Does anyone know what happened to Combat Analysis?
 

Does anyone know what happened to Combat Analysis?

It seems to have disappeared from Lotro Interface in recent days.

I had it in my "Favorites" list but now it is gone.

The two pages which remain on the website no longer have the documentation for the program.

I should add, the web page found via Google generates a "502 is not a valid ID" error.

Seems you are correct, I can't find it either.

The author or lotrointerface may have removed it, or the author's account may have been hacked. It's a bit odd that it just disappeared with no fore-warning.

It got removed by us because of an easter egg in it that got discovered and was being used inappropriately in-game.

I someone can provide a patch maybe then there is a chance of reactivating it?

1- If someone can/will point out the problem we can fix it.

2- The "deleteion" did not happen. What was deleted was the Instruction page on how to use it.

3- The current version (4.2.3) is still available for download.
http://www.lotrointerface.com/downlo...tAnalysis.html

4- which is another way of saying -- is whatever was removed a later version?

http://www.lotrointerface.com/downlo...tAnalysis.html

That said, what is necessary is to "revert" to the older version, and, more importantly, to recover the instruction pages.

These are old patches mnot the main addon I believe.

I'm looking at them now, and they appear to be complete zip files.

They are patches that contain the original code, however they are also two years out-of-date.

1. You need permission from the original author, otherwise you are violating copyright.
2. No, the deletion did happen, those aren't the original addon. I had missed the fact that there were patches by someone else that had been uploaded to the main file and now that I am aware of them they will have to be removed as well.
3. ^^
4. ^^

[Edit] This is the reason it had to be removed.

wow.. I can see for someone who's not overly experienced how that would cause alarm. It's a shame because one incident like this can put people off using other plugins.

Yup. I hated having to pull the addon, it was really great in so many ways, but with that being in there I really didn't have any choice. If the original author had still been around, I could have talked to him to see if he'd close it, but he isn't, so ...

Trust me, no more happy about it than you guys are. :(

Did you try contacting him by e-mail?

Stupid question, but had to be asked. :)

Curioser and curiosr, the original code, apparently by the original author Gjit (James Bebbington) does not have the "Naghty hacking section." (Versions 4.1.6 and 4.1.6c are versions I have copies of.)

It appears that "Evendale" posted a revised version (I have 4.2.3) and that is where the "hack" was inserted. (so much for Copyright issues)
I'm guessing that version 4.2 is where the code was inserted.

Player names: Evendale, Evenwym, and Damagemeter, are explicitly mentioned in the code.

So, who is the real author?

Interesting. How do you know his real name? Do you have contact info for him?

I am unsure how the author transition happened but ownership can be passed over to someone by the copyright holder i guess. So GJit might have passed it to Evendale. We cannot just edit the addon because ownership changed in the past (well sure we could, we have the sourcecode, but it is a question of principle).

The author name is in the API. In the ".plugin" file.

Is it real or not is anyone's guess.

Is "gjit" simply another in-game name for the same account as "Evendale, Evenwym, and Damagemeter?"

No one knows.

Sadly, especially with the advent of F2P, there is no way to relate "real names" to "in-game names."
Gaming in general, and especially MMOs, have evolved a culture where hiding one's identity is not only normal, but is expected.
And if you want to change your identity, you just open a new F2P account.

Similarly, sites such as lotrointerface have no way to identify any "registrant."
All they can do is take whatever information is given them as true.

All of which is to say, enforcement in cases such as this is a "throw it against the wall and see what sticks" issue.

Deleting the download structure eliminates future "infections," but it does nothing for those who have it installed;
it makes collateral damage of folks who are innocent bystanders.
I.e. No word of explanation of the problem and how to treat it in place of the deleted plugin.
Minimally a page describing the problem which caused the plugin to be deleted would be appreciated.

However, fixing the problem would have been a more preferable solution.

By declaring that only the author can fix the problem implies that the author is the one who created the problem in the first place.
A typical assumption, but one not necessarily grounded in fact.

