Posted by ckknight Dec 05, 2008 at 17:27 UTC
Hey, beautiful people.
I've been working on a per-project role-based access control system, and it's finally in place now. You may have guessed yesterday when the site was having some downtime that something was happening, and we were working out the final kinks of the system then.
Side note: Technically, this is per-repository and not per-project, but the mainline repository defines users' permissions in a project.
What this means:
Instead of just Project leader and authors, we can have multiple roles, e.g. Translators, QA, Documenters, Authors, Managers, and really anything that we can think of.
The way the system works:
There is a set of roles that we administrators define. Each role has a set of permissions attached to it.
Each repository has a set of role assignments which grant a user to one or more roles (Yes, you could be both QA and a Translator at the same time).
Each user would then have a set of permissions on a repository defined by the set of permissions of all their roles on that repository.
Here's the set of permissions:
As it stands, we only have Manager (which has all permissions) and Author (which doesn't have as many permissions).
We do want to work on adding more roles, but we need good ideas on what is wanted as far as that is concerned. So if you have some good ideas, feel free to contact us or just leave a comment here.
Currently, all managers are also authors, and any new projects will have the owner be both a manager and an author. Note that the manager can unassign himself as an author.
Posted by Kaelten Dec 02, 2008 at 01:10 UTC
Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.
These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.
We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.
I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.
We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.
If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.
Posted by ckknight Nov 17, 2008 at 21:28 UTC
We're going to be launching a program to award authors with redeemable points. You'll be able to spend the points on game cards or similar things.
You have to opt in to receive points. You can do this at http://www.curseforge.com/home/rewards-program/....
This is still very much a work in progress, so you won't see points accumulating until we officially launch this. There also will be a wait between when points accumulate and when you can spend them at the store.
Points will be distributed based on popularity of the project. We're probably not going to reveal the exact algorithm to prevent gaming the system. We will investigate allegations of gaming the system and are more than happy to ban those who try to cheat. This is a nice pat on the back for all the authors who help drive traffic to curse, a way to say thanks, and if everything goes smoothly, make it so authors don't have to pay for their own WoW accounts, and for the addons that drive the most traffic to the site (Omen, QuestHelper, etc.), some extra perks.
Kaelten and I (ckknight) are doing the coding on the rewards system and the eventual store. No, we didn't sneak in code to steal fractions of points from people just like in Superman 3, no matter how tempting.
Posted by Kaelten Nov 15, 2008 at 19:38 UTC
I apologize for not making this announcement sooner.
Posted by Kaelten Oct 26, 2008 at 23:54 UTC
The State of the Client
I want to start out by stating that we're well aware of the issues. We're not deluded into thinking that the current state of the Curse Client is as good as it gets.
Up until this point I've been on the sidelines of the Client, however I'm pleased to say that I'm taking over the project and will be leading product development on the client.
I've spent a large portion of my time over the last several weeks reading forums and talking to people to get a better idea of what people want, need, and hate.
We've recently broken 500,000 Client installs. While that is a very exciting number for us to reach, it also shows us the level of responsibility we have to making sure that the client is the best possible.
The Big Issues
It is the primary purpose of this announcement to help communicate what's going to be changing in the near future. But first let me recap some of the things that are definite issues(in no particular order). This is also not necessarily an all inclusive list.
Now I want to tell you what we're going to be doing in order to improve things.
What we're going to do about it!
First we're giving the UI an overhaul. The overall goal here is to make sure that the interface is more intuitive, more usable, and that it gives better feedback about what it's doing. To that end we're taking the following steps:
In addition to the above colors we're going to be using sorting to help it make sense. All Yellows and Grays will be forced to the bottom of the listings. All Red and Purples(?) will be forced to the top for easy identification.
We're also going to be enhancing the activity log panel, making some adjustments to the change log viewers, redoing the listing controls to allow you more options, adding more messages back to the user, etc.
Like I mentioned before we're missing de facto features. And we'll be moving quickly to add them.
Several of these above features are considered to be advanced features and we will be labeling them as such.
Changed Behaviors & Methods
One of the larger problems we've faced is about it auto detecting the wrong addons and/or downgrading or otherwise installing things wrongly.
We're taking a few steps to fixing these problems.
Discovery and Detection of versions
First, we're changing our auto detection code. In the next major release we're switching away from toc name based matching to instead use unique version fingerprints. We will both be fingerprinting individual files and packages as a whole in order to know for sure what version you're using.
Because of the fact that this will allow us to know within a very high level of accuracy in identifying exactly what version of a addon you're using we'll be able to reliably recommend upgrades.
The question shifted at that point to knowing what to do when we don't recognize the files. So we're changing the behavior some. For unrecognized packages we'll be displaying a special Unrecognized status. From that point on we won't update the addon until either a) you tell the client to or b) we learn for sure what version that is.
This does have one potential issue, or in some cases a feature, for auto discovery. If you go in and edit an addon, add a file, remove a file, etc the fingerprint of the file will change and then the fingerprint of the whole package will change.
In the case of initial discovery we won't be able to auto detect what project the files belong to. If we do know what project the file belongs to it becomes an Unrecognized version and will no longer be updated until you tell the client to do so. Down side, if you have some zombie files in your directory from unclean upgrades you'll need to manually match the project or tell it to upgrade.
The current toc name based scanner will still be available for suggesting matches in the new Uninstalled Package Listings.
Changes to Defaults
We're changing a few default behaviors. We'll no longer be defaulting to fully automatic addons update as this seems to be counter to the majority of our users usage patterns. We'll be shifting the defaults throughout the client to match the default behaviors of our users.
These annoying repetitive popup questions will be streamlined out of the client. Anytime we find ourselves saying "well we could ask the user...." we're going to smack ourselves and find away to do it without that.
The Mac Version
Having a fully functional Client under Mac is very important to us. We know that it does not follow many of the standard conventions on macs at this time. We will be addressing as many of those as possible, however our first focus is on having a solid product with all the needed features. After we get there we will then focus on asethetics and the macesqueness of the client (is that a word?).
I'm very happy to be stepping up my participation with the Client. I hope that this massive wall of text I've posted has helped you realize just HOW serious we are about delivering the best possible updater.
We will be continuing the free premium preview until we've gotten most of the things in this announcement out the way. We hope to have everything in this missive out to you guys in just a few short weeks.
And as always, please give me as much feedback as possible. Any and all constructive feedback on the things outlined in this announcement is most certainly welcomed.
It's a lot of work to do. We're making daily progress. And I'll keep you posted.