Yet another Skulltag source thread

[Creaphis]

Well, number two is a good point. For one thing, aside from aimbots and wallhacks, what sorts of cheats are likely to be attempted? I'll admit I'm fuzzy on this.

[exp(x)]

There are speed hacks, but those are pretty easy to squash server-side.

[Aabra]

Well, I don't see #2 changing. I can appreciate all of your views regarding it and I assure you that they're being read and taken into consideration but let's be honest. All of the opinions and points regarding this have already been expressed and now we're just repeating ourselves and getting close to flaming each other which I think everybody would like to avoid. It just doesn't help.

The one thing we all agree on is that we'd like Skulltag to be open sourced so let's try to concentrate on that and work together to come up with ways to make #2 happen instead of arguing over whether or not it should. #2 I might add isn't limited specifically to closed source modules, so anything to help increase security would be great... open or closed.

[chungy]

There's already been examples posted in this topic on how the major games based on all three Quake games decided that anti-cheat systems of any form are far more trouble than the 'problems' they're supposed to solve.

If you really think you must, provide a closed-source "security" module, and make sure it is 100% OPTIONABLE. Make sure the source code doesn't require the module to exist to compile, or play on networks (otherwise, you're just defeating the benefit of portability). I would even recommend in the README to leave it off for anything but the most serious competitions, etc; though that's just my opinion :/

[myk]

It doesn't seem that the main reasons for not releasing sources are either any dislike for opening them, or merely cheating in itself. At least not directly. Rather, it happened that way as a result of a political "port race". If either the ZDaemon or Skulltag teams make their source available, they feel they'd be under scrutiny and possible attacks from the other (or others). One might think "but the more heated rivalry was in the past, haven't things chilled since then?" To a point, but that doesn't mean the conditions that drove these ports into closing their source really changed, nor the underlying stance of their related community members.

While the community has produced a couple working C/S engines, it has also more or less failed to mature from where Fly had left csDoom. For a time NightFang at least managed to keep ZDaemon open, which even encouraged Skulltag to try it. Eventually though, NightFang dropped out and didn't leave the project in the best of hands. From there on things eventually declined. It can be said NightFang himself may have made a mistake in not cleaning ZDaemon so it could retain the GPL. Now Odamex is trying, but it would have been much easier back then.

John Smith said:
This is pointless. Carn & Co. are not going to release the Skulltag source no matter who makes what argument. The rest of you can argue the merits of open source with them all you want, but as long as they continue to disagree (and they will continue to disagree) then this thread accomplishes nothing, aside from possibly fostering bad feelings.

That's bullshit, Hobbs. This is a perfectly reasonable place to discuss this subject, of which not everyone is strictly familiar with. Many people just don't know why the source should be closed or open, or have heard only one version of the matter. The subject in general is interesting, and applies to more than just Skulltag. Besides, they might release it, if they eventually feel inclined to. Not necessarily because of this thread, but who knows. If you're not interested, please mark the nearest EXIT sign.

Aabra said:
Ooooooooook guys, let's all take a step back... calm down and drink a beer.

This is pretty calm, actually. The closest thing to true negativity, if you ask me, was some people completely ignoring certain points and argumentations, but that seems due more to conditioning rather than deliberate animosity. Your suggestion not to argue can be seen as not wanting to see what's being said, even.

In order to release the source, more security work has to be done.

One of the things being argued here is against an obsession with anti-cheating; that cheating is not as big a problem as assumed by some upholding a closed model.

[Aabra]

I think you're looking into this way too deeply. Most of the ST Dev team wasn't even around during the days of Nightfang/CSDoom/etc. I'll be the first to admit that I wasn't. To say that there's some kind of weird history there that's affecting this is.... well... really stretching things.

Regarding ZDaemon... sure we compete a little here and there but there hasn't been any bad feelings between the 2 ports for years. At least not that I've seen. A *lot* of people play both ports on a regular basis and seem to enjoy doing so.

