I really mean it when i say, New players will not join your server. Sure, some will, chances are they'll be dedicated players, who you'll see a lot of. But the majority will not.
I don't doubt you really mean it, but our servers have been the most popular T2 servers for years. Police and I know what makes people join servers. If we host a good server, and players are willing to follow the rules, they won't be afraid to give us identifying data.
so... you better start researching authentication algorithms.
I keep hearing variations of this "take it or leave it" attitude, and it's not helpful for the T2 community. Full servers would be helpful. Thyth has offerred a way for us to prevent access to our server if a player doesn't have a referral from our trusted group, and still use a consolidated authentication/list server.
Set your server to randomly generate a new password once a day, and require users to sign up at your forums/website in order to view said password. Then you don't need to have your own complete auth system, and you can still force them to register!
Yes, that's a fallback solution. The optimal solution might be Thyth's proposed trusted group referral system that would allow us to control access while using a consolidated, community-wide authentication/list server.
I'll briefly describe what I've decided. The referral system idea seems to be the most flexible, and will allow individual administrators a great degree of leeway in the use of the data.
At the top of the hierarchy will be a virtual "root" node that exemplifies the highest authority. Server administrators of large and popular servers/mods will request "referrals" from this root. The users with referrals from the root will become the "top-level" references, and they will be responsible for providing references to other server administrators that run smaller servers, and those administrators, in turn, are responsible for providing references to their players. Players, in turn, will be able to provide references to other players, descending into the mundane part of the hierarchy.
I'll provide a reference analysis API which will enable queries to this tree. These queries could include determining if one player is part of a specific subtree (and if they are, how far away from the top of that subtree the player is).
If WarLovR wants to implement a system where a person needs to have a direct reference (i.e. distance = 1) from a set of trusted users, then he would have the flexibility to do so. You'll need to write a couple of dozen lines of script code... but I'm sure you can manage that, or find someone to do it for you.
If someone wants to be more open, they could implement a system where bans propagate down a tree after the majority of that subtree is known to be "bad". The exact criteria for "majority", and how far down the subtree that ban goes will be up to the individual administrators.
I'll probably include a base example case that bans a subtree if you end up banning over X% of a subtree. There will be a web interface for managing referral requests, and to view the tree itself.
This will add a few weeks of implementation and testing time, so launch can be expected in mid-December if I take this approach.
This will add a few weeks of implementation and testing time, so launch can be expected in mid-December if I take this approach.
In my opinion, this solution could offer us the best of both worlds: maximum flexibility for individual server hosts while facilitating community cohesion through a consolidated authentication/list server.
Even though T2 lovers have been miserable these last few weeks, what are three more piddly weeks of hell, in exchange for a chance to spend eternity in paradise?
I'll briefly describe what I've decided. The referral system idea seems to be the most flexible, and will allow individual administrators a great degree of leeway in the use of the data.
...
This will add a few weeks of implementation and testing time, so launch can be expected in mid-December if I take this approach.
So we're going from a working solution that requires nothing more than a download and an ingame key pair generation with a central server to something like a private torrent tracker where a new user has to find and wait for a referral from someone cool enough to already be a "member" of the "trusted" user base?
And implementing this ridiculous scheme will delay the liberation of T2 by another few weeks?
Come the fuck on, guys.
I'm not a programmer, first and foremost, but I had my own ideas for replacing the WON stuff a long time ago and it involved a solution similar to the way WASTE did things. Users would generate their own private and public keys, and then upload their public key to a central location, be it a "master" database for servers to authenticate from, or directly to the server itself. The server would also have its own private/public keys and could revoke the "trust" for any individual user. No referral bullshit required.
This whole having to know someone to play only hampers newcomers, not cheaters or evildoers. Perhaps my own ignorance prevents me from understanding why it would be necessary at all if Thyth's solution provides a revokable/deniable method of "trust" from invidual users (like the WON ID has always provided).
So we're going from a working solution that requires nothing more than a download and an ingame key pair generation with a central server to something like a private torrent tracker where a new user has to find and wait for a referral from someone cool enough to already be a "member" of the "trusted" user base?
And implementing this ridiculous scheme will delay the liberation of T2 by another few weeks?
Come the fuck on, guys.
This whole having to know someone to play only hampers newcomers, not cheaters or evildoers. Perhaps my own ignorance prevents me from understanding why it would be necessary at all if Thyth's solution provides a revokable/deniable method of "trust" from invidual users (like the WON ID has always provided).
I know nothing about programing or implementation of what your describing. I'm just a recent admin in a busy server. If the idiots have knocked off the BS during this transition to a new system I'd have agreed with you. But the determination of these asses to "remain" in the server and disrupt all those that just want to play the game without filth in the chathud and use of exploits in game demand we ask for whatever constraints can be provided.
I want the new T2 patch just like everyone that has come here since word got out someone was trying to fix the damn game. But the loophole of new accounts every week or as many as can be generated with an IP change is something that will be exploited by those that have ten or more accounts right now! You know it, we all know it! If the idiots would've laid off during this time I would have agreed with you, but they aren't, their more blatant and determined than ever.
Most server providers will lock their servers if something isn't done. Locked servers mean new players can't play at all. So if the T2 patch is delayed, thank the assholes for proving what most decent players already know. Assholes need to be tracked, assholes need constraints. Assholes need punishments, they need kicks and bans to behave, bans that stick!
Perhaps my own ignorance prevents me from understanding why it would be necessary at all if Thyth's solution provides a revokable/deniable method of "trust" from invidual users (like the WON ID has always provided).
WON IDs were artificially scarce since you needed to purchase a copy of the game to acquire a CD key. That is really the only difference.
