Jump to content

The Great Controversy


DuoDex

Recommended Posts

The auto-updater in Modstatistics is opt-in (don't remember if it's default checked or not), but it's implemented with absolutely no regard to security and is trivially exploited through DNS poisoning, HTTP interception, or a hack of Majiir's server.

How is that specific to Majiir's auto updater and not to all the other mod downloads posted on these forums?

Link to comment
Share on other sites

How is that specific to Majiir's auto updater and not to all the other mod downloads posted on these forums?

I haven't looked at other auto updating mods, but I assume most of them would use a similarly exploitable system (but maybe they wouldn't have the write-anywhere issue people claimed Modstatistics has). Do you have any examples of other auto-updating mods?

Link to comment
Share on other sites

It says that very clearly near the top of the post.

And I managed to not see it the first time around. Maybe because I was only scanning that page for links to download & docs.

I did, however, read both the readme and the changelog, under the assumption that anything worth knowing would be in there. Neither even mentions modstatistics.

Also, it says so in the change log, which you should read every time you get a new version.

I do. The one that comes in the zip archive doesn't. In my world, the online documentation rarely is up to date, so it's not exactly the first resource I turn to.

Edit: Okay, technically, just in case you might insist on your exact wording [...]

Again, you seem to be missing the point I was trying to make. He could have advertised ModStatistics just like the others, or nagged people to install it, or whatever. Yet for that particular mod, he chose another approach. This wouldn't be worth mentioning if there wasn't such a stark contrast between how he's doing it in one case and the other.

Put differently: he's obviously aware that people don't want it, or at least don't want it as badly as he wants them to have it. So he's forcing it on them. "Daddy knows best" is the kindest description I can think of.

Link to comment
Share on other sites

Do you have any examples of other auto-updating mods?

No, and to my knowledge there aren't any. I wasn't talking about auto updating mods, but about mods that are hosted in the regular fashion here on the forums. Your post seemed to imply that the vulnerabilities you mentioned did not apply to those.

Link to comment
Share on other sites

I haven't looked at other auto updating mods, but I assume most of them would use a similarly exploitable system (but maybe they wouldn't have the write-anywhere issue people claimed Modstatistics has). Do you have any examples of other auto-updating mods?

He's not talking about auto-updating mods. The hacks you mentioned could all be used against any plain http link in this forum or on CurseForge.

Edit: should've guessed he'd answer that himself... ;)

Link to comment
Share on other sites

Put differently: he's obviously aware that people don't want it, or at least don't want it as badly as he wants them to have it. So he's forcing it on them. "Daddy knows best" is the kindest description I can think of.

Or Majiir understood the significant difference between having an opt-in system and an opt-out system and, when it came to gathering mod information for statistical analysis, knew that it would be almost worthless to do an opt-in.

Link to comment
Share on other sites

Put differently: he's obviously aware that people don't want it, or at least don't want it as badly as he wants them to have it. So he's forcing it on them. "Daddy knows best" is the kindest description I can think of.

First, you don't know if he's forcing it on his users if you don't ask. I for one certainly don't.

Second, I don't see anything bad in his approach. It's his mod, he can bundle whatever he likes (forum rules and licenses permitting, of course.) There is no need to ask anyone about anything.

Or Majiir understood the significant difference between having an opt-in system and an opt-out system and, when it came to gathering mod information for statistical analysis, knew that it would be almost worthless to do an opt-in.

Laie and me were talking about technogeeky's bundling of ModStats into SCANsat - but yeah, I think that's why Majiir made ModStats the way he did.

Edited by blizzy78
Link to comment
Share on other sites

Or Majiir understood the significant difference between having an opt-in system and an opt-out system and, when it came to gathering mod information for statistical analysis, knew that it would be almost worthless to do an opt-in.

You're defending deceitfulness?

Link to comment
Share on other sites

No, and to my knowledge there aren't any. I wasn't talking about auto updating mods, but about mods that are hosted in the regular fashion here on the forums. Your post seemed to imply that the vulnerabilities you mentioned did not apply to those.
He's not talking about auto-updating mods. The hacks you mentioned could all be used against any plain http link in this forum or on CurseForge.

