Thread: Developers Blog

The third and final section of the CSM minutes are now available here, covering the following topics from the meetings:

· Incarna game play and vision

· Incarna new player experiences and captain's quarters

· Account security

· Thursday pre-meetings - Arnargeddon

· Game balance requests

· Game Design talks to the CSM

· Post Dominion 0.0

You can find first two sections consolidated into a single document here. A final release containing the entire minutes in one file will be released on Monday and added to the CSM Meeting Minutes page.

Many thanks to all who were involved in the meetings and all those involved with creating and finalising the minutes.

-The CSM Team













More...

TL;DR: CPUs that don't support the SSE2 instruction set will not be able to run EVE Online after the Incursion 1.1.0 deployment on Tuesday, January 18, 2011. This will cause players still using Intel Pentium 3 or older and AMD Athlon XP or older CPUs to not be able to run the EVE Online client.

During the testing of Incursion 1.1.0 we received reports of a seemingly random issue that caused the client to crash on startup. While some of our Singularity testers reported the issue, we weren't able to replicate it. The error log that was generated didn't prove to be helpful, and due to the extremely few reports we received on it, we couldn't take the investigation further.

In an epiphany moment, a diligent tester figured out that some of the third party binaries we use to run EVE Online had been updated recently. Looking further into the issue, we found that a feature had been turned on that used the SSE2 instruction set and the unexpected fallout was that non-SSE2 capable CPUs became incompatible.

We've looked at hardware trend reports and the general status of the market and this obsolete generation of CPUs in desktop computers and gaming rigs is nearly extinct. We estimate that around 0.3% of the playerbase will be affected. We have, therefore, decided to not let this block the deployment of Incursion 1.1.0. An info message that pops up when you start the client on a non-SSE2 capable machine has been added for clarification. We urge everyone who encounters this specific error to submit a petition to our customer support department. We will have updates on the next steps we take with this issue immediately after the weekend but we wanted to get a blog up ASAP to inform everyone about the issue.

Cheers,

CCP Zulu







More...

TL;DR: CPUs that don't support the SSE2 instruction set will not be able to run EVE Online after the Incursion 1.1.0 deployment on Tuesday, January 18, 2011. This will cause players still using Intel Pentium 3 or older and AMD Athlon XP or older CPUs to not be able to run the EVE Online client. Athlon 64 CPUs are not affected.

During the testing of Incursion 1.1.0 we received reports of a seemingly random issue that caused the client to crash on startup. While some of our Singularity testers reported the issue, we weren't able to replicate it. The error log that was generated didn't prove to be helpful, and due to the extremely few reports we received on it, we couldn't take the investigation further.

In an epiphany moment, a diligent tester figured out that some of the third party binaries we use to run EVE Online had been updated recently. Looking further into the issue, we found that a feature had been turned on that used the SSE2 instruction set and the unexpected fallout was that non-SSE2 capable CPUs became incompatible.

We've looked at hardware trend reports and the general status of the market and this obsolete generation of CPUs in desktop computers and gaming rigs is nearly extinct. We estimate that around 0.3% of the playerbase will be affected. We have, therefore, decided to not let this block the deployment of Incursion 1.1.0. An info message that pops up when you start the client on a non-SSE2 capable machine has been added for clarification. We urge everyone who encounters this specific error to submit a petition to our customer support department. We will have updates on the next steps we take with this issue immediately after the weekend but we wanted to get a blog up ASAP to inform everyone about the issue.

Cheers,

CCP Zulu







More...

My name is CCP Purple Tentacle from Team Yggdrasil, the team responsible for EVE Gate. I am a real old-timer in EVE, have been a player since it was released in 2003. As a result, my character and I have gone through a lot together. I got used to seeing his familiar face multiple times a day, and this brings us to the topic of this little blog: the old character portraits.

