|
PSA: Flaw Identified in Voidwatch Addon (Ban Risk)
By Shichishito 2019-11-20 18:35:38
what gray fuzzy line is "hardcore". what makes a cheat hardcore? the line only became fuzzy when SE decided to look away while more and more players stepped over it.
lets just say ppl really can't tell where it is (they can), SE just needs to man up, draw a new one and enforce it with a iron fist.
It is literally a chore simulator it really is.
Can someone explain why this backwards logic got 5 likes? If you're going to cheat, cheat on a game that doesn't matter and is dead. Why cheat on a relevant game where you can get banned in 5 seconds by active gms?
I feel like i'm taking crazy pills, people actually suggesting cheat on a relevant game rather than a dead game. It's either a troll like jet or what it probably sounds crazy but how about not cheating at all?
VIP
Server: Fenrir
Game: FFXI
Posts: 749
By Fenrir.Niflheim 2019-11-20 18:50:30
what gray fuzzy line is "hardcore". what makes a cheat hardcore? the line only became fuzzy when SE decided to look away while more and more players stepped over it.
lets just say ppl really can't tell where it is (they can), SE just needs to man up, draw a new one and enforce it with a iron fist.
I think that's easier said than done. it is probably better to leverage the community to police the players. That is basically what happened with the medals exploit, and somewhat with this topic as well.
Someone mentioned something along the lines of this in the windower discord, if SE had a bug bounty program you would probably close a number of issue like this rather then leaving them for "bad" users to find and exploit.
let players with the skill set inform SE about any bugs that player finds without fear of being the messenger shot dead in the street for it.
honestly SE trusted the "client" so much in their code already, might as well trust their client to find their bugs
By Shichishito 2019-11-20 18:59:09
you're suggesting to let the dog guard the sausage.
the dupe exploit didn't get uncovered by the "community" it got uncovered by a RMT cause his profits were in danger.
Asura.Eiryl
By Asura.Eiryl 2019-11-20 19:04:48
15 Years ago they should've hired the whole windower team and fixed the game when they had the chance.
Bounty system would be ok, but there is no reward great enough to care aside from something like life time free to play. They definitely should not ban every single person who tells them about a problem though, that ***is straight HELP I AM TRAPPED IN 2006 PLEASE SEND A TIME MACHINE.
[+]
VIP
Server: Fenrir
Game: FFXI
Posts: 749
By Fenrir.Niflheim 2019-11-20 19:06:03
you're suggesting to let the dog guard the sausage.
the dupe exploit didn't get uncovered by the "community" it got uncovered by a RMT cause his profits were in danger.
There is no one right now who can play that role because SE doesnt let us, if you find an exploit like that, and you report it you're banned. I may love the game but i am not going to spend money to buy an account every month just to find exploits to report to SE.
We are discouraged from reporting exploits, the only reasonable person who is going to report one is a RMT who wants to shutdown competition, and has accounts to spare.
Shiva.Thorny
Server: Shiva
Game: FFXI
Posts: 2850
By Shiva.Thorny 2019-11-20 19:06:52
You wanting to hate me doesn't change that Niflheim has a perfectly valid point. Even if SE drew some line and held to their guns on banning everyone who passed it, it doesn't mean they instantly recognize and ban every cheat or exploit. There is still a matter of resources, and exploits are often not something immediately noticable to a game developer because they aren't usually the normal behavior of a NPC.
Allowing people to report an exploit, and not only avoid being banned provided they didn't abuse it, but perhaps have a small cosmetic reward, would only serve to help them find and fix things. 'Dog guarding the sausage' is a poor analogy, as nobody is being given easier access to exploits. It's just another avenue to get rid of them.
For example, I would have happily reported this voidwatch one years ago if I could get a r/ex lv1 bugfinder crown, maybe with a signature for how many bugs i've found, and not get banned. I would not sacrifice an account over something this irrelevant.
[+]
By ryukin182 2019-11-20 19:08:08
ryukin182 said: ยป
Can someone explain why this backwards logic got 5 likes? If you're going to cheat, cheat on a game that doesn't matter and is dead. Why cheat on a relevant game where you can get banned in 5 seconds by active gms?
I feel like i'm taking crazy pills, people actually suggesting cheat on a relevant game rather than a dead game. It's either a troll like jet or what
it probably sounds crazy but how about not cheating at all?
