Hats off to the coders who have been working hard to save T2, and maybe I'm reading too much into a comment Thyth posted about injecting anticheat code similar to DT into a community authentication server.
Thyth, if I read your post correctly, you are adopting policy decisions that rightly correspond exclusively to individual server hosts. I know of no way to block HM2 without blocking other third party scripts. If someone has found a way, please fill me in. But dealing with cheaters is a problem that has always, correctly, been addressed at the individual server level.
HM2 relies on a very specific memory address layout of the game because it injects code into the game's memory space. For one reason or another, the addition of a new section into the Tribes 2 executable was sufficient to break HM2's code injection routines.
I'm not injecting any specific anti-cheat code, though it has been discussed as a possibility for the future. The HM2 crash on load is purely accidental.
Unless your 3rd party benign scripts perform changes to the game memory layout and inject code into the memory space (which isn't possible from Torque Script), they won't be affected. I know Defense Turret had a long list of modifications designed to curtail scripts that could be used as cheats, but obviously, there are none of those.
I would never presume to make decisions like that about how game servers are run. Any anti-cheat that I include in the future of this project will be strictly opt-in on the server side.
I would never presume to make decisions like that about how game servers are run. Any anti-cheat that I include in the future of this project will be strictly opt-in on the server side.
I appreciate your response to may last post and the mildly calmer demeanor. Never the less, if I may point out... I did not spot your previous description in stating the lack of SSL support in Tribes2 in other posts. Then you said the same thing to me in the very same post, but this time in CAPs. I think your second smack in the same post using caps was a bit of over kill since I could not have changed my response while you were typing yours. You could have said it once or twice but to say it twice in the same response, in caps the second time, was a bit of overkill. As for the subject matter
Read through the next few sentences before you judge... It was not needed to continue stammering on about an alpha diagram that I put together in 10 minutes as an idea, not a fully fledged, long term researched functional specification. And so after what you said in other posts Ive credited your capabilities with the client / encryption knowledge, you are saying you are the man in encryption and I will take that at face value. Beyond that, it seems that based on what you said, opening tcp sockets is the best way for a game to speak to a replacement master server and also for a game server to speak to the same replacement master server (as opposed to the seemingly non-functioning HTTPObject and no XML functionality). Is this correct? I understand that the argument of big and little endean numbers is important when it comes to hacking dlls but this is not my question (NOTE: I should say that it may be considered calling these new servers something like search servers, or some other name that is legally easier to use than Master servers since they do not do the same thing, but I suspect we are already drawing the ire of certain companies at this point).
On to the topic of dll packing I recognize that this is a solid aspect of your skill set. As is Ruby development. Clearly, adding payload to compiled code is used for anything from patching to loading viruses. But I dont think its a good idea here. If your skills allow you to perform T2-only scripting, to produce .CS files, this may be best. The reason (although related to the last paragraph here) is about getting a C & D from V. These activities with their IP is possibly allowing the company more legal maneuvering against you or Construct, which Im recommending avoiding. I recognize there will be some laws, presidents, etc that people here can bring up here that will go against what I am saying but allow me to point out this HM was a cheat and no-one accountable to V was taking credit for that (although its method was live injection, but same thing). DT was supposed to counter HM and is not likely to raise the irritation of V. But what is taking place here is the IP equivalent of stealing someones car, putting it on your own lot, changing the color and selling it as yours. All of the legal reasoning in the world still comes up against legalities of the other side and it then can only be decided in a court if they decide to push it... trust me, if you say one law, they will find another at very minimum your work has the potential of being for nothing... a waste if they do get involved. And then for you openly state that you will hack anyone who will not use your system crosses easily into Secret Service territory. This is why I am countering your Ruby/injection idea and this is why I am saying that anything written in T2 Script that talks to a system that someone does not mind giving to them if required, may be safer and may not raise the browse of V maybe. And for all those out there who have snided my comments, I'm not trying to stop T, I'm reccomending safty at least, although I used to think the comnination of two or more communities would promote teamwork, it's clear that may not be the case. Back to the point... anything made for T2 becomes theirs under the ULA again, laws and counter laws... and if anything that is directly part of their game is T2 only a script, versus a foreign compiled code that can inject and script, you may be safer, thus you may not take down the whole community id V goes after people that are unrelated. I think someone coming along who does not want to run your current SieraUp.exe injected exe's (won't these exe's and dll's possibly look tampered with, thus raising flags by norton and others, making people think you put trojens in their pc's? I know it does not happen all of the time, but if the signature is close enough...). We all know V said, go ahead and play but dont get too big that is the only reason the masters are running as I said they would. So in an effort not to look too big, it may be that this system may have to have a few access points (in different communities) so (sadly) perhaps not all game servers should be seen from one place, but a few places. But I think that in review, stealing their IP (see below) is the surest way to get reviewed.
