| Pages: [1] 2 :: one page |
|
|
| Author |
Topic |
Cyndre Domster
Minmatar
    |
Posted - 2008.10.02 03:34:00 -
[1]
eve.waasp.ca
Started working on an asset manager to help my self buy and sell items. Going to be adding new features often. So far it doesnt look pretty, but it works and helps you look at your assets without clicking 16 times.
Please tell me what you think, suggest ideas, just please dont tell me scam, keylogger excetera.
This is a web based asset manager. You need to add your full api key. Do not use your ingame password, or account name on any website other then eve-online.com.
Enjoy
Cyndre Domster
Mystform
Web based Asset Manager |
Branden Dannagh
|
Posted - 2008.10.02 05:32:00 -
[2]
Tried it, didn't work. Some sort of uncaught exception as soon as I tried to create a character. Looks like it might be a great tool though, if you can get it working.
|
Commander Lightning
|
Posted - 2008.10.02 12:23:00 -
[3]
yep doesnt work after registering either..... :/
The Human Race has never learned from its past. Humans Killing Humans, thats the way it is, and shall be as long as the Human Race continues. EvE is no exception. //Unknown |
Cyndre Domster
Minmatar
|
Posted - 2008.10.02 13:02:00 -
[4]
Did you guys add the full or limited key? The limited key currently gives you an error on line 180 or something. Tonight I will setup a delete button and a warning instead of an error about a foreach statement.
Web based Asset Manager |
Cyndre Domster
Minmatar
|
Posted - 2008.10.03 02:27:00 -
[5]
Okay, I have finished the delete button. The delete button deletes all info about your character. It removes all of the characters assets, the api key, and the Characters User ID.
If you have added your char with the limited access key, please delete the character and add the full access key.
Web based Asset Manager |
Cyndre Domster
Minmatar
|
Posted - 2008.10.06 00:13:00 -
[6]
Have been working on this and added some new features. Once your items are updated, the load time is hugely increased when browsing your assets. The prices are now cached for 1 hour, and updated on demand if they are older then 1 hour. I also noticed the regions and solar systems wernt sorted so I sorted those as well. Going to be adding more stuff tonight.
Tell me what ya think of it.
Web based Asset Manager |
Shar Tegral
|
Posted - 2008.10.07 10:18:00 -
[7]
 Originally by: Cyndre Domster
Please tell me what you think, suggest ideas, just please dont tell me scam, keylogger excetera.
Nice to see someone finally working on this idea (one that's floated around a while). The upsides are obvious however there is one downside that, sadly, can not be readily gotten around as this application currently stands: API key privacy. Use of this application requires us to trust you (who we don't know) with our full api keys. This means you could datamine who all of our toons are, what skills, what assets, what market trades we do. If that wasn't enough heaven forfend anyone with corporate roles signs up as anything their corporation allows them to view you can view as well. In essence, their is a trust factor here regarding data mining more than just personal assets or corporate assets.
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Shar Tegral
|
Posted - 2008.10.07 10:22:00 -
[8]
I should have added, if you do come out with an open source version please feel free to contact me about licensing arrangements. Of course server environment is going to be another critical factor but that is only if you decide to go the "open" route allowing others to host privileged copies. (To protect their own data.)
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Shar Tegral
|
Posted - 2008.10.07 11:56:00 -
[9]
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Cyndre Domster
Minmatar
|
Posted - 2008.10.07 18:41:00 -
[10]
By the looks of it you are a forum mod - having moved the post and all. Read through your post a couple times and yes - the trust issue is huge. But the mods and eve itself really dont help matters out. I agree with the fact that you posted that data, but I disagree with the fact that you failed to mention that you can see all the data pulled by an api key under your character page.
Also if I was datamining it would show up there, and then here as somone mentions that I am data mining.
I just feel its important to mention the bad stuff AND the good stuff, not just the bad stuff.
So to add to the previous post. Yes, the trust issue is huge, but eve has made a few arangements for the players to help with this.
#1 - You can change your api with the click of a button.
