open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: Hours for PLEX temporarily disabled
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

CCP Shadow


C C P
C C P Alliance
Posted - 2011.03.11 00:37:00 - [1]
 

CCP has had to temporarily disable the Hours for PLEX feature in Account Management. See GM Grimmi's dev blog for more details.

Virtuozzo
The Collective
Against ALL Authorities
Posted - 2011.03.11 00:44:00 - [2]
 

Never underestimate the capacity and will of subscribers for excess, insanity and devious behaviour Cool

If I may ask, what about the votes folks brought out via this feature?


Patient 2428190
DEGRREE'Fo'FREE Internet Business School
Posted - 2011.03.11 00:59:00 - [3]
 

Wouldn't having more people vote be a good thing for the PR campaign that is the CSM?

Meissa Anunthiel
Redshift Industrial
Rooks and Kings
Posted - 2011.03.11 01:00:00 - [4]
 

While you're at it, you may want to check how many voters have made use of the temporarily 5 day reactivation offer received through email without actually doing anything but vote...

Raser Moonstrider
Raser Industries
Posted - 2011.03.11 01:27:00 - [5]
 

Edited by: Raser Moonstrider on 11/03/2011 01:29:02
Originally by: Patient 2428190
Wouldn't having more people vote be a good thing for the PR campaign that is the CSM?


Yes...except that the majority of the players who are likely to have reactivated their accounts for voting are the ones that have 6+ accounts that they only keep a couple active at a time. There are some alliances that would seriously abuse that to get their "choice" candidate into CSM.

On a different note, I wouldn't think it would be that hard to flag an account as being on the 4-hour grace period, and simply not letting them have access to the voting section.

PC l0adletter
Posted - 2011.03.11 01:49:00 - [6]
 

Originally by: Patient 2428190
Wouldn't having more people vote be a good thing for the PR campaign that is the CSM?



Ah, yes, the age-old debate: incompetent or manipulative?

Matalino
Posted - 2011.03.11 02:49:00 - [7]
 

Edited by: Matalino on 11/03/2011 02:51:31
Originally by: Patient 2428190
Wouldn't having more people vote be a good thing for the PR campaign that is the CSM?

As has been noted by others, this exploit does not increase the number of people voting, just the number of times people vote.


PS - Just turn it off until after the elections, then turn it back on. By the time elections come up again next year, I am sure that a proper fix can be implemented to prevent accounts from using the "Hours for PLEX" feature to vote. If not, just turn it off again while running elections until a fix can be made.

Callic Veratar
Posted - 2011.03.11 05:12:00 - [8]
 

I'm not sure if this has been considered: Don't allow trial accounts to vote in the CSM (pretty sure this is the case already) and flag a 4-hour reactivated as Trial until a PLEX is activated.

AnonyTerrorNinja
Minmatar
Atomic Geese
Posted - 2011.03.11 06:35:00 - [9]
 

By doing that, those that happen to have already purchased their plex only to realise their temporarily reactivated account is flagged as a trial are unable to contract over the plex nor run that account simultaneously with an active account for an in-station trade.


The 72-hour forums and API restriction would be far more fitting for such a limitation.

Ban Doga
Posted - 2011.03.11 07:44:00 - [10]
 

It is too bad that this great idea was overshadowed by abuse for the voting.

However, I'm sure that an internal brain storming about "How could players abuse this when we introduce it now" could have come up with something close to that.
I hope you'll have better luck next (you sure could use it).

Another way could be to simply ask your community or the CSM before releasing such a feature.
Somehow I thought that's precisely one of the things the CSM was there for... *shrug*.

Chribba
Otherworld Enterprises
Otherworld Empire
Posted - 2011.03.11 08:26:00 - [11]
 

lol

Best of luck and looking forward to its return.

/c

ACESsiggy
Gallente
Posted - 2011.03.11 08:29:00 - [12]
 

Edited by: ACESsiggy on 11/03/2011 08:29:39
At least this isn't Bush versus Gore again. I'm sure CCP will make sure the right canidate gets voted in :)

Shandir
Minmatar
Brutor Tribe
Posted - 2011.03.11 10:26:00 - [13]
 

Can you please ensure that the fraudulent votes made by players abusing this function are eaten by a poodle?

