Would you please...
in
8 posts,
2 voices
Marti
Scriptwright
  |
Pimp Trizkit wrote:Actually in it's current state it is one of the most harmful scripts on USO. Here's why... Current version appears to self update by using FULL COPY of script instead of specific meta.js routine Target Code:
...
var scriptURL = "http://userscripts.org/scripts/source/61261.user.js";
...
function updateTQ() { // Update the script (by Richard Gibson)
try {
if (!GM_getValue) {return};
GM_xmlhttpRequest({
method: 'GET',
url: scriptURL, // don't increase the 'installed' count; just for checking
onload: function(result) {
if (result.status != 200) {return;}
if (!result.responseText.match(/@version\s+([\d.]+)/)) {return;}
...
GM_registerMenuCommand(aLangMenuOptions[0] +" "+ aLangMenuOptions[5], updateTQ);
...
If you are going to use self-updating you might want to check back with the Source Author every once in a while... I believe that I've already chatted with Richard Gibson about successfully changing this but I'm losing track since there are quite a few that haven't corrected this. |
Pimp Trizkit
Script's Author
 |
I understand your concern. But you need to do more investigation before you make accusations like this. I am VERY against auto-updating. See my recent forum posts that mention it:
Hence why, when I realized how bad auto-update is, I commented out this line of code out:
//if(getVariable("TTQ_VERSION", 0) != sCurrentVersion) performUpgrade();
(See http://userscripts.org/scripts/diff/61261/172441 version 1.9.8 feb 10th 2010) ....and DELETED the "performUpgrade" function altogether.
And that code you mention is in the "updateTQ" function which is only activatable by manual user interaction with the GM Menu: GM_registerMenuCommand(aLangMenuOptions[0] +" "+ aLangMenuOptions[5], updateTQ); ... and a simple search for the text "updateTQ" in the script will prove this to be true. Thirdly, var scriptURL = "http://userscripts.org/scripts/source/61261.user.js";points to THIS script. This was changed in 1.8.3 ( http://userscripts.org/scripts/diff/61261/140400 nov 8th 2009 ) Which is my third version of the script, 3 days after I initially released it. So its not going somewhere else that could be malicious, its only coming here, and this code is publically viewable and publically scrutinized, as you have demonstrated. But in the past, the auto-update appeared to not even work. There were a couple of versions I actually tried to fix it. Eventually, I realized auto-updating was a bad thing Thanks for you concerns, these are my concerns as well. But, you should really have another look at the current code. I actually taught my self JavaScript by editing this script. So, I'm sure there maybe other concerns. But, it appears I have already resolved this one. And, I'm not so sure the update function works anyhow! If you find any other concerns please post them. I always strive to make this script as safe as possible, as stable as possible, and as fast as possible. But, don't you think it was a little much to claim this script as one of the "one of the most harmful scripts on USO" when there are scripts on here that are clearly designed to malicious, see http://userscripts.org/topics/704 or other auto updating scripts. This is rather interesting coming from someone who has made a generic script auto-updater.... unless I'm missing a point your making. Pimp Trizkit |
|
Marti
Scriptwright
|
Pimp Trizkit wrote:Could have fooled me... I updated the code snippet above to reflect your inaction to take care of this matter. It is irrelevant what you claim you said back in the past. What is relevant is the DDoS attack that you are allowing you and your users to do to USO and unsuspecting users in the current release. The event listener is most definitely not commented out that allows the registered menu command to do this attack. Your "update routine" downloads ~361.1KB instead of the size of the current meta.js routine at ~1.7KB. You are actively promoting a bad update routine and being irresponsible to you and your users/fans. As you know some users do play this on their "smart phones" so you are in effect making them pay more on their monthly usage by encouraging overaging their caps. Do you really want to promote this kind of irresponsible behavior? Even for those who are examining your script and copy your actions into