#2 - You can see whats being pulled from your character via the Api log page avalaibale here.
Also if I abused 1 persons api, they would post here. If they are smart enough to check the api log page, they are smart enough to warn users off.
And if thats still not enough, (this one pends on the trust issue), I also added a button that deletes all info about your individual characters. Their api key and all cached asset information.
I would just like to point out one last time - its hard enough getting a site like this off the grounds as it is - let alone with a mod doing everything but saying its a scam without even trying it and checking his api log.
And I also don't see why the topic was moved. Its a website for doing price checks, and this is market discussion.......
Cyndre Domster
Mystform
Web based Asset Manager |
|
Cyndre Domster
Minmatar
|
Posted - 2008.10.07 18:47:00 -
[11]
Also - how do I get approved by ccp as a third party app? That would go along way with the trust issue.
Web based Asset Manager |
Treelox
Amarr
Market Jihadist Revolutionary Party
|
Posted - 2008.10.07 19:35:00 -
[12]
Originally by: Cyndre Domster
Also - how do I get approved by ccp as a third party app? That would go along way with the trust issue.
CCP doesnt officially "approve" any 3rd party apps. The best you can get is that they dont ban the use of it.
--
 |
Shar Tegral
|
Posted - 2008.10.07 19:59:00 -
[13]
Originally by: Cyndre Domster
By the looks of it you are a forum mod - having moved the post and all.
Nope, I did not move it & I am not a forum moderator. I just suggested it be moved (via the report linkage). Originally by: Cyndre Domster
And I also don't see why the topic was moved. Its a website for doing price checks, and this is market discussion.......
The Price Checks forum is for actually price checking not discussion thereof. What you are doing here deserves to be read and interacted with. That forum would see this post buried quickly enough and if you bumped the thread it would get locked due to the rules of that forum. Originally by: Cyndre Domster
Read through your post a couple times and yes - the trust issue is huge. Also if I was data mining it would show up there, and then here as someone mentions that I am data mining.
Firstly, I am not calling you a scammer. I am well known for my support, and investigation, of many community (3rd party) applications. I think it is awesome when the community brings to to bear its many talents making Eve a better experience. However it must be said that Eve is a paranoid environment. Even checking that api log, by the way that linkage doesn't appear to be working & I've not seen that function before at all, doesn't stop someone from downloading the data once. And, well, that is enough to make those who would use this most shy away from it. Equally it need be said that some people are comfortable with sharing data like this. Especially those without assets that are vulnerable. Every story has a flip side and I was just pointing out the one that many will see: risk. Alot of Eve institutions all start of with that same issue as well though so ... essentially I'm not trying to dissuade you at all. However I'm not against trying to encourage, and cultivate, a solution that works for those who are paranoid as well as one for those who are not.
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Cyndre Domster
Minmatar
|
Posted - 2008.10.07 22:13:00 -
[14]
Edited by: Cyndre Domster on 07/10/2008 22:14:57
Hmm, for some reason I had to click it twice. Didn't know you wernt a forum mod, but its still good to post both the good side and not just the bad. I fully realize that there is a huge trust issue - but it does not help any third party app to have that so blatently and negatively stated in the middle of the first page of the thread.
* Even checking that api log, by the way that linkage doesn't appear to be working & I've not seen that function before at all, doesn't stop someone from downloading the data once.*
Its accessable from the bottom of your api page, or click the link twice. Not sure why it failed the first time, but the second time it worked. And quite frankly I would be an idiot to download any non requested data once. They would be in here in a heart beat reporting my site as a scam with proof and killing any chance of creating a succesfull website from it.
* Equally it need be said that some people are comfortable with sharing data like this. Especially those without assets that are vulnerable. *
Sorry for being a noob about this, but what do you mean by assets that are vulnerable? As far as I know the api key only gives information, not items.
