teqim.sourceforge.net

Run it before starting EQ. Seems to increase my efficiency while playing, at least when I am browsing web, running Excel sheets, etc.

Also, Trillian EQIM is pretty cool.

I haven't had any issues with either of these programs. Please let us know if you do.

~kiry

What does it do. It is remarkbly silent features etc on the website.
Wolja
Sarchasm: The gap between the creator of sarchastic wit and the recipient that doesn't get it
Wolja
Ilpapa
What I should look like

It steals your password and login id and sends it to Yantis and he sells your account after he strips all your toons. Dazzler Twodirks High Speed Quisinart for Hire
Guildleader of the Blades of Honor.
Monsters Slain, Pockets Picked, Corpses Dragged, and more.
No job too small, no fee too large
Card Carrying Member of The Safehouse.
Classes are not that out of balance -AbsorEQ

Basically, the DLL makes everquest use up less cycles of your cpu, running it "in background" as it is supposed to.

I noticed a reduction to 30% of my cpu usage as compared to 80 or 90% cpu usage while my browser was open.

Yes and it logs your account info, your blood type, speech pattern and keypresses... sending them right to Yantis as well as the goverment, for processing. Kudos, Dazzler

~kiry

Of course, more of your ram is used for EQ, and those of us with more ram will get better results.

I should also note that it's closer to 95 to 98% of cpu usage without the program running.

~kiry

Can anyone confirm this is legit?
65 Human Warrior

Well, I scanned the files for viruses. None found. However, I am not sure that will catch a keyboard logger or something similiar. I currently do not have access to a decompiler to examine the code itself. Turlo Lomon
Officer of Final Fury

Isn't it open source? Can't you just grab the source and check it out?

NOT OPEN SOURCE. He says its so that you don't feel like you hare hacking when you use it... HAHAHA HELL if you are using it and feel like you are hacking because you are using it then WHY not open the source? How exactly does HIDING the source make someone feel like they arn't hacking? The logic behind his reason is COMPLETLY flawed.


"intention is so that honest players that do not want to "bend the rules" or have no interest in hacking can use it without feeling as though they are soiling their good account standing."

So how is opening up the source making anyone feel any better, like they arn't hacking? Flawed logic in the program = Key counter stealing info! have fun with this one guys.


"Play Nice Policy" [1.1.2004]
Happy new year! Let us ring in the new year with our very own Play Nice Policy for EverQuest (note: previously known as eqcpu). For ages, Sony Online Entertainment has belittled its users with the Play Nice Policy, which states that you must be nice to the other kids on the playground. Now, we will enforce our own Play Nice Policy. Our policy states that EverQuest must be nice to the other kids on the playground -- in this case, everything else on your computer. Since Sony has neglected to implement this policy, we are left to do it for them until they do. So here it is, EQPlayNice. Install it and use it to enforce the new Play Nice Policy. Tell your friends about the Play Nice Policy. Tell SOE about the Play Nice Policy. Enjoy your computer as it was meant to be enjoyed, not waiting an hour for your web browser to load up while you're playing EQ. -Lax

Addendum: The source code to EQPlayNice is not provided. Although this causes some fears that it could contain a virus, the intention is so that honest players that do not want to "bend the rules" or have no interest in hacking can use it without feeling as though they are soiling their good account standing. If you are afraid to use the software but want EQ to play nice with your computer, send the information in the readme.txt to your server GM or your favorite SOE employees (or just point them here).

Ok I didn't read that stuff I just assumed that everything on sourceforge was open source. I will know better next time. I would never use something like this myself its an invitation to loose your account info.

Lax is the guy that did the bulk of the work on MacroQuest.

While that may not be the most stunning of refernces, you could look at it from the point of view that he's been around the community distributing software for a pretty long time and noone's ever accused him of stealing accounts. Higar Mettlebender
Archon of the 65th Prayer, Tserrina's daddy and CLERIC EPIC KS'ER!!!Brewer250tDrinker200Baker245tJeweler240tPo tter240tFletcher240tTailor243tSmith224t+15%Guardia ns of the Keep - Drinal
Tread softly...for you tread on my dreams

Dont you ppl use firewalls?

I have been using EQCPU for months as have many others. I still have my account and my firewall hasn't been shouting anything about EQCPU nor have I heard of anyone who uses EQCPU complaining about hacking. You'd think one or the other would have happened atleast once or twice by now.

I enjoy being able to run other programs in the background well instead of having EQ eat all the resources, regardless of how good of a system I have. Kopper
Viking Alliance

Everquest uses crazy CPU time and Im not sure why. I have a 3.0 Ghz pentium and when I turn hyperthreading off EQ still pegs 99-100% CPU rescources.

thank god for hyperthreading (which maxes EQ's use at 50%, with no performace loss at all, due to the way hyperthreading splits CPU load between programs).

If this program works it should give you huge performance increases when running other programs alongside EQ.
Dove the Silent. Assassin of Clan Ta'Veren

Everything on SourceForge is supposed to be Open Source, you can't use it as your own personal webspace just because you don't want to pay for tracable bandwidth. He's going to get the whole Trillian plugin canned doing this.

If it is on Sourceforge it HAS to be open source. It's a Prerequisite to having your work on there.