As most of you already know, on Tuesday we are releasing Incursion, which comes with a brand new avatar creation system. All the old portraits will be removed from the game and you will have to create new portraits for all your characters. I have spent considerable time playing with the new avatar creator and it is absolutely awesome. It is superior to the old one in every aspect, and no matter how many portraits I create with it, I just cannot get bored of it. However, no matter how cool it is, I figured that it would still feel like a loss to see my old face, the one I was tied to for many years, being flushed down the drain just like that. These old faces served their purpose. They represented us for over seven years, and they deserve to survive somewhere. So, back in December I requested a dedicated box and set it up to start crawling through all your seven million characters, rendering their portraits one by one and saving them in a nice and homey database. The box was rendering nonstop throughout Christmas and New Year's Eve and, despite being hit by a major disaster and having to restart the whole process at half time, it managed to finish on time. At this moment, everything is ready and set. All that was left to be done was to make sure that you can access these portraits somehow. So, we set up a little webserver for this project, running under the URL http://oldportraits.eveonline.com. It is running the same image server code that we also use for EVE Gate, for the forums and - starting with Incursion - for the game as well, so it is responding to the usual http://oldportraits.eveonline.com/Characters/{character_id}_256.jpg kind of requests. The key difference between this server and http://images.eveonline.com is that oldportraits will never be updated with new stuff; it will be serving the old portraits forever for those who were lucky enough to have one.

How to use this server?

On this server you can only retrieve portraits and can do so only in one specific size: 256x256. If you know your characterID, you can directly hit http://oldportraits.eveonline.com/Characters/{your_character_id}_256.jpg and you will get your old portrait back, like this:



If you do not know your characterID, the easiest way to get to this image is to go to EVE Gate, log in, go to the character selection screen, right click on your portrait and, depending on your browser, select "Open image in new tab" (Safari, Chrome) or "View image" (Firefox). In Internet Explorer you will have to open the Properties window of the image and copy/paste its address into a new tab. After having opened your character image, all you have to do is to change start of the URL from
https://image.eveonline.com/Character/751338053_256.jpg
to
http://oldportraits.eveonline.com/Character/751338053_256.jpg
and you will have your old portrait in the browser. From here you can save it, link it into your autobiography or just show it to your grandchildren.

What if you need a higher resolution version of the image?


You will have to let the client render it for you. Monday, the day before the Incursion release is the last day you can do this. If you want to save your own character portraits (or anyone else's, for that matter), here's a simple guide on how to do it:

1. Be logged into your EVE Client
2. Locate the character you wish to capture (search in People and Places, for example)
3. Right-click the character portrait
4. Click "Capture Portrait"
5. Find your EVE capture folder (by default: My Documents\EVE\capture\)
6. Open the "Portraits" folder, in which you should find a nice high-res portrait of the character

Enjoy.

CCP Purple Tentacle









More...

My name is CCP Purple Tentacle from Team Yggdrasil, the team responsible for EVE Gate. I am a real old-timer in EVE, have been a player since it was released in 2003. As a result, my character and I have gone through a lot together. I got used to seeing his familiar face multiple times a day, and this brings us to the topic of this little blog: the old character portraits.

As most of you already know, on Tuesday we are releasing Incursion, which comes with a brand new avatar creation system. All the old portraits will be removed from the game and you will have to create new portraits for all your characters. I have spent considerable time playing with the new avatar creator and it is absolutely awesome. It is superior to the old one in every aspect, and no matter how many portraits I create with it, I just cannot get bored of it. However, no matter how cool it is, I figured that it would still feel like a loss to see my old face, the one I was tied to for many years, being flushed down the drain just like that. These old faces served their purpose. They represented us for over seven years, and they deserve to survive somewhere. So, back in December I requested a dedicated box and set it up to start crawling through all your seven million characters, rendering their portraits one by one and saving them in a nice and homey database. The box was rendering nonstop throughout Christmas and New Year's Eve and, despite being hit by a major disaster and having to restart the whole process at half time, it managed to finish on time. At this moment, everything is ready and set. All that was left to be done was to make sure that you can access these portraits somehow. So, we set up a little webserver for this project, running under the URL http://oldportraits.eveonline.com. It is running the same image server code that we also use for EVE Gate, for the forums and - starting with Incursion - for the game as well, so it is responding to the usual http://oldportraits.eveonline.com/Character/{character_id}_256.jpg kind of requests. The key difference between this server and http://images.eveonline.com is that oldportraits will never be updated with new stuff; it will be serving the old portraits forever for those who were lucky enough to have one.