* I am well known for my support, and investigation, of many community (3rd party) applications. I think it is awesome when the community brings to to bear its many talents making Eve a better experience. *
and
* Every story has a flip side and I was just pointing out the one that many will see: risk. *
How is pointing out the very well known risks supposed to support my third party application? Seems more like your telling people - Hey, if you dont care about him data minning your account, go ahead and signup. Just in a more eleagent way. Also, if you routinely investigate third party apps how do you not know about the api log? Thats about the only page that will tell you if an app is safe to use or not.
Start using app and check the api log daily for discrepencys and if you find one, change your api key, and post in app owners thread about the data minning.
Enjoy
Cyndre Domster
Mystform
Web based Asset Manager |
Rho'varo
Minmatar
Diversified Operational Services
|
Posted - 2008.10.07 23:22:00 -
[15]
Originally by: Cyndre Domster
The delete button deletes all info about your character. It removes all of the characters assets, the API key, and the Characters User ID.
While I don't have any reason to mistrust you, I also don't have any reason to trust you.
As a simple user, without being able to check the behaviour of the application by installing it myself and without being able to review the source code, it is just as possible that the delete button makes it look like my data was deleted and instead flags it for your prompt attention because I deemed it worth deleting.
Originally by: Cyndre Domster
Start using app and check the API log daily for discrepancies and if you find one, change your API key, and post in app owners thread about the data mining.
If you were intent on misusing the data your application might gather, this issue speaks only to your patience. The longer you wait without doing anything sketchy, the more people that sign up, the bigger your eventual "win" in illicitly gathered data. You are correct that people might learn after the fact that their privacy has been breached, but that would be no remedy for those people.
From the screenshot, this application does look potentially useful, but given the mix of (i) the need for full API disclosure and (ii) the closed-source nature of the project, I won't be testing it or using it, let alone paying ISK to use it (I'm guessing that you aspire to such a model).
Your project might provide some features that are a bit better than the features of some other applications, but I am confident that I can get at least most, if not all, of the same features from one of the several available open source projects.
I encourage to make your project open source. If you are concerned that making the project open source will make people unwilling to pay ISK to use the application, maybe you can learn from the business models of other EVE application-writers. (I'm not sure what they all do, but it seems logical they might have best practises that you could follow.)
Disclosure: I am not a forum mod.
 |
Cyndre Domster
Minmatar
|
Posted - 2008.10.07 23:57:00 -
[16]
Edited by: Cyndre Domster on 07/10/2008 23:59:32
Edited by: Cyndre Domster on 07/10/2008 23:58:41
I have no intentions of charging anything to use it, hopefully will make enough off advertising. This isnt a future get me out of work site, it is a very small niche.
How would releasing my source code make it anymore trust worthy? If I was flaging your account because you deleted the data, I would just remove the 1 line of code that would do that on the delete page. I know that this doesn't help my case, but I just thought I would let it be known.
I have a feature in mind to solve the full disclosure of the api key - going to be adding an upload xml file feature. This will allow you to use the website without giving away your full api key.
The part that blows me away is how everyone reacts to their full api key. I would bet anyone $1,000 that anyone that is afraid of giving out their api key, will install just about any site on their facebook account without thinking about the information that gives away, which is alot (developed a mmorpg for face book http://apps.facebook.com/socialquest/ - at the point of adding items to it I discovered python, and have it as a side project - rewritting the entire thing with flash and python backend).
You are correct about the patience comment as well. But I fail to understand what I would use this data for - heard a few ideas - like decide which corp to infiltrate to rob...... but quite frankly I didnt waste my time making a cool app so I can betray my users and at the same time destroy all the work I put into this app. (if I did anything that dumb, people wouldnt trust any website that does this again which would render my work useless)
And I fully support open source, but not open source for websites - well maybe not until you have millions of users and have no need to fear of developers with more money and time that can and will beat you to market with a better product.
My main goal is to make a website for myself that will do everything that I feel is lacking in game (like an easy way to know what to sell and buy), but I also like to have an audience that appreciates what I am doing as well. Think of it like this - you just finished redoing your dream car, only to have everyone purposly claim that the only reason you did it was to get laid. You redid that car so you can enjoy it, but you also did it for others to enjoy to.