His explaination o whyhis source is not available is reason enough for me to raise an eyebrow.
<!--EZCODE IMAGE START---<img src="http://www.translocate.net/pics/sig1.jpg"/><!--EZCODE IMAGE END---<br><!--EZCODE IMAGE START---<img src="http://www.translocate.net/pics/crit1.jpg"/><!--EZCODE IMAGE END---<br><!--EZCODE LINK START---<a href="http://www.magelo.com/eq_view_profile.html?num=409980">Shanar's Fantastical Gear!</a><!--EZCODE LINK END---

Quote:
Fools at Safehouse

Since people can't seem to understand why closed source would make anyone feel better, or why EQPlayNice is closed source, here is your answer. EQPlayNice is a portion of MacroQuest. A very small portion at that. Opening the source would be redundant in that the source code for the full MacroQuest is available for you to download right now no questions asked, and this functionality is built into MacroQuest. So, if you think you would feel much safer just because something is open source, go run MacroQuest. Obviously at this point you should be thinking "but MacroQuest would get me banned...". Even if EQPlayNice was open source the same people currently whining wouldn't know what to look for in the source if it smacked them in the face.

Because most people are too stupid to dress themselves (I learned this by being a developer of MacroQuest), no matter what is done there will always be someone who refuses to use it for whatever reason. And that's why you need to get SOE to implement what EQPlayNice does into EQ, whether you use EQPlayNice or not. If you dont use it, who gives a @#%$. That doesn't mean you have to be ignorant to the fact that EQ is destroying your cpu and not letting you even open your web browser.

And a special note to Melodie, learn to spell. If I wanted your account info I would start by guessing mispelled words.

haha owned!

I don't feel owned. I saw a temper tantrum by an immature moron.

Edit: Post removed. Try following your own advice. This is your one and only official warning. -Glip Edited by: Glip the Gnome at: 1/7/04 4:53 am

Quote:If I wanted your account info I would start by guessing mispelled words.

Such as "mispelled"?

At any rate, it sounds like a great program. And while his statement that most of us would not know what to look for in the open source, the fact that it would be open for SOMEONE to look at and then report on would be very reassuring.

Translation: He has forked and closed a GPL'd program.

For me it reduces framerate alot, but I heard for some people its working good.

I solved the problem by ctrl+alt+del and lowering the priority for EQ (Or raising the prio for the other program i want running, for example a movie i have running on top of EQ or something) Character Profile
Forsaken Realm Webpage
Forsaken Realm Forums

It's a small portion of MacroQuest. If you want to see the source code, look at MQ's sourcecode. I haven't memorized the entire GPL, but I'm not sure if it's really specific on stuff like this. It's a portion of MQ, which has all the source available. As others have said, most people don't do anything with the source anyway. Having it there for *somebody* to check makes them feel better, even if nobody ends up actually checking it. It doesn't seem to trigger any weird stuff on firewalls and Lax does have a reputation of putting out EQ software for quite a while, without incident.

Quote:If it is on Sourceforge it HAS to be open source. It's a Prerequisite to having your work on there.

I looked, and their page says that they provide "free hosting to Open Source software development projects." I haven't looked for/at their fine print to see if they would shut down a whole project with several open source programs because he has one closed source program there. Especially when it's "sort of" closed source as described above.

Quote:I would never use something like this myself its an invitation to loose your account info.

As stated above, use a firewall. Problem solved. It doesn't matter if the program can create a wireless neural link to your brain and steal every piece of knowledge in your head, if the program can't send that data anywhere.

Quote:Well, I scanned the files for viruses. None found. However, I am not sure that will catch a keyboard logger or something similiar.

Virus scanners work like the "Find" tool. It looks for certain matching patterns in files. If a file has a string that matches something in the scanner's virus list, the scanner says, "Hey, that program's a virus." If he used a virus writing kit, it would probably get detected as "Uber Virus Writer 4000 Keylogger" or something, since anything made with the kit would have the same chunk of code to actually do the keylogging. If he wrote his own keylogging code (or a brand new virus for that matter), the virus scanner would have no idea on what patterns to look for to find this new virus. Heuristic scanning may pick up a new virus if its code is similar enough to virus code that the scanner already knows about.

P.S. EQ is closed source. Windows is closed source (and sends a lot more data to a lot more places than you're probably aware). Trillian (re: the TEQIM plugin) is closed source. Open vs. closed source isn't the only thing you should look at... -------------------------
Invissibill
LlibisivniEdited by: InvisiBill at: 1/2/04 3:40 pm

Even if it was open source, 80% of you probably don't have Visual Studio, so you'd have to download the binary anyways. So he could just stick a keylogger in the exe but upload a completely legit source. It's a lose lose situation if you're paranoid; feel free to not use it, but don't make assumptions about the validity of a program you're unwilling to test, thereby dissing the people working for free trying to make EQ better.

Anyway, I've used it for months, and I still have my account. -MorbEdited by: MorbRZ at: 1/2/04 3:49 pm

Quote:As stated above, use a firewall. Problem solved. It doesn't matter if the program can create a wireless neural link to your brain and steal every piece of knowledge in your head, if the program can't send that data anywhere.

I bet this tastes as bad as it smells.

Once a person has downloaded a program and installed it, a well written data sniffer of any kind, particularly one that runs in conjuction with an online application, can get the data "out"

PEOPLE PLEASE, it all boils down to how much you trust the source of the software. If you think having a firewall or antivirus software keeps you safe from having your password taken, and then you download all kinds of programs that are running WHILE you are typing in your password, you are very wrong

The reasons given for hiding the open source, source code are BS. And the GPL is pretty clear about derivative works.