A large number of the plugins on this site have been abandoned.
That is to say the accounts of the Authors have NOT been logged into for many months.

It would be as "just and arbitrary" a "rule" to declare any abandoned account open to anyone for "takeover."

There is nothing on this site (no instructions, policy statements, etc.) which implies what happens to "abandoned" plugins -- deleted or otherwise disabled.

And just for the record, it appears that the idea of "fast action" is not relevant.
The code in question existed in the plugin back in January of 2012 when version 4 was uploaded. (you can check via the Wayback machine)
It went un-noticed by the moderators for two years.
Or perhaps more correctly, no one complained about it for two years.
Looking at the thread on the forums, it was apparently a well-known" hack.

It is an interesting discussion --
Note however, that the concept of Copyright does not PREVENT someone from utilizing the material as long as they give credit to the original author.

Were there remuneration involved, then it might be a different story.

BTW, the only reason I am arguing about this is the simple fact --
Combat Analysis is the ONLY plugin which provides any kind of useful tool to evaluate "Turbine's Balance" efforts.

THEY (Turbine) have various tools to monitor what happens in-game.
WE (the players) have nothing to use to document the effects of Turbine's changes.

That's not quite accurate from my understanding. It's a little bit complicated, but my understanding of the situation is:

1. Author writes a plugin. By the process of creating the plugin, author owns all of the copyrights to the plugin.
2. Author uploads plugin to lotrinterface. Lotrointerface doesn't specifically say which copyrights they acquire, but given that lotrointerface is a plugin distribution site, I think by uploading the plugin, the author implicitly grants lotrointerface the right to distribute the plugin.
3. User downloads the plugin. I don't think lotrointerface uses the software licensing model, so the user actual owns a copy of the plugin. (Which probably means that first sale doctrine applies - so if I understand things correctly, you could, technically sell your copy of a plugin downloaded from lotrointerface, you just wouldn't get to keep your copy after you sold it - since you can only make copies for personal use. Of course, then you could just download another copy from lotrointerface... and digital copies don't play well with first sale doctrine.)

Since lotrointerface doesn't have the right to assign distribution rights, they can't give users the right to distribute the plugin, which would probably be necessary to upload a modified copy. It's basically the difference between the general case of Freeware (distributed for free, but typically with no right to redistribute granted) and freely redistributable software (distributed for free, along with the rights to redistribute).

There may be some wiggle room under Fair Use doctrine, but at that point it's not particularly clear cut. The fact that redistribution wouldn't be for commercial purposes is a point in its favor, but the fact that it's derivative (you're just removing a backdoor) would be a point against it.

I think the most relevant question is whether the site would be exposing itself to any potential liability by allowing another author to take over maintenance of an abandoned plugin without explicit permission.

And I think the answer is "no". After all, what possible damages could the original author claim?

Just a quick couple of thoughts before coffee...

I think this is the "key" question --
Namely, the "status" issue.

Ignoring the "the Internet Never Forgets" issue, what defines an "abandoned" plugin. It is orthogonal to the question of authorship, but not unrelated.

The "publishing" model is the one that is "almost" involved. However, again that issue revolves around remuneration.

One aspect in particular is that ZAM has no policies on the issue. Or, put another way, any "fixes" would apply going forward, not to the past.

I suspect that you're essentially correct that this entire issue is too small scale for any person to sue over it, or any court to be concerned about it.

As for damages - damage to professional reputation obviously comes to mind. Either the author isn't credited, and loses any benefits to their professional reputation that the plugin might bring them, or the author is credited and their professional reputation could potentially suffer due to the new maintainer (which was not agreed upon by the author) not keeping up the same standards that the original author did (which, admittedly, includes inserting backdoors in the plugin).

Renumeration doesn't have to enter into it - as I understand it, copyright infringement has been successfully prosecuted under GNU copyleft (or something very similar to it), despite the lack of renumeration involved in the entire model.

