Posts by Saul_Goode

    Christ... Back to capes again are we?


    Blaster - removed <- Has a list of player and file names that makes it a pretty safe assumption that the functionality is there. But no. I do not have direct proof as I do not have access to the IC2 source code.


    But yes, I agree that you should maybe attempt to calm down a bit. Perhaps a nap in in order?


    It's not about the code or what it does. It's about how it does it and how it was done.


    I don't give a damn about someone having a custom cape. I have one of my own. It was cool for about 45 seconds. Then I put it back into first-person. Then a player on my server saw it, and I asked him if he wanted one. He told me not to bother because he'd never see it.


    SpwnX - How the fuck am I being selfish? You'll need to explain that otherwise I'll be inclined to believe that you are just throwing out baseless accusations with no purpose other than to demonize me. Seriously.... How. Am I. Being Selfish?


    As always, I've been doing my best to be civil and patient by explaining things to people more concerned with hating and defending than they are with thinking and understanding.


    Just because we have a difference of opinion does not justify a complete lack of respect. Hating me more does not make you more right, it just shows that you lack the maturity to engage in disagreement with any sense of maturity.


    What can I say? It's six pages of 'Shut up! You're wrong.' because I know I'm not.


    Quoted from "SpwnX"
    I don't give a fuck about capes.
    *Ahem* weren't you the one, who wanted a "special" GregTech-Cape?


    Erm... I believe they refer to that as being 'busted'.


    1) The mod pack was assembled via the Technic Launcher. Hence why it was targeted...


    2) ...and not include some backdoor recruiting scheme to add more members to the SA forums...


    3) Your solutions also assume a level of inhuman benevolence from mod authors. Basically, your saying that they shouldn't backlash in a violent, semi-destructive manner. Yet you couldn't even do that yourself with RichardG in a forum post. And he's the one you say has an unhealthy mentality?


    1) So? It was a mod pack that was assembled, but did not include IC2. Therefore should not have been targeted. Even if a mod pack does not have permission to include a particular mod does not mean that the end-users are restricted from adding it. Due diligence... the person that set the standards and compiled the list failed at it.


    2) and what? a backdoor recruiting-scheme to add more members to the FTB forums is magically better?


    3) Your comment assumes that I object to violent, semi-destructive reactions from mod devs when their work is hijacked for personal gain.


    I don't.


    I sympathize with the affected, unsuspecting end-users, but the developer in me rolls on the floor imagining the panic the Tekkit compilers experienced as they started to figure out what was going on and why. The comment I was responding to implied that there were no options between blacklist and explosions. I was showing that I had already offered 2 other options. For the intended goal of hindering unauthorized usage my solutions are both more creative and more effective.


    As far as my reaction to RichardG... the dude had just (ab)used his power and position to censor content that didn't break any rules, it just used his own words to show how far he was going to go with it before people pointed out that his plans were illegal (shit, +1 for 'the Forge guys and Alblaka'). If the quotes were inaccurate or used out of context then he should have addressed that and disputed the validity. He didn't which leads me to believe it was true and accurate. What sense does censoring the truth make? How is that the right thing to do?


    If you want to yell at people for their intended actions about a year ago, the technic team is a great place to start!


    Don't deny that. I don't agree with what they did. I get why they did it, but intent alone doesn't always make things right. In no way should I be confused with a Tekkit sympathizer.



    Yes, that happened, yeah, it was uncalled for, but I don't see how this is relevant to this thread.


    Relevant to the thread because a server that didn't belong on the list had to jump through hoops to get off the list? Meant to illustrate yet another way this was a flawed implementation.


    Welcome to the Minecraft modding community, where there are two sides to every issue, and absolutely no gray area.


    But how does that have relevance to the associated quote?


    I don't know about that, there's been a lot of drama throughout modded Minecraft's history, the community has survived one way or another.