This guy talks a good game but his legal mumbo jumbo is made up.

You have only 2 ways of knowing if this will steal your password.

1) The word of the developer
2) examining the source code or having someone with knowledge doing it for you

In the absence of condition 2, you are left with condition 1.

If I wanted to steal your passwords I would write a program like this. It would be open source even.

I would let anyone who wanted to use it, use it free.

I would release months of updates, free.

Then one day, I would release my final update, no longer share the source code, my customers would have learned to trust me by now, and update. And I would have a crapload of accounts to use at my leisure.

Just because Im paranoid doesn't mean they are not out to get me.

Quote:I looked, and their page says that they provide "free hosting to Open Source software development projects." I haven't looked for/at their fine print to see if they would shut down a whole project with several open source programs because he has one closed source program there. Especially when it's "sort of" closed source as described above.The fine print didn' take long to find, it's linked at the bottom of the page, under "Terms of Use". Here's the relevant section:

Content located on any SourceForge.net-hosted subdomain... shall be subject to the OSI-approved license applicable to such Source Code, or to such other licensing arrangements that may be approved by OSDN as applicable to such Content.

You may be right about teqim being safe though, violation is punishable by cancelation of the user's account, there's no mention of what happens to the projects that account is maintainer of.

Quote:Once a person has downloaded a program and installed it, a well written data sniffer of any kind, particularly one that runs in conjuction with an online application, can get the data "out"

How exactly would the data get out? If the application tried to send something itself, I would get an alert saying that Unknown_Application_01 was trying to connect to some host. No thanks, I'll just click on DENY and mark it to always do that. If it tried to connect to something "through" EQ, I'd get an alert saying that EQGAME.EXE is trying to connecto to Unknown_Host_01. That's not Sony's server, so I'll just click on DENY and mark it to always do that. There are some ways that you could have it send out data through some "integration" features of a web browser. However, I use a browser that actually cares a little about security, so mine won't do that.

What I'm saying is that you can't sneak data out through my firewall. You'd have to find a way to get around it. While I'm sure this isn't impossible, there was a big stink about most software firewalls only blocking the default MS TCP/IP stack a while back. If you had another protocol driver installed, it was basically a shortcut completely around the firewall. I don't know enough about firewall code and protocol drivers and stuff to know exactly how hard this would be, but I'm guessing that with the problem already being brought up, it's not too easy. Definitely not a "capture(username,password); sendtohax0rserver(username,password)" situation in any case.

Quote:Content located on any SourceForge.net-hosted subdomain... shall be subject to the OSI-approved license applicable to such Source Code, or to such other licensing arrangements that may be approved by OSDN as applicable to such Content.

That's legal mumbo jumbo that doesn't really say much. Where can I find a listing of the OSI-approved license(s?) and what Source Code they're applicable to? What about these "other licensing arrangements that may be approved by OSDN as applicable"? That statement basically just says that everything hosted on SourceForge has to comply with their licensing rules, but I don't see the actual licensing rules. That's what I was referring to regarding the fine print.

Like I said, I'm not up on the GPL enough to know where the line is between subsection and derivation is for a project. It would probably just be easiest if he released the source so everybody could quit whining about everything. =) -------------------------
Invissibill
Llibisivni

I've also heard that EQ won't allow keystroke recorders to run while eq is active. I've verified this to be true on one keystroke recorder program that I have, but I'm sure someone really crafty could make one that ran with EQ being active.

nm-tmi Edited by: Qutsemnie at: 1/3/04 5:24 am

The source code for EQPlayNice is on the page now. BLACK HELICOPTERS!! RUN! <a href=http://www.magelo.com/eq_view_profile.html?num=335365>Morent Meerkat</a>

Quote:That's legal mumbo jumbo that doesn't really say much. Where can I find a listing of the OSI-approved license(s?) and what Source Code they're applicable to? What about these "other licensing arrangements that may be approved by OSDN as applicable"? That statement basically just says that everything hosted on SourceForge has to comply with their licensing rules, but I don't see the actual licensing rules. That's what I was referring to regarding the fine print.I thought it was obvious that I just pulled one relevant sentance out of many pages of legalese. If you want the full Terms you should read them, but specifically, you can get the list of OSI-approved licenses from the OSI, and "Source Code" is defined a few paragraphs up as "data stored in CVS or as a file release and posted by any user on SourceForge.net".

Your example of eqgame.exe attempting to connect to an unknown host is probably a bad example. I'm sure that you have eqgame.exe listed in your allowed list to connect to the internet. Doubtfully would it modify eqgame.exe as there are a thousand ways easier to key log or pull username and password. Additionally you would have to patch every time SoE updated eqgame.exe when they patched. A simple sniffer on the line would pull the required information. If the source is up there now...I'll take a look at it.

art

Now that the source code is posted, I'm waiting for Meoldie and Shanar to come post their results of checking that code for possible keyloggers.

I mean, the reason they bitched and moaned was because they wanted to check it out themselves, right?

