open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: The Second Coming of Moondoggie
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 2 [3] 4 5

Author Topic

Joe Starbreaker
M. Corp
Posted - 2009.08.15 15:42:00 - [61]
 

Hallelujah!

WheatGrass
Silent but Friendly
Posted - 2009.08.15 16:58:00 - [62]
 

Thank you, Sir!

This looks SO good on 'paper'. I'll look forward to the test drive.Smile

Vorononv Circut
The Maverick Navy
IT Alliance
Posted - 2009.08.15 20:08:00 - [63]
 

Best dev blog EVER!

Agent Stone
Volition Cult
Fatal Ascension
Posted - 2009.08.15 20:59:00 - [64]
 

Awesome! Best news I have had this week!

Messoroz
AQUILA INC
Posted - 2009.08.15 22:00:00 - [65]
 

Edited by: Messoroz on 15/08/2009 22:00:15
Anyone with IGB sites should just shoot themselves if they complain about Moondoggie breaking things. I personally can't believe people use IGB sites.

Kessiaan
Minmatar
Vagrants Inc
Posted - 2009.08.16 02:13:00 - [66]
 

Edited by: Kessiaan on 16/08/2009 02:14:31
Sounds great!

But.. if CCP is using a 3rd party browser as the 'guts' of the new IGB, it's going to be a huge target for keyloggers. I can see it now - "BUY YOUR ISK AT <whatever URL>!" Click link, get keylogger.

But I have a lot more faith in Google than Microsoft at making code that won't crap out if you show it a funny image.


Abortion Engine
GoonFleet
Band of Brothers
Posted - 2009.08.16 03:47:00 - [67]
 

Quote:
Plus, unless they provide some PKI with this it's going to be as useless in trusting as the current IGB. HTTP headers are trivial to forge. What they need to do is generate RSA key pairs for every user and allow the public key to be retrieved via the API then use THAT for authentication.


Pulling this from elsewhere to post here.

Kirsten Fud
Shade.
Mercenary Coalition
Posted - 2009.08.16 04:13:00 - [68]
 

Originally by: Abortion Engine
Quote:
Plus, unless they provide some PKI with this it's going to be as useless in trusting as the current IGB. HTTP headers are trivial to forge. What they need to do is generate RSA key pairs for every user and allow the public key to be retrieved via the API then use THAT for authentication.


Pulling this from elsewhere to post here.


Agree!

This or OpenID providers, either would be perfect.

Twistalous
Gallente
Arkons of Myth
Aequitas Infinitas
Posted - 2009.08.16 06:05:00 - [69]
 

Originally by: Kirsten Fud
Originally by: Abortion Engine
Quote:
Plus, unless they provide some PKI with this it's going to be as useless in trusting as the current IGB. HTTP headers are trivial to forge. What they need to do is generate RSA key pairs for every user and allow the public key to be retrieved via the API then use THAT for authentication.


Pulling this from elsewhere to post here.


Agree!

This or OpenID providers, either would be perfect.



Honestly, it's not that hard to secure an IGB site. You just require them to log in with a password each time to use the site. They can forge headers all they want but if they don't know your password, they won't get in, no matter what their headers say.

Zex Maxwell
Caldari
Posted - 2009.08.16 08:02:00 - [70]
 

Ho-ly ****!
A feature that been around for ages is FINALLY getting an much needed upgrade. KICK ASS CCP!

Sade Onyx
Posted - 2009.08.16 12:19:00 - [71]
 

Am I missing something?

Is the blog indicating what they would like to do, are working on, or is coming imminently? ugh

Nice to blind us with complicated words and suedanims but when! is a subject given the widest birth that is only desired from a moon sized aseroid in close proximity to our planet earth.

Ix Forres
Caldari
Righteous Chaps
Posted - 2009.08.16 12:31:00 - [72]
 

Edited by: Ix Forres on 16/08/2009 12:31:42
Absolutely fantastic, but took you a while.

As others have said, the lack of any cryptographically secure mechanism for identifying users in the IGB is one of the major blockers for IGB websites. CCP setting up a key infrastructure such that public keys could be obtained via the API (given a character ID, no restrictions) and that private keys could be used to sign browser requests in the IGB (and perhaps could be leveraged in the API, too?) would make life a lot easier for devs.