How to use this server?

On this server you can only retrieve portraits and can do so only in one specific size: 256x256. If you know your characterID, you can directly hit http://oldportraits.eveonline.com/Character/{your_character_id}_256.jpg and you will get your old portrait back, like this:



If you do not know your characterID, the easiest way to get to this image is to go to EVE Gate, log in, go to the character selection screen, right click on your portrait and, depending on your browser, select "Open image in new tab" (Safari, Chrome) or "View image" (Firefox). In Internet Explorer you will have to open the Properties window of the image and copy/paste its address into a new tab. After having opened your character image, all you have to do is to change start of the URL from
https://image.eveonline.com/Character/751338053_256.jpg
to
http://oldportraits.eveonline.com/Character/751338053_256.jpg
and you will have your old portrait in the browser. From here you can save it, link it into your autobiography or just show it to your grandchildren.

What if you need a higher resolution version of the image?


You will have to let the client render it for you. Monday, the day before the Incursion release is the last day you can do this. If you want to save your own character portraits (or anyone else's, for that matter), here's a simple guide on how to do it:

1. Be logged into your EVE Client
2. Locate the character you wish to capture (search in People and Places, for example)
3. Right-click the character portrait
4. Click "Capture Portrait"
5. Find your EVE capture folder (by default: My Documents\EVE\capture\)
6. Open the "Portraits" folder, in which you should find a nice high-res portrait of the character

Enjoy.

CCP Purple Tentacle









More...

My name is CCP Purple Tentacle from Team Yggdrasil, the team responsible for EVE Gate. I am a real old-timer in EVE, have been a player since it was released in 2003. As a result, my character and I have gone through a lot together. I got used to seeing his familiar face multiple times a day, and this brings us to the topic of this little blog: the old character portraits.

As most of you already know, on Tuesday we are releasing Incursion, which comes with a brand new avatar creation system. All the old portraits will be removed from the game and you will have to create new portraits for all your characters. I have spent considerable time playing with the new avatar creator and it is absolutely awesome. It is superior to the old one in every aspect, and no matter how many portraits I create with it, I just cannot get bored of it. However, no matter how cool it is, I figured that it would still feel like a loss to see my old face, the one I was tied to for many years, being flushed down the drain just like that. These old faces served their purpose. They represented us for over seven years, and they deserve to survive somewhere. So, back in December I requested a dedicated box and set it up to start crawling through all your seven million characters, rendering their portraits one by one and saving them in a nice and homey database. The box was rendering nonstop throughout Christmas and New Year's Eve and, despite being hit by a major disaster and having to restart the whole process at half time, it managed to finish on time. At this moment, everything is ready and set. All that was left to be done was to make sure that you can access these portraits somehow. So, we set up a little webserver for this project, running under the URL http://oldportraits.eveonline.com. It is running the same image server code that we also use for EVE Gate, for the forums and - starting with Incursion - for the game as well, so it is responding to the usual http://oldportraits.eveonline.com/Character/{character_id}_256.jpg kind of requests. The key difference between this server and http://image.eveonline.com is that oldportraits will never be updated with new stuff; it will be serving the old portraits forever for those who were lucky enough to have one.

How to use this server?