Web based Asset Manager |
Rho'varo
Minmatar
Diversified Operational Services
|
Posted - 2008.10.08 00:34:00 -
[17]
Originally by: Cyndre Domster
I would bet anyone $1,000 that anyone that is afraid of giving out their API key will install just about any site on their facebook account without thinking about the information that gives away, which is a lot.
Many people, perhaps, but some of us have never authorised a single application on Facebook for exactly the privacy reasons you cite.
Perhaps you might consider signing on with http://gatecamper.org/ or something like that, which would allow your users to share only Asset data with your application. It wouldn't resolve my own privacy concerns (since it would require trusting that site!) but it looks like it might be a way of assuring your potential users that your own application uses only the Asset data.
Originally by: Cyndre Domster
My main goal is to make a website for myself that will do everything that I feel is lacking in game (like an easy way to know what to sell and buy), but I also like to have an audience that appreciates what I am doing as well.
Maybe you would do well to team up with one or more other application developers? There seem to be a fair number of respectable lone wolf API-tool developers, and I wonder if a clearly-better super-app might arrive sooner as a team project?
Originally by: Cyndre Domster
And I fully support open source, but not open source for websites - well maybe not until you have millions of users and have no need to fear of developers with more money and time that can and will beat you to market with a better product.
"Fully ... but" and an impossibly high bar, eh? There aren't a million EVE users, so no website can reach your criterion. Also, you say that your main goal is to make a site for yourself first and for an appreciative audience second: doesn't sound like there is a true market to which you might be beaten.
|
Cyndre Domster
Minmatar
|
Posted - 2008.10.08 01:05:00 -
[18]
Reaching the audience first is what counts. First to market = most customers. If you want to cover at least your bandwidth on a site like this, you will require alot of users. Then maybe you can get sponsored, or sell eve time cards.
And please tell me how relying on another site for everything is going to help me? If they screw anyone over, or decided to screw me over.....
Would sooner slowly grow then to rely on someone else for all my customers.
Web based Asset Manager |
Rho'varo
Minmatar
Diversified Operational Services
|
Posted - 2008.10.08 01:54:00 -
[19]
Originally by: Cyndre Domster
Please tell me how relying on another site for everything is going to help me? If they screw anyone over, or decided to screw me over... Would sooner slowly grow then to rely on someone else for all my customers.
Sounds like you understand my concerns precisely.
I wish you good fortune in the further development of your application.
|
Cyndre Domster
Minmatar
|
Posted - 2008.10.08 02:22:00 -
[20]
Ty, and I do understand the risks - like I said going to be allowing users to upload xml asset files from eve.
Web based Asset Manager |
|
Astorothe
Aperture Science Industries
|
Posted - 2008.10.08 02:25:00 -
[21]
There's already a pay-to-use (ISK) Online Asset Manager available which I've used and it works great. It is also very well designed and has a nice UI, which I found yours could use some loving.
This isn't the first so there's no point trying to rush it to market. Take your time, do it right, manage your customers confidence and good luck to you sir.
Oh, I would include a referal to the other Asset Manager program but since I'm not using it and do not want to vouch for it (only tested it) and the author isn't a fan of Ivan Misner I'll just you let you dig for it yourself :)
RPGN Gaming Network - Eve News, Gaming News, Forums & Community - Home of Aperture Science Corp [ApSci] |
Cyndre Domster
Minmatar
|
Posted - 2008.10.08 02:33:00 -
[22]
Sorry, not intrested in taking isk from players to give them access. Going to be free, and like I said. Either Sponsored, or sell eve time cards. And My UI hasnt even been looked at yet. What you see is just the basic back end code in a very simple table form. :) Thinking of over all networth ranking, ind char ranking, do I have the most of type x item, and anything else that I think up along the way. Just would be nice if everyone you talked to didnt get so negative about the api key. Or would be nice of ccp would make an asset only api.
Web based Asset Manager |
Astorothe
Aperture Science Industries
|
Posted - 2008.10.08 02:54:00 -
[23]
I didn't read your post properly then I thought this was an almost completed project?
