These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
 

New Dev Blog: ME SQUASH BUG: Improving the EVE experience

First post
Author
Solo Drakban
Goosefleet
Gooseflock Featheration
#81 - 2011-10-17 18:31:34 UTC
Dalmont Delantee wrote:

Don't worry ccp aren't worried about your goat pron and the fact you play hello kitty online at the same time as eve. The old adage of if you have nothing to hide with the eve client why worry. Plus if there is no personal infp they won't know about your bots and python injections :-p



Why does everybody always go to the "if you have nothing to hide..." argument. I use my computer for more things than EVE and I take an NDA a lot more seriously than Darius III does. Let's say that CCP's data collection does actively collect a list of running applications (and I want to state that I have no objections to this, in fact it can be useful debugging if you want out that 80% of your crashes have occurred with a particular AV running or driver applet, etc) and I am running an application along side EVE that I am beta testing under NDA (be it game relation or otherwise) and EVE crashes, snapshots this list and sends it to CCP. I may now have violated an NDA as it relates to not revealing to anybody that I am in the beta, or that a beta even exists.

Had I had the chance to review crash logs ahead of time I would have seen that this application appears in the list and would have not sent the debug information to CCP, not because I don't want to, but because I would be breaking a contract with another entity. If the crash happened and I was not running this particular beta application I would have no issues sending a list of my other running applications to CCP. This has happened with other crash reporting software, things crash while I may be doing something under NDA or protected by other regulations or certifications (HIPAA, SOX, PCI, SAS70 take your pick, I deal with systems covered under some or all of these things) and I have to refuse to send a crash report.

I'm not worried about playing EVE and CCP transmitting the contents of my hard drive to them because I am not attributing malice to CCP's actions. We have an agreement (partially implied, partially explicitly laid out in the EULA) that CCP will send data back and forth between their servers and I'm reasonably certain that it's just data related to playing EVE Online. The addition of the crash reporting system is a very good step forward and my objections to it (which are past tense, CCP has responded that they are making it optional) were not based on my assumption that CCP was doing anything untoward, but by a need to protect myself from leaking data that I shouldn't, that under normal circumstances I would be perfectly fine with sending in a normal crash report.

So yes, I do have things to hide, but they aren't related to EVE online, and what I'm hiding is, quite frankly, should be of no concern to you, CCP or any other entity that does crash reporting.
Master Akira
Licence To Kill
Mercenary Coalition
#82 - 2011-10-17 18:40:46 UTC  |  Edited by: Master Akira
CCP Redundancy, will the Video driver crashes be included in this? They don't drop you to dektop, but cause a windows "video driver has stopped responding and has recovered" error. And they are caused by Eve without a doubt.

It would be awesome if it did, because I have reported this bug since months ago in every imaginable way and yet no response.
j0rg
Moneytron
#83 - 2011-10-17 18:58:40 UTC
Solo Drakban wrote:


Why does everybody always go to the "if you have nothing to hide..." argument. I use my computer for more things than EVE and I take an NDA a lot more seriously than Darius III does. Let's say that CCP's data collection does actively collect a list of running applications (and I want to state that I have no objections to this, in fact it can be useful debugging if you want out that 80% of your crashes have occurred with a particular AV running or driver applet, etc) and I am running an application along side EVE that I am beta testing under NDA (be it game relation or otherwise) and EVE crashes, snapshots this list and sends it to CCP. I may now have violated an NDA as it relates to not revealing to anybody that I am in the beta, or that a beta even exists.


Had I had the chance to review crash logs ahead of time I would have seen that this application appears in the list and would have not sent the debug information to CCP, not because I don't want to, but because I would be breaking a contract with another entity. If the crash happened and I was not running this particular beta application I would have no issues sending a list of my other running applications to CCP. This has happened with other crash reporting software, things crash while I may be doing something under NDA or protected by other regulations or certifications (HIPAA, SOX, PCI, SAS70 take your pick, I deal with systems covered under some or all of these things) and I have to refuse to send a crash report.