Finally, could you remove my server from the automated spammer cycling through games and promoting TribesNext.com. I am aware I can change ip's or posts, and that your spam bot may well use the list (seems to me another good way to get smacked... using their list to steal their IP). But, first, it is spam and traceable, second if it is spoofed you are on record as saying that you would do it, and then threatening people with hacking their servers for not using your new login system, and although I am sure that was not your intent on some level, you did say it, and I am sure big-brother is screen shotting this thread. I think it may be found that using automated script bots to spam people may guarantee, for some people, that they will not want to take part in this system, and at worst, I am recommending the possibility that doing this may be seen as representing the total takeover of a copywriten game (as mentioned above). Word of mouth is going to go a long way toward getting new players in, and descpite what some people will say, without noobs, this game will die, fully. And worse than that, spamming people may get a noob calling V asking for help, raising red flags. Imagine this conversation hi V support, I downloaded your keen free game from your new site, but I cant get xyz working umm, what free game from where (whaa wha whaa whaa whaa whaa) oh really? hang on a second lemme have that info again please, and someone will get back to you ... that could, at minimum, result in some wasted efforts. At worst it could go much further... I'm sure you can think of a few of the laws. Google will probably be most peoples option for finding this game and we all know V is saying "play but don't get too large"... I don't want to see the community risk breaking an unknown glass ceiling. They have obviously left something running for masters (I was told by an Activision manager it may happen... about 4 months ago... "but don't get too big"), so I dont think this is an accident. Its probably supposed to hinder this kind of operation but it also gives communities more time to plan better now.
Everyone appreciates your effort to move fast, almost super human, in the face of impending doom.
If your skills allow you to perform T2-only scripting, to produce .CS files, this may be best
T-Script is not that powerful, thus exclusively using it to provide an authentication system would not be secure and you would have people exploiting the system pretty quickly.
Finally, could you remove my server from the automated spammer cycling through games and promoting TribesNext.com
The bot is not so much spam as it is an attempt to ensure everybody in the community knows of the impending shutdown and a solution to it. If you're so peeved, make your own that advertises your solution or ban the bot from your server.
Activision/Vivendi/Whomever will doubtful come after anybody turning Tribes2 into a "community edition". Tribes1 has their own set of master servers, and nothing has been done to them.
Imagine this conversation… …“hi V support, I downloaded your keen free game from your new site, but I can’t get xyz working…”… “umm, what free game from where… (whaa wha whaa whaa whaa whaa) oh really? … hang on a second… lemme have that info again please, and someone will get back to you…”
Said conversation would more likely turn into "We no longer support that title, thanks for being a loyal customer! *click*"
And, your posts are uselessly long. Touch on a point, and move on. I'm sick of reading your walls of text that repeat the same thing.
Honestly now, just let people do what they do; If the system works people will use it, I'm sick of reading this pissing match between you when there is something bigger than the two of you combined.