Are you taking this as me advocating for cheating? No. I'm asking the logic if you ARE going to, why do it in a relevant game over a dead one?
The OP is the one suggesting if you're going to cheat why x not y, im asking the logic.
VIP
Server: Fenrir
Game: FFXI
Posts: 749
By Fenrir.Niflheim 2019-11-20 19:08:25
perhaps have a small cosmetic reward...
I would want a literal white hat :)
Server: Cerberus
Game: FFXI
Posts: 4415
By Cerberus.Senkyuutai 2019-11-20 19:18:08
what gray fuzzy line is "hardcore". what makes a cheat hardcore? the line only became fuzzy when SE decided to look away while more and more players stepped over it.
lets just say ppl really can't tell where it is (they can), SE just needs to man up, draw a new one and enforce it with a iron fist.
I think that's easier said than done. it is probably better to leverage the community to police the players. That is basically what happened with the medals exploit, and somewhat with this topic as well.
Someone mentioned something along the lines of this in the windower discord, if SE had a bug bounty program you would probably close a number of issue like this rather then leaving them for "bad" users to find and exploit.
let players with the skill set inform SE about any bugs that player finds without fear of being the messenger shot dead in the street for it.
honestly SE trusted the "client" so much in their code already, might as well trust their client to find their bugs The only issue with this method is that you have to hope that the players with the knowledge and/or skillset needed to report this properly have the morals to do so.
If last thread taught us anything, it's that the overwhelming majority of people exploiting this game have no business telling SE or anyone outside their clique about the exploit they abuse daily.
[+]
By Shichishito 2019-11-20 20:14:39
You wanting to hate me doesn't change that Niflheim has a perfectly valid point. obviously someone reporting cheats or exploits should NOT have to worry to be banned as reward IF he didn't abuse it. thats a no brainer. however you did abuse it and you rightfully got banned for it.
its just as much of a no brainer that the fast majority of folks discovering a significant exploit like the last two would much rather have fun with the infinite resources, sell it for 5k to russian RMT or start RMTing themselfs instead of handing it over for cosmetics, no matter how rare or pretty they may be.
i don't hate you, i just don't like it if someone tries to sell himself as the problem solver when he really is part of the problem.
'Dog guarding the sausage' is a poor analogy, as nobody is being given easier access to exploits. It's just another avenue to get rid of them. the "community" is not trust worthy. as long as the reward for reporting a exploit doesn't outweigh the potential gain of keeping it secret the "community" (who really aren't the community but a closed group of cheaters screwing each other over) will always eat the sausage.
*edit*
this game doesn't just have a problem with exploits but also with all sorts of other cheats and bots. most of them get reported by the community, thats not the problem, its SE not doing anything about it.
*edit*
of course you'd prefer Niflheims suggestion since no matter where SE would draw the new line you'd lose revenue.
By Jetackuu 2019-11-20 20:19:27
It's amazing that this thread is still going post maintenance. Even more amazing that there's still this much hurtbutt.
By Jetackuu 2019-11-20 20:19:44
perhaps have a small cosmetic reward...
I would want a literal white hat :) Psh, racist. :P
By Sylph.Brahmsz 2019-11-20 20:20:37
it probably sounds crazy but how about not cheating at all?
[+]
VIP
Server: Fenrir
Game: FFXI
Posts: 749
By Fenrir.Niflheim 2019-11-20 20:39:05
Cerberus.Senkyuutai said: »The only issue with this method is that you have to hope that the players with the knowledge and/or skillset needed to report this properly have the morals to do so.
If last thread taught us anything, it's that the overwhelming majority of people exploiting this game have no business telling SE or anyone outside their clique about the exploit they abuse daily.
its just as much of a no brainer that the fast majority of folks discovering a significant exploit like the last two would much rather have fun with the infinite resources, sell it for 5k to russian RMT or start RMTing themselfs instead of handing it over for cosmetics, no matter how rare or pretty they may be.
I think you both are making the, somewhat odd, assumption that everyone with the skills to find an exploit is:
1) currently using that skill.
2) seeks to make profit.
In the current paradigm 1 is only true IF 2 is true. You dont look for exploits if you dont expect to make use of them, because you are just going to get yourself banned for reporting them so how do you benefit if you dont use the exploit?
Additionally people using exploits do best when they stick to SE's own philosophy, security by obscurity. If someone finds an exploit and keeps it to themselves it will likely be something they can use indefinitely, after all anyone else who finds it will likely do the same. BUT if there are people looking to report bugs to SE then you change the risks. Once you find an exploit you know it can be found, you know how difficult it was to find, and you know someone else could find it AND report it.
