Is this feature no more?

I remember I could see who installed a certain hack a couple of months ago.
I might missed something due to not being active (license renewed yesterday so I'm active again :))

thanks in advance,
Joshua

You should still be able to see who installed your hacks.

Hmm what link or where do I have to click ?!

If you are browsing one of your hacks threads, then you can see if people who replied in that thread have clicked install.

Ahh but no-one replied ;)

Then there is nothing to see :D

You can however see the number of installs in your thread, but names you can only see if they reply.

Off topic here, but.. WOAH! I haven't seen you for a long while..

I remember installing some of your mods back in the vB2 days! :D

Hehe true, just made my first vB3.5.0b2 h ack (Moderator Dropdown list).

I'm back now, renewed my license yesterday, so I'm ready for 3.5! :)

I asked this months ago - the only way to see who has installed your hack is if they post in the topic - which is just completely random. I didn't understand why a hack author could not view a list then, and I still don't.

What would it help if he saw a list?

Nothing it's just nice to see....

Human Beings are curious you know ;-)
Would love to see the list again as it was a couple of months ago.

Yeh back in vB2 if you clicked on the number of installs from the Forum Display page, you could see a list of all users who installed it in the order from the first to the most recent installer ;)

Its cool, and like flup says, we're curious people:p

Satan

I would love to see this done again. It drives me nuts to release work here and not even be able to see who installed it unless they have replied and then I have to search thro the thread to see this.

I would like to see a list of who installed a hack and when, so I can track it day by day or month by month. Why ? - because I'm curious and like to see the progress of things. If only the author can pull up a list then where's the harm. :)

I have to agree, the list which we had back in the vB2 days was a more effective way of doing the 'who installed your hack' thing.

From a privacy point of view this is undesirable. What is information a coder "needs"?
- The number of installs. A coder wants to know if his hack is usefull to people, so he can decide how much time he wants to spend in further improving it. (and because we all like to have high numbers).
- He/she likes to know if someone asking for support on his hack, has clicked install.
- He must be able to send an update message to all who have it installed.

All the above you can do. There is no reason at all that would justify displaying the names of all that have it installed.

It would be a little thing to update,,, and as there is much request for it, why not fix it for the users...

As said above, it's a privacy issue. For example, if there was a modification which had a big exploit, one could go to the list of users who have installed, and look to see which have it in their profile, and then go round exploiting. Whilst, we realise that 99% of vB.org users would never do this, there is always the slim possibility :)

Ok that's true,... but than it's also possible by making the exploit ANd a mistake in your script so users will install it and reply it doesn't work...

Enough possibility's ..

Though I understand your point here.

I don't think we will ever install features that might have privacy implications, just because some find it a fun thing to have.

No i get it now, haven't thought with that one :)

As said above, it's a privacy issue. For example, if there was a modification which had a big exploit, one could go to the list of users who have installed, and look to see which have it in their profile, and then go round exploiting. Whilst, we realise that 99% of vB.org users would never do this, there is always the slim possibility :)Maybe I'm missing something here. Exactly how is this an issue ? ONLY the hack author would be able to see this list, not everyone. How is there any more of a risk of the AUTHOR doing this then there already is - and in most cases (as I have complained elsewhere) - few people have any link to their site from here anyway, so even if I knew "joebloggs" had it installed - I have no idea what his site is.

Ah, we're talking about showing this list to everyone though Paul :)

A list of all users who installed a Hack just for the Hack author would be nice :)
And I don't se privacy issues there, as he can already compile such a list be viewing all posts - which is a PITA when the Thread is several hundred posts long.

A list of all users who installed a Hack just for the Hack author would be nice :)
And I don't se privacy issues there, as he can already compile such a list be viewing all posts - which is a PITA when the Thread is several hundred posts long.That would only be possible if everybody who installed made a reply.

Ah, we're talking about showing this list to everyone though Paul :)Ah, but I wasn't ;)

If only the author can pull up a list then where's the harm. :)
I would never suggest that everyone could see it - as that clearly would be an issue. :)

I wasn't talking about everyone either, just for the hack author...

It used to be for all, but I agree, only the hack author, co-authors, and obviously staff, can see the list...

This could also be useful, because even if users do not reply, or accept hack updates via email, you could still contact them via PM or another method or alert a staff member that "User x" has a serious vulnerability with their site (after checking it out), and you could get the hole patched ;)

Satan

For that it would be better to create a button to send a security warning by mail and pm. Still no need to see the names.

Atm even staff can not see the names.

As already said, it's because of privacy issues.

A user who posts within the supportthread, realises, that when a security flaw is found, he could be a possible victim, but if he does not post then he has to be sure he is "safe".
Of course we could just generate a list just for authors, but there could always be a black sheep there as well.

I can understand both sides, i sometimes miss that feature myself, but as said, the disadvantages are bigger than the fun factor, so we won't add it again.

As already said, it's because of privacy issues.

A user who posts within the supportthread, realises, that when a security flaw is found, he could be a possible victim, but if he does not post then he has to be sure he is "safe".
Of course we could just generate a list just for authors, but there could always be a black sheep there as well.

I can understand both sides, i sometimes miss that feature myself, but as said, the disadvantages are bigger than the fun factor, so we won't add it again.
If it is just for authors, how could there be a black sheep?

I fail to see how showing who installed the hack to the author will cause problems...

Satan

If it is just for authors, how could there be a black sheep?

I fail to see how showing who installed the hack to the author will cause problems...

Satan
The very highly unlikely possibility that author is the one who coded the vulnerability and WANTS to take advantage of it maybe?

Just my two pence.

In which case it won't matter if he can see the list or not, as users such as myself or others will pick up on the coded vulnerability, report it, and it will be closed - Or an investigation will be done and the author banned ;)

Satan

well, there is still a possibility, and we don't need it.

This is just plain paranoia - if a hack author wanted to do this then he would search google for boards with his hack - far easier than hunting for usernames here - which in most cases cannot be tracked back to an actual board anyway.

If you can't be bothered to do it, just say so, but please don't use lame excuses . :)

From a privacy point of view this is undesirable. What is information a coder "needs"?

I disagree.

Many don't click install anyway.

If someone really has privacy issues, they still have the option to:

1. Not show their URL in their profile
2. Or, not click install, like many others who don't click install for any reason.

This feature should be returned, IMHO.

No only for hack authors, but other members should be able to see who installed this hack. It has some benefits:

1. See the hack in action in various environemnts, setups
2. If they have support issues the author can't figure, they can check with others who have it installed and working in similar evironemnt

It would be a shame to hide such information, just because a few people want to click install, but don't want anyone to know. Especially since they have the option not to click. (My guess is that they would not click anyway).

The explot reason is bogus, IMHO. Peope who hunt explots use scripts to scan forums, regardless of who clicked what. vBulletin itself had explots, and it could be found from Google, or from vB's forum signatures and profiles. This only gives a false sense of security. And if someone is really paranoid about it, they have the option not to click install.

Showing who installed for all users will most likely never happen.

The reasoning that users can just not click on install isn't really valid, as the install button has benefits for the user clicking, in that he'll be notified if an exploit is found or there are big updates.

Showing who installed for all users will most likely never happen.

The reasoning that users can just not click on install isn't really valid, as the install button has benefits for the user clicking, in that he'll be notified if an exploit is found or there are big updates.

They can subscribe to the thread.

It think this is being overly protective, especially since it doesn't offer any protection. Just limits a great feature.

They can subscribe to the thread.

It think this is being overly protective, especially since it doesn't offer any protection. Just limits a great feature.
That's not comparable.

Subscribing to the thread notifies you with all the answers in the thread. Popular modifications can have over 1000 posts in the thread.
That's not the same as recieving one update when a security vulnerability shows up.

That's not comparable.

Subscribing to the thread notifies you with all the answers in the thread. Popular modifications can have over 1000 posts in the thread.
That's not the same as recieving one update when a security vulnerability shows up.

This is vbulletin.org, which is hacked to death. It's trivial to add a "send security update", that is merely a special case of notification.

You can just say "we don't want to do it or put it back", and it would be your prerogative. But the reasons given are too weak, IMHO, considering that they are no protection, and can be address if necessary by trivial changes.

This is vbulletin.org, which is hacked to death. It's trivial to add a "send security update", that is merely a special case of notification.

You can just say "we don't want to do it or put it back", and it would be your prerogative. But the reasons given are too weak, IMHO, considering that they are no protection, and can be address if necessary by trivial changes.
Yes, but isn't that basically what we have now?
Making two seperate options would be an option, allthough I feel it would confuse a bit.

Whatever is decided, it won't be put into place until 3.5 goes Gold anyhow.

Yes, but isn't that basically what we have now?

Not, what you have now disallows viewing who installed this hack, like it was before.

It's trivial to add a "send security update", that is merely a special case of notification.

...which is basically what we have now. Except that it's not labeled as a subscription...

...which is basically what we have now. Except that it's not labeled as a subscription...

So why not use that? Restore "who installed this hack", and use a button for security notifcation.

Why disable the feature, if you have the option to either subscribe to the thread, subscribe for security updates, and/or click install the hack.

If it's trivial, why disable a non trivial feature, to avoid implementing a trivial one?

Not sure if you understood me correctly, what I wanted to say was that what the install button currently does is work in the way you described above, not that it's actually using the subscription system.

Having said that, I don't understand what you mean by disabling a non trivial feature.


Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.
I'm sure we'll reconsider your suggestions at a later date, but at this time it's not really an issue.

Still, thanks for your comments/input. :)

Not sure if you understood me correctly, what I wanted to say was that what the install button currently does is work in the way you described above, not that it's actually using the subscription system.

Having said that, I don't understand what you mean by disabling a non trivial feature.


Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.
I'm sure we'll reconsider your suggestions at a later date, but at this time it's not really an issue.

Still, thanks for your comments/input. :)

What I meant was:

1. There was a "who installed this hack" system, prior to 3.5. This is a major feature, non trivial., and many here found it useful.

That system was removed, because you think it represents privacy and/or security issues to a limited number of uses who think removing that feature from everyone will protects them somehow.

2. There are trivial meathods to control and address those fears. Thread subscription, install button with hack update emails, and a security notification email. And of the 3, or combo thereof, are trivial solutions, that can resolve that issue. Someone with extreme concerns and does not want anyone to know they installed a hack, and does not want to subscribe to a thread, can still subscribe to a security update notification, without revealing the fact they installed a hack.

Implementation is not an issue, IMHO, since nothing new needs to be done. It's an existing hack that just needs to be re-installed if vb.org ever decide to change this "privacy" policy.

1. Is not removed "prior to 3.5". If it has ever been removed, it was more then a year ago.

2. That is exactly how it is working now, and already have been working for a long time.

1. Removed "more than a year ago" still means "removed". Prior to 3.5 is to illustrate you really don't need to "implement" anything, or wait for 3.5.

2. No it's not. You only have thread subscription, ans send updates. A 3rd notification, as explained, is needed, if extreme privacy was the real reason.

The list of of members to send a security update is exactly the same as the list of people to send an update to. It is just a matter of using a different text. There don't need to be a seperate feature for sending an update or a security warning.

The list of of members to send a security update is exactly the same as the list of people to send an update to. It is just a matter of using a different text. There don't need to be a seperate feature for sending an update or a security warning.

I personally think there's no need to seperate them.

But you will need to seperate them if you are convinced about this priavacy issue, and still want to allow send update, without showing that person as someone who installed the hack.

But this privacy protection is a two-edged sword. You say you don't want to reveal the person as someone who installed a hack. Yet you display that information if they reply to the thread for support.

This means they cannot seek support from the author in a thread, since they will be "exploited" or "exposed", so they resort to PM's and emails, which is more work for the author, who is not allowed to see them as soemone who installed the hack......

I can live without that feature, but it's a shame not to have it, and the various reasons given so far don't make any sense, at least to me.

But you will need to seperate them if you are convinced about this priavacy issue, and still want to allow send update, without showing that person as someone who installed the hack.

Hmm ... no. If I click Install but never post in the Thread, nobody knows that I do have this Hack installed. So Updated Notifications and Security Warnings are the same basically.

You say you don't want to reveal the person as someone who installed a hack. Yet you display that information if they reply to the thread for support.

Right. But that's the users decision: If he posts in the Thread he is aware that others know he is using the Hack.