I maintain GUIDs as part of account certificates in my system, so the traditional mode of GUID banning will continue to work essentially the same way as before. However, that is not terribly effective if someone has generated a few dozen accounts and uses them in sequence to evade bans. I attempt to mitigate this by limiting registrations by IP address, but ultimately, someone sufficiently malicious could generate as many accounts as they need by using a different origin address.
Now, I realize that no solution that I come up with will win universal popularity. I think over 30 pages of discussion and criticism of my plan has proved that rather enthusiastically.
Ideally, the people picked at the root and top-level will be diligent in fulfilling requests for accounts. Assuming a reasonable level of diligence, as part of registering for the TribesNext forum, and downloading the patch, a user can poke someone else for an account request and likely have it fulfilled in a matter of hours.
I'm perfectly willing to listen to alternative options for account fulfillment while still making it unattractive to bulk generate dozens of accounts. Exchanges of currency is potentially dubious from a legal perspective, so I think "buying" an account is untenable (and I bet it would be unpopular), even if it would be effective.
I should also mention that the way the authentication system is implemented, it is effectively impossible to delete an account after it has been created.
Sounds to me like your referral system spans multiple servers. Something tells me that the Rebels guys would strongly object to sharing any part of this referral system with Slap Happy and Last Gasp.
Though really, I won't be implementing any part of the referral system on any of my servers. Everyone will be allowed to play without need of any referral. I've had to deal with certain other "griefers" in the past. One of them in particular had determination that, I can assure you, surpassed that of the Rebels "griefers" ten-fold. The thing is, I had the ability to stop them in the best way possible... fix the exploits.
Oh yeah, and my system for cross-referencing IPs and GUIDs helped, and it will continue to do so.
But seriously Thyth, we both know you don't need to do this. This whole system can be implemented game-server-side with a few scripts. There's really no need for you to push back the entire authentication server just because one server host is too inept to implement any solution without someone doing it for him.
But seriously Thyth, we both know you don't need to do this. This whole system can be implemented game-server-side with a few scripts. There's really no need for you to push back the entire authentication server...
<Thyth> I'd rather just get the project online, and add things as necessary.
<Turkeh> from the reactions of others, I'd say a closer release date will keep more people happy. If WarLovR migrates to VSF because you don't make him happy...so be it.
<Thyth> Personally, I'm getting to the point where I don't really care.
After careful consideration and discussion, similar sentiment seems to be the consensus of the people on the IRC channel. Additional measures to control bulk account creation can be implemented in the future, and quite easily by people who are not me.
I have been working on this project long enough, and as this is purely a volunteer effort I'd rather get it operational and move on. I have far more lucrative business opportunities that I would rather be engaged in at this point. You people aren't paying me nearly enough for a perfect system.
I keep the weekly IP throttle, and 5 account per IP limit, as discussed earlier. In the event IP correlation needs to be done on a more advanced level, that information can be extracted from the auth server tables. I still think the heuristic fingerprinting analyzers that I described earlier are viable for dealing with the most extreme cases. But, that is not really in the purview of the authentication server.
I see my role in this diminishing after authentication, listing, and community features (chat, t-mail, browser, clans) are operational. Naturally, I'll still maintain the authentication server, and implement bug fixes to things like the client side code modifications, but nothing more on this large of a scale for this game. In the event I decide to leave completely, I will transfer the relevant information, including the complete source code and user databases to someone who can maintain it.
In any case, the next couple of weeks are busy with the typical end of semester concentration of project due dates and final exams. I haven't made any progress on the remaining component (network link to authentication server), and I doubt I'll find much time to do so in the next couple of weeks.
I'll keep posting updates in this thread, as usual.
Sorry about the length of the following post, but much of it is Kryands own words, which help explain exactly why we have become so concerned about security measures involved in setting up an authentication system.
There's really no need for you to push back the entire authentication server just because one server host is too inept to implement any solution without someone doing it for him.
WTF? I never presumed to be a coder. But I run a damn fine server, which you are totally incapable of doing. Apart from that, wouldn't you just love to drive a wedge between construction mod and Rebels!
Unless you play a lot on our servers you have no idea how extreme these characters are. They have sworn to bring down Rebels because "v2 sucks." Nobody wants to play on their servers for obvious reasons, so they've adopted a strategy of coming to our servers and disrupting games.
Yes Kryand, I directed that earlier post at you as well as your three dedicated troublemaker friends. The four of you have ruined more games, raised more hell, and broken more rules on our server than most other T2 misfits combined. But your own words are the most persuasive indictment against you, and you were kind enough to provide them right here in this forum:
The thing you aren't understanding is that noobs like the ones you are describing are not a real part of the community. They contribute nothing to the game's life, only to its death. Their presence in a server does not contribute to the game in any way. Competition is the only thing that matters. The definition of a game being dead is: it no longer supports competition. People who never had a desire to play competitively were never a real part of the core Tribes 2 community to begin with. They contributed absolutely nothing. Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever. [Emphasis added.] The game has been as dead as a doornail since the downfall of Classic. The fall of Classic was caused by V2, as it gave noobs a safe-haven to retreat to that would baby and take care of them when times got too hard... and keep them from ever improving. The Rebels "zoo" took this problem to an even further level. When you really look at it this way (the correct way), you could more or less say that Darkstrand, Projectile, Nevares, and I are the only four players left in this community. The rest of you are just animals (with the exception of coders working to fix it - they actually contribute something) (there are more of us as well, but I bet you get the point).
These are your words, from only three weeks ago: "Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever."
No consequence? Tell that to all the T2 players whose games you and your sidekicks have ruined hour-after-hour, day-after-day during a whole year.
