The Tool Age of NS

[Wordy]

I wanted to start a discussion on the use of addons / extensions for NS.
It seems that to keep up with Gameplay there is a need to use Scripts or player built addons. I realize the game can be played without update scripts , NS++, region order lists and the many other tools available to players.
My concern is that at what point does it become impossible to play / keep up for the average player? Technically a new player should not have to download / trust any other site other than NS to play the game. Yet we see advances that can only be used by placing trust in other players that is very misleading.
The fact that this site allows these scripts / addons/ extensions to be distributed is misleading to players, more so to new players. If you trust the extension enough to allow it to be distributed from the site so do they.
Now I realize that if I put trust into a player made addon that any information I give is at my risk. Newer players might not even realize there is risk at all.

[Shadow Afforess]

You're right, but it's also just a reflection of the real world. Those who can adapt to using advanced tools and computers in their jobs flourish, those who don't, perish.

Edit:

Okay now I have a bit more time, here is a longer response:

If you play NationStates in the original way the game was designed (simply as a way to model a fictitious nation, and possibly roleplay with friends) you don't need any addons or external tools. The game works fine. Violet and Ballotonia have done a great job in showing the player each of their nation's statistics and the long term trends for your nations stats.

Where you are seeing this "rise" of new tools is in alternative styles of "playing" NationStates, particularly with respect to R / D. Because R / D is about taking advantage of what are essentially "timing attacks"[1]. Humans, being slow, can't exploit timing attacks very effectively. Computers, being fast, can. Hence the rise of tools to assist players.

You see similar occurrences elsewhere in popular culture. For example, there are large communities built up around "speedruns" of games. A lot of speedruns for games are not possible without perfect timing, hence the rise of tool assisted speedruns[2].

Is there an issue of trust? With computers, always. For example, you "trust" that the site administrators are not earning cash on the side by selling your email address to spammers. The trouble is who to trust. We can be reasonably sure that an author with a reputation on the line (Max Barry) would not try to take advantage of users for a tiny bit of extra cash. The risk is too great, if caught, he'd lose readership. But the same is not true of random forumgoers. Can you trust a user named "Shadow Afforess" isn't a russian malware author who posts stuff for his own ego? (I'm not, by the way.) There isn't a clear answer.

1: http://en.wikipedia.org/wiki/Timing_attack
2: http://en.wikipedia.org/wiki/Tool-assisted_speedrun

[Ballotonia]

You're right, but it's also just a reflection of the real world. Those who can adapt to using advanced tools and computers in their jobs flourish, those who don't, perish.

NationStates doesn't aim to be merely a competition among programmers. We enjoy catering to non-programmers too. In that sense the concern raised is a very valid one.

Ballotonia

[Shadow Afforess]

You're right, but it's also just a reflection of the real world. Those who can adapt to using advanced tools and computers in their jobs flourish, those who don't, perish.

NationStates doesn't aim to be merely a competition among programmers. We enjoy catering to non-programmers too. In that sense the concern raised is a very valid one.

Ballotonia

I tried to clarify my point in my edit. I guess I don't disagree, but the fact is that R / D is essentially an exploit of a timing attack, and still remains mostly a result of its heritage.

[Wordy]

R/N/D has become an arms race but this is to voice concerns not simply over that. The average NS++ user is not involved in that part of gameplay.

The game should not have evolved to the point that those who can adapt using advanced tools supplied by a non trusted source flourish while those that take the safe path perish.

[Mallorea and Riva]

R/N/D has become an arms race but this is to voice concerns not simply over that. The average NS++ user is not involved in that part of gameplay.

The game should not have evolved to the point that those who can adapt using advanced tools supplied by a non trusted source flourish while those that take the safe path perish.

Do you think that the planned change of displaying update times will help? I see exactly where you're coming from but do you have any specific ideas as to what should be done?

[Shizensky]

The current ease of predictably creates a barrier to entry that limits how successful new players can be. It's easy to say new players should join an existing organization that already utilizes scripting, but this isn't going to lead to any kind of diversification for Gameplay as a whole. I don't want to use this as a platform to argue the merits of tag raiding, but is that what we want NS to become? Plenty of TBR copycats spring up all the time and a legitimate raid is an oddity these days. Raiders and defenders seem to have been replaced with taggers and chasers. Maybe it's because I'm a product of the old days, but I feel like the quality of R/D has diminished as a result.