Edit: should've guessed he'd answer that himself... ;)

Nobody has yet to come up with a reason why a mod for a video game should dump the contents of some random person's private server onto my computer without my prior express consent, and that tells it all really.

This is what Modstatistics in it's current form is capable of doing. In the example of DNS poisoning/HTTP interception against Curse user interaction is required. Modstatistics (as I understand it, once you opt-in for auto-updates) has the capability to download anything it's instructed to to any location on your local filesystem that KSP can write to.

Link to comment
Share on other sites

It is not "the contents of someone's server", it is an auto-update feature for a modding API.

You are also asked if you want to consent to the automatic update.

If I delete the ModStatistics folder and unbeknownst to me there is another mod with ModStatistics embedded, the next time I start KSP the content's of some random person's private server gets dumped onto my computer clearly not just without my consent but against my wishes. Also, if I delete the settings.cfg file (after changing it to opt out) I am longer opted out, meaning I have to have that folder on my computer in perpetuity to stay opted out. Not you or anybody else for that matters has managed to come up with an explanation for why this is sane or rational in any way, shape or form. Furthermore, why should I have to comb through every mod's forum thread, readme and source just to make sure that I do not potentially get illegal or malicious content dumped onto my computer without me knowing about it? This "functionality" isn't stated anywhere except if you go digging through the source code. Are you now seriously going to tell me that it's my responsibility to go and read through every single line of code before I OK the use of a mod for my rockets-as-LEGO video game I like to play for fun in my spare time? This is ridiculous. Squad should ban any and all mods from downloading anything to my computer, opt-in or opt-out.

Also see below

The auto-updater in Modstatistics is [...] implemented with absolutely no regard to security and is trivially exploited through DNS poisoning, HTTP interception, or a hack of Majiir's server.

Again, I ask Squad, how is this allowed to stand?

Link to comment
Share on other sites

You're defending deceitfulness?

Opt-in vs. Opt-out is certainly not deceitfulness...though there may be an argument for Opt-in only...allowing opt-out is in NO WAY deceitful. As was stated many times (and constantly ignored by you): The information you needed was on the forum page. If you didn't read or didn't understand...that is your problem and not at all deceitful by the mod author.

Link to comment
Share on other sites

Again, I ask Squad, how is this allowed to stand?

It's not Squad's job to police the code of mods... in fact, once they do it for a single mod, they can technically be held accountable for the activity of *all* mods. It's a slippery slope.

You should realize, what you're asking for is the path to a company abandoning support for mods altogether... better to prevent mods from being made than risk being accountable for what they do. If you think that's good for the community, I don't know what to tell you.

Is it bad to bundle things together without informing users you're doing so? Sure. That's been addressed. That should be the end of the discussion. If you don't like the way something is implemented, you don't have to use the mod.

Link to comment
Share on other sites

Whatever issues you have with the design of mod statistics is, luckily, not my problem. I don't know if the automatic copy on the main folder bypasses the settings or not, I haven't checked. If it does, then it is a serious issue and you should talk about it with Majiir (the best way is to open an issue on the github tracker, imho).

Also, you have no idea how entitled you sound when you talk about reading a forum thread like a chore. These mods are made for free and shared as they are, no guarantees. You have NO rights whatsoever: a mod is dangerous content provided by unknown random guys on the internet and if you don't want to read a couple hundred lines to understand what it does to your PC, then you don't get to complain.

This is not Apple's app store: you are not supposed to just go on a downloading spree and install everything you can click on.

When you ignored ferram's post, failing to do the basic minimum of research to understand what code was going into your processor, you have effectively agreed by your own ignorance to run everything he has included.

And please note that this is coming from someone who opposes mod statistics in its current form.

Link to comment
Share on other sites

As was stated many times (and constantly ignored by you): The information you needed was on the forum page. If you didn't read or didn't understand...that is your problem and not at all deceitful by the mod author.

No, nowhere in the forum post does it say that when I go to delete the .dll embedded in some other, unrelated mod I unwittingly updated, the contents of some stranger's private server gets dumped on my computer. That is malicious.

