children fighting, are irrelevants.
My " job" here is done, IMC see this topic, bye haters, thanks for the audience, I can always count with you all.
Oh, OP here. Bye!
This post was flagged by the community and is temporarily hidden.
Personally, not seeing spam bot shouts/private messages is way better than potentially lowering my bot reporting score (I forgot the term).
Its quite comical how far this bait has lasted.
Does no one actually know how to make a fake account using another persons name or alias? Because doing minor amounts of research proves excrulon stopped making new add-on’s ages ago.
While I dont personally use them his final add-on which includes the map viewer is the only thing he last updated.
Edit: Before trolls attempt defending fraud. Let’s remember if it was really a site designed by Michael then he would have had the power to ban/delete and hide view of his work from this moron.
I got my Arde dagger today!! I’m soo happy!!
If they were to ever ban addons, they’d better implement the exploring addon into the base game or I swear to god I’ll kick you all in the nuts for getting them banned.
Thats the point. Where do you put the red line? I don’t want to miss the exp viewer, the map exploration addon, the enhanced collection addon, and a few more… and they dont cause any issues at all.
But… (1) everybody will claim that his addons dont cause shi* to happen, so (2) we need a verification process, which (3) costs fuc*tons of money, so (4) we wont get it, so (5) we wont get any addons at all.
And I dont threaten to quit often, in fact I havent in ToS at all and this is the very first time, but playing without addons doesnt look like an option to me right now…
Yeah ban the addons kill the game, kill the game, do it like you did with the Guild VS Guild and see how the people start leaving the game, kill the game with your holiness.
Yeah, I told him to ■■■■ off because he was acting entitled and demanding I do stuff for him. I closed the issues section for my repos now and am no longer helping people on getting stuff working because the community is awful.
These exploits to open any window anywhere have been known and reported since beta and imc hasn’t cared to fix them. There’s nothing wrong with native addons itself. Any competent software company/programmer knows that you never trust the client. It’s up to imc to code their game properly so you can’t do this stuff without server-side validation. This is nothing specific to addons. Every game needs proper server-side validation.
Finding these things while doing addons only makes the game more secure. One exploit I found and reported privately to imc was responded to and has already been fixed, for example. This is how wow has always handled it. They remove client-side access to stuff that they don’t want people using in their mods.
Disappointed but not surprised.
amen to that. looked like a spoiled brat getting the smack in the face that he deserved.
and really, with the Addon Manager out now, if people still “need” help, there’s probably nothing that can be done for them anyway.
(ps: a million thanks for getting context menu additions updated! and a million more for everything else!)
this was actually my first thought: well maybe it’s private because they know it’s kinda exploity, and they’re just doing it to point it out? like, “Hey IMC… we’re probably not supposed to be able to do this right? maybe you should plug up the coding so that we actually can’t.”
honestly, for a couple of people that have given so much to this community and this game already, a lot of people seem really eager to jump onto any -whisper- of a scandal screaming “i told you so, i knew they had to be up to no good!”…
i don’t pretend to be any paragon of virtue myself, but this is too painfully accurate.
we, as a community, need to get our sh*t together, and stop acting like such a bunch of whiny, self-entitled asses.
So what’s your point ?
Basically you’re bashing fiote when he did nothing wrong (but leaking private addons by inadvertance).
Afaik, he hasn’t purposely made theses discutable addons public. Having him as a commiter on a mirror repo doesn’t make him a confirmed exploiter either.
wow just wow, you must be some top tier retard, HI LOOK EVERYONE, this is how you can hack the game, this is like going to a school yard and handing kids porn. (epic facepalm)
Let’s all bash Fiote for trying to fix the bug!
@Mirara How I know that din’t report the bug to IMC? Because he is trying to disappear with the evidences? because the remove everything including the commit history? But It’s ‘bult-in’ on the code from ALL cw* addons too, you can see here:
Search for “cx”…
Probably now I showed it for you he will try to delete it again, but it will be useless, because anyone can open the previous addons that he released in ipf format, and extract the lua code and will find the checkings for “cx” addons.
Or he will try to make it look like there is no problem:
You can do what you want, but have to handle the consequences of their actions.
You can’t just look at a screenshot of a few lines of code and come to a conclusion about what everything here is actually doing. Just like you can’t open a book, turn half way into the book, read one paragraph and suddenly understand the whole story.
Without being able to examine the code from what cxScanner is really doing, there’s no way to come to any conclusion both negative nor positive. Therefore it’s all slander. Assuming you are right and the codes are written as a means to call a blacksmith from anywhere and datamine the market, there is no proof of malicious intent or of them being “officially supported”. If these modders are reporting things back to IMC after discovering security issues then they are doing a great service to everyone here by doing this. (It’s the basic idea behind white hat hacking. Discovering security issues so that they can be patched up and it’s honorable and respectable.)
Also what’s wrong with him not wanting his code to be shared here? So he may not have understood the ToS of how GitHub works, oh well, he didn’t sound like a particular ass hole in that post and was perfectly reasonable. Just because he doesn’t want his code shared before it goes public officially doesn’t imply he’s doing anything “suspicious”.
Not trying to sound like a “white knight” here but I’m just seeing things for what they are since I am a programmer myself.
No… no “white knight”, only blind and deaf.
Your REALLY believe your own words?
Nothing wrong with this code, Mr Programmer:
https://raw.githubusercontent.com/michellorel/ToS-Addons/master/cxanywhere/cxanywhere.lua
Yep… Reported to IMC, SURE!
https://github.com/michellorel/ToS-Addons/commit/b70161f9ddb75659010dd7ad77762dd3edde403e
https://github.com/michellorel/ToS-Addons/commit/81867a3066f5be36ceafbd460e73e90eb31d5e9c
Keep defend blindly, will not change anything anyway. What are done, are done.
Okay, you are right. They are for the market and shop system. They seem to be trying to make the shops be accessible from anywhere and some code I saw may be trying to allow the market to be accessible from anywhere as well, not just scanning and logging the market.
It proves that there’s security loopholes in the game which people have admitted already. It doesn’t prove that these modders are trying to exploit the game, help RMTers and encourage cheating.
Do you have absolute, irrefutable evidence that these modders are trying to exploit the game, help RMTers or encourage cheating? If not, then I’m going to assume that these modders were messing around and, as he mentioned above, submitting security issues to IMC that he’s discovered.
Do you deny that it may be beneficial for modders to discover these issues and report it back to IMC?
you’ve -decided- that he is acting against ToS, and and then you choose to see everything after that as evidence of his wrongdoing.
yes, because you can see his private communications with IMC, right? so you -know- exactly what he’s done or not done.
and it’s his code that he wrote. does he not have -some- right to say “not ready for public yet, please don’t share it” ?
…
btw, for all you people that don’t get it…
-this- is literally white-knighting.
we’re defending this guy… but -we- don’t know either.
what we know is that he’s done a lot of good things for the community.
these private mods -might- be for good or for bad.
…maybe they want to make the market/etc accessible anywhere, in ways that IMC did not intend.
…or maybe they’re doing it to point out to IMC that there are security holes that need patching.
we don’t -know- for certain what their objective is.
but we do know that, no matter how much you protest, you don’t actually know either.
