NATION

PASSWORD

NSlash Tool [Development][New NS++]

Bug reports, general help, ideas for improvements, and questions about how things are meant to work.
User avatar
Geanna
Minister
 
Posts: 2177
Founded: Jul 09, 2013
Ex-Nation

NSlash Tool [Development][New NS++]

Postby Geanna » Fri Jul 11, 2014 9:01 pm

It's become quite clear to a lot of us that the popular plug in NS++ isn't exactly a trusted web-plugin application by Moderation, due in part to a shoddy track record by Afforess/Shadow Afforess. It also fell out of trust with several members of the community; given that Afforess has provided a standard MIT License for the software to be Open Source, we are taking over the coding and development to build a safer plugin, one that NS Administration will have full access to, and one that will wipe any doubt of software being potentially malicious or otherwise harmful to the community.


Image


NSlash will be Community-Led effort as we will need testers and programmers to build a more reliable and safer successor to NS++. You can find us on our IRC #NSProgrammers, or on the #NSMentors IRC from Esper or Message Me, The Republic of Lanos, Soldati Senza Confini, or Alduinium

Being that NSlash will be a community project means that we rely on you, the users, input on how to further make this tool more reliable and more satisfactory to your everyday needs while browsing and using NationStates. In light of this, feel free to telegram us or get on IRC to let us know of your ideas or whether you'd like to help. No idea will be denied, and we'll make sure to keep a list for ease.

IRC Help
Mibbit
Go here: http://client01.chat.mibbit.com/
In connect, pick the Esper server
Choose a nickname
Enter either #NSProgrammers or #NSMentors
Profit

Esper
Go here: https://www.esper.net/publicirc.php
Set your nickname
Enter either #NSProgrammers or #NSMentors
Profit




Programmers are:

Soldati Senza Confini
Geanna
Tiltjuice
New Mushroom Kingdom

Testers are:

Alduinium
The Republic of Lanos
District XIV




Current Note: Due to the fact that Afforess was deated recently, and as well as having some shoddy code used before, we will be nitpicking code to ensure nothing malicious is present. First testing will be implemented by those listed as testers to act as isolated controls and as such the tool will not be released for some time. Please be patient as this process is not easy. We are open to ideas and will take any help we can get, this new tool will NOT be run/programmed by one man alone, this is meant to be a community project for a reason.



    Ideas

  • -Providing an Aesthetically Pleasing puppet switcher menu for ease of access



    STAGE

  • Pulling apart code for malicious strings, and scanning for exploits or security breaches
Last edited by Geanna on Sun Jul 13, 2014 2:07 pm, edited 13 times in total.
LOVEWHOYOUARE~


"We dance on the lines of our destruction and continuation, to waltz and achieve the happiness of our existence, and to be the laughter in a world of silence."

User avatar
Glen-Rhodes
Powerbroker
 
Posts: 8958
Founded: Jun 25, 2008
Civil Rights Lovefest

Postby Glen-Rhodes » Fri Jul 11, 2014 9:08 pm

Geanna wrote:It's become quite clear to a lot of us that the popular plug in NS++ isn't exactly a trusted web-plugin application by Moderation, due in part to a shoddy track record by Afforess/Shadow Afforess.

No third-party application is ever going to get a badge of trust from NS admins. It has little to do with who writes the app.

User avatar
Soldati Senza Confini
Post Kaiser
 
Posts: 85750
Founded: Mar 11, 2013
Civil Rights Lovefest

Postby Soldati Senza Confini » Fri Jul 11, 2014 9:20 pm

Glen-Rhodes wrote:
Geanna wrote:It's become quite clear to a lot of us that the popular plug in NS++ isn't exactly a trusted web-plugin application by Moderation, due in part to a shoddy track record by Afforess/Shadow Afforess.

No third-party application is ever going to get a badge of trust from NS admins. It has little to do with who writes the app.


Yes, however, this application will be open for them to scan through; I will keep an updated incremental version with the latest fixes on a personal server or on my own dropbox to make it as openly shareable as possible, plus the git will be strictly monitored to find any changes, thus, the administrators can always pull my copy or someone else's if they request it and match against the git.

