Pages: 1 2 [3] 4 5 6 7 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
malaire
41
|
Posted - 2011.09.20 17:59:00 -
[61] - Quote
Other site, EVE Central Intelligence, collected 3.9 million valid characterIDs without using characterID guessing.
Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:00:00 -
[62] - Quote
Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Associate QA Tester for Team EVESec. |
|
Zaraki Kenpachi
Republic Military School Minmatar Republic
0
|
Posted - 2011.09.20 18:01:00 -
[63] - Quote
oh boy.. surprised to find some of my alt ... they never did **** but here they are
I'll just leave the disclaimer of evewho here :
Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
now what..? |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:02:00 -
[64] - Quote
CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls
Do you consider it good design that the API confirms or refutes the existence of a character ID without a key?
Edit - and I could distribute requests all over the place, as could LOTS of Eve players. You going to check the error rate over what (for example) is the known PL IP addresses? No of course you're not. NB-not suggesting PL are involved, but I know you guys log all your IP addresses on comms/forums/etc hence the example. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:02:00 -
[65] - Quote
CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls
So spread them over multiple proxies, API calls are lightweight on a proxy/VPN.
The API can be called from Amazon's Elastic Cloud VM's :) |
Messoroz
AQUILA INC
10
|
Posted - 2011.09.20 18:02:00 -
[66] - Quote
CCP Stillman wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify: We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data. Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
But they had to scrape, they have npc corp alts never even logged into listed that should otherwise not exist. Unless they got access to an set of api keys from other sources they shouldnt have. |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:05:00 -
[67] - Quote
Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough.
We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good.
But then again, a key is very easy to get hold of. Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:06:00 -
[68] - Quote
Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
|
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:07:00 -
[69] - Quote
Miilla wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls So spread them over multiple proxies, API calls are lightweight on a proxy/VPN. What you're pointing to is an inherent issue with the internet: Anonymity.
The developer license, as discussed at fanfest, was one aspect of ensuring that any traffic can always be tracked back to a developer. But of course, there were some fundamental issues with that system, as I'm sure we all remember. But we of course want to keep people responsible if they're abusing the API service. And we do so, on a regular basis. If people abuse the characterInfo/CharacterName calls, then they WILL feel the consequences Associate QA Tester for Team EVESec. |
|
okst666
Not Solitude Again Chained Reactions
2
|
Posted - 2011.09.20 18:08:00 -
[70] - Quote
I think this service is perfect.
please make a button to extract the date and automagically paste it into eveclient, and set given corpmembers to -10 and check that little notification when they go on/offline.
It would also be quite usefull to know where those people are at any moment.
[X] < Nail here for new monitor |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:08:00 -
[71] - Quote
CCP Stillman wrote:Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough. We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good. But then again, a key is very easy to get hold of.
Would you like to stop with weasel words?
Its appallingly bad design practice is it not? The fact you seem to consider it acceptable makes me wonder what else in your infrastructure you consider acceptable.
So when will it be fixed?
|
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:08:00 -
[72] - Quote
Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes. Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:10:00 -
[73] - Quote
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:11:00 -
[74] - Quote
CCP Stillman wrote:Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.
Which would also allow the API to be load balanced based on app and also a SHARDED API by having a "Pro" level developer license with "enhanced APIs" and a "FREE" API license with minimal APIs
Which would also make App certificate/key hijacking a reality to deny authorised apps access by abusing a "lock out" mechanism. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:11:00 -
[75] - Quote
Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
Agreed.
For any character-specific query a key should be mandatory. |
Leona Elum
Save Jita
0
|
Posted - 2011.09.20 18:12:00 -
[76] - Quote
CCP Stillman wrote:generating excess errors will get your IP blocked.
I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:14:00 -
[77] - Quote
Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
Which is a concern as I am on a mobile internet and many times the API calls fail or partially completed due to connection drop outs.
That wasnt for Save jita was it? lol at least put a picture of a hulk contract that I sold for lulz. PS: Im never in jita. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:19:00 -
[78] - Quote
Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America its more likely that all the legacy IPv4 modem/routers consumers have will be proxied through a gateway.
