Cobra847
-
Posts
3547 -
Joined
-
Last visited
-
Days Won
26
Content Type
Profiles
Forums
Events
Posts posted by Cobra847
-
-
The ALR-45 equipped early -A is in active finalization progress based on our RWR work in the F-4E, and I hope it will drop in Q1.
-
19
-
9
-
-
We'd also like this and will touch on the topic with ED soon.
-
11
-
4
-
-
Thanks for the assist @DSplayer
-
3 hours ago, speed-of-heat said:
Flappie has said that the issue is replicable, by the test team and has now been bugged, there are a number of "MFD errors" when the TCS fails to load.
Yes, hope we can fix this soonest
-
3
-
-
Apologies for this; as noted above though it's a false positive.
-
1
-
-
12 hours ago, Silver_Dragon said:
On fact, some updates has been make on the trello with past updates.
Yes, I did a small update of the Trello roadmap but it's not complete.
2 hours ago, Volator said:I hope there will be news about the planned Draken. @Cobra847 mentioned years ago that HB had the intention to create an AI Draken as asset for the Viggen, but that they also have a full-module Draken on their agenda.
Yes, ASAP
-
1
-
-
Apologies for the delay; the art is nearing final completion now after redoing the undercarriage
-
5
-
5
-
-
Hey! We'll be doing updates for future products soon
-
4
-
2
-
-
11 minutes ago, riojax said:
Check the bug reports, as for example, the data sent to id.google.xx is telemetry.
Ok, please, next time when you see those problems that can affect the trust, make a public statement with all the research information at the moment that you have knowledge of them. It is not good for the trust to wait several weeks asking for this and only get the response that it is a "false positive" when a lot of trustworthy AV vendors say otherwise.
It is not a thing about likening; embedding CEF has a lot of cons too, for example, the huge RAM and CPU usage, and you demonstrated in your F-14 module that all can be made using the DCS UI except the video tutorials and the manual, which are totally optional. It would be great to have a checkbox to disable CEF and not load it on CPU and RAM, disabling the manual and browser.
Absolutely, from the otherside just keep in mind that we do things in good faith - and don't do crazy stuff just for the sake of it.
Adding CEF was not easy. We went through a lot of difficulty and trouble to try and push the bar in features; and we think we have good reasons for it. Trust me, Jester UI in v1 is hell. Adding a single menu was a total pain, not to mention the total impossibility to do things like localization or mouse interaction.
With regards to JESTER UI; especially with the 30hz tickbox checked, CEF for JUI should not take more than 100mb VRAM (at most!) and reduce your CPU perf by 5-10% when the menu is open. When it is closed it should be fully sleeping and causing virtually no performance impact.-
2
-
-
39 minutes ago, riojax said:
It is also frustrating to have the same response that it is a "false positive" without any technical detail, which is why a lot AV vendors are marking this as unsafe.
Privacy is important, and also a basic right for EU citizens, and your product is still sending unsolicited telemetry and data to Google and other third parties as reported here (and do it with the "offline mode" selected and the DCS GDPR-compliant check marked, in a clear violation of it)
Fix the privacy issues to be fully GDPR-compliant, and also work on the packer problem detected by AV vendors. This is not a bug like the dozens of pages reported; the GDPR violation is a serious issue.
The current build has the remaining bug that it will try to grab the video DRM plugin from the google update API server, and that's it. It's removed in the latest build which was supposed to launch yesterday. That should be the only remaining outside communication if you have the offline tag set and if not then, yes, it is absolutely a bug.
You can firewall HBUI.exe temporarily for now if you don't want it to try and download the plugin. The rest of privacy concerns are clearly described in our privacy policy linked from the EULA and our webpage, and are further covered by setting HBUI to be fully offline. GDPR is important, but again, it's not really productive to throw it in our faces as if we're some sort of evil corporation stealing your user data and you keep banging this same drum on hoggit, dcsexposed, floggit and here.
