I've watched Frank and Roonis on Twitch. I understand why they oppose the app. However, they did not offer a solid solution to the lingering questions they posed. They do not want us to feel we need to be looking over our shoulder or questioning the methods of the better performers. However the code is still available and they admit still being used by individuals, perhaps fleets to gain an advantage over those who play without its exploitive advantages. DB cannot close the loopholes as they don't understand their own code enough to see how it is being manipulated. We are supposed to believe that DB will police the game and deal harshly with anyone who continues to violate their player guidelines, because they have a sterling track record of doing this in the past I suppose. So here is a radical idea, if people have discovered a method to play that gives an unfair advantage, and that unfair advantage cannot be reliably purged from the game, then the only way to restore the illusion of fairness is to allow everyone access to the same tools. The code cannot be recalled. We would be fools to believe that in a group of over 50,000 players, someone will not have the means and desire to use it to their advantage. DB has not shown the commitment nor ability to police the game. As distasteful as it may be, the only way to restore equity is to make the code universally available. Or, we can continue to limit our personal vision to the interior walls of our own personal sphincters and pretend the problem has been resolved and the playing field is level.
Or, we can continue to limit our personal vision to the interior walls of our own personal sphincters and pretend the problem has been resolved and the playing field is level.
Or, we can try to develop and adhere to a moral compass and not cheat, just to stay in the spirit of the show we love, even though we know others don't share that moral compass.
I'm not in this game to win but to have fun, even though I will try my best through any allowed means possible to end as high as possible. And having fun is defined by my efforts and not compared to the results of others who may or may not have cheated.
Also, for every cheater there is someone who can outcheat them. So you shouldn't have the illusion that if you cheat you have the advantage. There are always others with a bigger advantage.
Most anticipated character not in the game: Mr. Homn
As stated in the video, my coding experience is below novice with mainly just an understanding of concepts.
I had several experienced folks look at it, and walk me through it, having other fleets have their in house folks inspect as well.
It certainly looks like there is another piece that really makes it ramp up that isnt present in the desktop app but was in the web version. The consensus though was that the script itself is 100% written to allow recursion, there is no other apparent reason to loop to allow 20 promises on one shuttle claim.
My understanding is very limited as well, regarding async JS with promises, and other things used in modern apps. I get some of it, but I don't work with it everyday, so I get lost really fast.
But, looking at that piece of code, it seems that, it either does something different than what is implied ("resolveDilemma" doesn't actually resolves the dilemma as we think), or the problem should happen everytime for everyplayer that uses the app.
It's weird, 'cause in the code in the video, "resolveDilemma" is called at least twice (one is in the IF/ELSE statement, the next one is called always).
Or, we can continue to limit our personal vision to the interior walls of our own personal sphincters and pretend the problem has been resolved and the playing field is level.
Or, we can try to develop and adhere to a moral compass and not cheat, just to stay in the spirit of the show we love, even though we know others don't share that moral compass.
I'm not in this game to win but to have fun, even though I will try my best through any allowed means possible to end as high as possible. And having fun is defined by my efforts and not compared to the results of others who may or may not have cheated.
Also, for every cheater there is someone who can outcheat them. So you shouldn't have the illusion that if you cheat you have the advantage. There are always others with a bigger advantage.
Hear hear
Uphold Starfleet principles even when there are **tsk tsk** flying all over the galaxy. That's my plan
In a part of space where there are few rules, it's more important than ever that we hold fast to our own. In a region where shifting allegiances are commonplace, we have to have something stable to rely on. And we do. The principles and ideals of the Federation. As far as I'm concerned, those are the best allies we could have.
KATHRYN JANEWAY
I'm not in this game to win but to have fun, even though I will try my best through any allowed means possible to end as high as possible. And having fun is defined by my efforts and not compared to the results of others who may or may not have cheated.
Also, for every cheater there is someone who can outcheat them. So you shouldn't have the illusion that if you cheat you have the advantage. There are always others with a bigger advantage.