I'm not worried about playing EVE and CCP transmitting the contents of my hard drive to them because I am not attributing malice to CCP's actions. We have an agreement (partially implied, partially explicitly laid out in the EULA) that CCP will send data back and forth between their servers and I'm reasonably certain that it's just data related to playing EVE Online. The addition of the crash reporting system is a very good step forward and my objections to it (which are past tense, CCP has responded that they are making it optional) were not based on my assumption that CCP was doing anything untoward, but by a need to protect myself from leaking data that I shouldn't, that under normal circumstances I would be perfectly fine with sending in a normal crash report.

So yes, I do have things to hide, but they aren't related to EVE online, and what I'm hiding is, quite frankly, should be of no concern to you, CCP or any other entity that does crash reporting.


Dude seriously if you are dealing with software under such severe NDA restrictions what on earth are you doing installing MMO games on the same hardware ? Not downplaying your argument here because it is valid, but if the business you're in is so sensitive against this kind of violations then you should be looking for hyper-secure dedicated hardware to put the NDA stuff on - not your gaming rig wth :-)
Alice Katsuko
Perkone
Caldari State
#84 - 2011-10-17 19:02:46 UTC
Allow users to opt out of the data collection system. Odds are most of the folk worrying about CCP stealing their information won't bother to do so anyway, but it will make them happy to know that the option is there. Opt-in systems are a bad idea since most people don't care one way or the other and might not even know that they should opt in.

To be quite honest, if the information you work with is sensitive and a viable target for data theft, then you should either not be putting it into a networked computer, or should be taking extensive precautions which go beyond worrying about whether an Icelandic developer is going to go digging through your personal files. Most applications automatically send crash-related information. Some applications continuously send detailed usage statistics. And anyone who has installed an EA game has granted EA the authority to dig through their computer essentially at will, unless EA has changed its standard EULA.
David Carel
SWAT Team Sales Consultants
#85 - 2011-10-17 19:02:54 UTC  |  Edited by: David Carel
j0rg wrote:


Dude seriously if you are dealing with software under such severe NDA restrictions what on earth are you doing installing MMO games on the same hardware ? Not downplaying your argument here because it is valid, but if the business you're in is so sensitive against this kind of violations then you should be looking for hyper-secure dedicated hardware to put the NDA stuff on - not your gaming rig wth :-)


Because these NDA restrictions are standard for developers. I'm under NDA for SteamWorks and I have it on my PC, so, I shouldn't play EVE just because I have a library and some tools associated with it?
You're not supposed to do it on hyper-secure dedicated hardware anyways. You have to ensure (at least in my example) that reasonable precautions against data theft are met. A dedicated rig is way overkill most of the time.
Zleon Leigh
#86 - 2011-10-17 19:11:10 UTC
Solo Drakban wrote:
Callic Veratar wrote:
That being said, it's unfortunate that we have to work in such an environment of paranoia where even a beneficial crash reporting tool could be perceived as having an evil ulterior motive.


I don't necessarily believe that CCP has an ulterior motive or that they are going to be malicious with the tool. I simply like to review what data is being presented from my computer, especially when it has the possibility of leaking information, not unintentionally, due to a missed flag.



and... there is always the possibility that a flaw in the tool or a hacking event might turn it into something malicious that grabs personal info. If you willy nilly allow data to be sucked off your computer then be prepared for serious RL consequences.


+1 to the Dev's!

Incarna - Newest business example of mismanaged capital. CCP - Continuing to gank independent PI producers every day

PvP's latest  incentive program ** Unified Inventory **  'Cause you gotta kill something after trying to use it

Solo Drakban
Goosefleet
Gooseflock Featheration
#87 - 2011-10-17 19:14:21 UTC
j0rg wrote:

Dude seriously if you are dealing with software under such severe NDA restrictions what on earth are you doing installing MMO games on the same hardware ? Not downplaying your argument here because it is valid, but if the business you're in is so sensitive against this kind of violations then you should be looking for hyper-secure dedicated hardware to put the NDA stuff on - not your gaming rig wth :-)


Because the NDAs are fairly standard and there is no need to separate them onto different machines because I am aware of what applications report what and so long as applications are upfront with what they are doing and allow opt-in/out then there is no issue. I honestly would have no issues with EVE doing mandatory crash reporting so long as they were upfront with that happening and what data was being collected and more importantly, had a history of open communication on changes. It's the last one that concerns me for which is why I like the compromise of opt-in with the ability to review the data. Once CCP builds back up a level of trust, I'll be more willing to accept what they state at face value.