IMHO, it's not important to have a list of Users who are using a Hack.
On the other Hand I do understand why there is request for such a feature.

Hmm ... no. If I click Install but never post in the Thread, nobody knows that I do have this Hack installed. So Updated Notifications and Security Warnings are the same basically.

Umm, no, it will show in the "who installed this hack". As stated a few times above, there will need to be alternative notification, if, as promised, that feature will be reinstated in the future.

The third notification is to help those who don't want to click install, don't want to subscribe to thread, yet still expect to get security updates. If that's what vb.org is worried about, a 3rd notification can address that concern.

Right. But that's the users decision: If he posts in the Thread he is aware that others know he is using the Hack.

Yes, it is, and it will put you, as the developer, in the position of supporting them by PM, or being "rude" and telling them they have to post to that thread to receive support.

Which gets us back to the extreme lengths we're going through, to protext a few members sense of false security. They have the right to be too cautious or paranoid, but they need to keep tabs on security updates. They have to do it for vB, Apache, PHP, their control panels etc., so why not keep tabs on vB hack updates.

Umm, no, it will show in the "who installed this hack". As stated a few times above, there will need to be alternative notification, if, as promised, that feature will be reinstated in the future.
There is no "who installed this hack", there have been no promise that it will be reinstated, nor is there a need for an alternative notification.

The third notification is to help those who don't want to click install, don't want to subscribe to thread, yet still expect to get security updates. If that's what vb.org is worried about, a 3rd notification can address that concern.
I doubt there will ever be a notification for those who don't click on installed.


And can we please get this discussion back to normal proportions (or better just stop):
- There is no need for a coder to see the names of those who have installed. It is just curiosity.
- Everything that is needed is already in place and working as designed.
- There won't be any non-urgent changes made to this site until vB3.5 Gold.

There is no "who installed this hack", there have been no promise that it will be reinstated

Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.

nor is there a need for an alternative notification.

The is a need, if the reasons given were valid. If there are other reasons beside the ones stated, then maybe.


And can we please get this discussion back to normal proportions (or better just stop):


Not sure what that means.

- There is no need for a coder to see the names of those who have installed. It is just curiosity.

There's no need for most hacks here either. I can click on other dev's profiles, and see what hacks they wrote, because I'm curious, and enjoy this feature. But I don't need to see them.

- Everything that is needed is already in place and working as designed.

Our needs vary, that's we open feedback areas.

- There won't be any non-urgent changes made to this site until vB3.5 Gold.

No one said it's urgent, at least not me.

Umm, no, it will show in the "who installed this hack".
There is no "Who Installed" Hack, and most likely will never be again.

if, as promised, that feature will be reinstated in the future.
AFAIK nobody promised that.

Now, could you please just accept our decision and stop arguing?
Thank you.

While you've all gone off on a tangent, i would like to show my support for a list (for hack authors) to show who's installed their hacks, i actually think it's an injustice that we can't see who's using our work, we put in the effort to release em so surely it's not much to ask to see who we're benefitting.

Now, could you please just accept our decision and stop arguing?
Thank you.

No one so far stated it was a made decision. But now that you say it is, I will definitly accept it.

Just for the records:

726679


I can understand both sides, i sometimes miss that feature myself, but as said, the disadvantages are bigger than the fun factor, so we won't add it again.

Just for the record, the wasn't the only quote, nor the whole post, nor the only statement by vb.org staff on this matter. :)

I do accept the decision, just don't know which of the reasons stated is the real reason, if any. First was privacy, then security, then implementation.

You have to realise that it's best not to give a reason, than argue different reasons, if you have already made a decision, and aren't open to other views.


------------------ Message auto-merged ---

O.k., I hope no one considers this further arguing :) I just thought this is a new option, that may remove some of the concerns.

If a member has a concerns about privacy and/or security, they do have a simple option. They can leave the home page field in their profile empty https://vborg.vbsupport.ru/external/2011/07/3.gif

This way, even if their username shows up as having installed a specific hack, no one knows their home page or forum, so the information would be useless, and does not present any concerns for privacy or security.

Me ducks :)

Wow... :)

Put it this way, if a hack has a security exploit, and a bad person finds out, if there is a list, he can very easily go to each site and attempt to exploit the loophole.

