Author Topic: Blockland Glass Mod Manager [Released!] (Read 34530 times)

SWAT One · June 27, 2015, 02:47:25 PM

Just a little design thing. You should have "moderator seals" for Add-Ons endorsed by moderators as safe, so that if a user sees that seal, they know that the Add-On is without a doubt, safe content.

Ad Bot · Advertisement

Scout31 · June 27, 2015, 02:57:30 PM

Sure, I'll add it to the list.

Mockup.

Pecon · June 27, 2015, 03:17:37 PM

Quote from: SWAT One on June 27, 2015, 02:47:25 PM

Quote from: Scout31 on June 27, 2015, 02:57:30 PM

Actually, how about showing who was involved in reviewing the add-on?

Scout31 · June 27, 2015, 03:29:54 PM

Yeah, I was planning on that anyway.

Pushing comments to live soon.

Edit: live.

Ipquarx · June 27, 2015, 03:40:08 PM

Quote from: Scout31 on June 25, 2015, 08:58:27 AM

MD5 is perfectly fine for comparing files. It's passwords that's the issue.

http://news.softpedia.com/news/Experts-Name-Flame-s-MD5-Chosen-Prefix-Collision-Attack-Unknown-274218.shtml

It's really not, just use sha1 as it's just as fast and thousands of times more secure to collisions

Greek2me · June 27, 2015, 03:43:02 PM

Quote from: Scout31 on June 27, 2015, 01:35:17 PM

It's a problem with the system throwing an exception as the SemVer library I downloaded is saying that your version isn't formatted correctly.. Odd.

EDIT: It seems as that it doesn't like "+release-20141226" as + denotes build info, and - denotes pre-release info. The correct formatting would be "+release.20141226"

Ugh, they're wrong:

Quote

Build metadata MAY be denoted by appending a plus sign and a series of dot separated identifiers immediately following the patch or pre-release version. Identifiers MUST comprise only ASCII alphanumerics and hyphen [0-9A-Za-z-].

I'll just use periods instead though. It's easier.

edit: Also, comments are awesome.

Scout31 · June 27, 2015, 03:45:14 PM

In my previous reading, MD5 collision attacks were only practical if the attacker was able generate both files. Either way, I'll use SHA-2.

jes00 · June 27, 2015, 03:45:23 PM

When I try importing add-ons from RTB:

Not Found

The requested URL /user/import.php was not found on this server.

Apache/2.4.7 (Ubuntu) Server at blocklandglass.com Port 80

Scout31 · June 27, 2015, 03:45:55 PM

Importing isn't implemented yet.

Scout31 · June 27, 2015, 05:33:10 PM

Ratings are in.

Scout31 · June 28, 2015, 01:57:47 PM

Well, rewriting the entire back-end system was a bit of an undertaking. It's definitely needed work, though. I'm making the entire system objective. I guess I missed the whole PHP5 bandwagon. Either way, it's already much more efficient and will make development much easier, stable, and cleaner.

While I've been modernizing myself, I also realized that I've missed a large part of the HTML5 bandwagon. I'll make it a long-term goal to rewrite the user-facing side of the site. That'll all be one big update, so there won't be any gradual development updates on that.

I've staked starting the "Beta" phase for next Monday, the 6th. Essentially, that will be the (temporary) end of new feature development on the site end. Everything will turn in to back-end work, optimization, and streamlining the experience. It'll also be the beginning of the in-game development. I'll start up a development branch (because that should be working by then, woo!) that will pull nightly from github, and the unstable branch will be any other significant pre-releases I have.

After that is all squared away, then I'll return to implementing new features. You can see all of this laid out on GitHub.

Greek2me · June 28, 2015, 02:38:21 PM

Sounds great!

edit: The word "call" in this comment gets picked up as a bad function:

Code: [Select]

//To use,call registerAdminOnlyOutputEvent after calling registerOutputEventhttp://blocklandglass.com/addon.php?id=37

Greek2me · June 28, 2015, 03:04:58 PM

We need a failbin or some way to prevent downloads. I had to delete "Support_Rendermen" because it contains a public eval vulnerability. The author probably won't know why it was deleted.

Scout31 · June 28, 2015, 03:10:10 PM

I'll put it on GitHub as something to work on.

I think it will work like the bargain bin. Any add-on that is proven malicious will be moved there. It will only be available for download by signed-in users to prevent the random kid from coming along and downloading it.

I'll also implement a full-on deleted system which will include a message about why, for add-ons that are unethical (intended for malicious use, like whatever script it is that crashes server) and truly just bad pieces of work. Ideally, these will not be common whatsoever.

In the ideal fully functioning system, this wouldn't have been deleted; just excluded from standard listings.

Greek2me · June 28, 2015, 03:19:48 PM

That would be appropriate. By the way I still can't upload Theme_* files.