I agree, but the nature of the game is competitive. DB must structure it such to maximise monetary yield. That competitive structure essentially prevents players who lack access to resources such as time, money or tools used by other players from having access to the same quantity and quality of advanced level crew. So I too play as well as I can, place as high as I can, but with the knowledge that I will rarely if ever be able to place high enough in a event to earn a single legendary crew member. So, you are correct, if we are not competing against the field, it does not matter if the playing field is level or if fundamental fairness problems persist. But to be honest, we must also acknowledge we are playing with different goals, different expectations, and although we are involved in the same matrix, we are each playing our own separate and in important ways different game.
I watched the video by Frank and Roonis and it was very interesting. I used the app pretty much from it's inception and only looked through the source to see what happened with my password to make sure it was safe. I only used the desktop version and never had a voyage return more items than it should have. If I had, I would have reported it. I also thought from day one that having the source code available on Github was very dangerous because while he stated he would not write in code to exploit, someone else easily could.
With that said, I think the main point of this should be... Many people used the app to enhance their regular gameplay and would like to see it come back or be integrated into the official app. Most of us know that there is no way for it to be added to the current app as the underlying code is poorly written. This being no fault to the current devs working on the app. So my question is this. If members of the community were willing to edit out any send command functionality from the app and submit the source code to DB for analysis to make sure there is no malicious code, could it be released? Or would it just be a complete waste of time? To me this is the best solution for us to have a great companion tool and not have to mess with the game as it is. Does this fix the fact that the previous versions are out there being re-written with bad intent? Not at all. Unfortunately I don't have any idea how to combat that without redoing the API that is already in use by the official app. I just would like to have the inventory, crew and voyage calc functions available to all of the community again in a fair form.
So my question is this. If members of the community were willing to edit out any send command functionality from the app and submit the source code to DB for analysis to make sure there is no malicious code, could it be released? Or would it just be a complete waste of time?
Submitting the source code to DB would probably be a waste of time, as I doubt they would even comment on it, after this situation. The only thing you'd potentially get from them is for them to state that something is a violation of their TOS (if indeed the code still included questionable elements). I'll bet they'll never say the opposite, however — you'll never get a thumbs up/green light to proceed, since they don't want to run into the same issue all over again.
That having been said, Shan's statement never said anything to the effect of "all apps are verboten!" or "anything that accesses the API is a TOS violation"... so my hope is that someone creates a new app, using Tekman's code solely as a starting point, which is purely read-only.
I'd be thrilled to have something that was able to read my crew roster and tell me which of them would give me the best Voyage results, even if I had to staff it myself. And having all the other crew and inventory management tools — including being able to export your roster and other info — at our disposal (again, on a completely read-only basis) would be wonderful.
I think DB is just concerned right now about the Pandora's Box that was opened, but I personally would have no concern using such a tool as outlined in my paragraph above. To me, as long as it remains "kosher" and doesn't violate its initial purpose, I don't see that anyone at the company would have an issue with it.
As far as bringing back the Crew Management Tool as it existed in its final iteration, that's probably akin to using macros, as far as the risk players would be taking with their accounts.
Could you please continue the petty bickering? I find it most intriguing. ~ Data, ST:TNG "Haven"
As stated in the video, my coding experience is below novice with mainly just an understanding of concepts.
I had several experienced folks look at it, and walk me through it, having other fleets have their in house folks inspect as well.
It certainly looks like there is another piece that really makes it ramp up that isnt present in the desktop app but was in the web version. The consensus though was that the script itself is 100% written to allow repetition, there is no other apparent reason to loop to allow 20 promises on one shuttle claim.
Ok, after reviewing the code, with my limited knowledge, I believe:
1 - The code featured in the video ("_chooseDilemma" function) is called with one click of the option "Random choice", as well as when you make the choice yourself
2 - When you choose, the index parameter is your choice
3 - When "Random" is selected, the third parameter is the negative amount of choices in the dilemma (if there is 2 choices, index is -2, if there are 3 choices, index is -3)
4 - In that scenario, the for loop creates an array of 21 "promises", divided almost equally among the possible choices (if there 2 choices, 10 of those is one choice, 11 is the other choice)
5 - all 21 are invoked (call to "resolveDilemma"), errors are ignored
6 - An aditional call to "resolveDilemma" is made, I presume is invalid 'cause it uses the original index passed as the choice, wich is a negative number.