Hence why there is no list, and why the old list which we had was removed. (Members didn't want to be on the list too - they contacted to be removed, but still wanted to get hack updates).

The hack author can still see who has installed his hack, but we assume the hack author is not a bad person. :)

One thing I DO miss is the ability to see how many people have downloaded the attachments. Many people don't click install, and I always prefered the downloaded stats.

how about a UCP option "don't show me in install lists" checked default to all members.

One thing I DO miss is the ability to see how many people have downloaded the attachments. Many people don't click install, and I always prefered the downloaded stats.

I can do that in my usercp. not sure you mean unique members

Wow... :)

Put it this way, if a hack has a security exploit, and a bad person finds out, if there is a list, he can very easily go to each site and attempt to exploit the loophole.

Hence why there is no list, and why the old list which we had was removed. (Members didn't want to be on the list too - they contacted to be removed, but still wanted to get hack updates).

The hack author can still see who has installed his hack, but we assume the hack author is not a bad person. :)

Erwin, doesn't any of you guys (vbulletin.org) at least find it curious that you have to go to these lenghts, while vbuleltin.com doesn't do any of that? There has been exploits to vbulletin in the past, and they have never delisted any of the forums on their directory, in sigs, or in user profiles....

When vbulletin has an exploit, they just post a release in the announcement area, that's it.

If those who contacted you to remove that hack had the courtesy to just not flaunt their URL in their profile and sigs, the rest of us don't have to deal with their paranoia.

how about a UCP option "don't show me in install lists" checked default to all members.



I can do that in my usercp. not sure you mean unique members

Cool. I didn't know about that. I was just looking for the number in the postbit that used to be there.

Cool. I didn't know about that. I was just looking for the number in the postbit that used to be there.

But it resets to zero after each new version :)

The hack author can still see who has installed his hack, but we assume the hack author is not a bad person.
so how comes theirs no list for hack authors then?

***sigh***

Wow... :)

Put it this way, if a hack has a security exploit, and a bad person finds out, if there is a list, he can very easily go to each site and attempt to exploit the loophole.

Hence why there is no list, and why the old list which we had was removed. (Members didn't want to be on the list too - they contacted to be removed, but still wanted to get hack updates).

The hack author can still see who has installed his hack, but we assume the hack author is not a bad person. :)

In that case a list CAN be provided for the HACK AUTHOR ONLY.
That's what were saying all the time already. Or have I missed something? :ermm:

Yes you missed something.

The numerous replies stating that even giving the only hack author access to the list of names is not going to happen. And if it ever will be done, then it will for sure not be until 3.5 Gold and will have a very low priority.

Ok, if everything is so sure about this,
Close the thread and avoid 5 pages of discussion if it will result in nothing :/

Yes you missed something.

The numerous replies stating that even giving the only hack author access to the list of names is not going to happen. And if it ever will be done, then it will for sure not be until 3.5 Gold and will have a very low priority.
from what i've read that's the only time that's been stated so clearly :)

Originally Posted by Colin F
Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.

To clarify:
I meant that if this is implemented, it will not be before 3.5.

Please excuse me for formulating it unclearly. :)

To clarify:
I meant that if this is implemented, it will not be before 3.5.

Please excuse me for formulating it unclearly. :)
Bad Colin :p

Satan

73 reply's on one single question w0oot! :)

Not a surprise if that single question is repeated 36 times.

Not a surprise if that single question is repeated 36 times.... and the same lame answer is churned out 36 times. :rolleyes:

What is shows is that multiple people would like the option, and vb.org seem to have little interest in listening. I can't, off the top of my head, think of a single time when you don't seem to argue against requests for change - and the excuses in this thread border on pathetic.

If you really believe that hack authors are going to use a list [on here] to try and find out which boards have their faulty hack installed - for exploit purposes - then you are living in paranoia land. There are far easier ways to do this.

Clearly we are wasting our time asking for any changes, but for the record, my main reason/interest is in the installation pattern - I want to see the date/time of each install - to see the pattern over time. Why ? - because I do - and - since I have spent the time writing and releasing it, why shouldn't I see who's using it ?

Not a surprise if that single question is repeated 36 times.