I'm glad to see we'll finally get a proper browser and I'm looking forward to deleting all my IGB-specific templates in favour of simply handing out full-blown site templates with some extra javascript (assuming JS is used for these new functions). This of course assumes the on-paper implementation actually works and isn't burdened with bugs as the current IGB is.

Thanks for (finally) listening to us, CCP!

Serenity Steele
Dynamic Data Distribution
Posted - 2009.08.16 14:10:00 - [73]
 

Very exciting. Looking forward to getting a shot to use it on SiSi.

Derus Grobb
Minmatar
Selectus Pravus Lupus
Transmission Lost
Posted - 2009.08.16 20:58:00 - [74]
 

Great news, looks like they are doing it the right way.

Haradgrim
Systematic Mercantilism
Posted - 2009.08.16 22:01:00 - [75]
 

\o/

Thats some serious awesomeness, let the IGB revolution begin!

Zeba
Minmatar
Honourable East India Trading Company
Posted - 2009.08.16 22:47:00 - [76]
 

Holy crapola! How did I miss this. *cheers* *\o/*

Citrute
The High and Mighty
Posted - 2009.08.17 03:49:00 - [77]
 

Take some Win-And-A-Half, Multiply by pie and then sprinkle little bits of the Force™ on top, serve chilled. Very Happy

Lusulpher
Gallente
Posted - 2009.08.17 07:18:00 - [78]
 

http://princeofcode.com/awesomium.php

That first video, shows imbedded browsers are manipulatible 3D objects...that + this being in EVE + avatars(WiS) = HOLOGRAM CORP MEETING that has browser links to Enemy webpages for Intel, forums for combat plan ideas, and an imbedded "Big Board" for Tactical diagrams(online Notepad).

And everyone bookmarks it at the end...I think I just came a little.

Now that's how gamers[the best in existence]should game.

+1 Level to CCP Fanboyism, now at Level 7.\Razz/

Nareg Maxence
Gallente
Posted - 2009.08.17 08:01:00 - [79]
 

o/ awesomiumsauce.

Kronsur Boon
Posted - 2009.08.17 08:16:00 - [80]
 

Edited by: Kronsur Boon on 17/08/2009 10:41:08
Great to hear that CCP are using Chromium.

I really hope CCP fully implement the ability to whitelist and blacklist URLs. Fuctionality, like we see in the Firefox plugin NoScript, really needs to be included from the start.

Poreuomai
Minmatar
Mirkur Draug'Tyr
Ushra'Khan
Posted - 2009.08.17 10:42:00 - [81]
 

Quote:
Here at Team Slartibartfast, we want you to feel good. We want you to feel good and do it a lot.

Shocked

Elissen
Amarr
Viziam
Posted - 2009.08.17 10:48:00 - [82]
 

Most exciting news in a long time!

And o/ for linking to the Jumpplanner Very Happy

CCP Pleognost

Posted - 2009.08.17 11:31:00 - [83]
 

Originally by: D Gelalder
Now for some questions, as I prefer to browse around using a white-lists.
Meaning i have to give a site permission to to either store cookies or run java-scripts.
I would like to know if this will be possible with the "moondoggie".


We're already planning on locking-down plug-ins, and we're still investigating just how fine-grained we can make our controls for things like Cookies and scripting without making the browser a usability nightmare.

Originally by: D Gelalder
- Ability to define which headers are being send using the "trusted site".
For example, split them up in categories. Character, location, roles. This should be self-explanatory, but an example none the less: Lets take a travel planning site, the only info it would need is your current location. It doesn't need to know who you are or what your roles are.

Also ability to blacklist sites to stop them from asking would be nice.



We have the tools to do this internally, it's largely a question of whether we can expose this in a user-friendly way. We'll take a look at it.


Originally by: D Gelalder
- Ability to create "give money to.." links with target character or corp with amount and reason.
This should make things easier for corps that handle a lot of isk transfers, like payouts or banks or whatever else.



While we'd like to do stuff like this, it would also make website-driven fraud a lot easier to perpetrate. Any kind of browser-IGB interaction is going to require a full in-game confirmation prompt. That said, we can take a "give money" command under consideration.

CCP Pleognost

Posted - 2009.08.17 11:36:00 - [84]
 

Originally by: Taunting Yu
Glad to see this is coming around. The downside to the currently IGB-compatible webpages will be that many of them are no longer updated for various reasons (person has quit playing and left the site as a convenience to the rest of the world, etc).

