ID:134095
 
Through dreamaker an internet browser can be triggered to launch just by logging in. My friend makes the forums of his game open upon logging in his game. Since there is other ways that the feature can be used, I think there should be something to block it. For one, I don't want to see the forums everytime I login to the game and second by the owner being able to program any URL to open, it can be used for other things that are not necessarily good or safe. I would highly appreciate if byond made a feature to block it.

I'm very serious on this matter.
If you don't want that happening, don't join his game. Simple as that.
In response to Android Data
If it can indeed run a browser window, namely IE, to open any address then it should be definitely removed. And it most likely will be, otherwise other previous attempts to make BYOND safe to use would have been pointless.
In response to Kaioken
BYOND provides the ability to open websites or display dynamic information in the browser. If the game creator isn't trustworthy enough to be responsible for what they display then their game isn't worth playing.
In response to Nadrew
Nadrew wrote:
BYOND provides the ability to open websites or display dynamic information in the browser. If the game creator isn't trustworthy enough to be responsible for what they display then their game isn't worth playing.

Seconded.

Making it possible to ignore browser popups has the ability to seriously harm the game. Taking things out of the programmers control is never healthy for a game.
In response to Tiberath
And its really no different than visiting a website via your browser only to find its forwarding you to another website. If you don't like it when it does that, you close the browser or use the BACK button. Same goes for BYOND games, if you don't like them sending you somewhere in the browser, you close the game.
In response to Tiberath
Tiberath wrote:
Nadrew wrote:
BYOND provides the ability to open websites or display dynamic information in the browser. If the game creator isn't trustworthy enough to be responsible for what they display then their game isn't worth playing.

Seconded.

Making it possible to ignore browser popups has the ability to seriously harm the game. Taking things out of the programmers control is never healthy for a game.

By the time its discovered that the game isn't worth playing, it can be too late. The maturity level of many of said programmers is reason enough for taking the ability out of their hands.

Theres those lovely never-ending Javascript popup pages that are just plain annoying. Then theres other pages that if the programmer feels like gambling that the person will be running an outdated version of IE (which isn't exactly an unsafe bet in the first place) they can do some REAL harm with many of the IE vulnerabilities.

The fact that BYOND is utilizing such a broken browser internally should be reason enough to allow people to block it. If someone feels having pop-ups disabled isn't worth the risk of some games not working it should be their own choice .
In response to Nick231
Nick231 wrote:
The maturity level of many of said programmers is reason enough for taking the ability out of their hands.

I will not accept the loss of features simply because there's a minority of idiots around who can't be bothered to behave.
In response to Android Data
Android Data wrote:
Nick231 wrote:
The maturity level of many of said programmers is reason enough for taking the ability out of their hands.

I will not accept the loss of features simply because there's a minority of idiots around who can't be bothered to behave.

You have quiet obviously overlooked the the fact that at this moment, if one were to venture into the Anime channel you would have quite a good chance of finding multiples of said idiots simply by joining any game at random.

The fact that the largest portion of the userbase is where said idiots reside, and the fact that the people within the largest portion of the userbase are the ones who are most likely to fall victim to the aforementioned misbaving, is even more reason users should be able to disable it.
In response to Nick231
How is that any worse than browsing around on google looking up random words and clicking the links to see what you find? Might end up somewhere bad! Well duh! If you don't want to risk ending up somewhere you don't want to be, don't do things that are libel to get you there, such as joining random games. You can't control whether someone decides to spam the game with dirty words, you can't control whether people post links to porn sites in games, you can't control any of that. Your best bet is that if you don't want the exposure, don't join the games with people who are likely to do that sort of thing.
In response to Foomer
Foomer wrote:
How is that any worse than browsing around on google looking up random words and clicking the links to see what you find? Might end up somewhere bad! Well duh! If you don't want to risk ending up somewhere you don't want to be, don't do things that are libel to get you there, such as joining random games. You can't control whether someone decides to spam the game with dirty words, you can't control whether people post links to porn sites in games, you can't control any of that. Your best bet is that if you don't want the exposure, don't join the games with people who are likely to do that sort of thing.

The problem isn't mine personally, its the people who simply don't know any better. Theres nothing stopping me from setting up a game to pop someone's browser to some harmful site. Call it some DBZ/Naruto name and go into some popular Anime game, throw the link up in chat and get more than a few people to join the game and screw them up.

At least browsing around on google clicking random links is an action that the user decides to take. They're not being forced to do it by some idiot.

If someone decides to spam the game with dirty words and your offended, You can simply leave the game.

If someone posts a link to a porn site in game, you can either not click it (as most are obvious from their url), or can also simply leave the game.

If someone decides to force a window to popup for you, you have no choice about it, and it can do a lot more harm than a couple dirty words or some nude pictures could.
In response to Nick231
Nick231 wrote:
If someone decides to force a window to popup for you, you have no choice about it, and it can do a lot more harm than a couple dirty words or some nude pictures could.

