AAO25.com
Assist => News => Topic started by: Spanky on Friday, September 13, 2013, 00:12:51 AM
-
I just want to say a few things to everybody coming back. First and foremost, no more discussion of the last Assist version. It's been talked to death on here, Battletracker and the official AA forums. AAO25.com was not re-opened to discuss what happened, it was re-opened to discuss the future of this game for those that wish to continue playing it.
With that said, I want to dispel any conspiracy theories and give you some hard information on what's going on:
- None of the other developers, including myself, work for any governmental agency.
- The only personal data ever used/harvested by Assist is the username, email address and password that you choose to enter into the program and/or into Battletracker. This information has never been shared with anyone for any reason outside the developers. Passwords are stored on the Auth server with a special SHA-1 encryption that includes a salting method.
- Assist was not shut down to "hide evidence". It was shut down to avoid abuse of the system and to prevent any non-relevant personal user data from being harvested.
- It's taken so long to bring back AAO25 and Assist because we have been discussing the best way to bring it back in a way that regains trust and ensures confidence in our users. Without you, our work is pointless. We didn't want to simply go back on the last update and let things go back to normal. We are fundamentally changing various features in Assist as well as introducing a TOS agreement that tells you, the user, what Assist is and what it does.
- Jonny has retired completely from the project. We all appreciate the work he's put into this program over the last 5+ years and he will be missed. He wished for me to post a public statement when this site came back online:
The latest version of assist (7.47) included a new anti-cheat feature that allowed us to search peoples computers for cheats or hacks, This was done via an authenticated connection to the authorisation server. When you downloaded 2.5Assist from our site it was on the understanding that it was an installation and management client for AA2.5, I believe that this gave us a mandate to access and modify files on your computer that are directly related to AA2.5 and extended this definition to include cheats/hacks that are specifically designed for use with AA2.5
Unfortunately this new anti-cheat feature was rushed and not properly thought through and contained serious security flaws that meant it could have potentially been used to access files that were not directly related to AA2.5. I am not a professional software developer and only do this as a hobby for free, as such I have no qualifications for this type of work and was bound to make a serious mistake like this sooner or later.
I want to assure the whole Assist community that this latest feature was only live for less than a week and was only ever used on a very small group of know cheaters, Where it was used I am 100% certain that no files that were not related to AA2.5 were accessed and I am 100% certain that no personal information or data or anything else not relating to assist has been compromised.
I soon as I came to realised what a security/privacy threat this could have become I acted immediately to shutdown the system to prevent it being abused and removed the authorisation server making it impossible for this feature to be used again by anybody.
There has been talk of Trojans, spyware and backdoors being used but this is not the case, This was simply a function built into the assist client that could only be accessed via an authenticated connection to the Assist authorisation server. With the auth server now gone this security flaw is now completely removed and unusable to I can assure all of you are perfectly safe now.
When our server hosting company found out about this they did not want to have anything to do with us anymore so the AAO25.com forum was taken down, Some of the admin team are now working to get the site back up so they can discuss a way forward with the community.
I however will no longer be involved in this project, I have made a mistake and have lost the trust of the community, I no longer trust myself to develop software and will not being working on anymore projects in the future.
Some of the other admins have expressed an interest in removing said features from assist and continuing the project but that is up to them and community to decide.
-
I think your all CIA!!! :makemyday:
Now what can I do to help?
-
I think your all CIA!!! :makemyday:
I added that in just for you :) Rapture told me about it. I had a good laugh.
-
:D
You mentioned something about a poll? Will our options be posted soon?
-
I think a poll would be best once we can demonstrate Assist running. It's not one of the things we discussed in the temporary admin forum though.
-
if I worked for NSA I would be slaying my own country since NSA has been spying our Citizens, our President and one of the biggest oil producers in the world :D
btw as american citizens, you guys should not Mention: CIA, NSA, TERRORISM, BOMB, OSAMA, JIHAD :P
prepare to be tracked and interrogated rofl.
-
Ya Spanky's trying to break down my door right now!
-
Ya Spanky's trying to break down my door right now!
That's what she said?
-
That's what she said?
Only if it's the back door...
We're all excited AAO25 is back but let's try to keep this on topic guys :)
-
Very excited indeed!
What are the chances of Assist ever becoming open source?
-
Only if it's the back door...
