Eradicate scores/medals using the Website, ban hackers..

Page: 1 2 3
Jun 3 2009, 6:24 pm
In response to Falacy
Falacy wrote:
Clearly I've greatly over estimated the power of moderators; assuming they could actually moderate something. None of those quote-ish statements were directed at you except the last one. As for you saying I should be doing something about these problems, if a person in your position can't do anything about it, then what could a lowly user ever be expected to do? And as for the extractors! There are 100,000 ways they could go about doing something, anything, to stop and/or even just slow down the rippers, instead they choose to do absolutely nothing, and pretty much gave them full support up until just a few days ago; not even attempting to ever punish or even scold anyone involved. That print screen argument is tired and idiotic. Its like comparing making a withdrawal from a bank vs robbing the bank.

My mistake was putting faith in the community to moderate itself. The hope was that by restricting advertisement of ripped games (through the popular guilds), we would encourage the original games. Even with the new features we're putting in place, that's all we're doing-- restricting publicity of such games. Since BYOND games do not run on our servers all we can really do is control what people see on our site. Even through all of the complaints about this place turning into a "cesspool", we've gone to great lengths to push original games that barely get played at all (eg, most of the banners you see at the top of the screen).

You don't know what is involved to manage a large community like this, particularly when you count on it for a meager income. We're maintaining the site, upgrading the software, dealing with the business, and mostly dealing with people piss and moan all the while. We have to deal with so much crap policing every little thing (90% of the contact cases are in-game disputes, AS IF) that the idea of extending our authority is overwhelming at times. Still we try and only get grief for it. FWIW, we warn and ban people constantly.

You don't have a goddamn clue so stop pretending you do.
Jun 3 2009, 6:26 pm
In response to AJX
AJX wrote:
We actually, we're not screwed. Even if we release DMBs. All you have to do is use some fancy shmancy tricks to hide what your hub password is. (set it at runtime, use multiple variables or mathematical expressions... I think there was an article written on it (or so I've heard))

In the next release the hub_password is not readily available in the dmb, but it's still good to encrypt its usage as much as possible if you intend to distribute your game. Fortunately it's not used for mission-critical stuff and we will policy abusers of the system through ip-tracking.
Jun 3 2009, 7:05 pm
In response to Tom
Tom wrote:
AJX wrote:
We actually, we're not screwed. Even if we release DMBs. All you have to do is use some fancy shmancy tricks to hide what your hub password is. (set it at runtime, use multiple variables or mathematical expressions... I think there was an article written on it (or so I've heard))

In the next release the hub_password is not readily available in the dmb, but it's still good to encrypt its usage as much as possible if you intend to distribute your game. Fortunately it's not used for mission-critical stuff and we will policy abusers of the system through ip-tracking.

Excellent.

How difficult would it be to detect if a string in a DMB had been tampered with? Just wondering if it would be better to have YOU guys take a security approach on that or should it lie in the hands of the developers.

What about memory editing? On that same note.
Jun 3 2009, 7:45 pm
In response to Tom
Well hell, you deleted the post I was replying to. Anyway, I came across as overtly hostile in my last post (as I've been prone to do recently, must mean something). So I wanted to give my two cents here...

All I ask is that you treat us with some common courtesy instead of implying we're idiots. We're aware of (most of) the problems with the community but do have to balance it with the basic fact that this same community provides our (meager) income.

BYOND is an enormous project-- unlike just about every site out there we have to deal with both the software tools and the community. What I wouldn't give to operate something like Kongregate, which merely has to deal with the community and makes 100x as much as us. I don't even know how they keep all of their employees busy.

We have an endless list of stuff on both the software and community fronts so it amounts to trying to prioritize what is best. For example, it was suggested a while back to incorporate encryption of the RSC to help reduce this ripping issue. I said at the time that it was a good idea and something I'd like to do eventually. I didn't consider it a priority because 1) the fact that rips were rips of more than just the resources indicated that the problem was mostly due to insecure source code (nothing we can do about that) and 2) any two-way encryption system as would be used here is inherently flawed, so all this would do is delay the crack (a few bright folks on BYOND have written decompilers; this would be child's play in comparison). That said, I still think it's a good idea for the reasons cited and it is still on the list. I just want everyone to realize that just because we don't do something ASAP doesn't mean we are ignoring it. We just have a shitload to do!

We are in fact trying to deal with the rip issue and I hope it works out. We are at the same time trying to provide more bug fixes and software features. Some people will like what we do and some will hate it and some will think we're just wasting our time. I just ask that you give us the benefit of the doubt and realize that we are trying to act not only in our best interest but yours as well. If this project were only about making money, then it has to be the dumbest idea EVAR.
Jun 3 2009, 7:47 pm
In response to AJX
AJX wrote:
How difficult would it be to detect if a string in a DMB had been tampered with? Just wondering if it would be better to have YOU guys take a security approach on that or should it lie in the hands of the developers.

What about memory editing? On that same note.

There's really not much we can do about memory editing. The encrypted password can't be mutable since it has to be accessible by the hub and with other games (for remote medal access) and older versions. I suppose we could build in an option for the hub password to only be valid for that particular dmb (through a checksum or something).. but it would require some thinking and reworking the hub-side of things. My thinking is that, like any future RSC encryption we put in, this should be "good enough but not flawless"-- and it's up to our hub police to catch the rare violator.
Jun 3 2009, 8:10 pm
In response to Tom
Tom wrote:
Well hell, you deleted the post I was replying to.

Eh, the posts were getting ridiculously long, and barely even on topic anymore, so I figured I'd just end the convo train.
Jun 4 2009, 1:56 pm
In response to Tom
There goes my fun. The only people that leave the system open to abuse now are the people with a below average IQ and people that have no clue what they're doing. After all the reputable developers equipped their hubs with passwords, I had no qualms with releasing my full blown score/medal editor. Now it's but a small tool to help developers, though.
Page: 1 2 3