open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: In-game Browser new functions
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 2 [3]

Author Topic

Abinadi9
NerdHerd
Intrepid Crossing
Posted - 2011.04.01 18:08:00 - [61]
 

Originally by: CCP Orion
The goal of exposing you guys to these changes on SISI is to figure out a meaningful set of features without exposing players to grief and "electronic warfare".


Is there a road map beyond the current feature set on SISI for future features of the IGB? If so, would it be possible to get an idea of what CCP would like to do with it long term?

Maybe this already exists and I haven't searched long enough...

Salpun
Gallente
Paramount Commerce
Posted - 2011.04.01 18:25:00 - [62]
 

A dev blog of IGB tools all ready made and where to find them/ how to use them would be helpful, maybe add a forum header about them in the new forums. A specific api authorisation for the IGB would also be nice.

Abinadi9
NerdHerd
Intrepid Crossing
Posted - 2011.04.01 18:52:00 - [63]
 

Originally by: Salpun
A dev blog of IGB tools all ready made and where to find them/ how to use them would be helpful, maybe add a forum header about them in the new forums. A specific api authorisation for the IGB would also be nice.


There is a website, on the wiki that is pretty good for current development needs.

I think the IGB is a pretty good browser overall, but honestly I'd like to see things like "we do or do not plan on enabled plugins" in the future, here are a lot of the ideas we're considering, future javascript methods we're working on, etc. Once they hit SISI, it's cool and all but developers like to know where things are going so they can plan and think.


Salpun
Gallente
Paramount Commerce
Posted - 2011.04.01 19:01:00 - [64]
 

Thanks for the link. The masses will need pictures though before they will understand how helpful the IGB can be.

Ariane VoxDei
Posted - 2011.04.01 21:45:00 - [65]
 

Originally by: Salpun
Thanks for the link. The masses will need pictures though before they will understand how helpful the IGB can be.
Regarding security, something similar seems to be true.

"Yes yes, I trust your site, now, here, trust my fake headers... how can you refuse, I logged them from the users at my 'trusted' site."
Unless there is no access without a login - not merely based on having the right characterID or corpID in the header.
All too many think that headers = honest IGB = can be trusted.
While anyone with even rudimentary knowledge of the workings of HTTP requests knows that is it trivial to tamper with. Don't need any shady hacks.

With just a little slight of hand, you are always, if someone believes the headers:
in a titan
in system:jita
in region:insmother
in constellation:okkelen
in corp:goonwaffe
role:ceo/all
in alliance:IT
and you are:ricdic.
Of course all patently false and contradictory.

It's not that we are against functionality, but security has to come with it.

Also this sort of thing leaks too much information.
The API guys have realized this and are working on breaking down API access to custom keys, giving access to just those bits that you decide.

Going this way of "all or nothing" will just end in a lack of features or lack of adoptation, as people, and rightly so, refuse to use it.

Abramul
Gallente
StarFleet Enterprises
BricK sQuAD.
Posted - 2011.04.01 23:37:00 - [66]
 

Edited by: Abramul on 01/04/2011 23:37:39
Echoing one of the points several people have made, and adding a couple of my own:

1: It's essential that the user be able to control, site by site and browser-wide, exactly what functions can be used. Additionally, all actions beyond showinfo and such should pop a confirmation request, with the option to autoaccept that type of request for only the site you're on.

2: Sites need the option to verify at least character ID. Again, you'll want a confirmation request to the effect of "Yes, it's OK for CCP to confirm that I am, in fact, character X. I understand that this may allow the requesting site to connect my IP with my character." I have in my time playing seen only one application that used trusted-site functionality to verify user ID; the CVA KOS checker, which might as well have been public anyway. (API, on the other hand, is all over, and still isn't actual verification)

3: All actions initiated by trusted sites should cause audio notifications and log entries. Should range from a full "Autopilot route changed" to a beep for stuff like contact changes.

I would also recommend offering an ISK prize for successful (private) demonstrations of attacks using these features, even if you're confident they're impossible.

(P.S. Any chance of allowing the IGB to download files, even if only from Eveonline.com?)

Batolemaeus
Caldari
Free-Space-Ranger
Morsus Mihi
Posted - 2011.04.02 00:00:00 - [67]
 

Originally by: CCP Orion
Thanks for all the feedback, good stuff, contradicting perhaps but all good :)
The goal of exposing you guys to these changes on SISI is to figure out a meaningful set of features without exposing players to grief and "electronic warfare". The build currently on SISI is a first stab at that, we'll iterate on that the next weeks, and keep you posted on progress.
Cheers.


Does that mean you'll prevent automated convo spam ddos by limiting the igb functionality? Current GM ruling is that this is a game feature, and I'd be very sad to see it get limited. (I'd rather see the GMs responsible for this idiocy replaced with competent people instead of an actual developer nerfing functionality to partly compensate for the morons in the GM department who encourage people to abuse client flaws that would need to be fixed by someone else entirely..)


Nooo Waaaay
Posted - 2011.04.03 15:18:00 - [68]
 

Where can I get those fittingID data?

Dorn Val
Posted - 2011.04.05 06:21:00 - [69]
 

I'd like to see bigger buttons in the upper left hand corner so I can minimize the IGB without accidentally closing it -or is that how CCP griefs players :)

Also it would be cool to see Adobe Flash Player support -I think that's what You Tube uses. Very common to be on fleet ops and a corp mate will drop a video link into chat that he wants peeps to watch and I have to leave the game to see it.


Pages: 1 2 [3]

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only