Menu

LEX File Exchange
EA Support Files
SC4 Wikipedia
Network Addon Mod
Dependencies
Chat
Welcome, Guest. Please login or register.
Did you miss your activation email?

October 23, 2021, 06:47:54 PM

Login with username, password and session length

Author Topic: SC4D LEX Bug & Issue Reports  (Read 11495 times)

0 Members and 1 Guest are viewing this topic.

Offline Varnado

  • Forums Citizen
  • *
  • Posts: 39
  • Total likes: 0
  • Reputation: 0
  • Your slogan here
Re: SC4D LEX Bug & Issue Reports
« Reply #20 on: June 17, 2014, 07:36:15 PM »
That third party extension crap is ridiculous though.  Hopefully they'll change it back in the next update, they're getting plenty of complaints from power users.
Agreed 100% but I won't hold my breath. Sometimes you just have to submit your complaint to the right channel and take the bad with the good, especially when it comes to updates from Google and the specter of widespread security issues. It's not like there weren't already plenty of good reasons to keep multiple browsers/versions installed.

The problem isn't that we are blocking third party extensions (we're not), the problem is that certain third party extensions are blocking the LEX functionalities. Extensions like NoScript, Ghostery, etc. by default block all JavaScript running on websites. That is usually done for privacy purposes (to avoid being tracked by Google, Facebook, etc. all over the internet with tracking scripts). However, the LEX doesn't use (and won't use) any of these scripts, which means you're not getting tracked.

So please, disable (or whitelist us on) those extensions to get the full LEX experience. Unfortunately I'm not a fulltime paid developer (it's all spare-time free work), so I don't have the time to develop workarounds for people who wish to disable Javascript on their browser).
I already said before that I don't block JavaScript or anything like that for SC4D. But just in case, I tried disabling all of my extensions and restarting again and I'm still getting the same very strange behavior I described in my last post. I have the most current updates I can get for Java and Flash Player too. Anything else you can think of on my end that might be causing this?
Check out my YouTube channel for dozens of hours of high quality SimCity 4 content and new videos uploaded regularly.

Offline Indiana Joe

  • NAM Team
  • Forums Governor
  • *
  • Posts: 454
  • Total likes: 84
  • Reputation: 2
  • Of Fruit Flies and Bananas
Re: SC4D LEX Bug & Issue Reports
« Reply #21 on: June 17, 2014, 08:03:12 PM »
The problem isn't that we are blocking third party extensions (we're not), the problem is that certain third party extensions are blocking the LEX functionalities. Extensions like NoScript, Ghostery, etc. by default block all JavaScript running on websites. That is usually done for privacy purposes (to avoid being tracked by Google, Facebook, etc. all over the internet with tracking scripts). However, the LEX doesn't use (and won't use) any of these scripts, which means you're not getting tracked.

So please, disable (or whitelist us on) those extensions to get the full LEX experience. Unfortunately I'm not a fulltime paid developer (it's all spare-time free work), so I don't have the time to develop workarounds for people who wish to disable Javascript on their browser).

I was not talking about the LEX, I was referring to the Google Chrome project. As Varnado mentioned, they disabled third-party extension functionality in the last Chrome update; Chrome users can now only download extensions through the Chrome Web Store.  It's an Apple-esque move, and very frustrating.  It's a completely separate issue from the LEX; it just came up in the discussion.    :thumbsup:

Offline Girafe

  • Grand master
  • Administrator
  • Forums Guru
  • *
  • Posts: 3510
  • Total likes: 740
  • Reputation: 20
  • CL:
    Mother Nature's Son
Re: SC4D LEX Bug & Issue Reports
« Reply #22 on: August 30, 2014, 03:53:13 PM »
Uploader tool => my files doesn t display "my files" but the last files uploaded by everybody  ::)
The Floraler

This is the end, hold your breath and count to ten, feel the earth move, and then...

*   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *    *   *   *   *   *    * 

Offline vester

  • Administrator
  • Forums Legend
  • *
  • Posts: 4843
  • Total likes: 695
  • Reputation: 28
    • My bat cave.
  • CL: Tickets Please
Re: SC4D LEX Bug & Issue Reports
« Reply #23 on: October 21, 2014, 04:30:50 PM »
Was about to report the same.

Please bring it back.

Offline Shadow Assassin

  • NAM Team
  • Forums Guru
  • *
  • Posts: 3232
  • Total likes: 12
  • Reputation: 25
  • Needs more cowbell.
  • CL: The Grid Reaper
Re: SC4D LEX Bug & Issue Reports
« Reply #24 on: December 05, 2014, 11:31:48 PM »
I consider this a serious bug:

You are apparently sending passwords with login details via plain text using a GET request. This is a serious security flaw and really should be fixed as soon as possible.

Use POST instead, and the query string should be an encrypted hash.
« Last Edit: December 05, 2014, 11:43:57 PM by Shadow Assassin »
New Horizons Productions
Berethor ♦ beskhu3epnm ♦ blade2k5 ♦ dedgren ♦ dmscopio ♦ Ennedi
emilin ♦ Heblem ♦ jplumbley ♦ moganite ♦ M4346 ♦ papab2000
Shadow Assassin ♦ Tarkus ♦ wouanagaine
See my uploads on the LEX!