Wow nice source:

// ************************************************** *************************
// Function: InsertCommands
// Description: Where we start execution during the insertion
// ************************************************** *************************
DWORD WINAPI InsertCommands(LPVOID lpParameter)
{
//&nbsp &nbsp &nbsp &nbsp Debug("InsertCommands");

if (!TakeControlOfCommandList()) {
gbUnload = TRUE;
g_Loaded = FALSE;
return 1;
}

while (!gbUnload) {
&nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp // PRETEND TO NOT BE STEALING YOUR ACCOUNT INFOZ
Sleep(1000);
}


ReleaseCommandList();

g_Loaded = FALSE;
return 0;
}

VOID SetForegroundMaxFPS(DWORD MaxFPS)
{
&nbsp &nbsp &nbsp &nbsp // SEKRIT STATION NAME STEALING ALGORITHM
&nbsp &nbsp &nbsp &nbsp FG_SLEEP=1000/MaxFPS;
}

VOID SetBackgroundMaxFPS(DWORD MaxFPS)
{
&nbsp &nbsp &nbsp &nbsp // SEKRIT PASSWORD STEALING ALGORITHM
&nbsp &nbsp &nbsp &nbsp BG_SLEEP=1000/MaxFPS;
}


Edited by: Xitix at: 1/3/04 1:14 pm

Computer security is no joke and to add comments to make source look sinister just because people weren't willing to download and run your crap is pretty childish. It's what is expected of script kiddies tho.

Quote:a well written data sniffer of any kind, particularly one that runs in conjuction with an online application, can get the data "out"

Quote:Your example of eqgame.exe attempting to connect to an unknown host is probably a bad example. I'm sure that you have eqgame.exe listed in your allowed list to connect to the internet. Doubtfully would it modify eqgame.exe as there are a thousand ways easier to key log or pull username and password.

That's what your first statement implied, that the program would run in conjunction with EQ and somehow sneak through the firewall with it. If it's not somehow using the permissions already given to EQ, then it really doesn't mean anything that it's "running in conjuction with it." Otherwise it's the same as any new application that gets installed and tries to establish a connection.

Quote:I thought it was obvious that I just pulled one relevant sentance out of many pages of legalese. If you want the full Terms you should read them, but specifically, you can get the list of OSI-approved licenses from the OSI, and "Source Code" is defined a few paragraphs up as "data stored in CVS or as a file release and posted by any user on SourceForge.net".

I did read the ToS there. And that's all it said on that page. I'm sure I could've found that link for the licenses if I had dug deeper, but I'm lazy. =) And now it doesn't matter anyway since he released the source code. -------------------------
Invissibill
Llibisivni

"I don't feel owned. I saw a temper tantrum by an immature moron."

Yea someone said it better than me.

Thats what I saw too.

At least he "tried" to explain why its not open though. Still though, the logic is flawed. Ok so let me get this straight. It’s not open because it’s part of another program that is open? What happened to the first reason that it wasn’t open because he didn’t want people to feel like they were hacking? Well, that’s cool, us here at the safehouse are fools of course. Oh and Cupcake, your spelling isn’t much better.

If this program is just what it is, at face value, then awsome. That's really nice of ya. Later.

I said....

Quote:Once a person has downloaded a program and installed it, a well written data sniffer of any kind, particularly one that runs in conjuction with an online application, can get the data "out"

You said...

Quote:There are some ways that you could have it send out data through some "integration" features of a web browser. However, I use a browser that actually cares a little about security, so mine won't do that.

What I'm saying is that you can't sneak data out through my firewall. You'd have to find a way to get around it. While I'm sure this isn't impossible, there was a big stink about most software firewalls only blocking the default MS TCP/IP stack a while back. If you had another protocol driver installed, it was basically a shortcut completely around the firewall. I don't know enough about firewall code and protocol drivers and stuff to know exactly how hard this would be, but I'm guessing that with the problem already being brought up, it's not too easy. Definitely not a "capture(username,password); sendtohax0rserver(username,password)" situation in any case.

So in your reply you list 2 examples of ways done in the past, and admit that other ways can be developed.

So I think enough said on that.

It is always going to come down to how much you trust your developer.

Always has, always will.

Exactly how many protocol security fixes have been developed over the past 5 years? There is ALWAYS a way to @#%$ someone once they open the door and install your stuff. The only barrier is how hard the hacker wants to work, and how smart he is.

I am not accusing of you or your software of stealing passwords. But to come upon any message board and scoff at the idea that it happens is simply naive.

It would seem to me the best thing to defend your product is to open it up for inspection, which I see you have now done, rather then quoting legal dogma or getting irate with those who simply seek to protect themselves.

Like it or not, the open software industry is ripe with unethical people and consumers of it have learned to be cautious. If you are developing this stuff proffessionaly then proffesionally accept you earn consumer trust, not demand it.

It works ive been using it with a firewall and ive had no problems what so ever

EDIT: Content and a warning -Wraine Edited by: Wraine at: 1/4/04 9:08 am

To pass a login and password to some harvesting machine? Like two seconds, plop an IE explorder canvas on the app window and load a graphic:

Http \www.hackers.com\login\password\logo.gif

Wow. I was looking at some of his software, but after this display, I'm not interested.

You know I had a nice long post typed out but I decided it's not worth the warning.

Nightgod, I'll get right on that, seriously, right away sir.

And Cykou, wow, just the depth of intelligence in your post fills me with respect for you, if someone obviously as intelligent as you says it's safe I believe you.

In closing the issue is not whether it's 'safe' or not, granted that is a concern, only a fool simply installs a program and trusts that it's safe, but that was not my primary concern. You do not post a program on sourceforge, then give a halfass excuse for the source not being available, you don't want to post your source? Fine don't host it on an open source site. And don't insult people with idiodic reasoning about people feeling like hackers, no one 'has' to download the source, you are providing a precompiled binary, it still should be there for viewing, and compiling, If someone wants to compile it themself.