Anyway, take the negative criticism positively :) You can not control the actions of others only the way you re-act to it. I'd like to come back and take a 2nd look when you have the UI & Design sorted out later down the track.
Always good to see 3rd party apps being worked on - and yes your biggest issues (other than function, design and UI) will be trust :)
RPGN Gaming Network - Eve News, Gaming News, Forums & Community - Home of Aperture Science Corp [ApSci] |
Namco
Balls of Steel
|
Posted - 2008.10.08 03:12:00 -
[24]
Edited by: Namco on 08/10/2008 03:14:51
Just a little note, but this evening while in Lustrevik, there was a person (MystForm) just going on and on and on in local about how awesome this site is and noooo it's ok to use your full api key, and we don't use it for anything else honest- it's safe, people!
Really, if you have to get all defensive about whether or not people trust you enough to hand over their full api key, then you probably ought to not bother with trying to get them at all, and just let it be and move on.
edit: Love the bio on that character, too: "I believe that evil, greedy behavior is the normal thing for someone to do. I tend to think about what I would do in the situation and just assume everyone else is as selfish and greedy as I am."
|
Cyndre Domster
Minmatar
|
Posted - 2008.10.08 03:14:00 -
[25]
I take critism well, its just when its about things I have no control over - like people comming in to comment their feelings about the full access api keys when it has nothing to do with my post. My post wasnt how do you feel about the full api keys, it was about a website Im building that happens to require it. If you want to discuss full access api keys, search the forums. I am sure their is plenty of places to talk about them.
Your comments about the ui were good, thats the kind of things Im looking for, not comments about how the full access api keys puts your account at risk supposedly.
The only time my site will query your account is when you actually click on something. If you added your char and never clicked the asset button, my site would never query for /char/AssetList.xml.aspx (which will show up on the api log page). If you clicked it once, you would get /char/AssetList.xml.aspx once, never again. I would be the first one to point out the problems with using game passwords and usernames out of game. As an example - I run http://psychic-doom.com/ and alot of my users fall prey to sites that mimic real sites and steal info. And about trusting me - that site was in the top 30k websites in the world with more then 1500 people in game at one time. (been up since 2004) Maybe that will help with my credibility.
Web based Asset Manager |
Namco
Balls of Steel
|
Posted - 2008.10.08 03:37:00 -
[26]
OK, this is interesting now. This guy just had my post reported, because he believed that I intentionally came into the area that he's in to harass him. However, as I live/play out of that area, what luck should happen that the guy is spouting about this stuff in local? Yeah.
So report this post, too, I guess. I don't really trust anyone who gets *this* defensive over this sort of thing at all.
|
Ambo
State Protectorate
|
Posted - 2008.10.08 07:37:00 -
[27]
Originally by: Cyndre Domster
I take critism well, its just when its about things I have no control over - like people comming in to comment their feelings about the full access api keys when it has nothing to do with my post. My post wasnt how do you feel about the full api keys, it was about a website Im building that happens to require it. If you want to discuss full access api keys, search the forums. I am sure their is plenty of places to talk about them.
The nature of the full access API key has everything to do with this. It's long been a feature of MD that those who know thier stuff will look out for those who do not by pointing out the flaws, negatives and inconsitencies with pretty much anything posted here.
Yes, you have no control over it but that does not make it any less of an issue. I will NEVER give out my full API key to any website and I will only give it to applications on my machine after some careful testing, isolated from the internet. Paranoid? Damn right I am. Most people who've been a part of Eve for more than a few months will understand why.
Many people will feel the same way, there is no way to overcome this problem with a website that I can think of so you have to either make a locally installable version available or accept that this is an issue and leaving it at that. Trying to say 'It's nothing to do with this, don't discuss it in my thread' is, frankly, the worst thing you can do.
Quote:
The part that blows me away is how everyone reacts to their full api key. I would bet anyone $1,000 that anyone that is afraid of giving out their api key, will install just about any site on their facebook account without thinking about the information that gives away
I don't use Facebook applications, mostly because they're all completely useless but partly because of how much information about me they spew into the ether.
Your app itself looks interesting, if a little rough around the edges (I can relate to that, EMMA looks God-awfull!  ). However, I'd be curious to see how it would handle someone with a lot of assets like me. It looks like the interface would really struggle to cope. How many assets do you have you tested it with in total, across how many stations and how many in one station. As a rough figure, I have assets spread across around 300 stations with approx 150 different types of item in some stations.
Also, do you handle containers and items fitted to ships? Are contained/fitted items shown in the interface or just added to the total quantity of that item?
--------------------------------------
Trader? Investor? Just want to track your finances? Check out EMMA |
Cyndre Domster
Minmatar
|
Posted - 2008.10.08 11:58:00 -
[28]
Mystform has an item in every station in Heimatar with over 300 item types in some stations. It handles multiple items well. Who in their right mind would sooner download and install an app then use a web based one? Chances of getting a keylogger, trojan, spyware or malware is about 10 million times greater via installing a program. You talk about careful testing, but you have failed to think that route through. Say 6 months down the road 10k people have installed the app, at which point I release a new version. The old version auto updates on 95% of computers that have it, and 5% it doesnt because they turned this feature off. I think you will agree with me that a downloadable a program is way more dangerious than a web based app.
Maybe I just don't understand what I can do with your information? Help me understand whats so 'Dangerous' about giving out your full access key seems how its so important. If your not sure what data I can see check out http://wiki.eve-id.net/APIv2_Page_Index. From what I can tell the only people that should really worry about it are players with director roles in huge corps/aliances.
What info are you afraid of me using for evil plots? Your asset list to figure out what you buy and sell? Your market transactions? If I wanted to just abuse market data I would download http://eve-central.com's nightly build and just mine data from that. Who cares the names behind the market data, what really counts is how much/how little an item is selling/buying for and whats the total daily sales. All this information is avaliable in game if you look at the market close enough.
No, my site currently does not look in containers or the fittings on your ships.
Maybe if instead of shooting off at the lips about how giving out your full access api key is bad you gave some examples of why its bad. I could talk shit about how joining a corp is bad - but its totally pointless till I support it with some examples - like paying taxes. All I have recieved from the full api key nay sayers is that its bad and anyone whos played for more then a few months will understand. Ive been playing for 1.5 years and don't understand why its bad.
I am now reporting all full api crap posts that do not give a specific example about why they are bad.
Web based Asset Manager |
Treelox
Amarr
Market Jihadist Revolutionary Party
|
Posted - 2008.10.08 13:42:00 -
[29]
Originally by: Cyndre Domster
Maybe I just don't understand what I can do with your information? Help me understand whats so 'Dangerous' about giving out your full access key seems how its so important. If your not sure what data I can see check out http://wiki.eve-id.net/APIv2_Page_Index. From what I can tell the only people that should really worry about it are players with director roles in huge corps/aliances.
I think you fail to understand how paranoid people are in Eve about giving out any Intel.
Even small 1 man trading corps have secrets they want to keep; where their unarmed research POS is, their main in BOB/Goonswarm, which station they produce out of(not wanting their factory slots being co-opted).
In eve the paranoid survive, the non paranoid get run over. We see proof of this happen on a regular basis.
Just like with a new IPO or Bond offering, your sadly a scam until you convince the majority of us otherwise.
--
|
|
CCP Navigator
C C P
|
Posted - 2008.10.08 14:12:00 -
[30]
To the OP and everyone else in this thread,
Players within the Market Discussions forum have produced some very helpful community tools in the past. There are many helpful and knowledgeable members who will help you produce and test market tools.
Players will be naturally cautious about sending someone that they do not know or trust a full EVE API key. It may benefit the OP to explain why a full API is needed or work with other members to refine the tool so that it does not require a full API key.
Please note that this is not an Official "CCP is telling you to do this" post. It is simply a bit of advice to hopefully see your tool develop and become another highly useful part of every capsuleers life
Best of luck to you all.
Navigator
Senior Community Representative
CCP Hf, EVE Online
Email / Netfang
|
|
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |