20 replies to this topic

[Lee]

We have released a security update to protect users from being directed to potential fake hubs through Openhublist and also removed the old AML client detection URL so nobody can misuse it. Users are open to being fed false information through both methods. This is a critical security update that every user should fix by downloading 1.3.8. There are a few other changes mentioned including encryption enabled by default and improvements to crash reporting system.

We have skipped 1.3.7 because it is a fake version based on 1.3.6 and removes limiter rules. We advise all hub owners and operators to ban it.

Download: ApexDC++ 1.3.8

[Mutant]

First of all thanks for the new release.

Quick question to the devs or anyone else reading this.

Has anyone noticed a unusually large number of connection time-outs in this release?

We have one user who had to revert back to 1.3.6 because he kept on timing out to people he was prior to the update connected to and downloading from.
Since he has reverted back he has no problems.

And myself have noticed that when I try and get someones file list it times-out more often than not.

[Lee]

Mutant, on 17 October 2010 - 08:33 AM, said:

First of all thanks for the new release.

Quick question to the devs or anyone else reading this.

Has anyone noticed a unusually large number of connection time-outs in this release?

We have one user who had to revert back to 1.3.6 because he kept on timing out to people he was prior to the update connected to and downloading from.
Since he has reverted back he has no problems.

And myself have noticed that when I try and get someones file list it times-out more often than not.

Hey,

The only thing that might have affected this is the TLS encryption settings in Advanced > Security. In 1.3.6, the third setting was not checked. Try unchecking it and see if it changes anything.

[Crise]

Lee, on 17 October 2010 - 08:55 AM, said:

Hey,

The only thing that might have affected this is the TLS encryption settings in Advanced > Security. In 1.3.6, the third setting was not checked. Try unchecking it and see if it changes anything.

Well the proper thing to do would be to forward the port marked as TLS, it's another TCP port though so you can't use same number in all.

[vincef]

Lee, on 15 October 2010 - 09:28 PM, said:

We have released a security update to protect users from being directed to potential fake hubs through Openhublist and also removed the old AML client detection URL so nobody can misuse it. Users are open to being fed false information through both methods. This is a critical security update that every user should fix by downloading 1.3.8. There are a few other changes mentioned including encryption enabled by default and improvements to crash reporting system.

We have skipped 1.3.7 because it is a fake version based on 1.3.6 and removes limiter rules. We advise all hub owners and operators to ban it.

Download: ApexDC++ 1.3.8

how can i ban 1.3.7??

thx for your help.

[Crise]

vincef, on 17 October 2010 - 09:40 PM, said:

how can i ban 1.3.7??

Your hubsoft might provide facilities for doing that kind of thing, other than that the only other option is the presently outdated CDM but configuring that is not worth the trouble since there are no premade profiles available anymore that we know of.

I will say this though, there are barely any who use that version afaik, and the only undesired change in it is the removal of limiter rules if the changelog is accurate.

The point we are trying to make is that this version was not released by us and should be treated as such... and more importantly it is each individual hub owners choice of how to deal with. All we want to make sure is that hub owners are aware that there is a difference if they see this version.

[burek]

Hi,

I have some critics regarding v1.3.8. so I'll just cut to the case.

First of all, in the installer process, there was no option to choose a Start Menu group (where to put the shortcut for the ApexDC++), so the installer has effectively overwritten my old ApexDC++ shortcut.

Second, please remove adware/advertisements from the installer, because it makes our users nervous, complaining about doubts that this software is becoming a spyware/spamware or something like that. My personal opinion is that your project should be sponsored by some kind of advertisement, to support the whole idea, but this is not the right way (to put it directly into installer). If this advertisement continues to make our users nervous, I'll just have to drop the support for ApexDC++ and switch to StrongDC++ or some other client (recommending it to our users), because I honestly don't have time to explain to all of them these things.

And the third complaint, in the public hublists, there is a link to http://www.hublista....list.xml.bz2... But.. Take a look here: http://www.hublista.hu/banned (the list of banned hubs) and see the reasons for banning hubs ("Nem magyar hub.", "Hungarian language is not allowed on main chat.")... Meaning, that list is ment for magyar hubs only. Obviously, there is no need to include that kind of hublist into ApexDC++

I don't want you to think I'm just complaining, because ApexDC++ is a great piece of software, but these things are really something that should be considered if you still intend to be the No1 DC client.

Edit:
Also, could you please standardize the download links (slim downloads especially), so there will be no situation where links for one version of apexdc++ display as "blah_32bit.7z" and in the next version display "blah_x86.7z". It is really painful to always do printscreens because of that, to be able to always have the latest fresh tutorial on how to update ApexDC++.. Thanks.

Edited by burek, 19 October 2010 - 10:00 AM.

[Lee]

Thanks for the post burek.

That hublist will be removed in the next version.

Regarding advertisements, if you do not condone it then please use the alternative download (slim) method. This is exactly the reason we have these listed. I'd be interested in your ideas relating to "some kind of advertisement" that will keep project funded. OpenCandy is opt-in. E.g the user must select install recommended software in order to receive it. All you have to do is explain this in your guide.