    Again... relevance is where? All I was saying was that what I initially thought to be a minor theoretical security flaw and a bit of ego stroking actually bordered on spyware implementation 'at the early planning stages'.


    Barely cared? Are you sure about that? It was like one or two species of bees that caused minor explosions and everybody was like "MA WURLD'S BEEN GRIEFED!", Sengir is still hated in the Technic community. I'm pretty certain that modders generally prefer to avoid unnecessary drama, the amount of backlash the actions you are advocating here would be immense for a mod that has been around as long as IC2 compared to just a simple blacklist that could be avoided with 5 seconds of reading before clicking the download button.


    Yes. Sengir is still hated, but that was primarily due to splashback from punishing unsuspecting and 'innocent' users for what was essentially a mod developer\pack compiler issue. On the whole people get that Sengir was protecting his claim and are forgiving for the most part. Protecting his mod wasn't the issue, 'griefing' player worlds was. I have my own problems with Sengir. Exploding bees ain't one of `em.


    I understand that destructive methods would probably backfire against the credibility of the mod, but I don't think that either of the solutions I've mentioned could possibly be viewed as destructive. You'll need to be more specific on how the 'actions I've advocated' would have immense backlash. And how would 5 seconds of reading before clicking solve the problem?


    1) Name the server, and any launchers used it its creation


    2) You do realize that the next step would be selective save world destruction, should it boil down to that point again, correct?


    1) Link - Other factors aside, in this instance it was found that the mod pack WAS on the list erroneously. If a developer is going to implement a blacklist then they are responsible for ensuring that the contents are correct and accurate. Due diligence.


    2) No. I don't see that. I myself have offered up two (TWO! and that's barely sparing any brain function for the task!) alternative options that are both non-destructive and far more effective than this.


    • Crash the client with a 'IndustrialCraft2 is not authorized for use with this modpack' message similar to the multiplayer version check.
    • Disable all IC2 functionality when xxx pack is detected while leaving all other functionality unaffected. Users can still play, just not with IC2.

    WTF RichardG? Are you ashamed or something? Are you afraid of your own words? Pre-planning or not, 6 months ago or not... it's still the direction that you were headed and the direction that it took other people to steer you away from. The fact that you run from your own words and actions shows shame. It's the direction that YOU wanted to take and it shows your intent.


    Honestly wish I hadn't ever said anything. In the beginning it was just a small issue that got blown out of proportion by over-defensive fanboys. Now it feel like I opened a closet and got buried under a pile of skeletons. For me this all started because I was on the bug tracker and saw a bug report about a server that undeservedly found itself on the blacklist. Over-defensive of the devs and overzealous in their dislike for all things tekkit they harassed the OP for 2... 3? pages before anything happened.


    Anyway... seeing that IC2 had a blacklist, I was like 'What's it take to end up on that? Did IC2's mod pack requirements change?' Nope not really... But while looking round I saw some theoretical weaknesses had been introduced with no notification... Really... just a small gripe. Made a quick comment about it's lameness and out come the wolves that can't stand the idea that someone would have the audacity to question the Great and All-Powerful Mod Developer.


    Long story short... defend my views, come to find out that my doomsday theories are a bit closer to reality than I initially realized...


    If unauthorized mod pack usage is really that grave of a concern then you're going to have to be more creative and have more conviction than has been shown. Tekkit users had their worlds exploded by unauthorized usage and barely cared, what difference is a 3 second line of nag text in an otherwise fully functional package really going to accomplish?


    /add: apologies for my strong tone. I just feel that censorship and indignation are poor responses when you have been caught with your hand in the cookie jar.

    By implementing this feature without notification to the end-user RichardG is already collecting user information illegally.


    The Quote at the bottom of the page reads...


    Quote

    All that is necessary for the triumph of evil is that good men do nothing. Do something.


    ...I'm trying.


    /add: MagusUnion ... you do realize that usage of an overused meme typically weakens any attached commentary, right?