Turkeh, you do have the ability to skip my posts. But I appreciate your responses. As opposed to what may be thought, I'm not trying to make anyone stop from helping the community, I am asking questions and exposing POSSIBLE problems. And I am not accusing anyone of BEING a hacker or one who engages in illegal activities I am attempting to point out what may make people think before they write, or if person does something malicious, warning potential followers of the pitfalls. And if you recall, I am neither using foul language nor asking anyone to leave because I dont like their thoughts.
On the first part of your words, I was hoping that a good enough system could be made. The average person is not going to care if there is a better way to do it , but only a malicious individual with act in the purpose of breaking that of someone elses system designed to help the community use my system or I will break yours is not a convincing argument and there are many people who reading this who do not respond (Dick Nixons Silent Majority) and I am trying to help, not hurt. In many ways we are not so different we are both challenging people to come up with a better idea based on the circumstances. The difference comes in that I am write and post questions to help, before anyone expends effort in a possibility that may get us shut down harsher others say they will break with is not theirs.
Now, although I have not redrawn any diagrams or documents yet, I am considering some thoughts that take into account how a T2script/modular authentication system can be designed for legal precautions. With more time now, I can envision systems that could work. And is this not how things are done under the ongoing system? I am asking without malice, are you saying it cannot be done any other way than one programmers vision because you can prove it? Or because someone you appreciate has said it? Because I am saying, V does it now.
On to the next parts... I dont care what you call certain efforts we have discussed, it is hacking by definition, at minimum, when an automated system is used or circumvented in opposition to the developer or companies intent. The act of a bot logging into my server and others, posing Tribesnext.com as officially company sanctioned, and logging out is unwanted after I ask it to be stopped. At that point it legally becomes a form of UCE (maybe better labeled in this case Unwanted Noncommercial Information, UNCI? Hmmm .) But the fact it is a bot or other automated system that I simply asked not to be a part of, it falls under the realm of laws that cover anything from UCE to Unwanted Calls.
As for T1, I don't believe it was owned by any of the same companies, and I do believe it was given to the community. Unless proven wrong, that is my belief as described by others and I would ask others to prove me wrong since I am not going to take the time to prove myself right... time and money.
I recognize that people are angry because I challenged the guy everyone likes, that I write long posts many times and I seem to be playing devils advocate, but would you rather no one do this and the companies involved have significant ammunition versus looking at a system that falls under the MOD rules? I am proposing MOD rules. In fact, it could be made that a GAME is a list server then that becomes all MOD. Easy, certainly not, achievable, yes.
VSF, there is nothing even remotely illegal about what either of us said we would do with yours or anyone else's system. In the one (major) security flaw that Thyth already addressed, all we are doing on the basic level is saving some pieces of information sent to our computer, then passing them on to another computer later. Furthermore, absolutely no damage, monetary or otherwise, would be incurred from this. If anyone legal action were taken, it would be laughed out of court.
PS. Your posts aren't annoying because they are long; they are annoying because you're a terrible writer.
I follow you... am trying to error on caution. I agree with some of what your saying, other parts, soso. I just know they have lawyers galor sitting at the ready on staff. I know from experience and being and expert witess or counter expert witness that lawyers can spin solid law and break through anything they can. People can also grease other people's palms. You can be correct all day long and still find yourself failroaded at the end of the day wondiering "WTF man?!?". At the end of the day this is a game loved by gamers who are not going to sink allot of money into court cases if they happened.
In addition, I am arguing on your turf, trying to make a case to a very type-A, popular person who loves Ruby. If you felt you were right and wanted to protect the game useage, you have to expose thick skin (no foul puns from the penut gallery please).
I agree I did allot of repetition especialy in that last post. My appoligies to all. You know how it goes when you have something written long, then edit some of it, end up leaving similar information in mutiple places. One thing I do is write SharePoint / C# articles and those are tripple checked as money is involved. It may explain why it's easy for me to write allot without even knowing it.
I would not be putting up with this much crud and so much effort if my goals were not pure to the game.
I'm not trying to make anyone stop from helping the community, I am asking questions and exposing POSSIBLE problems.
