New SSC Biller

[»Lynx]

If that's the case, then I would support a new biller -- fully, and if you do get the chance to make anything more openly developed - do it, no questions asked! I'll fully support in whatever way that I can. Good job on making some progress, or more so, actually getting some blood from the stone.

 

-L

[Snrrrub]

FWIW, I've built a biller and a Continuum hack that eliminate the problem of zones stealing passwords. The biller is ready, the hack is ready, and they have been for over half a year. If there's interest, let me know - my email address is sharvil.nanavati@gmail.com. I'll help out but only if there's serious commitment in making it happen. I'm not interested in investing any more time into projects that fizzle away.

 

-Snrrrub

[»freakmonger]

Just to try and get back on topic and keep things organized so maybe these suggestions will go somewhere.

 

 

-===ALIAS DATABASE===-

- Have a Biller Wide Alias Database available. You can limit this to BanG lvl 1 ops if you like, but some kind of Biller Wide Alias System would help a lot.

 

 

-===CHAT===-

- Expand the chat # limit

 

- Create Chat Owners. Able to kick/ban players from that chat

 

 

-===NAMES===-

- Limit the # of aliases per IP/MID

 

 

-===SQUADS===-

- Create Squad Co-Captains. Able to do everything squad related except dissolve the squad

 

- Purge squads that hasn't had members log into CTM in over 2 years.

 

- After the purge, automatically dissolve squads that hasn't had __% of members log into CTM (if the squad has 10 members, it is required that at least 3 members log into CTM within 2 years or the squad gets dissolved)

 

 

-===ANTI-CHEATING/BANNING===-

 

BanG might be about as good as we will get with security, but maybe more documentation available about BanG.

 

 

 

 

I'm sure there are suggestions I missed but I kinda threw this together real quick.

[»Lynx]

Sounds like a pretty good summary.

 

The ability to own/kick players from a chat seems pretty lame to me, though. Maybe if it's only one chat per name, and that chat will be purged after the owner does not log in for # days. Therefore, zone chats can be handled by bots, and squad/secret chats can stay as secret as they've always been.

 

-L

[Dr Brain]

- Limit the # of aliases per IP/MID

 

Bad idea. It'd be so easy to get around that it would only effect players that aren't trying to abuse it.

 

I'd also like to reiterate my objection to a biller-wide alias database.

[TeroH]

FWIW, I've built a biller and a Continuum hack that eliminate the problem of zones stealing passwords. The biller is ready, the hack is ready, and they have been for over half a year. If there's interest, let me know - my email address is sharvil.nanavati@gmail.com. I'll help out but only if there's serious commitment in making it happen. I'm not interested in investing any more time into projects that fizzle away.

 

-Snrrrub

 

Zones stealing passwords was already a known threat a long, long time ago and it was discussed extensively then. Whether this actually resulted in actual code in the client/biller/server, I cannot remember. I have a faint memory that countermeasures for this was already built into Continuum and the biller.

[»freakmonger]

Yes I know that almost any monkey could bypass an IP Block on names, but it was suggested above so I added it on there.

[Samapico]

That's pretty much the point... to prevent monkeys to abuse the system. I wouldn't be surprised if monkeys are the ones claiming most names.

 

Of course, by monkeys, I'm talking about people with not much knowledge about these things. I think it's safe to assume that less than 20% of people would know how to bypass an IP/MID check. Perhaps a bit more for IP, but MID requires a few more steps.

 

 

I'd also like to reiterate my objection to a biller-wide alias database.

You're talking about linking aliases together, right? Or you're talking about the actual username database... which... wouldn't make much sense anyway... Or I missed something important lol

[Dr Brain]

Those 20% that know how to bypass the blocking system will still make the entire blocking system worthless. Don't put dumb restrictions in that only effect people that play by the rules.

 

I'm talking about the alias database that makes sense to have an objection to, yes. I don't mind host level alias databases, since a player can choose to not play on those servers, but I really don't think that a biller level one is a good idea.