Also, how the code increment will happen is that every time someone proposes an update or a patch/fix it has to run through the community before it is implemented, and then we're having testers to confirm the code being pushed into an update doesn't contain any suspicious bugs/exploits. We're trying to make it more community driven and counting this will make it more secure as a result given the community will have a say on what goes into the project.

It won't gain full trust, but it's an improvement from having only the git code and only one person having total control of the release code.
Last edited by Soldati Senza Confini on Fri Jul 11, 2014 9:22 pm, edited 2 times in total.
Soldati senza confini: Better than an iPod in shuffle more with 20,000 songs.
Tekania wrote:Welcome to NSG, where informed opinions get to bump-heads with ignorant ideology under the pretense of an equal footing.

"When it’s a choice of putting food on the table, or thinking about your morals, it’s easier to say you’d think about your morals, but only if you’ve never faced that decision." - Anastasia Richardson

Current Goal: Flesh out nation factbook.

User avatar
Glen-Rhodes
Powerbroker
 
Posts: 8958
Founded: Jun 25, 2008
Civil Rights Lovefest

Postby Glen-Rhodes » Fri Jul 11, 2014 9:25 pm

That's a common meme with NS++, that people can't know exactly what is in the extension. We can already see NS++'s source code. Not just on GitHub, either. Browser extensions can be unpackaged and read. Chrome extensions, for example, are just archives of HTML, CSS, and JavaScript files.

NS++ is more than just local/clientside page manipulations. Afforess pays for a server to host all the data that NS++ collects and relies upon. It's quite a lot of data, so you'll need to pay for a VPS with decent bandwidth.
Last edited by Glen-Rhodes on Fri Jul 11, 2014 9:26 pm, edited 1 time in total.

User avatar
Soldati Senza Confini
Post Kaiser
 
Posts: 85750
Founded: Mar 11, 2013
Civil Rights Lovefest

Postby Soldati Senza Confini » Fri Jul 11, 2014 9:31 pm

Glen-Rhodes wrote:That's a common meme with NS++, that people can't know exactly what is in the extension. We can already see NS++'s source code. Not just on GitHub, either. Browser extensions can be unpackaged and read. Chrome extensions, for example, are just archives of HTML, CSS, and JavaScript files.


However, not many people know how to modify the files, and not many people know that they can be unpackaged and read. I unpackaged and read it because I have Linux and I can open almost everything with it. It doesn't mean the casual user knows or is going to bother.
Soldati senza confini: Better than an iPod in shuffle more with 20,000 songs.
Tekania wrote:Welcome to NSG, where informed opinions get to bump-heads with ignorant ideology under the pretense of an equal footing.

"When it’s a choice of putting food on the table, or thinking about your morals, it’s easier to say you’d think about your morals, but only if you’ve never faced that decision." - Anastasia Richardson

Current Goal: Flesh out nation factbook.

User avatar
Geanna
Minister
 
Posts: 2177
Founded: Jul 09, 2013
Ex-Nation

Postby Geanna » Fri Jul 11, 2014 9:34 pm

Glen-Rhodes wrote:That's a common meme with NS++, that people can't know exactly what is in the extension. We can already see NS++'s source code. Not just on GitHub, either. Browser extensions can be unpackaged and read. Chrome extensions, for example, are just archives of HTML, CSS, and JavaScript files.

NS++ is more than just local/clientside page manipulations. Afforess pays for a server to host all the data that NS++ collects and relies upon. It's quite a lot of data, so you'll need to pay for a VPS with decent bandwidth.


This is an issue that is already being discussed, I already own webspace and rent servers, however my bandwidth could not handle large traffic at the current time. Currently, we are waiting on Hobbes to contact Afforess on getting what of the program we can not access already without having to break into files, if we can get him to hand over the rest of the code and give us complete access, then the tool will take a lot less time to reproduce, if not we'll have to build a tool with what we have and can already obtain. Administration may not completely trust it, but our main concern is safety for the users of this program. That means shutting any possible back-doors and wiping any major flaws within the codex that could potentially put users in harms way, such as inserting code to promote your dispatch. Hell, if this means giving Administration access to help code side by side us, than we'll welcome the opportunity.
LOVEWHOYOUARE~


"We dance on the lines of our destruction and continuation, to waltz and achieve the happiness of our existence, and to be the laughter in a world of silence."

