Odd, most people have problems finding zone 6 (but only cos you have to go 4 - 5 - 4 - 6 - zone 4 has a crossover point only accessible from certain routes).
I may have a look into opera myself - I don’t particularly like disregarding alternatives if a bit of work fixes them. Although with IE’s browser dominance in cases like this it’s not toooo big a deal, it’s only weirdos like you who complain ;).
Well, working or not is one thing, not working with a completely incorrect error message is another 
I’m not worried about it taking over my mouse. I’m worried about it taking over my computer, emailing all my files to Siberia and then deleting them.
(On the other hand I have no idea what QuakeC can do so I have no idea what control I am giving server admins when I connect to random ET servers :eek: )
RTCW and ET mods are native code, so the answer is “anything they want to”
I’m not worried about it taking over my mouse. I’m worried about it taking over my computer, emailing all my files to Siberia and then deleting them.
That’s the point of the details of the verisign thing.
Like any other program you install on your computer it boils down to ‘trust’. However, there’s a difference between a complete browser plugin (can we say Gator or GAIN as they try to hide themselves now), and an explicitly detailed bit of code simply to give you proper mouse control in FPS games
You must have installed Shockwave already, and you have to register for that shock gasp…
(On the other hand I have no idea what QuakeC can do so I have no idea what control I am giving server admins when I connect to random ET servers :eek: )
Sorry, but are you for real? Any standalone app you install can do almost anything it wants with your computer, period.
However, my game uses a browser plug-in, which has limitations specificially to prevent this. Now, obviously someone could write an Xtra which does do nasty things, and I would certainly not recommend installing anything and everything a program asks you to, but if a game says it needs something, and you don’t install it for whatever reason, then you will have to expect it to not work.
As it happens, the mouse one only allows mouse control, it does not email files, scan harddrives, brainwash pets, put leaking pens in loads of washing or otherwise disrupt your life. You have to ‘trust’ me on that (although it could do something nasty and was proved to do so, I think the people who authorise it as ‘safe’ would be liable under law), but bear in mind the game here is being posted on a commercial site, and was done by me not as a hobbyist but as work. It’s certainly not my aim to get my company known for creating spyware. We make games, and that’s it!
In other words, install it knowing there is nothing dangerous to your computer that my game can do. Not because I’ve coded it like that, but because it’s not actually possible in shockwave to do so.
Oh good. That sucks. A lot. :banghead:[/quote]
It is actually quite surprising that this hasn’t been seriously exploited yet, given that almost all Q3 engine games will autodownload native .dlls and run them without question. Of course you can turn autodownload off, but in et, that means you are screwed because every server has a custom campaign file.
Add to that the fact that most gamers log in with an administrator account…
“Ooops!”
The only disadvantage for people exploiting this is it has to be done on the server, so your chances of getting caught are rather good.
To get back on topic, I’d suggest that Gerbils browser game is much, much safer.
I seem to recall a few games have been hit by fake patches, but I think the limit of the hackers’ imaginations was to steal the game registration codes. Just as well really 
Yeah, but I know who Macromedia are.
You are equating “connecting to an ET server” with “installing a standalone app”, which are clearly two completely different things. Unfortunately it appears from reyalP’s comments that in practice the security implications are equivalent but this is not at all apparent to your average user!
Sorry, but I don’t believe you. If that were true then the browser wouldn’t be popping up windows asking you if you trust XXX software supplier to install software on your computer.
Agrado - I really don’t know what you are talking about, i had to install the flash plugin but nothing else…? anyway - sometimes it’s good to be a bit paranoid but most of the time it’s exaggerated, you can’t always suspect everybody - you say you know who Macromedia are, that doesn’t say anything, chances that they are sending user statistics, create profiles and stuff are as good as with any other enterprise
if gerbil would like to harm your computer he could do it without the whole plugin anyway, you really think you have to help anybody installing malware on your comp by agreeing on plugins? there’s a shitload of exploits of the internet explorer that allow you full access and you’d never even recognize it…
No, you needed Shockwave not Flash, and you had to install some sort of extra plugin to Shockwave too.
It does say something. Macromedia is a big company. Lots of people use their stuff. If there were particularly evil things it was doing, I would have heard about it, and it won’t be doing over-the-top stuff like wiping my hard drive. “Andrade Arts” I have never heard of, those two words are meaningless as an identifier for any person or corporation, and I have no reason to trust them at all. Have you never heard of “spyware”, or “adware”, or rediallers which dial premium rate numbers on your modem? If I am asked to install something that I have heard of, from a company I have heard of, I may do it if I have to (e.g. Flash, Adobe Acrobat Reader, etc). If I am asked to install something I have never heard of or do not need I will never do it.
“shitload” is an exaggeration but from recent BUGTRAQ posts you are basically correct at the moment I think, unfortunately 
I know who Microsoft are too. That obviously means firstly any software they write is neither prone to bugs or exploits, nor do they attempt to get data from my computer without my knowledge.
Nope, hang on, they do…
You are equating “connecting to an ET server” with “installing a standalone app”, which are clearly two completely different things.