Conclusion:
The 21 calls to resolve the dilemma happen EVERY TIME the user selects random, using the app as intended. No multi taps, or anything weird necessary. Just one click.
If this code is in the app since a long time ago (since July?), and the problem was detected this week, the logical conclusion is that since then, the server only accepted the first call, and rejected the others (remember errors are ignored), and the update to 7.0.9 removed that restriction, resulting in the bug.
This would explain why the developer wrote that code: The developer knew this, and when choosing "Random", the app creates 21 requests to solve, with equal amounts of choices,when only one can win (wich one depends of network traffic I suppose), this "race" simulates a random "winner". The develper used this to pick a random choice instead of using a RNG.
Also, I believe the restriction is back in the server, I'll test it as soon as possible.
UPDATE: I just tested the code. Only one set of rewards.
So my question is this. If members of the community were willing to edit out any send command functionality from the app and submit the source code to DB for analysis to make sure there is no malicious code, could it be released? Or would it just be a complete waste of time?
Submitting the source code to DB would probably be a waste of time, as I doubt they would even comment on it, after this situation. The only thing you'd potentially get from them is for them to state that something is a violation of their TOS (if indeed the code still included questionable elements). I'll bet they'll never say the opposite, however — you'll never get a thumbs up/green light to proceed, since they don't want to run into the same issue all over again.
That having been said, Shan's statement never said anything to the effect of "all apps are verboten!" or "anything that accesses the API is a TOS violation"... so my hope is that someone creates a new app, using Tekman's code solely as a starting point, which is purely read-only.
I'd be thrilled to have something that was able to read my crew roster and tell me which of them would give me the best Voyage results, even if I had to staff it myself. And having all the other crew and inventory management tools — including being able to export your roster and other info — at our disposal (again, on a completely read-only basis) would be wonderful.
I think DB is just concerned right now about the Pandora's Box that was opened, but I personally would have no concern using such a tool as outlined in my paragraph above. To me, as long as it remains "kosher" and doesn't violate its initial purpose, I don't see that anyone at the company would have an issue with it.
As far as bringing back the Crew Management Tool as it existed in its final iteration, that's probably akin to using macros, as far as the risk players would be taking with their accounts.
My point was that I wouldn't have even started using the tool in the first place without checking the source for malicious use of my password. I for one am not going to use any third party software without knowing this. I assume (and hope) no one else will. So I would prefer it to be something that was given the official OK. I have the source and would gladly do the edits, but I know nothing about Electron which was the method of compiling it to exe. I am not going to waste my time learning that or porting it to something I am familiar with so I can test the changes if it wouldn't even get reviewed. My hope with my post is that Shan reads it and responds if that was even possible. I would take a lack of response at all to not waste my time. I am confident there are many others in the community that have a way better grasp on going about the edits and I'm sure they would like to know as well.
If this code is in the app since a long time ago (since July?), and the problem was detected this week, the logical conclusion is that since then, the server only accepted the first call, and rejected the others (remember errors are ignored), and the update to 7.0.9 removed that restriction, resulting in the bug.
This would explain why the developer wrote that code: The developer knew this, and when choosing "Random", the app creates 21 requests to solve, with equal amounts of choices,when only one can win (wich one depends of network traffic I suppose), this "race" simulates a random "winner". The develper used this to pick a random choice instead of using a RNG.
This doesn't make sense. If the server only accepts the first call, why make the additional 20 calls if they are rejected anyway? If it depends on network traffic, he could have made only the amount of calls equal to the number of choices, max three. The remaining calls would only slow down the server causing performance problems (like a DoS attack). And it certainly does not explain why this bit of code is in the shuttle section as well.
And then, the developer was asked about this and didn't explain it. If he had had a valid explanation, why run away?
Most anticipated character not in the game: Mr. Homn
This doesn't make sense. If the server only accepts the first call, why make the additional 20 calls if they are rejected anyway? If it depends on network traffic, he could have made only the amount of calls equal to the number of choices, max three. The remaining calls would only slow down the server causing performance problems (like a DoS attack). And it certainly does not explain why this bit of code is in the shuttle section as well.