Hardly, your continued dragging up of "legalities" in regards to Thyth's solution, while valid in the beginning, constitutes more of a fear mongering attitude. Simply: "Your solution might break some laws..."
"No, it's covered by these exceptions, as pointed out here..."
"Your solution might break these (same) laws..."
I am asking without malice, are you saying it cannot be done any other way than one programmers vision because you can prove it? Or because someone you appreciate has said it? Because I am saying, V does it now.
I am saying that adding a secure encryption scheme to the game will require something other than T-Script. All authentication done in-game is handled in the executable itself, not T-Script. I'm sure somebody else could develop another security-minded solution, however it would likely be very similar to Thyth's.
The act of a bot logging into my server and others, posing Tribesnext.com as officially company sanctioned, and logging out is unwanted after I ask it to be stopped.
I've already suggested a solution for your server, ban the bot. I'm sure your server has connection logs. Find the bot GUID and ban it for 100 years...
As for T1, I don't believe it was owned by any of the same companies, and I do believe it was given to the community.
Sierra/Dynamix (aka the same people that brought you Tribes 2) developed Tribes1! And how is that different from the current situation? The Tribes2 installer is freely available throughout the web.
I would not be putting up with this much crud and so much effort if my goals were not pure to the game.
I question not your motives, but rather your experience in security related matters, and a rather obvious flaw in your design.
I would prefer if you didn't question my motives either. I've read your impassioned monologue on your forum which makes me look like some evil person out to destroy T2 because I pointed out serious flaws in your implementation.
Would I try to break any authentication system? Of course I would. I encourage people to try to do the same to mine. I'm confident that my design will stand up to attacks, and that nobody will be able to impersonate another player, short of stealing their password. I'm confident that your design won't stand up to an elementary credential replay attack. I explained it in non-technical terms, and perhaps that will give you an idea as to why what you suggest is absurdly broken.
2008/11/02 XX:16.40 {NOS}Electricutioner: It doesn't take much of a genius to see it is a real problem.
2008/11/02 XX:17.03 {NOS}Electricutioner: Let me explain it in non-technical terms so you can grasp the absurdity...
2008/11/02 XX:17.10 }^PapaBear^{=pirate: well heres one for you. if it was seen as a issue. and he was genuinly on the "team" in his perspective he woulda adress
2008/11/02 XX:17.15 }^PapaBear^{=pirate: adressed the issue.
2008/11/02 XX:17.17 {NOS}Electricutioner: Lets say there is a trusted figure, Trent.
2008/11/02 XX:17.30 {NOS}Electricutioner: Alice wants to prove to Bob that she is Alice.
2008/11/02 XX:17.47 {NOS}Electricutioner: Alice goes to Trent and asks Trent to write on a piece of paper that "This person is Alice" and gives it to Alice.
2008/11/02 XX:18.11 {NOS}Electricutioner: Alice goes to Bob and shows him the paper.
2008/11/02 XX:18.35 {NOS}Electricutioner: Bob trusts that Alice got the paper from Trent and treats her like Alice.
2008/11/02 XX:18.42 {NOS}Electricutioner: See any problems yet?
2008/11/02 XX:18.56 {NOS}Insane Turkey: what if we steal that paper!
2008/11/02 XX:18.59 {NOS}Electricutioner: Exactly!
2008/11/02 XX:19.04 {NOS}Electricutioner: What if you steal the paper and make a copy of it?
2008/11/02 XX:19.16 {NOS}Electricutioner: Carol is friends with Bob, and Carol wants Dave to think she is Alice.
2008/11/02 XX:19.32 {NOS}Electricutioner: Bob makes a copy of Alice's paper from Trent and gives the copy to Carol.
2008/11/02 XX:19.53 {NOS}Electricutioner: Carol then gives that paper to Dave. Dave reads the paper and sees that it says "This person is Alice" and treats Carol
2008/11/02 XX:19.55 {NOS}Electricutioner: as Alice.
2008/11/02 XX:20.07 {NOS}Electricutioner: Alice is Dave's boss, so Carol can make Dave do evil things.