Actually no, I was simply pointing out that for someone as paranoid as you, you’ve downloaded 300 megs worth of unproven software (ET) and happily installed it. You may ‘trust’ SD, but did you trust the magazine you got it off of, or the site you downloaded it from?
Sorry, but I don’t believe you. If that were true then the browser wouldn’t be popping up windows asking you if you trust XXX software supplier to install software on your computer.
If I was going to be malicious about something do you really think I’d pop-up an alert asking for installation?
The alert that pops up is a legally binding statement. What it basically authenticates is that the software about to be installed does nothing other than what it says it does (hence why GAIN etc use them - if you read their data it SAYS they do data mining). Now this one says that it does nothing but move your mouse around should I wish it. That’s all it does.
The bottom line is you are overly paranoid, and you are the only one missing out on what people are saying is something fun. Your loss really. No $500 for you 
That you don’t trust me, I can really live with - you are obviously not in our target demographic of web-savvy games players 
[EDIT] If it’s any consolation I just sent the client a new version which gives a proper ‘error’ message if you try to run the game without the required components, so people like you have something more accurate to look at as they wonder why they can’t play the game having refused to install stuff it needs Dunno when they’ll put it online of course…
Alternatively, you can just look at the pics on the homepage and imagine them moving…
On a slight alternative note, you may wonder why we don’t offer a keyboard only alternative. Firstly, there’s a technical reason:
Director (what is used to create shockwave content) can only handle a maximum of 3 keys being read simultaneously. This isn’t enough - consider the case where someone is moving, strafing, jumping, firing etc.
(Bear in mind if you have fire / jump as mouse buttons, you run the risk of clicking off the window while playing which would almost certainly be fatal and annoying).
Secondly, what’s the point? The aim of the game is to test people who play FPS - now I dunno about you, but I don’t know of anyone who uses keys for rotating in FPS games. That’s not to say there aren’t any, but they wouild be a sufficiently small % of the overall to make them not worth supporting. It’d be like me trying to make the game run under DOS.
I’d rather have spent the time and money on supporting people who use joysticks than keyboards, but that wasn’t deemed productive either.
All in all, we did think long and hard about using the Xtra, knowing that the popup sign does put some people off. Indeed, this is the first time I’ve actually used one because of that very reason. However, in this case, we couldn’t see any way of creating a playable, representative (as far as it goes) FPS game without it. I did do tests where rotation was controlled by how far off center the mouse was (meaning I’d not need to reset it’s position each frame), but it’s just plain unatural, not to mention the cursor would often end up outside the window, meaning a mouse click would bring some other window to the front!
All this is a long winded way of saying that I am sorry if you aren’t prepared to download the 20k or something required to play the game properly, and I actually DO understand your reasonings, but there just isn’t an alternative in this case. Hence why earlier I tried to stress that this isn’t a ‘hobby’ game knocked out by some bedroom coder (my computer is in the living room for starters!), but was done as a proper piece of work with contracts and legal things and stuff for the specific purpose of scoring people for the website - not as a means to mine data or to put you on a premium rate porn line, which would achieve very little for me other than most likely end me up in jail.
Yes but I’m completely screwed there because I have absolutely zero option about trusting Microsoft.
I buy “unproven” software from shops too. It’s such a long time since I downloaded WolfET.exe I don’t remember which site I got it from, but I expect that at the time I took steps to investigate where I was downloading it from.
If you think I am being unjustifiably paranoid, you are very mistaken. The Internet is full of people trying to get your computer to do things you don’t want it to do, it’s a simple fact. It’s also true that in a very large number of cases, these people succeed. Try running a virus-scanner or Ad-Aware on a computer which has neither and has been used on the Internet for a while by a “non-expert”.
(Not even that, try simply installing a new copy of Win2000 on a computer without an external firewall - you can’t do it. It will get infected with MSBlast before you can download the security patches.)
Who said anything about you being malicious? Did you write the plug-in? I was presuming you just bought it from another company. Regardless, I have no idea who “you” are and so it is nothing personal if I don’t trust you!
No it isn’t, and it does nothing of the sort. It authenticates that the thing you downloaded was signed by the entity named in the certificate (assuming you trust the CA). Nothing more and nothing less.
Since the name on the certificate is meaningless, in this particular case all it affirms is that if you have trusted something signed by that certificate before then you are unlikely to be any worse off if you trust it again.
LOL. I would be very surprised if I was the “best FPS player” reading this thread anyway 
I clearly am in your target demographic. But you are never going to reach 100% of a demographic!
I’m not having a go at you, I’m sure you have spent a lot of effort writing a fabulous piece of software, well done. I also agree that you probably have no option except to use a plugin given what you want to achieve. I personally won’t click ‘Install’ on such a plugin, and I’m sure there are other people who won’t either, and yet more people who will. I’m just trying to correct some of the misconceptions expressed in this thread about how to make these sort of decisions.
Personally, I would definitely recommend putting a prominent line on the page that launches the game explaining that it will probably ask you to install a plugin and explaining why you need it and what it does (and perhaps also a link to the plugin vendor, assuming it’s not you).
Yes but I’m completely screwed there because I have absolutely zero option about trusting Microsoft.