Funny though how you guys post how we are fags and morons, and source gets posted with smartass comments in it, yet 'we' are the idiots?

Right.



Edited by: Shanar at: 1/4/04 12:47 am

Oh and for the record, From Sourceforge.net mainpage.

Quote:with the largest repository of Open Source code and applications available on the Internet. SourceForge.net provides free services to Open Source developers.

The Definition of Open Source :

www.opensource.org/docs/definition.php

Of Particular Interest :

Quote:2. Source Code
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost–preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.

Rationale: We require access to un-obfuscated source code because you can't evolve programs without modifying them. Since our purpose is to make evolution easy, we require that modification be made easy.

If you don't want to run it then don't run it. Nagging the guy and instantly calling him an account thief cause he doesn't post something already out there for the last 5? months is what's retarded. Net is full of too many word for word snobs.

Quote:Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost–preferably, downloading via the Internet without charge.

Quote:EQPlayNice is a portion of MacroQuest. A very small portion at that. Opening the source would be redundant in that the source code for the full MacroQuest is available for you to download right now no questions asked, and this functionality is built into MacroQuest.

Looks to me like he followed the defintion of open source just fine. Edited by: NightGod at: 1/4/04 8:15 am

Quote:Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost–preferably, downloading via the Internet without charge.

Psst well-publicized doesn't mean a long childish post full of gibberish when somebody asks for it. It means a direct link to where the source can be downloaded or ordered. They were not in compliance with the rules.

So then why was there a long and immature post about how we are all babies, and how the source is not posted because he does not want us to feel like hackers?

Seems like if this is in fact the same code A lot of confusion could have been avoided if people had acted maturely rather than acting like children.

My experiences with Lax and his software have all been positive, and I still have my accounts. He is an exceptional coder, and a nice guy to talk to if you approach him without a gun to his head.

Quote:It's what is expected of script kiddies tho.
I would hardly call Lax a script kiddy.

That's what well publicised means to you. Doesn't mean it means the same thing to everyone else.

And I'm not quite sure what you expected the respose to be to a bunch of people calling him a thief when he tried to give (as in, for free) something to the community. I'm surprised he was nearly as calm as he was, to be honest. Most people would have just yanked the program because people were being total asses about it.

Generally I get the feeling that most people dislike Lax because of one aspect of what he does, that being code the MacroQuest program. Kinda like the way everyone rips into Yantis when he buys a class board that would have otherwise gone under and puts a 1" banner ad on top of the page because he sells EQ items.

Hate the man if you want, but don't blindly condemn everything he does just because his name is attached to it.

You host stuff on soucreforge you include the source or suffer the resulting flack. If it had been hosted on a private website then comments about it not being open source due to no source code would not have appeared.

Script kiddies take code from others and usually have the social skills of pre-teens. The code came from someplace else and just read the posts and source on sourcforge for an idea of social skills. This doesn't mean the person won't eventually develop programing and social skills just that they aren't showing either currently.

And the script kiddie you vehemently claim is out to steal accounts with some fake no-source program has been part / head dev of an application in use for a long time. More onto that eqcpu has been around almost as long, eqpn is just a stand alone app.

More then just "script kiddies" exhibit behavior of pre-teens, as evidence in this thread many times over by posters like the above.

Someone calls me a thief without any reason behind it other then not opening up my source code to prove them wrong , and you would bet I would backlash . Seriously, people are calling this guy a script kiddie, an account thief and are shocked when they don't get a courteous response to their idiotic claims. Why not also claim that Microsoft XP eats your babies and is a secret spying network since they won't open up the source code?

Either use the software, or don't. If people want to make accusations, back it up with proof, and 'not opening the source code' would never hold up in a court of law.

Half the world does believe that Windows is backdoored for the American government...

Your making this a bigger deal than it is. Lets go over the basic facts:

1. A link to an EXE is posted that is hosted on SourceForge.
2. There is no source.
3. Suspicion is aroused since SOURCEForge requires source to be readily available.

In these days of email worms and trojan programs most people should be suspicious especially about unsolicited links to EXEs. A reply is made that source wasn't posted because they didn't want people to think they were hacking accounts. This increased the level of suspicion as it didn't make any sense at all.

The source as posted is riddled with comments about stealing passwords,logins and installed keyloggers. Where did these comments come from? Where they in the original source or added before posting here? Edited by: Xitix at: 1/5/04 8:59 am

Sometimes I feel sorry I even posted this here.

~kiry

Quote:In these days of email worms and trojan programs most people should be suspicious especially about unsolicited links to EXEs. A reply is made that source wasn't posted because they didn't want people to think they were hacking accounts. This increased the level of suspicion as it didn't make any sense at all.

The source as posted is riddled with comments about stealing passwords,logins and installed keyloggers. Where did these comments come from? Where they in the original source or added before posting here?

/boggle. It's quite obvious the comments were put in afterwards. They do absolutly nothing to the code and were put in wherever, they are just comments. Just from browsing the files the code seems legit. He could have done it more subtlely though and renamed his functions to stuff like getKeystrokesForEQ and fooled a number of would be computar exparts!1!!11

Has nothing to do with being a script kiddie or not. Has everything to do with someone being irked about being called an account thief. Edited by: Absolute Master at: 1/5/04 9:15 am

I say it again - posting EXE's without source on SourceForge arroused suspiscion and rightly so. The only post saying it actually steals stuff is a joke post in the same style as the comments in the code as it also goes overboard and hits the right in jokes. For example mentioning PA and selling stolen plate/items.