I'd like to see the proposed display times, coupled with random update orders. We can still have a window to know when a target is going to update, but we'll need to know our target ahead of time and rely on information control once again. This doesn't necessarily kill tag raiding, either, but requires the taggers to do a bit of research to organize their strike order rather than browsing the update list or having something generated on the fly.

Something else to consider would be making occupations easy and liberations more difficult. I know this was touched on in the summit, but if people want to see tag raiding fade away, they'll need to provide a suitable alternative. We can't say that tagging is simply a result of people learning how to game the system. It's difficult to occupy a region without a lot of support, so the why not tag raid to get in a ton of practice while you're waiting for the next big raid? I can't say I have an easy solution for this, outside of the ideas suggested in the Delegate-Elect conversation.

[Unibot III]

I don't think that's true. I started my own defender organization and built it up on my own initially. My experience in the FRA had been fairly limited, despite even being their leader (I was never a FRA ranger and I only had defended a few dozen times with them).

Tools are not the greatest challenge to creating a new defender organization, in fact it's not even in the Top 10 things of challenges that a new defender organization will face.

I think the "It's a barrier to new defenders" argument is just a myth perpetuated by folks who don't like tools - these same people are fans of the most strictest manual recruitment system possible. Yet recruitment is the #1 challenge that a new defender organization will face.

The #2 challenge is the inter-defender politics. You will instantly be hated by almost every other defender block, unless you're flying under one of their wings. They will try to make your life a living hell and you need to show no mercy and crush them back as hard as possible - and show them who they're dealing with. They dislike competition and will lie, cheat, cry and whine to try to destroy your organization in any fashion or form.

The #3 challenge is intra-defender politics. Your organization will be internally conflicted between "I'm just doing this for fun!" and "Defending is the right thing to do!" types. Both think of each other as superior specimens.

The #4 challenge is orientation and retention. Keeping new players once they join.

And so on and so forth. Other problems like scope, activity, timezones, coordination will persist. "Coding" is the least of your problems.

I'm also strongly against "random updates" - anything that will reduce the skill needed in operations should be avoided.

[Mallorea and Riva]

I don't think that's true. I started my own defender organization and built it up on my own initially. My experience in the FRA had been fairly limited, despite even being their leader (I was never a FRA ranger and I only had defended a few dozen times with them).

Tools are not the greatest challenge to creating a new defender organization, in fact it's not even in the Top 10 things of challenges that a new defender organization will face.

I think the "It's a barrier to new defenders" argument is just a myth perpetuated by folk who don't like tools - these same people are fans of the most strictest manual recruitment system possible. Yet recruitment is the #1 challenge that a new defender organization will face.

I'm also strongly against "random updates" - anything that will reduce the skill needed in operations should be avoided.

I don't think Wordy was confining her argument to defenders. There is a perceived need for certain tools in the raidersphere, although your point that they are not essential is correct.

[Verdo-Releignia]

There should be a little Facebook type thing where it tells you when someone has replied to your posts or something like that. You would be able to edit it to say what threads you want to see replies to, etc.

[Nephmir]

Personally, I cannot plan a raid alone. Since my technology doesn't allow me to install NS++ (not that I'd want that program) or use any other update tool that I know of, I cannot access update times in any way. I need someone else with that capability to attach the update times to the target list I create, and then I can go on a raid. It honestly isn't even worth the effort on either of our parts. If R/D is accepted as a part of the game, then the information needed to play it should be available, even if only a basic form of it. It's better than what we have currently, which is nothing.

The update times need to be attached to the regions. Every day it just becomes more competitive as regions are constantly trying to sharpen their tools to best their opponents, leaving all new and/or "technologically challenged" players in a struggle to keep up.

[Shizensky]

I don't think that's true. I started my own defender organization and built it up on my own initially. My experience in the FRA had been fairly limited, despite even being their leader (I was never a FRA ranger and I only had defended a few dozen times with them).

Tools are not the greatest challenge to creating a new defender organization, in fact it's not even in the Top 10 things of challenges that a new defender organization will face.

I think the "It's a barrier to new defenders" argument is just a myth perpetuated by folks who don't like tools - these same people are fans of the most strictest manual recruitment system possible. Yet recruitment is the #1 challenge that a new defender organization will face.

The #2 challenge is the inter-defender politics. You will instantly be hated by almost every other defender block, unless you're flying under one of their wings. They will try to make your life a living hell and you need to show no mercy and crush them back as hard as possible - and show them who they're dealing with. They dislike competition and will lie, cheat, cry and whine to try to destroy your organization in any fashion or form.