Mynas Atoch
Eternity INC.
Goonswarm Federation
Posted - 2011.03.11 11:27:00 - [14]
 

Edited by: Mynas Atoch on 11/03/2011 11:29:33

Do ANY CCP employees play this game?

Where were QA in this? They are the guys who are PAID to catch fumbles and see the exploits.

How the heck could you NOT think of this within five seconds of hearing about the feature, nevermind when you are reviewing the design?

Laughing

Ariane VoxDei
Posted - 2011.03.11 13:56:00 - [15]
 

Things like this is why I have such soft spot for this otherwise rather vile community and keep hanging around.

Probably the best group of impressively sneaky bastards gathered in one place. EvE ftw.


Borgh Brainbasher
Saint Industrial Services
STEEL BROTHERHOOD
Posted - 2011.03.11 13:58:00 - [16]
 

Originally by: Ariane VoxDei
Things like this is why I have such soft spot for this otherwise rather vile community and keep hanging around.

Probably the best group of impressively sneaky bastards gathered in one place. EvE ftw.



it does seem like a celebration of the spirit of eve.

TorTorden
Amarr
Posted - 2011.03.11 15:19:00 - [17]
 

Originally by: Mynas Atoch
Edited by: Mynas Atoch on 11/03/2011 11:29:33

Do ANY CCP employees play this game?

Where were QA in this? They are the guys who are PAID to catch fumbles and see the exploits.

How the heck could you NOT think of this within five seconds of hearing about the feature, nevermind when you are reviewing the design?

Laughing


What he said, I would have also thought that having an account run out of subtime should reset the requirement for an account to be 30+ days old to cast a vote, but then again ccp probably just chekcs timestamp for the first sub activiation of the account ?
Maybe time to look at some of your queries again perhaps ?

Andrea Griffin
Posted - 2011.03.11 16:22:00 - [18]
 

THIS IS WHY WE CANNOT HAVE NICE THINGS.

I am laughing my butt off though. This is why I love Eve. Very Happy

I'm sure that CCP will chuck out votes from characters that were temporarily reactivated but then never had a PLEX applied.

Trebor Daehdoow
Gallente
Sane Industries Inc.
Posted - 2011.03.11 17:37:00 - [19]
 

Fear not, the CSM is on the case.

We shall not allow this election to be tainted by the graveyard vote.

This is EVE, not Chicago! We have standards!

Chainsaw Plankton
IDLE GUNS
IDLE EMPIRE
Posted - 2011.03.11 19:52:00 - [20]
 

I was thinking this was accounted for by the 30 day bit, but that is alive for 30+ days and not active for 30+ days >.<

captain foivos
Posted - 2011.03.11 19:58:00 - [21]
 

Just gonna point out to whatever CCP person happens to read this:

4 hours is enough time to clean out an account. Now, normally, I'd assume that would be enough information for you to get the point, but given recent events...

4 hours is enough time to clean out an account, which will lead to instances of inactive accounts being resubscribed and the owner finding out all their stuff was taken/destroyed months or years earlier.

Get rid of the 4-hour timer, permanently.

Surely I wasn't the only person to realize this...

SXYGeeK
Gallente
do you
Posted - 2011.03.11 20:12:00 - [22]
 

Originally by: captain foivos
Just gonna point out to whatever CCP person happens to read this:

4 hours is enough time to clean out an account. Now, normally, I'd assume that would be enough information for you to get the point, but given recent events...

4 hours is enough time to clean out an account, which will lead to instances of inactive accounts being resubscribed and the owner finding out all their stuff was taken/destroyed months or years earlier.

Get rid of the 4-hour timer, permanently.

Surely I wasn't the only person to realize this...


just as easily could someone with your credentials purchase a secure GTC, with your own isk, and reactivate/clean the account.

really it shouldn't be very difficult for CCP to query accounts using this feature that have been cleaned.

I should hope they have sufficient logging of this feature that they could go back and wipe out any CSM votes that came from 4 hour reacts that didn't follow through with a plex.

as a DBA that's what i'd be doing.

Toawa
EVE Mercantile Exchange
Virtue of Selfishness
Posted - 2011.03.12 03:46:00 - [23]
 

The question in my mind is, why can't they just look at all of the chars in that account, find their PLEXes (and maybe look at contracts assigned to them), and offer them on a web page to redeem them? I can't see any real security issues, because in order to get to that point you'd need their password anyway, at which point security is already bypassed.

