EQ2Interface.com
Search Downloads


Go Back   EQ2Interface > Featured Projects > EQ2MAP

Reply
Thread Tools Search this Thread Display Modes
  #26  
Unread 03-03-2005, 02:32 PM
Killarny Killarny is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Dec 2004
Server: Neriak
Posts: 273
Default

http://maps.eq2interface.com/submitpoi.php
__________________
Reply With Quote
  #27  
Unread 03-03-2005, 02:36 PM
Humudce's Avatar
Humudce Humudce is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Oct 2004
Server: Blackburrow
Posts: 352
Send a message via AIM to Humudce
Default

Quote:
Originally Posted by Quib
This is something I'd discourage probably. I know I'm personally uneasy enough about using executable files I get off of websites, but that one might update itself without me knowing would bug me even more.

I trust taco-man, but I'd be more worried about someone else modifying the auto-updater and posting it somewhere else on the internet and doing mischievious things. We'll need to slap a bunch of "if you didn't get this from eq2interface.com" warning everywhere we link the auto-updater. If the auto-updater had the power to update itself, a malicious version that grabs a really nasty executable and runs it could be bad news.

Quib
I understand completely where Quib is coming from on this, a malicious version could wreak havok on our community. Not sure if this is possible or not but would it be possible for the Updater to check it's own MD5 Checksum, and verify that against a value on the Update Site. If the Checksums do not match, the updater does not run. Could this also work as follows, say there is a newer version of the Updater Available, the Auto Updater matches the Old Version stored on the Updater site, and a Message Box appears informing the user that they must download the new Offiical Release of the Updater.
__________________

[Guild Leader] Tiggler is my Main, Humudce is my Alt on Blackburrow.
Reply With Quote
  #28  
Unread 03-03-2005, 02:48 PM
Killarny Killarny is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Dec 2004
Server: Neriak
Posts: 273
Default

I see where you are all coming from, however I counter that there are safe ways to autoupdate - but of course this won't be much of an issue once the updater gets more finalized.

Ahh well, it was just an idea
__________________
Reply With Quote
  #29  
Unread 03-03-2005, 03:16 PM
Quib Quib is offline
A Griffon
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Jan 2005
Posts: 720
Default

Quote:
Originally Posted by Humudce
I understand completely where Quib is coming from on this, a malicious version could wreak havok on our community. Not sure if this is possible or not but would it be possible for the Updater to check it's own MD5 Checksum, and verify that against a value on the Update Site. If the Checksums do not match, the updater does not run. Could this also work as follows, say there is a newer version of the Updater Available, the Auto Updater matches the Old Version stored on the Updater site, and a Message Box appears informing the user that they must download the new Offiical Release of the Updater.
A modified version could easily make the auto-updater look at a different web-based MD5 value, bypassing any safety precautions of checksum'ing itself. As it is now, someone could modify the updater to download some nasty executable, but it has no way of overwriting itself or running any executable code it downloads.

On second thought, it does: it could download an exe and use the auto-launch EQ2 routine (modified) to execute this newly downloaded file.

I bet it'd take me 30 minutes or less to hex edit the current updater exe to do this (just as an example for how easy it'd be to make a malicious version).

All paranoia aside, I don't think the auto-updater will have any reason to update itself after we agree on a final version. The code will be flexible to accept a downloaded index of files (well, it also ready does this) and their checksums to update (not a hard-coded list) and the news download could tell users if there is (on the off chance) a new version of the updater available.

Basic rule for safety, get the updater from maps.eq2interface.com or from the EQ2MAP download section and you'll be fine (well, once it's at those places). Also make sure the updater you're getting was posted by taco-man as he'll be the only one uploading it from the EQ2MAP team. The real trick will be making sure the general EQ2 public knows to never get a copy of the updater from somewhere else.

Hopefully this post didn't scare anyone; just trying to make sure you all know the risks invloved with using executables, and especially ones that have internet access.

Quib
Reply With Quote
  #30  
Unread 03-03-2005, 03:46 PM
Humudce's Avatar
Humudce Humudce is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Oct 2004
Server: Blackburrow
Posts: 352
Send a message via AIM to Humudce
Default

Point well made Quib.

Education is the key here. If you didn't get the file from map.eq2interface.com, or www.eq2interface.com that was uploaded by Taco-Man, you don't have the official release.

The key here is knowing who you are downloading from.

I write executable installers for all of my Mods (and for the Team's MAP mod too), but these are only available to my fellow guild members. My guild members know that I am the only one that can upload the installers (aka, I'm the webmaster of the site too), and that I would never put malicious code into them. I wrote the installers to help those in my guild that are less knowledgeable about computers and installing these interfaces and mods.