The problem is that plugin authors do not mention a license when uploading their plugin, and there are many different ones (MIT, GNU, Creative Commons etc). For example if the plugin would be published under "MIT/Expat" license we could publish a modified version, provided we publish the modified version under the MIT license too.

http://en.wikipedia.org/wiki/MIT_License
http://opensource.org/licenses/MIT

This is the base issue -- there is no DEFINED structure here, only an assumed one, and one which is not generally agreed upon (witness the different forms of license).

What I was getting at with the reference to publication and remuneration -- ZAM is not paying for "the right" to publish the plugin on their site; simply providing anyone with the ability to do so. They do not do any kind of "validity checking" of the Plugin (as does say Apple with the iTunes Store) nor of "authorship" beyond the fact that a "registered" user is posting the plugin.

All of which is to say, unlike in book publishing, ZAM has no "interest" in the content, where "interest" equates to "control." Plugins are clearly not "works for hire," so their "interest" and related liability is non-existent.

The only reason ZAM pulled the plugin in the first place is that ZAM was being "good guys" -- One can even argue that they violated the Author's copyright by doing so!

The simple fact is, there are no "rules" involved (to be violated), and only very nebulous guidelines. In fact, I can not find ANY guidelines on the site except for the standard vBulletin FAQ boilerplate.

Needless to say, that begs the question -- Should there be? Which is a whole separate topic.

Again, all of this only effects those who do NOT already have the plugin downloaded and installed.
Those of us who do have it downloaded and installed can simply continue to use it as we have in the past.
We even can fix the Easter Egg if we want. Nobody will know or care.
As best I can tell, version 4.2.3 was last updated in January of 2013 and that represents the last time the plugin was touched. (Last modification dates.)

So, in the end, what we wind up with is "yet another reason" that a certain group of players will have to NOT play LOTRO.

Again, I don't believe this is quite accurate. ZAM (and presumably Lotrointerface) are US based, which means that the Berne Convention applies. The Berne Convention requires that copyright be automatic - when a work is first published, the copyright laws of the country (or countries) of publication automatically apply to the work.

Under this situation, assuming the plugin was first distributed via lotrointerface, US copyrights over the plugin would automatically be granted to the author. This basically gives the author the right to control the copying and distribution of the work, and over the creation of derivative works. (Also, gives them control over public performances, but I doubt that that is meaningful for plugins. Or, software, really.) Without a further statement from the author either waiving those rights or granting them to someone else, you should assume that the author has retained all copyrights.

From my experience, lotrointerface hasn't actually taken enough steps to secure copyrights to distribute the plugins that it does (would at least require some sort of notice, and typically requires actual signatures somewhere), but I suspect that any potential defense by them would include 1) uploading to the site is an implicit grant of copy and distribution rights (i.e., since the site distributes plugins uploaded to it, uploading the plugin to the site can be taken as an implicit grant of the copyrights necessary for the site to function) and 2) that if the author explicitly revokes their grant of copyrights to the site (e.g., any sort of take down request), they will stop distributing the plugin.

However, I don't think there is an argument that plugins uploaded to this site were uploaded for the purposes of being modified by other people.

Edit: Based on that, there's probably an argument to be made that Lotrointerface could continue to distribute an earlier version of CombatAnalysis, prior to the back door being inserted. Doesn't really solve the problems about CombatAnalysis being maintained going forward (and I've no idea if CombatAnalysis's earlier version will still work) - but you'd have the maintenance issue even if the back door hadn't been inserted.

Hi, I guess there would not necessarily be a maintenance issue, if the maintainer would publish "patches" (to be applied by user on outdated CombAnalysis) instead of releasing an updated package of the original plugin.

I've been reading these posts, even read the proof that Combat Analysis, is the perpetrator. However, I have yet to see is where in the .lua files it states that when the parser recieves x, to display "You failed LOTRO." Where am I missing this, because that was the OP's original question on the Official Forums. A few people started saying that CA was the cause and now we're looking at CA being taken down, possibly permanently. I mean this is a he said, she said, they said situation, that has been blown way up. Personally, I would love to see the ACTUAL proof showing the lines of code written in the file. Given, that Turbine already has a strict API in place for addon/plugin developers to use for LOTRO, they are given no explicit rights to access the actual server side protocols or information. Therefore, having said that a simple parsing pluging is the root of this problem, because there is a couple of strings of text there, does not give anyone the ground to stand on to say that the plugin caused it. A prime example would be if someone said someone died unexpectedly, and then the rumor got started, by the time it gets to you 3 days later, it's someone shot him during a drive-by and killed him and 14 other people in the neighborhood, and all that really happened, was the person died of old age. Maybe, I'm missing something here ,but i still say there is no real proof that CA caused all this issue.

