F-4E Phantom II Development Update and Release Delay Announcement

[Hiob]

Chromium is not chrome though.

It is a part of the chrome source code that was made open source.

That doesn’t make it safe on its own of course, but it is not chrome (and not google for that matter) and that distinction should be made.

Edited March 17 by Hiob

[KAKTYC_11]

"I dont like this ..." But do we have a choice ? Will wait ...

[Braunn]

Who cares. It's a cartoon plane a lot of people already paid for. No worries. 

[hermes7226]

An interesting story about the new Jester, which shows that developers of new modules do not need to develop their own artificial second crew members. It is enough to obtain an HB license for the basic Jester and adapt it to your plane/helicopter. As a result, we achieved advanced AI in all modules. In the case of the general management principle, great! 

[speed-of-heat]

15 minutes ago, Hiob said:

Chromium is not chrome though.

It is a part of the chrome source code that was made open source.

That doesn’t make it safe on its own of course, but it is not chrome (and not google for that matter) and that distinction should be made.

 

Agreed, and that's why I really don't mind it per-say as an idea... ( And I will amend my comment ts earlier to reflect that) but, having seen close at hand the work that goes on to adequately maintain a chromium fork just from a security perspective, this is not trivial...

[Hiob]

19 minutes ago, speed-of-heat said:

Agreed, and that's why I really don't mind it per-say as an idea... ( And I will amend my comment ts earlier to reflect that) but, having seen close at hand the work that goes on to adequately maintain a chromium fork just from a security perspective, this is not trivial...

True, but they don’t necessarily need to maintain it themselves….but that is speculative rabbit hole. I‘ll leave to somebody else.

The main security risk and attack vector for browsers is surfing malicious addresses though. In this case, even though the technology is browser based, I assume the access will be limited to certain fixed servers. Just like with any online game frankly.

I don’t think that this is necessarily dangerous. However I‘m not an expert on internet security, just an interested layman.

But I assume HB together with ED have thought this through. I doubt that they haven’t thought about the implications.

[Phantom88]

All The Best to You Heatblur Team.

I think we can all relate in some way of facing a massive somewhat unsolvable problem and beating our heads against the wall trying desperately to solve the issue...**Car Mechanic 101 for me**

I really appreciate the well written and detailed explanation...You put the very best effort into your products and it shows,The Phantom will be no different I'm sure.

We all stand with you...Please keep up the fantastic,groundbreaking work that makes The Heatblur name a measure of Quality and Immersion.

[Lace]

I too have my reservations about the UI integration.  DCS already stretches PC resources, and another seemingly unnecessary process running is certainly not going to help matters.  It reads to me like the good idea fairy paid a visit to the team, and they are too far committed now to write it off and just make an aircraft module, which ultimately is what we all wanted in the first place. 

I think perhaps they were a l little too ambitious with this one, I hope I'm proven wrong and they turn it around, but I feel we are in for a long ride of frustration and troubleshooting well after general release.

[Blooddawn1942]

Thanks for the clear statement. I'm immensely looking forward especially to this module, but it's absolutely no big deal to wait a little more. I know You guys are working your bones off! 

[freehand]

I can hear it now "My phantoms been hacked"  

[joker62]

@IronMike thank you very much for this update. A little disappointed, but after reading (and I'll read with even more calm in the next few days) your explanations I fully understand and agree the reasons for the delay in release of F-4E. Indeed, I hope that the current adverse circumstances can be resolved as soon as possible and ALL of you can soon be fully healthy again.
You are creating an extraordinary module, with innovative features that will give us a degree of realism and immersion that is currently unimaginable. And for those who, like me, have been real pilots for some time, this means a lot, a dream that continues on PC too.
I am also really grateful for your way of managing relationships with the community, with honesty and transparency. Instead of quickly resolving the matter with "it's ready when it's ready" (an expression that is often used by some in a too simplistic and, in my opinion, even disrespectful way) you took the time to explain in detail, writing a lot, but a lot.
I pre-ordered the F-4E almost immediately, and I'm still really happy I did.
Thank you for your hard work and your genuine enthusiasm.
Best regards.
Antonio.

