Ini-file modding
-
There is a limited randomness that can be implemented in SP
I think Gibbon may have posted this but apologies for my memory.
[BaseInfo]
nickname =
start_room =
price_variance = 0.01 <–— varies price by 1%I think this was tested without problem up to 10%.
This isn’t true dynamic but does input an element of randomness, note it will impact on anything that base sells.
-
True, with client hooks its possible… but its not easy to get the code for that as it makes the code owner a mighty person because he / she can run everything they want on the client machine.
The best is to use the update program and sync that during the startup of it.Really, really sorry for the bump, BUT… When you say “everything” do you mean “everything Freelancer” or everything “everything” (ala ActiveX)? 'Cause that’s a really scary thought for anyone thinking about logging into a modded server. I know an ethical admin would (or should) advise about that capability before you join, but what about organized groups with more nefarious intentions?
Don’t mean to be paranoid, but …!
-
If you hook into the client, it’s as if you inserted a virus into the program; you can do anything the program already can (although I know it’s not totally the same since DLLs have quite a few restrictions on what they can and cannot execute, but they still could do some damage or pry over some valuable data).
-
If you hook into the client, it’s as if you inserted a virus into the program; you can do anything the program already can (although I know it’s not totally the same since DLLs have quite a few restrictions on what they can and cannot execute, but they still could do some damage or pry over some valuable data).
Thanks for the response , FF, sometimes this kind of question is pointedly ignored on some forums.
-
I am not looking to turn this thread into anything hugely controversial. Still, this is, at least to me, an important topic. So….
-
I am not a programmer or a developer. I am a mature (AARP member), knowledgeable layman, who did dabble in DOS debug.com assembly a long time ago. I have a somewhat abstract understanding of how the Windows API works, but much much of it is over my head.
-
My understanding of a hook is, that it is a function in an executable app that can be induced to call an external app, or a library call, not originally written into the app. The hooks themselves are either written in intentionally for a) debugging, b) expanding future functionality, or c) unintentionally due to sloppy programming. Am I reasonably correct so far?
-
Being old and gray, I’m an SP player, not sure I could handle the Wild West out on the net servers, but I am playing about with setting up a LAN server, so I have been exploring the server side topics on the forums, trying to glean the details of server-client interaction, how the process works, how files get read and written, etc.
-
I know if I download a mod, I can scan it for viruses or trojans, and then assume it is trustworthy. But you seem to be saying that that same trustworthy mod could theoretically be a backdoor into my machine were the server side being controlled by someone with questionable scruples. While I appreciate your disclaimer about what dll’s can do, what about the executable? Anything with a read/write function, and internet access is potentially lethal.
-
I understand server admins in general should probably be given the benefit of the doubt as honest, dedicated people, but it is a dangerous world out there. Is anyone advising players about this security hole?
-
I see a big push for anti-cheat apps for the server side of things to prevent exploits by hackers. Has anyone anywhere given any thought to a “sandbox” environment for the players, to keep any potential intrusion at bay? Or is it really just “play at your own risk”?
I know that’s a lot to throw at you, and I don’t expect you to have quick and ready answers, but anyone else care to join in?
-
-
Is it possible to automatically update an ini-file on the client, when it was changed on the server during freelancer is runnning. I think, that this is needed for a dynamic economy, for example.
The simple answer is yes you can. I appreciate most usesrs who run a server use FLHook, but it’s not the only thing to use to run a server. I use FLAC which has a dynamic economy plugin that updates on the fly, meaning i don’t have to turn the server off for updates as it does it continuosly.
There are many other hooks you can plug into the server only that stops 99% of clientside ini modding, everything from speed modding, thruster hacks, commodity price changing, cloaks, you name it. I think some of you are being a tad paranoid tbh. Yes there are idiots who try to disrupt servers, trick is to be ready for them, FLAC does an excellent job of protection, not free but seriously worth the expenditure.
-
@Gibbon:
I think some of you are being a tad paranoid tbh. Yes there are idiots who try to disrupt servers, trick is to be ready for them, FLAC does an excellent job of protection, not free but seriously worth the expenditure.