2008/11/02 XX:20.15 {NOS}Electricutioner: And THAT is why his system is absurd.
Alice and Carol are players. Bob and Dave are servers. Trent is your authentication server. Yes, I realize you want to implement some sort of time limit on your tokens, but that won't prevent the attack as described.
No sort of symmetric cryptography will help you here, because it isn't designed to do what you want it to do.
Now... imagine you never found out about my project and decided to implement the system as you designed it? It doesn't take a genius to realize "hey, I can make my server store tokens, and use them to be someone else". What do you think would happen then? In a lot of ways, my critique of your system has made you realize that there is a serious problem.
As for legal liability, I have cited the relevant laws, and as I said before, I consulted with a few Juris Doctors -- in the event you are not familiar, a JD is the doctoral level degree in law. I'll reiterate one final time: the DMCA reverse engineering exception puts us in the clear for reverse engineering, reprogramming, and an automated reprogrammer (i.e. patch). Fair use under copyright law permits users of a software program to modify a system to suit there needs as long as they do not distribute derivative works. An automated reprogrammer is not a derivative work. The End User License Agreement cannot take away rights that you have under copyright law, including the right to reverse-engineering for interoperability purposes (as described in DMCA Section 1201f).
In the event Activision/Vivendi/Sierra attempts to go after us for any reason (none of which would hold legal justification), the DMCA cease and desist notices would be sent to the distributor - Krash, who is not under the jurisdiction of that law. There is also prior precedent with the Tribes 1 community master server system.
Activision/Vivendi/Sierra are interested in saving costs, which is why they are shutting down these systems in the first place. I expect they have at least half a dozen servers, consuming somewhere in the area of $600 per year in electricity, and some quantity of bandwidth. But shutting it down, they have indicated that the game is worth less to them than that. They won't hire $100+ per hour lawyers to draft a DMCA cease and desist notice from a game that they don't make any money on. Their intent to shut down those servers constitutes a material statement that they don't value the games that run them anymore, which would prevent them from collecting any damages too.
This isn't my first BBQ, and I know what I'm doing.
Oh and... status update... Krash has made progress on GUIs, I've made progress on listing. We'll be up soon.
Oh and... status update... Krash has made progress on GUIs, I've made progress on listing. We'll be up soon.
Excellent work already Thyth. Can't wait to see the new product.
Don't get disheartened by a little crap from certain others. Looks like the rest of several T2 communities are behind you and everyone else contributing.
Honestly, it's pretty clear VSF isn't going to stop threatening to make his own server unless we all appoint him the new head of Tribes 2. At this point I think the only course of action left is to ignore him entirely and let him preach to his crowd of 9 War2k3 players. Every single other community in the game is on board with this solution. If he wants to turn those 9 people against us, then so be it.
Comments
I'm not injecting any specific anti-cheat code, though it has been discussed as a possibility for the future. The HM2 crash on load is purely accidental.
Unless your 3rd party benign scripts perform changes to the game memory layout and inject code into the memory space (which isn't possible from Torque Script), they won't be affected. I know Defense Turret had a long list of modifications designed to curtail scripts that could be used as cheats, but obviously, there are none of those.
I would never presume to make decisions like that about how game servers are run. Any anti-cheat that I include in the future of this project will be strictly opt-in on the server side.
Done, and much preesh
Mostly a combination of paranoia and territorial imperative on my part.
Bottom line, server hosts should have the final say on what constitutes a "cheat script."