If you were both correct in the view you put forth, bug bounty programs would not exist anywhere, because no one would report exploitable bugs.
In the event your case it true, what HARM does a bug bounty program pose to the users? Why should SE not try and create such a program?
By Shichishito 2019-11-20 20:58:08
In the event your case it true, what HARM does a bug bounty program pose to the users? Why should SE not try and create such a program? you mean offering real money, not just peanuts? well the concept is not new so SE either doesn't want to do it cause it would cost them money or they simply can't compete with what ever someone could earn by RMTing instead.
you also have to keep in mind that exploiting in a MMO has no repercussions in RL if they get caught. i suppose in most cases where they pay bounties for infos there are also RL consequences if you abuse the exploit.
Asura.Eiryl
By Asura.Eiryl 2019-11-20 21:00:00
They never made a bounty program because they don't give a ***about the game only the money it makes.
You get stuff like that from a company that actually cares about customers and their game.
VIP
Server: Fenrir
Game: FFXI
Posts: 749
By Fenrir.Niflheim 2019-11-20 21:48:55
In the event your case it true, what HARM does a bug bounty program pose to the users? Why should SE not try and create such a program? you mean offering real money, not just peanuts? well the concept is not new so SE either doesn't want to do it cause it would cost them money or they simply can't compete with what ever someone could earn by RMTing instead.
you also have to keep in mind that exploiting in a MMO has no repercussions in RL if they get caught. i suppose in most cases where they pay bounties for infos there are also RL consequences if you abuse the exploit.
I think you vastly over-estimate money as a sole motivator, this is a game to most people not a job. As an example people who work on windower arent getting paid, dont take donations, dont do it for the glory, it just because we love the game and it is FUN to work on windower.
So it does not need to be real world money, just as thorny said some in-game item that can be exclusively obtained by reporting an exploit. One issue you can point out about giving an in-game reward, anyone with said reward has 100% broken ToS in some way or another, but SE gets the win of closing an exploit that could cause issue for their users, its basically vigilante justice or chaotic good.
SE would just need to invest the time to provide a path to make a report, and a reward system. It's a much lower bar then hunting down every user whose up to no good.
Server: Asura
Game: FFXI
Posts: 487
By Asura.Beatsbytaru 2019-11-20 23:57:55
They never made a bounty program because they don't give a ***about the game only the money it makes.
You get stuff like that from a company that actually cares about customers and their game. Probably the most correct line you've had in all of this. S-E does not give a *** about the player, just the balance sheets.
Server: Asura
Game: FFXI
Posts: 163
By Asura.Snapster 2019-11-21 00:16:05
There is so much incel projection in this thread...
[+]
Asura.Sirris
Server: Asura
Game: FFXI
Posts: 731
By Asura.Sirris 2019-11-21 01:14:49
They never made a bounty program because they don't give a ***about the game only the money it makes.
You get stuff like that from a company that actually cares about customers and their game.
That's because, since September 30th of 2010, FFXI has existed only to subsidize FFXIV. Adoulin launched to carry them through the disaster that was 1.0 and still exists to help pay for further XIV development.
Asura.Chiaia
VIP
Server: Asura
Game: FFXI
Posts: 1656
By Asura.Chiaia 2019-11-21 05:17:37
For example, I would have happily reported this voidwatch one years ago if I could get a r/ex lv1 bugfinder crown, maybe with a signature for how many bugs i've found, and not get banned. I would not sacrifice an account over something this irrelevant.
When you claim a 6 figure income from this, what is $10 or $30 in the long run? (Even if it was monthly the year end total would be $120/$360.)
I really have no problem with you but what you said makes no sense to me.
[+]
Asura.Frod
Server: Asura
Game: FFXI
Posts: 1211
By Asura.Frod 2019-11-21 05:34:05
They never made a bounty program because they don't give a ***about the game only the money it makes.
You get stuff like that from a company that actually cares about customers and their game.
That's because, since September 30th of 2010, FFXI has existed only to subsidize FFXIV. Adoulin launched to carry them through the disaster that was 1.0 and still exists to help pay for further XIV development.