Oh, scary, tubgirl and meatspin? Lemon Party and whatever the hell the others are called? Big whoop. Everyone will see something like it at least once in their lifetimes. The fact of the matter is, once it's popped up and seen, the user will most likely come to these forums to warn everyone. The BYOND staff will then verify this is happening and suppress the hub entry. It's not the end of the world.

The advantages of this system outweigh the disadvantages, by far.
In response to Tiberath
Tiberath wrote:
Nick231 wrote:
If someone decides to force a window to popup for you, you have no choice about it, and it can do a lot more harm than a couple dirty words or some nude pictures could.

Oh, scary, tubgirl and meatspin? Lemon Party and whatever the hell the others are called? Big whoop. Everyone will see something like it at least once in their lifetimes. The fact of the matter is, once it's popped up and seen, the user will most likely come to these forums to warn everyone. The BYOND staff will then verify this is happening and suppress the hub entry. It's not the end of the world.

The advantages of this system outweigh the disadvantages, by far.

No, Not shock material. There are quite a few serious vulnerabilites in IE. Factor in that most people aren't even running on updated copies, and the risk.

Hell, we can't send players to a different BYOND game without them recieving a pop-up warning, but we can cause a completely external application to not only open up, but send it to potentially harmful webpages!
In response to Nick231
Nick231 wrote:
Hell, we can't send players to a different BYOND game without them recieving a pop-up warning, but we can cause a completely external application to not only open up, but send it to potentially harmful webpages!

Computer security is the computer users problem. If they're stupid to not have AVG, Avast, Adaware, Spybot and other forms of security software, they deserve to have their computer compromised.

My feelings on this subject remain unchanged. The advantages outweigh the disadvantages.
In response to Tiberath
Tiberath wrote:
Nick231 wrote:
Hell, we can't send players to a different BYOND game without them recieving a pop-up warning, but we can cause a completely external application to not only open up, but send it to potentially harmful webpages!

Computer security is the computer users problem. If they're stupid to not have AVG, Avast, Adaware, Spybot and other forms of security software, they deserve to have their computer compromised.

My feelings on this subject remain unchanged. The advantages outweigh the disadvantages.

No one deserves to have their computer compromised.

And it still comes down to we can't send players to a different BYOND game without them recieving a pop-up, but we're able to open up an external application on their computer and send them anywhere we like. Being able to turn it.

Security much outweighs functionality.
In response to Nick231
Nick231 wrote:
If someone decides to force a window to popup for you, you have no choice about it, and it can do a lot more harm than a couple dirty words or some nude pictures could.

Unlike your beliefs, the amount of people that decide to do this are far in the minority. It's not as if the entire BYOND Anime is filled with game owners who have nothing better to do. If anything, those owners are simply misguided.

From what I can tell you're simply complaining because it's appearantly become a hype to use the link() proc to get people to visit their forums.

I also agree with Tiberath: issues with IE shouldn't be the problem of BYOND Staff.

You may as well bash Microsoft for making such an insecure browser in the first place.

-- Data
In response to Nick231
Nick231 wrote:
No one deserves to have their computer compromised.

I disagree, idiots deserve it or they will never learn. It's not our job to look out for them, it's their job to study up.

And it still comes down to we can't send players to a different BYOND game without them recieving a pop-up, but we're able to open up an external application on their computer and send them anywhere we like. Being able to turn it.

mob
verb
In_Game()
src << browse("<script type='text/javascript'>window.location='http://www.tibbius.com';</script>","window=tibbius;size=640x480")
Out_Game()
src << link("http://www.tibbius.com")


It's not worth changing each of them. For instance, a lot of people use a hidden browse() prompt to run background Javascript in their games. Toggling or prompting would be very annoying and would annoy users something shocking.

I stand by my comments again. Advantages > Disadvantages. You're worried over nothing. Hell, I believe it's possible, if a game is run in trusted mode, to format the users PC. That could have been fixed, but I've heard tale of people successfully doing that.
In response to Android Data
Android Data wrote:
Nick231 wrote:
If someone decides to force a window to popup for you, you have no choice about it, and it can do a lot more harm than a couple dirty words or some nude pictures could.

Unlike your beliefs, the amount of people that decide to do this are far in the minority. It's not as if the entire BYOND Anime is filled with game owners who have nothing better to do. If anything, those owners are simply misguided.

From what I can tell you're simply complaining because it's appearantly become a hype to use the link() proc to get people to visit their forums.

I also agree with Tiberath: issues with IE shouldn't be the problem of BYOND Staff.

You may as well bash Microsoft for making such an insecure browser in the first place.

-- Data

Once again, We can't link players to other worlds, but we can force a completely external application to open on their computers, and send them to harmful websites.