[Kira]

Yeah I play both ST and ZD...

A suggestion if you open the source code : why not to create a team of white hat cheaters ?

[LexiMax]

K!r4 said:

Yeah I play both ST and ZD...

A suggestion if you open the source code : why not to create a team of white hat cheaters ?

Like Luigi Auriemma?

http://marc.info/?l=bugtraq&m=114383589401446&w=2

This guy took a look at the OPEN source for the previous version of ZDaemon, saw an unaddressed buffer overflow that still worked in the current version of the source, and wanted to fix it, however by then the source had been closed. He got his licenses mixed up (as far as I know the ZDoom build ZDaemon was based on had preliminary Raven code, which meant ZDaemon could never have been GPL), but he had this to say:

Personal comment: closing the source code is not a solution, will never stop cheaters (they do only what the server allows to do) and has not stopped me to find these security vulnerabilities.

It's also prudent to note that if he had not had the open source to work with, the exploit would have remained in the code, unfixed until someone came along to exploit it for less altruistic motives. Or maybe someone would have eventually noticed it. Either way, it would not have been fixed as quickly.

[RTC_Marine]

You'll notice on his website he has already updated the Skulltag and Zdaemon fake player DoS exploits since a couple of weeks ago (June 13th)

[myk]

AlexMax said:
He got his licenses mixed up (as far as I know the ZDoom build ZDaemon was based on had preliminary Raven code, which meant ZDaemon could never have been GPL), but he had this to say:

ZDaemon was under the GPL because it was based on csDoom that included QW code. NightFang reputably replaced the QW code for v1.0, but kept it under the GPL (claiming his new network code was under the GPL). It was under the GPL but invalidly, technically unreleasable, and needed to be cleaned up (of Raven code) or have the license relinquished. I'm not certain in what version they dropped the GPL license, or if NightFang was involved, assuming he could relicense his new network or gameplay code.

Aabra said:
I think you're looking into this way too deeply. Most of the ST Dev team wasn't even around during the days of Nightfang/CSDoom/etc. I'll be the first to admit that I wasn't. To say that there's some kind of weird history there that's affecting this is.... well... really stretching things.

It's not weird. It may seem to you that the main thing you struggle against is cheating, but there are reasons why it seems like such a problem and bigger things move development in the long run. Most of the ZDaemon team wasn't around either, and this was before that. But that is part of the problem, since newer developers didn't clearly know what was being handed to them, certain conflicts remained (or remain) and earlier opportunities to improve the C/S scene were lost.

[LexiMax]

RTC_Marine said:

You'll notice on his website he has already updated the Skulltag and Zdaemon fake player DoS exploits since a couple of weeks ago (June 13th)

Wow, I didn't know he was still going at it.

EDIT: hahah well that just about wraps it up for security through obscurity

[Aabra]

First of all, if the admin could please remove those links I'd appreciate it. I don't feel like banning 500 idiots from the master server today.

We've known about that for ages. The Fake Players bug is nothing new. Problem with it is that the only way to prevent it is to disallow multiple connections from the same ip address. It's the only way. This sucks though and is extremely limiting if 2 people want to connect from the same household/network. This is why almost every single multiplayer fps game suffers from this problem.... look at the list of games that have that bug.

It's not a solution that we can implement. The way that this type of thing is dealt with is that any offenders are simply perma banned from the master server. It's incredibly obvious when it's used (A server fills up with tons of people from the same ip who aren't playing.) so it basically doesn't happen.

Thankfully this isn't a cheat.... it's just something to annoy server admins.

[Graf Zahl]

That guy is good, no doubt about it. And he certainly takes good care of disproving that closed source helps security. His comment under 4. is also highly interesting. ;)

[LexiMax]

Aabra said:

First of all, if the admin could please remove those links I'd appreciate it. I don't feel like banning 500 idiots from the master server today.