I'm also the kind of person that browses the web with plugins designed to turn everything off (no cookies, noScript, etc) and grant access as I trust sites, rather than just blindly jumping onto websites with a browser fully open and loading everything, getting hit by 0-day Flash and PDF exploits and ending up with more trojans and tracking than I can shake a stick at. Partially to protect myself, partially because I believe that I should be asked if a website can open up 15 flash programs, rather than forcing it open me.
Katrina Bekers
A Blessed Bean
Pandemic Horde
#88 - 2011-10-17 19:44:18 UTC
Thank you for all the info, and implicitly for the answers to my questions in the 1.1.2 deployment thread.

And for the quick replies from the devs to the ubergeeks proddings.

<< THE RABBLE BRIGADE >>

Atomic Option
NO Tax FAT Stacks
#89 - 2011-10-17 20:06:03 UTC
Solo Drakban wrote:
j0rg wrote:

Dude seriously if you are dealing with software under such severe NDA restrictions what on earth are you doing installing MMO games on the same hardware ? Not downplaying your argument here because it is valid, but if the business you're in is so sensitive against this kind of violations then you should be looking for hyper-secure dedicated hardware to put the NDA stuff on - not your gaming rig wth :-)


Because the NDAs are fairly standard and there is no need to separate them onto different machines because I am aware of what applications report what and so long as applications are upfront with what they are doing and allow opt-in/out then there is no issue. I honestly would have no issues with EVE doing mandatory crash reporting so long as they were upfront with that happening and what data was being collected and more importantly, had a history of open communication on changes. It's the last one that concerns me for which is why I like the compromise of opt-in with the ability to review the data. Once CCP builds back up a level of trust, I'll be more willing to accept what they state at face value.

I'm also the kind of person that browses the web with plugins designed to turn everything off (no cookies, noScript, etc) and grant access as I trust sites, rather than just blindly jumping onto websites with a browser fully open and loading everything, getting hit by 0-day Flash and PDF exploits and ending up with more trojans and tracking than I can shake a stick at. Partially to protect myself, partially because I believe that I should be asked if a website can open up 15 flash programs, rather than forcing it open me.


In the mean time, stop running these super-double-secret beta programs that you're bragging about on an online forum at the same time as you're running EVE. EVE is a pretty busy game, and unless these other programs are batch processing programs that need to sit and calculate for a while, there's no reason they need to remain open while you're playing EVE. I agree that a send/don't send button would be nice, but in the end the NDA is your responsibility not CCPs and I wouldn't be running ANYTHING at the same time as a program whose publicized existence could make me liable.
Inanna NiKunni
BlackBongWater
#90 - 2011-10-17 20:09:53 UTC
Good work CCP

P.S.
i will turn on CQ just to generate a few crash reports
Solo Drakban
Goosefleet
Gooseflock Featheration
#91 - 2011-10-17 20:19:50 UTC
Atomic Option wrote:

In the mean time, stop running these super-double-secret beta programs that you're bragging about on an online forum at the same time as you're running EVE. EVE is a pretty busy game, and unless these other programs are batch processing programs that need to sit and calculate for a while, there's no reason they need to remain open while you're playing EVE. I agree that a send/don't send button would be nice, but in the end the NDA is your responsibility not CCPs and I wouldn't be running ANYTHING at the same time as a program whose publicized existence could make me liable.


First, I believe you need to look up the definition of "bragging". I was not bragging, I was merely stating an example. Also, I'm not sure what game you're playing, but EVE is generally not a 'busy' game. Except during instances of combat, a lot of EVE can be played with it in a window with only one eye paying attention to things happening while you actually do useful things in another window.