Well I don’t see why - both macs and unix variants are viable alternatives. Cheaper, and much more secure - both because people don’t consider them worth hacking as much, but also because their security model actually works - unlike M$'s ‘desktop security’.
The Internet is full of people trying to get your computer to do things you don’t want it to do, it’s a simple fact. It’s also true that in a very large number of cases, these people succeed. Try running a virus-scanner or Ad-Aware on a computer which has neither and has been used on the Internet for a while by a “non-expert”.
I agree, but the game is, by definition, aimed at (as I crudely put it) ‘web-savvy’ people. This does not mean 100% of them have a firewall or run ad-aware (and broadband \o/), but they are more likely to. If they don’t, that’s their problem, and unfortunately their computer is screwed. However, I’m not responsible for that
(Not even that, try simply installing a new copy of Win2000 on a computer without an external firewall - you can’t do it. It will get infected with MSBlast before you can download the security patches.)
Indeed - but that’s M$ again. But anyone installing an OS (regardless of what th ebig companies say) should have a reasonable knowledge of what they are doing. I really hate people who ‘have a problem, will reinstall’. It’s the equivalent of me changing the engine in my car. I know sod all about it, shouldn’t have done it, and really shouldn’t be suprised if not only does it not cure my problem but cause more.
Who said anything about you being malicious? Did you write the plug-in? I was presuming you just bought it from another company. Regardless, I have no idea who “you” are and so it is nothing personal if I don’t trust you!
I agree on that, but then again you haven’t given me credit for doing my own research into what the Xtra does and doesn’t do. Given that I understand your concerns, and had plenty of my own reservations, I didn’t simply ‘buy’ it, I did my homework
I personally won’t click ‘Install’ on such a plugin, and I’m sure there are other people who won’t either, and yet more people who will. I’m just trying to correct some of the misconceptions expressed in this thread about how to make these sort of decisions.
As you know, I am aware that using the plug-in would stop some people. I’m actually quite sad though that someone who obviously takes as much care of his computer as you, would not find some way of satisfying yourself as to the security. I was more expecting the ‘ACK POPUP KILL KILL KILL!!’ mentality people from refusing it, which is a different kettle of fish.
Personally, I would definitely recommend putting a prominent line on the page that launches the game explaining that it will probably ask you to install a plugin and explaining why you need it and what it does (and perhaps also a link to the plugin vendor, assuming it’s not you).
I agree, and we suggested something very similar, but we have no control over the actual site the game goes into. If I had more input, for example, I’d have proof read itNot to mention made the page layouts a bit more useful, but that’s beyond my scope really. I did write the FAQ, but it’s just kinda another link lost in the rest now.
I think in future, I will probably change how things work and use a preloading movie that checks whether you have the Xtra, and if not, displays an alert saying it’s about to popup and what it means. Given this is my first program using one of these, I’d be foolish to say I don’t have things to learn on how to make the whole process easier, or at least less scary, so it’s all good.
Interestingly enough, one alternative would be to make the game a stand-alone EXE, but then I’d surely really be asking for trouble?
It’s a balancing act - does the xtra functionality outweight the percentage of people we’ll put off by using it. In this case, yes. Although obviously personally I’m a bit gutted that anyone would be put off from playing because of it, I have to accept it was always going to happen.
As another aside to security, ironically enough this is the first game I’ve done where cash prizes are involved, so I spent a fair amount of time trying to make it as unhackable as possible - to prevent people doing nasty things and faking scores
Obviously 100% security is never possible, so I’ve got to wait and see exactly how secure ‘secure’ is. In other words, I’m as worried about people attacking my game as you are about people attacking your OS
heh - trawling through old posts - couldn’t resist a reply
Whatever competition this was, asking anyone to install anything on their PC is a matter of trust. Most people willl blindly trust Microsoft (M$) and install all kinds of apps and utilities that whilst performing a primary function, also send information about your personal preferences when your not looking (DRIZZLE) - additionally, many apps will privately listen or send in the background on very high UDP addresses.
If you don’t believe me, breakout a command prompt and do a netstat -a on your wiindowz box. Now can checkout the port addesses with an RFC on common network ports (services) and I bet you find something very interesting - your going to see references to port addresses that when googled turn out to be exploits (ActiveX in particular), trojans, media players and finally what amount to ‘advertising protocols’ - if your running NT or better, do a cntrl+alt+del and pull up the task manager.
Checkout how many svchost processes are running, more than one that’s for sure - svchost is like a wrapper name for running ‘services’ and several can be stored in an svchost intance - I think there’s a util you can get from the installation cd that allows you to look inside those svchosts and see the actual services running within are (but hey, if you use netstat and checkout the ports that are reported you’ll know this anyway).
Checkout this regkey (regedit)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
And tell me how many of these things you knew about already which start anonymously on a login - as admin in many cases.
Finally consider the amount of registry additions that are routinely made everytime you access a website with ‘gentlemens’ content - diggers and cookie thiefs that process you, direct you to websites via weighting on searchengines and shape the advertising you see based on those cookie settings.
I think Agrado has/had every reason to hesitate - 0.02