Because if people don't know about it the exploit obviously doesn't exist, right? Leaving people in the dark about what exploits are available in your game does not make your game any more secure and is in fact disingenuous because it makes you appear more secure to your players than you actually are. Security theater I believe is the correct term.

You're lucky that you have people like Luigi going through and discovering exploits in games and widely reporting them, so at least you are aware of what the issues are, instead of exploits being kept secret and being passed around by black hat hackers with no widely available information on what they are until its too late.

And no, I will not remove my links. The bad guys already know, the only question is if you're trying to keep the information from anyone else.

[Carnevil]

Personal comment: closing the source code is not a solution, will never stop cheaters (they do only what the server allows to do) and has not stopped me to find these security vulnerabilities.

Are you guys ever going to stop straw manning? No one is arguing that. My point is that having the source open lessens the amount of time or leaves the amount of time to develops hacks/find exploits unchanged. If I have two hackers and tell them "Make an aimbot for Skulltag," and I hand one of them the source, guess who is going to make one faster?

Hell, AlexMax basically even said it himself. Luigi wouldn't have found that exploit nearly as quickly had the source been closed. And guess what? Having the source being closed hasn't stopped his white hat efforts at all. He's still found design problems with ST, which were promptly fixed.

So... you guys don't believe in security through obscurity, right? So if I release the source code tomorrow, you really think there won't be 100 different aimbots out there? Right. Okay. And you would address this how? And if you say a "closed source (implying security through obscurity) model, anti-cheating module", just quit. You lose. Good game. Shake hands.

Aabra: Just fix it. People can Google that anyway. Happened with the other stuff he posted up.

[LexiMax]

Carnevil said:

Hell, AlexMax basically even said it himself. Luigi wouldn't have found that exploit nearly as quickly had the source been closed. And guess what? Having the source being closed hasn't stopped his white hat efforts at all. He's still found design problems with ST, which were promptly fixed.

You are un-ironically implying that security problems are better left undiscovered and unfixed for longer periods of time? And your whole argument supposedly rests on Skulltag's supposed security?

[img-kirk_facepalm]

...just quit. You lose. Good game. Shake hands.

You do not dictate the terms of this discussion.

[Carnevil]

AlexMax said:

You are un-ironically implying that security problems are better left undiscovered and unfixed for longer periods of time? And your whole argument supposedly rests on Skulltag's supposed security?

a). White-hat hackers will look for security problems whether or not the source is open (and according to your arguments, find them whether or not the source is open).
b). A security problem that is virtually incapable of being discovered isn't a security problem. Hell, every forum has a security flaw: If you know the passwords of its users, you can log in as them. But you're very unlikely to discover this information (thanks, obscurity), so it's not really much of an issue now is it?

And you're implying that it's better to remove all obscurity and rely entirely on security by design, even though some problems are fundamentally unfixable with that approach?

AlexMax said:

You do not dictate the terms of this discussion.

If you want to keep playing Chess after your opponent gets you in checkmate, then be my guest.

[CODOR]

Aabra said:
First of all, if the admin could please remove those links I'd appreciate it.

Security through ignorance?

[Kira]

Carnevil said:

Hell, every forum has a security flaw: If you know the passwords of its users, you can log in as them. But you're very unlikely to discover this information (thanks, obscurity), so it's not really much of an issue now is it?

This forum isn't made with parts of a code GPLed by Carmack as far as I know, invalid exemple imo...

[Graf Zahl]

Carnevil said:

Hell, every forum has a security flaw: If you know the passwords of its users, you can log in as them. But you're very unlikely to discover this information (thanks, obscurity), so it's not really much of an issue now is it?

There's open source forum solutions that work rather well so this particular point is invalid by default. I think it has been proven time and again that obscurity is no protection whatsoever given a determined opponent.

[exp(x)]

Carnevil said:

So if I release the source code tomorrow, you really think there won't be 100 different aimbots out there?