Also, I am aware that it's my responsibility, which is why I was asking for the ability to opt into the data collection with the ability to review the data being sent so that I can verify what CCP is collecting and make the determination on if the data can be sent. The alternatives are to not load EVE while doing other things (which may be a blessing in some respects) or take actions to block their crash reporting system (which wouldn't be of benefit to anybody as they would then never receive a crash report as I would just set it and forget it).

I honestly don't get why people are still on about this. CCP said "Hey, awesome crash collection stuff coming up!" to which the question was asked "Is it optional?" CCP quite reasonably said "Oops, not now but we'll make it so!" and everything was fine. I would have preferred it be optional on launch but, again, a Dev gave a reasonable alternative if there were any reservations about the system until they could add the opt in, and again, everything was fine.

Then people came out of the woodwork with "if you have nothing to hide..." crap which is why some of us were giving examples of why we would indeed care. Regardless of how relevant you think they are, I do appreciate that CCP has addressed the concerns.
Mr LaForge
Deep Core Mining Inc.
Caldari State
#92 - 2011-10-17 20:37:11 UTC
This is good news.

Stuff Goes here

Mr LaForge
Deep Core Mining Inc.
Caldari State
#93 - 2011-10-17 20:37:30 UTC
This is even better news.

/Redundancy

Stuff Goes here

CCP Sreegs
CCP Retirement Home
#94 - 2011-10-17 20:40:23 UTC  |  Edited by: CCP Sreegs
Zleon Leigh wrote:
Solo Drakban wrote:
Callic Veratar wrote:
That being said, it's unfortunate that we have to work in such an environment of paranoia where even a beneficial crash reporting tool could be perceived as having an evil ulterior motive.


I don't necessarily believe that CCP has an ulterior motive or that they are going to be malicious with the tool. I simply like to review what data is being presented from my computer, especially when it has the possibility of leaking information, not unintentionally, due to a missed flag.



and... there is always the possibility that a flaw in the tool or a hacking event might turn it into something malicious that grabs personal info. If you willy nilly allow data to be sucked off your computer then be prepared for serious RL consequences.


+1 to the Dev's!


If someone wanted your personal information there are a multitude of easier ways to obtain it than trying to find a way to alter our collection code, which is limited to our process alone and the memory allocated to our process and only obtained in the event of a crash. We have a legally binding agreement with you that states that we will inform you what we collect and why we collect it, which is also spelled out in this blog.

I'm happy to help any of you with any concerns you may have but I can state quite clearly that the only data being sent to us is the contents of crash dumps related to our process space. If you're extremely concerned about that owing to other obligations you have or anything else there was a post on page 2... I want to say from a dev stating how to block the sending of the dumps until such time as the service can provide an opt out.

:edit: Here's the post I was referring to

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012

CCP Sreegs
CCP Retirement Home
#95 - 2011-10-17 20:45:18 UTC
Solo Drakban wrote:
Atomic Option wrote:

In the mean time, stop running these super-double-secret beta programs that you're bragging about on an online forum at the same time as you're running EVE. EVE is a pretty busy game, and unless these other programs are batch processing programs that need to sit and calculate for a while, there's no reason they need to remain open while you're playing EVE. I agree that a send/don't send button would be nice, but in the end the NDA is your responsibility not CCPs and I wouldn't be running ANYTHING at the same time as a program whose publicized existence could make me liable.


First, I believe you need to look up the definition of "bragging". I was not bragging, I was merely stating an example. Also, I'm not sure what game you're playing, but EVE is generally not a 'busy' game. Except during instances of combat, a lot of EVE can be played with it in a window with only one eye paying attention to things happening while you actually do useful things in another window.

Also, I am aware that it's my responsibility, which is why I was asking for the ability to opt into the data collection with the ability to review the data being sent so that I can verify what CCP is collecting and make the determination on if the data can be sent. The alternatives are to not load EVE while doing other things (which may be a blessing in some respects) or take actions to block their crash reporting system (which wouldn't be of benefit to anybody as they would then never receive a crash report as I would just set it and forget it).