We may have unintentionally changed the filenames... I apologise.

There has never been that option in the installer, but we can look into it. Why does it matter if your shortcut is overwritten?

[burek]

Lee, on 19 October 2010 - 06:34 PM, said:

Thanks for the post burek.

That hublist will be removed in the next version.

Regarding advertisements, if you do not condone it then please use the alternative download (slim) method. This is exactly the reason we have these listed. I'd be interested in your ideas relating to "some kind of advertisement" that will keep project funded. OpenCandy is opt-in. E.g the user must select install recommended software in order to receive it. All you have to do is explain this in your guide.

We may have unintentionally changed the filenames... I apologise.

There has never been that option in the installer, but we can look into it. Why does it matter if your shortcut is overwritten?

Hi,

Thanks for your reply. I'm in a hurry, but let me just answer to this shortcut question. Many people have set their shortcuts to "Run as admin" on windows 7 and when the shortcut is overwritten, this no longer applies, so they can't download anything again, and thus they revert to 1.3.6, blaming us for "instable versions", etc. I'm not sure is this the exact scenario why downloads don't work for them, but I guessed it could be that, because those that were complaining were all using win7/vista.

[Lee]

burek, on 20 October 2010 - 10:51 AM, said:

Hi,

Thanks for your reply. I'm in a hurry, but let me just answer to this shortcut question. Many people have set their shortcuts to "Run as admin" on windows 7 and when the shortcut is overwritten, this no longer applies, so they can't download anything again, and thus they revert to 1.3.6, blaming us for "instable versions", etc. I'm not sure is this the exact scenario why downloads don't work for them, but I guessed it could be that, because those that were complaining were all using win7/vista.

Ok, but with users not changing it from default this will still happen. Best solution would be to get the exe to auto ask for UAC privileges ourselves.

[Peetboy]

Hi guys, usually I do update of Apex by replacing exe and pdb files. I did it this time again but now I can't download from people who has 1.3.8 updated same way. When I did clean install of 1.3.8 download works fine. Is this some kind of bug?

[Mek]

I upgraded the same way and everything works.

[Lee]

Peetboy, on 20 October 2010 - 07:57 PM, said:

Hi guys, usually I do update of Apex by replacing exe and pdb files. I did it this time again but now I can't download from people who has 1.3.8 updated same way. When I did clean install of 1.3.8 download works fine. Is this some kind of bug?

Out of curiosity, do you have the TLS/TCP port forwarded?

[Peetboy]

Lee, on 20 October 2010 - 09:38 PM, said:

Out of curiosity, do you have the TLS/TCP port forwarded?

No, never use it, only TCP and UDP ports forwarded because of router. TLS is set to 0. Actually I'm on local network hub so I never had to use encrypted transfers. More people on our local hub have same problem with connection after upgrade to 1.3.8.

[Crise]

Peetboy, on 20 October 2010 - 10:12 PM, said:

No, never use it, only TCP and UDP ports forwarded because of router. TLS is set to 0. Actually I'm on local network hub so I never had to use encrypted transfers. More people on our local hub have same problem with connection after upgrade to 1.3.8.

Either forward TLS port (set it to something besides 0), or disable TLS in settings > advanced > security (topmost of the three checkboxes) if you have no use for encryption.

[Peetboy]

Crise, on 20 October 2010 - 10:28 PM, said:

Either forward TLS port (set it to something besides 0), or disable TLS in settings > advanced > security (topmost of the three checkboxes) if you have no use for encryption.

Thank you so much. It works now with TLS off or with TLS forwarded as well. Thanks.
I'm just wondering why it had not impact until now? Does it have something to do with Change: Encryption options enabled by default?

[Crise]

Peetboy, on 20 October 2010 - 10:58 PM, said:

Thank you so much. It works now with TLS off or with TLS forwarded as well. Thanks.
I'm just wondering why it had not impact until now? Does it have something to do with Change: Encryption options enabled by default?

Yes, because we actually enabled TLS for upgrading users as well, not just new installations (this is because originally tls was enabled by default, then due to certain issues we disabled it for all installations, and now we reversed that)

[Chumphon]

Dear, I upgraded to 1.3.8 as well and are not able to connect the ports I normally use on my router....in 1.3.6 this problem did not exist. Any suggestions?

Cheers,

Chumphon.

[Lee]

Chumphon, on 26 October 2010 - 01:26 PM, said:

Dear, I upgraded to 1.3.8 as well and are not able to connect the ports I normally use on my router....in 1.3.6 this problem did not exist. Any suggestions?

Cheers,

Chumphon.

Please forward your TLS/TCP port in connection settings and let us know how you get on.

[Chumphon]

Lee, on 26 October 2010 - 02:11 PM, said:

Please forward your TLS/TCP port in connection settings and let us know how you get on.

forwarded the port but still no connection, it appears it wants to connect to either the tcp or udp port