Only once have you logged onto our server with your real warrior name, and the rest of the time you have smurfed and changed your IP faster than a chameleon changes colors. Haha. But you and your ilk have caused T2 players and Rebels admins too much misery over the last year for this to be a laughing matter.
The thing is, I had the ability to stop them in the best way possible... fix the exploits.
You love to repeat this red herring, as if repeating it makes it true. Exploits arent the problem. I don't think there's a server rule that your three dedicated asshat friends haven't broken a hundred, or even a thousand, times. With their unlimited supply of smurfs and IPs, it's been an administrator's nightmare trying to keep them off our server.
You and your troublemaker friends are walking, talking, proof of why restrictions on server access are absolutely necessary.
Hmm, I'm not really sure what I am supposed to argue with here.
A.) Of course you're not a scripter, but no good server host would ever try to run a server without one handy. That's how I got access to all of the servers I've ever helped run.
B.) I don't do as much as you think I do. The others have a lot of fun when they play in your server (which is all they are really doing), but I prefer not to join for any reason. I'm just a nice guy who feels like helping them have fun with some of my server knowledge and scripting ability.
C.) To be fair to the chameleon, it has to focus to change its color; my IP changes on its own.
D.) That one time I joined on my real name was a mis-click.
E.) Every single thing we've ever done on your server can be permanently prevented.
F.) We've already explored the reasons why some servers did better than others multiple times. I suppose it's easier for you to ignore all of the real reasons since you probably don't understand the psychology behind them, plus it would mean that you aren't as amazing a server host as you think you are. I don't really care, it doesn't much matter at this point.
So honestly you're yelling at the wrong guy. I don't really do much. I have my views on your server and your players that allow me to gladly side with the others and help them out. This all started because of actions on your end. My friends just played how they wanted to play (and still followed the rules back then), then your players and admins started getting upset and falsely accusing them of all sorts of BS, and eventually banning them for no rational reason.
Besides, none of this changes the fact that there's no need for Thyth to expend more of his time on this. There are a number of extremely simple ways for you to implement the same thing for your server without needing to waste his time and also the community's time by insisting the authentication server be postponed for this.
Of course you're not a scripter, but no good server host would ever try to run a server without one handy
You helped drive Classic servers into the ground while we turned Rebels into the most popular T2 servers. First you ruin your servers, then you try to ruin ours. At least you're even-handed about it.
There are a number of extremely simple ways for you to implement the same thing for your server without needing to waste his time and also the community's time by insisting the authentication server be postponed for this.
Thanks for the helpful pointers. Can you write us a script to keep yourself and your troublemaking friends from constantly disrupting our server?
You helped drive Classic servers into the ground while we turned Rebels into the most popular T2 servers. First you ruin your servers, then you try to ruin ours. At least you're even-handed about it.
You server isn't even close to one of the "most popular T2 servers". Trying to claim that it is is like the person with #1 on the TWL duel ladder right now trying to claim he's the best dueler ever. You are only where you are because everyone else quit. And they quit because they are people of intellect, who eventually get tired of the same game over and over again and move on. You and your players, on the other hand, are the kind of people who could suit up in heavy, walk to the enemy base, fire 3 mortars and die, over and over 6000 times and never get bored with it. That's not something to be proud of.
Argue with your own post from Nov. 4:
Innocent fun and games!
Damn right. V2 is not T2, and V2 players are not T2 players. Your presence is a detriment to the T2 player base.
Uh-huh, by banning you and and preventing you from coming back.
Cool, let me know how that turns out.
Thanks for the helpful pointers. Can you write us a script to keep yourself and your troublemaking friends from constantly disrupting our server?
Yeah, I could. I actually consider doing it once in a while, too, just for the sake of my great reputation. But every time I read a stupid comment by you guys, the consideration quickly ends.
You server isn't even close to one of the "most popular T2 servers". Trying to claim that it is is like the person with #1 on the TWL duel ladder right now trying to claim he's the best dueler ever. You are only where you are because everyone else quit. And they quit because they are people of intellect, who eventually get tired of the same game over and over again and move on. You and your players, on the other hand, are the kind of people who could suit up in heavy, walk to the enemy base, fire 3 mortars and die, over and over 6000 times and never get bored with it. That's not something to be proud of.
Damn right. V2 is not T2, and V2 players are not T2 players. Your presence is a detriment to the T2 player base.
Thyth,
As you can see by Kyrands posts here, he is against the secure Authentication process for his own agenda and NOT for the benefit of Tribes 2 at all. His comment of V2 not being Tribes 2, V2 Players on being T2 players and that Rebels is not one of the most popular server are flat out plain and simple WRONG.
Notice his comment "You and your players" He and his associates blame the V2 community for the failure of their own "classic" game play servers when in fact they failed for their own reasons. He says Rebels was popular only because everyone else quit, when in fact many simply migrated to V2 game play because they enjoyed it. Regardless of all this I assure you that V2 is Tribes 2 and his only reason for wanting you to release Tribesnext without the authentication tree is so they can keep up their efforts to disrupt the Rebels server without ability to control their efforts. You can see he makes no apologies for doing it this. I humbly ask that you please reconsider implimenting the Authentication tree.
Seems to me no one here is splitting T2 any further with the exception of Kryand.
The Construct and Rebels communities do not seem to hold anything against each other.
Kryand just seems to have some sort of vendetta with WarLovr.
Holy Cow Kryand! 30+ pages of you needling WarLovr and Rebels for running a successful server and your constant elitist yammering? I feel like I'm reading a Linux VS. Windows fanboy thread or watching some poor noob trying to learn Linux by asking a question in a forum and being berated for having the gall to ask a question.
Work with Thyth and everyone else in this community to create a solution or you're only supporting the argument that you don't want a solution and simply wish to create animosity.