QuoteI can't understand why it turns into a defensive to ask for a truthful, accurate, serious, unequivocal and firm response (as you say in court) and was not my intent; as a customer, I only want a proper research, public communication and fix.
We're not being defensive. We're explaining. Which I think is exactly what you were hoping for?
We don't actually know ourselves why it triggers. We have 0 insight into the codebases or algorithms used by various AV programs. These are massive, mega corporations that don't exactly communicate this. The only thing we can do is to send our binaries in for "analysis" and have them whitelisted - but that's all.
Ultimately this is a relationship of trust. Either you trust Heatblur and our decade long history to not destroy your computers or hack your data - or you don't. The AV popup is somewhat secondary to that, ultimately.
The most we can do is to send our binaries and .exe's in for whitelisting, until then we can only recommend turning off AV for those specific binaries.
QuoteYes, but it was a nasty surprise for some. If you want to embed a web browser in a product that don't need it as a flight simulator, please, communicate it as some clients can decide to no purchase it because don't want to have it.
CEF is used in tons of products, that you likely use daily. BTW, it *was* explained what HBUI is in our March delay update - at which point we offered no questions asked refunds for pre-orders. And we still sort of do; including to you if you feel you want one.
It is also your opinion that it is not needed. For us, it offers tons of new features, the ability to display the manual in-game, faster UI development, the ability to open a browser and watch tutorials, and far more. Just because you don't like it doesn't mean it doesn't come with a lot of pros. It is time for DCS to have EFBs and more advanced UI features, such as character customization.
I think we've proven that to the point where it's going to become a standard feature in DCS, and so not only do we do all the legwork on getting the feature in and working into DCS and prove it's useful, but we also catch all the critique. Fun!
Ultimately, this discussion is somewhat like trying to defend our design and technical choices while at the same time trying to somehow explain we're not actually malicious actors. The former I can do easily, the latter you have to assign to us yourself based on our track record. Whatever I can do or discuss to help in that end, I will.
-
1
-
-
7 minutes ago, riojax said:
Right, this is a basic right; independent of whether you want it or not, I don't need your permission. But it is not very good as an official response to a client on a legit question.
I think that it is productive to have a good response about why a lot AV vendors are marking this software as unsafe after recent updates.I don't know if it is ED who makes this packer, but my AV detects that it is VMProtect, and I do not trust on this product as equal lot AV vendors.
Because it turns into a frustrating defensive discussion. How can we help customers and discuss concers when the reply is "Would you say the same thing in court?"
It turns the discussion and two-way street into a simple attack vector, I don't know how we can answer such questions.
I am always happy to discuss and have responses to customers. One can ping me on Discord, or even call me (the number is on our webpage).
During the runup to release (i.e. before the binaries were packed by ED) we also had a few false positives on our DLL's. Sometimes it's just the signature of what it does which is considered suspicious enough that it triggers the basic algorithm in the AV programs. To give you an example; for HeatblurJester, it could be because it reads the compiled .lua files in the Jester folder. The simple act of a dll getting invoked and reading files could be causing this. We also dynamically alter some of the UI code and pass through a lot of stuff between DLLs and the frontends. It might not even be VMProtect causing the false flag.
Ultimately I'm happy to explain anything we do, when or why. I get that us using CEF for UI purposes is not for everyone for example, but we can't make everyone happy with our choices.
What I can guarantee is that we will not ever intentionally ship malware to you, our customers, who are the most important thing to us at the end of the day.
I don't think Eagle Dynamics would do so either for their only, key product that ships to hundreds of thousands of customers.-
1
-
-
Seriously though, I get it, privacy is important, and safety of your hardware, data, computer is important. Full stop. But Heatblur Simulations does not ship malware to your computers. Period.
Talking about some magical, hypothetical court case about us shipping malware is not productive and is just frustrating.
Why would we, Heatblur Simulations, after 11 years of working hard to build our reputation and put every single fibre of our being into our products decide to start shipping viruses or spyware to customers? To a small flight simulation niche, at that? It makes no sense. What would we possibly stand to gain?
