Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
The highlight of this update is the new stalker option!
v0.2 Download
- Fixed the bug where the bot doesn't clear the online list and the chat list when disconnected.
- Fixed the "adminhelp" command not appearing in the "!help" list. (The adminhelp command had already existed, but there was no way you would have never known about it if you were new to bots.)
- You can no longer kick the owner of the bot.
- You can no longer report yourself or the owner of the bot.
- Added a stalking option to the GUI
- Added the !stalk <player> and !unstalk commands
Offline
Released Bot1448 v1.1!
The version where the stalker was released should have been named 1.0, but it was named 0.2 instead. Silly me.
Now, it's corrected in both the changelog and the .zip file for the bot.
v1.1 Download
- Fixed bug where stalker options were not being saved.
- Fixed bug where the bot gets cranky when you modify its data files.
- Fixed bug where stalker's godmode keeps flickering on and off when it's stalking the bot's owner.
Offline
If you put the bot on github I can help you with an auto updater
Offline
If you put the bot on github I can help you with an auto updater
I would, but, call me immature or stupid or whatever, I don't know how GitHub works. I don't know how to create a repository or a pull request or other stuff I don't understand.
Offline
If you use Visual Studio:
Think this should do as a tutorial, haven't watched it entirely myself.
You will require a github account and the Visual Studio plugin.
And you're not immature or whatever, only learned how to git when I started college.
Offline
ninjasupeatsninja wrote:If you put the bot on github I can help you with an auto updater
I would, but, call me immature or stupid or whatever, I don't know how GitHub works. I don't know how to create a repository or a pull request or other stuff I don't understand.
Uploading your bot on Github means that you should go open source. If you don't want to go open source.
Then make a weebly site with a page and use http://pastebin.com/btPNtaGi. You could also make your own site to read from, or use githubs api to check for new versions.
Offline
Uploading your bot on Github means that you should go open source.
True, but if he doesn't want to go open source he can simply just upload the files needed that will be downloaded, overviewed, and then ran through the updater to tell it "if bot.version != updatelog.version then ask user to download updatelog.version if user.saysYes then download from updatelog.location else die"
Offline
After more than 4 hours of non-stop coding, Bot1448 has been updated to version 1.6!
Changelog
v1.6 Download
- The UI is now slightly bigger
- Added the Build tab to the UI
- Added the Ignore Snake option
- Added an button to toggle god mode
- Now you can send the code for a world
- Added the fill tool (the !fill <block ID> and !cancel commands)
- Added the !name command
Offline
I like new UI size
Maybe you should check if all blocks is placed with fill tool.
Offline
That is because of lag; not my fault.
Isn't a public bot all about being user-friendly?
Offline
capasha wrote:Maybe you should check if all blocks is placed with fill tool.
That is because of lag; not my fault.
You can still check to see if a block that was meant to be placed has been placed and if it hasn't then try again.
Thank you eleizibeth ^
I stack my signatures rather than delete them so I don't lose them
Offline
capasha wrote:Maybe you should check if all blocks is placed with fill tool.
That is because of lag; not my fault.
It's your bot. Also your fault. If you check that all blocks is placed. Then it shouldn't be any issues.
Offline
1448 wrote:ninjasupeatsninja wrote:<snip>
<snip>
Uploading your bot on Github means that you should go open source. If you don't want to go open source.
Then make a weebly site with a page and use http://pastebin.com/btPNtaGi. You could also make your own site to read from, or use githubs api to check for new versions.
Why not use Team Foundation Server? With that you can access it from anywhere and collaborate with others. It's even built into Visual Studio. It can also be integrated with Trello. I work on a couple programs with others and have integrated with Trello and it really is amazing.
I'd recommend it to anymore.
Offline
Just use Bitbucket instead of github
Offline
1448 wrote:capasha wrote:Maybe you should check if all blocks is placed with fill tool.
That is because of lag; not my fault.
It's your bot. Also your fault. If you check that all blocks is placed. Then it shouldn't be any issues.
Yeah. I guess I should fix it.
So, I'm updating it to:
Changelog
- Silenced the bot a bit (it now PMs some messages)
- The bot can multitask now
- Modified the fill command to make it more user-friendly
- Changed how the command system works (this is more internal than external)
- The bot tells the user to add arguments to commands when they are not present
- The bot should throw less exceptions now
- Modified this forum post a bit
- Fixed a bug where some values aren't rendered
Download
./gravedig
Offline
Hooray no more old download links from this update.
This is because I'm not uploading the bot binaries onto Mediafire, and instead, I'm hosting it on a server. So this means that the bot installer always installs the latest version (unless you plan on saving the older versions by downloading another installer in another folder).
Changelog
v2.0.0 Download
- Added an auto-updater. This means that you just have to download this file once, and newer versions are installed automatically! (Hooray, no need to use crappy MediaFire again)
- Added a Custom Snake tool.
- Improved block-placing! Seriously. This time, !fill should work flawlessly.
- Silenced the bot even more! Now all it says publicly (unless you enabled welcome and goodbye messages) is "Gained edit access! " and "Lost edit access! ".
- Added themes! Currently, the only theme is Dark, but I'll post a theme creator soon.
Offline
Oh boy, your updater is a security nightmare!
I'm going to sort my points from most likely to least likely but most devastating.
First, your bot automatically checks for updates (by downloading a botversion.dat file). This can not be turned off and it means that you can track the IP address of anyone using your bot.
In addition to that, if I blacklist your file in my firewall, your bot gives me a "Fatal Error" and exits. I believe this feature was added with malicious intent in mind just so people wouldn't bypass your updater/tracker.
Secondly, you have code to make updates mandatory so everyone has to update to be able to use your bot. Again, very suspicious.
It gets worse when you realize that this bot isn't even open source, so there is no way we could verify your updates.
Thirdly, the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.
Thus I strongly discourage everyone from downloading or using this bot until the updater security improves.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
Would be better to only show when there is an update. Let people to change if they want to update or not, and also a way to disable automatic checking for updates.
And like proc said, there is many ways to change the file. I self use Github because their API are awesome.
Offline
In addition to that, if I blacklist your file in my firewall, your bot gives me a "Fatal Error" and exits. I believe this feature was added with malicious intent in mind just so people wouldn't bypass your updater/tracker.
I think you're a bit exaggerating here... I think it's just poor error handling.
The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!
The chances of a man in the middle is rather slim. And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.
Thirdly, the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.
I do agree that the combination of these two is very risky, although I still think you're overly exaggerating for the rest.
Altogether...
Just because of those two points, I too would discourage people from downloading it, so long the auto updater is mandatory (and should show a security warning when people wish to activate it).
Offline
Let's see:
I think you're a bit exaggerating here... I think it's just poor error handling.
// public void UpdateCheck() { [...]
catch (WebException ex)
{
this.ImDead("There is no internet connection.");
this.Close();
}
[...]
public void ImDead(string fatalError)
{
int num = (int) MessageBox.Show(fatalError, "Bot1448 > Fatal Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
The chances of a man in the middle is rather slim.
I'm sorted my points from most likely to less likely but most devastating.
And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.
What? The network is insecure because 1448 is not using TLS. There is no such thing as a "secure network" on HTTP over the internet (think of all the different ISP computers that could be infected, and no, the burden of security is on the software developer not the end user.)
Also, I'd be very alarmed if someone figured out that ANY software I have on my computer has a similar flaw in their updater. You make it sound like it is the norm for updaters to be this insecure, but this is a very serious issue and it can compromise entire systems.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
den3107 wrote:And if you DO get one, it's usually your own fault for connecting to an insecure network. If he wouldn't send his malicious software through this application, he'll most likely find another.
What? The network is insecure because 1448 is not using TLS. There is no such thing as a "secure network" on HTTP over the internet (think of all the different ISP computers that could be infected, and no, the burden of security is on the software developer not the end user.)