The #3 challenge is intra-defender politics. Your organization will be internally conflicted between "I'm just doing this for fun!" and "Defending is the right thing to do!" types. Both think of each other as superior specimens.

The #4 challenge is orientation and retention. Keeping new players once they join.

And so on and so forth. Other problems like scope, activity, timezones, coordination will persist. "Coding" is the least of your problems.

I'm also strongly against "random updates" - anything that will reduce the skill needed in operations should be avoided.

I'm aware of these challenges, a decade might just be enough to expose someone to some of them. I disagree with you about the severity of some of them, but that's a different discussion.

Perhaps "barrier to entry" was the wrong phrase, and I apologize for that, but the lack of technological aptitude certainly does lower the ceiling for several players. I'm not worried about what's better for raiders or defenders here; after 10 years in NS, I just want to see the game improved.

I'm not completely against scripting to aid processes in the game. I've developed update estimators and played with the data dump to reveal all kinds of information. I embrace the possibilities that technology can bring to help a region or an organization improve itself. However, the more I understand the metagame, and the better I'm able to utilize it in code, it seems the less actual skill is needed. There's no need to form a strategy anymore, I just need to know how to add. Maybe there's a disagreement here on what constitutes a skill? My skill is writing a script that adds a large quantity of really small numbers for me really fast. I wonder how you believe skill is removed from the equation if update is random.

This isn't meant to be antagonistic at all, just genuinely curious. Skill, as I see it, would be the organization and planning of an operation that involves coordination, stealth, and controlled communications. Again, I'm not being confrontational, but the only skill I can see being removed with random updates is math, and perhaps some Excel know-how. Right now it is still important to do some of the other things, but they're not very important when you can nail a jump time down to a handful of seconds.

[Coraxion]

Personally, I cannot plan a raid alone. Since my technology doesn't allow me to install NS++ (not that I'd want that program) or use any other update tool that I know of, I cannot access update times in any way...

As far as I know nobody can raid alone. Planning is other topic.

What NS++ has to do with update time of a region? (following NS++ Update time estimates merely makes your efforts harder)

Knowledge on Order of Update is essentially most important thing for planning a raids.

[[violet]]

The fact that this site allows these scripts / addons/ extensions to be distributed is misleading to players, more so to new players. If you trust the extension enough to allow it to be distributed from the site so do they.

We don't host any add-ons. We permit tool authors to start threads about them here in Technical. But I think it's always pretty clear that these are third-party scripts, not officially endorsed by NationStates. I would be concerned if it were otherwise, because clearly we can't guarantee what third-party software will do.

[Wordy]

I am aware that add-ons are not hosted here. The appearance or impression is that if it is accessible here (as in a thread) then it must be safe to use.
Certainly it is clear they are third-party scripts but it leads to the impression that it is endorsed by NS as safe to use if you allow advertising here on the forum. It also is not hard to make the leap that any scripts that are advertised on the forum are also legal to use in the game.

I do not mean for this thread to become a discussion on Tag raids or Defending. That is another issue entirely but I do believe Tag raids would still continue without the use of a script. If my intention was to try to combat tag raiding the appropriate place is on the game front. Much as I would love to see an end to it, this certainly is not the way to do it.

NS++ offers many features and has a very high user base now. Afforess has done a great deal of work and from what I have read intends to offer a great many more features. Any other tool author could also build something similar but the bottom line is ...where does it end and to what degree is NS responsible for allowing an open window for those that intend malice? I don't mean for this to seem like I am attacking NS++ but it is the most widely used add-on at the moment and the audience is growing and will continue to grow as more features are added to it.
We also see when players post here in technical asking advice that other players are directing them to download NS++

My suggestion would be that all tool authors submit their product to NS and if it is deemed viable, safe, a game improving feature it would then be hosted and distributed by NationStates.

EDIT: clarified tag raiding statement.

[[violet]]

My suggestion would be that all tool authors submit their product to NS and if it is deemed viable, safe, a game improving feature it would then be hosted and distributed by NationStates.

That's not possible. We would have to study and test every code change by every tool author. If it were a small number of simple tools that didn't need updates, we could conceivably do it. But for something like NS++, there's no way.

[Wordy]

I do not know the solution then.I do understand why my solution is not practical.
Is it an over reaction on my part to be concerned that tools / add-ons are not closely scrutinized? As it stands anyone can build any tool and present it here on the forum. I do not know how closely you police those so it may be the case that they are monitored for illegal / malicious actions.

