-
Permanent closure of the plugin API and the removal of China/Asia realm support
Dear all,
I am getting constant reports about people abusing the plugin system:
- write data into logs and then 3rd party tools read that log and automatize user actions (I hope I solved this by adding random delays to the log writer)
- send data through network connection to 3rd party tools which automatize user actions (I hope I solved this by disabling the System.Net namespace)
- paint pixels on the screen and then 3rd party tools read these pixels and automatize user actions (no solution yet, it is nearly impossible to prevent doing this)
- the most recent report is a "ROS bot helper" plugin from "RAZ" which is simply outrageous (I checked the code).
Also I am constantly getting reports about hacked chinese versions - I don't even want to comment this...
I carefully evaluated my options and it does not look too shiny:
- I have no technical solution to prevent painting on the UI because it is the main goal of the whole plugin system, but I could limit the whole plugin interface so it could only write characters on the UI - no lines, no shapes, etc - basically this would render the plugin API useless
- I have no technical solution to prevent the modification the .exe file - however it looks like only a limit number of chinese people have the resources to do that.
Based on all the above, I decided to prevent the VERY CLEARLY DEFINED GOALS and restrictions of HUD:
- no automation
- no hacks
Regarding the 3rd party bot/automation integration problem:
solution #a:
- all major, community-made plugins will be compiled INTO TurboHUD
- almost all plugin interfaces will be removed - except ICustomizer to allow the users to customize the pre-compiled plugins
- the most recognized plugin developers will get machine-bound build of HUD to allow the development of plugins
- they will send me the plugin sources, I'll validate them and compile into HUD and it will be part of the next release
solution #b:
- there will be a single github repository list for approved plugins
- all major plugins will be moved there
- the most recognized plugin developers will get write access (to be decided: only pull requests or admin rights) to the repository
- HUD will checkout the latest codebase on start and dinamically compile as usual
- on "Normal" difficulty HUD could allow somehow the use of custom plugins
solution #c:
- remove the plugin system, compile default plugins into the exe and say goodbye
Regarding the hacked versions problem:
solution #1:
- set up obfuscation even more stronger and hope the hackers can't modify that
- however this will make the .exe much slower but hopefully at least not unstable
solution #2:
- I'll completely remove the chinese language support and the whole asia/china realm support
- I'll add thousand of "if" conditions to the exe at random places which will terminate HUD if it detects Chinese realm
I understand that all of the options above do hurt the normal users (whose I believe 99% of every user) too.
If you have any other solution in your mind then please share HERE.
Do not PM me.
Last edited by KillerJohn; 09-28-2019 at 02:20 AM.
Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...
-
Post Thanks / Like - 5 Thanks
-
Active Member
always the same song on chinesse players, easy remove all asian support and 0 problems.
They are notified and these people do not listen, do not learn, do not care.
+1 vote for remove all asian support.
-
Member
Sad to hear.
There is no real convenient way in limiting API plus restricting automation.
I admit, that i used THUD for automation with my own plugin which i never made public (former used d3helper for that)
All solution will make it impossible for people to write their own maybe small additions for thud, which maybe not needed for the majority or do not plan releasing.
Solution #b seems better, as people could code/deploy faster. With #a there could be potential bugs in a plugin and people would have to wait until its fixed and you uploaded it again.
With that there would also be much more traffic for download everything all over again every time.
#c would be obviously the worst option.
Can't comment on asian thing, as i don't know how "bad" the situation is.
Also don't have any better solution, as you already said, it will always hurt the normal users.
(You could release a tool/code like Enigma did, so people can read the memory stuff and so they could use that instead of thud, but i guess that a big no-no for you)
Don't know how many people use those public automation things, but i guess those changes will hurt mostly normal users (which are already fewer people than in earlier times when looking at d3/forum activity)
-
Member
for me:
- solution #b:
- solution #2:
end of story
-
Post Thanks / Like - 1 Thanks
dothepe (1 members gave Thanks to blejdzik for this useful post)
-
Legendary
Whatever the measure taken, it will affect many people who are not to blame for anything, but I understand that it is a necessary decision and that it has been thought for a long time.
In my opinion:
The elimination of the Plugins option would discard it, the utility of TH is multiplied thanks to them: users can adapt the environment to their preferences and expand their possibilities
Eliminating support for Asia is the easiest measure, but it would affect many people, I think it should be the last step. (we must put ourselves in his place for a moment)
The problem with the other options is that it involves a lot of work and adaptation.
My vote goes for option b
-
Member
-
Post Thanks / Like - 1 Thanks
dothepe (1 members gave Thanks to GutterMagic for this useful post)
-
Active Member
KJ,
Seems that B2 is the preferred solution combination, but I think it comes down to how much you want to work on this thing. I understand that for you it's a labor of love and an avenue of self-actualization, and it may even be a pretty decent revenue stream for you through donations. I myself have donated, and I'm sure a lot of others have, probably a lot of users who never even comment on this forum.