In the past I uploaded several Executable Installer Versions to the www.eqinterface.com site, for my EverQuest Mods (alot of exchanges via e-mail to get them approved, including providing the install script I used). I have no plans to make any of my Mods use installers that have been uploaded to eq2interface.com because of the inherent risks involved with executable programs available for download. I do upload Executable Installer Versions on my Guild Web Site as I am the only one that can change the files available there.
__________________

[Guild Leader] Tiggler is my Main, Humudce is my Alt on Blackburrow.
Reply With Quote
  #31  
Unread 03-03-2005, 03:48 PM
Drumstix42's Avatar
Drumstix42 Drumstix42 is offline
A Griffon
Featured
 
Join Date: Oct 2004
Server: Antonia Bayle
Posts: 3,287
Send a message via AIM to Drumstix42 Send a message via MSN to Drumstix42 Send a message via Yahoo to Drumstix42
Default

Is it possible to create a website based update, strictly. Such as through java or something similar? I'm not to keen on that subject, but maybe it could be another possiblity if all else fails (in the sense of security).
__________________
"I'm afraid you're guilty of thought-crime. Don't bother getting the door, we'll let ourselves in..."
<Donate to DrumsUI> < [DrumsUI] Updater > < [DrumsUI] Full Interface> < Drumstix42 on Twitch.tv
>
Reply With Quote
  #32  
Unread 03-03-2005, 04:05 PM
Quib Quib is offline
A Griffon
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Jan 2005
Posts: 720
Default

Well, I've sorta blown the security thing out of proportion; as long as people get the updater from eq2interface from taco-man, it's safe. I'm more concerned about the updater being too powerful, and someone modifying it and releasing it elsewhere and it really ruining someone's day.

I have no idea how hard it'd be to make a web-based updater. I have half a year's formal experience with java and I absolutely hate it. Writing files to a particular folder probably sets off a lot of security alarms in most browsers doesn't it? Plus the user'd have to point the web-based updater to their custom UI folder each time they use it; which would be tedious if they have EQ2 in it's default install location.

The route we're taking now will be effective and easy (for the end user). One of the problems with a modular setup is if a user is missing an XML file, EQ2 won't load. Having the auto-updater will ensure they have every file necessary.

On another note, it's impressive VB has developed far enough to do stuff like this. Last time I worked with VB was VB 3, and man was it unwieldly and non-powerful. I don't even think VB 3 was Win95, I think it was still for making stuff that worked on Win 3.11.

Quib
Reply With Quote
  #33  
Unread 03-03-2005, 05:14 PM
sunthas sunthas is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Dec 2004
Server: Unrest
Posts: 306
Default

Quote:
Originally Posted by Drumstix42
Is it possible to create a website based update, strictly. Such as through java or something similar? I'm not to keen on that subject, but maybe it could be another possiblity if all else fails (in the sense of security).
I asked about this awhile back, and quib wanted my concerns clarified. I shared them with a guy at work who uses the map mod and he thought the autoupdater was sweet. And when he asked why I had reservations about it, I didn't have an answer. I'm not really worried about hacked code. I just don't like to worry about running extra programs or making changes too often with stuff.

I'd be happy to visit the eq2maps download page once every month or so or when I am about to explore areas that don't have maps to see if a new version of the mod has been released.
Reply With Quote
  #34  
Unread 03-03-2005, 06:15 PM
taco-man's Avatar
taco-man taco-man is offline
EQ2MAP Updater Author
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Antonia Bayle
Posts: 1,349
Send a message via AIM to taco-man Send a message via MSN to taco-man Send a message via Yahoo to taco-man
Default

although it is an "extra" file to run, it launches eq for you so that its 1 less file to run so it balances out.
__________________
EQ2MAP Updater Download
EQ2MAP Website
How to Install a custom interface
Reply With Quote
  #35  
Unread 03-04-2005, 12:55 PM
Jakep Jakep is offline
A Young Mystail Rat
 
Join Date: Dec 2004
Server: Antonia Bayle
Posts: 4
Default Idea

About the auto-updater, wouldn't it be best for it to check it's version again the latest one online. Then, if there is a new one available, open up a browser window so you can download the latest installer online.
Reply With Quote
  #36  
Unread 03-05-2005, 03:41 AM
Talyns's Avatar
Talyns Talyns is offline
A Griffon
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Jul 2004
Server: Everfrost
Posts: 604
Send a message via ICQ to Talyns
Default

Thought I'd mention that I made a skin for my UI..

Currently It can be downloaded/viewed here:
http://www.eq2interface.com/forums/s...&postcount=389

Once I know it's working 100% "as intended" I will include it with my main download

Keep up the good work team!
__________________
Talyns
Reply With Quote
  #37  
Unread 03-05-2005, 10:22 AM
taco-man's Avatar
taco-man taco-man is offline
EQ2MAP Updater Author
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Antonia Bayle
Posts: 1,349
Send a message via AIM to taco-man Send a message via MSN to taco-man Send a message via Yahoo to taco-man
Default

just so you know, the updater should be 100% compatable with custom skins even when its set to do all files.
__________________
EQ2MAP Updater Download
EQ2MAP Website
How to Install a custom interface
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 05:24 AM.


Our Network
EQInterface | EQ2Interface | WoWInterface | LoTROInterface | ESOUI | MMOUI