A test group could be useful. And we wouldn't lose anything with giving this a chance, would we? The more members Discovery will have, the more cheaters and modders the server will face.
' Wrote:My question is could you create a testing version (that would be installed server-side) which would allow both players with and without the client-side program to connect?
Iv updated both the Setup and FLHook source so that when DebugMessages = yes in the FLHook.ini it will not kick anyone. All kicking/Temp Banning is done via FLHook, so its compleatly customisable as to what happens when a player isn't validated.
Quote:Logging all kicks would also be handy. I don't think we need to ban the players whose fingerprints don't match, just kicking them after 45secs would do the job I think. The player would have to get a message prior to the kick so he/she knows what's happening.
All kicks should be logged. Players get a warning just like normal kicks. Temp Ban times are configurable in the FLHook.ini .
Quote:But, the program source code should be available to us so we can verify it. That way, we eliminate mistrust by seeing that the program is 100% clean of anything malign. People tend not to trust clientside anticheating stuff after all the crap sony and co made with their DRM stuff...
I won't release the source code of the clientside and the flsac_flhook.dll which send and recieve the fingerprints and do the validation. If i released it to anyone then it could be leaked. If its leaked then cheaters could easily make an application to mimic what the clientside does. Id like to point out that i am not employed by Sony or any company (Im actualy unemployed) so FLSAC doesn't disable your CD Writer if it detects you have Daemon tools, etc. All it does is send fingerprints to the server.
It only sends packets to the server you tell it you wish to connect to (You can validate that by using a packet sniffer to see what is being sent out to where), no identifiable information is sent (IP is always sent when a packet is sent as thats how computers communicate to each other, but the server already knows you ip as freelancer is sending it packets), etc. FLSAC does not tamper with a cheaters pc in any way eather.
If your parinoid that Sony has spys in the Discovery community then feel free not to touch FLSAC.
The point i was making was that as i don't work for a company like Sony and as FLSAC isn't made by any company why would i make an anti-cheat application that installs rootkits, disables CD Drives or anything any company has made to try and stop pirates?
The poibnt is the Admin team would like the source so that the community knows that it's not malware in disguise, for all you assertations, there are some that might distrust you merely because they do not know you. I strongly suspect that only the technically minded admins would get to see the source code anyway, as the rest of us couldn't understand it worth a damn. So it would be in very safe hands.
Saint Del is considered a holy healer of diseases of children, but also as a protector of cattle.
Im not giving out the Source code. The source code WON'T prove anything. I could easily remove any offending code before sending it. So all it would do is put FLSAC at risk of being leaked without proving anything.
I have already given my background of what iv done for other communities, you can even follow that up by contacting community leaders, like Banshee from Project Perfect Mod (CNC Website owner) who iv worked on community applications with, Assassin from Command And Conquer Source (CNC Website owner) who iv helped maintain his website and known long enough for him to be able to judge if im a good character or not. You can even talk to discoveries own Blodo (RHA leader on Discovery and owner of Original-War.Net) who i know online and in real life, who has also been helping me test FLSAC. You can also ask Igiss, GADC and Forsaken if FLBINI (My other freelancer community application) contains any malware, viruses, Sony code, etc. Hell you can even use an Anti-Virus application or Spybot : Search and Destroy to see if its a virus, malware, trojan etc.
Iv given enough reason to have more trust put into me than a malware writer or some greedy company. Hell id have assumed people who actualy play on the Discovery server, take part in the forums etc, would be shown more faith than a malware writer.
I just told you that the source code wouldn't prove anything. Its funny, any freelancer mod maker could easily implement malware/viruses in freelancer mods (The dll's that are loaded by fl can contain executable code) and noone cares, yet when someone trys to help the community by making an application that ONLY sends packets to the server there connecting with ONLY fingerprints of them files people cry "OMG it has to be malware".... its stupid.
If you want to capture packets sent out via all applications then you can download Local Trafic Monitor from microolap. Tho i don't expect anyone to trust them eather, dispite that there applications are digitaly signed.
Quote:get an assertion from someone I can trust on this server
Then PM Blodo. I assume you can trust the leader of the RHA? Tho then again, maybe its the RHA's plan to install malware on other factions pc's so that they can take over the universe... yes.
