If you need any help modifying the linux server binary in the same way drop me a line.
I guess his point is that it doesn't need to be perfectly secure, it just needs to be 'good enough' for this application. Why wouldn't the use of SSL for the authentication simply suffice? Or a simple hash challenge-response to authenticate? T2 account data is not exactly sensitive. Security is important, but it's not an absolute requirement. You don't lock your $2K car into a $20K concrete bunker to protect it from theft.
Anyway, you implemented it, so you get to pick however you want to do it. I know Java, Ruby, C++, x86 and ARM(9) assembly and have a fair amount of knowledge about reverse engineering on UNIX. If you need any help modifying the linux server binary in the same way drop me a line.
EDIT: I imagine the best way to do this on linux would be using LD_PRELOAD to hook into the binary? I'd personally do communication between the T2 server process and a ruby interpreter via a UNIX socket instead of integrating the interpreter into the binary itself...
Yes, this is all very interesting. Yet I am curious about the white noise being generated about the overly described importance of cryptography and the lack of other topics that are required in a massive, multi-point communications system that, of course, takes security into account. Many languages and systems can do this, and no serious developer would ignore the required amount of security required. Furthermore, offers were extended to work in a cohesive manner, but it's become clear that some want to be first to market, cohesiveness be damned, thus accumulating allot of valuable and possibly misguided appreciation. There are multiple ways that all of this can be done and I respectfully point out that the community has always been fractured. This truly is a shame, as it is primarily driven by self-importance and immaturity. Many will also miss the disassociation between open and closed development that seems to be fueling this, although is it not fully obvious. The truly good news about all of this is that first may equate to vaporware, but not to market finances. It may quite likely be that multiple sites agree to shared lists at first, and they are always a backup to systems that have functional problems. And in that realm, files with preset favorites can easily be downloaded from pages that display solid servers and show instructions to get in manually. Then come along active systems that are intended to replace interactive functionality. This is where consolidated efforts would truly go a long way toward consolidating the community. But, alas and as often is the case, personalities can be found trumping principals. And in such cases, although cohesive opportunities are missed, people (players) will get choice. And votes are cast by way of usage. In the gaming community, you can always vote twice (or more) as I am sure many will. Although it would normally be considered that time will tell between systems, it is often the case that for many, friendships, associations and affiliations will happen, and color some peoples vision. Most players will probably decide to use multiple systems, since they really dont care about who did what when, but today, tomorrow and next year are always new days and new choices. I am especially happy that by all accounts there will still be fractures to bitch about next year
Ok, Thyth. A friend posted to me in private, but you did not, although I posted many things to you in private, so I will explain in public as well. My lines will start with ***
It's an authentication system. I have asked several times for you and others to explain how you planned to do authentication securely in any other manner. I have yet to receive a reply.
*** I am not sure about the words "several times" and I'd like to give you the benefit of the doubt but I publicly stated that there was allot to go over in session, meaning together. I know you touched on that below and I'll touch on that too but, first, the system as a whole needs to take in to account far more than just encryption, such as data (user) storage, player game and server game communication with the master service, connection methodology (XML WebServices, WCF / COM+, tokenized strings on http gets or posts, and decided upon interfaces, use case diagrams, api documentation, list implementation details and far more). The diagram is just the start of what I was describing, and it is also the basis for using users GUIDs, entered into a db, so that the token passed to the user, and picked up by the game, will enforce that the user is who they say they are. To jump ahead, other than the one chat we had, and the fact I apologized for missing the 4pm meeting because of family points (where I gave you my phone number), if you'd even said "hey duud, Np, just don't let it happen again please" or something, anything that made it sound like you were not trying to do this alone. If you do this alone, you personally are fracturing the community because there are many good developers here and you are ignoring the human nature that not everyone agrees with your plans yet has reached out to you. If you ignore us or act exclusive, what are others to think?
You say there are multiple ways to do it, but the only method you described is a shared list of player accounts with no details on how you would prevent account forgery by malicious users. It's not a question of my ego as you imply, it's a question of getting competent answers about your envisioned technical implementation.
*** Please see the diagram included, which is a start. And review the PM's I sent because I think I sent you a link to the C# development articles I have published. Again, as I said, along with other good developers out there. It could well be that you develop a system seemingly alone instead of using it most other uses use published lists, or even downloadable files with preloaded favorites (a stop-gap many of us are likely to post). Again, I tried, mostly PM-wise, to communicate with you and missed one appointment, which I apologized for in 3 hours. What I am getting to here is, if you do this alone and too quick, when there are simple methods available, what if you develop something that does not work right for all people at all times? Are some players just SOL? That is not going to help your rep and it will ensure at least two automated methods will be out one day. Vivendi screwed us all and did not give us time. Let's work together, put up shared lists and downloadable, pre-made favorite files, and do this right the first time.
I'm not interested in a personality war, as I have the technical skills to accomplish a system that will meet and exceed the basic needs for an online system for this game for years to come. I am interested in people committed to work out REAL solutions, who do what they say they will do, and don't post armchair criticism like you just did.
*** I know you are not interested in a war. I apologize for some of the confusion that has taken place and will eat it. I am asking you, rather than rush something to place, which may work, and may not under the load of many pc's, let's try talking again. I know you want solid solutions, and I am with you 100% duud. I am not, nor would I armchair you, despite that comment. I stand behind each comment I made and will re-iterate... if you rush something into place that many players may or may not even use, we all lose face, because I represent a group of people who can build a kick-ass system as well. I can build a C#/SQL/SharePoint system (that I will call back-end) but I understand you are one of the few people who can write such a kick-ass client side system (when I say that I mean anything that uses T2 script, games and game servers, versus server side in this case, meaning everything that used to be Vivendi supported). And as for cobble to withstand an attack? Well, I suppose I deserved that one for calling you out like that. No, the systems I use will use RSA and more. You may teach me some about the functionality, but then as you implement the systems to encrypt on your end, the systems I use will do the same. We will be on par with each other. I fully agree doing it right is tough, and I credit you for that, I will honestly say that I thought you were doing what you accused me of... really saying nothing. You talked of RSA parts, and how close some of the other parts were to completion, but if it cracked, and a rushing developer should NEVER self test, how is that going to make people view you, your work, or the community? You could be right man... you may be perfect... I'm suggesting we take the weekend to discuss this on voice, and charge others with swapping lists and pre-loaded files.