User avatar
Torisakia
Postmaster-General
 
Posts: 14249
Founded: Jun 04, 2011
Civil Rights Lovefest

Postby Torisakia » Sat Jul 12, 2014 3:27 am

Geanna wrote:
Glen-Rhodes wrote:That's a common meme with NS++, that people can't know exactly what is in the extension. We can already see NS++'s source code. Not just on GitHub, either. Browser extensions can be unpackaged and read. Chrome extensions, for example, are just archives of HTML, CSS, and JavaScript files.

NS++ is more than just local/clientside page manipulations. Afforess pays for a server to host all the data that NS++ collects and relies upon. It's quite a lot of data, so you'll need to pay for a VPS with decent bandwidth.


This is an issue that is already being discussed, I already own webspace and rent servers, however my bandwidth could not handle large traffic at the current time. Currently, we are waiting on Hobbes to contact Afforess on getting what of the program we can not access already without having to break into files, if we can get him to hand over the rest of the code and give us complete access, then the tool will take a lot less time to reproduce, if not we'll have to build a tool with what we have and can already obtain. Administration may not completely trust it, but our main concern is safety for the users of this program. That means shutting any possible back-doors and wiping any major flaws within the codex that could potentially put users in harms way, such as inserting code to promote your dispatch. Hell, if this means giving Administration access to help code side by side us, than we'll welcome the opportunity.

These exploits and major flaws people are talking about, are they viruses or holes in the code that allow malicious worms and the such infect the user? I might be interested in helping you out with this.
"I will carry out great vengeance on them and punish them in my wrath. Then they will know that I am the LORD, when I take vengeance on them.' - Ezekiel 25:17 Tua Tagovailoa 2:26

User avatar
Soldati Senza Confini
Post Kaiser
 
Posts: 85750
Founded: Mar 11, 2013
Civil Rights Lovefest

Postby Soldati Senza Confini » Sat Jul 12, 2014 4:33 am

Torisakia wrote:These exploits and major flaws people are talking about, are they viruses or holes in the code that allow malicious worms and the such infect the user? I might be interested in helping you out with this.


Well, when it comes to NS++ there has been a couple of incidents where Afforess has had "remote code" - putting it in some sort of specific way - and then running it. One of the examples is the botnet incident where he made several nations upvote a dispatch.

It's not so much a virus, but we think there might be security issues which need to be fixed before proceeding to actually adding features and whatnot.
Soldati senza confini: Better than an iPod in shuffle more with 20,000 songs.
Tekania wrote:Welcome to NSG, where informed opinions get to bump-heads with ignorant ideology under the pretense of an equal footing.

"When it’s a choice of putting food on the table, or thinking about your morals, it’s easier to say you’d think about your morals, but only if you’ve never faced that decision." - Anastasia Richardson

Current Goal: Flesh out nation factbook.

User avatar
Torisakia
Postmaster-General
 
Posts: 14249
Founded: Jun 04, 2011
Civil Rights Lovefest

Postby Torisakia » Sat Jul 12, 2014 4:44 am

Soldati senza confini wrote:
Torisakia wrote:These exploits and major flaws people are talking about, are they viruses or holes in the code that allow malicious worms and the such infect the user? I might be interested in helping you out with this.


Well, when it comes to NS++ there has been a couple of incidents where Afforess has had "remote code" - putting it in some sort of specific way - and then running it. One of the examples is the botnet incident where he made several nations upvote a dispatch.

It's not so much a virus, but we think there might be security issues which need to be fixed before proceeding to actually adding features and whatnot.

Ah, I see. Just a problem with specific data being leaked and lost?
"I will carry out great vengeance on them and punish them in my wrath. Then they will know that I am the LORD, when I take vengeance on them.' - Ezekiel 25:17 Tua Tagovailoa 2:26

User avatar
Soldati Senza Confini
Post Kaiser
 
Posts: 85750
Founded: Mar 11, 2013
Civil Rights Lovefest

Re: NSlash Tool [Development][New NS++]

Postby Soldati Senza Confini » Sat Jul 12, 2014 7:02 am

Torisakia wrote:
Soldati senza confini wrote:
Well, when it comes to NS++ there has been a couple of incidents where Afforess has had "remote code" - putting it in some sort of specific way - and then running it. One of the examples is the botnet incident where he made several nations upvote a dispatch.

