satan is lord

actually yes because most cheat protection in fte source is handily labelled with comment
e.g.
r_draworder.value = 0; // don't let cheaters look behind walls
... //now some cheat protection
etc.

grep -rnH --include=*.c cheat .


hetman: they shouldn't have 8080 blocked as it is alternative http:// port - just e-mail sysadmin to request it to open it - they can't have any objection...

p.s. a client without security dll is more likely to lead to a coder writing a hacked client and releasing it to qw.nu for public consumption

bigfoot is right
hetman is wrong
s8n=l0rd

Already there you've lost most users.

Windows doesn't have grep. Even if someone would manage to edit the sources, they'd even have to be able to compile it. I don't know many QW players who can compile their own client

Well if we've 'lost most users' at the 'find in files' stage - how do you expect them to crack the security.dll without any instructions?

lets approach this a different way

if i compile and host an fte binary with several cheats included that would you still be happy for fte to be allowed in leagues? probably not, admins definately wouldn't

until a cracked ezquake is available i can't see any reason to prevent it from being permitted in leagues
until a version of fte with similar levels of 'security' is available i don't see any reason to permit it in leagues

until the security is circumvented by several people, having it is better than nothing

First off I'd like to congratulate oldman who came into this topic with an obvious bias against me and FTE. If you read my posts, I tried VERY HARD to stop any hate between FTE and ezQuake. Thanks oldman for skipping that part (both times).

Hetman: bigfoot is offering you a public display. LIVE. What is wrong with this? He doesn't want to distribute binary because people who don't know how to hack ezquake and still pass the security dll will get a better understanding. Do you want this? I don't understand why a public showing of 90%lg with a "clean" ezquake client is not proof. Please explain.

Can we fucking end this FTE vs ezQuake deal?

I started this damn discussion for two reasons:

1) People didn't (and still dont) understand that the security.dll COULD BE HACKED. Believe what you want - it will not change the reality of the situation.

2) Because of #1, other clients are being discriminated against, when in reality they don't offer much less security.


I did NOT start this for other people to come and start flame wars or start rivalries. Let's remember we are all on the same team. Everyone in this discussion has put in personal time to better an aspect of Quake. Whether it's engine developing, patching, or eyecandy, WE ALL HAVE THE SAME GOAL. So stop treating each other like shit and start making progress.

I wouldn't mind. What about Ezquake, would you allow it then? I'd think it'd be a bit hard for you to disallow it now, even if someone released a binary.


And even when it happens, it will still be allowed. The people who have switched to Ezquake probably don't want to go back. And even if they do, Fuhquake is equally vulnerable. That leaves you with 0 allowed clients. What then?


Either that or till someone realises the obvious. Or just figures out that cheating isn't such a big problem around here.


How many is _several_?

I have no bias against FTE. I would consider myself on good terms with Spike and regularly spoke with him on MSN/IRC in the beginning when he first started the project. I don't believe I used any anti-FTE terminology apart from (perhaps unfairly) grouping the people on this topic as FTE developers, EZQuake developers and league admins


not directed at me, but ill reply anyway. What is wrong with distributing the binary to current ezquake developers? Its their work. Why should they not be allowed the opportunity to prevent the hack? Why must you limit yourselves to 'showing it off'?


maybe, maybe not


define much less security. I already pointed out some easy hacks you can do to fte

Agreed.

When it comes down to it, here are the facts:

1) No security is perfect.

2) ezQuake's security is as close as we can get, ___HOWEVER KEEP IN MIND IT CAN BE HACKED!___

3) FTE crew has NOTHING against ezQuake.

4) ezQuake crew has NOTHING against FTE.

5) FTE and ezQuake are just two different clients. No one is making a profit from this.

6) We are all in this because of the respect and love we have for the game.

Edit: all posts under this will be deleted. I'm locking this thread (with permission of Bigfoot and Hetman). something is just wrong with locking threads right now, it gives me an error

some kind of identification would be very handy, since (at least i think) fakenicking is a common thing, even in official games (sd vs la). This should include somekind of IP list, etc.
QW scene is rather small, everybody knows each other but there pop ups old players using different alias once in a while. Ilf is probably playing right now in some other team. With a proper identification and such we could ban Ilf & Co for good.

But that's just my 5 cents.

people change ip, people use proxies

yes, pekis is very aware of these vile means

but what if the identification would be connected to the Q-bot/other and there would be some database of players.. and of course one should do some authentifications to get an account to that database.. so that retic & riker couldnt have 100 different fake nicks, or at least it would be troublesome.

at the beginning of a 4on4 (especially on mixed) people could do some f_whoareyou and see who's who.

But then what would stop people making more than one account? The only way to even remotely do that is to 'do a valve' and charge people for an account, which is of course out of the question.

well the only way this could be implemented would be to get people to register as dynamic or static ip

if you register as static, it is expected that your ip will not change during the course of the season
if you register as dynamic, it is expected that your ip will be different for every week - you should never be playing from the same ip

qizmo routes would have to be fully resolved to the original source

still a number of different people could register as a single dynamic player - but it would prevent somethings

essentially though this is all a bit unworkable you need monthly fee accounts like WoW to ensure non-faking

ahhhhfgasd!!

:rolleyes:

Ok so why not develop a authentication method between clients and servers?

but user/pass isn't any prevention against fakenicking?

you can just give your user/pass to the person you need to fake as you

good ellaboration

I've to admit that I'm no coder or have any experience of this kind of shit what so ever.

But, think about this: A database where one could have login/pw connected to one single IP and there couldnt be two similar IPs, So you would have to use some proxy etc. to create another account. Game servers would check your IP and login/pw.. Of course people would bypass this somehow, but the point is this: If the account wouldn't activate instantly, but after a while, let's say a week after one have created it, and there would be active admins banning/removing false accounts ( neverheard guys owning at mixed games, etc). The best part is that the admins wouldnt have to be server admins, as we all know serveradmins live in some distant country and are a bit lazy, but admins who've acces to player database. What do you think about this?

And.. That hetmans idea of some kind of rankings could be handy at mixed games where nowdays we've to do 5 rpickups in a row to get proper teams.. There could be somekind of rakingpickup...

Anyways.. I don't know if these ideas are doable, just my buffalo nickels

My IP changes every time my connection drops (at the moment that's at least once a day)...

you won't be allowed out to play football then

IPs are dynamic, routable, and even spoofable. They will not work.

So... Is there any way to create somekind of a identification system?

Yeah, that's was a bad idea.

So, it would be just a account/pw type of system? And admins would take care that there wouldnt be double accounts and such?

Could this be tested in near future?