All it takes is one person to decide to do it, and they can get any number of people to be forced into the situations. As I said, Spend 5 minutes writing up a simple little thing to simply make a record of how many people login. Name it some DBZ/Naruto type time, and go into a few random games in the anime channel, and send a link to it. You'll get more than just a few people popping in. If you had it setup to send malicious links, probably at least a few would have fallen victim to it.

Simply put its not that its hyped up. I use link() myself to do a few links.

But again, the fact remains that the number of immature, powerhungry 12-year olds with rips in the anime channel isn't exactly a small number. These are people who ban if you so much as not spend 100% of the time spouting praise for their game. If they caught wind of something they could do to actually do more then get rid of someone, whats to stop them from taking advantage of it. Hell, Rendering their computer completely useless beats a ban, and hardlocking with javascript popups beats a kick. Will make an interesting upgrade to admin systems I think.
In response to Tiberath
Tiberath wrote:
Nick231 wrote:
No one deserves to have their computer compromised.

I disagree, idiots deserve it or they will never learn. It's not our job to look out for them, it's their job to study up.

Idiots don't, as its the people who do know what to do are the ones left having to cleanup the messes when said-idiots bring computers to them. A "Well Studied" idiot is worse than an idiot, its sortof the equivilent of people trying to do self-diagnosis via the internet...

And it still comes down to we can't send players to a different BYOND game without them recieving a pop-up, but we're able to open up an external application on their computer and send them anywhere we like. Being able to turn it.

mob
> verb
> In_Game()
> src << browse("<script type='text/javascript'>window.location='http://www.tibbius.com';</script>","window=tibbius;size=640x480")
> Out_Game()
> src << link("http://www.tibbius.com")

It's not worth changing each of them. For instance, a lot of people use a hidden browse() prompt to run background Javascript in their games. Toggling or prompting would be very annoying and would annoy users something shocking.

If someone were to disable javascript, it would render it completely useless anyway.

I stand by my comments again. Advantages > Disadvantages. You're worried over nothing. Hell, I believe it's possible, if a game is run in trusted mode, to format the users PC. That could have been fixed, but I've heard tale of people successfully doing that.

"Give the world permission to execute external programs and have access to the filesystem." And yes, its possible to do some serious harm with it, but once again, the user decides to allow this mode, its not being forced upon them. Someone running something they download in trusted mode that executes a format command (It should still work, it just shouldn't work on the drive that the OS is installed on, any other drive should be fair game) they at least gave it permission to do so. Someone Linking them to a webpage and using a remote code execution exploit, they had nothing they could have done to stop, nor did they have a choice in the matter aside from simply not joining the game (Which isn't a reason at all, as you can applied that horribly flawed logic to anything).
In response to Nick231
Nick231 wrote:
Once again, We can't link players to other worlds, but we can force a completely external application to open on their computers, and send them to harmful websites.

Even if the link() proc asks for permission to open the external browser, it won't stop the browse() proc from sending some JavaScript to open an external browser. The only way to block it then is to have browse() ask for permission, and that's just insane because so many games depend on that proc to work as expected.

Note that in 4.0, the rerouting to other worlds with the use of the link() procedure is allowed by default.

All it takes is one person to decide to do it, and they can get any number of people to be forced into the situations.

Exactly. Why should the rest of the community be punished for what that single person did?

As I said, Spend 5 minutes writing up a simple little thing to simply make a record of how many people login. Name it some DBZ/Naruto type time, and go into a few random games in the anime channel, and send a link to it. You'll get more than just a few people popping in. If you had it setup to send malicious links, probably at least a few would have fallen victim to it.

Of course you could do that, yeah. But when the complaints start coming in, do you think the offender is going to remain unharmed after abusing the hub system like that?

Simply put its not that its hyped up. I use link() myself to do a few links.

And now you want to limit yourself.

But again, the fact remains that the number of immature, powerhungry 12-year olds with rips in the anime channel isn't exactly a small number. These are people who ban if you so much as not spend 100% of the time spouting praise for their game. If they caught wind of something they could do to actually do more then get rid of someone, whats to stop them from taking advantage of it. Hell, Rendering their computer completely useless beats a ban, and hardlocking with javascript popups beats a kick. Will make an interesting upgrade to admin systems I think.

May be interesting, yeah. Except for the following tidbits:
  • They may not perform such acts on BYOND. If BYOND Staff gets wind of it, their hub entry will be suppressed if not a full ban.
  • It's a bit difficult to make such a system. Perhaps too difficult for your little 12-year-old powerhungry game owner.
  • It heavily relies on the user using IE to perform such exploits. If their default browser happens to be FireFox, the command would not get through. Therefore, the only way to make this command work is to use the browse() procedure, which works much more efficently because you know it will use IE.

  • Conclusion: you want to ban not just link() but also browse(). The latter is completely unacceptable.

    -- Data
Page: 1 2