other scripts? Please do not mix up self-updating versus auto-updating... they are quite different animals. Pimp Trizkit wrote:This is completely irrelevant as well. I along with other Greasemonkey Contributors and the site owner Jesse have made a concerted effort to assist those who aren't as experienced in update procedures. We don't have this issue. You clearly have a lot to learn and taking offense to a simple request that has huge implications should be something for you to learn from. Any script that doesn't utilize the meta.js routine for update checking is considered a DDoS attack and you may eventually get this script unlisted if you don't act quickly. Most of the 404, 502 and 503 response codes are from poor coding that hasn't been checked for DDoS like this script. You need to fix this very soon or you will get at the very least a poor rating. To make this clear, I don't even use Travian (nor do I know what it is other than reading a small amount of it here on USO) but most of the problematic scripts that I encounter are for this "game" along with KoC. If you don't want the help then I'll just tag it for review by the rest of the site admins. Please remove the routine or apply a simple fix to use the meta.js routine. :) |
Pimp Trizkit
Script's Author
 |
LOL, As I have clearly stated. "If you find any other concerns please post them. I always strive to make this script as safe as possible, as stable as possible, and as fast as possible." So, the fact that I'm responding to your concerns as soon as I notice them is not inaction. I am here to resolve the issues I understand. Also, I have never claimed to be a JavaScript expert, I'm in fact quite the noobie. So acting like im being "irresponsible" is not appropriate because I'm right here actively responsibly communicating with you to resolve this issue, and learn. This has only just now been brought up to my attention, 7-8 hours ago, and my version of the script has been posted here for about 1.5 years now, installs are clocking 200-300 a day, the entire time, and I'm just now hearing about it? First off, you know full well this code in question is not my code. You said, "your 'update routine'"... its not mine. I didn't write it. I strive to even understand the fixes I do make. So what may seem like inaction; is me still learning what the issue is. Acting like I won't take action is completely wrong. I am here to fix this script to the best of my knowledge. Second off, This script requires GreaseMonkey to even load. Your saying people have GreaseMonkey on their phones? This is something I have not heard of, its news to me. Could you direct me to this? I would like to see my phone run TTQ. That would be cool! (besides, don't most all of us in this day and age who have a data plan with their phone, have unlimited data? Everyone I know has unlimited data plan... no overaging their caps.. as in this day and age there doesn't seem to be caps anymore. What company uses data caps still?) Thirdly, I thought the main problem would be an auto update when the script checks on each load. Something I DID disable. That was me being responsible, I'm sorry if my noob attempts are not up to standards. From the many people I have talked to that use this script, few even know there are GreaseMonkey Menu Commands available through the little monkey icon. And, as I have said, it doesn't even seem to work, so most who do know about it, don't use it, if any at all. I have no problems with removing this menu item. But, claiming I wasn't taking action on a problem that I clearly don't know existed (It's clear I thought the REAL problem was the auto updating, which has been resolved) is not entirely accurate. Fourthly, im a JavaScript noob. I don't have a clue what the meta.js routine is or how to use it. Fifhly, I didn't claim the registered menu command was commented out. I claimed the line that causes a auto-update upon load is commented out. Sixthly, why would you act like I don't want the help? I'm right here listening to you, for help. Moving on.... So your saying the problem is that there is an in-script way to update TTQ. Even tho it doesn't seem to work. Sure, I can remove this one line. I have no problems with that. But, I clearly didn't think that the manual way to check for update was not such a big deal as the auto update upon load.
