Introducing Starbase YOLOL Editor : A Starbase-themed text editor for YOLOL

Matrixmage

Learned-to-sprint endo
Joined
Aug 9, 2019
Messages
23
#22
Maybe if I update it more I will make it open source, but it's too simple now to warrant the effort .
While I can understand it being a hassle, it's for the safety of everyone using this software that it's released open source.

Though I consider it too much of a hassle myself to push for, I'd argue that it shouldn't be allowed to post closed-source software on the forum. The chance for abuse and the danger to the community is, generally speaking, too much. Also, though don't quote me on this, I've heard of cases where a user sued a forum for "supporting" malicious code by leaving it up. So there could even be legal repercussions for FB in an extreme case.

*Saving requires the program to be launched with Administrator access!
All that said, this is SUPER not ok. Literally no one should use this program currently. There is exactly zero cases where it is EVER a smart thing to give something like this administrator privileges.
 

Biglet

Active endo
Joined
Aug 9, 2019
Messages
29
#23
I and many others have used this app so far and it is fine. It is not uncommon for third party apps not to be open sourced in games, hell half the third party apps in EVE were not.
 
Joined
Aug 9, 2019
Messages
7
#25
I and many others have used this app so far and it is fine. It is not uncommon for third party apps not to be open sourced in games, hell half the third party apps in EVE were not.
Hypothetically, if Vexus had malicious intent, this app could have dropped a keylogger onto your system without your knowledge. If run in administrator mode, it could be even worse. I still don't recommend running this app unless the source is available.

Edit: To be clear, I'm not accusing Vexus of ill-intent. As a programmer, I try to pay attention to possible security issues.
 

Matrixmage

Learned-to-sprint endo
Joined
Aug 9, 2019
Messages
23
#26
I and many others have used this app so far and it is fine. It is not uncommon for third party apps not to be open sourced in games, hell half the third party apps in EVE were not.
As I said, while I disagree in principle it's not really terrible or anything.

But what is terrible is requiring admin privileges. From discussing with experienced developers who have used the same frameworks as Vexus, there's no reason that admin privileges should be required. That itself should be quite terrifying to any user. At the very least it's irresponsible development, at the most it's something malicious. Neither are alright.

Edit: as with Chthonium, this is a worry that comes from being a developer. I'm not saying Vexus personally has ill-intent, just that the dangers outweigh the benefits for a user in this case. A developer as a responsibility to be transparently secure with their users, especially when we're random people on the internet.
 
Last edited:

Vexus

Veteran endo
Joined
Aug 9, 2019
Messages
234
#27
If you know a way for an app to create files on a system without administrator/permissioned access I think Microsoft would like to hear about it. When testing with crew, one person had UAC enabled in Windows and was unable to save files without launching the program as admin (it did nothing). I'm not a pro; if there's some method I'd need to include to let users save files with their user permission alone, I don't know it. If someone knows it, please let me know; I can add it in an update. As for security, my identity is known, and I'd probably go to jail if I included malicious code. In addition, just because something has open source code does not mean the downloadable binary isn't built with malicious code - so being open source doesn't change much unless you build everything yourself, which most users don't do. I appreciate the concerns though.
 

NoName

Learned-to-turn-off-magboots endo
Joined
Aug 9, 2019
Messages
49
#28
I have used this app a few times and so far so good! Nice work Vexus it is nice to have a way to work on YOLOL code without being ingame. Maybe you should even consider making a mobile version of it!
 

Matrixmage

Learned-to-sprint endo
Joined
Aug 9, 2019
Messages
23
#29
If you know a way for an app to create files on a system without administrator/permissioned access I think Microsoft would like to hear about it.
Considering I just opened powershell and made a new file on my work computer where I have no semblance of admin privileges, I think they're aware.

As I've said, this is in no way a personal attack, I'm just a fellow developer concerned for those who are less savvy. That said, your dismissiveness of this situation is increasingly worrying...
 

Vexus

Veteran endo
Joined
Aug 9, 2019
Messages
234
#30
You still have permissions to create files; perhaps the wording of you need administrator access scares you a bit and that is understandable. I'll see if I can get some more functional way for the app to write a file with obtaining user permissions first. I disable UAC on my systems so it's not a common problem for me. Thank you!
 
Joined
Aug 9, 2019
Messages
7
#31
Based on the binary strings, I assume the application is a .NET application written in C#.

I read some documentation, and asked a friend who's a C# developer. According to both sources, you shouldn't need elevated permissions to create a file in the user folder.

Perhaps there's a miscommunication here, but admin access seems unnecessary.
 

Vexus

Veteran endo
Joined
Aug 9, 2019
Messages
234
#32
you shouldn't need elevated permissions to create a file in the user folder.
Yeah I'll look into it thank you! I'm not sure where my test user tried to save the file. It was an oversight since I disable UAC on my systems.
 
Top