I do want to say that it is understandable that players might think "if it were not safe to use this add-on it would not be advertised here on the forum"

[Nuhnander Jenekeens]

//Me wonders if Wordy understands how technology works.

Any extension you download has risks. It tells you that before you enable that.

Once you decide to enable it, that's your problem.

If something really bad happens, like NS++ steals your credit information, just call the fucking police/IC3/FBI/FTC.

In other words, you can be hacked using any technology, nationstates isn't special. If you become a victim it is most likely either your fault or the fault of the hacker, not the place that hosted the exchange in which you heard about the piece of technology in question. To suggest NationStates has any liability here is ludicrous.

Liability should be placed on intermediaries such as Internet service providers (ISPs), websites, online information brokers, and software manufacturers who are in the best position to mitigate damages from online fraudulent schemes, online defamation, and computer security breaches that cause injury to consumers. The legal landscape for consumers seeking redress for cyber-injury under traditional negligence principles, however, is bleak. To succeed on a negligence claim, the client has to prove every element under traditional negligence theory. There are many challenges to overcome.

First, the client must prove that the defendant ISP or Internet-based company owes a duty of care to the consumer. A defendant owes a duty of reasonable care to persons within the zone of foreseeable danger caused by the defendant’s acts or omissions. Consequently, a website or Internet portal that hosts or serves as an intermediary to online fraudulent schemes, website defamation, or other information-based torts and has actual or reasonable knowledge of such activity should have a duty to take measures to protect consumers—or at least to warn them. However, consumers enjoy no such protection—even if an ISP has actual knowledge that its services are a medium for fraud. The Communications Decency Act of 1996 provides online service providers with immunity from liability.Section 230 of the Communications Decency Act (47 U.S.C. § 230 (2005)) provides ISPs and other network administrators with a limited immunity from liability for harmful content accessible through their facilities. It provides that “No provider . . . of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider” (§230(c)(1)). The legislative history of the section shows that it primarily was intended to shield intermediaries from defamation liability. It expressly exempts intellectual property infringements from its scope. Its language could be interpreted, however, to protect service providers from liability for fraudulent content authored by others. It would not protect service providers from liability for injury occasioned by network intrusions or harmful access to databases maintained by the service provider.

Second, a plaintiff alleging negligence must identify the appropriate standard of care to which the defendant should adhere to protect against injury. In other words, what must an Internet-based company or ISP do to provide “reasonable” protection from fraudulent schemes or computer security breaches? No formal professional standards of care exist in the information technology industry resembling codes of professional conduct for physicians, lawyers, or engineers. Anyone can claim to be a computer professional and establish an ISP or e-commerce company. And, although there are several industry certifications and security standards, Internet firms are under no professional obligation to implement them. One answer to the standard of care question comes from the traditional risk-utility analysis, embedded in common-law negligence.

The public policy concept embodied in the risk-utility formula is that precautions should not cost more than the harm that they are intended to prevent. In other words, a person is negligent if she or he causes harm that could have been avoided at less than the expected cost of the injury. The aggregate harm caused by identity fraud is staggering.

Failure to engage in such an analysis, or otherwise neglecting to take the most basic steps to mitigate the risk of harm to consumers, would fall well below the minimum level of care to establish a breach of duty—the third element in a negligence claim. In addition, a plaintiff should be permitted to assert various factual theories to show that the defendant breached the standard of reasonableness; perhaps an ISP failed to close down a hosted website or service that offered fraudulent services, or perhaps an Internet-based company failed to deploy basic security measures such as encryption, firewalls, and antivirus software.

Fourth, the ISP or Internet-based firm must cause the injury to the plaintiff. If the harm could have been prevented by the defendant, then actual cause is established. Besides showing actual cause, however, the plaintiff must show that the injury was foreseeable—this is the core requirement of “proximate cause.” Given widespread publicity regarding Internet fraud and online security breaches, it would be difficult to argue successfully that the danger of Internet fraud is unforeseeable. A legitimate legal challenge for the plaintiff, however, is to avoid a conclusion that the primary wrongdoer’s actions are an intervening event that broke the intermediary’s causal connection to the harm.

Lastly, a critical component in any action for negligence requires showing more than pure economic injury, no matter how much money is lost. Plaintiffs must establish, in most circumstances, personal injury or damaged property. This might be possible when the online fraud results in a damaged reputation, but for the vast majority of injured consumers common-law negligence’s economic-injury rule will serve as a bar to recovery. The economic- injury rule operates to police the boundary between contract and tort. Breach of contract becomes the exclusive remedy when no personal injury or damaged property results; yet consumers who clicked “I Agree” have undoubtedly restricted their ability to prevail in contracts cases by agreeing to a variety of disclaimers. The result of the economic loss rule is that consumers who have suffered only economic injury caused by the negligence of their ISP or other online service are left without remedy.