Thyth,
I appreciate your response to may last post and the mildly calmer demeanor. Never the less, if I may point out... I did not spot your previous description in stating the lack of SSL support in Tribes2 in other posts. Then you said the same thing to me in the very same post, but this time in CAPs. I think your second smack in the same post using caps was a bit of over kill since I could not have changed my response while you were typing yours. You could have said it once or twice but to say it twice in the same response, in caps the second time, was a bit of overkill. As for the subject matter
Read through the next few sentences before you judge... It was not needed to continue stammering on about an alpha diagram that I put together in 10 minutes as an idea, not a fully fledged, long term researched functional specification. And so after what you said in other posts Ive credited your capabilities with the client / encryption knowledge, you are saying you are the man in encryption and I will take that at face value. Beyond that, it seems that based on what you said, opening tcp sockets is the best way for a game to speak to a replacement master server and also for a game server to speak to the same replacement master server (as opposed to the seemingly non-functioning HTTPObject and no XML functionality). Is this correct? I understand that the argument of big and little endean numbers is important when it comes to hacking dlls but this is not my question (NOTE: I should say that it may be considered calling these new servers something like search servers, or some other name that is legally easier to use than Master servers since they do not do the same thing, but I suspect we are already drawing the ire of certain companies at this point).
On to the topic of dll packing I recognize that this is a solid aspect of your skill set. As is Ruby development. Clearly, adding payload to compiled code is used for anything from patching to loading viruses. But I dont think its a good idea here. If your skills allow you to perform T2-only scripting, to produce .CS files, this may be best. The reason (although related to the last paragraph here) is about getting a C & D from V. These activities with their IP is possibly allowing the company more legal maneuvering against you or Construct, which Im recommending avoiding. I recognize there will be some laws, presidents, etc that people here can bring up here that will go against what I am saying but allow me to point out this HM was a cheat and no-one accountable to V was taking credit for that (although its method was live injection, but same thing). DT was supposed to counter HM and is not likely to raise the irritation of V. But what is taking place here is the IP equivalent of stealing someones car, putting it on your own lot, changing the color and selling it as yours. All of the legal reasoning in the world still comes up against legalities of the other side and it then can only be decided in a court if they decide to push it... trust me, if you say one law, they will find another at very minimum your work has the potential of being for nothing... a waste if they do get involved. And then for you openly state that you will hack anyone who will not use your system crosses easily into Secret Service territory. This is why I am countering your Ruby/injection idea and this is why I am saying that anything written in T2 Script that talks to a system that someone does not mind giving to them if required, may be safer and may not raise the browse of V maybe. And for all those out there who have snided my comments, I'm not trying to stop T, I'm reccomending safty at least, although I used to think the comnination of two or more communities would promote teamwork, it's clear that may not be the case. Back to the point... anything made for T2 becomes theirs under the ULA again, laws and counter laws... and if anything that is directly part of their game is T2 only a script, versus a foreign compiled code that can inject and script, you may be safer, thus you may not take down the whole community id V goes after people that are unrelated. I think someone coming along who does not want to run your current SieraUp.exe injected exe's (won't these exe's and dll's possibly look tampered with, thus raising flags by norton and others, making people think you put trojens in their pc's? I know it does not happen all of the time, but if the signature is close enough...). We all know V said, go ahead and play but dont get too big that is the only reason the masters are running as I said they would. So in an effort not to look too big, it may be that this system may have to have a few access points (in different communities) so (sadly) perhaps not all game servers should be seen from one place, but a few places. But I think that in review, stealing their IP (see below) is the surest way to get reviewed.
Finally, could you remove my server from the automated spammer cycling through games and promoting TribesNext.com. I am aware I can change ip's or posts, and that your spam bot may well use the list (seems to me another good way to get smacked... using their list to steal their IP). But, first, it is spam and traceable, second if it is spoofed you are on record as saying that you would do it, and then threatening people with hacking their servers for not using your new login system, and although I am sure that was not your intent on some level, you did say it, and I am sure big-brother is screen shotting this thread. I think it may be found that using automated script bots to spam people may guarantee, for some people, that they will not want to take part in this system, and at worst, I am recommending the possibility that doing this may be seen as representing the total takeover of a copywriten game (as mentioned above). Word of mouth is going to go a long way toward getting new players in, and descpite what some people will say, without noobs, this game will die, fully. And worse than that, spamming people may get a noob calling V asking for help, raising red flags. Imagine this conversation hi V support, I downloaded your keen free game from your new site, but I cant get xyz working umm, what free game from where (whaa wha whaa whaa whaa whaa) oh really? hang on a second lemme have that info again please, and someone will get back to you ... that could, at minimum, result in some wasted efforts. At worst it could go much further... I'm sure you can think of a few of the laws. Google will probably be most peoples option for finding this game and we all know V is saying "play but don't get too large"... I don't want to see the community risk breaking an unknown glass ceiling. They have obviously left something running for masters (I was told by an Activision manager it may happen... about 4 months ago... "but don't get too big"), so I dont think this is an accident. Its probably supposed to hinder this kind of operation but it also gives communities more time to plan better now.