Thyth,
I am dying to see this master server implementation! Thanks again for all your hard work and donation of spare time.
Can't remember having spare time myself in university. You must be leet!
I have a question of DRM for your master server. How will you keep it alive if and when your ISP shutsdown, falls over and sinks into the mud or you are hit by a bus and the executor of your will fails to assign the duty of keeping the TribesNext Master server up and running? Are you going to make it distributed and/or mirrors maintained by others? Server admins? Drinking buddies?
I believe I made it clear that Thyth bending over for Rebels is counter-productive for the following reasons: 1) It's only beneficial to one group of players and would set back the whole project for everyone. 2) It is of no urgency, because if Thyth were to do this before or after releasing the first patch, either way wouldn't take any more time than the other. The only difference is that with one way, the authentication server gets released faster. 3) Considering that only one server believes it needs this solution, it would be much faster and simpler if they implemented it on their own with a couple simple scripts.
I believe I made it clear that Thyth bending over for Rebels is counter-productive for the following reasons: 1) It's only beneficial to one group of players and would set back the whole project for everyone. 2) It is of no urgency, because if Thyth were to do this before or after releasing the first patch, either way wouldn't take any more time than the other. The only difference is that with one way, the authentication server gets released faster. 3) Considering that only one server believes it needs this solution, it would be much faster and simpler if they implemented it on their own with a couple simple scripts.
What is with you? How can you come up with an idea that anyone asked Thyth to bend over for anybody? I can ask the man anything I want, if he says no that's his right... but I can ask the man... if you wern't such a jerk I would've asked you, but you're trippin'. Seriously what is your beef 'cause you got issues!
Where as your posts on this very forum are why yours should be disregarded. You don't want the authentication security so that you can continue to harass people as you please.
If you get a pm from - ninjutsushihtzu - with a link on it, don't even put your mouse over the link, just alt-f4 the window. Chap sent me this piece of coding without realizing he had HTML disabled.
The thing you aren't understanding is that noobs like the ones you are describing are not a real part of the community. They contribute nothing to the game's life, only to its death. Their presence in a server does not contribute to the game in any way. Competition is the only thing that matters. The definition of a game being dead is: it no longer supports competition. People who never had a desire to play competitively were never a real part of the core Tribes 2 community to begin with. They contributed absolutely nothing. Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever. [Emphasis added.] The game has been as dead as a doornail since the downfall of Classic. The fall of Classic was caused by V2, as it gave noobs a safe-haven to retreat to that would baby and take care of them when times got too hard... and keep them from ever improving. The Rebels "zoo" took this problem to an even further level. When you really look at it this way (the correct way), you could more or less say that Darkstrand, Projectile, Nevares, and I are the only four players left in this community. The rest of you are just animals (with the exception of coders working to fix it - they actually contribute something) (there are more of us as well, but I bet you get the point).
This post from Nov. 4 is vintage Kryand. He says things like this all the time: "Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever." This all sounds like space opera because it's so surreal to have a deranged griefer like Kryand, who brags about having done so much to try to wreck our server and cause grief for all T2 players, arguing on this thread against helping Rebels do anything to defend ourselves against griefers like him. Kryand is a personification of what's wrong with T2, and he is being taken seriously, as if he were anything but the professional nutjob and hacker that he really is.
Why isn't he banned from this discussion for his Rebels-baiting and his troublemaking activities on our server? I banned him from V2 almost a year for his obscene posts trying to divide Tribes (see for example:
I'm just offering you a solution. A wonderful solution to all your problems. I bet if I went through posts on v2rebellion, or looked through demos from in the server I could find 10-15 former classic players who say "I only play in Rebels because it is the only server that is populated". Think about that, 10-15 people! That's a descent sized game right there. Clearly there is a niche in the market, and one that you could fill. That's what any good business man would do.
Sometimes I feel that you guys think that if someone doesnt share the same opinions as you, then that means that person is wrong. Why is it that if I try to be objective and critical of the Rebels server you give me a response telling me that a good solution for me is to start my own server? Isnt that just telling me to fuck off in a nice way? Whatever it is that you are babbling about is irrelevant since I was talking about the Rebels server in my post. You seem to be thinking that I harbor some form of ill will to the Rebels server, which I don't. I just don't agree with its ethical administration (just some of the time though!). That doesn't correlate to "I hate the Rebels server and hope it burns". :mad:
Thyth,
As you can see by Kyrands posts here, he is against the secure Authentication process for his own agenda and NOT for the benefit of Tribes 2 at all. I humbly ask that you please reconsider implimenting the Authentication tree.
Youre wrong, Digger. The majority of the posters in this thread and in Thyths IRC channel are against the secure Authentication process because frankly, people just want to play T2 at this point. You want everyone to wait longer just to ban 3-4" supposed asshats? Come on, as Kryand pointed out, if you guys can get a hold of a scripter then you wont have any problems fixing all the issues. I can understand what you guys are saying and I do think whats happening in the server right now is a problem. However, I dont feel that this alone should force everyone else who doesnt frequent the Rebels server from playing on the new master server at an earlier time.
Im sure if given the time, you guys can find a scripter that will be willing to assist you with your problems. From what I remember about what WarLovR said in the past, he didnt want to fix some of the key issues because it would force him to get rid of fun scripts. What kind of logic is this? Sometimes sacrifices have to be made for the greater good, and if the griefers really upset you that much, then you should be willing to do whatever it takes to get rid of them. Right?