That's the whole point. Many of us don't believe cheating will run rampant. Alexmax particularly has provided evidence to support this. You, on the other hand, have provided no evidence to the contrary. So until you can prove that cheating is going to explode the second the source is released, you have no right to ridicule our arguments.

Carnevil said:

A security problem that is virtually incapable of being discovered isn't a security problem. Hell, every forum has a security flaw: If you know the passwords of its users, you can log in as them. But you're very unlikely to discover this information (thanks, obscurity), so it's not really much of an issue now is it?

That's a terrible analogy. First of all. a game binary is accessible for inspection whereas a SQL database on some password-protected server hundreds of miles away in a physically secure collocation facility is not. Second, passwords in a SQL database are encrypted using a one-way algorithm, so even if I somehow got a hold of the database file, I would never be able to decrypt the password. On the other hand, skulltag.exe can be disassembled or poked at with a hex editor even if it has some sort of encryption or compression.

[myk]

Carnevil said:
And you're implying that it's better to remove all obscurity and rely entirely on security by design, even though some problems are fundamentally unfixable with that approach?

You just said above they weren't fixable anyway, only relatively more manageable (since reverse engineering is slower than reading code), especially by a small group of people. And considering all the other benefits of opening the source, indeed it's something worth supporting. It's better than keeping the source closed.

a). White-hat hackers will look for security problems whether or not the source is open (and according to your arguments, find them whether or not the source is open).

They will find them much faster (and need to do much less work) if the source is open. Which means security is at stake only if ill-meaning people are smarter and greater in numbers than collaborators (often the case with poorly maintained programs).

b). A security problem that is virtually incapable of being discovered isn't a security problem.

Which one do you mean? Show coders here some relevant Skulltag source bits and they can tell you if they agree. They might also spot additional ones you did not see, or also bugs.

[Creaphis]

All arguments against security through obscurity center on the fact that it's an imperfect and vulnerable method, but Carn's forum-account-password analogy shows that there is a degree of obscurity that is immediately accepted by everyone here, and which complements security by design. Therefore, arguing that security by obscurity should be abandoned by the Skulltag team makes less sense than arguing that what is required is greater obscurity.

I realize that a binary cannot be encrypted much more while retaining the ability to execute, but the fact remains that these arguments do not function only in your favour.

[Graf Zahl]

Figures that you see an analogy where none exists.

Encryption is not the same as hiding the implementation. You can write an open source encryption algorithm and still be unable to retrieve the unencrypted data despite having all the code available.

[Creaphis]

Carnevil said:

A security problem that is virtually incapable of being discovered isn't a security problem.

myk said:

Which one do you mean? Show coders here some relevant Skulltag source bits and they can tell you if they agree. They might also spot additional ones you did not see, or also bugs.

If you want to show Carn the error of his ways, you should poke around in the raw Skulltag binary, and find security holes that way. If you saw a snippet of Skulltag source code and quickly found major security faults that were previously undiscovered, this would only support everything that Carn has said.

[Creaphis]

Graf Zahl said:

Figures that you see an analogy where none exists.

Figures that you disregard an analogy, when you dislike its implications. Encryption and hiding the implementation have similar effects, in making valuable data much safer from prying eyes. This certainly differs in effectivity (~100% versus ~99%), but obscurity can be valuable in some situations where open-source encryption methods simply wouldn't be helpful. I can't imagine any possible way that packet encryption could make an aimbot unfeasible, and none have been proposed.

[Aabra]

AlexMax said:

And no, I will not remove my links.

Those that know me, know that I'm an extremely level headed guy. Ask anybody in the ST community and they'll tell you that I'm the "nice" admin, heck just read my posts. (We play good cop, bad cop for the most part.) It takes a lot to really make me angry.

Well, congratulations you've done it. Your reward? An admin who no longer cares if Skulltag goes open source or not. I'm not going to fight against it as I still do believe that it's a good idea and I'm not that much of a prick to do something out of spite. However, I sure won't be pushing for it anymore.