And then, the developer was asked about this and didn't explain it. If he had had a valid explanation, why run away?
21 calls are not enough for a DDOS, but yeah, it's a terrible idea (it doesn't mean that it didn't happen, there are terrible coders everywhere, and anyone can do terrible code from time to time). Another guess is, maybe he made a mistake, and was intending to call a function that would return one of those promises, and then make the call. Who knows. Why did he choose 21 and not a different number? Looks like he was supporting up to 21 different options to resolve each dilemma?
I'm just looking at the code and trying to understand what it does. Damn it Jim, I'm a programmer, not a psychologist
That having been said, Shan's statement never said anything to the effect of "all apps are verboten!" or "anything that accesses the API is a TOS violation"... so my hope is that someone creates a new app, using Tekman's code solely as a starting point, which is purely read-only.
If the API is not documented, then you need to analyze how it is called and how it processes data in order to use it. There is a term for this: reverse engineering. And reverse engineering is against the TOS.
For any Software authorized for download or online use in connection with a Service through the Disruptor Beam Sites that is not accompanied by or otherwise already covered by a License Agreement, Disruptor Beam hereby grants to you, the user, a personal, non-exclusive, non-transferable, revocable, limited license to operate the Software solely for viewing and otherwise using the applicable Services for non-commercial and personal use only in accordance with these Terms of Service and the Service-specific terms of use/service and code of conduct, and for no other purpose, provided that you keep intact all copyright and other proprietary notices. All Software is owned by Disruptor Beam and/or its licensors. You acknowledge and agree that you may not sublicense, assign or otherwise transfer this license. You may not modify, alter or create any derivative works of any Software. You may not reverse engineer, decompile or disassemble any Software, including any proprietary communications protocol used by such Software, except where and to the extent expressly permitted by applicable law
This doesn't make sense. If the server only accepts the first call, why make the additional 20 calls if they are rejected anyway? If it depends on network traffic, he could have made only the amount of calls equal to the number of choices, max three. The remaining calls would only slow down the server causing performance problems (like a DoS attack). And it certainly does not explain why this bit of code is in the shuttle section as well.
And then, the developer was asked about this and didn't explain it. If he had had a valid explanation, why run away?
21 calls are not enough for a DDOS, but yeah, it's a terrible idea (it doesn't mean that it didn't happen, there are terrible coders everywhere, and anyone can do terrible code from time to time). Another guess is, maybe he made a mistake, and was intending to call a function that would return one of those promises, and then make the call. Who knows. Why did he choose 21 and not a different number? Looks like he was supporting up to 21 different options to resolve each dilemma?
I'm just looking at the code and trying to understand what it does. Damn it Jim, I'm a programmer, not a psychologist
An accident that happened twice with basically the same outcomes. He ran the same type of code for the shuttle exploit. Or did we miss the part of the video?
The Guardians of Tomorrow Protecting the Galaxy's Future from Itself
Fleet Admiral
An accident that happened twice with basically the same outcomes. He ran the same type of code for the shuttle exploit. Or did we miss the part of the video?
Again, I don't know if it was an accident, terrible idea, or what, I'm just reading what the code does, and trying to put some pieces togheter (the part I'm more interested, if that code was there for such a long time, how is it that the random choice worked at all?)
I don't know about the shuttle thing? Is there similar funtionality for the shuttles used for faction missions? I didn't know the app had those (And yeah, I just watched the video until the point with the dilemma code that grabbed my attention)
An accident that happened twice with basically the same outcomes. He ran the same type of code for the shuttle exploit. Or did we miss the part of the video?
Again, I don't know if it was an accident, terrible idea, or what, I'm just reading what the code does, and trying to put some pieces togheter (the part I'm more interested, if that code was there for such a long time, how is it that the random choice worked at all?)
