download
http://ezquake.sf.net/download
security module
ezquake_security_1.8.2.zip

Stay tuned - there will be MacOSX builds

Changelog

-- Improvements in serverbrowser look
-- SB is work on Windows Vista too
-- cl_newlerp - Experimental rockets/grenades/spikes smoothing code. Default value 0.1 means: use 90% of our 'vision' and 10% of server 'vision'. Should be OK for most case, but floating ping (see remarks). Use 0 to turn it off.
-- cl_predict_help - The new default eliminates player models' jittering when independent physics is enabled; a possible downside is larger prediction errors of modem players' movement, hence the option to revert to old behavior.
-- ezQuake understand both -norjscripts and -noscripts
-- scr_teaminfo_order now accepts 'fun chars'
-- swap shownick and tp_msgreport in default bindings
-- con_particles_images 0 disables 'quad rain'
-- fix console flickering on Intel VGA-cards
-- gl_ztrick is default at 0. Seems like we get rid of Z-fighting for textures - only works if gl_ztrick is turned off.
-- gl_part_telesplash 2 - same as gl_part_telesplash 1, but no 'rays', only 'dots'
-- gl_textureless for brush models - floor on dm2 for example
-- block gl_textureless, allow_scripts changes when match in progres
-- commands show and hide now returns alpb. sorted list of hud elemtes
-- Some fixes to hud-editor
-- No more crash with -ruleset smackdown
-- -mevdev cmdline param are back: it juset set in_mouse to 3 and in_evdevice to a given value
-- ctrl+w gives white led
-- some fixes at movie capturing
-- fps-indep physics can be changed 'on fly', but in disconnected mode
-- fix hud_rankingpos behavior
-- tp_name_teammate default value is back to ""


P.S.
report a bug
write feature request

P.P.S. League admins - update your rules

BTW, just for your information, the new obscurity module will randomly give false negatives - that is, it will say that a person is playing with an "unauthenticated" client even if he's not.

Point about security modules being totally stupid: Proven

I wonder what will EQL ppl now do. They require security module and they are administrators of forum where a crack to that module is being published.
My guess:
1) They will do nothing
2) QW scene will look even more ridiculous
If that's what you wanted to achieve bigfoot and Molgrum, congratulations to you.

the security module could easily be made securer¹

send a copy of the ezquake security module source to respected/trustworthy devs, most don't even play competitively so would have no interest in leaking it (if you want, strip out all the #ifdef _WIN32 from the security module so it can only be used for the more easily crackable linux .so) so improvements can be implemented and merged.

---

1. please no comments of 'the whole idea of clientside authentication is flawed', they will be ignored, securer != uncrackable

Yes, how very interesting. You really had to publish this info here instead of letting ezQuake team to fix it properly?


So disconnect, can you fix the flaw?

Unfortunately, still no improvement in ALSA sound latency...


sempron

So what is the deal this time (not like I haven't seen these discussionns before), is QW ruined with this patch out? Actually no, because now you can compile ezQuake on for example any special GLIBC that you might have, but that the ezQuake developers haven't released a version for. I see it as a positive thing that more people are able to play and fix your bugs, don't you?

updated on EQL, thnx alot ezQ-team

feature request:

+wp_stats as hud_item
background alpha colors (red/green) on r_tracker stuff.

cl_usenickname_as_skin if teammate havnt set skin

cl_name_as_skin exists already

Well, they made themselves look ridiculous. They rely on code written by a single person, not being peer reviewed, which besides being absolutely functionless also is full of bugs. People who have blind faith in things do tend to make themselves look ridiculous. Don't blame me, please.


Are we back there yet again? Oh dear.

They've had several years to run a single rm command, yet they haven't done it.

Why do you keep blaming me for something being logically impossible?


No, he can't.

Will you also try to make it actually detect cheats this time around? You can write a 10 line wallhack which won't be detected.

Speaking for myself now (I'm not involved in security module development), I wouldn't be interested in making the module better, because after very long talk to bigfoot he said he would publish another crack in case he succeeded in cracking it (which is very easy for him now).

Like four or five devs promised to help with security module development, but they went silent after that. Maybe disconnect knows more.

Molgrum: It is the right of the league to disallow using any GLIBC version they want. Players are free to participate in any league they want. I haven't heard anyone except you and bigfoot complaining about GLIBC versions being disallowed in EQL. You did? But this is not the real interest, otherwise you or bigfoot would provide security module for Mac OS X and FreeBSD. I will not reply if you will come up with another made-up arguments.
Because bigfoot is your close friend, he tries to help you and your league by attacking the tools to enforce rules in other leagues. How lame...

possible but too obscure due to protocol limitation, needs cooperation with the mod

done for 1.9 (teamforceskins), will not be in 1.8 branch

nice!

