User panel stuff on forum
  56 posts on 2 pages  First page12Last page
Client Talk
2006-04-15, 17:48
Member
55 posts

Registered:
Mar 2006
satan is lord
2006-04-15, 17:53
Member
1011 posts

Registered:
Feb 2006
bigfoot wrote:
Does the average Quakeworld player know which lines to remove from FTE?

actually yes because most cheat protection in fte source is handily labelled with comment
e.g.
r_draworder.value = 0; // don't let cheaters look behind walls
... //now some cheat protection
etc.

grep -rnH --include=*.c cheat .


hetman: they shouldn't have 8080 blocked as it is alternative http:// port - just e-mail sysadmin to request it to open it - they can't have any objection...
2006-04-15, 17:57
Member
1011 posts

Registered:
Feb 2006
p.s. a client without security dll is more likely to lead to a coder writing a hacked client and releasing it to qw.nu for public consumption
2006-04-15, 18:05
Member
55 posts

Registered:
Mar 2006
bigfoot is right
hetman is wrong
s8n=l0rd
2006-04-15, 18:27
Member
811 posts

Registered:
Jan 1970
oldman wrote:
bigfoot wrote:
Does the average Quakeworld player know which lines to remove from FTE?

actually yes because most cheat protection in fte source is handily labelled with comment
e.g.
r_draworder.value = 0; // don't let cheaters look behind walls
... //now some cheat protection
etc.

grep -rnH --include=*.c cheat .

Already there you've lost most users.

Windows doesn't have grep. Even if someone would manage to edit the sources, they'd even have to be able to compile it. I don't know many QW players who can compile their own client
2006-04-15, 18:35
Member
1011 posts

Registered:
Feb 2006
Well if we've 'lost most users' at the 'find in files' stage - how do you expect them to crack the security.dll without any instructions?

lets approach this a different way

if i compile and host an fte binary with several cheats included that would you still be happy for fte to be allowed in leagues? probably not, admins definately wouldn't

until a cracked ezquake is available i can't see any reason to prevent it from being permitted in leagues
until a version of fte with similar levels of 'security' is available i don't see any reason to permit it in leagues

until the security is circumvented by several people, having it is better than nothing
2006-04-15, 18:55
News Writer
493 posts

Registered:
Jan 2006
First off I'd like to congratulate oldman who came into this topic with an obvious bias against me and FTE. If you read my posts, I tried VERY HARD to stop any hate between FTE and ezQuake. Thanks oldman for skipping that part (both times).

Hetman: bigfoot is offering you a public display. LIVE. What is wrong with this? He doesn't want to distribute binary because people who don't know how to hack ezquake and still pass the security dll will get a better understanding. Do you want this? I don't understand why a public showing of 90%lg with a "clean" ezquake client is not proof. Please explain.

Can we fucking end this FTE vs ezQuake deal?

I started this damn discussion for two reasons:

1) People didn't (and still dont) understand that the security.dll COULD BE HACKED. Believe what you want - it will not change the reality of the situation.

2) Because of #1, other clients are being discriminated against, when in reality they don't offer much less security.


I did NOT start this for other people to come and start flame wars or start rivalries. Let's remember we are all on the same team. Everyone in this discussion has put in personal time to better an aspect of Quake. Whether it's engine developing, patching, or eyecandy, WE ALL HAVE THE SAME GOAL. So stop treating each other like shit and start making progress.
2006-04-15, 19:03
Member
811 posts

Registered:
Jan 1970
oldman wrote:
lets approach this a different way

if i compile and host an fte binary with several cheats included that would you still be happy for fte to be allowed in leagues? probably not, admins definately wouldn't

I wouldn't mind. What about Ezquake, would you allow it then? I'd think it'd be a bit hard for you to disallow it now, even if someone released a binary.

oldman wrote:
until a cracked ezquake is available i can't see any reason to prevent it from being permitted in leagues

And even when it happens, it will still be allowed. The people who have switched to Ezquake probably don't want to go back. And even if they do, Fuhquake is equally vulnerable. That leaves you with 0 allowed clients. What then?

oldman wrote:
until a version of fte with similar levels of 'security' is available i don't see any reason to permit it in leagues

Either that or till someone realises the obvious. Or just figures out that cheating isn't such a big problem around here.

oldman wrote:
until the security is circumvented by several people, having it is better than nothing

How many is _several_?
2006-04-15, 19:12
Member
1011 posts

Registered:
Feb 2006
Up2nOgOoD[ROCK wrote:
']First off I'd like to congratulate oldman who came into this topic with an obvious bias against me and FTE. If you read my posts, I tried VERY HARD to stop any hate between FTE and ezQuake. Thanks oldman for skipping that part (both times).