I don't know about the shuttle thing? Is there similar funtionality for the shuttles used for faction missions? I didn't know the app had those (And yeah, I just watched the video until the point with the dilemma code that grabbed my attention)
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
No one can say for sure what Tekman's intent was at all. It needs to be said that we are all going off of the code for the desktop version. The code for the web version could have been entirely different for all we know. I for one say we just move on from what happened and look forward to what can be done to fill the gap for all of the community. The one thing that all of us can agree on is that we valued the ability to see our crew, items and voyage assignments in a more structured way and would like to have that back. As far as resolving dilemmas that were stuck, I would hope that we can figure out a solution that works for us and DB as well, but that will be a sticky situation to be figured out. I think to err on the side of caution, gauntlet should be forgotten about.
No one can say for sure what Tekman's intent was at all. It needs to be said that we are all going off of the code for the desktop version. The code for the web version could have been entirely different for all we know.
The other thing to keep In mind is there were apparently at least two different web versions (both at .iampicard.com but different prefixes).
It will be interesting to see if any of those people who blasted this community for poor treatment of Tekman come back and admit they may have been hasty in making such a critical judgement.
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
I'll try, but it would be easier if someone could give at least a hint of what I'm looking for, like timestamp (It is a 40 min video) or short explanation of what it is (it is part of the app that does shuttle missions? I never saw that in the desktop version)
It will be interesting to see if any of those people who blasted this community for poor treatment of Tekman come back and admit they may have been hasty in making such a critical judgement.
Let's be clear here: he would absolutely be in the wrong if there was malicious intent, but so would anyone who doxxed him. No one deserves that, and two wrongs do not make a right.
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
I'll try, but it would be easier if someone could give at least a hint of what I'm looking for, like timestamp (It is a 40 min video) or short explanation of what it is (it is part of the app that does shuttle missions? I never saw that in the desktop version)
The shuttle discussion starts at about 18:30 into the YouTube video.
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
I'll try, but it would be easier if someone could give at least a hint of what I'm looking for, like timestamp (It is a 40 min video) or short explanation of what it is (it is part of the app that does shuttle missions? I never saw that in the desktop version)
The shuttle discussion starts at about 18:30 into the YouTube video.
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
Ok, I just watched a bit, and then the chart.
The shuttle code looks ugly, and that's just it. And as far as I know, it was never operational/available to the users. Why did he use a loop with the 21 iterations? I don't know, there is a chance that he just copy pasted code from dilemmas and that's just it.
The chart... Says nothing. Some player made a ton of points, wich could be by a lot of legit means in game (as the guy in the video says, it proves nothing). It's exactly the same situation every event when people start asking how the guys in the top manage to do points to quickly (tons of boosts, tons of dillithium speeding up, using requisition shuttles, etc). The only way to actually prove that code does what they suspect, is running it, which I don't see.
I really wish someone with good experience in JS could step in, 'cause I see a lot of "I don't know but it looks" and some of the assumptions seems to be flat wrong.
And I would love an answer to the question, if the code in dilemmas was there since July, and it worked getting multiple rewards (not because of changes in 7.0.9, but since July at least), how is it that no one noticed until last week? No one used the random choice button until then? Everyone who used kept the secret? (out of, how many users of the app?)
I really want an answer there, 'cause that code doesn't require any trickery, it does the 21 calls just by using it as intended (one click/tap). It's impossible that it was there just to be used by one or two people. Either IamPicard was a cheating tool for half a year, or the code was stupid but inoffensive (relying on server behaviour that is the way it's working now) and it only became an issue due to server changes in 7.0.9.
Kanon, the shuttle part you may have missed in the video is a couple reliable sources attempted the shuttle claim button mashing in the web client version, and got over 50k vp off of claiming one shuttle, so it was absolutely functional in that version. Those folks reported it immediately.
It will be interesting to see if any of those people who blasted this community for poor treatment of Tekman come back and admit they may have been hasty in making such a critical judgement.
Let's be clear here: he would absolutely be in the wrong if there was malicious intent, but so would anyone who doxxed him. No one deserves that, and two wrongs do not make a right.