I have a question, why did you trust the discovery mod when you first tryed it? It could easily have contained malware. Why did you trust FLMM when it could easily have done the same. I could say the same for any other application you have downloaded off the internet that was made by the community. I doubt you have demanded FLMM's creator for the source code to his application, not that it would prove anything(If you asked a hacker to send you his ini files, just because he sends a clean lot doesn't mean he isn't using a modifyed version).
' Wrote:Im not giving out the Source code. The source code WON'T prove anything. I could easily remove any offending code before sending it. So all it would do is put FLSAC at risk of being leaked without proving anything.
Actually if you sent the admin team the source codes for both client and server, we could compile them ourselves then install on the server and distribute the client side version in the next mod version it would prove something. We would have to include your updates of FLhook source in our version of FLHook and re-compile it anyway.
But that could also be called stealing your work and including it into Discovery so unless you don't 100% agree with that solution, there is no point in forcing you to do so. We would guarantee you credits in-game and in the mod readme, but still it's up to you whether you'd accept that or not.
It is true that you can verify by any packet sniffer to where are those packets sent so it they were sent to a different IP than the server's it would be obvious something its wrong. If you sent some malicious data to the server itself, then again there would be no point in doing so, because you wouldn't have access to it. You could also hack the server itself, but I log all headers of incoming/outgoing IP packets to the server on a linux router in front of the server and we run quite a clever firewall (able to detect DoS attacks automatically for example) so this also reduces the chances.
So let's stop discussing Stucuk's non-existent (I hope) malicious intentions and let's move somewhere, shall we?
I am sorry but I have to say he's just trying to add a functionality that should already have been included in the original Freelancer (both client and the server) in the first place.
Let me just specify my previous question, I don't know if I put it right. We would need a special server-side version for testing purposes that would completely ignore players without client-side FLASC program, but it would be 100% functional with players who have it installed (including kicking). I would like to create a testing group of players, as large as possible, who would install the client and play FL like they do now, without any changes. Some of us would then try to test the behavior with modded ini files and I would also like to watch the impact on the bandwidth and server's performance. So it would be testing in real-time operation, I know it's not preferable, but I fear we don't have other options to test it with so many players on.
Quote:Actually if you sent the admin team the source codes for both client and server, we could compile them ourselves then install on the server and distribute the client side version in the next mod version it would prove something.
While id bet your trustworthy, the problem with any "secret" is that one person generaly tells someone they can trust. There friend then does the same. Until that secret is in the hands of a person you don't want to know it. That is my concern with releasing the source code to anyone. Note that the 2 closed source dll's are compiled in Delphi not C++ so unless you own Delphi u can't rearly compile it anyway.
Quote:Let me just specify my previous question, I don't know if I put it right. We would need a special server-side version for testing purposes that would completely ignore players without client-side FLASC program, but it would be 100% functional with players who have it installed (including kicking). I would like to create a testing group of players, as large as possible, who would install the client and play FL like they do now, without any changes. Some of us would then try to test the behavior with modded ini files and I would also like to watch the impact on the bandwidth and server's performance. So it would be testing in real-time operation, I know it's not preferable, but I fear we don't have other options to test it with so many players on.
Ah ok, you want people with FLSAC to be kicked and non FLSAC users to not be kicked. Iv modifyed flhook in the setup and source so that when testmode = yes in the flhook.ini it will ignore anyone who hasn't sent a validation packet to the server.
Note: FLHook.ini defaultly has TestMode set to no. Source wise all FLSAC changes to flhook "Should"(I bet iv missed something) be between comments with "HkFLSAC_Begin" and "HkFLSAC_End".
![[Image: stucuk_freelancer_sig.png]](http://www.universalphpscripts.com/images/stucuk_freelancer_sig.png)
![[Image: stucuk.png]](http://miniprofile.xfire.com/bg/sh/type/2/stucuk.png)
![[Image: Zelliaind.gif]](https://sig.grumpybumpers.com/host/Zelliaind.gif)
![[Image: Del1.png]](http://i14.photobucket.com/albums/a344/Spiderjerusalem1979/Del1.png)
![[Image: hG0lGaj.png]](https://i.imgur.com/hG0lGaj.png)