Everyone appreciates your effort to move fast, almost super human, in the face of impending doom.
Yeah, Im done typing.
He doesn't say he will hack anybody using the system. The only thing mentioned about poorly implemented alternatives was that he would break them. And by break, he more than likely means circumvent.
The bot is not so much spam as it is an attempt to ensure everybody in the community knows of the impending shutdown and a solution to it. If you're so peeved, make your own that advertises your solution or ban the bot from your server.
Activision/Vivendi/Whomever will doubtful come after anybody turning Tribes2 into a "community edition". Tribes1 has their own set of master servers, and nothing has been done to them.
Said conversation would more likely turn into "We no longer support that title, thanks for being a loyal customer! *click*"
And, your posts are uselessly long. Touch on a point, and move on. I'm sick of reading your walls of text that repeat the same thing.
Honestly now, just let people do what they do; If the system works people will use it, I'm sick of reading this pissing match between you when there is something bigger than the two of you combined.
On the first part of your words, I was hoping that a good enough system could be made. The average person is not going to care if there is a better way to do it , but only a malicious individual with act in the purpose of breaking that of someone elses system designed to help the community use my system or I will break yours is not a convincing argument and there are many people who reading this who do not respond (Dick Nixons Silent Majority) and I am trying to help, not hurt. In many ways we are not so different we are both challenging people to come up with a better idea based on the circumstances. The difference comes in that I am write and post questions to help, before anyone expends effort in a possibility that may get us shut down harsher others say they will break with is not theirs.
Now, although I have not redrawn any diagrams or documents yet, I am considering some thoughts that take into account how a T2script/modular authentication system can be designed for legal precautions. With more time now, I can envision systems that could work. And is this not how things are done under the ongoing system? I am asking without malice, are you saying it cannot be done any other way than one programmers vision because you can prove it? Or because someone you appreciate has said it? Because I am saying, V does it now.
On to the next parts... I dont care what you call certain efforts we have discussed, it is hacking by definition, at minimum, when an automated system is used or circumvented in opposition to the developer or companies intent. The act of a bot logging into my server and others, posing Tribesnext.com as officially company sanctioned, and logging out is unwanted after I ask it to be stopped. At that point it legally becomes a form of UCE (maybe better labeled in this case Unwanted Noncommercial Information, UNCI? Hmmm .) But the fact it is a bot or other automated system that I simply asked not to be a part of, it falls under the realm of laws that cover anything from UCE to Unwanted Calls.
As for T1, I don't believe it was owned by any of the same companies, and I do believe it was given to the community. Unless proven wrong, that is my belief as described by others and I would ask others to prove me wrong since I am not going to take the time to prove myself right... time and money.
I recognize that people are angry because I challenged the guy everyone likes, that I write long posts many times and I seem to be playing devils advocate, but would you rather no one do this and the companies involved have significant ammunition versus looking at a system that falls under the MOD rules? I am proposing MOD rules. In fact, it could be made that a GAME is a list server then that becomes all MOD. Easy, certainly not, achievable, yes.
PS. Your posts aren't annoying because they are long; they are annoying because you're a terrible writer.
In addition, I am arguing on your turf, trying to make a case to a very type-A, popular person who loves Ruby. If you felt you were right and wanted to protect the game useage, you have to expose thick skin (no foul puns from the penut gallery please).