Offline JoeST

  • Moderator
  • Forums Guru
  • *
  • Posts: 2648
  • Total likes: 15
  • Reputation: 10
  • fbstj
  • CL: Not your average...
Re: SC4D LEX Bug & Issue Reports
« Reply #25 on: December 06, 2014, 06:18:37 AM »
Using POST is no more secure, and having to hash it client side relies on javascript which is just as easily circumvented. The forum will only be sending your password in plaintext (over POST, but still), and so will 99% of other websites you use. I agree that that's a major flaw, but its a flaw with the web, not with how Casper is doing stuff, and yeah Casper could do better, but I don't think client-side hashing (at least on the web) is secure enough to be worth it. I'd suggest a much better way of making it secure is using https, at least for the login page.
Copperminds and Cuddleswarms

Offline Shadow Assassin

  • NAM Team
  • Forums Guru
  • *
  • Posts: 3232
  • Total likes: 12
  • Reputation: 25
  • Needs more cowbell.
  • CL: The Grid Reaper
Re: SC4D LEX Bug & Issue Reports
« Reply #26 on: December 06, 2014, 07:38:20 AM »
No, I agree it's no more secure but it is still security through obscurity, which isn't really security by definition but it's something at least. As for hashing, a salted hash generated upon login (by the server) should be secure enough.

Or you know, why not implement something like OpenID?

I just don't like seeing my password being broadcast using a GET request. The web is by definition insecure, but anything that we can do to make the web more secure is welcome. ;)
New Horizons Productions
Berethor ♦ beskhu3epnm ♦ blade2k5 ♦ dedgren ♦ dmscopio ♦ Ennedi
emilin ♦ Heblem ♦ jplumbley ♦ moganite ♦ M4346 ♦ papab2000
Shadow Assassin ♦ Tarkus ♦ wouanagaine
See my uploads on the LEX!

Offline CasperVg

  • Administrator
  • Forums Guru
  • *
  • Posts: 2890
  • Total likes: 444
  • Reputation: 47
  • CL:
    The Go-To Guy!!
Re: SC4D LEX Bug & Issue Reports
« Reply #27 on: December 06, 2014, 08:27:17 AM »
We are working to improve the situation, but the LEX is big and most of it is not programmed very well, so changes like user authentication can take awhile to get done, especially if you want to do it right. I'll do a few small tweaks in the meantime that should improve the situation at least a bit. Hopefully we can install some ssl/https certs as well, so that all LEX communication can be secured against eavesdropping as well.

EDIT: Login GET has been changed to login POST. Not a huge improvement, but it's something at least for now.
« Last Edit: December 06, 2014, 01:23:16 PM by CasperVg »
Follow my SimCity 4 Let's play on YouTube

Offline memo

  • NAM Team
  • Forums Parliamentarian
  • *
  • Posts: 1765
  • Total likes: 24
  • Reputation: 34
  • I like onions.
  • CL: RULin' RULin' RULin'
Re: SC4D LEX Bug & Issue Reports
« Reply #28 on: December 16, 2014, 02:38:57 AM »
All comments on the LEX seem to be missing. It says 0 comments for me in the comment section of each upload, some of which I know for sure had comments. Tested in Chrome and Firefox.

Edit: Oh well, I found the "old comments" link for the nostalgic at the bottom… When does a comment classify as old though? The latest comment on the LEX is three days old and is hidden, too. How about showing the last 10 comments with an option to load the rest?
« Last Edit: December 16, 2014, 02:44:19 AM by memo »

Offline Girafe

  • Grand master
  • Administrator
  • Forums Guru
  • *
  • Posts: 3510
  • Total likes: 740
  • Reputation: 20
  • CL:
    Mother Nature's Son
Re: SC4D LEX Bug & Issue Reports
« Reply #29 on: January 09, 2015, 06:04:37 AM »
I follow Memo regarding the comments, it would be nice to bring them back.

Something else, in the last release, 2 were locked but it displays LEX CERTIFIED in red, should be LEX NOT CERTIFIED in orange or LEX LOCKED in red.

There is somewhere the list of LEX certified people, I have a doubt that catalyst is LEX certified uploader but I am maybe wrong.
The Floraler

This is the end, hold your breath and count to ten, feel the earth move, and then...

*   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *    *   *   *   *   *    * 

Offline c.p.

  • BSC Team
  • Forums Senator
  • *
  • Posts: 645
  • Total likes: 902
  • Reputation: 12
  • CL:
    SC4D Green Thumb
Re: SC4D LEX Bug & Issue Reports
« Reply #30 on: January 09, 2015, 10:37:59 AM »
Also, "Recent Comments" (under "Uploader Tools") is not showing the latest comments.  Which means the only way to check if there have been any problems posted to any of my recent uploads is to check the comments for each upload individually.  Which is not really feasible.  Fortunately, there are so few comments posted on the LEX now, there is a fairly good chance they will pop up as one of the random comments.  So I guess it's not a big deal for now. &mmm

Offline CasperVg

  • Administrator
  • Forums Guru
  • *
  • Posts: 2890
  • Total likes: 444
  • Reputation: 47
  • CL:
    The Go-To Guy!!
Re: SC4D LEX Bug & Issue Reports
« Reply #31 on: January 10, 2015, 06:23:49 AM »
I was hoping to make people comment more often by switching to the Disqus-based system, but it appears that experiment failed. Everything has been reverted to the old comment system.

There is no public list of LEX Certified uploaders. It should display "Locked / Unavailable" now instead of LEX Certified.
« Last Edit: January 10, 2015, 06:26:51 AM by CasperVg »
Follow my SimCity 4 Let's play on YouTube

Offline CasperVg

  • Administrator
  • Forums Guru
  • *
  • Posts: 2890
  • Total likes: 444
  • Reputation: 47
  • CL:
    The Go-To Guy!!
Re: SC4D LEX Bug & Issue Reports
« Reply #32 on: January 10, 2015, 06:32:04 AM »
Also, some of you might be happy to know that "My Files" works again for certified uploaders.

EDIT: And files with images higher than 188px will now show their thumbnail again (in search results), instead of the full (long) image.
« Last Edit: January 10, 2015, 06:40:32 AM by CasperVg »
Follow my SimCity 4 Let's play on YouTube