Do you think that Im an asshole as well? Under this EigenTrust type system will I be able to play in your server? So far it doesnt seem like it unless you want to define what an asshole and an asshat means to you. Dont misunderstand me, Im asking you earnestly because as of late I feel as if you are being hostile towards me. In the thread you ended up banning me from your forums, and I have been banned since November 18th. I gave you two options on how to resolve the issue of CockSprocket and me sharing an IP. I told you that the both of us could meet in your server and have you look at our IPs, I also told you I could get you a list of my IPs from my ISP and send them to you. You havent agreed to either of them and I keep wondering why. I told you before that its impossible for us to have shared an IP and you have what appears to be conflicting evidence on your end, so where is your determination of me having a smurf coming from?
Hypothetically, even if I did have a smurf (trust me I dont) and you were not able to confirm it for whatever reason; Its not like Im a threat to your forum so unless there are some underlying reasons that you dont feel like sharing, I dont see why I am still banned from the forums? Hopefully you can see how due to these recent actions I am unsure as to what your motive is. Do you just want to ban anyone who disagrees with the admins on occasions? If so, will that mindset follow to the server as well? :eek:
So... someone stealing my name a couple years ago means I hacked your forum? My GUID has always been 144888, and during that time period I played as PuppyWear, which basically anyone not in your isolated community can tell you.
PS. The only thing you guys have done in this discussion is whine, whereas I've made many positive posts to help out this effort.
PSS. Thanks for linking the post WarLovr, I forgot about it. That was some pretty epic ownage with which I destroyed all of your arguments, so much so that you felt the need to remove me. I like to think this is what started your train of banning everyone better than you.
The Tween Brain
"Communicating with preteens is tough because they process information differently in their brains," says Dave Walsh, Ph.D., author of Why Do They Act That Way: A Survival Guide to the Adolescent Brain For You and Your Teen. For example, they are prone to misinterpret nonverbal cues and rush in the direction of aggression or anger.
The brain develops from back to front, which means the part of the brain that helps adolescents reason, plan ahead and manage impulses (the prefrontal cortex) is one of the last areas to mature. It doesn't happen until around age 25!
(/plagiarism)
Of course, a kid that's been dropped on his head matures even more slowly.
I humbly ask that you please reconsider implimenting the Authentication tree.
If you want to "humbly" request that I reconsider, feel free to start paying my hourly consulting fee for the time that it will take to implement. I'll "humbly" take that into consideration. This is a volunteer project at this point, and as such the time I am willing to dedicate to it is limited. The referral tree system as described would require at least a man week to implement, and my consulting fee is not cheap.
I have a question of DRM for your master server. How will you keep it alive if and when your ISP shutsdown, falls over and sinks into the mud or you are hit by a bus and the executor of your will fails to assign the duty of keeping the TribesNext Master server up and running? Are you going to make it distributed and/or mirrors maintained by others? Server admins? Drinking buddies?
I'm not hosting the authentication server from my home ISP. In any case, the master server system is designed to degrade gracefully in the event components go offline. Should the authentication server go offline for any reason, people with existing accounts will be unaffected. I'll have source code mirrored in other places, and keep only the 3 master system (authentication, update, delegation) private key halves completely secret. I doubt you'll need to worry about those keys being lost. Authentication databases will be frequently backed up too. As for listing, and the future community integration, you'll need to ask Krash about what sort of backup and contingency planning he has done.
I'm not interested in the obvious politically motivated tensions between communities. I'm interested in getting this project done. If you people want to bicker like little children, I respectfully request that you take it somewhere else.
I'm not gonna play much anymore, but Thyth I appreciate you spending the time to develop an authentication server for the community. Not many people have this kind of dedication.
I posted the server logs showing that Kryand = NinjutsuShihTzu, who bungled an attempt to hack our forums. In his own post, Kryand brags about chasing players off Rebels servers.
Apart from Thyth's selfless efforts, this remains an extremely relevant question: exactly why is the-construct letting Kryand use their forum as a platform to attack Rebels?
If we didn't constantly have to defend ourselves against his attacks on our servers, on our forum, and now on this thread, it would be much easier for all of us to make progress.
Does anyone not understand why hackers should be universally banned throughout the T2 community?
Comments
Anyone will be able to get on our server as long as we have a way to track them and prevent them from returning if they get banned.
I don't doubt you really mean it, but our servers have been the most popular T2 servers for years. Police and I know what makes people join servers. If we host a good server, and players are willing to follow the rules, they won't be afraid to give us identifying data.
Thyth can do whatever he wants, but this is what he said at post 436 (or see my reply, at post 439):
I keep hearing variations of this "take it or leave it" attitude, and it's not helpful for the T2 community. Full servers would be helpful. Thyth has offerred a way for us to prevent access to our server if a player doesn't have a referral from our trusted group, and still use a consolidated authentication/list server.
Sounds good to me.
Yes, that's a fallback solution. The optimal solution might be Thyth's proposed trusted group referral system that would allow us to control access while using a consolidated, community-wide authentication/list server.
At the top of the hierarchy will be a virtual "root" node that exemplifies the highest authority. Server administrators of large and popular servers/mods will request "referrals" from this root. The users with referrals from the root will become the "top-level" references, and they will be responsible for providing references to other server administrators that run smaller servers, and those administrators, in turn, are responsible for providing references to their players. Players, in turn, will be able to provide references to other players, descending into the mundane part of the hierarchy.
I'll provide a reference analysis API which will enable queries to this tree. These queries could include determining if one player is part of a specific subtree (and if they are, how far away from the top of that subtree the player is).
If WarLovR wants to implement a system where a person needs to have a direct reference (i.e. distance = 1) from a set of trusted users, then he would have the flexibility to do so. You'll need to write a couple of dozen lines of script code... but I'm sure you can manage that, or find someone to do it for you.
If someone wants to be more open, they could implement a system where bans propagate down a tree after the majority of that subtree is known to be "bad". The exact criteria for "majority", and how far down the subtree that ban goes will be up to the individual administrators.
