Top 5 things you want to do when OS Uru lands.

Help bring our custom Ages to life! Share tips and tricks, as well as code samples with other developers.

Re: Top 5 things you want to do when OS Uru lands.

Postby D'Lanor » Tue Feb 09, 2010 4:33 am

Agenotfound wrote:Get rid of the python downloading process at each loggin. This one is soooo frustrating and an useless load on the servers.

PS:(yes, I am currently stuck in that process in Moulagain :D )

It is there to maintain server integrity. In other words, to keep people from "accidentally" loading the wrong python files and mess up the shard. But diafero's whitelist concept sounds like a much better solution.
"It is in self-limitation that a master first shows himself." - Goethe
User avatar
D'Lanor
 
Posts: 1980
Joined: Sat Sep 29, 2007 4:24 am

Re: Top 5 things you want to do when OS Uru lands.

Postby Trylon » Tue Feb 09, 2010 9:17 am

An encrypted checksum should do the trick just as well. (Encryption mightn't even be neccesary)
That way the python could just download whenever needed.

To clarify, In my concept the client would calculate the python checksum, and send it to the server for approval. The client can only connect to the server if the python checksum matches. All checksum comparisons will be done on the server to avoid use of hacked* clients.

*"hacked": Read as "modified".
One day I ran through the cleft for the fiftieth time, and found that uru held no peace for me anymore.
User avatar
Trylon
 
Posts: 1446
Joined: Fri Sep 28, 2007 11:08 pm
Location: Gone from Uru

Re: Top 5 things you want to do when OS Uru lands.

Postby diafero » Tue Feb 09, 2010 10:10 am

IMHO this is quite useless, Trylon - if we control the client (as we will in open source Uru), we make it downloading the latest updates, save these checksums, and send those to the server - while we actually use a different set of files. That might even be possible with the closed client and some wrapper between the client and the OS (like wine is one). There is no way to prevent the client from not loading what the server serves if we control the client. We have to trust the user not to maliciously modify the client, and harden the server to make sure that a malformed client can not do any permanent damage to the vault or the age state (in an ideal world, we might even limit the impact to the client only, but the way Uru works, it's almot impossible to stop one client from crashing another).

However, a whitelist like I implemented it with UruStarter still has the advantage to prevent accidental modifications, which also happens frequently. Plus, it allows an admin to rename a pak file if he sees fitting ;-) . However, the check has to be done in the game engine binary itself, or it is rendered useless by per-process file system virtualisation like Vista and above use it (that "roaming" technology to keep old applications working, even though they save their config in the program directory). UruStarter is as good as we can get without touching the sources.

So, what I would do would be very similar to the UU dataserver, but the client would always fetch the whole dataserver information on startup (we can still let it decide whether it actually updates the ages before linking there) and remove all files not mentioned there - since MOUL puts all the settings and KI images and so on in "Documents", that is perfectly safe. Ok, the Jalak column states also have to be moved there.
I prefer e-mails to "diafero arcor de" (after adding the at and the dot) over PMs.

"Many people's horizon is a circle with a radius of zero. They call it their point of view."

Deep Island Shard | Offline KI
diafero
Deep Island Admin
 
Posts: 2824
Joined: Mon May 05, 2008 5:50 am
Location: Germany

Re: Top 5 things you want to do when OS Uru lands.

Postby Trylon » Tue Feb 09, 2010 10:47 am

diafero wrote:There is no way to prevent the client from not loading what the server serves if we control the client. We have to trust the user not to maliciously modify the client, and harden the server to make sure that a malformed client can not do any permanent damage to the vault or the age state (in an ideal world, we might even limit the impact to the client only, but the way Uru works, it's almot impossible to stop one client from crashing another).


Yeah, you're right. That's the problem with uru's client centered behaviour.
One day I ran through the cleft for the fiftieth time, and found that uru held no peace for me anymore.
User avatar
Trylon
 
Posts: 1446
Joined: Fri Sep 28, 2007 11:08 pm
Location: Gone from Uru

Re: Top 5 things you want to do when OS Uru lands.

Postby diafero » Tue Feb 09, 2010 12:33 pm

Trylon wrote:Yeah, you're right. That's the problem with uru's client centered behaviour.

Could you tell me a real-world architecture that avoids this? The only one I can think of is rendering all images on the server so the clients just displays them - something I read about, but didn't yet see any real implementation. I doubt Cyan's servers could stand that ;-) . All the other games out there are just safe because the client is closed.
I prefer e-mails to "diafero arcor de" (after adding the at and the dot) over PMs.

