Closed Vurv78 closed 2 years ago
Cpt-Hazama
commented
2 years ago Its an old google website that gave the user links and info about how theyre missing VJ Base. The only reason why it now displays a login page is because Google broke the website with an update. There is nothing malicious about the page that pops up, you couldnt even do anything with that info anyway thats controlled by Google not someone coding in gLua inside a game.
DrVrej
commented
2 years ago This is not part of VJ Base, it's part of other addons that use it. If you are suggesting that I magically update 1,000s of addons then you are wrong. Not even 1% of the addons are authored by me, I wouldn't even be able to. This issue can be fixed if the rendering is updated in GMod to allow newer websites to load. Until then, no one can do anything about this.
Also there is nothing dangerous about it, not sure where you got that from. If you do sign in, then congratulations you just signed into Google. It then redirects you to Google Sites, there is nothing beyond that.
On Sat, Dec 4, 2021, 8:40 AM Cpt. Hazama @.***> wrote:
Its an old google website that gave the user links and info about how theyre missing VJ Base. The only reason why it now displays a login page is because Google broke the website with an update. There is nothing malicious about the page that pops up, you couldnt even do anything with that info anyway thats controlled by Google not someone coding in gLua inside a game.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/DrVrej/VJ-Base/issues/54#issuecomment-986029098, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABU5ADWOZ6NQIDLTKHNNH3DUPIK5VANCNFSM5JLLV4IA .
Vurv78
commented
2 years ago There is nothing malicious about the page that pops up, you couldnt even do anything with that info anyway thats controlled by Google not someone coding in gLua inside a game.
You are very, very wrong. Here, I've adapted the same code creating the google popup to keylog.
VJ_WARN_SLVBase = vgui.Create("DFrame")
VJ_WARN_SLVBase:SetTitle("ERROR!")
VJ_WARN_SLVBase:SetSize(790,560)
VJ_WARN_SLVBase:SetPos((ScrW()-VJ_WARN_SLVBase:GetWide())/2, (ScrH()-VJ_WARN_SLVBase:GetTall())/2)
VJ_WARN_SLVBase:MakePopup()
VJ_WARN_SLVBase.Paint = function()
draw.RoundedBox(8, 0, 0, VJ_WARN_SLVBase:GetWide(), VJ_WARN_SLVBase:GetTall(), Color(200,0,0,150))
end
local VJURL = vgui.Create("DHTML", VJ_WARN_SLVBase)
VJURL:SetPos(VJ_WARN_SLVBase:GetWide()*0.005, VJ_WARN_SLVBase:GetTall()*0.03)
VJURL:Dock(FILL)
VJURL:SetAllowLua(true)
VJURL:OpenURL("https://sites.google.com/site/vrejgaming/vjbaseconflict")
VJURL:AddFunction("lua", "print", print)
VJURL:QueueJavascript([[
window.addEventListener("keypress", function(e) {
lua.print("logged. that easy.", e.key);
})
]])This is not part of VJ Base, it's part of other addons that use it.
I see it right here though. I don't know about this as a framework but it definitely shouldn't be commonplace for the addons using it to create the exact same popup. https://github.com/DrVrej/VJ-Base/blob/f8357f5fb50e846641be6beafc8c2cff96cf46d7/lua/autorun/vj_base_autorun.lua#L124
Also there is nothing dangerous about it, not sure where you got that from. If you do sign in, then congratulations you just signed into Google. It then redirects you to Google Sites, there is nothing beyond that.
Opening the page in the first place is not inherently dangerous yes, but that's not what I'm talking about. Because of how large this addon is I see it as irresponsible that it'd be so commonplace from this.
Here's some of the reddit posts I've seen now: https://www.reddit.com/r/gmod/comments/r8hnap/anybody_know_what_this_google_sign_in_spam_is_and/ https://www.reddit.com/r/gmod/comments/q4ik48/guys_i_need_help_everytime_i_join_in_the_map_and/ https://www.reddit.com/r/gmod/comments/q551xh/is_this_a_scam/ https://www.reddit.com/r/gmod/comments/olviv2/is_it_just_me_or_is_this_kinda_sketchy/ https://www.reddit.com/r/gmod/comments/iat0mj/uhh_gmod_wants_me_to_sign_in_with_google/
If nothing else it should at least be in your interest to make your addon look less malicious.