On this server you can only retrieve portraits and can do so only in one specific size: 256x256. If you know your characterID, you can directly hit http://oldportraits.eveonline.com/Character/{your_character_id}_256.jpg and you will get your old portrait back, like this:



If you do not know your characterID, the easiest way to get to this image is to go to EVE Gate, log in, go to the character selection screen, right click on your portrait and, depending on your browser, select "Open image in new tab" (Safari, Chrome) or "View image" (Firefox). In Internet Explorer you will have to open the Properties window of the image and copy/paste its address into a new tab. After having opened your character image, all you have to do is to change start of the URL from
https://image.eveonline.com/Character/751338053_256.jpg
to
http://oldportraits.eveonline.com/Character/751338053_256.jpg
and you will have your old portrait in the browser. From here you can save it, link it into your autobiography or just show it to your grandchildren.

What if you need a higher resolution version of the image?


You will have to let the client render it for you. Monday, the day before the Incursion release is the last day you can do this. If you want to save your own character portraits (or anyone else's, for that matter), here's a simple guide on how to do it:

1. Be logged into your EVE Client
2. Locate the character you wish to capture (search in People and Places, for example)
3. Right-click the character portrait
4. Click "Capture Portrait"
5. Find your EVE capture folder (by default: My Documents\EVE\capture\)
6. Open the "Portraits" folder, in which you should find a nice high-res portrait of the character

Enjoy.

CCP Purple Tentacle









More...

Character Creator Update

Player feedback has shown us that there is a lack of clarity in the portrait creation stage of the new character creation process. In particular, it is not clear enough:

i) which of the four available portraits will be used in-game,

ii) that players are unable to come back and adjust their portraits once they proceed through character customization and into the game.

Changes to the portrait creation UI to make the process more clear

We are implementing UI fixes that we hope will resolve the above two issues.

Change 1: Change the "Save" button to "Finalize". "Save" implies that it is possible to go back and make adjustments later. "Finalize" is just more... final.

Change 2: When players click "Finalize" they will be presented with a dialogue box like the one below. The dialogue box shows the portrait snapshot that the player currently has selected. It makes clear that this is the portrait that will represent the character to other pilots in game and that once the player clicks "YES", no further changes will be possible. However, if a player clicks "NO" they will be returned to the portrait creator and can continue working on their portrait.



A chance to recustomize

We understand that many players proceeded into game under the impression that they could come back and make adjustments later; whilst other players didn't end up with the portrait they believed they had chosen.

We want to ensure everyone has the portrait of their choice. So now that we have made the UI clearer we will give all characters who have already completed character customization a chance to recustomize. This will be a one-time recustomization to be used during the grace period.

Characters who had yet to complete customization for the first time will not need this recustomization as they will see the improved UI on their first run through the customization process.

When will these changes happen?

Testing is still underway and if all goes well you should expect to see the changes outlined in this blog in the game before the weekend. We will confirm the timing when we know for sure.

Grace Period

There has also been a little confusion about what exactly the grace period is. For the next several weeks, we are allowing players to enter the game without having to proceed through character customization. This grace period was introduced in response to players' concerns about being forced to rush character creation if they needed to log in to the game to change skills, deal with a science and industry job or jump into an urgent fleet op. We think that a few weeks will give players a chance to take their sweet time in designing the best character they can. For all the power gamers with multiple alts there is always the randomize option to speed things up.

The grace period does not mean that players will be able to design and redesign their characters as many times as they like once they have accepted their portraits.

We currently plan for the grace period to last for about a month from the initial deployment. We will announce the closing date with plenty of notice when we know when it will be.

The Future

We will be introducing the ability to repeatedly recustomize characters in a future release. The current plan is to introduce this at the same time as we release tattoos, scars and piercings so players can take advantage of these new assets. We are still in the early design phase, so we don't have any more details at present. Expect a devblog explaining more in the coming weeks.















More...

Greetings Internet Space Pilots!