"Many people's horizon is a circle with a radius of zero. They call it their point of view."

Deep Island Shard | Offline KI
diafero
Deep Island Admin
 
Posts: 2824
Joined: Mon May 05, 2008 5:50 am
Location: Germany

Re: Top 5 things you want to do when OS Uru lands.

Postby Chacal » Tue Feb 09, 2010 1:47 pm

There is no model where the image is rendered on the server.
Uru is more client-centric than other games such as the Battlefield series, because the client makes decisions.

In Battlefield, clients send only actions (movements and actions such as firing a weapon) to the server which makes all decisions such as collision detection, hits/misses, health penalties and so on. The server then pushes this new world state to all clients.

To avoid having perceptible lag on busy servers, your client will do some LOCAL interpolation and prediction. For example, it will render (on your screen only) the world according to predicted position of players and objects based on their last know position, trajectory and velocity. Then it will correct those when it recieves the next world update (leading sometimes to amazing physical feats). This is the disadvantage of using this method. For example, you're in a dogfight and shoot an enemy plane and see visible hits on it. But the server decides there was no hit, so it gets confusing.

The big advantage of course is there is no way you can send commands to the server, and the potential for attack is very limited if the server does a sanity check on your input. This is important in competitive games where the motivation for attacks is high. So there is no adminKI for Battlefield servers. Well there is a command protocol but it is different from the game protocol, on a different port.
Chacal


"The weak can never forgive. Forgiveness is an attribute of the strong."
-- Mahatma Gandhi
User avatar
Chacal
 
Posts: 2439
Joined: Tue Nov 06, 2007 2:45 pm
Location: Quebec, Canada

Re: Top 5 things you want to do when OS Uru lands.

Postby diafero » Thu Feb 11, 2010 1:58 pm

So, the server has the full set of files and while the client could load a different set, the server would still make the physics of the original effective? Ok, that indeed prevents most of the Uru attacks... but I'm really glad it is not the case, the Alcugs server would have to be way more complicated then :D
I prefer e-mails to "diafero arcor de" (after adding the at and the dot) over PMs.

"Many people's horizon is a circle with a radius of zero. They call it their point of view."

Deep Island Shard | Offline KI
diafero
Deep Island Admin
 
Posts: 2824
Joined: Mon May 05, 2008 5:50 am
Location: Germany

Re: Top 5 things you want to do when OS Uru lands.

Postby D'Lanor » Thu Feb 11, 2010 4:02 pm

Actually it is that way in UU as well with prp files. If the client tries to load a prp that is not in the server side age file nothing in that prp file can be interacted with. And trying to interact with clickables in the "rogue" prp will even silently crash the client. So combined with MOULs secure Python loading this is a reasonably safe system.
"It is in self-limitation that a master first shows himself." - Goethe
User avatar
D'Lanor
 
Posts: 1980
Joined: Sat Sep 29, 2007 4:24 am

Re: Top 5 things you want to do when OS Uru lands.

Postby Chacal » Fri Feb 12, 2010 12:17 am

How secure is MOUL's secure Python loading? I can't inject code in an already downloaded file? I can't intercept the file before it gets to the client and modify it on the fly?
Chacal


"The weak can never forgive. Forgiveness is an attribute of the strong."
-- Mahatma Gandhi
User avatar
Chacal
 
Posts: 2439
Joined: Tue Nov 06, 2007 2:45 pm
Location: Quebec, Canada

Re: Top 5 things you want to do when OS Uru lands.

Postby Trylon » Fri Feb 12, 2010 1:29 am

I don't think any system can be completely secure, it can only be secure enough.
For Uru it appears to me that the current system is secure enough from what I read in these last few posts.

EDIT:
Of course, any "security" measures that rely on the normally already unreliable "security through obscurity" will be thrown completely out of the window when the OSS uru finally lands.
Any checks done by the client will be totally circumventable with a few minor adaptations of the source (even a scriptkiddie might be able to do that with the source code).
This means that my above assesment means "for now"
Last edited by Trylon on Fri Feb 12, 2010 1:41 am, edited 1 time in total.
One day I ran through the cleft for the fiftieth time, and found that uru held no peace for me anymore.
User avatar
Trylon
 
Posts: 1446
Joined: Fri Sep 28, 2007 11:08 pm
Location: Gone from Uru

PreviousNext

Return to Scripting

Who is online

Users browsing this forum: No registered users and 1 guest