-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is the purpose of this binaries in v5? #1156
Comments
The name of the file suggests that it may have something to do with generating an ID for a music bot |
Well, it's something that plain js could do easily, thats why seems shady that we need a compiled code to do that |
Yes, you are right. By using UUID in JavaScript, you can easily do that. |
Run it on linux easy fix |
Not really though. There's Linux binary version of generate-musicbot-id |
However we can just safely remove those files |
It does what its name describe, creates an identifier for the bot. It was made so we can identify skids who violates this project's license. It's still a prototype and it's not of any use currently since no other maintainer cares about skids and most of the time we can just find them asking for support in our discord server, which we inherently deny.
It does nothing malicious. You can prove it yourself. |
This is so silly. Plenty of open source projects can run without bizarre black-box code running on startup. |
Ok I'll remove it |
Even though I didn't create it |
You have no idea how many "developer" violating the very simple license, it basically says "Don't remove credits and keep your bot private" yet the amount of kid claiming credits and making their bot public is staggering. Some even dare to show their nose and ask for support on our discord server, now that's what you wanna call "silly". You're calling it "bizarre black-box code", may I ask you to elaborate more on that? Is it bizarre that we want to prevent you from violating our license? Do you not have any respect for our work? It doesn't even do anything to your computer, it only creates an Id and that's it. Not even mentioning that it's just a prototype and I have lost spirit to chase after dumb skid anymore. If you're just one of that skid then fuck off, don't use our code. |
I got your point and understand your anger. This ID can be generated by clear JS instructions. Not everyone has the skill to reverse a binary and truly check what it does. I think is normal for everyone to doubt about a compiled binary. Binaries are black boxes that CAN be silly, clear JS instructions CAN'T because can easily be understood. With this issue my point is not to remove your defensive mechanism over skids, but to make it clear to everyone! |
@Neko-Life I can see why you would be frustrated by free-loaders selfishly refusing to acknowledge community contributors for the sake of ingratiating themselves. However, this is not an excuse to attack anyone questioning an obscure DRM system in an ostensibly open-source project. @pierluigizagaria isn't saying that you should not be allowed to protect your project. But rather was under the impression that this was a fully FOSS project (I was too) and, felt that implementing DRM in the form of a compiled binary goes against what one would expect. If @SudhanPlayz is open to consideration on adhering to FOSS principles, I would suggest removing the black-box binary and switching to the AGPL license. The benefits of which are twofold: 1. It addresses the issue of "skids" by mandating the distribution of modified source code and preservation of copyright notices. 2: Having the backing of a well-established, (and slightly intimidating) license will allow us greater leverage in persuading "skids" to shutdown their services. |
You're right @daichuanwu21, I have cleaned my binaries. I don't care much whether we need to change the license or not as I am no longer active in this project. Probably @SudhanPlayz or @DarrenOfficial as code owners might wanna consider that. |
Cheers. |
I agree about the black box code. It's something that can be easily read and done in plain JS, but I believe that's the point of it. So it's not editable and easily removed. On a open project like this it should at least be more clear about what it does. |
Well, we're no longer cares about skids. However if I have a time I'll clone a previous commit to my remote dev machine, zipping this code and upload it to triage and run the program with invalidated token to see any network request that this script done (to see what the previously deleted black box does) |
@pierluigizagaria so I tried 2 of those binaries in triage, it really does nothing |
Maybe I don't understand this website, but judging by the Replay Monitor, did it ever even run the binary? |
Triage should be run the binary automatically. You can see the running process |
What have I missed? God, this is a mess. Please do not commit any binaries file. I am so sorry to everyone that has this arbitrary “binary” on their computer. Thank-you again @pierluigizagaria for bringing this issue to my attention.
Again, do not commit this. As this binary is unrelated to the project, itself. I understand that some people can't understand what FOSS is.
I will consider that for the future, will discuss with @SudhanPlayz. Will close this issue as this problem is resolved. If there's any security concerns/important information, please bring them to me directly. My email is me@darrennathanael.com & my discord is DarrenOfficial#3451 |
Hi, I would like to understand what is the purpose of this exe? Shall I be concerned about the security of this project?
The text was updated successfully, but these errors were encountered: