Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Resolved Another and final approach to skip/shift update approval

red

Joined
Nov 17, 2013
Messages
259
I do not support, malicious things can and probably will be done if this system gets passed.
 
12 year old normie
Joined
Jan 8, 2015
Messages
2,769
Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.
One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.
Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.
 
Joined
May 27, 2016
Messages
745
Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.

doesnt sound good.
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
as a scripter would this be putting alot of stress on you and make you feel less bothered to fix things?

like from your point of view how does it effect you?
As a bot author and a human being it happens every now and then that a bug slips into my code that i always fix as soon as possible. I usually fix the bot and push a fix within like 30 minutes after noticing the bug. It's incredibly annoying to get bug reports although I already fixed that very bug, while waiting for my update to be approved.
 
Joined
Oct 12, 2016
Messages
36
I understand this 100% from your prespective but what is going to happen when someones scripter account gets hacked or just decides that its a good idea to add in malicious code parts and end up doing really bad stuff? Its not only the scripters reputation which gets killed also runemate as a whole bot for incompetence. I think the only thing what can be done here is recruit more people so updates are pushed more frequently.
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
I understand this 100% from your prespective but what is going to happen when someones scripter account gets hacked or just decides that its a good idea to add in malicious code parts and end up doing really bad stuff? Its not only the scripters reputation which gets killed also runemate as a whole bot for incompetence. I think the only thing what can be done here is recruit more people so updates are pushed more frequently.
The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed through
 
Joined
Oct 12, 2016
Messages
36
The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed through
so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.


Where exactly do you see the solution to this problem then?
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.


Where exactly do you see the solution to this problem then?
Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.
 
Joined
May 27, 2016
Messages
745
Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.



If I was the main guy that owned runemate, I would have premium scripts for most skills that are rental type scripts that would benefit the author + runemate would get its money from clients using their software which already happens. really fucking good scripts. I would probably implement this idea of yours savoir, It isn't for us to decide though unfortunately. we have to respect this. only time will tell.
 
Mod Automation
Joined
Jul 26, 2013
Messages
3,044
I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.
 

mew

Joined
Mar 1, 2015
Messages
296
I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.
Is this a reference to RSBuddy? o_O
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
alright i guess the case is settled. like i said earlier, by letting users push through bots without approval you're always going to have a security risk to take. However if that's not an option, i suppose we can't really blame the executives for that decision.
 
Joined
Jul 25, 2015
Messages
72
Just more people who can push updates will help hugely with getting bots out quickly. Just get a few more trusted people to approve bots and the bots improve hugely, as updates could be pushed asap
 
Joined
Aug 19, 2016
Messages
11
I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.

Maybe I'm missing something but any bot that isn't using TCP/UDP or making HTTP(S) calls should be fine security wise and it's not hard to automatically look for those calls in bytecode/source and if it is using that functionality (say for dynamic signatures or w/e) just have it be manually cleared by a human.
 
Last edited:
Joined
Dec 5, 2016
Messages
2
Maybe I'm missing something but any bot that isn't using TCP/UDP or making HTTP(S) calls should be fine security wise and it's not hard to automatically look for those calls in bytecode/source and if it is using that functionality (say for dynamic signatures or w/e) just have it be manually cleared by a human.

A bot author could add a hidden feature that runs at a specific time and date, that makes bots withdraw all their items from the bank and trade them to the bot author's account.

Code review is a must.
 
Joined
Jul 25, 2015
Messages
72
A bot author could add a hidden feature that runs at a specific time and date, that makes bots withdraw all their items from the bank and trade them to the bot author's account.

Code review is a must.
Could they just make any bot running on runemate not be able to make such calls surely that is possible. Bots do not need to make HTTP calls, unless they have online stats which many don't. Removing this ability will allow scripts to be updated anytime, and people will not need to fear getting hacked/leaked.
 
Top