For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;) |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:19:00 -
[79] - Quote
Othran wrote:CCP Stillman wrote:Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough. We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good. But then again, a key is very easy to get hold of. Would you like to stop with weasel words? Its appallingly bad design practice is it not? The fact you seem to consider it acceptable makes me wonder what else in your infrastructure you consider acceptable. So when will it be fixed? I'm not saying it's acceptable. I'm saying that it's how the API was originally designed and that changing that shouldn't be done over night, as we don't want to break applications from functioning. We want to give people a heads up and make sure they can adjust their applications in time before a such change hits. Doing so in the Incarna patch would be too many changes at once.
I can't confirm exactly when we'd deploy a such change. But I'll have a talk with Elerhino and see what we can do. Associate QA Tester for Team EVESec. |
|
malaire
41
|
Posted - 2011.09.20 18:19:00 -
[80] - Quote
Othran wrote:Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
Agreed. For any character-specific query a key should be mandatory. What would it change? Just create any key and use it to obtain information about all the characters whose charaterID you know. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
|
Squizz Caphinator
Woopatang
9
|
Posted - 2011.09.20 18:20:00 -
[81] - Quote
Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz http://evewho.com - Alliance and Corporation Member Listings http://evechatter.com - Free Alliance and Corporation forums for all. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:21:00 -
[82] - Quote
Othran wrote:Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick. This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America the more likely that all the legacy modems/routers consumers have will be proxied through a gateway. For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;)
All ISP's are gateways.
It says I am in A location but infact i am hundreds of miles away from that location.
All ISP's cache (Squid most likely) and log and route out, not just mobiles.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:23:00 -
[83] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Provide an opt out mechanism and you wont be ganked non stop in game.
EveWho-Squizz Caphinator-A-GEDDON! Comming SOON!
Quote: Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
Then you should get ZERO ERRORS if you are calling with VALID parameters. |
Jack bubu
GK inc. Pandemic Legion
12
|
Posted - 2011.09.20 18:26:00 -
[84] - Quote
oh my, Miilla **** posting, thats something new |
Nyio
Federal Navy Academy Gallente Federation
100
|
Posted - 2011.09.20 18:26:00 -
[85] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Thanks for the great site, keep up the good work!
Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:26:00 -
[86] - Quote
CCP Stillman wrote: I'm not saying it's acceptable. I'm saying that it's how the API was originally designed and that changing that shouldn't be done over night, as we don't want to break applications from functioning. We want to give people a heads up and make sure they can adjust their applications in time before a such change hits. Doing so in the Incarna patch would be too many changes at once.
I can't confirm exactly when we'd deploy a such change. But I'll have a talk with Elerhino and see what we can do.
Thank you for your honesty.
You are aware of how this makes you guys look - time after time its some other nonsense from someone who CLEARLY should not be doing the role. This example is so basic it makes me cringe and I'm a h/w engineer.
Anyway it needs sorting ASAP so whatever can be done to escalate a review of API calls which return character data with no key would be appreciated. |
KaarBaak
26
|
Posted - 2011.09.20 18:26:00 -
[87] - Quote
OP: did you check API call logs? Mine show two hits every day from an IP that is part of a block assigned in China.
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:27:00 -
[88] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Bullshit. |
malaire
41
|
Posted - 2011.09.20 18:27:00 -
[89] - Quote
Squizz Caphinator wrote:I am NOT scraping the API. So what does this mean then (I added underlining)
Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:31:00 -
[90] - Quote
Miilla wrote:Othran wrote:Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick. This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America the more likely that all the legacy modems/routers consumers have will be proxied through a gateway. For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;) All ISP's are gateways. It says I am in A location but infact i am hundreds of miles away from that location. All ISP's cache (Squid most likely) and log and route out, not just mobiles.
Nope. Mobile companies in the UK proxy your internet access via a gateway. Your mobile has a valid local IP address (eg 10.x.x.x) but it has no routable IP address other than via the gateway. The upshot being all requests come from the same IP address. |
|
|
|
|
Pages: 1 2 [3] 4 5 6 7 :: one page |
First page | Previous page | Next page | Last page |