Mod Merging

[johnnyboy88]

Ran across a new mod merge utility some of you may be interested in. Requires NET framework 4.5

Skymerge:

Known issues:

1. Due to limited testing some record fields are probably incomplete when it comes to updating references.

2. NAVI record could probably be more efficiently merged.

3. Threading code used in the UI doesn't always get completely removed after program exits, so sometimes a reboot is required to use the program again.

4. Search was disabled because of UI performance issues, needs to be reworked.

 

I don't know how different it is from this TES5Edit script:

https://skyrim.nexusmods.com/mods/37981/?

But I figure some of you may want to play around with it. From my understanding this is the final version the author is making. But the source code is provided if someone else wants to work on it.

 

Apparently the author was successful with limited script merging as well. It was successfully tested with two spell mods with scripts from what I gather.

[MontyMM]

Could you please provide a link to some information about the background to this? I've removed the download link for now, because I don't think it's a great idea for people to download executables from unknown sources, without some context. No offence - hope you understand! ;)

[johnnyboy88]

I can. Though I don't really see the difference. If someone is going to download it it's not going to change anything. I mean someone could just as easily put it up on Nexus and it doesn't make something new any more "safe". Not only that but this has the source code if you're that concerned. But whatev's, no biggie, here you go -- https://www.loverslab.com/topic/17632-prototype-mod-merging-utility-skymerge/

[MontyMM]

Thanks for that. What you say is right - knowing where a binary comes from by no means makes it magically any safer. But the decision to download a random binary from a totally unknown source, is different than the decision to download a binary from a known forum where its use is being openly discussed. The former I would say should always be rejected, whereas the latter might be a perfectly reasonable choice.

[GrandBulwark]

I can. Though I don't really see the difference. If someone is going to download it it's not going to change anything. I mean someone could just as easily put it up on Nexus and it doesn't make something new any more "safe". Not only that but this has the source code if you're that concerned. But whatev's' date=' no biggie, here you go -- https://www.loverslab.com/topic/17632-prototype-mod-merging-utility-skymerge/[/quote']

I'm still a bit skeptical, not of the utility but in it's choice of hosts.  LL is not necessarily bad, to the contrary some of their members are great people and mod authors etc.  My immediate concern is why LL over the Nexus.  Do you plan on looking into this any further Monty?  I'm intrigued but the whole LL thing has me even more skeptical than if no background information were provided.  Not to mention the fairly limited information found there on this utility.

 

No offense to the poster of the thread of course; just bad experiences with the site.  Like stolen and reuploaded content ect. 

[MontyMM]

TBH, no - I'm not personally very interested in this app, and I find LL a rather creepy place, and would rather not go there ;)

 

But, I see no good reason to object to a link to this app, and people can make up their own minds. It was a just a random mediafire link that I thought should be a security concern.

 

EDIT: When I say "creepy", that is perhaps not a clear enough warning. Here is fairly strong NSFW example of something on their front page.  Many people will want to avoid it.

 

 

 

BestialityRape

 

Hello, this is a mod of rape by animals.

 

Animation available

- Draugr

- Werewolf - 3

- Wolf - 2

- Horse

- Falmer - 3

- Bear

- Sabrecat

- Giant

 

coming

- Troll - Bug with the FNIS Modder it crash with the troll

- Gargoyle

- Vampire Lord

 

 

 

 

And this is far from the most extreme example.  If you venture there, you may want to scrub your browser afterwards!

[GrandBulwark]

TBH, no - I'm not personally very interested in this app, and I find LL a rather creepy place, and would rather not go there ;)

 

But, I see no good reason to object to a link to this app, and people can make up their own minds. It was a just a random mediafire link that I thought should be a security concern.

Hahaha creepy indeed.  Though probably not objectionable the utility seems to be incomplete.  I was also under the impression that most if not all utilities from FNV were not compatible with the more advanced Skyrim.  Testing will be required of course.  And of course I will not be the one to go first, I'm not that brave :)

[johnnyboy88]

Which is why I provided the link to the utility in the first place. I understand going to the site is not everyone's cup a tea.

 

Thanks for that. What you say is right - knowing where a binary comes from by no means makes it magically any safer. But the decision to download a random binary from a totally unknown source, is different than the decision to download a binary from a known forum where its use is being openly discussed. The former I would say should always be rejected, whereas the latter might be a perfectly reasonable choice.

 

Just because something is being openly discussed doesn't make it any safer either really. And could actually be more dangerous. Let me put to you a scenario.