    @MagusUnion- I have no idea what version Tekkit\Technic\whatever is at because I pay it no mind. Never used it, never had a reason to use it. Point is that there was a needless backdoor quietly slipped in, and the mindset of the developer does not seem to be a healthy one as evidenced by that chat log GreenWolf dug up. Until I saw that malicious intent from an IC2 dev was the least of my concerns. If you read back through my early comments you'd see that my concern was more about a compromised host.



    Not reading or not thinking... not stopping to consider all the factors... something... Maybe just not reading between the lines?


    How many servers do you think the people on that list actually play on? How many 'other players' do you realistically think are going to see the capes? Its not like this is WoW where there are 5,000 players on a server. As far as the security aspects... see the above part @Magus.


    At least Mojang asked the community and included the option to disable their Snooper.

    The point of the blacklist is to make it so that packs do not grab a version of IC2 that does not have them blacklisted and simply use that without permission, so if it already retrieves a text file for a blacklist, why not just stick a cape list on there too? Sure, the capes certainly do not need to update in real time, but the blacklist does, and the text file gets retrieved no matter what, so it basically costs no additional time to have it there.


    I get that, and I get that it's not just Tekkit, but considering the ModPackTerms... It would take some doing to get to 'blacklist' status, and the blacklist should be used as a last resort. I imagine that most minor infractions could be cleared up with communication if attempted first.

    because in the vast majority of cases, it won't effect people who don't see the feature


    Jesus effing Christ... you can't be serious , can you? Did God send you to test me? Is the problem that you aren't thinking or that you aren't reading? I find it greatly amusing when indignation gets in the way of intelligent thought... :(


    The whole point of this thread is how this affects the people that AREN'T on that list. And it DOES affect the people that aren't on the list. It affects them because a developer has introduced remote access to an external server using a very exploitable platform. It affects all users by introducing a base-edit that could introduce the potential for conflicts. It affects all users by making ALL users wait (albeit, just a little, but when multiplied by several client restarts over the course of days, weeks and months), cumulatively across all users this adds up to HOURS off our lives just so a couple of people can get a cape. This was a poor choice of feature to implement. It has absolutely no benefit for the vast majority of users, adds a vanity feature for <1% of users and introduces weaknesses and flaws for all users.


    Even though you refuse (yes, refuse. For the good of my faith in humanity I am choosing to believe it's a conscious decision on your part.) to see the validity in it, the better course of action would have been to introduce this functionality as a secondary-mod that could be installed by the few people it would have an effect for.


    I don't think this will be going away any time soon. Why? Because the same file that has the cape list also has a list of anti-Technic checks to perform. And we all know how much mod developers hate Technic.


    Which is what makes this so funny for me. The blacklist functionality for Tekkit. After everything that's been done, you really think a login message is going to get people to stop using Tekkit? Bukkit is dead, Tekkit is stuck on 1.2.5 and Forge-like support is finally getting to where it should have been all along. If you don't want IC2 being used, then do it in a way that might have effect. Crash the client with a message similar to the Multiplayer Mod Incompatibility check... but that's beside the point.


    The fact that capes outnumber blacklists by better than 2:1 shows what the important part of that list was.


    This is a bad-practice for an aspiring programmer to be getting into. The blacklist and the cape functionalities both could have been added without online checks. Blacklist, Playerlist and Cape Art all could have been hardcoded at the loss of instant updates.

    You're proving my points for me here...


    It's like you're too busy being offended on behalf of the developer to be bothered with thinking about the meaning.


    and no I don't agree with you, a separate mod would be useless because each user would need to install it to see the cape, which would make it pointless


    This. Who is going to download a mod that has the sole purpose of giving a cape to people 99% of Minecrafters will never see on a server?


    That's the point. It's the OPPOSITE of 'useless'. Who would install the separate mod? Well, let's see...


    1) The 17 people with their name on that list.
    2) Server Admins that have one (or more) of those players actually playing on their server.
    3) Other players on the servers that have those players playing on them.