Yes, there are easy ways to cobble together a system that won't stand up to any sort of attack. But security is hard, and doing it properly is hard. I want solutions, not a house of cards. If you have something to offer, I will work with you. If you are just here to criticize without getting involved, and without a big picture plan, I do not want to hear it.
*** Please see above...
You had your chance for input when we made an appointment communicate over your Ventrillo server. You missed your appointment, and as my free time is extremely limited, I have to focus on getting the secure system online. If you want to talk about your ideas for the web side of things, I will be open to listen to them after authentication and listing is online.
*** Ok, I'm glad you publicly stated that because that is what I am talking about... I gave you my home number, email, chatted with you the night before and life cropped up? You claim you waited an hour? You don't sound like the kind of person who waited an hour... and how hard was that really? You sit there and wait until I ping you on IM while you work... you really did not stare blankly, looking at the screen, waiting for my message for 60 minutes did you? Forgive me for wasting your time if you can bring yourself to do that, because farther up you sounded a bit more reasonable, but by the time you get to this part you have seemingly shown some colors that I don't think really represent you. Your last words made you out to be something less than reasonable... I'm sure that is not you. Besides, heres an idea
why dont you just sit back and build a list while other developers make something that works? Does that feel like what you wanted? Slow down duud, and assume that there are other good people around
you are hardly alone nor must you be a martyr
the community will slow down. But if done right it will again pick back up.
*** So I will leave it with this... if you rush your product to market, with all of this on record, I'm not sure this will work out well for you. A game community will stand some things in a waterfall methodology and others in an iterative methodology. A GUID based login system should be waterfall, and it has to work right the first time, and if you do this alone and others do not agree, there WILL be more than one system... great for community cohesiveness. But after that, building a player and team (and linking) page on that can be iterative... players will forgive some errors in that system a bit more, so long as the group got the first part right. I am asking... let's talk this over, get this right, and never give the community a reason to mistrust the system... ever. You are not perfect and you are not the only busy person around. If you put something out there without planning, testing, documentation and community backing, I will not use it, and I know for a fact I'm not alone. And I will move forward with other client (and game server) developers, and the community will vote by choice (or use both, or one until the other is ready, it's hard to say). But both of us can muster over twice the developers, testers, web-coders together rather than apart
and the keyless game will re-attract players. I know your feeling
I lived with it for years with another Tribe. I swore that if they did not get a good website up the community would lose people
and you are doing that now. The truth is, we will lose people either way
but a SINGLE, perfect, keyless system will bring them back... I am asking you to think it over and ping me with an opportunity that a few of us can jump in a Vent room this weekend.
(note - jpeg supplied by Vsf)
Wow, that was an incredibly pathetic read. All of your accusations are reversed. EWO/Pnet is the one that's clearly egotistical and stubborn about this. It's pretty obvious when you read Thyth's explanations that he knows what he's doing and it's going to be done well. When you read the other groups explanations... oh wait, they haven't even posted any. Anywhere. The fact that Thyth is being open and your group isn't makes it pretty obvious whose motives are more pure.
Small question... will we need our cd keys to create a new account?
Do we have some sort of IRC channel we could hang out on while Tribes 2 is offline?
I hope that I've been able to demonstrate a cohesive plan for an easy-to-use community system, and an ability to pull it off in the last few days. It's pretty clear that without a knowledge of C++ the types of modification made to the T2 executable would have been impossible.
Also, it's very easy to make uneducated claims from comfy armchairs. Yes, Ruby is free, but an interpreter integration with a closed source system is not something you can go onto SourceForge and download, it's a ton of work, and it happens to be an essential component to building this. Properly utilizing cryptography is also a lot harder than throwing around the terms RSA and SHA1. DUN is right that very few could pull this off -- I just happen to be one of them.
I'm offering aid in the solution, not an actual solution. I publicly stated that we are working on a solution, yes, but I have not accomplished nearly as much as Thyth has.
It felt like a punch to the gut when you stated that we were being egotistical and stubborn. EWO... maybe, but not PNet. I've PMed Thyth and openly stated here in the forums that we want to help in any way we can. Again, I realize that I stated that we were going to provide a master server, we still can if anyone wants to use the server.
I agree that Thyth has gone beyond talk and has shown that something is being done. So please, don't ever state that we at Pandora Networks are egotistical and stubborn when we're doing whatever we can to help.
I never stated how Pandora Networks was going to host the master server because at the time, we had no solution. When I found out about Thyth's solution, I requested to help by providing the server to him. He politely declined saying he already had someone lined up as the host and I politely backed off. Instead of using it as the master, maybe we can use it for something else.
If I sound egotistical it is because I personally want to help the community as much as I can. Yes, I had to come in with a bang saying, "Oh we're going to release a master server that will take place of the current 'official' servers." but I recognize that as a mistake because I now realize you don't bite more than you can chew. We didn't have a solution ready, I should not have made any official announcement. Yet since we wanted to show how much we wanted to help, an immature announcement was made.
I do apologize if we don't have anything like Thyth has, but we do have a server that the Tribes 2 community, and Thyth, can use at no cost. It's yours.
hai guyz i herd u liek mudkipz