[Tango3B]

1 hour ago, freehand said:

I can hear it now "My phantoms been hacked"  

Damn…

Okay, I guess we expected this entire situation already and this basically explains why we have not seen more videos of the F-4, yet…so no hard feelings there. Also, it’s the Phantom so it is certainly worth the wait…I mean, a certain F-4F in a special livery is basically parked right outside my living quarters on my airbase. And from what I saw this very livery will even be included in the DCS F-4E package - how cool is that? IronMike, Cobra…you guys need to promise something, though. As soon as the F-4E is becoming more stable please show real gameplay footage of it to make the wait more bearable. Anyway, good luck guys…

[speed-of-heat]

3 hours ago, Hiob said:

True, but they don’t necessarily need to maintain it themselves….but that is speculative rabbit hole. I‘ll leave to somebody else.

The main security risk and attack vector for browsers is surfing malicious addresses though. In this case, even though the technology is browser based, I assume the access will be limited to certain fixed servers. Just like with any online game frankly.

I don’t think that this is necessarily dangerous. However I‘m not an expert on internet security, just an interested layman.

But I assume HB together with ED have thought this through. I doubt that they haven’t thought about the implications.

if they don't maintain it who will... it wont magically update itself ?

certificate pinning could be used to limit access to specific sites, but, then we are in a different world of what is the criteria who maintains it and buys the certs etc..., otherwise it becomes quite difficult to limit actual access for example a suborned link  could be used by a motivated attacker, why would they be motivated money typically, ransom ware, vandalisim, the list goes on.  in the example they specifically show it going out to an arbitrary website, yes it happens to have DCS content on it and i actually use that site myself ... but what happens when that site links to another and so on ... who is going to maintain the whitelist, most games do not include a live internet browser for a reason ... this is one of them

I don't think they thought it was dangerous when in one of the first versions of IE they enabled arbitrary code execution remotely via a URL.. everyone thought it was a great idea until the bad guys started using it... even then i remember some of the more frantic calls begging to keep this functionality enabled... 

The problem is the implications for "good use" are easy and clear where as the implications for  "abuse" are not clear and hard to understand, because of 2nd and 3rd order problems... and hard even for security professionals with 4 decades in the field to understand ...  and TBH neither HB or ED are experts in the field of security.. because their exposed threat surface is small ... a browser changes that massively so, hilariously so... 

 

[Somu]

Thank you for the explanation. Of course, the delay is sad and the health problems are sad. Good work from you, I made a preorder and will wait for it to come out. I hope it will not be canceled. In the meantime, some of the work done is also very good, such as Jester's bombing-related features and optional night vision goggles. For example, for today's scenarios, the user who wants can use night vision as in the Modernized F4s. Thank you also for this. As I said, I hope the project will not be cancelled.

Edited March 17 by Somu

[speed-of-heat]

1 hour ago, freehand said:

I can hear it now "My phantoms been hacked"  

more that your phantom has an attack surface not exhibited in almost any other game/sim/module... that could be used to hack your computer ... thats what the sandbox bypass enables... 

[freehand]

9 minutes ago, speed-of-heat said:

if they don't maintain it who will... it wont magically update itself ?

certificate pinning could be used to limit access to specific sites, but, then we are in a different world of what is the criteria who maintains it and buys the certs etc..., otherwise it becomes quite difficult to limit actual access for example a suborned link  could be used by a motivated attacker, why would they be motivated money typically, ransom ware, vandalisim, the list goes on.  in the example they specifically show it going out to an arbitrary website, yes it happens to have DCS content on it and i actually use that site myself ... but what happens when that site links to another and so on ... who is going to maintain the whitelist, most games do not include a live internet browser for a reason ... this is one of them

I don't think they thought it was dangerous when in one of the first versions of IE they enabled arbitrary code execution remotely via a URL.. everyone thought it was a great idea until the bad guys started using it... even then i remember some of the more frantic calls begging to keep this functionality enabled... 

The problem is the implications for "good use" are easy and clear where as the implications for  "abuse" are not clear and hard to understand, because of 2nd and 3rd order problems... and hard even for security professionals with 4 decades in the field to understand ...  and TBH neither HB or ED are experts in the field of security.. because their exposed threat surface is small ... a browser changes that massively so, hilariously so... 

 

On a serious note Speed-of-heat speaks the truth here make no mistake.     

[Wood]

Thanks for the update. Totally understandable and thank you all for what your dedication and passion on your products. 