DrVrej
commented
2 years ago @Vurv78 You are wrong. First, the "addon confliction" window was created years ago, the confliction has been solved and no one encounters that pop up anymore. Second, all the posts on Reddit are about what I mentioned, the window that pops up when VJ Base is NOT installed.
Also your security worry is still false. VJ Base contains no key loggers and if another addon is key logging the user's input and sending the data somewhere, then that addon needs to banned. No such thing is allowed on Garry's Mod. Also you edited the code and put a key logger to prove your point, but you fail to apply any logic here. "Wheels on cars are a security issue because the manufacturer can put a button that they can remotely press to unscrew and release all the wheels!" But is the manufacturer putting such thing? Similarly, am I putting a key logger in the code? The obvious answer is no.
Side Note: Google Sites many years ago was the go to when you wanted to present a simply and effective page as a pop up. Last year, Google updated this system and their service terms. They banned all the sites that used it as a pop up, hence why my page is banned. I could update the pop up that you mentioned, but understand that no one sees that anyway, so I don't care about it. If I update VJ Base again, I might just remove that unused code. And again for the 10th time, NO one sees that page, that code literally hasn't ran for anyone for at least 3-4 years. Also as software changes, many things break over time. I and other modders are not obligated to continue upkeeping our mods forever. VJ Base has been around since 2011-2012, very few modders from time have continued to upkeep their addons for so long. We make no income from modding, we do this as a hobby. Most of us have become busy with our lives and more productive things in life, we have no obligation to continue mods we made 10+ years ago.
Vurv78
commented
2 years ago This is the first time I've ever heard of this "VJ Base" so of course I don't know everything about the codebase and the addons it uses, that's why I created this issue with the pretense that you were creating the popup (which as far as I know you still can / are).
Because of this all I can assume is that this is a framework which you can easily link to addons by forcing the workshop to have this as a dependency. Now I don't understand how that would require the addons to make the exact same popup of their own... which is why I'm here pointing out the obvious source of the pop-up. That's my logic.
the confliction has been solved and no one encounters that pop up anymore. Second, all the posts on Reddit are about what I mentioned, the window that pops up when VJ Base is NOT installed.
Then why is the code there at all anymore?
Also your security worry is still false. VJ Base contains no key loggers and if another addon is key logging the user's input and sending the data somewhere, then that addon needs to banned. No such thing is allowed on Garry's Mod.
You have missed my point once again. You are making an addon that's making these suspicious pop-ups commonplace. You aren't the ones creating keyloggers, but if these are common, people might not be as wary to actual keyloggers. Also you'd be surprised how many malicious addons there are. Reposts of popular addons with backdoors and whatnot aren't allowed but they're everywhere. You can't just say "there can't possibly be x, because that would be illegal!"
Also you edited the code and put a key logger to prove your point, but you fail to apply any logic here. "Wheels on cars are a security issue because the manufacturer can put a button that they can remotely press to unscrew and release all the wheels!" But is the manufacturer putting such thing? Similarly, am I putting a key logger in the code? The obvious answer is no.
The point is your code looks a hell of a lot suspicious, and because of this it may drowns out actual keyloggers. Shitty analogy but: If you started putting fake guns everywhere, people might not think twice if someone has a real gun or not.
Also as software changes, many things break over time. I and other modders are not obligated to continue upkeeping our mods forever. VJ Base has been around since 2011-2012, very few modders from time have continued to upkeep their addons for so long. We make no income from modding, we do this as a hobby. Most of us have become busy with our lives and more productive things in life, we have no obligation to continue mods we made 10+ years ago.
DrVrej
commented
2 years ago I created this issue with the pretense that you were creating the popup (which as far as I know you still can)
Let me just contact Valve and tell them if they can update 1000s of Workshop items 👍
Then why is the code there at all anymore?
Because I do what I want 🙂
You can look at my github and see I do just as much as you :/
I care because?