I agree I did allot of repetition especialy in that last post. My appoligies to all. You know how it goes when you have something written long, then edit some of it, end up leaving similar information in mutiple places. One thing I do is write SharePoint / C# articles and those are tripple checked as money is involved. It may explain why it's easy for me to write allot without even knowing it.
I would not be putting up with this much crud and so much effort if my goals were not pure to the game.
"No, it's covered by these exceptions, as pointed out here..."
"Your solution might break these (same) laws..."
I am saying that adding a secure encryption scheme to the game will require something other than T-Script. All authentication done in-game is handled in the executable itself, not T-Script. I'm sure somebody else could develop another security-minded solution, however it would likely be very similar to Thyth's.
I've already suggested a solution for your server, ban the bot. I'm sure your server has connection logs. Find the bot GUID and ban it for 100 years...
Sierra/Dynamix (aka the same people that brought you Tribes 2) developed Tribes1! And how is that different from the current situation? The Tribes2 installer is freely available throughout the web.
The issue with your posts has more to do with rambling than length (in my case at least). Simply: Be Concise.
I would prefer if you didn't question my motives either. I've read your impassioned monologue on your forum which makes me look like some evil person out to destroy T2 because I pointed out serious flaws in your implementation.
Would I try to break any authentication system? Of course I would. I encourage people to try to do the same to mine. I'm confident that my design will stand up to attacks, and that nobody will be able to impersonate another player, short of stealing their password. I'm confident that your design won't stand up to an elementary credential replay attack. I explained it in non-technical terms, and perhaps that will give you an idea as to why what you suggest is absurdly broken.
Alice and Carol are players. Bob and Dave are servers. Trent is your authentication server. Yes, I realize you want to implement some sort of time limit on your tokens, but that won't prevent the attack as described.
No sort of symmetric cryptography will help you here, because it isn't designed to do what you want it to do.
Now... imagine you never found out about my project and decided to implement the system as you designed it? It doesn't take a genius to realize "hey, I can make my server store tokens, and use them to be someone else". What do you think would happen then? In a lot of ways, my critique of your system has made you realize that there is a serious problem.
As for legal liability, I have cited the relevant laws, and as I said before, I consulted with a few Juris Doctors -- in the event you are not familiar, a JD is the doctoral level degree in law. I'll reiterate one final time: the DMCA reverse engineering exception puts us in the clear for reverse engineering, reprogramming, and an automated reprogrammer (i.e. patch). Fair use under copyright law permits users of a software program to modify a system to suit there needs as long as they do not distribute derivative works. An automated reprogrammer is not a derivative work. The End User License Agreement cannot take away rights that you have under copyright law, including the right to reverse-engineering for interoperability purposes (as described in DMCA Section 1201f).
In the event Activision/Vivendi/Sierra attempts to go after us for any reason (none of which would hold legal justification), the DMCA cease and desist notices would be sent to the distributor - Krash, who is not under the jurisdiction of that law. There is also prior precedent with the Tribes 1 community master server system.
Activision/Vivendi/Sierra are interested in saving costs, which is why they are shutting down these systems in the first place. I expect they have at least half a dozen servers, consuming somewhere in the area of $600 per year in electricity, and some quantity of bandwidth. But shutting it down, they have indicated that the game is worth less to them than that. They won't hire $100+ per hour lawyers to draft a DMCA cease and desist notice from a game that they don't make any money on. Their intent to shut down those servers constitutes a material statement that they don't value the games that run them anymore, which would prevent them from collecting any damages too.
This isn't my first BBQ, and I know what I'm doing.
Oh and... status update... Krash has made progress on GUIs, I've made progress on listing. We'll be up soon.
Everyone else, including VSF, :simma:
Excellent news. :clap:
Don't get disheartened by a little crap from certain others. Looks like the rest of several T2 communities are behind you and everyone else contributing.
what was that thing the little bot said to get?
Finally...
When is the new authentication server going to be released?