All due respect, Gibbon, but if you are refering to my post, I’m talking from a player’s perspective, not an admin. Are you saying that pirates only exist in the Freelancer universe? If I, we, us, out here in player land are a little paranoid, maybe that’s a good thing. To use a metaphor, wander out into the badlands with a plain vanilla Starflier. If you’re not a little paranoid, you’re probably an idiot, and quickly dead.
I can envision a (Nigerian, French, Somalian, US, N.Korean, Canadian, take your pick) group setting up a cheap game server (not necessarily Freelancer), let it run a few months, hook their stuff to scan player’s machines, and choose just the 1 or 2 that might provide a nice payoff. Say the 14 yr. old who logs in from his CEO dad’s home machine. It’s not inconceivable, I just conceived it.
And I’m not talking about some script-kiddie sneaking a cloak onto his ship and becoming a player-killer. I’m talking about really sneaky hacker intrusions into your servers, people who try their best to keep you from noticing they have been there.
I’m asking if you server admins have really thought about the wisdom of client-side hooks, from the viewpoint of protecting the player machines, not just the integrity of your server game files.
-
Not to this extent. And I agree with Gibbon. You’re being extremely paranoid, mate. That’s fine if you want to be like that, but I’d rather have these hooks that add incredible functionality to this game than worry about people pirating people through a 6 yr old game that has less than 500 people online, at a given time, with the majority of those said 500 being on 15 servers that have been around for years.
-
Not to this extent. And I agree with Gibbon. You’re being extremely paranoid, mate. That’s fine if you want to be like that, but I’d rather have these hooks that add incredible functionality to this game than worry about people pirating people through a 6 yr old game that has less than 500 people online, at a given time, with the majority of those said 500 being on 15 servers that have been around for years.
Actually, I’m a surprisingly “un-paranoid” person. I am, however, a notorious skeptic, and cynical, to boot. The issue doesn’t really affect me, as I indicated, I’m an SP player, and the only MP I do is on my personal LAN. I’m simply making an observation about what I perceive as a potential security hole. You say, “you” (as the admin), want to have this. I understand that. Those features attract players to your servers and the community. I’m asking if you are willing to advise your players about this, and give them a choice on whether they want to expose themselves to this (admittedly) potential threat.
-
Without wishing to seem overly paranoid myself, i have to ask the question, why are most of us using Windows then? Here is an operating system that’s full of holes so does that mean we shouldn’t turn our pc’s on? Of course not, but most of the server admins i know have taken great steps to make their servers as secure as they can, to make the MP experience as safe and interesting for their communities as posible. To not go and play MP for fear of attack is like not wanting to use an internet browser because of possible contamination. Best to sit indoors and not go out really, it’s scary outside
Someone asked about the SP dynamic economy earlier as well. There is one buried in the code but i don’t know how to activate it. Tunicle posted some code that i came across to activate an SP dynamic economy ,which in fact is more a price randomiser that Cold Void originally worked out moons ago, that i reprinted so to speak and that works wonderfully in SP by changing the prices of commodities, equipment and ships everytime you land.
-
@Gibbon:
Without wishing to seem overly paranoid myself, i have to ask the question, why are most of us using Windows then? Here is an operating system that’s full of holes so does that mean we shouldn’t turn our pc’s on? Of course not, but most of the server admins i know have taken great steps to make their servers as secure as they can, to make the MP experience as safe and interesting for their communities as posible. To not go and play MP for fear of attack is like not wanting to use an internet browser because of possible contamination. Best to sit indoors and not go out really, it’s scary outside
C’mon Gibbon, you’re not hearing what I’m saying. It isn’t “I don’t play net MP because I’m afraid of hacker attacks!” I (personally) don’t play net MP, because I’m an old, gray, antisocial curmudgeon, who doesn’t want to compete with a lot of young gunslingers. My LAN is set up to play MP as an experimental tool for me. I’m an SP player.
My point, if you’ll hear it, is the player has a right to hear about security weaknesses you may introduce on their machine. Sure Windoze is bloated, and buggy, and full of holes. BUT, as security holes are discovered, people try to get the word out, try to patch, etc. And I, we, us, out here in M$ land have a responsibilty to at least try to keep abreast and take measures to keep our machines secure. You, as an admin, want me to allow you permission to get through my firewall, and anti-virus in order to play the game. I, then, am faced with the question, do I trust you enough to say “Yes”.