    That was the point of it. To keep it from affecting the people that will never see the effect. If server admins want players to see capes on those few players then they can include it in their mod pack.


    /add: tl;dr- Who would install it? People with a use for it. Who wouldn't install it? People with no use for it.
    ...so since the people who don't have any use for it whatsoever won't install it, let's shoehorn it into something they will download and install?


    As much of a joke as that was meant to be, it makes me wonder if it might be closer to the truth than I intended. I seem to recall a certain annoyance when people would ask about the cape in Direwolfs videos... makes me think it might have been added into IC2 as a way to force a troll onto some specific people.

    wait, hold on a second.
    why do any of you haters think you have any right to be complaining about what the ic2 devs are doing?
    funny that you are complaining about having to wait another 3 seconds for your game to load.
    do any of you even have any idea how long it takes to make a mod of this size? HUNDREDS OF HOURS
    they spend hundreds of hours to make a mod to give away free, and they get hate for making something to make them look cooler


    Since you missed it the first time... here it is again...


    ...a divide between people with the technical knowledge to get what the problem is here and people that are more concerned with defending the modders and calling names.


    I think it's funny how it is literally impossible to say absolutely anything critical about a mod\developer without someone charging in with nothing but an air of righteous indignation and that defense... It's like you're too busy being offended on behalf of the developer to be bothered with thinking about the meaning. The added load time is of trivial concern for me. The part that bothers me is that a developer that has been trusted with the work of another (keep in mind RichardG (who I'm assuming implemented this) didn't code IC2... he has maintained it and added to it...) and implemented , what I feel to be, a sloppy solution for something that, as you said 'makes the devs look cooler'. Want a better solution? A separate mod that the users that actually play on those servers can individually install. The people that will actually SEE the capes, instead of slopping up the init and load of the people that won't.

    Exactly, alot of people complain that "Why cant you let me D: YOU ARE SELFISH" instead of "Ok, he donated and i didnt."
    It isnt a punishment for you, its a reward for others.
    Damn whiney babies :3


    So... what I'm seeing in this discussion is a divide between people with the technical knowledge to get what the problem is here and people that are more concerned with defending the modders and calling names.


    If you had read the thread, Sirus, you'd see it's not a question of rewards. If I want a cape all I'd have to do is add another mod, personally- I just edited the minecraft code to use custom capes and skins on my server. If you look at the list of users in the IC2 list you'd see that none(?) of them are for donors. All the names on that list are... in short all this does is add a bunch of IC2 capes to the ForgeCraft server, as someone else said... ePeen.


    As far as security... Connecting to a server gives the server admin your IP, Java is an exploitable platform, and the coders are (seriously- no offense... not intended as an insult) amateurs that for the most part are current students of the language. If you are doubtful of a text-file's ability to deliver a payload then you need to do some research on exlpoits before you profess an opinion. Might I suggest starting with how SQL-Injection attacks start?


    Finally... time. Death by a thousand paper-cuts. What was the figure mentioned...? That in theory a 10KB file could take up to 2.5s? Which might sound like a lot, but once you factor in network routing and server negotiation that number will likely go up. ...but for the sake of argument- it'll work. So, 2.5s, and if say... 2/3rds of mods start using similar features and figure that by... 60 mods? My count is higher, but it's a nice number.


    Lets see... 60 mods, reduced by 1/3rds, multiplied by 2.5 seconds... that alone is over a minute and a half. On top of the initialization FML is already doing. What's the range for 'normal' loadings? 1-3 minutes? Under this scenario even the bottom end of that figure would be doubled. That's for all users. Just to see if 1, 2, 3,..7..9...14..17 people get a special cape. And what happens when different mods start conflicting? Be a pretty stupid way to cause crashes methinks... conflicting capes, and no one wants to drop theirs.