Anytime

So what are you saying? If the security module can't be fixed, what's the point? Ban ezQ from leagues? Can anything be done?

I'm pretty sure something can be done to improve the situation.

Note do admins of the site.

Cheat/Crack dillers must be banned on this site I guess.

bigfool does't care about anytyhing, he does't care about community, tournaments, he does't care even about clients which will be allowed in tournaments(even he use it as argument to own shit acting), he just bored and take pleasure from unsulting ppl, he such a troll like gocksane.

And I unwilling to say sorry for using personalities in this post.

Changelog please!

Yes, the whole idea behind it is completely flawed. You can't hide a secret on the client computer and hope noone looks. Also the implementation is completely placebo, it doesn't do anything at all to prevent cheating.

Given the fact that every single Ezquake obscurity module has been cracked, and that you've happily played Quakeworld up to this point, do you think it is really needed?

And no, unless you change your mindset away from the "client side security"-religion, you can't do anything about it.


Yes, but it requires that people don't get offended when you point out the obvious. As has been witnessed on this thread, there are plenty of people who are willing to defend their flawed 'religion'.

I wouldn't say he doesn't care. He obviously does, or he wouldn't go through all the trouble of explaining WHY the fundamental idea behind the current security module is stupid.

Here's my question though (and forgive me if it's a bit dumb, but I'm not a coder), shouldn't it be possible to place the security check server-side instead of client-side, and let a closed-source client-side module (sort of like the security module currently) verify itself and then send info from the client that is connected to the server (which the client-module and the server-module can ensure are one and the same) which allows the server-module to verify that the client is unmodified?

Or would it be possible to hack that client-side module as well, and then send whatever you want? Like I said, I'm not a coder

Its called standing over them with a baseball bat, and hitting them when they cheat.

He's not saying ezquake should be banned, he's saying that security modules are counter productive, taking more time to write than for someone with some inteligence to crack, although level-of-inteligence depends on the specific module.

But Johnny come on... both you and me know that the reason EQL has the module is _not_ to disallow any special GLIBC version or any other version to be used, it's to disallow putting in your possibly cheaty modifications in there (which as already pointed out the module would not stop, sorry for speaking out the truth this sharply).


I don't understand what you mean that I would provide modules for Mac OS X and FreeBSD, I can just say that I probably wouldn't. Still the interest is indeed to be able to compile under any specific system and still play in EQL, for me at least.


Examples of my made up arguments? (I have a hard time understanding you)


And now it's some kind of conspiracy to get "my" leagues more popular? What leagues would these be? I fucking play in EQL so don't say that I dislike it or would want it dead.

+1. Cheat/Crack dillers must be banned, their messages and accounts must be deleted.


Actually it is easy. I know a way to do it without any modificitaion in a mod


At least last three linux releases of ezQuake were compiled with GLIBC 2.3. So STFU.
I hear GLIBC-related whine only once - some Slackware users cant run my betas (compiled with GLIBC 2.4). After some time i decided to make a VM with old-GLIBC Linux inside.

The thing is that you seem to want to make us all live like atheists rather than presenting an alternative religion that we can switch to. While this would be perfectly fine with me IRL (), having absolutely no kind of cheat modules in QW, even if they aren't 100% safe, would feel like opening up the doors to hell and we'd have to fight Shub Niggurath and her minions all over again instead of living in pleasantville.

On a more serious note: feel free to offer a valid replacement or at least plan on how to improve the situation if you want people's minds to change.

would anyone dare to cheat in qw anyway? anyone who would, can cheat today just as easily.

Solution A:

Get ftesrv, type "sv_cullentities_trace 1" and "sv_cullplayers_trace 1", wallhack is now solved without any need for a security module.

Solution B:

Get the mvdsv folks to implement the same feature and update the servers.


How's that for improvement of the situation?

I don't remember ever having said anything about GLibC... And no, I wouldn't provide any obscurity module for MacOS X or FreeBSD because
1) It's completely pointless and a waste of time.
2) MacOS X is a steaming pile of shite (yeah, personal opinion, but let's start another flamewar... But please tell me how to disable mouse acceleration in MacOS X first, without abusing a bug in Quake 3)
3) I don't use FreeBSD


Well, at first I didn't even understand what he meant there, but now I see... I didn't even know you ran a league, which one is it?

BTW, when was the last time you actaully saw anyone type f_version? I know that the last 100 times I saw anyone do it, it was Cecco on Nobody's Alternative FFA, just to spam and annoy people. Then I remember seeing it once in a TF match a few years ago.