Do unto others as you would have them do unto you. Don't come to one of the most well known messageboards in all of EQ, sling mud, and then cry like a baby when you look down and you are a little dirty. This dude was called a thief and many other condescending names...he was not the person that made this personal.

Show me someone that doesn't get defensive when a bunch of anonymous computer game players start trashing him and I would be more worried about their intentions that this guy's. Use the program or don't use it, but attacking him personally on this board was very uncalled for.
My Slowly Improving Stuff!

Xitix, Lax has written most of the source for MQ2, is an excellent coder, and is like I said actually quite sociable if you approach him without a gun to his head. Despite your personal dislikes of a person you obviously know very little about, calling him a script kiddy is just wrong. Calling him an ass would at least just be a matter of personal opinion, "script kiddy" has a relatively acknowledged definition, and he doesn't fit it at all.

I have no like/disslike of him since I really know nothing about him. I am only commenting of what I have seen posted here and the comments on the sourceforge site. It was seeing an EXE only app hosted there that rubbed me the wrong way. That is a major transgression in my books and colored how I viewed everything else.

Seeing the EQIM related code he wrote it's obvious he is not a script kiddie as it's well done and the various projects show a methodical mind. A text based EQIM with lots of debug messages to learn the protocol and find errors followed by GUI apps that are more end user friendly but build on what was learned with the text version. A lot of programmers rush to make the end application and botch the whole thing.

I don't believe I called anyone a script kiddie, accused anyone of hacking, or put a gun to anyones head.

I simply questioned why the source was not available, said the guy conducted himself like an immature ass when he was asked why the source was not available, and then acted like an even bigger immature ass when he put the source out with wise ass comments in it.

I don't care how good a programmer he is, he acted like an immature child in this case, and first impressions are a bitch.

Any reputable programmer I know would not balk at people wanting to see their code, most any reputable programmer KNOWS hacking and account stealing is rampant in EQ and would totally understand the paranoia of the community, but this guy wants to be a smart ass instead. That's just fine, he may be a great programmer, he still needs to grow up.

If you REALLY wanna make it run in background, there's a simple way to do it without using any outside programs. After EQ starts up, go ALT+enter out of there, go to start > run, type in the following: at 3:02 /interactive c: \ windows\system32\taskmgr.exe. Change the 3:02 to one minute after the current time. I typed this in last at 3:01 AM. When the task manager opens up, go to processes, right click on eqgame.exe, and change it's priority to BelowthanNormal. That makes it so it takes up less CPU and lets you run other programs much faster. I'm done. Vargren Shade - Deceiver of Mithaniel MarrEdited by: Vargren Shade at: 1/5/04 11:24 am

Actually Shanar, you are continously attacking someone on a personal level. Sounds like someone else might need to "grow up" to me. Just an objective opinion though, I don't know this dude from a hole in the ground and won't be using his programs.
My Slowly Improving Stuff!

Quote:So in your reply you list 2 examples of ways done in the past, and admit that other ways can be developed.

It's pretty stupid in this day and age to claim that something will never be broken in the future. That's the intent of my statement saying that there will always be some way to get past anything. Both of the other methods I mentioned require huge security flaws to occur. The firewall one was a huge flaw that affected many software firewalls. It was more an error in thinking than an error in code. The firewall software only affected a portion of your network traffic. I don't claim to know everything about this situation, but I'm pretty sure they covered all the "non-standard" stuff, not just the one testing protocol that was in use when this was discovered. That would mean that any program that had its own protocol driver included, and tried to create a new connection on this new custom protocol, would still get caught.

The other method requires a flaw in the browser that allows another program to send data out through it. Get a browser that doesn't have that problem, and it's not an issue. Sorry, but I don't have much sympathy with people using software with problems, when there's a readily available substitute. Especially when the program was never that good to begin with.

As I've said several times now, it's pretty much impossible to make something that is impossible to crack. There will always be some way to "undo" any fancy process you do to protect something. However, there's a point where it's pointless to try something. www.distributed.net has a distributed client that cracks encryption with spare CPU cycles. The initial point of the program was to prove how easy it was to break the lower end encryption if you had enough computer "horsepower" to just try every possible combination. The first one was done relatively quickly. However, the current RC5-72 project is pretty pointless. Assuming that CPUs continue to progress at the current rate and everything keeps getting better and better like it has done, it will still be 20 years before we can brute-force the encryption. That's not 20 years on P4s and AthlonXPs, that's 20 years of using whatever is available from now through then (assuming that the computers of "then" are proportionally faster than computers of "now").

I'm sure Lax could code something to steal accounts if he really wanted to. However, it would take a lot to actually get the data out undetected. As long as it was detectable to one single person, it would get discovered and soon everyone would know about it. It would basically become useless. It would also make it proportionally harder to be able to do all that stuff undetected, and still maintain its appearance as a simple program with limited purpose. I could probably code up a 500MB "really neato program" that would take over your system, but it would be harder to do that with two files totalling 150K. I'm not saying that anything is actually impossible. I'm just saying it's a whole lot more likely that it's impossible for this 150K program to take over my system so that I can't tell if it's trying to do something bad. It not only has to do the intended bad deeds, it also has to do stuff to make sure nobody figures out what's really going on, and maintain its innocent appearance. I see that as about as impossible as you can get. -------------------------
Invissibill
Llibisivni

Quote:Actually Shanar, you are continously attacking someone on a personal level. Sounds like someone else might need to "grow up" to me. Just an objective opinion though, I don't know this dude from a hole in the ground and won't be using his programs.