The last part of that is key. You hit "I Agree" when you install an extension. So even if you get screwed, most likely the judge is going to say, "tough shit".

Of course, that covers Nationstates.net immunity to civil liability. The criminal liability for the hacker himself is another thing entirely, and I don't think anyone is risking criminal liability for your nationstates password. If they are then lol when they go to prison.

[Wordy]

Ok I will make a real life analogy since you do not seem to be getting the point I am trying to make.

Violet takes good care of her kitchen. She also has a lovely plate collection. I am hungry and Violet knows I am hungry. Now Violet is very busy looking after her Kitchen and that leaves no time to bake Cookies.
Being caring and concerned that I am hungry Violet goes around the neighbourhood and collects cookies from anyone that had time to bake them. She puts the cookies on one of her lovely plates and sits it before me.
She clearly states here are cookies that I did not bake and if you eat one it is your risk.
I can either go bake my own cookies / search around to purchase cookies or eat one of the cookies off Violets plate.
I trust Violet and I believe she would not put anything on one of her plates that I should not eat.

Is Violet liable for the cookies? No. Should Violet be more responsible with what is offered on her plates? I believe yes.

[Nuhnander Jenekeens]

Ok I will make a real life analogy since you do not seem to be getting the point I am trying to make.

Violet takes good care of her kitchen. She also has a lovely plate collection. I am hungry and Violet knows I am hungry. Now Violet is very busy looking after her Kitchen and that leaves no time to bake Cookies.
Being caring and concerned that I am hungry Violet goes around the neighbourhood and collects cookies from anyone that had time to bake them. She puts the cookies on one of her lovely plates and sits it before me.
She clearly states here are cookies that I did not bake and if you eat one it is your risk.
I can either go bake my own cookies / search around to purchase cookies or eat one of the cookies off Violets plate.
I trust Violet and I believe she would not put anything on one of her plates that I should not eat.

Is Violet liable for the cookies? No. Should Violet be more responsible with what is offered on her plates? I believe yes.

Well, I don't find your analogy particularly apt, but in any case you concede she is not liable, so case closed.

[Crazy girl]

No, case is not closed.

I think Wordy raises some valid concerns here. Just finding a solution for it might be more tricky..

[Ballotonia]

* discussion of update times displayed has been moved to: https://forum.nationstates.net/viewtopi ... #p20355355 *

Ballotonia

[Cerb]

Well, short of saying "no advertising for plugins" and then doing some obfuscation and stuff to make it harder to work with the page programmatically... I don't see a way to fix it.

Even if there was a blanket rule made to ban all third party plugins that could be used for R&D - it would be horrible to police.

The only other thing that could help is literally taking the ideas used in plugins and incorporating them into the game so that the plugins then become redundant and everybody gets the same tools to work with. That is a lot of work for the coders. I also worry about increasing the complexity of NS. Right now it works well for special needs folks like myself and I would hate to have that change.

[Shadow Afforess]

I've raised this before - NationStates could go (mostly) open source. Then instead of working on plugins/extensions people like me could submit features directly into the game (if approved by the admins) and everyone could benefit. Important secret sauce like how stats calculations work, etc would have to be recoded a bit to be hidden, but I suspect 90% of the code could be open sourced without revealing secrets.

[Shizensky]

I've raised this before - NationStates could go (mostly) open source. Then instead of working on plugins/extensions people like me could submit features directly into the game (if approved by the admins) and everyone could benefit. Important secret sauce like how stats calculations work, etc would have to be recoded a bit to be hidden, but I suspect 90% of the code could be open sourced without revealing secrets.

I can certainly see the benefits to this. You often say that you created NS++ to give NS the features it should already have. The fact that a lot of your users have difficultly using vanilla NS after using NS++ shows that the utility is there, and shows that users tend to prefer the additions. This point grows stronger when you remember what happened when NS++ first came around, where new NS++ features quickly found their way as a feature on vanilla NS.

I don't know how easy it would be to open things up for public addition, I'm sure it would take quite a bit of time to make sure the sensitive stuff is properly separated from the stuff the public would have access to. The time and effort needed for that would constitute its own project that would steal away from any planned updates to the current game, though, so it seems unlikely that we would see that change.