It would be interesting to see some of the more typical websites being able to display. I have a feeling that if it requires a plug-in (such as Flash scripts and movies), it won't be supported, as that requires trust of CCP to allow in the client. I could be completely wrong, too. Comments, devs?


On the first note, we've developed a "compatibility tool" that corrects older IGB websites and should keep them mostly operational. It's just a bit of Javascript that we can run in the context of the older sites to correct hyperlinks, images and the like.

You're correct on plug-ins. We're currently planning to lock-down or disable all external plug-ins in Moondoggie - this means no Flash for the first release. We would all love to be able to view YouTube while fighting, though, so we'd like to revisit that in the future.

CCP Pleognost

Posted - 2009.08.17 11:43:00 - [85]
 

Originally by: Regat Kozovv
I'm absolutely ecstatic that CCP is taking security this seriously. However, should vulnerabilities be found in the Chromium toolkit (and no doubt they will in the future as more scrutiny is placed on it) then there's a chance that the IGB would be vulnerable in certain instances as well.


We have some plans on how to handle this contingency. One of the first things we discussed after we decided to integrate with Webkit and Awesomium was the potential impact of zero-day vulnerabilities. We've worked out an architecture for "Defcon 1" scenarios that will severely restrict the functionality of the IGB until a security update is available and integrated into EVE.

All we need now is a big red button to trigger it. Smile

CCP Pleognost

Posted - 2009.08.17 11:49:00 - [86]
 

Originally by: Dex Nederland
So...

1 - When is this coming? I have a site that will be getting a face lift because of it.

2 - Will the stack of utilities be made available to the public? or will we have to hunt for them?



1 - Our first release will coincide with the next EVE expansion. We're going to try to get a build onto SiSi ASAP. tl;dr: Soon™.

2 - Much of it, yes. There's a library of Javascript functions that IGB authors will need to use in order to do things like open Show-Info windows. We also have some compatibility scripts that you can run on a pre-Moondoggie IGB site to make it work in the new browser.

We're also planning to release some documentation on how to use it, of course. Smile

Darcon Kylote
Posted - 2009.08.17 12:04:00 - [87]
 

Originally by: Gnulpie
As good as these changes might be, I think there are MUCH MORE IMPORTANT things necessary to be fixed in Eve first.

The whole pos, corp, alliance interfaces for example. Alchemy, sov system, supercaps, epic arcs and and and. Fix the GAME STUFF first I would say (yeah, I know, some of that stuff will be tackled in the winter expansion).

...



Well, yeah.... I am a software architect at my job, and I find I often have to control the tendency of my developers to go after the shiny, fun, techie stuff (that users don't care about), and ignore the boring usability changes and such that'll make a real difference to the bottom line. Seems like someone needs to be doing more of this at CCP.

I would rather lose the IGB entirely if I could get just a handful more keyboard shortcuts for example.

Hel O'Ween
Men On A Mission
EVE Trade Consortium
Posted - 2009.08.17 12:37:00 - [88]
 

Originally by: Miraqu
I really don't like this. Eve is a game and a game should not be a browser.

If this supports flash, javascript and all the nice tools, it will also support many flash and java exploits and the other nice things like redirecting of links and tracking scripts and cookies.



This!

Basically, any website then might interact with "my" client? A very scary imagination. I do hope this is read only, like the EVE API. Although this is scary enough, at least no one can run away with your ISKies this way. And as we all know, for a long time CCP's logs "do show nothing", if that happens.

Banedon Runestar
Gallente
Gravity Mining and Manufacturing Inc
The Company LLC
Posted - 2009.08.17 14:09:00 - [89]
 

Congrats on finally making the IGB relavant, useful, and effective.
Now is there a time-line on making the same changes to EveOnline.com?

The first place I'd fix is the search function. It's broken, useless, and the fact that you can't find anythin has prevented most of my friends from even playing the trial. Quote: "If they can't take care of their webcode, they can't take care of their game code."

Fix your website and you'll have a half-dozen new paying accounts.

Casiella Truza
Ecliptic Rift
Posted - 2009.08.17 15:19:00 - [90]
 

Originally by: CCP Pleognost
You're correct on plug-ins. We're currently planning to lock-down or disable all external plug-ins in Moondoggie - this means no Flash for the first release. We would all love to be able to view YouTube while fighting, though, so we'd like to revisit that in the future.


The lack of Flash support is particularly disappointing. Maybe this one plugin can get installed while the ability to install others is disabled?


Pages: 1 2 [3] 4 5

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only