It isn't, everyone is stating his/her opinion on the fact.
That isn't forbidden is it.

... and the same lame answer is churned out 36 times. :rolleyes:

What is shows is that multiple people would like the option, and vb.org seem to have little interest in listening. I can't, off the top of my head, think of a single time when you don't seem to argue against requests for change - and the excuses in this thread border on pathetic.

If you really believe that hack authors are going to use a list [on here] to try and find out which boards have their faulty hack installed - for exploit purposes - then you are living in paranoia land. There are far easier ways to do this.

Clearly we are wasting our time asking for any changes, but for the record, my main reason/interest is in the installation pattern - I want to see the date/time of each install - to see the pattern over time. Why ? - because I do - and - since I have spent the time writing and releasing it, why shouldn't I see who's using it ?

That would make 72 reply's instead of 73 :rolleyes:

Date/time patterns that is something that i can understand it could be usefull, especially if you have updated your hack a few times.

And people have been getting the same 'lame' answers because they make the same request over and over, without providing any new motivation for it. (BTW it isn't that many people requesting it, it is more the same few people asking teh same question over and over).

Somewhere in the beginning a question was asked, that all requesters have been ignoring:
- Give us 1 good reason why it would benefit the community if coders can see the names. And 'because i like it' is NOT a good reason if you ask me. All other reasons given, like sending a security notice, have no need at all to see the names.

And about asking for any change, if good enough motivation is given, it will always be considered. This don't mean that any request would be fullfilled.

Date/time patterns that is something that i can understand it could be usefull, especially if you have updated your hack a few times.Precisely.

And people have been getting the same 'lame' answers because they make the same request over and over, without providing any new motivation for it. (BTW it isn't that many people requesting it, it is more the same few people asking teh same question over and over).

Somewhere in the beginning a question was asked, that all requesters have been ignoring:
- Give us 1 good reason why it would benefit the community if coders can see the names. And 'because i like it' is NOT a good reason if you ask me. All other reasons given, like sending a security notice, have no need at all to see the names.Why does everything have to 'benefit' the 'community' ? (aren't we part of this community ?). Some things are just nice to have. :)

So how about a compromise then - display a list of each installs date/time, without the name (or to be really smart, display the name if they have posted in the topic) :)

What is shows is that multiple people would like the option, and vb.org seem to have little interest in listening.

Sorry, couldn't resist answering this ;)
Have a look at this: https://vborg.vbsupport.ru/misc.php?do=whoposted&threadid=91039

Not that many people anymore, as a few people have posted multiple times...


To conclude: I'm sure we'll review this when the appropriate time comes. Decisions won't be made before that, so I don't think it'll help to continue discussing this. But do whatever you like :)

<reply deleted, forget it - obviously a waste of time>

I have suggested a compromise - nuff said. :)

Sorry, couldn't resist answering this ;)
Have a look at this: https://vborg.vbsupport.ru/misc.php?do=whoposted&threadid=91039

Not that many people anymore, as a few people have posted multiple times...


To conclude: I'm sure we'll review this when the appropriate time comes. Decisions won't be made before that, so I don't think it'll help to continue discussing this. But do whatever you like :)

Then get a poll on the mainpage. Not everyone will look in these forums.
They rather look in the vB hacks forums.

So the nr of posts isn't a reliable number in this case.

Then get a poll on the mainpage. Not everyone will look in these forums.
They rather look in the vB hacks forums.

So the nr of posts isn't a reliable number in this case.Please read the last line of the post you are quoting again. Feel free to PM me if you don't understand what Colin is saying, and i will try to explain again in Dutch.

I know what he means just saying it.
And that this discussion won't help I've also already said when I said:

Better close this thread if discussions won't help :)

I think everything that can be said on the issue has already been said. We appreciate all feedback, however some things we would rather not add and at this time this is one of them.

In that case a list CAN be provided for the HACK AUTHOR ONLY.
That's what were saying all the time already. Or have I missed something? :ermm:
Well, since hack authors can see who installed their hack when the installer posts in the support thread, this is entirely possible. When we upgrade to vB 3.5 we can consider this again. :) Thanks for all the suggestions. We do listen, even if we may disagree. When we are on 3.5, feel free to remind me if I forget.