It's not so much a virus, but we think there might be security issues which need to be fixed before proceeding to actually adding features and whatnot.

Ah, I see. Just a problem with specific data being leaked and lost?

I would be tempted to say yes, but at the moment we're checking the files for inconsistencies only. Might be secure to work on, or we may find something interesting like a hole or an exploit that we need to take out or fix; some vulnerability that makes people's data unsecure.
Soldati senza confini: Better than an iPod in shuffle more with 20,000 songs.
Tekania wrote:Welcome to NSG, where informed opinions get to bump-heads with ignorant ideology under the pretense of an equal footing.

"When it’s a choice of putting food on the table, or thinking about your morals, it’s easier to say you’d think about your morals, but only if you’ve never faced that decision." - Anastasia Richardson

Current Goal: Flesh out nation factbook.

User avatar
Torisakia
Postmaster-General
 
Posts: 14249
Founded: Jun 04, 2011
Civil Rights Lovefest

Postby Torisakia » Sat Jul 12, 2014 7:26 am

Soldati senza confini wrote:
Torisakia wrote:Ah, I see. Just a problem with specific data being leaked and lost?

I would be tempted to say yes, but at the moment we're checking the files for inconsistencies only. Might be secure to work on, or we may find something interesting like a hole or an exploit that we need to take out or fix; some vulnerability that makes people's data unsecure.

Ah, I understand now. Good luck with the project!
"I will carry out great vengeance on them and punish them in my wrath. Then they will know that I am the LORD, when I take vengeance on them.' - Ezekiel 25:17 Tua Tagovailoa 2:26

User avatar
SOuls 21
Civilian
 
Posts: 1
Founded: Jun 09, 2014
New York Times Democracy

Postby SOuls 21 » Sat Jul 12, 2014 10:00 am

If you can eventually give it a nice, sortable, catagorizable, other-not-really-words-that-mean-its-not-one-big-two-page-long-mess-able, puppet list, I'm in, hands down. I'd say that, the influence estimate, and the floating sidebar are what I use most. I'd also probably be willing to do some testing for you.

-Ever-Wandering Souls

User avatar
A Colour Out of Space
Lobbyist
 
Posts: 12
Founded: Dec 26, 2013
Ex-Nation

Postby A Colour Out of Space » Sat Jul 12, 2014 10:04 am

Hi, Afforess speaking.

I love that new open source projects are being spun up. That is why open source is so great. My code is licensed MIT, so that means you can do whatever with it, as long as you: give me credit for the bits I wrote, and don't sue me if it blows up your computer.

That is all, good luck and carry on!
Last edited by A Colour Out of Space on Sat Jul 12, 2014 10:04 am, edited 1 time in total.

User avatar
The Leningrad Union
Chargé d'Affaires
 
Posts: 471
Founded: Apr 23, 2014
Ex-Nation

Postby The Leningrad Union » Sat Jul 12, 2014 11:00 am

I'd like to know what the features will be.
I founded Madrigal and Confederacy of Allied States. However, I have given up my power in both. I reside in Iraq currently. Come join me!

Parody of typical NSG sig:

NSG's resident Liberal Gay Atheist because there's totally no other liberals, gays or atheists here!
Impeach GP, Legalize RP, NSG 2016!
Mallorea and Riva should resign
*Insert some uneducated statement about how I support a stupid ideology that I heard about in my middle school social studies class*
*Insert some typical liberal and/or edgy statement about Gaza and/or Ukraine*

some popular TETer wrote:Leningrad iz kewl

some dude that agreed with me on a debate wrote:Just listen to Leningrad!

User avatar
Tiltjuice
Post Czar
 
Posts: 33908
Founded: Jan 20, 2012
Inoffensive Centrist Democracy

Postby Tiltjuice » Sat Jul 12, 2014 12:02 pm

I expressed my interest before, but here it is again.

EDIT - In a programmer's role.
Last edited by Tiltjuice on Sun Jul 13, 2014 1:19 am, edited 1 time in total.
I wear teal, blue, pink & red for Swith. | ✎ Member - ℘ædagog
Discrimination is unworthy. | Beauty is not in the face; beauty is a light in the heart. -Khalil Gibran

User avatar
New Mushroom Kingdom
Minister
 
Posts: 3449
Founded: Jul 16, 2010
Compulsory Consumerist State

Postby New Mushroom Kingdom » Sat Jul 12, 2014 12:28 pm

I also express my interests - I am TabletCube / CompanionCube on IRC
NationStates Belongs to All, Gameplay, Roleplay, and Nonplay Alike
Every NationStates Community Member, from Raider Kings to Brony Queens Make Us Awesome.

Embassy Request Thread NS section of my wiki-thing Questions?
DEFCON 5. Never forget Z-Day. 1/4/13. 'Corporate Police State' fits just as well as the actual WA category.
There are no magic mushrooms in this nation. Seriously.

User avatar
The Republic of Lanos
Post Marshal
 
Posts: 17727
Founded: Apr 17, 2009
Ex-Nation

Postby The Republic of Lanos » Sat Jul 12, 2014 12:43 pm

I am the Lanos they mentioned. Here to be tester.

User avatar
SquareDisc City
Senator
 
Posts: 3558
Founded: Jul 02, 2004
Inoffensive Centrist Democracy

Postby SquareDisc City » Sat Jul 12, 2014 5:05 pm

The best of luck to both these projects. Being mainly forum-side myself I've not felt much need for more than the stock site gives, but each to their own.
FT: The Confederation of the United Pokemon Types.
Nuclear pulse propulsion is best propulsion.

User avatar
Grenartia
Post Czar
 
Posts: 38921
Founded: Feb 14, 2010
Left-wing Utopia

Postby Grenartia » Sun Jul 13, 2014 12:41 pm

What are the requirements for me to be a tester?
Impeach Humanity, Legalize Death Stars, Life is TheftWis/Gren 2016 Something all cisgender allies should start doing. I wear teal, blue & pink for Swith. ⚧Copy and paste this in your sig if you passed biology and know gender and sex aren't the same thing.⚧
I'm a pansexual Androgyne. Also a Christian.
Please use they/them/their when referencing me, as I do NOT appreciate the other pronouns.
Textbook definition of irony
Quotes of awesomeness

"Don't take life so serious. It isn't permanent."-Dyakovo

User avatar
Soldati Senza Confini
Post Kaiser
 
Posts: 85750
Founded: Mar 11, 2013
Civil Rights Lovefest

Postby Soldati Senza Confini » Sun Jul 13, 2014 1:03 pm

Grenartia wrote:What are the requirements for me to be a tester?


Mostly, you need to be able to document every bug you find: what was the bug, where did you find it, how did you find it, and when did you find it. That will give us a point where to start and check if other testers can reproduce the bug (the more details you give the better), and if it can be reproduced it's something that needs to be fixed by the developers (for now me and Geanna).

If you can take screenshots or can record your screen with a screen capture program and upload the process in a place like youtube that's also appreciated but not necessary. You just have to be able to report issues to us that you may find as a user tester.

To be added to the list as a tester and you are sure you are able to commit just contact Geanna.
Last edited by Soldati Senza Confini on Sun Jul 13, 2014 1:04 pm, edited 1 time in total.
Soldati senza confini: Better than an iPod in shuffle more with 20,000 songs.
Tekania wrote:Welcome to NSG, where informed opinions get to bump-heads with ignorant ideology under the pretense of an equal footing.

"When it’s a choice of putting food on the table, or thinking about your morals, it’s easier to say you’d think about your morals, but only if you’ve never faced that decision." - Anastasia Richardson

Current Goal: Flesh out nation factbook.

User avatar
Bears Armed
GA Secretariat
 
Posts: 17183
Founded: Jun 01, 2006
Civil Rights Lovefest

Postby Bears Armed » Mon Jul 14, 2014 3:04 am

You really don't want to know what sort of image the title 'NSlash' evoked in my mind...
:p
The Confederated Clans of the Free Bears of Bears Armed
(includes The Ursine NorthLands) Demonym = Bear[s]; adjective = ‘Urrsish’.
Our population is approximately 20 million. We do have a national government, although its role is strictly limited. Economy = thriving. Those aren't "biker gangs", they're our traditional cross-Clan 'Warrior Societies'... and are generally respected, not feared.
Author of some GA Resolutions, via Bears Armed Mission; subject of an SC resolution.
Factbook. We have more than 70 MAPS. Visitors' Guide.
The IDU's WA Drafting Room is open to help you.
Author of issues #429, 712, 729, 934.