[Voyager]

When I say the "Why didn't we tell you earlier?" what immediately ran through me head was: 

"We're ready to ship? Sweet! Wait, what do you mean it stopped working? It was running Wednesday. It passed the full regression test. What did we change?" 

"Don't worry, I think I know what happened. We can test it once the build is done. It'll be a could hours." 

2 hours later... 

"What do you mean the compile failed?" 

Out of curiosity, did you all manage to find a compiler error too in all of this. Sounds like that's just about all that's needed for the full software hat-trick... 

[Cobra847]

1 hour ago, speed-of-heat said:

if they don't maintain it who will... it wont magically update itself ?

certificate pinning could be used to limit access to specific sites, but, then we are in a different world of what is the criteria who maintains it and buys the certs etc..., otherwise it becomes quite difficult to limit actual access for example a suborned link  could be used by a motivated attacker, why would they be motivated money typically, ransom ware, vandalisim, the list goes on.  in the example they specifically show it going out to an arbitrary website, yes it happens to have DCS content on it and i actually use that site myself ... but what happens when that site links to another and so on ... who is going to maintain the whitelist, most games do not include a live internet browser for a reason ... this is one of them

I don't think they thought it was dangerous when in one of the first versions of IE they enabled arbitrary code execution remotely via a URL.. everyone thought it was a great idea until the bad guys started using it... even then i remember some of the more frantic calls begging to keep this functionality enabled... 

The problem is the implications for "good use" are easy and clear where as the implications for  "abuse" are not clear and hard to understand, because of 2nd and 3rd order problems... and hard even for security professionals with 4 decades in the field to understand ...  and TBH neither HB or ED are experts in the field of security.. because their exposed threat surface is small ... a browser changes that massively so, hilariously so... 

 

As mentioned; we're cognizant of this and these features will only be available in a manner that is secure.
The intent is not to provide a general browser experience, but rather serve safe, appropriate content - strictly and safely. 

Most importantly, everything needed for the module itself runs locally (manual, UI, etc.) without a single byte of data leaving or entering your computer - and so we can even provide further options to further inhibit any traffic for the users who feel at risk by mistakenly hitting a hotkey.

 

Edited March 17 by Cobra847

[speed-of-heat]

13 minutes ago, Cobra847 said:

As mentioned; we're cognizant of this and these features will only be available in a manner that is secure.
The intent is not to provide a general browser experience, but rather serve safe, appropriate content. Landing URLs are hardcoded and cannot be changed by the user.

if any link is made to any internet based content you cannot make that guarantee...  if you are not allowing any access to the internet but only to code/data/lua that is local you need to say so explicitly ... and i will breathe a happy sigh of relief.

Edited March 17 by speed-of-heat

[VR Flight Guy in PJ Pants]

Shame, but understandable.

[ThorBrasil]

Hello @IronMike @Cobra847. HBUI is a powerful tool. I wonder if it's possible to add Google Translator to the manual part so that anyone who doesn't understand English can translate the manual into any language in real time during the flight. I don't know if the Google Translator API is free to use, but if it is, I would like this idea to be considered. Thanks!

[Bravo020]

So glad that it wasn't pushed out the door to tick the Winter 2023/24 release.

[t_hedlund]

Having been under the weather for most of last month, I can totally relate to the health issue. I hope everyone is feeling better. 

Like many other virtual pilots, I'm disappointed, but completely fine waiting for it to be right. Looking forward to all that the F-4E will bring to DCS. 

I have been with DCS for a while, I believe that the A-10 and P-51 were out, and ever release that I have watched has had either delays or were pushed out of the hanger a little too early. It is just a fact of life. 

[Raisuli]

HA!  You guys made me laugh.

We've spent the better part of a year trying to get our heads around the way Microsoft, and by extension it seems far too many other people, save files.  Sounds simple.  Once you get under the covers it's a convoluted, inconsistent, nightmare.  HBUI sounds even worse.

In the mean time it'll take another year or two to get good at the Viggen and where I should be with the F-14, particularly since I have two of those now.  Take your time, relax, visit with the family, and take some time off.  Down time tends to be when the toughest problems get solved.

<edit>

I should add that it would be nice if you let us know when you embed Chromium in your other products.  Always amazes me when people think software written by an advertising company is 'free', particularly after the Facebook iOS SDK debacle

</edit>

Edited March 17 by Raisuli