As mentioned previously, this thread, and specifically post 15 in the thread describes the hack. (Or at least, how to disable it.)

In the latest version of CombatAnalysis, look at the following two files:

CombatAnalysis\Parser\Parser.lua, line 10:
The code makes a call to DiscardArgs any time it receives a chat message that is not... well, basically not a combat message.

CombatAnalysis\Utils\Misc.lua, line 344:
I'm not going to reprint the entirety of the DiscardArgs function, but it's clear that it checks if the message is from "Evendale", "Evenwyn", or "Damagemeter" coming through either a chat channel or a local say (there's probably a bug there - "Evendale" will not work for local says on other people's clients). If it is, it grabs whatever message they sent and stores it in "hackText" - which will then be displayed on the player's screen.

I should note, that if you are logged in as the player "Evendale", "Evenwyn", or "Damagemeter", it'll print the message on your client for anything you say over local say or a chat channel. Given exactly how annoying that would be, I'm guessing that either means Evendale stopped using CombatAnalysis or basically stopped playing after the changes were made.

So, it could be safe to say, that the actual author, could have put that there, just to annoy someone in particular?

I think the intent was more global than that.

The three accounts in the Lua code are ?no longer? available on Brandywine.
(You cannot add them to Friends.) Henay (the original poster) is an active account on Brandwine.
GodOfBrandywine also does not exist.

Interestingly, Evendale became a Forum member in March of 2007, but has not posted again since June of 2013; while Evenwym and Damagemeter are not recognized by the forums at all. (Use the advanced search/userid feature.)

I suspect the idea was for this to be a rather harmless easteregg/backdoor allowing the author to play pranks on people using CombatAnalysis - but the three names were reserved on only one server. Someone read the code, created characters with those names on another server and used this to harass someone. This is not unheard of, easteregss becoming unintended exploitable features.

If there was a check for servername together with the player name check, only the author's account would have ever been able to use this, and maybe nobody would have ever noticed.

Too bad there's no way to determine the server name in Lua. (Or am I wrong?)

You are correct, server name is not exposed via Lua.

Have anyone last build of CA to download?
pm pls. :o

Thanks

It's kind of possible to know what server a script is running on, by parsing the chat and extracting long identifiers from items / users, that include a high order byte identifying the server.

Narrel said he will be taking a look over Lua in the coming months, so this could be a suggestion to put on the lua section on the lotro forums.

Shedding a bit more light
 

Hello,

I enhanced the Combat Analysis plugin about a year ago adding an average column to the stats. I have not used it much but now want to see how various jewelry affects my performance. Now imagine my surprise when I see this thread.

None of the copies I made last year contained the nasty Easter egg hack. So the do-badder made his insertion sometime in the last 12 months.

The old zips I have are 4.1.6 c and b and they work with update 13 :)

Being that I have these pre-naughty hacking versions and there are no copyrights on any of the code and Evendale acknowledged and dicussed my work on the project with private messages, what does the community suggest I do?

If there is no copyright license stated, it defaults to ARR. I would need to hear from the original author directly in order to allow you to upload your version.

4.2.3 was the latest version ;)
i've changed easter-egg and it works fine on U13.1 ;)

I have a common connection with a James Bebbington in linkedin I sent a connect request.

--------------------

Open the refrigerator door please HAL.
Of course Dave.
HAL, you closed the refrigerator door! My arm is trapped in there!
I'm sorry Dave, a traffic cam has recorded your jay walking violation and I am instructed by the police to immobilize you until they arrive.