I'll probably include a base example case that bans a subtree if you end up banning over X% of a subtree. There will be a web interface for managing referral requests, and to view the tree itself.
This will add a few weeks of implementation and testing time, so launch can be expected in mid-December if I take this approach.
In my opinion, this solution could offer us the best of both worlds: maximum flexibility for individual server hosts while facilitating community cohesion through a consolidated authentication/list server.
Even though T2 lovers have been miserable these last few weeks, what are three more piddly weeks of hell, in exchange for a chance to spend eternity in paradise?
Excellent, thank you again for your efforts. I'm sure the wait will be more than worth it.
And implementing this ridiculous scheme will delay the liberation of T2 by another few weeks?
Come the fuck on, guys.
I'm not a programmer, first and foremost, but I had my own ideas for replacing the WON stuff a long time ago and it involved a solution similar to the way WASTE did things. Users would generate their own private and public keys, and then upload their public key to a central location, be it a "master" database for servers to authenticate from, or directly to the server itself. The server would also have its own private/public keys and could revoke the "trust" for any individual user. No referral bullshit required.
This whole having to know someone to play only hampers newcomers, not cheaters or evildoers. Perhaps my own ignorance prevents me from understanding why it would be necessary at all if Thyth's solution provides a revokable/deniable method of "trust" from invidual users (like the WON ID has always provided).
I know nothing about programing or implementation of what your describing. I'm just a recent admin in a busy server. If the idiots have knocked off the BS during this transition to a new system I'd have agreed with you. But the determination of these asses to "remain" in the server and disrupt all those that just want to play the game without filth in the chathud and use of exploits in game demand we ask for whatever constraints can be provided.
I want the new T2 patch just like everyone that has come here since word got out someone was trying to fix the damn game. But the loophole of new accounts every week or as many as can be generated with an IP change is something that will be exploited by those that have ten or more accounts right now! You know it, we all know it! If the idiots would've laid off during this time I would have agreed with you, but they aren't, their more blatant and determined than ever.
Most server providers will lock their servers if something isn't done. Locked servers mean new players can't play at all. So if the T2 patch is delayed, thank the assholes for proving what most decent players already know. Assholes need to be tracked, assholes need constraints. Assholes need punishments, they need kicks and bans to behave, bans that stick!
I maintain GUIDs as part of account certificates in my system, so the traditional mode of GUID banning will continue to work essentially the same way as before. However, that is not terribly effective if someone has generated a few dozen accounts and uses them in sequence to evade bans. I attempt to mitigate this by limiting registrations by IP address, but ultimately, someone sufficiently malicious could generate as many accounts as they need by using a different origin address.
Now, I realize that no solution that I come up with will win universal popularity. I think over 30 pages of discussion and criticism of my plan has proved that rather enthusiastically.
Ideally, the people picked at the root and top-level will be diligent in fulfilling requests for accounts. Assuming a reasonable level of diligence, as part of registering for the TribesNext forum, and downloading the patch, a user can poke someone else for an account request and likely have it fulfilled in a matter of hours.
I'm perfectly willing to listen to alternative options for account fulfillment while still making it unattractive to bulk generate dozens of accounts. Exchanges of currency is potentially dubious from a legal perspective, so I think "buying" an account is untenable (and I bet it would be unpopular), even if it would be effective.
I should also mention that the way the authentication system is implemented, it is effectively impossible to delete an account after it has been created.
Though really, I won't be implementing any part of the referral system on any of my servers. Everyone will be allowed to play without need of any referral. I've had to deal with certain other "griefers" in the past. One of them in particular had determination that, I can assure you, surpassed that of the Rebels "griefers" ten-fold. The thing is, I had the ability to stop them in the best way possible... fix the exploits.
Oh yeah, and my system for cross-referencing IPs and GUIDs helped, and it will continue to do so.
But seriously Thyth, we both know you don't need to do this. This whole system can be implemented game-server-side with a few scripts. There's really no need for you to push back the entire authentication server just because one server host is too inept to implement any solution without someone doing it for him.
I have been working on this project long enough, and as this is purely a volunteer effort I'd rather get it operational and move on. I have far more lucrative business opportunities that I would rather be engaged in at this point. You people aren't paying me nearly enough for a perfect system.
I keep the weekly IP throttle, and 5 account per IP limit, as discussed earlier. In the event IP correlation needs to be done on a more advanced level, that information can be extracted from the auth server tables. I still think the heuristic fingerprinting analyzers that I described earlier are viable for dealing with the most extreme cases. But, that is not really in the purview of the authentication server.
I see my role in this diminishing after authentication, listing, and community features (chat, t-mail, browser, clans) are operational. Naturally, I'll still maintain the authentication server, and implement bug fixes to things like the client side code modifications, but nothing more on this large of a scale for this game. In the event I decide to leave completely, I will transfer the relevant information, including the complete source code and user databases to someone who can maintain it.
In any case, the next couple of weeks are busy with the typical end of semester concentration of project due dates and final exams. I haven't made any progress on the remaining component (network link to authentication server), and I doubt I'll find much time to do so in the next couple of weeks.
I'll keep posting updates in this thread, as usual.
WTF? I never presumed to be a coder. But I run a damn fine server, which you are totally incapable of doing. Apart from that, wouldn't you just love to drive a wedge between construction mod and Rebels!
post 448, http://www.the-construct.net/forums/showthread.php?t=818&page=30&pp=15
Yes Kryand, I directed that earlier post at you as well as your three dedicated troublemaker friends. The four of you have ruined more games, raised more hell, and broken more rules on our server than most other T2 misfits combined. But your own words are the most persuasive indictment against you, and you were kind enough to provide them right here in this forum:
post 24, 24 - 11-04-2008, 07:57 AM, from "Boom went the master server." http://www.the-construct.net/forums/showthread.php?t=854&page=2&pp=15
These are your words, from only three weeks ago: "Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever."