5hadow 1
Posted - 2011.03.12 18:17:00 - [24]
 

It is a nice tool but I think 4 hrs is to much. As much coding CCP does, customer services and GM should not even have to get involved. Once a players logs into his account manager and goes to payments, a line should be added for activate PLEX. When the account page loads it automaticly checks the all toons inventory attached to that account to see if a plex is in the account. If a plex is in the inventory of one of the three toons, then the option to activate the account is allowed. If the player does not then he has to pay the normal way.

Player wins cause he get to activate his account with PLEX and if he by chance does not have have one he can have a corp mate put one in one of his lockers by contract. CCP wins for it less hours with the accout services reps and GM having log into the persons account. CCP also wins cause its much easier use of PLEX for the player and no more 4hrs of free play time or worring about people abusing the system.


Cresalle
Posted - 2011.03.13 05:45:00 - [25]
 

Edited by: Cresalle on 13/03/2011 05:51:53
Hmm...

The structural problem should take less than an hour to fix. It should go without saying, but the fix would be to add a boolean or even integral value to the account data structure that indicates access rights based on the sub status. The game itself could safely ignore such data (or make proper use of it at a later date), but all other things accessing the account data could take note of it and restrict shennanigans.

I think someone may have already mentioned it, but the 'trial' flag already exists. If this is a bit-flag then you may have to increase the storage size for account data by a byte, but if it's a byte value, such as a bool (which I somehow suspect that it is) then you could simply convert that to an uint and access it as a bitmask relating to possible account states. This, of course, would rely on your dataflow overview being intact and accurate enough to locate all the code sections that access the value. I wouldn't be surprised if this were not the case since most people I know don't even keep such records since they're such a pain to write (but so f***ing sweet when they pay off). Possibly you even have an explicit accessor method already in place to retrieve the value, which would make this criminally easy to fix.

Anyway, I haven't used Python, so I don't know if it can be done with in this case, but in some scripting languages member-variable access syntax is similar to member-method calls, so possibly you could rename the variable and create a method named after the old token, then have the method return the var value and do a single-depth bactrace to a log? With your new hot-fix toys you should be able to turn something like that on for 10 minutes or so and then shut it back off. It should be more than enough time to create a perfect image of everything in the code that queries the data in question, though admittedly it's not perfect.

Er... Wait, can you even do a backtrace in a stackless architecture?
(Damn, I'm rambling because of these pain-killers...)

Anyway, I don't really like the whole idea of 'click here for four hours' rather than a 'limited access to assets and contracts' mode, but it would be far too much dev time to idiot-proof a system like that and TBH it wouldn't really be worth it.

Either way, I'm sure that I hope that you're not just going to guesstimate the voting numbers here. Seems to me that now that you shut off the feature, any account which has used it could be checked to see if it has cast a vote. Easy enough, but the problem would be that I dunno if you retain the data pertaining to which candidate the account in question voted for. I can definately see why you might not, given that it goes against the democratic ideal and all, but being that internet spaceships may or may not be 'srs bsns' I'd recommend retaining that kind of data for interesting things like seeing what percentage of large alliances voted for what rep, etc, etc (geek ****). Also, as is now obvious, it helps in situations such as this one.

Either way, I'm high and miserable and rambling. Good luck with the fix.

Lusulpher
Gallente
Posted - 2011.03.16 03:49:00 - [26]
 

Edited by: Lusulpher on 16/03/2011 03:51:05
Originally by: Andrea Griffin
THIS IS WHY WE CANNOT HAVE NICE THINGS.

I am laughing my butt off though. This is why I love Eve. Very Happy

I'm sure that CCP will chuck out votes from characters that were temporarily reactivated but then never had a PLEX applied.


Graveyard votes[from bloc voters for Goons/NC?] or ALL the Gore Florida minortiy votes[bittervets escaping external forums to fix EvE before it diesTM]...

Could be horrible, could be GLORIOUS. Depends on the agenda that is voted in.[by the Supreme Court and electoral votes from CCP?]
Just saying, they better fix Lowsec...


Also, this new feature will reduce Director swearing by 30%. I support/approve.Laughing


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only