It's not Squad's job to police the code of mods... in fact, once they do it for a single mod, they can technically be held accountable for the activity of *all* mods. It's a slippery slope.

You should realize, what you're asking for is the path to a company abandoning support for mods altogether... better to prevent mods from being made than risk being accountable for what they do. If you think that's good for the community, I don't know what to tell you.

Is it bad to bundle things together without informing users you're doing so? Sure. That's been addressed. That should be the end of the discussion. If you don't like the way something is implemented, you don't have to use the mod.

It is in fact entirely within Squad's purview to dictate what can and cannot be hosted on their servers and what can and cannot be done to their game. I don't understand how you equate "removing obviously malicious software cleverly disguised as a mod" to "abandoning support for mods altogether", so you are going to have to explain that one to me.

Also, I don't want to use the mod, but to stay opted out from any accidental inclusion from some other mod it has been bundled with (again, why?) I have to keep the folder and the settings.cfg file on my computer for all time. Or else I opt in apparently. How is this OK?

Whatever issues you have with the design of mod statistics is, luckily, not my problem. I don't know if the automatic copy on the main folder bypasses the settings or not, I haven't checked. If it does, then it is a serious issue and you should talk about it with Majiir (the best way is to open an issue on the github tracker, imho).

Also, you have no idea how entitled you sound when you talk about reading a forum thread like a chore. These mods are made for free and shared as they are, no guarantees. You have NO rights whatsoever: a mod is dangerous content provided by unknown random guys on the internet and if you don't want to read a couple hundred lines to understand what it does to your PC, then you don't get to complain.

This is not Apple's app store: you are not supposed to just go on a downloading spree and install everything you can click on.

When you ignored ferram's post, failing to do the basic minimum of research to understand what code was going into your processor, you have effectively agreed by your own ignorance to run everything he has included.

And please note that this is coming from someone who opposes mod statistics in its current form.

I don't claim to want rights, I want there to be clear cut rules for mods so that I don't have to worry about potentially illegal or malicious content being downloaded onto my computer without my prior, informed consent, from some stranger's private server. I am really struggling to understand why this makes a minority of sense to the majority of you? I shouldn't have to read through the source code, license, readme or forum post of each and every mod to know that I'm not putting myself in a position in which I could potentially find myself unwittingly in contempt of the law, when I just want to download some virtual parts for a rockets-as-LEGO video game I enjoy in my spare time.

Link to comment
Share on other sites

This is where you are wrong. You SHOULD have to read all of it (except the source code). This is where you are not making sense.

The license states what you can or cannot do.

The forum post states what the mod does and what it contains and how you install it.

The readme... The name says it all.

You want mods? This is how you get them. If you don't want to deal with these issues, PLAY STOCK.

Link to comment
Share on other sites

This is where you are wrong. You SHOULD have to read all of it (except the source code). This is where you are not making sense.

The license states what you can or cannot do.

The forum post states what the mod does and what it contains and how you install it.

The readme... The name says it all.

You want mods? This is how you get them. If you don't want to deal with these issues, PLAY STOCK.

From the modder's perspective, it's wrong for the user to download something without reading all the fine print.

From the user's perspective, it's a violation of faith/trust in the modder to provide the mod the user's looking for and nothing more.

And we're right back to do you want to be right, or do you want to be effective.

Link to comment
Share on other sites

No, nowhere in the forum post does it say that when I go to delete the .dll embedded in some other, unrelated mod I unwittingly updated, the contents of some stranger's private server gets dumped on my computer. That is malicious.

Correct me if I'm wrong, but this happens if and only if you specifically enable auto-updating, in the dialog box that pops up. ModStatistics does not download anything from Majir's site unless you enable autoupdates. It says so in a popup when starting the game for the first time with ModStats installed. Your description of what happens is not accurate, as it implies that it downloads without checking, which is false.