    It's all theory and potential worst-case scenario's- but as I stated initially... 'benefits' just a few, 'harms' many. It was a change that could affect overall security and it was just slipped in. Forge has 'update check' hooks built-in ( I believe), if 'cape-check' hooks are needed then take it to Forge. At least that way there is reassurance by being open-source and any potential conflicts, I feel, would be handled better there.


    As far as the blacklist functionality... What's the point? Sengir blowing up worlds didn't kill Tekkit, what real difference does text at login have? If you're really against unauthorized mod pack usage and you don't want to get the hate Sengir got then just have it so that IC2 disables itself. ...or forces a client crash with a 'not compatible with xxx modpack' message.


    ..but even then it would have been phoning home with no notification of the change to users. Bad.


    Not to mention that it would qualify as a base-class edit, right? Something modders are typically warned away from 'unless absolutely necessary'?

    Why does this bother you so much?


    Because it's a trend that I've been noticing more and more in the mod community and with a background in network security it worries me, especially when used trivially.


    By nature I am against the idea of software 'phoning home' unless there is a VERY good reason given that a compromised source is Lesson3 in the Hacker Handbook. As I stated in my OP... it's a fact that I'll accept begrudgingly under the proper circumstances, but when it is primarily used, as I said earlier, so that a select few (<~10?) can feel special... I feel this makes ALL users a tad less safe. Everything about Minecraft is built on Java, an inherently flawed platform from a security standpoint and considering that even the Java 'experts' get surprised by crippling exploits, I don't think it's unfair to keep a close eye on modders that are still learning.


    And as you said... you didn't even know this change had been slipped in. Something like this should require notification at the very least. For an example in context... the way Mojang introduced their 'Snooper' function.


    /edit: And building on what Wliu mentioned... have you noticed how long it takes FML to fully initialize? It's checks like these that cumulatively add to that because during that process it has to wait for the remote server to respond with the file before it can continue on to the following stages. ...Death by a thousand paper-cuts?

    Pretty lame that RichardG has taken it upon himself to add code into IC2 that is mostly there just to add vanity capes to a select few people.


    I mean... I get the reason for implementing a black-list but considering the timing... I mean the Tekkit-wars were so totally a year ago and I thought we'd be over that by now.


    The idea that every client has to ping a server to get a text file just to see if the player gets a special cape is pretty weak.


    A mod checking itself for updates is one thing- it has a practical advantage for a majority of players. Checking to see if a player gets a special cape is something else entirely- mostly vanity and ego-stroking.

    The forums for my personal project site. It's not really like they'll even be used really as the only traffic for the forums is me for update tracking and the like.


    I was working on fixing some stuff that was broken in the style I migrated to and one of the things I noticed was this huge box for smiley display and there are only the default ones installed. Then I was replying to a post in the middle of fixes and I saw the IC2 ones hiding down there and impulsively started this thread... almost deleted it at one point I think. May have been your first response that kept that from happening.


    But I was thinking about it, and it would be kinda neat to have icons of all the vanilla and mod items. It'd be a pain to get all of them unless they can be ripped from the game. ...anyway, I'm thinking with my fingers again :S


    (btw: the batpack icon is used twice. Batpack and RE battery. 2nd row, 11 and 17 on my display. At least I think it's used twice... a RE battery is a standard battery yes?)

    Kinda why it's here.


    I try not to flood staff PM boxes unless I have to and since I'm in no real hurry on this I figured I'd let the request hang out on the forums for a few days before I PM'd him a link.


    But thanks for the response anyway though :)

    Just imagine for a second that one of the devs is coming home from work wasted and only wants to spent some quality time with his girlfriend or the TV (whatever is available) and not setup servers, maintain code or a community. I have no doubt that they are capable of doing that, but setting up all that stuff primarily takes time. And that is why I said: if we ask them to do that, it is only fair if we assist them.