This is the first in what will be an indeterminate number of blogs which will be focusing on our ongoing mission to keep your account information secure. I should mention that this particular blog is the vast majority of the security portion of the CSM meeting, which was removed from the meeting minutes in favor of this blog. We also discussed some things forum goers may already be aware of such as the Gawker database hack and the issues we had a few months ago with some packet filtering devices at universities. I've decided to start with phishing because I think it's pretty lame. It's also rather prevalent because it essentially requires zero talent and if left alone can bury your inbox in garbage while the phisher harvests the odd account to convert to cash. As with any of our security efforts, whether it be account security or RMT, our focus will be on increasing the amount of effort required while reducing the profitability of the enterprise. As I've said in a previous blog your stuff has value and is, ipso facto, of value to lazy criminals.

As with anything when deciding how we should work on reducing the potential for phishing we did some research to determine what others have done in this area. It just so happens that Paypal/Ebay had a tremendous phishing problem and documented their methodology for reducing its effectiveness very well. At one point in the not-so-distant past Paypal and their parent company Ebay accounted for 80% of all phishing traffic on the Internet. Given the impact this had on their service they took a holistic approach to the problem and over the course of a year or two were able to reduce this number to under 10%. I'd personally say those are pretty good results and as such we've studied their approach which they helpfully documented and made public here, and have borrowed from it in spades. Virtual hi5's to the folks at Paypal for doing the world a favor and so rigorously documenting this process they established.

This is a flow diagram which mirrors a similar diagram created by Paypal and maps out the lifecycle of a phishing attack and its impact on the business and the business's customers:



It's fairly straight forward, a phishing email is sent which leads to a bad user experience and financial loss to CCP in the form of work and reimbursements. That bad experience can leave a sour taste in a customer's mouth which will lead to lower activity (and less fun). The information obtained by the fraudster is then used to liquidate the user's assets and/or sell off the user's account information to be used for other bad activity, which is what spurs the additional phishing attacks in order to generate further profit for the bad guys.

This diagram illustrates how we will put up some walls to address each step of the problem with detailed explanations below it:



Block 1 - Here is where we reclaim our email. Below is an example of a phishing attack:



This email is carefully crafted to appear as if it came from us. In order to best help our customers be safe from these types of attacks it behooves us to make it easier for customers to be able to identify email which was REALLY sent by us. Currently a customer has to do a bit of work to determine that the URL the link points to is not actually our website. It's not surprising at all that many people would click the link provided, as the email for all intents and purposes seems to have been sent by us. We will be changing our mail infrastructure a bit to make this more difficult by implementing a combination of technologies referred to as "SPF" and "DomainKeys". In essence these two technologies allow email providers to take a look at incoming email and determine with some degree of certainty if the email they're receiving was actually sent by the holder of the domain name that the email is purporting to come from.

In this scenario if someone tries to send an email from SUPERADMIN@EVEONLINE.COM and the mail wasn't sent by one of our authorized servers many mail providers including Google, Microsoft, Yahoo and AOL will simply drop the mail and it will never arrive in your inbox. In addition this will provide the end-user with some capabilities to CHECK whether an email was sent by us on their own, which is a subject we'll get to once the implementation is complete. SPF will be implemented in approximately 7 days. DomainKeys will take a bit more time as things need to be moved around in order to implement that properly.

Block 2 - In block 2 we work to prevent the sites from being displayed to our customers. There are actually 2 things in play here. Below is an illustration of the first:



Click image to enlarge.

This is an example of an error message generated by the latest version of Internet Explorer when attempting to access a phishing link from an email. Every single phishing link we've been sent in the recent past has been properly identified by the latest versions of IE, Firefox and Chrome as a web forgery. In order to benefit from this safeguard you need to have an updated version of your browser and you need to have the feature turned on.

You can enable this feature in IE 8 by clicking tools, internet options, Advanced tab and then checking Enable SmartScreen Filter. You should also check "Warn about certificate address mismatch" and "Warn if POST submittal is redirected to a zone that does not permit posts" just to be cool and safe.

In Firefox you can enable this feature by clicking Tools, then Options, then clicking the Security Lock icon at the top and ensuring you have both "Block reported attack sites" and "Block reported web forgeries" checked. Bonus points if you also check "Warn me when sites try to install add-ons".

In Chrome you click the wrench symbol then click options. Click the "Under the hood" tab and make sure you have "Enable phishing and malware protection" checked.

The Safari unsafe sites feature is located at Safari > Preferences... > Security. Check "Warn when visiting a fraudulent website".

On iPhones/iPad, it's Settings > Safari, set Fraud Warning On.

In Opera, it's Preferences > Advanced > Security. Check "Enable Fraud Protection" (Credit Trebor for the last three browsers it was a timesaver)

One way we plan on helping our users who don't anxiously f5 the blog section to see if I've written something of note is to start checking the User-Agent string your browser sends us when you connect to the EVE Online website and give you a little warning if you are running a version of your web browser of choice that does not support this option. We won't limit your interaction with the site in any way, but we do feel that letting you know that you're driving the Internet in a position of risk is worth reminding you about.

In addition to this we're constantly working internally to detect this type of activity in a number of ways. Something that is of great value to us is when you forward any phishing emails you receive to security@ccpgames.com. I can assure you that while I may not personally respond to every email which gets sent to this box I do monitor it every minute that I'm awake and if something new comes in we get to work on it right away. There's no such thing as too many of a phishing email in that inbox. We use this information in a multitude of ways on the back-end that are of significant value to your account, as well as in block 5. Hold your horses I'm getting there.

Block 3 - Block 3 is where we ensure that we're properly authenticating our users. Authentication from our perspective is ensuring that you are you. Not that you are someone with your password. That you, guy whose name is yours, is really you. An initial shot at this was when we began asking you to name one of the characters on your account. I think security folk have known for a while, and all of us on the Internet are beginning to finally accept that the days of passwords as a sole authenticating factor are over. In this block we're still doing quite a bit of research, but it is an area we want to address and you'll be the first to know what changes are coming when we do.

Block 4 - Block 4 is where we foster ongoing communication with you, our customers and fellow travelers, in order to ensure that you have as much information as possible about what the threats are and how you can prevent yourself from falling victim to an attack. We do this because it is our firm belief that the more informed you are the better off you'll be. These phishing emails don't arrive in my inbox. I don't get them, click on the links, or enter your account information when the nasty page comes up. It is you guys (I mean that generically not precisely YOU) who receive these emails and are at risk so the better we can help to arm each and every last one of you with information the better off we all collectively are.

Block 5 - In Paypal's example block 5 is where they worked with law enforcement to capture bad guys. I have some experience in this regard personally and I can tell you that this is a very difficult step for us to take internationally. What we're doing block 5 though is ensuring that every single route we can take to shut down every single site and tool the phisher has access to and uses are removed from the face of the Internet. The instant an email arrives in the security inbox we analyze the attack and begin running down any locations the attacks are being launched from. We then build a profile of each and every company involved in every leg required to deliver that content to your browser. This could be DNS, the ISP, the hosting provider, a registrar or any other person who is providing some form of delivery for the malicious content and we contact each and every last one of them asking them to shut it down. Recently we've been very successful in this regard and I'm working on putting together what numbers I can for some future blog on the subject. As it stands it's a bit difficult for us to measure but we'll try.

By shutting down the hacked servers or various other services the phisher is using we cause them to increase the amount of time spent building locations to link to in the phishing emails and we reduce the window that they have to successfully collect your information. If you were to click on a link and it went nowhere you couldn't very well give it your password.

The overarching idea when you combine each of these "blocks" is to increase the amount of work required vs. the payoff so that it is no longer a profitable enterprise to operate. This is a general concept that we are applying across the entire spectrum of malicious activity and doesn't just stop with phishing as we'll discuss in a later blog.