So, if your attitude is, the player doesn’t need to know, my answer would be a resounding “NO!” If on the other hand, you advise a player that your server makes changes to the players machine, that those changes are generally considered non-destructive, but have some possible potential to harm, and that accepting such conditions requires the player check or click on “I Accept”, I’m a lot more likely to give you a grudging, “Well, OK”
None of this would necessarily be an issue with Freelancer, except the previous posts that started this thread, talked about certain types of mods requiring client-side hooks. Is that the only way to do it? Many of you are brilliant modders. Maybe there are other ways. Is that particular mod really necessary to improve gameplay? I appreciate you all (admins) seem to know and trust FLHook’s and FLAC’s developers to provide sound working code. Eventually, there will be a 3rd, then a 4th, latest, greatest server admin app. Sweeping the issue under the rug as “Unjustified Paranoia!”, is just asking for trouble. I realy think you admins ought to get together, and think about this, and, yes, get some player feedback.
I really don’t think I can add much more to this.
-
Melwoc, I for one take your point.
2 things: -
1. I always get a virus or trojan eventually, despite my machine being at latest update levels and with firewall, antivirus, and antispyware which slow my machine down noticeably. I know this because sooner or later I get “mail failed to deliver” notifications which I did not send, and it’s usually advertising viagra. So it’s time to wipe my machine clean and reload windows yet again.
I have perfected this to the point that I can restore it in 15 minutes, so it’s no big deal. Here’s how…
http://forums.seriouszone.com/showthread.php?t=55706
and here…
http://forums.seriouszone.com/showthread.php?t=56258So if you set yourself up in similar fashion you can wipe off everything except a clean operating system in similar time and have peace of mind.
2. On gameplay - Not sure if it’s the case so much these days, I’ve been working on our new mod for 2 years and haven’t played much at all, but on most servers the cowboy blasters lose interest and depart, leaving the older and more mature gamers. As an example most of our players at the RRJDS Guild are over 40 (yeh, I’m even older!). It’s a bit slack running TNG at the moment until I get this mod out, hope it will be this month finally. But we have been together for a long time now, enjoying teamplay. We have not needed to kick or ban anyone for 3 years or so now, we think it’s because we keep our players involved with us and interested. We have Fugitive characters with bounties on their heads, player-bountied characters, Hare and Hounds from time to time, one-day clan wars and similar events. We could use a new Event Organiser if you are interested, I hope you are. Check out our website for the connection, the link is in my signature below.
Regards from an old fogie! ;D
-
Hi StarTrader,
Glad someone understood, I was beginning to feel paranoid….
Frankly, I (and I just know I’m going to regret saying this, tempting fate & all that), but I haven’t had a virus, trojan, or spyware in years. Good clean living, I guess. I’m also pretty adept at recovering from crashes, I haven’t had to re-install for years, either.
That’s a gracious invitation, and much appreciated, but I’m really not into RP, and I really am (cross my heart) an anti-social curmudgeon. I don’t even post very much, this one just touched a nerve. But, thank you, anyway.
Just remember, we old fogies need to stick together, or the yung’ins 'll bury us.
-
Heheheh. See the other thread you hijacked…
;D
-
A lot of players on my server and by that i mean most of them are over 40, me included. As i don’t run an RP server i don’t have to put up with everything to do with running one. The young ones soon realise this and settle down, some stay some go, and although i have a dynamic economy running on my server, one thing i can tell you for a fact, is it doesn’t change any of your files. 'There is no ini modification of any kind between server & client, only the mod itself that you have to download. That last part is the same for all mods otherwise you can’t play them.
I just feel its not my responsibility to warn people of the so called dangers of using the internet or in our case, using FL. I can’t be responsible for what people have on their machines, i mean if someone has a virus on their system and that infects my mod, they pass that onto a friend, am i responsible? The point here is as soon as you open up any ports to the net, you’re inviting attack. It’s up to every player to make sure they play from behind a firewall and have some form of antivirus software loaded, something that most gamers are aware of. If they don’t do these basic things, it really isn’t my concern