User avatar
Hobbesistan
Minister
 
Posts: 2459
Founded: Jul 01, 2013
Inoffensive Centrist Democracy

Postby Hobbesistan » Mon Jul 14, 2014 7:57 am

Geanna wrote:
Glen-Rhodes wrote:That's a common meme with NS++, that people can't know exactly what is in the extension. We can already see NS++'s source code. Not just on GitHub, either. Browser extensions can be unpackaged and read. Chrome extensions, for example, are just archives of HTML, CSS, and JavaScript files.

NS++ is more than just local/clientside page manipulations. Afforess pays for a server to host all the data that NS++ collects and relies upon. It's quite a lot of data, so you'll need to pay for a VPS with decent bandwidth.


This is an issue that is already being discussed, I already own webspace and rent servers, however my bandwidth could not handle large traffic at the current time. Currently, we are waiting on Hobbes to contact Afforess on getting what of the program we can not access already without having to break into files, if we can get him to hand over the rest of the code and give us complete access, then the tool will take a lot less time to reproduce, if not we'll have to build a tool with what we have and can already obtain. Administration may not completely trust it, but our main concern is safety for the users of this program. That means shutting any possible back-doors and wiping any major flaws within the codex that could potentially put users in harms way, such as inserting code to promote your dispatch. Hell, if this means giving Administration access to help code side by side us, than we'll welcome the opportunity.


NS++ itself is far from dead, and I have no interest in asking Afforess to give me the backend to release.
Hobbes
ra, ra rasputin

Maintainer of the Nationstates FAQ and Deletiger (Ret.) of The East Pacific
russia's greatest

Hobbes is always winning, like Charlie Sheen. - Jurisdictions
love machine

Stop right there (hobbes), your rational thought and intellect will destroy the internet. - Sovreignry
it was a shame how

Giraffes think Hobbes regret a lot. A lot of giraffes do. - Rachel
he carried on.

User avatar
A Colour Out of Space
Lobbyist
 
Posts: 12
Founded: Dec 26, 2013
Ex-Nation

Postby A Colour Out of Space » Mon Jul 14, 2014 10:38 am

Geanna wrote:This is an issue that is already being discussed, I already own webspace and rent servers, however my bandwidth could not handle large traffic at the current time. Currently, we are waiting on Hobbes to contact Afforess on getting what of the program we can not access already without having to break into files, if we can get him to hand over the rest of the code and give us complete access, then the tool will take a lot less time to reproduce, if not we'll have to build a tool with what we have and can already obtain. Administration may not completely trust it, but our main concern is safety for the users of this program. That means shutting any possible back-doors and wiping any major flaws within the codex that could potentially put users in harms way, such as inserting code to promote your dispatch. Hell, if this means giving Administration access to help code side by side us, than we'll welcome the opportunity.


The backend code is open source too!

https://github.com/Afforess/NationState ... r/Assembly

It's a java based, Play! Framework 2 application.

User avatar
Capisaria
Senator
 
Posts: 3748
Founded: Sep 16, 2010
New York Times Democracy

Postby Capisaria » Thu Jul 24, 2014 8:45 am

Def interested in this.

User avatar
Enfaru
Minister
 
Posts: 2921
Founded: Apr 20, 2012
Civil Rights Lovefest

Postby Enfaru » Sat Aug 09, 2014 8:01 pm

While some of the heavy features might require a server... is it possible that some of the easier problems can be solved first and tackle the ones that require a server later?
Sovereign Charter Quick Links
Factbook · Role-plays · RMB · Map (Origin | Quantum) · Chat · Members: 73
Myraxia: One does not learn to GM; One throws oneself in and prays they don't fuck up too badly.
Game Master
Founder of the Sovereign Charter,
4th President and,
Tutor of the College of Theatrics

Next

Advertisement

Remove ads

Return to Technical

Who is online

Users browsing this forum: No registered users

Advertisement

Remove ads