It is important to note that phishing is not the only way your credentials or private information can be stolen. One example we've given a bit in the past is third-party applications such as bots. We spend some time reverse-engineering this code and there are very few cases where ANY "botting" application does NOT send information to the creator that you did not intend it to. There is also NO class of bot that does not violate the EULA and will not get your account actioned against when we detect it. In one case that springs immediately to mind a freely distributed piece of code had a time-bomb in it where on a certain date and time it transferred the contents of the wallets of everyone using it to the creator. Another recent example had the bot sending all chat channels and communications to the creator. I cannot think of a single instance of bot creation where the creator built and maintained a botting program out of the kindness of their own heart. If you got it for free there's a catch and they're probably stealing from you. If you paid for it you're still just a cash register and they're probably stealing from you, regardless of if you paid for it with a credit card or through some obscure method of transferring ISK.

The reason these things exist RMT, Phishing, Forum Hacking for account harvesting, Bots, etc... is to squeeze money out of you and into the hands of a third party. There is no such thing as a free lunch anywhere and our overall strategy is to do whatever is necessary in order to make these endeavours unprofitable. This is our open response to phishing and in the future we'll have further updates on the other areas of concern. I'm looking forward to the comments and discussion and until next time have fun!

CCP Sreegs









More...

With Council of Stellar Management due to leave office on April 6th, it's almost time for the candidacy period for CSM6 to open up. The dates for the next election period are as follows:

February 9th to 23rd – Candidacy application period opens
March 2nd – Publication of the list of approved candidates
March 9th – Voting opens
March 23rd – Voting closes
March 30th – Results announced
April 6th – CSM 6 takes office
April 2012 – CSM 7 takes office

The time of the CSM summits in Reykjavik have not yet been finalised, although these will be announced when we open up the candidacy application period.

The only major change to this schedule compared to previous CSM election periods is the reduction of the amount of time between the publication of the list of approved candidates and the beginning of the voting period. This change has been enacted for reasons both of convenience for the overall schedule and that this time has in previous elections remained mostly unused by a large majority of candidates. The question of how acceptable such a change would be was put to the CSM and it did not meet with any major concerns.

We shall, however, be changing the application requirements. When applying for candidacy in CSM6, we will require that at least a basic campaign message stating what you are campaigning for and/or who you are representing is provided. There will also be a maximum limit of 200 words for the message. Failing to provide this will unfortunately result in us being unable to accept your application. This requirement is being added for the convenience of voters, to assist them in determining who they would like to vote for.

To apply for candidacy in the elections you will need to provide a scan or reasonable quality photograph of a currently valid passport. This is in order to prove that you can travel internationally to attend the CSM summits in Iceland. So if you want to run and do not have a passport as of yet, you have until February 23rd to acquire one! In addition to this you will need to be at least 21 years of age as of April 6th, 2011.

If you have any comments or questions, please head on over to the comments thread on the forums.

-CCP Diagoras









More...

Greetings Capsuleer,

This blog might be slightly odd compared to the normal dev blogs you read around here, but in a good way. After the Council of Stellar Management was here some weeks ago and had the opportunity to sit down with senior testers and Quality Assurance leads, we realized that Quality Assurance is something which we rarely talk about in terms of the ongoing process it is; rather we refer to it once in a while when something goes wrong. This is a terrible shame, so I figured it might be time to sit down and share some insights into one of the things we rarely talk about much, but tends to create bad experiences for players: Crashes.

One of the most annoying things I can think of, especially on games like EVE Online, is crashes. You might be in a fleet moving around, doing a mission, fighting an officer spawn, or otherwise doing something where a crash is just exactly what you didn't need. And it might cause you to lose your shiny new ship, which can ruin both your experience and wallet. It's almost the worst case scenario.

Crashes are serious business

As a direct consequence of the immersion-shattering experience a crash is, we go to great lengths to try and avoid them. One event that especially comes to mind was the deployment of Tyrannis 1.1 ("UICore"). During the dry runs, where all of Quality Assurance runs tests to make sure that critical functionality works on Tranquility post-deployment, a tester found a crash which would happen if you closed the Fitting Window before it had fully rendered the scene which renders your ship. While it's a bug that's easily avoidable, it is still an example of one with a potential cause for a lot of grief. Thus, the call was made by the people in charge to keep Tranquility down for an extra 5 hours and 5 minutes to build and test a set of new patches to resolve this issue.