I have no bias against FTE. I would consider myself on good terms with Spike and regularly spoke with him on MSN/IRC in the beginning when he first started the project. I don't believe I used any anti-FTE terminology apart from (perhaps unfairly) grouping the people on this topic as FTE developers, EZQuake developers and league admins

Quote:
Hetman: bigfoot is offering you a public display. LIVE. What is wrong with this? He doesn't want to distribute binary because people who don't know how to hack ezquake and still pass the security dll will get a better understanding. Do you want this? I don't understand why a public showing of 90%lg with a "clean" ezquake client is not proof. Please explain.

not directed at me, but ill reply anyway. What is wrong with distributing the binary to current ezquake developers? Its their work. Why should they not be allowed the opportunity to prevent the hack? Why must you limit yourselves to 'showing it off'?

Quote:
1) People didn't (and still dont) understand that the security.dll COULD BE HACKED. Believe what you want - it will not change the reality of the situation.

maybe, maybe not

Quote:
2) Because of #1, other clients are being discriminated against, when in reality they don't offer much less security.

define much less security. I already pointed out some easy hacks you can do to fte
2006-04-15, 19:21
News Writer
493 posts

Registered:
Jan 2006
Agreed.

When it comes down to it, here are the facts:

1) No security is perfect.

2) ezQuake's security is as close as we can get, ___HOWEVER KEEP IN MIND IT CAN BE HACKED!___

3) FTE crew has NOTHING against ezQuake.

4) ezQuake crew has NOTHING against FTE.

5) FTE and ezQuake are just two different clients. No one is making a profit from this.

6) We are all in this because of the respect and love we have for the game.

Edit: all posts under this will be deleted. I'm locking this thread (with permission of Bigfoot and Hetman). something is just wrong with locking threads right now, it gives me an error
2006-04-18, 09:17
Member
104 posts

Registered:
Mar 2006
some kind of identification would be very handy, since (at least i think) fakenicking is a common thing, even in official games (sd vs la). This should include somekind of IP list, etc.
QW scene is rather small, everybody knows each other but there pop ups old players using different alias once in a while. Ilf is probably playing right now in some other team. With a proper identification and such we could ban Ilf & Co for good.

But that's just my 5 cents.
http://us.i1.yimg.com/us.yimg.com/i/fifa/06/bypa/ptw/asamoah_l.jpg
2006-04-18, 11:59
Administrator
2058 posts

Registered:
Jan 2006
people change ip, people use proxies
2006-04-18, 12:59
Member
104 posts

Registered:
Mar 2006
yes, pekis is very aware of these vile means

but what if the identification would be connected to the Q-bot/other and there would be some database of players.. and of course one should do some authentifications to get an account to that database.. so that retic & riker couldnt have 100 different fake nicks, or at least it would be troublesome.

at the beginning of a 4on4 (especially on mixed) people could do some f_whoareyou and see who's who.
http://us.i1.yimg.com/us.yimg.com/i/fifa/06/bypa/ptw/asamoah_l.jpg
2006-04-18, 13:18
Member
693 posts

Registered:
Jan 2006
pek wrote:
yes, pekis is very aware of these vile means

but what if the identification would be connected to the Q-bot/other and there would be some database of players.. and of course one should do some authentifications to get an account to that database.. so that retic & riker couldnt have 100 different fake nicks, or at least it would be troublesome.

at the beginning of a 4on4 (especially on mixed) people could do some f_whoareyou and see who's who.