    Have you ever tried dev'ing wasted? ...it's a hoot, lemme tell ya. only bad thing is that it's sometimes hard to remember exactly how it was that you managed to do something. Sometimes I get wasted because I have dev stuff to do. Aside from that my girlfriend is sitting next to me watching 'West Wing' while I do this. Later I'll be SSHing into my server while she watches something else. I'm just saying- none of those activities have to preclude accomplishing some tasks.


    It's not about assisting them. I myself personally and directly offered to help with investigating the Jenkins aspect. It's about trusting they've heard the message and understand that it's about how Al, Richard and Player have to do ALL the development and that silent updates are bad.


    My idea on a brainstorming was not to tell them how to do the entire open-source thing properly, but to give them ideas on what can be done.


    And my point is that creating an 'open-source brainstorming' thread may be putting the horse before the cart. We don't know if IC2 is even going open-source, so why are we brainstorming about it?


    But I don't see why having public repository on GitHub can be problem. It's not like anyone can write in it, it is only "public" for reading. It does not even require you to license it under any "free" license.


    Because Alblaka may not wish to post the full and complete source of a project that is still active. If IC2 is posted to one of the free Github repos then anyone can download his full-source and use it however they like. Which.... they could kinda do anyway really, but Alblaka may not want to make it easy on them.


    ]Public repos on github are free, private ones do cost something, i believe you get/got 5 private repos for 5$ a month. The 100$ is for companies.


    He was using my figure of $100/yr. ($7 a month, 12 months a year plus tax. Just a bit under $100 for a non-open-source github.

    Imo it is only fair that if we ask Alblkaka to go open source, that we help him on that.


    First off. Can you please provide me with a quote where Alblaka says IC2 is going open-source? The most recent post where Alblaka addresses the topic simply states 'creating a semi-public source hub, permitting 'trusted' (aka invited) persons to submit code changes (which then need approval) sounds reasonable'. Semi-Public is not open-source, 'trusted' (aka invited) is not open-source.


    Other than that- Alblaka, Richard, Featnuri and Player have shown themselves to be rather intelligent individuals. If they were able to figure out how to mod minecraft then I'm sure they can figure out how to set up an auto-build system. No matter how many offers of assistance they get, plans are still going to be made by the 'core devs', and the ball isn't going to get rolling until they have a chance to assess and plan amongst themselves.


    In essence this thread has done all it can do, it shook things up and shifted some gears. yay.


    All I'm saying is that until the core devs decide how far they want to go with this then there isn't a whole lot we can brainstorm about. Unless Alblaka makes the decision to go completely-totally-and-truly open-source then there is no real reason to continue talking about Github unless we expect Alblaka to spend $100 a year to use Github as a private repo.


    We got what we wanted. The devs are 'awake' so to speak. Now might be a good time to let them wake up a bit, instead of hovering around them babbling about all the awesome things we're going to get done today and rudely pulling the drapes back to let the day in. Just sayin... let `em have a few minutes of sitting on the side of the bed and starting at the floor.

    -snip-


    wtfbbqroast?.. We've moved past the hate and anger stage. You just pooped all over what was turning out to be a somewhat civil discussion. I mean, a tl;dr in the middle of a post? (or was that a tl;dr that was /longer/ than the post?) Then when replying to a small snip you go off again totally unrelated to the quoted reply. Just sayin', might want to check some of that indignation at the door- won't get very far in life lugging that with you everywhere you go. Even Alblaka is being cooler about it than you are, and he was the one attacked.


    As things start to get mixed up, I created a post on how to do this open source in the suggestion board: The IC² might go open source brainstorming thread.


    Um... not needed? Alblaka has already addressed the situation with what he thinks an acceptable course might be. besides... IC2 isn't going open-source, IC2 is going 'less-restrictive-better-public-access-to-updates-source'.


    Alblaka has made his semi-final comments on the situation, the only think left is to sit back and give him a chance to get with Richard, Featnuri and Player to internally plan their next moves.