 

Let's say someone creates cool new program X. totally legit version 1.0 and puts it up on a well known forum/site. People are all like cool this is great. It needs internet access for whatever reason so people let it through their firewall. Okay cool no biggie right? After all, everyone says it's a great utility. Well, now the creator releases version 1.5 with cool new feature Y. Only what isn't told is that bad/malicious feature Z is also packaged with it.

 

Now, all these hundreds of people download the latest bleeding edge update. Oh, it needs internet access like last time, lets just click my firewall's allow access button again. Now they've given malicious code Z access to their computer and internet. Because it's brand new there is no virus definition for it. So the only way they'll ever know is if someone notices the malicious behavior in their administrator logs or has really good HIP protection. Oh yeah. Did I forget to mention that it requires you to right click and run as admin too? No biggie. Everyone knows half the software out there needs to do that to get it to work. It's so common that most people just turn UAC off.

 

Now, let's say that someone does notice and reports it to their anti-virus company. It takes a little while for their anti-virus company to write a definition file and distribute it to other companies software databases. And all those companies use the same database too right? That's why there's different companies and software choices right? They're all equally effective right? Of course not. So not everyone is going to get that definition file. So this person also lets the site admins know about it. The site admins take it down and ban the offender. But how many people check all their mods pages and posts to see what's going on? How many mods do you have? Do you check them all every day? Meanwhile, The malicious creator is just creating another account via proxies and starts again with cool new utility T.

 

That may be an extreme scenario. However, I find that far more dangerous and worrysome than a random file. If a random file like that were to be malicious, The author would know it wouldn't reach very many people. Therefore, would probably not try as hard and probably reuse other malicious code. In which case your anti-virus software would have a better chance of detecting it.

 

 

Anyway. It's just an attempt at a mod merge utility so not many people are going to be all that interested in it anyway.

[GrandBulwark]

It's so common that most people just turn UAC off.

They do that is very strange indeed! Anyone reading this with UAC disabled, TURN IT ON!!!!

 

I agree with your scenario 100%

 

What is even more commonplace is developers bundling useless RAM hogging crap with legitimate useful programs. Sometimes they're malicious, but more often their just useless crap that starts by default when you boot up. Not only is it bundled in their; it exploits the fact that most end users don't give a crap where or what's installed and they just click straight through the installer. Not necessarily related; but that is just as bad to my mind as your scenario.

[Aiyen]

Java..... ask toolbar.. Just amazing that its still there after this many years. But that is an entirely different story.

 

In relation to this... hence why I dislike weird 3rd party programs... heck I even dislike the CK atm... but that is due to other reasons >_>

[GrandBulwark]

Java..... ask toolbar.. Just amazing that its still there after this many years. But that is an entirely different story.

 

In relation to this... hence why I dislike weird 3rd party programs... heck I even dislike the CK atm... but that is due to other reasons >_>

Would you like to install the bingbamboombarofdeathandcheesewafers?

 

Why YES Windows, while I'm at it how about I shove a fork up your PSU!!!! :@

 

LMFAO

[MontyMM]

Well, it is necessarily the case that every single piece of software we install has the potential to be malicious. Just about any sinister scenario you care to dream up is a possibility.

 

The only question is how much information we have to make a rational decision on whether or not to trust it. My position is that downloading a binary file from a mediafire link with virtually no information about its background is simply never an acceptable risk or a smart decision. Having more information, in itself, does not and cannot have any bearing on whether the software is actually a threat, but is does start to raise the probability of whether it is rational to trust it from zero. Though, if it's hosted on LL, perhaps not so much.

[GrandBulwark]

Well, it is necessarily the case that every single piece of software we install has the potential to be malicious. Just about any sinister scenario you care to dream up is a possibility.

 

The only question is how much information we have to make a rational decision on whether or not to trust it. My position is that downloading a binary file from a mediafire link with virtually no information about its background is simply never an acceptable risk or a smart decision. Having more information, in itself, does not and cannot have any bearing on whether the software is actually a threat, but is does start to raise the probability of whether it is rational to trust it from zero. Though, if it's hosted on LL, perhaps not so much.

Well said, summarizes my entirety of my concerns.  Even if the same thing were posted on the Nexus, I would be very Skeptical simply due to the fact that I was under the impression all FNV mods and utilities were entirely worthless to Skyrim.  At which point I would think that, if you had the skills to update the program to work for Skyrim, why not make an entirely new one that has a unique code.  Granted that would likely be harder, but it would also be the correct way to approach the issue to my mind.