But ultimately, it comes down to how much you want to work.
I think that the abusers should just be restricted access to the program entirely. I understand that a downloader could bounce the address around through a VPN so you couldn't reliably detect the realm that the HUD is going to, and I'm not sure how many of these guys who have the resources to hack the program can also use it in English, so probably B2 will work the best.
For the last few days I have been playing without the HUD, and I can tell you that if it permanently goes away, the Diablo world will be that much duller for it. If it helps, I'd be willing to pay you 10 bucks for the download every time Blizzard does an update; TurboHUD adds that much enjoyment to the game for me.
My thanks for your continued support of this program.
Stone
-
Member
Hi.
First of all thanks for the th.
I only use it for the game (for myself and party friends) and I can't imagine a th where you can't edit your own plugins. It is the essence of the program!.
I edit all plugins for my convenience and add extra features, even the default plugins for my own personalization; with solution a or solution b i could get it never as I like. Only with ICustomizer is not enough.
Why do I have to run a script that I don't like as it is or I don't like what/how it does? Solutions given are not fair.
My th is like I want and for that I need to write/edit my own code.
Just ban namespaces or certains words or find other solutions please, but leave us the possibility of coding.
-
Active Member
I think, that "solution #b" can also eliminates the chaos of plug-ins (conflicts of similarity/key assignment/screen positioning/etc., incompatibility with current TurboHUD version, etc.).
For other hard solutions; (again, I think) You should make your own individual and free choice without being influenced by anyone!
"When you reach the top, get ready to drop!"
-
First Dev On The Internet
solution #b (If you can forbid malicious redirects to another GitHub)
-
Member
I think that if they use those programs that share them and that is not private, pd because of them we will annoy the same conventional users .... both "secret" helper and everyone knows it and they say (closed circle) and everyone knows DH64 ¬¬
-
Originally Posted by
StoneOld
KJ,
Seems that B2 is the preferred solution combination, but I think it comes down to how much you want to work on this thing. I understand that for you it's a labor of love and an avenue of self-actualization, and it may even be a pretty decent revenue stream for you through donations. I myself have donated, and I'm sure a lot of others have, probably a lot of users who never even comment on this forum.
But ultimately, it comes down to how much you want to work.
I think that the abusers should just be restricted access to the program entirely. I understand that a downloader could bounce the address around through a VPN so you couldn't reliably detect the realm that the HUD is going to, and I'm not sure how many of these guys who have the resources to hack the program can also use it in English, so probably B2 will work the best.
For the last few days I have been playing without the HUD, and I can tell you that if it permanently goes away, the Diablo world will be that much duller for it. If it helps, I'd be willing to pay you 10 bucks for the download every time Blizzard does an update; TurboHUD adds that much enjoyment to the game for me.
My thanks for your continued support of this program.
Stone
Most months I couldn't get properly drunk by spending the donations, so that's really not considered at all
Your previous donation is highly appreciated, and you are kind but there is no need for "bucks for every update".
Actually I think I'll completely remove the donation link from the download page.
Personally I think B is a good option (may be the best), still I am not sure about the China issue. I'd like to see a proper solution, because to be honest, blocking a whole realm would be pathetic and sad
Last edited by KillerJohn; 09-27-2019 at 02:57 PM.
Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...
-
First Dev On The Internet
Random Idea (from the unskilled amateur developper I am):
- Force TurboHUD to download of a sort of sha256sum to compare its own integrity before running.
-
Post Thanks / Like - 1 Thanks
franehr (1 members gave Thanks to User5981 for this useful post)
-
Originally Posted by
PTS_TDS
Hi.
First of all thanks for the th.
I only use it for the game (for myself and party friends) and I can't imagine a th where you can't edit your own plugins. It is the essence of the program!.
I edit all plugins for my convenience and add extra features, even the default plugins for my own personalization; with solution a or solution b i could get it never as I like. Only with ICustomizer is not enough.
Why do I have to run a script that I don't like as it is or I don't like what/how it does? Solutions given are not fair.
My th is like I want and for that I need to write/edit my own code.
Just ban namespaces or certains words or find other solutions please, but leave us the possibility of coding.
banning namespaces/words obviously won't help...
even solution #b would prevent you from modifying the plugins ON THE SOURCE CODE LEVEL, but you could still customize them by the ICustomizer interface, using the plugins' public properties.
This would urge the recognized plugin developers to publish lots of customization options in their plugins (using public properties with setters), because editing their files by the users will be no longer an option.
Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...
-
Member
KJ you are great for the simple fact that you consult with us asking for opinions on a decision like this, unfortunately not everyone is respectful of the work of others and their ethics is toilet paper.
With heart I would say option # 2 but with the head I say option B.
It would not be consistent to punish many people because of a few stupid people.