• Welcome to SC4 Devotion Forum Archives.

SC4D LEX Bug & Issue Reports

Started by CasperVg, November 11, 2013, 10:46:47 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Varnado

Quote from: Indiana Joe on June 16, 2014, 05:40:53 PM
That third party extension crap is ridiculous though.  Hopefully they'll change it back in the next update, they're getting plenty of complaints from power users.
Agreed 100% but I won't hold my breath. Sometimes you just have to submit your complaint to the right channel and take the bad with the good, especially when it comes to updates from Google and the specter of widespread security issues. It's not like there weren't already plenty of good reasons to keep multiple browsers/versions installed.

Quote from: CasperVg on June 17, 2014, 12:43:45 AM
The problem isn't that we are blocking third party extensions (we're not), the problem is that certain third party extensions are blocking the LEX functionalities. Extensions like NoScript, Ghostery, etc. by default block all JavaScript running on websites. That is usually done for privacy purposes (to avoid being tracked by Google, Facebook, etc. all over the internet with tracking scripts). However, the LEX doesn't use (and won't use) any of these scripts, which means you're not getting tracked.

So please, disable (or whitelist us on) those extensions to get the full LEX experience. Unfortunately I'm not a fulltime paid developer (it's all spare-time free work), so I don't have the time to develop workarounds for people who wish to disable Javascript on their browser).
I already said before that I don't block JavaScript or anything like that for SC4D. But just in case, I tried disabling all of my extensions and restarting again and I'm still getting the same very strange behavior I described in my last post. I have the most current updates I can get for Java and Flash Player too. Anything else you can think of on my end that might be causing this?
Check out my YouTube channel for dozens of hours of high quality SimCity 4 content and new videos uploaded regularly.

Indiana Joe

Quote from: CasperVg on June 17, 2014, 12:43:45 AM
The problem isn't that we are blocking third party extensions (we're not), the problem is that certain third party extensions are blocking the LEX functionalities. Extensions like NoScript, Ghostery, etc. by default block all JavaScript running on websites. That is usually done for privacy purposes (to avoid being tracked by Google, Facebook, etc. all over the internet with tracking scripts). However, the LEX doesn't use (and won't use) any of these scripts, which means you're not getting tracked.

So please, disable (or whitelist us on) those extensions to get the full LEX experience. Unfortunately I'm not a fulltime paid developer (it's all spare-time free work), so I don't have the time to develop workarounds for people who wish to disable Javascript on their browser).

I was not talking about the LEX, I was referring to the Google Chrome project. As Varnado mentioned, they disabled third-party extension functionality in the last Chrome update; Chrome users can now only download extensions through the Chrome Web Store.  It's an Apple-esque move, and very frustrating.  It's a completely separate issue from the LEX; it just came up in the discussion.    :thumbsup:

Girafe

Uploader tool => my files doesn t display "my files" but the last files uploaded by everybody  ::)
The Floraler

This is the end, hold your breath and count to ten, feel the earth move, and then...

*   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *    *   *   *   *   *    * 

vester

Was about to report the same.

Please bring it back.

Shadow Assassin

#24
I consider this a serious bug:

You are apparently sending passwords with login details via plain text using a GET request. This is a serious security flaw and really should be fixed as soon as possible.

Use POST instead, and the query string should be an encrypted hash.
New Horizons Productions
Berethor ♦ beskhu3epnm ♦ blade2k5 ♦ dedgren ♦ dmscopio ♦ Ennedi
emilin ♦ Heblem ♦ jplumbley ♦ moganite ♦ M4346 ♦ papab2000
Shadow Assassin ♦ Tarkus ♦ wouanagaine
See my uploads on the LEX!

JoeST

Using POST is no more secure, and having to hash it client side relies on javascript which is just as easily circumvented. The forum will only be sending your password in plaintext (over POST, but still), and so will 99% of other websites you use. I agree that that's a major flaw, but its a flaw with the web, not with how Casper is doing stuff, and yeah Casper could do better, but I don't think client-side hashing (at least on the web) is secure enough to be worth it. I'd suggest a much better way of making it secure is using https, at least for the login page.
Copperminds and Cuddleswarms

Shadow Assassin

No, I agree it's no more secure but it is still security through obscurity, which isn't really security by definition but it's something at least. As for hashing, a salted hash generated upon login (by the server) should be secure enough.

Or you know, why not implement something like OpenID?

I just don't like seeing my password being broadcast using a GET request. The web is by definition insecure, but anything that we can do to make the web more secure is welcome. ;)
New Horizons Productions
Berethor ♦ beskhu3epnm ♦ blade2k5 ♦ dedgren ♦ dmscopio ♦ Ennedi
emilin ♦ Heblem ♦ jplumbley ♦ moganite ♦ M4346 ♦ papab2000
Shadow Assassin ♦ Tarkus ♦ wouanagaine
See my uploads on the LEX!

CasperVg

#27
We are working to improve the situation, but the LEX is big and most of it is not programmed very well, so changes like user authentication can take awhile to get done, especially if you want to do it right. I'll do a few small tweaks in the meantime that should improve the situation at least a bit. Hopefully we can install some ssl/https certs as well, so that all LEX communication can be secured against eavesdropping as well.

EDIT: Login GET has been changed to login POST. Not a huge improvement, but it's something at least for now.
Follow my SimCity 4 Let's play on YouTube

memo

#28
All comments on the LEX seem to be missing. It says 0 comments for me in the comment section of each upload, some of which I know for sure had comments. Tested in Chrome and Firefox.

Edit: Oh well, I found the "old comments" link for the nostalgic at the bottom... When does a comment classify as old though? The latest comment on the LEX is three days old and is hidden, too. How about showing the last 10 comments with an option to load the rest?

Girafe

I follow Memo regarding the comments, it would be nice to bring them back.

Something else, in the last release, 2 were locked but it displays LEX CERTIFIED in red, should be LEX NOT CERTIFIED in orange or LEX LOCKED in red.

There is somewhere the list of LEX certified people, I have a doubt that catalyst is LEX certified uploader but I am maybe wrong.
The Floraler

This is the end, hold your breath and count to ten, feel the earth move, and then...

*   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *   *    *   *   *   *   *    * 

c.p.

Also, "Recent Comments" (under "Uploader Tools") is not showing the latest comments.  Which means the only way to check if there have been any problems posted to any of my recent uploads is to check the comments for each upload individually.  Which is not really feasible.  Fortunately, there are so few comments posted on the LEX now, there is a fairly good chance they will pop up as one of the random comments.  So I guess it's not a big deal for now. &mmm

CasperVg

#31
I was hoping to make people comment more often by switching to the Disqus-based system, but it appears that experiment failed. Everything has been reverted to the old comment system.

There is no public list of LEX Certified uploaders. It should display "Locked / Unavailable" now instead of LEX Certified.
Follow my SimCity 4 Let's play on YouTube

CasperVg

#32
Also, some of you might be happy to know that "My Files" works again for certified uploaders.

EDIT: And files with images higher than 188px will now show their thumbnail again (in search results), instead of the full (long) image.
Follow my SimCity 4 Let's play on YouTube