[Snrrrub]

To clarify:

 

My biller extracts *all* of the Continuum security data. I'm talking about all the extra identifying data you can get besides just IP/MID/TZB. It's used for both banning and aliasing (biller-wide). It also does database transactions correctly so your database is never in an inconsistent state (where I've seen other billers fail). The biller can also identify itself as an SSC biller so zones don't get the warning popup (there's a bit more to it than that), *sendto works across zones connected to that biller, AND there's a very small client hack to not send passwords in plaintext to prevent zones from stealing passwords. The client hack doesn't modify the Continuum checksums in any way so zones don't have to upgrade their Continuum.exe - all you have to do is use the new client and connect to a zone on my biller and it all just works.

 

Some of the things freakmonger mentioned are already present in my biller.

 

The real question is: does the community want to leverage an existing project to build and deploy the next-generation biller or do we all want to sit here and talk about what a biller should be for months, get a project or two started from scratch (why reuse when we can reinvent!), and then ditch it all due to lack of leadership and waning interest because it took so long?

 

-Snrrrub

[»D1st0rt]

I'm pretty sure we could have a list of interested zones together pretty quickly

[Dr Brain]

If you can hook into the SSC database and start transferring authentication information, then I'd switch.

[PoLiX]

The hardest part of it is that the majority of the population plays on servers ran by Priit. So it'd be hard to do it quietly, and what is not to say once he realizes it, things fall apart.

 

This is why it was discussed if it we're to be done, the current db is needed. Though lots of efforts have been / are being made towards that. Talk to me on msn and i'll discuss more on that.

 

There was a time SSCX had everything ready to ditch SSC, but that never fully happened.

 

I think the best/only way to do it is either fully restart (chaos, though happened before), or get/pull data from the current db. If you have a way to do this, then ok. But until then, we're gonna have some issues.

 

 

And on the source code. For those who have tried unpacking continuum and sniffing around. Maybe check out KaZaA's backend or Skype sometime. Might find some interesting things. We're never gonna get the source code. That is 100% outta the question, sorry.

[L.C.]

Why are you guys even planning to make a new biller when Snrrrub already made one that is better than current SSC and far more secure? This is unnecessary to go and remake a biller when Snrrrub's biller can do all this for you already, plus better.

[Hakaku]

Why are you guys even planning to make a new biller when Snrrrub already made one that is better than current SSC and far more secure? This is unnecessary to go and remake a biller when Snrrrub's biller can do all this for you already, plus better.

They're not exactly planning to make a completely new biller seeing how Snrrrub already has one; this is just a suggestions thread for things that could potentially be included in a biller. As Polix implied in his last post, it's not so much the new biller that's the issue, but zones switching to the new biller, or more importantly, zones hosted by Priit that pose a problem (i.e. where the "ditching" idea comes in). I think he's worried that Priit might consider it backstabbing, and will most likely regard the whole endeavour as a security risk to his current job. Who knows how he'd react should he even notice.

[TeroH]

Plus, there is still the option of actually getting hold of Priit and start talking some sense to him. I don't have much credibility in this community today, but trust me, it can be done.

 

Anyone got GS's contact current information? All the contact info I have for Alex is from over half a decade ago.

[Chambahs]

Alex reads these boards more then we think. Im sure he already knew about this before we did.

[»freakmonger]

Have you tried the contact info you have for him? He doesn't change it much

[MikeTheNose]

-===ANTI-CHEATING/BANNING===-

 

BanG might be about as good as we will get with security, but maybe more documentation available about BanG.

 

 

You won't find any more documentation on BanG's abilities than what is already posted. If a programmer wants info they'll have to ask a BanG Administrator.

 

 

PS. Chat channels can't be increased without a client update.

[Aceflyer]

Plus, there is still the option of actually getting hold of Priit and start talking some sense to him. I don't have much credibility in this community today, but trust me, it can be done.

 

Anyone got GS's contact current information? All the contact info I have for Alex is from over half a decade ago.

 

It's the 'getting hold of Priit' part that's hard- harder, possibly, than the 'talking some sense' part.

 

GS is easily reachable in-game or via, as freakmonger says, old contact info.

[»doc flabby]

PS. Chat channels can't be increased without a client update.

Thats not true. The client supports more than 10 channels, i found this out when working with my tcp biller. You can also speak in chats 8 and 10 as well using ;;10; and ;;8;