I honestly don't get why people are still on about this. CCP said "Hey, awesome crash collection stuff coming up!" to which the question was asked "Is it optional?" CCP quite reasonably said "Oops, not now but we'll make it so!" and everything was fine. I would have preferred it be optional on launch but, again, a Dev gave a reasonable alternative if there were any reservations about the system until they could add the opt in, and again, everything was fine.

Then people came out of the woodwork with "if you have nothing to hide..." crap which is why some of us were giving examples of why we would indeed care. Regardless of how relevant you think they are, I do appreciate that CCP has addressed the concerns.


I'm told the crash dumps are also saved to the cache folder so you're welcome to take a look at them as you like. While I can't promise anything I'm sure we can look into the feasibility of allowing you to view a dump prior to submission as part of the opting in/out process, but that might be farther down the line if at all.

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012

Solo Drakban
Goosefleet
Gooseflock Featheration
#96 - 2011-10-17 21:02:14 UTC
CCP Sreegs wrote:

I'm told the crash dumps are also saved to the cache folder so you're welcome to take a look at them as you like. While I can't promise anything I'm sure we can look into the feasibility of allowing you to view a dump prior to submission as part of the opting in/out process, but that might be farther down the line if at all.


<3
Ranger 1
Ranger Corp
Vae. Victis.
#97 - 2011-10-17 21:26:48 UTC
Solo Drakban wrote:
Ranger 1 wrote:
From a post in above yours.



This does not explicitly state that this is for EVE crash reporting, rather than Windows error reporting or 'this is normally what happens during a crash, but we've turned off the dialogue'.



Whoops, sorry Solo. I had taken it to mean that it operated the same way, and I thought that perhaps you had cross-posted with him and not seen it.

Didn't mean it to sound snarky, if it did.

View the latest EVE Online developments and other game related news and gameplay by visiting Ranger 1 Presents: Virtual Realms.

Esan Vartesa
Samarkand Financial
#98 - 2011-10-17 21:34:59 UTC
Quote:
Personal information is not collected in these reports, and it doesn’t look at anything else you have installed or are running on your computer (unless you have external binaries that have injected themselves into the running EVE process).


I see what you did there, and I approve.

This is what is getting the people pretending to be worried about their privacy all jittery.

Solo Drakban
Goosefleet
Gooseflock Featheration
#99 - 2011-10-17 21:43:45 UTC
Esan Vartesa wrote:
Quote:
Personal information is not collected in these reports, and it doesn’t look at anything else you have installed or are running on your computer (unless you have external binaries that have injected themselves into the running EVE process).


I see what you did there, and I approve.

This is what is getting the people pretending to be worried about their privacy all jittery.



Actually, no, that's not what has us 'all jittery'. I'm fine with CCP getting a list of all my running applications (as I have said before), injected into EVE or not, so long as they are up-front about it (hell, Sreegs is welcome to show up at my place unannounced, crash on my couch and go through my computer himself looking for bots) so I can make the decision as to what applications to run at the same time as EVE. I also want the chance to review what they are sending as they currently have some ground to cover to regain my full trust in their statements.

It's all about informed consent balancing against the need for privacy.
CCP Sreegs
CCP Retirement Home
#100 - 2011-10-17 22:08:19 UTC
Solo Drakban wrote:


Actually, no, that's not what has us 'all jittery'. I'm fine with CCP getting a list of all my running applications (as I have said before), injected into EVE or not, so long as they are up-front about it (hell, Sreegs is welcome to show up at my place unannounced, crash on my couch and go through my computer himself looking for bots) so I can make the decision as to what applications to run at the same time as EVE. I also want the chance to review what they are sending as they currently have some ground to cover to regain my full trust in their statements.

It's all about informed consent balancing against the need for privacy.


We are not currently doing anything to enumerate any applications. All that we're retrieving is crash dumps from the EVE Online client which are limited to our own process space.

I can't make up my mind where on the creep-o-meter showing up at someone's house to rifle through their computer should be placed. It's somewhere below trying on their clothes and above peeking in their medicine cabinet.

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012