No consequence? Tell that to all the T2 players whose games you and your sidekicks have ruined hour-after-hour, day-after-day during a whole year.
Only once have you logged onto our server with your real warrior name, and the rest of the time you have smurfed and changed your IP faster than a chameleon changes colors. Haha. But you and your ilk have caused T2 players and Rebels admins too much misery over the last year for this to be a laughing matter.
You love to repeat this red herring, as if repeating it makes it true. Exploits arent the problem. I don't think there's a server rule that your three dedicated asshat friends haven't broken a hundred, or even a thousand, times. With their unlimited supply of smurfs and IPs, it's been an administrator's nightmare trying to keep them off our server.
You and your troublemaker friends are walking, talking, proof of why restrictions on server access are absolutely necessary.
A.) Of course you're not a scripter, but no good server host would ever try to run a server without one handy. That's how I got access to all of the servers I've ever helped run.
B.) I don't do as much as you think I do. The others have a lot of fun when they play in your server (which is all they are really doing), but I prefer not to join for any reason. I'm just a nice guy who feels like helping them have fun with some of my server knowledge and scripting ability.
C.) To be fair to the chameleon, it has to focus to change its color; my IP changes on its own.
D.) That one time I joined on my real name was a mis-click.
E.) Every single thing we've ever done on your server can be permanently prevented.
F.) We've already explored the reasons why some servers did better than others multiple times. I suppose it's easier for you to ignore all of the real reasons since you probably don't understand the psychology behind them, plus it would mean that you aren't as amazing a server host as you think you are. I don't really care, it doesn't much matter at this point.
So honestly you're yelling at the wrong guy. I don't really do much. I have my views on your server and your players that allow me to gladly side with the others and help them out. This all started because of actions on your end. My friends just played how they wanted to play (and still followed the rules back then), then your players and admins started getting upset and falsely accusing them of all sorts of BS, and eventually banning them for no rational reason.
Besides, none of this changes the fact that there's no need for Thyth to expend more of his time on this. There are a number of extremely simple ways for you to implement the same thing for your server without needing to waste his time and also the community's time by insisting the authentication server be postponed for this.
You helped drive Classic servers into the ground while we turned Rebels into the most popular T2 servers. First you ruin your servers, then you try to ruin ours. At least you're even-handed about it.
Argue with your own post from Nov. 4:
Innocent fun and games!
Uh-huh, by banning you and and preventing you from coming back.
Thanks for the helpful pointers. Can you write us a script to keep yourself and your troublemaking friends from constantly disrupting our server?
Damn right. V2 is not T2, and V2 players are not T2 players. Your presence is a detriment to the T2 player base.
Cool, let me know how that turns out.
Yeah, I could. I actually consider doing it once in a while, too, just for the sake of my great reputation. But every time I read a stupid comment by you guys, the consideration quickly ends.
PS. This belongs in the space opera thread.
Thyth,
As you can see by Kyrands posts here, he is against the secure Authentication process for his own agenda and NOT for the benefit of Tribes 2 at all. His comment of V2 not being Tribes 2, V2 Players on being T2 players and that Rebels is not one of the most popular server are flat out plain and simple WRONG.
Notice his comment "You and your players" He and his associates blame the V2 community for the failure of their own "classic" game play servers when in fact they failed for their own reasons. He says Rebels was popular only because everyone else quit, when in fact many simply migrated to V2 game play because they enjoyed it. Regardless of all this I assure you that V2 is Tribes 2 and his only reason for wanting you to release Tribesnext without the authentication tree is so they can keep up their efforts to disrupt the Rebels server without ability to control their efforts. You can see he makes no apologies for doing it this. I humbly ask that you please reconsider implimenting the Authentication tree.
The Construct and Rebels communities do not seem to hold anything against each other.
Kryand just seems to have some sort of vendetta with WarLovr.
Holy Cow Kryand! 30+ pages of you needling WarLovr and Rebels for running a successful server and your constant elitist yammering? I feel like I'm reading a Linux VS. Windows fanboy thread or watching some poor noob trying to learn Linux by asking a question in a forum and being berated for having the gall to ask a question.
Work with Thyth and everyone else in this community to create a solution or you're only supporting the argument that you don't want a solution and simply wish to create animosity.
Can we get back to the damn thread now please?!
I am dying to see this master server implementation! Thanks again for all your hard work and donation of spare time.
Can't remember having spare time myself in university. You must be leet!
I have a question of DRM for your master server. How will you keep it alive if and when your ISP shutsdown, falls over and sinks into the mud or you are hit by a bus and the executor of your will fails to assign the duty of keeping the TribesNext Master server up and running? Are you going to make it distributed and/or mirrors maintained by others? Server admins? Drinking buddies?
http://www.teamwarfare.com/forums/showthread.asp?forumid=4&threadid=394022
I believe I made it clear that Thyth bending over for Rebels is counter-productive for the following reasons: 1) It's only beneficial to one group of players and would set back the whole project for everyone. 2) It is of no urgency, because if Thyth were to do this before or after releasing the first patch, either way wouldn't take any more time than the other. The only difference is that with one way, the authentication server gets released faster. 3) Considering that only one server believes it needs this solution, it would be much faster and simpler if they implemented it on their own with a couple simple scripts.
What is with you? How can you come up with an idea that anyone asked Thyth to bend over for anybody? I can ask the man anything I want, if he says no that's his right... but I can ask the man... if you wern't such a jerk I would've asked you, but you're trippin'. Seriously what is your beef 'cause you got issues!