The simple answer is that we don't, and if we do something that you guys are unhappy with, we will take steps to try and amend and fix it.-
5
-
-
2 hours ago, riojax said:
Are you completely sure that is a false positive?
Is this your personal opinion, or is this an official Heatblur statement?
Assuming that the original code is clean, how do you know that the used packer that is closed source doesn't inject malicious code as the AV is pointing?
Would you maintain these same words on trial?
If you want to sue us, then do so. That's the official Heatblur statement.
Stop this nonsense, it's not productive.
If you don't trust the "closed source packer" by Eagle Dynamics then why are you running any DCS code at all on your computer!?!
-
7
-
-
Dear All,
Here's the slightly revised paint-kit that was done with the PBR update.
http://www.heatblur.se/Viggen_Paintkit_Revised.rar
Enjoy!
HB-
2
-
1
-
-
Thanks for sharing!
Its possible that once we fix pathing issues with non UTF8 characters; other Linux distros might work better too. -
Thanks, taking a look
-
1
-
-
2 hours ago, skywalker22 said:
Anyone knows the answers?
No, he does not correlate with RWR.
-
Just now, AdrianL said:
I suspect this is Chromium doing an update check, looking at the URL it is invoking. That would happen before your whitelist code.
yes, it's an update not for Chromium but for a specific plugin to play certain types of videos that Google distributes from its end. I've inhibited this now to ensure it does not get past any whitelisting.
-
1
-
3
-
-
2 hours ago, riojax said:
HBUI is a Chromium Embedded Framework (CEF) web app/instance with Google telemetry enabled, and it has a lot problems with WINE (also proton) and Windows <10.
Probably your best bet is look for an older version (Compatible with WinXP) on Spotify CDN but probably it didn't work as the API and ABI change a lot between CEF versions.I miss a lot the Jester 1 using the DCS API without loading a full Google browser.
There is no Google telemetry enabled and there is a full offline mode available from the Special Options menu for any privacy concerns if you want to avoid all online features.
We have no ability or plans to really support Linux. I doubt our Linux userbase breaches 100 individuals, and we simply don't have the resources to ensure Linux compat, sorry - though anything we can do with our limited time, of course we will try.
JUI 1 using the Lua API had severe limitations and we will not be returning to Lua based indicators for UI elements at the moment.-
1
-
-
@Phoenix FR - I've implemented a change that should always inhibit a request to update the video DRM plugin. This is an internal mechanism in CEF and it might have bypassed the domain whitelisting system (though it really shouldn't) - but there is now an extra guard. That said, I cannot reproduce this here in any mode, so not sure why you are seeing it. In any case, it should be in the next hotfix.
Like @BJ55 says otherwise there should be no online traffic in offline mode. I can't reproduce any external traffic here so hopefully the above is an edge case in case of it being outdated.
-
1
-
2
-
-
1 hour ago, RichardG said:
Is there a way to disable this? Its taking up resources, and I really don't need a browser in my flight sim.
If a browser is not open; it does not take any resources.
-
1
-
-
6 hours ago, Gamja Field said:
Post patch feedback.
Now the player aircraft looks perfect
. But it doesn't seem to affect AI aircraft.
It definitely is different for both (as it was an art change) - but its possible the AI displaces the horizontal stab a bit too much at the moment
-
1
-
-
3 hours ago, zaelu said:
The worse for me are the repeated callouts on AoA, G, altitude... "Watch the AoA... AoA is fine"... "Watch the AoA... AoA is fine"... "Watch the AoA... AoA is fine"...."Watch the AoA... AoA is fine". at infinitum... same for Gs etc. I wonder how it was considered... OK for launch such things
. A way to tell him all is OK and stop calling those like stopping him from ejecting would be nice.
I'm confused; there are no AoA or G calls in the F-4 by Jester?
-
Would appreciate re-verifying this bug on the latest patch if possible
-
1
-
Navy F-4B and the rest of the family
in Heatblur Simulations
Posted
Yes, the NAVY Phantom is very much planned and we're beginning prep-work