I am not suggesting it's ok to abuse or dox someone, just that there is a strong suspicion that the claim made about abuse/doxxing was only an excuse to withdraw the app once he had been directly questioned about the exploits. Many forum posters took it as gospel that the said abuses had occurred without any evidence to back it up and took aim at abusers which may not have existed.
Kanon, the shuttle part you may have missed in the video is a couple reliable sources attempted the shuttle claim button mashing in the web client version, and got over 50k vp off of claiming one shuttle, so it was absolutely functional in that version. Those folks reported it immediately.
So the web version had a shuttle missions? I never knew about the shuttle functionality. All I can say is that it seems to be the same situation than the dilemmas, and I seriously doubt the conclusions reached on that matter.
The "mashing buttons" doesn't make sense, as the code we have suggest that there is no need to mash, one click already does the job, if the server allows it, and if it doesn't, a thousand taps won't change a thing (wich is how it is working now)
It will be interesting to see if any of those people who blasted this community for poor treatment of Tekman come back and admit they may have been hasty in making such a critical judgement.
Let's be clear here: he would absolutely be in the wrong if there was malicious intent, but so would anyone who doxxed him. No one deserves that, and two wrongs do not make a right.
I am not suggesting it's ok to abuse or dox someone, just that there is a strong suspicion that the claim made about abuse/doxxing was only an excuse to withdraw the app once he had been directly questioned about the exploits. Many forum posters took it as gospel that the said abuses had occurred without any evidence to back it up and took aim at abusers which may not have existed.
It might have been the excuse he went with and not the true motivating factor, but I think we're all familiar enough with the how the internet works for it to be a safe assumption that at least one someone did, unfortunately, go that far. Heck, we don't know how thick his skin is: he might've felt that the posts on this forum were abusive; both sides of the argument certainly got pretty ugly at times.
Comments
Or, we can try to develop and adhere to a moral compass and not cheat, just to stay in the spirit of the show we love, even though we know others don't share that moral compass.
I'm not in this game to win but to have fun, even though I will try my best through any allowed means possible to end as high as possible. And having fun is defined by my efforts and not compared to the results of others who may or may not have cheated.
Also, for every cheater there is someone who can outcheat them. So you shouldn't have the illusion that if you cheat you have the advantage. There are always others with a bigger advantage.
But, looking at that piece of code, it seems that, it either does something different than what is implied ("resolveDilemma" doesn't actually resolves the dilemma as we think), or the problem should happen everytime for everyplayer that uses the app.
It's weird, 'cause in the code in the video, "resolveDilemma" is called at least twice (one is in the IF/ELSE statement, the next one is called always).
Public profile
Captain Zombie's Combo chain calculator
Hear hear
Uphold Starfleet principles even when there are **tsk tsk** flying all over the galaxy. That's my plan
In a part of space where there are few rules, it's more important than ever that we hold fast to our own. In a region where shifting allegiances are commonplace, we have to have something stable to rely on. And we do. The principles and ideals of the Federation. As far as I'm concerned, those are the best allies we could have.
KATHRYN JANEWAY
Check out our website to find out more:
https://wiki.tenforwardloungers.com/
I agree, but the nature of the game is competitive. DB must structure it such to maximise monetary yield. That competitive structure essentially prevents players who lack access to resources such as time, money or tools used by other players from having access to the same quantity and quality of advanced level crew. So I too play as well as I can, place as high as I can, but with the knowledge that I will rarely if ever be able to place high enough in a event to earn a single legendary crew member. So, you are correct, if we are not competing against the field, it does not matter if the playing field is level or if fundamental fairness problems persist. But to be honest, we must also acknowledge we are playing with different goals, different expectations, and although we are involved in the same matrix, we are each playing our own separate and in important ways different game.
With that said, I think the main point of this should be... Many people used the app to enhance their regular gameplay and would like to see it come back or be integrated into the official app. Most of us know that there is no way for it to be added to the current app as the underlying code is poorly written. This being no fault to the current devs working on the app. So my question is this. If members of the community were willing to edit out any send command functionality from the app and submit the source code to DB for analysis to make sure there is no malicious code, could it be released? Or would it just be a complete waste of time? To me this is the best solution for us to have a great companion tool and not have to mess with the game as it is. Does this fix the fact that the previous versions are out there being re-written with bad intent? Not at all. Unfortunately I don't have any idea how to combat that without redoing the API that is already in use by the official app. I just would like to have the inventory, crew and voyage calc functions available to all of the community again in a fair form.
Submitting the source code to DB would probably be a waste of time, as I doubt they would even comment on it, after this situation. The only thing you'd potentially get from them is for them to state that something is a violation of their TOS (if indeed the code still included questionable elements). I'll bet they'll never say the opposite, however — you'll never get a thumbs up/green light to proceed, since they don't want to run into the same issue all over again.
That having been said, Shan's statement never said anything to the effect of "all apps are verboten!" or "anything that accesses the API is a TOS violation"... so my hope is that someone creates a new app, using Tekman's code solely as a starting point, which is purely read-only.
I'd be thrilled to have something that was able to read my crew roster and tell me which of them would give me the best Voyage results, even if I had to staff it myself. And having all the other crew and inventory management tools — including being able to export your roster and other info — at our disposal (again, on a completely read-only basis) would be wonderful.
I think DB is just concerned right now about the Pandora's Box that was opened, but I personally would have no concern using such a tool as outlined in my paragraph above. To me, as long as it remains "kosher" and doesn't violate its initial purpose, I don't see that anyone at the company would have an issue with it.
As far as bringing back the Crew Management Tool as it existed in its final iteration, that's probably akin to using macros, as far as the risk players would be taking with their accounts.
Could you please continue the petty bickering? I find it most intriguing.
~ Data, ST:TNG "Haven"
1 - The code featured in the video ("_chooseDilemma" function) is called with one click of the option "Random choice", as well as when you make the choice yourself
2 - When you choose, the index parameter is your choice
3 - When "Random" is selected, the third parameter is the negative amount of choices in the dilemma (if there is 2 choices, index is -2, if there are 3 choices, index is -3)
4 - In that scenario, the for loop creates an array of 21 "promises", divided almost equally among the possible choices (if there 2 choices, 10 of those is one choice, 11 is the other choice)
5 - all 21 are invoked (call to "resolveDilemma"), errors are ignored
6 - An aditional call to "resolveDilemma" is made, I presume is invalid 'cause it uses the original index passed as the choice, wich is a negative number.
Conclusion:
The 21 calls to resolve the dilemma happen EVERY TIME the user selects random, using the app as intended. No multi taps, or anything weird necessary. Just one click.
If this code is in the app since a long time ago (since July?), and the problem was detected this week, the logical conclusion is that since then, the server only accepted the first call, and rejected the others (remember errors are ignored), and the update to 7.0.9 removed that restriction, resulting in the bug.
This would explain why the developer wrote that code: The developer knew this, and when choosing "Random", the app creates 21 requests to solve, with equal amounts of choices,when only one can win (wich one depends of network traffic I suppose), this "race" simulates a random "winner". The develper used this to pick a random choice instead of using a RNG.
Also, I believe the restriction is back in the server, I'll test it as soon as possible.
UPDATE: I just tested the code. Only one set of rewards.
Public profile
Captain Zombie's Combo chain calculator
My point was that I wouldn't have even started using the tool in the first place without checking the source for malicious use of my password. I for one am not going to use any third party software without knowing this. I assume (and hope) no one else will. So I would prefer it to be something that was given the official OK. I have the source and would gladly do the edits, but I know nothing about Electron which was the method of compiling it to exe. I am not going to waste my time learning that or porting it to something I am familiar with so I can test the changes if it wouldn't even get reviewed. My hope with my post is that Shan reads it and responds if that was even possible. I would take a lack of response at all to not waste my time. I am confident there are many others in the community that have a way better grasp on going about the edits and I'm sure they would like to know as well.
This doesn't make sense. If the server only accepts the first call, why make the additional 20 calls if they are rejected anyway? If it depends on network traffic, he could have made only the amount of calls equal to the number of choices, max three. The remaining calls would only slow down the server causing performance problems (like a DoS attack). And it certainly does not explain why this bit of code is in the shuttle section as well.