Where as your posts on this very forum are why yours should be disregarded. You don't want the authentication security so that you can continue to harass people as you please.
2007/12/18 22:32:38,NAME:Kryand,REALNAME:Kryand,GUID:1239902,IP:IP:70.240.217.115:3562,CLAN:,
2007/12/18
and
2008/08/21 15:17:09,NAME:NinjutsuShihTzu,REALNAME:NinjutsuShihTzu,GUID:1239902,IP:IP:70.240.224.98:3304,CLAN:,
Now look at this post by Police on v2rebellion at http://www.v2rebellion.com/forum/viewtopic.php?t=1436:
Police
This should get Kryand banned from all T2 forums and servers immediately!
I'm very busy this morning, but I'll have more to say about this later!
post 24, 24 - 11-04-2008, 07:57 AM, from "Boom went the master server." http://www.the-construct.net/forums...54&page=2&pp=15
This post from Nov. 4 is vintage Kryand. He says things like this all the time: "Likewise, us coming into Rebels and chasing them away is of no consequence what-so-ever." This all sounds like space opera because it's so surreal to have a deranged griefer like Kryand, who brags about having done so much to try to wreck our server and cause grief for all T2 players, arguing on this thread against helping Rebels do anything to defend ourselves against griefers like him. Kryand is a personification of what's wrong with T2, and he is being taken seriously, as if he were anything but the professional nutjob and hacker that he really is.
Why isn't he banned from this discussion for his Rebels-baiting and his troublemaking activities on our server? I banned him from V2 almost a year for his obscene posts trying to divide Tribes (see for example:
http://www.v2rebellion.com/forum/viewtopic.php?t=1147&postdays=0&postorder=asc&start=75), now he returns to the attack in the very thread that will determine the future of T2, the game he has tried so hard to destroy?
Sorry, I'm in a big hurry, I'll edit this post later.
Im sure if given the time, you guys can find a scripter that will be willing to assist you with your problems. From what I remember about what WarLovR said in the past, he didnt want to fix some of the key issues because it would force him to get rid of fun scripts. What kind of logic is this? Sometimes sacrifices have to be made for the greater good, and if the griefers really upset you that much, then you should be willing to do whatever it takes to get rid of them. Right?
Also to WarLovR, Ill link you back to this thread where you accused me and another poster of sharing the same IP: http://v2rebellion.com/forum/viewtopic.php?t=1494&start=165
Do you think that Im an asshole as well? Under this EigenTrust type system will I be able to play in your server? So far it doesnt seem like it unless you want to define what an asshole and an asshat means to you. Dont misunderstand me, Im asking you earnestly because as of late I feel as if you are being hostile towards me. In the thread you ended up banning me from your forums, and I have been banned since November 18th. I gave you two options on how to resolve the issue of CockSprocket and me sharing an IP. I told you that the both of us could meet in your server and have you look at our IPs, I also told you I could get you a list of my IPs from my ISP and send them to you. You havent agreed to either of them and I keep wondering why. I told you before that its impossible for us to have shared an IP and you have what appears to be conflicting evidence on your end, so where is your determination of me having a smurf coming from?
Hypothetically, even if I did have a smurf (trust me I dont) and you were not able to confirm it for whatever reason; Its not like Im a threat to your forum so unless there are some underlying reasons that you dont feel like sharing, I dont see why I am still banned from the forums? Hopefully you can see how due to these recent actions I am unsure as to what your motive is. Do you just want to ban anyone who disagrees with the admins on occasions? If so, will that mindset follow to the server as well? :eek:
PS. The only thing you guys have done in this discussion is whine, whereas I've made many positive posts to help out this effort.
PSS.
How to Talk to Your Tween
Learn when and how to approach your prickly preteen.
The Tween Brain
"Communicating with preteens is tough because they process information differently in their brains," says Dave Walsh, Ph.D., author of Why Do They Act That Way: A Survival Guide to the Adolescent Brain For You and Your Teen. For example, they are prone to misinterpret nonverbal cues and rush in the direction of aggression or anger.
The brain develops from back to front, which means the part of the brain that helps adolescents reason, plan ahead and manage impulses (the prefrontal cortex) is one of the last areas to mature. It doesn't happen until around age 25!
(/plagiarism)
Of course, a kid that's been dropped on his head matures even more slowly.
Hey! What was the topic of this thread??
If you want to "humbly" request that I reconsider, feel free to start paying my hourly consulting fee for the time that it will take to implement. I'll "humbly" take that into consideration. This is a volunteer project at this point, and as such the time I am willing to dedicate to it is limited. The referral tree system as described would require at least a man week to implement, and my consulting fee is not cheap.
I'm not hosting the authentication server from my home ISP. In any case, the master server system is designed to degrade gracefully in the event components go offline. Should the authentication server go offline for any reason, people with existing accounts will be unaffected. I'll have source code mirrored in other places, and keep only the 3 master system (authentication, update, delegation) private key halves completely secret. I doubt you'll need to worry about those keys being lost. Authentication databases will be frequently backed up too. As for listing, and the future community integration, you'll need to ask Krash about what sort of backup and contingency planning he has done.
I'm not interested in the obvious politically motivated tensions between communities. I'm interested in getting this project done. If you people want to bicker like little children, I respectfully request that you take it somewhere else.
Apart from Thyth's selfless efforts, this remains an extremely relevant question: exactly why is the-construct letting Kryand use their forum as a platform to attack Rebels?
If we didn't constantly have to defend ourselves against his attacks on our servers, on our forum, and now on this thread, it would be much easier for all of us to make progress.
Does anyone not understand why hackers should be universally banned throughout the T2 community?