Vurv78
commented
2 years ago Let me just contact Valve and tell them if they can update 1000s of Workshop items 👍
Considering this is the third time you can't bother to look into the issue it is obvious you don't care. Unfortunate.
I care because?
You seem to care and are being pretentious as if I don't understand the process behind this, which looking at my profile would completely prove otherwise.. even writing a massive chunk about it here:
Also as software changes, many things break over time. I and other modders are not obligated to continue upkeeping our mods forever. VJ Base has been around since 2011-2012, very few modders from time have continued to upkeep their addons for so long. We make no income from modding, we do this as a hobby. Most of us have become busy with our lives and more productive things in life, we have no obligation to continue mods we made 10+ years ago.
Because I do what I want 🙂
Ok, great, that's up to you. I mean it has lead to this issue which you don't seem to want to deal with.
No point in continuing this if you just want to bitch and refuse to deal with the issue, sorry for caring about the quality of your addon.
DrVrej
commented
2 years ago Let me just contact Valve and tell them if they can update 1000s of Workshop items 👍
Considering this is the third time you can't bother to look into the issue it is obvious you don't care. Unfortunate.
I care because?
You seem to care and are being pretentious as if I don't understand the process behind this, which looking at my profile would completely prove otherwise.. even writing a massive chunk about it here:
Also as software changes, many things break over time. I and other modders are not obligated to continue upkeeping our mods forever. VJ Base has been around since 2011-2012, very few modders from time have continued to upkeep their addons for so long. We make no income from modding, we do this as a hobby. Most of us have become busy with our lives and more productive things in life, we have no obligation to continue mods we made 10+ years ago.
Because I do what I want 🙂
Ok, great, that's up to you. I mean it has lead to this issue which you don't seem to want to deal with.
No point in continuing this if you just want to bitch and refuse to deal with the issue, sorry for caring about the quality of your addon.
Before we end this conversation, out of curiosity, how do you expect me (or anyone) to update 1000s of addons?
Vurv78
commented
2 years ago I expected you to answer maturely or bother to explain why you'd need to do such a thing. It's a library so have it as a dependency on the workshop or as a git submodule? Why would an addon experience the exact same error prompt if they are missing said base that provides it? You never answered..
It really isn't difficult to remove the compatibility check either which is what the issue was for. Could've done it like 20 times now through this conversation.
DrVrej
commented
2 years ago I expected you to answer maturely or bother to explain why you'd need to do such a thing. It's a library so have it as a dependency on the workshop or as a git submodule? Why would an addon experience the exact same error prompt if they are missing said base that provides it? You never answered..
It really isn't difficult to remove the compatibility check either which is what the issue was for. Could've done it like 20 times now through this conversation.
Reread my first 2 replies, the code you presented has nothing to do with what people are complaining about. The pop up is a code that is included in every addon, it's NOT in VJ Base. It pops up when VJ Base is NOT present. Nothing can be done to counter the issue from VJ Base itself, so again what are you expecting me to do? I can't update nor can I edit 1000s of addons, that is literally not possible.
Vurv78
commented
2 years ago Ok, someone else already explained this to me, so now:
The issue is that your example addon in the dummy_file branch (which you refer to on the wiki) still has the same code pointing to the knowingly broken google site page.
I would advise to change it to either not show the popup and just ErrorNoHalt, or to change the link to point to your github wiki or something.
I now understand you can't do anything about the past addons, but you can about future ones..
DrVrej
commented
2 years ago Yeah that's the plan when I get around to updating it. I have requested Google to just take down the site, so now instead of a sign in, it just shows "404 not found". I wish GMod would be able to render GitHub pages. Also for some reason, not many people use the dummy_file branch that I have created, so unfortunately not many people will adopt the new code when I update it.
DrVrej
commented
2 years ago An update:
I have seen dozens of posts on r/gmod with people having addons that have a google sign in popup because of this. Why are you sending people to a login page in DHTML? This popup might leave people careless when it starts happening this common and people just get keylogged.. please remove this. I see no reason for it with it just causing confusion and potentially being dangerous..
(I have no idea what the url is supposed to do but I see no issue with just replacing it with a github markdown/wiki link if it is to notify people of the addon collision. Or, just a concise "download this, or uninstall this"..)