Pimp Trizkit (ps. Look 8 hours after I heard of this issue, its resolved. Irresponsible? I think not. Having no clue what the problem is? I think so.) |
|
Marti
Scriptwright
|
Pimp Trizkit wrote:I gave you your specific hyper link in the very first post above. Basically it returns just the metadata block instead of a humungous script source... thus reduces the DDoS attacks on USO and individual users. Pimp Trizkit wrote:Most cell services have caps where if a user goes over a certain amount they actually speed throttle or charge more per byte usage. This is beyond the scope of USO and something that you can search for using a lot of the keywords that I stick in a reply. There are also other user.js engines out there that attempt to mimic GMs capabilities... most are poorly coded as well. If you aren't aware the founder of GM, Aaron, is attempting to write some for other browsers natively (built in) so your script is most likely used there too. If you only support GM that is fine, however there will be users that will try it elsewhere. I understand that this is your first time hearing about this and is why I'm trying my best to be super patient and working with you. Writing a short novel with excuses for each reply seems a bit overkill imo which is why my replies are as short as possible. You can remove the DDoS by adding one line for the meta.js url and changing the GM_xmlhttpRequest to nab it instead of the full source... everything else appears to be in order for grabbing @version... your interval on this script is on page load so anytime the page gets loaded in the broswer it enables "whatever" kind of update checking... Most of the seasoned updaters actually use a timer interval to prevent duplicate checks. Just a note... commenting it out isn't going to stop the propagation of this bad updating schema. Others do look at your script and copy things right into theirs... just like you did from the original script you copied it from. Don't you think you should stop the propagation? |
|
Pimp Trizkit
Script's Author
|
Sorry, I'm a talker. I felt attacked by your accusations of irresponsibility and inaction when that was clearly not the case. Yes, you clearly did give me a link. I didnt say you didnt. I just said I have no clue what it was nor how to use it.
So, people are not running this script on their phones? Why would have said that... am I missing something? Well, as I have stated, several times now. There is NO kind of update checking that happens with out a manual action from the user. I disabled that as I mentioned in my first post. I'm not sure what your comment about interval reload is meaning. Ok, so its on page load, hence why i disabled the auto-updater, like a year ago. Interesting how you would point out irrelevant sentences I made when you have also made irrelevant ones as well. Its cool man, nothing wrong with pointing some things out. OK ok ok, I deleted the code. Now are you going to tell me to go through all the old versions and delete the code their as well to totally stop the propagation? (can I even do that?)
Pimp Trizkit |
|
Marti
Scriptwright
|
Pimp Trizkit wrote: Pimp Trizkit wrote:Riiight ;) but getting back onto topic and away from your snarkiness...(sorry to burst your entertainment bubble) Pimp Trizkit wrote:Reducing the overall affect of them by all scripts, not just yours. You are not the first and definitely aren't the last to get a polite, well versed, informative "Would you please..." topic. Pimp Trizkit wrote:I appreciate the attention on the matter however the subtle undertone of "woe is me" drama is not needed here. Everyone can always learn something from someone else... this is a fact of life that you will learn as you mature. Just as a note your install stats are skewed because of Gibsons older updater. I'm here to help improve the USO experience and you have mostly done that with some assertive nudging... (still have at least one line left from the old updater too The meta.js routine was put in place by the Site Owner here on USO to prevent DDoS attacks from homepage scraping and full copy downloads. It is his brain-child and is an acceptable form of update checking especially when email notifications go south... but it is to be used with care. Pimp Trizkit wrote:People do have web browsers on their phones that have user.js (aka Userscript) capability. Pimp Trizkit wrote:No you can't... You've done quite a bit of DDoS prevention already and others will be able to read how to improve their scripts... that is the best that one can do. |
|
Pimp Trizkit
Script's Author
|
Don't worry, I never assumed I was the only one to get attacked. Well, thankfully this is not about subtle undertones. Of which, your subtle undertone that I wasn't going to deal with the issue, and wasn't seeking help, and wasn't going to take action therefore making me irresponsible was not needed either. Oh, wait.. that wasn't subtle at all.
Hey, at least now we are both spamming irrelevant sentences! Cell phone usage...... but I wasn't talking about other scripts. I was talking about this one. Which, requires GM. Anyhow, I do thank you greatly in helping me improve the script (as I do for everyone who has contributed). I have removed the useless link to this page, not that propagation of that link is all that damaging. Seeing that the Install here button is the same. In Gibson's comments, he said part of it was to prevent the Install counter from increasing.. I guess he was wrong? Feel free to let me know if you find any other issues, as I have stated, I'm here to do the best I can to make this script great. Pimp Trizkit |