But then what would stop people making more than one account? The only way to even remotely do that is to 'do a valve' and charge people for an account, which is of course out of the question.
2006-04-18, 14:04
Member
1011 posts

Registered:
Feb 2006
well the only way this could be implemented would be to get people to register as dynamic or static ip

if you register as static, it is expected that your ip will not change during the course of the season
if you register as dynamic, it is expected that your ip will be different for every week - you should never be playing from the same ip

qizmo routes would have to be fully resolved to the original source

still a number of different people could register as a single dynamic player - but it would prevent somethings

essentially though this is all a bit unworkable you need monthly fee accounts like WoW to ensure non-faking
2006-04-18, 23:02
Member
811 posts

Registered:
Jan 1970
hetman wrote:
Other ppl reading this: get a life!

ahhhhfgasd!!
2006-04-19, 01:06
Member
805 posts

Registered:
Mar 2006
dEUS_ wrote:
hetman wrote:
Other ppl reading this: get a life!

ahhhhfgasd!!

:rolleyes:
https://tinyurl.com/qwbrasil - QuakeFiles
2006-04-19, 01:11
Member
805 posts

Registered:
Mar 2006
Ok so why not develop a authentication method between clients and servers?
https://tinyurl.com/qwbrasil - QuakeFiles
2006-04-19, 13:58
Member
1011 posts

Registered:
Feb 2006
but user/pass isn't any prevention against fakenicking?

you can just give your user/pass to the person you need to fake as you
2006-04-19, 15:06
Member
1011 posts

Registered:
Feb 2006
good ellaboration
2006-04-20, 07:49
Member
104 posts

Registered:
Mar 2006
I've to admit that I'm no coder or have any experience of this kind of shit what so ever.

But, think about this: A database where one could have login/pw connected to one single IP and there couldnt be two similar IPs, So you would have to use some proxy etc. to create another account. Game servers would check your IP and login/pw.. Of course people would bypass this somehow, but the point is this: If the account wouldn't activate instantly, but after a while, let's say a week after one have created it, and there would be active admins banning/removing false accounts ( neverheard guys owning at mixed games, etc). The best part is that the admins wouldnt have to be server admins, as we all know serveradmins live in some distant country and are a bit lazy, but admins who've acces to player database. What do you think about this?

And.. That hetmans idea of some kind of rankings could be handy at mixed games where nowdays we've to do 5 rpickups in a row to get proper teams.. There could be somekind of rakingpickup...

Anyways.. I don't know if these ideas are doable, just my buffalo nickels
http://us.i1.yimg.com/us.yimg.com/i/fifa/06/bypa/ptw/asamoah_l.jpg
2006-04-20, 08:56
Member
693 posts

Registered:
Jan 2006
My IP changes every time my connection drops (at the moment that's at least once a day)...
2006-04-20, 09:16
Member
1011 posts

Registered:
Feb 2006
you won't be allowed out to play football then
2006-04-20, 10:29
Member
271 posts

Registered:
Feb 2006
IPs are dynamic, routable, and even spoofable. They will not work.
moo
2006-04-20, 10:55
Member
104 posts

Registered:
Mar 2006
Spike wrote:
IPs are dynamic, routable, and even spoofable. They will not work.

So... Is there any way to create somekind of a identification system?
http://us.i1.yimg.com/us.yimg.com/i/fifa/06/bypa/ptw/asamoah_l.jpg
2006-04-20, 11:40
Member
104 posts

Registered:
Mar 2006
hetman wrote:
There cannot be direct connection between IP and login/pass, as there is no such connection in many *successful* on-line ranking games e.g.
http://www.kurnik.org/

I can imagine that if it is a league final or something we can look at past IPs of a user and evaluate if there is something suspicious about his/her identity. But this cannot be done for each and every game!

You cannot bind players to some IPs, that is crazy. This authorization system requires some humans to take care of it (for instance, a Danish player would authorize .dk players registrations etc.).

Do not reinvent the wheel! The authorization for online games (and the on-line ranking) has been done years before, we can just port this idea to QW.

Yeah, that's was a bad idea.

So, it would be just a account/pw type of system? And admins would take care that there wouldnt be double accounts and such?

Could this be tested in near future?
http://us.i1.yimg.com/us.yimg.com/i/fifa/06/bypa/ptw/asamoah_l.jpg
  56 posts on 2 pages  First page12Last page