And then, the developer was asked about this and didn't explain it. If he had had a valid explanation, why run away?
I'm just looking at the code and trying to understand what it does. Damn it Jim, I'm a programmer, not a psychologist
Public profile
Captain Zombie's Combo chain calculator
If the API is not documented, then you need to analyze how it is called and how it processes data in order to use it. There is a term for this: reverse engineering. And reverse engineering is against the TOS.
As stated in the TOS here: https://disruptorbeam.com/tos/
An accident that happened twice with basically the same outcomes. He ran the same type of code for the shuttle exploit. Or did we miss the part of the video?
Protecting the Galaxy's Future from Itself
Fleet Admiral
For more info on us, check our wiki page:
https://sttwiki.org/wiki/Fleet_Guardians_of_Tomorrow
GoT Bot server: https://discord.gg/R8QzpjW
All are welcome to join and use the Bot.
I don't know about the shuttle thing? Is there similar funtionality for the shuttles used for faction missions? I didn't know the app had those (And yeah, I just watched the video until the point with the dilemma code that grabbed my attention)
Public profile
Captain Zombie's Combo chain calculator
Fast forward a bit to the part that describes the result of the shuttle part as well as shows a scoring chart from the last event of a certain player.
The other thing to keep In mind is there were apparently at least two different web versions (both at .iampicard.com but different prefixes).
Public profile
Captain Zombie's Combo chain calculator
Let's be clear here: he would absolutely be in the wrong if there was malicious intent, but so would anyone who doxxed him. No one deserves that, and two wrongs do not make a right.
The shuttle discussion starts at about 18:30 into the YouTube video.
Public profile
Captain Zombie's Combo chain calculator
Created my forum account to post this, but it looks like I can't post links: youtu.be/ADEDLoLY3AY?t=76
Public profile
Captain Zombie's Combo chain calculator
The shuttle code looks ugly, and that's just it. And as far as I know, it was never operational/available to the users. Why did he use a loop with the 21 iterations? I don't know, there is a chance that he just copy pasted code from dilemmas and that's just it.
The chart... Says nothing. Some player made a ton of points, wich could be by a lot of legit means in game (as the guy in the video says, it proves nothing). It's exactly the same situation every event when people start asking how the guys in the top manage to do points to quickly (tons of boosts, tons of dillithium speeding up, using requisition shuttles, etc). The only way to actually prove that code does what they suspect, is running it, which I don't see.
I really wish someone with good experience in JS could step in, 'cause I see a lot of "I don't know but it looks" and some of the assumptions seems to be flat wrong.
And I would love an answer to the question, if the code in dilemmas was there since July, and it worked getting multiple rewards (not because of changes in 7.0.9, but since July at least), how is it that no one noticed until last week? No one used the random choice button until then? Everyone who used kept the secret? (out of, how many users of the app?)
I really want an answer there, 'cause that code doesn't require any trickery, it does the 21 calls just by using it as intended (one click/tap). It's impossible that it was there just to be used by one or two people. Either IamPicard was a cheating tool for half a year, or the code was stupid but inoffensive (relying on server behaviour that is the way it's working now) and it only became an issue due to server changes in 7.0.9.
Public profile
Captain Zombie's Combo chain calculator
Risky click of the day. Paid off
I am not suggesting it's ok to abuse or dox someone, just that there is a strong suspicion that the claim made about abuse/doxxing was only an excuse to withdraw the app once he had been directly questioned about the exploits. Many forum posters took it as gospel that the said abuses had occurred without any evidence to back it up and took aim at abusers which may not have existed.
The "mashing buttons" doesn't make sense, as the code we have suggest that there is no need to mash, one click already does the job, if the server allows it, and if it doesn't, a thousand taps won't change a thing (wich is how it is working now)
Public profile
Captain Zombie's Combo chain calculator
It might have been the excuse he went with and not the true motivating factor, but I think we're all familiar enough with the how the internet works for it to be a safe assumption that at least one someone did, unfortunately, go that far. Heck, we don't know how thick his skin is: he might've felt that the posts on this forum were abusive; both sides of the argument certainly got pretty ugly at times.