Personally I'm a bit appauled at the fact that the Doomworld admins have absolutely no problem posting links to a site which contains programs to exploit about a hundred different games. Whatever though - this makes it pretty clear to me that the Doomworld community doesn't care at all about what happens to Skulltag or any other multiplayer game for that matter.

For the record, I don't care about you mentioning something like that. Talking about it is one thing - linking to it and telling everybody "Go exploit the Crysis servers!" is quite another. The only thing that this will accomplish is get some "curious" people permanantly banned from Skulltag, ZDaemon, and who knows what other games. The truly "bad" people sure would have found out about it anyways and been banned regardless. I don't like banning people who are only stupid and not malicious, but the fact is that you guys just don't care how many people can't play Skulltag anymore because none of you play it.

I wanted to help you guys out and now I'm left wondering why. Maybe it's because deep down I thought it was the right thing to do? Here I am fighting to do my best to try and make Skulltag open source and all I get in return is flames, links to exploits, and sarcastic remarks with no links or help regarding any *real* security solutions.

If your ultimate goal is to get the Skulltag source released I suggest trying a more constructive and positive approach. I'm done with this thread, goodbye.

[Creaphis]

I was worried that was going to happen.

Going open source probably is the right thing to do yet. Don't let those deep-down feelings die completely. This is a community of sharing or something.

But damn, these open-the-source arguments are just terrible.

[chungy]

Creaphis said:

Figures that you disregard an analogy, when you dislike its implications.

Let's see...
1. "Hide the source code to reduce the chance of bugs/exploits being discovered!"
2. "Try to brute-force 348a81a732a87c66a36eea9940d3c00df10a296bb45ecf6a17c531295eff9304 to find the password!"

Two entirely different things.

[Carnevil]

You know, when all you guys can do is misinterpret my points rather than poke holes in them, I think I've got this thing pretty much wrapped up.

Everyone misinterpreted my forum analogy except for Creaphis. The point is that important information is hidden (obscured) from the would-be attacker. If the attacker had that information, the system would be vulnerable, and the design of the system would not save it.

I'll illustrate my point. When the Patriots stole signals and what not during their scandal, they essentially knew what play the other teams were going to be running (thus, removing the security by obscurity), and therefore could easily and effectively counter it. Had the plays been secure by design (meaning "Yeah, you know what we're going to do. So what? We'll still win" (and have fun with that in the NFL where there's immense parity)), it wouldn't have mattered if the signals had been stolen.

exp(x) said:

That's the whole point. Many of us don't believe cheating will run rampant. Alexmax particularly has provided evidence to support this. You, on the other hand, have provided no evidence to the contrary. So until you can prove that cheating is going to explode the second the source is released, you have no right to ridicule our arguments.

Then your expectations are unrealistic at best. People are going to cheat if given the opportunity because they have an incentive to. Need proof? There you go.

Graf Zahl said:

I think it has been proven time and again that obscurity is no protection whatsoever given a determined opponent.

Then you agree that more obstacles slow them down and eliminate threats from those less determined.

myk said:

And considering all the other benefits of opening the source, indeed it's something worth supporting. It's better than keeping the source closed.

That's your opinion. I value a lower probability of exploits over any of the benefits you previously mentioned.

Anyway, I think pretty much everything has been said. I've addressed and shot down all of your arguments. However, I doubt you can or will listen to reason, and that this ridiculous, idealistic debate full of insults, dick moves, and derogatory rhetoric will continue.

But hey, maybe I'm wrong. Maybe one day in the future, Odamex will be the most played multiplayer Doom port in existance, and completely exploit-free due to the tireless work of the community shoring up security holes. Maybe I'm wrong... but I doubt it.

Like Aabra, I'm done here. I have a lot of work to do. Don't expect any more posts from me in this thread, so feel free to disregard everything I've said and continue to open-source propaganda machine.