Whatever you say. I asked simple questions, if you think those were attacks then you obviously don't know me too well.

EQPlayNice inject itself into EverQuest, any of you who know the way MQ works at all will realize that it would be easy for Lax to send out a username and password in maybe 3 lines of code (depends on if the username/password needs to be decrypted from memory) and then it can be sent to Lax (at least to an EQIM account set up, and in this case, the message text removed from the text box) At any case, the reason the comments are there? I would guess they are probably there to make funof people like you who are so questionable of programs like this. Additionally, if the program is released under the GPL (which i believe EQPlayNice is) you don't have to be able to download the source off the site, you must be able to have access to the same rights as the developers. This means that you can request the source but do not have to have it first off. Read the GPL sometime, you all might find it helpful.

How about this:

If you trust him, run it.

If you don't, don't run it.

Seems simple enough to me /shrug. Don't really want to close this thread but if the crap doesnt stop I guess I'll have to. At least pretend to get along with each other, for the gnome

Quote:How about this:

If you trust him, run it.

If you don't, don't run it.

Exactly what I was trying to say.

Your only real assurance of security today is how much you can trust your vendor/developer.

All security is relative to the desire of the programmers to steal your data. If you cannot read and understand the code yourself, you have ONLY the word of the developer.

And in some circles, trust me is synonomous with F-You

But my case was made by the one guy arguing against it.

Quote:I'm sure Lax could code something to steal accounts if he really wanted to.

And thats what I was saying, and I have been clueless why you took so much offense with that.

It is ALL about how much you trust the source. To go around posting things like....

Quote:As stated above, use a firewall. Problem solved. It doesn't matter if the program can create a wireless neural link to your brain and steal every piece of knowledge in your head, if the program can't send that data anywhere.

..is simply not responsible, and bad advice. Its like saying passengers go through metal detectors so nobody can steal a plane.

A firewall is increased security but not total. A firewall, and a cautious, savvy user, is the best security available.

Look he hosted it on SourceForge which requires source to be readily available. It's the whole point of the site. Failing to have it available means he was basically stealing bandwidth and server space.

Again URLs contain DATA, to get a small chunck of data out you just encode it in a URL. On the target webserver you capture the data. It's the same way spam senders encode your email address in an image link so they then know your address is 'live'. Hell there are proxies out there that use this method to allow full tcp/ip over HTTP:as a way of getting around firewalls. Edited by: Xitix at: 1/7/04 9:22 am

Bah, the code was ALWAYS there. He broke this program out from some other program he runs, Macro something. It was pointed out as soon as someone asked for it that it was there in the Macro program code.

I dont see what the big deal is. He even went as far to post the code for this stand alone version. It's done it's up, drop it.

If you want to use it, use it. If you dont, dont. It is that simple.

On another note, the firewall does not mean that you are safe and no one can steal your password, especially if you download and install a program.

The code was there in another program he broke the module out of, much of the confusion was over the way he handled himself.

Had he simply come out and said that at first rather than this other BS, then conducting himself like an immature child, 99% of this argument would have never happened in the first place.

But really it's over and done with. The code is available to people even with his sophmorish comments in it that is all I was ever concerned with. And not because I really gave a rats ass about it being potentially dangerous as much as it offended me to see someone apparently @#%$ on the concept of 'open source' because they apparently felt it did not apply to them.

It ended up being the guy was just being self important and the code was in fact available in the full MQ download. Personally I still don't get why just posting the fragment of source for this module was such a big deal, but I no longer care as the author has proven himself to be childish and immature, that in itself is all I need to know to stop caring about his reasons.

So in closing, the whole thing was a misunderstanding that could have been very easily avoided.

Shanar, are you actually capable of posting without being insulting on a personal level? There are a few people in this thread that come across to me as utter pillocks, you don't see me laying into them here. If you are so determined to trash the guy then go and make a website or somesuch.
In closing.
Have a nice day

Note: Nested quotes are unsupported, so my original statements are left out of his quotes.

Quote:And thats what I was saying, and I have been clueless why you took so much offense with that.

I didn't take offense at it. I just believe that there is more than one way to skin a cat. I want people to see that, rather than "It's not my way, so it's not the right way."

Quote:It is ALL about how much you trust the source. To go around posting things like....

..is simply not responsible, and bad advice. Its like saying passengers go through metal detectors so nobody can steal a plane.

A firewall is increased security but not total. A firewall, and a cautious, savvy user, is the best security available.

Is the poster above correct, in that MQ can send tells and stuff without it actually showing up to the user? If so, that's a huge security hole, and I wasn't aware of it. At least it's still limited to an in-game thing, as opposed to being able to send any data anywhere it wants. This "program" itself is an above-average security risk, as it's not really a separate program, but a modification to an existing one.