Also, I'd be very alarmed if someone figured out that ANY software I have on my computer has a similar flaw in their updater. You make it sound like it is the norm for updaters to be this insecure, but this is a very serious issue and it can compromise entire systems.
Right... Forgot about the fact a man in the middle can also be on your internet route (generally, in my class, only hear about them on the same netwerk (for example with a Pineapple)).
I also wasn't talking about them getting to you through other updaters, but rather other services/websites that might not use the HTTPS protocol yet. For example these forums: while they do appear to have an HTTPS certificate, you're not automatically redirected to the HTTPS version when opening it with HTTP.
Then still... People can put images/gifs on here that are over HTTP like this one that was posted just 5 minutes ago (love you, Doh), exposing you nonetheless.
But I'm getting kinda off-topic (security in general vs security of this specific bot), so I'd suggest either making a new topic about it or continuing this in PM, if you'd feel like it.
Offline
About these forums not redirecting to HTTPS:
It doesnt matter as much with websites, unless it is something that needs to be secure like a banking site, or a software hosting site, because there isnt much that you can do without the users permission
With software however, you can do almost anything, especially because it just downloads a file and runs it, so even if there was an 'do you want to allow this' popup, you would probably click yes because you are expecting it to need to run something
Offline
First, your bot automatically checks for updates (by downloading a botversion.dat file). This can not be turned off and it means that you can track the IP address of anyone using your bot.
I never thought of logging IP addresses.
And I still wouldn't gain much if I did log it and damage your PC.
Also, because you pointed out that:
the updater downloads the files from 1448.co.nf which is hosted by a free hosting site (biz.nf)
that's more proof that I don't have much power. Those guys won't let me upload a .htaccess file, even for a simple reason like creating custom error pages. I don't know why that's relevant here, but I think it gives you an idea of what freedom they give me.
I use the site because it has a convincing domain extension (.co.nf - looks kinda legit), and also because Hostinger got messed up and will let me use only paid plans because I accidentally created an infinite PHP loop, and refreshed the webpage multiple times to see if I fixed it. Plus, other hosting sites have ugly domain extensions. (1448.000webhostapp.com? No thanks.)
Secondly, you have code to make updates mandatory so everyone has to update to be able to use your bot. Again, very suspicious.
I'll implement an option to change it next update. Sure.
It gets worse when you realize that this bot isn't even open source, so there is no way we could verify your updates.
It is still decompilable. You already have my code right here:
// public void UpdateCheck() { [...] catch (WebException ex) { this.ImDead("There is no internet connection."); this.Close(); } [...] public void ImDead(string fatalError) { int num = (int) MessageBox.Show(fatalError, "Bot1448 > Fatal Error", MessageBoxButtons.OK, MessageBoxIcon.Hand); }
You can't get your hands on that if you didn't decompile the thing.
free hosting site (biz.nf), I quick look at their login page made me realize that security is not their top priority.
The files are downloaded over HTTP and can be intercepted (and changed) by a Man in the Middle attack. A hacker could run any code they want on your machine!
The server files are not verified for their integrity in any way (look into signing). If your website is hacked, anyone could upload a virus.exe.
I honestly don't want to have to pay real money to host a stupid bot and a stupid webpage for a laggy online flash game. I know that my stuff is one of the worst. I've had 0 experience in C# outside EE. In fact, I have 0 experience in class-oriented programming outside EE. Except maybe the new class-oriented version of PHP (version 7) and I've not even used it much.
Also, I haven't spent a single <insert currency denomination here> on software online. The Windows 10 I run is from a CD. I won't make an exception for hosting a website.
I know I suck at coding, so please don't tell me that I suck at coding. I'll try to fix it next time (assuming there is even a next time).
Offline
1448, your bot got a problem
[ Started around 1732705043.807 - Generated in 0.136 seconds, 12 queries executed - Memory usage: 1.91 MiB (Peak: 2.22 MiB) ]