Unfortunately, a scenario like this is a luxury we rarely have. In this case, a clear set of reproduction steps were present, which made verification and testing a fix something that could be done very quickly. But in most cases, we have little information to go on. We get the occasional bug report (which we greatly appreciate, keep them coming!) which we can sometimes reproduce. Despite these issues, we have a couple of tricks up our sleeve, which I'll now show you.

Client statistics and Winqual

You know how, when an application crashes, Windows will prompt you to submit the crash report to Microsoft? Yeah, that thing. Most people tell you not to submit it, because it doesn't make a difference and is a potential privacy risk. Yes, I too thought that back in the day when it was introduced with Windows XP. Back when I was an EVE Online player and experienced the occasional crash, I'd go "pfft, this won't make a difference even if I submit it." Boy, was I wrong!

As it turns out, the data you're prompted to submit is invaluable for tracking down crashes. In the absence of clear reproduction steps, they're the second best thing we can hope for when we find a crash issue. We get the data you submit through a Microsoft program called "Winqual," which allows us to see statistics about certain crash "signatures," and get crash dumps which allows us to see in which part of the code the crash occurred, and subsequently fix it.

For instance, when we were deploying Incursion 1.1.0, we were deploying no less than seven fixes to different crashes in different parts of the subsystems of EVE Online. This is only possible thanks to the men and women who, when prompted by Windows to submit the crash report, actually submit it.

When we deploy any patch, we keep a very close eye on not just forum and in-game channels, but also different channels we have. One is winqual, and the other is called “Client Statistics.” This is data we sample from Tranquility which is written to our database once an hour with different data, such as crashes, memory usage, CPU time and ping times. From that, we’re able to see if a patch has had an impact on crashes. Here’s an example of what a normal day on Tranquility looks like:



The percentage of logins to Tranquility that eventually ends in a crash is between 0.5 and 0.9%. An interesting visible feature of this graph is that around downtime the percentage of crashes significantly increases. There is a very good explanation for this.

One of the most common causes for a crash in some of our different sub-systems such as the Carbon graphics-engine, called Trinity, is when code attempts to access memory which is no longer there. When a client shuts down, it needs to ensure that it cleans up after itself, which means it needs to clear up memory, shut everything down correctly and, preferably, as fast as possible. This leaves room for code to try and access a memory resource which has been removed already, which can result in a crash.

If we see that a patch has caused an impact on crash rates, we use Winqual to locate new "Crash Signatures." As I mentioned earlier, these are the crashes you submit when your client crashes, and we use this to pin-point specific causes which results in a crash. Here’s an example of a typical issue as it appears from Winqual:




Click image to view larger version.

Here we have a basic idea of: when a crash was first observed by Microsoft, which versions of Windows crash the most and which language edition the operating system uses. There are some other interesting features in this graph. For instance, you can see that it took some days for the crash to really start happening. Notice the small peak before the big spike? That was a mass-test, which is when we take 100s of people onto Singularity and test things. These often help us track in which patch a specific crash was introduced.

As in these situations when we observe this kind of crash behavior, a developer is put on the case to fix the issue. As we don't always find reproduction steps, we schedule crash-fixes into the next possible patch and monitor the situation once again. And as you can see in the above graph, we can also confirm that the specific crash was fixed (although there’s still some noise left).

One of the problems, of course, is how much visibility we have into crashes and where they happen. Crashes are hard to deal with, really hard. If you experience a crash and get prompted to submit a crash report, please do send it. It gives us greater visibility into crashes and eventually helps towards publishing a timely fix. It also helps us filter out noise from crashes caused by bad hardware from issues we can fix. It’s a win-win situation for everybody.



So do not fear submitting crash reports, and remember to fly safe!











More...