In new-program instances though, a good firewall (with good rules) is total security. As I said, I could have been infected by the super-duperest info-stealing worm. The guy just wrote it 5 minutes ago and I'm his first target, so no virus scanners or anything can detect it. If I have my environment secured (via a good firewall), the program can be as insecure as it wants with no ill effects. It might totally destroy my system, but it can't send anything to any location that I haven't already said I trust. I would much rather rely on my system being secured so that a bad program can't do anything to/on it, than rely on trying to catch every single bad program.

I guess I am taking back my first statement about a firewall solving all of the problems with this. It would stop any external connections (i.e. his program tries to "phone home" to his server) but you would still be susceptible to in-game stuff, like sending him your info via /tell. -------------------------
Invissibill
Llibisivni

Given that the EQIM protocol has been cracked, it's trivial to send a tell from within EQ without involving the main EQ interface. All you need to do is log in to the chat server once the legitimate eqgame.exe has logged off and freed up the account, send your tell, and then let EQ terminate normally.

Quote:Shanar, are you actually capable of posting without being insulting on a personal level? There are a few people in this thread that come across to me as utter pillocks, you don't see me laying into them here. If you are so determined to trash the guy then go and make a website or somesuch.
In closing.
Have a nice day

If I have said anything that is untrue please feel free to point it out, I don't believe in sugar coating my opinion. If someone is an ass I come right out and say they are an ass. You save a lot of time that way.

About the only 'truth' in your last but one post, aside from insults was 'the code was already out there'.
The rest was your opinion, now opinion does NOT equal truth. So we have one line, followed by a couple of paragraphs of insults. Nice attitude. Must make you popular in social situations assuming you hold true to this ethos outside of anonymous board communities.
Done with this. To take a lesson from your own succinct post, you come across as an ass.

I'm not sure but was EQW's sourcecode made public ever?

So what's the difference between EQwindows and EQplaynice? They are both utilities designed to make your life easier no?

What makes people trust the EQW coder more than the EQPN one?

Anyway I hope that just like EQW concept was partly adapted by Sony this one will be as well, if people begin to use it.

I was guilded with the EQW creator for a couple years, so that helped my trust along a little. But as for eqplaynice, sure as hell makes web browsing and movie watching easier with EQ running, but it seems to break my keyboard far too often for me to use it

Quote:you come across as an ass.

It's ok though, I had Subway for lunch.

Quote:Any reputable programmer I know would not balk at people wanting to see their code

You don't know very many then. I agree the guy acted a bit like an ass, but that statement is as silly as anything he said. <table border="0" width="424" height="110" cellspacing="0" cellpadding="0">
<tr>
<td width="94" height="110"><a href="http://www.dommeq.com/html/modules.php?name=eq_character&op=charinfo&uid=2" target="_blank"><img border="0" src="http://www.dommeq.com/images/Photos/vowelfs.gif" width="94" height="140"></a></td>
<td width="314" height="110">
<p align="center" style="line-height: 100%"><b><font color="#008000" face="Arial" size="4">Baron
Vowelumos Consonantario</font></b></p>
<p align="center" style="line-height: 100%"><font color="#FF0000" size="3"><b>Storm Warden</b></font></p>
<p align="center" style="line-height: 100%"><font color="#0000FF"><b><i>Dragons
of Mesa Moon</i></b></font></td>
</tr>
</table>

Quote:You don't know very many then. I agree the guy acted a bit like an ass, but that statement is as silly as anything he said.

Actually yes I know quite a few. And any programmer that worked for me with an attitude like this guys, I would fire. I don't care how 'good' they are.

Quote:Any reputable programmer I know would not balk at people wanting to see their code

Send an e-mail to...well...hell..ANY commercial software company and ask them to see their source code, so you can make sure they aren't trying to steal information off you computer.

I'd suggest starting with Microsoft and working your way through every program installed on your computer.

Let me know how that goes...I want to know what companies are "reputable". Higar Mettlebender
Archon of the 65th Prayer, Tserrina's daddy and CLERIC EPIC KS'ER!!!Brewer250tDrinker200Baker250tJeweler240tPo tter240tFletcher240tTailor243tSmith224t+15%Guardia ns of the Keep - Drinal
Tread softly...for you tread on my dreams

Microsoft isn't a programmer, and the programmers who do work for them are bound by their employment contracts.

That said, it actually isn't all that difficult to get access to MS source. You just have to answer their questions on why you want it and sign the NDAs.

Quote:Send an e-mail to...well...hell..ANY commercial software company and ask them to see their source code, so you can make sure they aren't trying to steal information off you computer.

OK I guess for the stupid I need to clarify.

Any programmer writing something you 'should' be able to see, note exclude commercial software.

ANY programmer that works for me never misses the chance to brag about their code when I want to see it, it is all about how they made this work, or optimized that. Hell I am the same way, it's called pride.

When someone does not wanna show me something that is an immediate red flag.

Note we were not talking about source code for microsoft outlook, we were talking about an open source project.

Hey Glip, I don't even remember what I posted that you so kindly edited out. Mind telling me what I did? Nadime
Fury's Edge

glipthegnome@thesafehouse.org is his e-mail I believe.

You may get a faster response that way.

Quote:I was guilded with the EQW creator for a couple years, so that helped my trust along a little. But as for eqplaynice, sure as hell makes web browsing and movie watching easier with EQ running, but it seems to break my keyboard far too often for me to use it

What is it doing? I've noticed some keyboard glitches, and hadn't thought to equate the two.

Havent noticed any problems myself, its a beautiful, beautiful thing.