Link to comment
Share on other sites

Correct me if I'm wrong, but this happens if and only if you specifically enable auto-updating, in the dialog box that pops up. ModStatistics does not download anything from Majir's site unless you enable autoupdates. It says so in a popup when starting the game for the first time with ModStats installed. Your description of what happens is not accurate, as it implies that it downloads without checking, which is false.

The dialog is to disable auto updating, it defaults to checked I believe and thus can be misclicked to accidentally opt into updates (kind of like ask toolbar and raptr).

-edit-

That is to say, the checkbox enables updating, and is checked by default.

Link to comment
Share on other sites

From the modder's perspective, it's wrong for the user to download something without reading all the fine print.

From the user's perspective, it's a violation of faith/trust in the modder to provide the mod the user's looking for and nothing more.

And we're right back to do you want to be right, or do you want to be effective.

Idk about the rest of the modding community, but I make mods for myself. I'm doing (the proverbial) 'you' a favor by allowing you to use it.

Link to comment
Share on other sites

If I delete the ModStatistics folder and unbeknownst to me there is another mod with ModStatistics embedded, the next time I start KSP the content's of some random person's private server gets dumped onto my computer clearly not just without my consent but against my wishes. Also, if I delete the settings.cfg file (after changing it to opt out) I am longer opted out, meaning I have to have that folder on my computer in perpetuity to stay opted out. ...

Think this one through for a second, seriously.

For the sake of arguing this particular point, accept the premise that ModStats *is* opt-out instead of opt-in. ModStats comes bundled with a variety of other mods. ModStats has (optional) auto-update functionality. The relative values of that design decisions are not what I'm asking you to think through, but rather your complaints about the *implementation* of those decisions.

Ok, so, ModStats comes bundled with other mods. It negotiates among each of the ModStats dlls to find the one which should be active. Cool! Now throw the auto-update wrinkle in. Our user has decided to enable it. Where does ModStats write the updated DLL to? One answer is... to where ever the most-current DLL is running itself from. Ok, that works, but if the user uninstalls that mod, we have to update again. Doable, but not elegant, and potentially adds noticeable time to the user's game loading (unlike the negotiation, which adds nanoseconds). The elegent answer is... to a central location - and hell, if we are doing that, why don't we move the most-current version there? (And thus, the illusion of 'automatically re-installing' is born).

Next, ModStats is opt-out. How would you like that opt-out preference to be stored? Well, if KSP was windows-only, we could write it to the registry (which is the preferred 'windowsy' way of doing something like this). Can't do that on Linux or OSX, and it breaks KSP-mod convention (which is to use .cfg files). Where do we put that .cfg file? Well, the normal place is with the .dll file that reads it. But... ModStats can be in a number of different places, and we want *all possible* versions of ModStats to notice that the user has opted out, because we respect the user's privacy. The only possible options then, are to either put the cfg in a central location (/GameData/ModStatistics/), or literally scan every single .cfg file in GameData looking for that key. If we took option 2, and stored a cfg with the opt-out alongside some particular instance of ModStats, rather than a central one, the risk is run that the user could unintentionally remove their opt-out status by uninstalling a particular mod which included modstats.

*EDIT* - I want to point out that my use of the word 'we' is an ideosyncracy I have about walking through code or program design, it is not intended to imply that I had any role in the design or creation of ModStatistics.

Link to comment
Share on other sites

Think this one through for a second, seriously.

For the sake of arguing this particular point, accept the premise that ModStats *is* opt-out instead of opt-in. ModStats comes bundled with a variety of other mods. ModStats has (optional) auto-update functionality. The relative values of that design decisions are not what I'm asking you to think through, but rather your complaints about the *implementation* of those decisions.

Why is it even necessary to have multiple copies of Modstatistics outside of its own gamedata directory? What makes it so much more of a special snowflake than firespitter or modmanager which are distributed in the gamedata root, or their own gamedata folder?

Link to comment
Share on other sites

It isn't - modstatistics could very well have its own directory in game data. In fact, it does: after the first run it will create its own folder and always run from there.

But the initial distribution *is* generally within a mod folder, instead of in its own folder (compare to how, say, Firespitter is distributed, which is in a separate Firespitter folder under GameData, making it easier to find all copies).

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...