With shadowbringers xiv has surpassed base WoW in subscription numbers. (Wow classic shot higher, but we'll see in a year :v)
Perpetuating the myth that xi with its maybe 15-20k sub base is funding xiv is getting worn out
By Draylo 2019-11-21 05:37:10
He didn't say its the only thing funding XIV, just that it exists to put more funds into XIV. I'd probably say that is right, and the profits XI makes go directly to it. Also where are you getting those numbers from?
Asura.Frod
Server: Asura
Game: FFXI
Posts: 1211
By Asura.Frod 2019-11-21 05:50:33
He didn't say its the only thing funding XIV, just that it exists to put more funds into XIV. I'd probably say that is right, and the profits XI makes go directly to it. Also where are you getting those numbers from?
It was widely reported back around shadowbringer's launch. Xiv has/had a sub count of 14 to 16 million.
I would argue that xi money does not touch xiv (at least since like heavensward) and that its more a case of maintaining xi is a decent chunk of what there is and there rest is simply general profitability. If this game wasn't profitable in some form, se would old yeller it without a second thought.
By Draylo 2019-11-21 05:56:28
I was talking about him saying that about XIV sub, where did you see the data for 15 million subs.. That does not sound right at all, they typically state it has 15 million accounts created or something silly, but actual people subbed to the game and playing?
By Prong 2019-11-21 06:08:40
My favorite part of these threads is the people who have quit playing this game yet, still come on this forum to whine about the game.
You made your statement of dislike for the game by quitting. What's the point in trying to make sure there are others who agree?
[+]
Asura.Sechs
Server: Asura
Game: FFXI
Posts: 10134
By Asura.Sechs 2019-11-21 06:09:30
I was talking about him saying that about XIV sub, where did you see the data for 15 million subs.. That does not sound right at all, they typically state it has 15 million accounts created or something silly, but actual people subbed to the game and playing? I think FFXIV has a very high amount of players atm, for realz, but I doubt they have 15 millions of currently active accounts.
Tipically when they give those numbers they're actually talking about "total amounts of accounts created since the beginning of the service".
The real number of active accounts in THIS moment is of course lower, but I still believe it's pretty large and, possibly, the largest atm on the market of MMOs with a monthly subscription.
Asura.Frod
Server: Asura
Game: FFXI
Posts: 1211
By Asura.Frod 2019-11-21 06:11:18
My favorite part of these threads is the people who have quit playing this game yet, still come on this forum to whine about the game.
You made your statement of dislike for the game by quitting. What's the point in trying to make sure there are others who agree?
I still play. Logging in monthly to shitpost in yell is a viable endgame activity.
[+]
Asura.Sechs
Server: Asura
Game: FFXI
Posts: 10134
By Asura.Sechs 2019-11-21 06:13:43
I was talking about him saying that about XIV sub, where did you see the data for 15 million subs.. That does not sound right at all, they typically state it has 15 million accounts created or something silly, but actual people subbed to the game and playing? I think FFXIV has a very high amount of players atm, for realz, but I doubt they have 15 millions of currently active accounts.
Tipically when they give those numbers they're actually talking about "total amounts of accounts created since the beginning of the service".
The real number of active accounts in THIS moment is of course lower, but I still believe it's pretty large and, possibly, the largest atm on the market of MMOs with a monthly subscription.
Btw I wasn't trying to say that SE is the only company that "cheats" with numbers.
Everybody does that.
Other companies in the past gave numbers considering the number of CHARACTERS instead of Accounts, for instance.
Blizzard too used similar tricks when giving their numbers, and so on.
All in all you need to take these numbers with the awareness that they are mostly for marketing promotion, so you need to take em lightly.
This morning (November 18th, 2019) we were contacted by an anonymous user who had discoverd a serious flaw in certain modified versions of the unsupported voidwatch addon that has been widely distributed throughout the community. Use of these modified versions of the addon could result in a ban. In light of recent events and the likelihood that users could unintentionally trigger this flaw we felt it was necessary to bring this to the community's attention.
We have contacted the author and confirmed that the original version distributed at the link below does not have this flaw. We believe this flaw was initially benign, but became exploitable following the emergency maintenance on November 13th, 2019; however, we cannot be certain of this. We will not provide details of how to exploit this flaw, and this issue has been reported to SE.
The original unmodified version of the voidwatch addon can be found at https://www.dropbox.com/s/ex1jtgqz4jtmxd8/voidwatch.lua?dl=0
This addon is not distrubuted by Windower, and is not endorsed by us in any way. Use at your own risk.
|
|