We're all excited AAO25 is back but let's try to keep this on topic guys :)
speaking of this, hope we get Assist back asap and then we can have the Custom meshes thing :D
We wan't to delivery something great to our players :)
Open Source, well, lots of pp have joined the project since it started but, there are core things that can't be public as the Auth system mech etc. but anyone capable can help;
-
I brought the Open Source idea up briefly and it's a double-edged sword. I think it's best not to right now because there's not many players. If there were more players that could contribute coding abilities, then the community could work towards making Assist more secure instead of just a couple of us. But, if we go Open Source and nobody else helps out with coding and security, we've just become completely vulnerable to those with more time/knowledge/creativity.
-
It's not one of the things we discussed in the temporary admin forum though.
So far sounds like things are on the right track. Would you have time to explain a quick summery as to what has been discussed?
I've finally accepted the fact it is not a good idea for servers to track modded servers. With that being said is there anyway the weapon picker mod can be integrated into Assist? Or at least an updated forceclass script?
-
So far sounds like things are on the right track. Would you have time to explain a quick summery as to what has been discussed?
I've finally accepted the fact it is not a good idea for servers to track modded servers. With that being said is there anyway the weapon picker mod can be integrated into Assist? Or at least an updated forceclass script?
The game is still offline and you start talking about mods,Skripts and stuff..! LoL
Admins should only keep working on the auth-system asap, to avoid losing players/game!
BTW the solution like befor is for me and the community perfect to Keeper the game origin and smart as well. Who like mods just leave and play Garry's Mod!!!
-
Johnny has retired completely... Only until the next time. How many times each one of you guys have retired competely only to bcome back again later?
-
If you are fast mike there is gowing train to north korea there also are leaders that do think for te people . :D
The game is still offline and you start talking about mods,Skripts and stuff..! LoL
Admins should only keep working on the auth-system asap, to avoid losing players/game!
BTW the solution like befor is for me and the community perfect to Keeper the game origin and smart as well. Who like mods just leave and play Garry's Mod!!!
-
Hi all.
What happened was a breach of trust (I hope - that is the right translation), but you don't like to discuss it, as I read in the 1st post...
(...) This information has never been shared with anyone for any reason outside the developers. Passwords are stored on the Auth server with a special SHA-1 encryption that includes a salting method.
Quite interesting to read. The Auth Server is the site Battletracker.com (=bt), isn't it? It's based on a wbb-board, so the passwords for sure are stored crypted (there's the possibility since version 2, if I remember right). Homey made you an API to check, if the submitted login data is correct and to send you some stats and the bt-number back.
But what about the delivery of my personal data to assist? That is not crypted. When I login in Assist with my bt-name and bt-password are send in "clear text" to assist-server. Nice to see only " ******** " in passwordfield, but the data finally send is plane text.
(...) I think it's best not to right now because there's not many players. If there were more players that could contribute coding abilities, then the community could work towards making Assist more secure instead of just a couple of us. (...)
I think outside of your "staff team", there are a lot of players who have coding abilitys. In my case, I offered my help not ony once or twice. I got rejected several times and than I finally lost the interest on trying it again.
While you "re-setup" this page, there was a short massage like: "Can anyone host the site?" I perhaps could do so but didn't have a way to contact you. I wrote a pn to Johnny on bt, because it was the only name and person I clearly could identify. Perhaps he forwarded it to the rest of the team...
For the future I'd like to have more transparency about what is going on and less restrictions. In my eyes it's a stupid thing, that modded servers are not tracked, only one account per person is allowed and many more... For sure, if there is a server-mod running, which gives 1.000.000 points per kill or something like that, it shouldn'n be tracked. But there are a lot of people who like to play with sf-weapons on standard maps (which was / is allowed from the game by forceclassing), so why you don't let them play that way? Also "low gravity" aka. "high jump" is settable by admin, so let them have some fun with it.
Cheating / Hacking in my eyes is a big problem, but there are only a few things we could do against. Evenbalance stopped PB support and the PB-scripts could only handle known hacks. I play this game for a long time and in my eyes there are a lot of cheaters playing very often. I have no evidence, so I won't call anyone a cheater.
Let me give an example: a person is dying every round and has 1 kill and 10 deaths in 11 rounds. Next round he kills nearly every enemy with one or two bulles and has a 30 kills / 11 deaths 5 rounds later, his bullet holes across the map are fitting on a 1-Dollar-Coin, than he is not clean for me, especially if you could watch this a lot of times.
Don't ban those players globally if there is no evidence. Offer us the possibilty to ban players by bt-numer like PB-Guid before. Give us the possibilty to find 2nd accounts, so that he can't join my / our server anymore. If I don't trust him, I'll ban him. In the past "innocent" players tryed to contact the admin and excused or explained. Especially the german community is very small and we know each other. "guilty" players don't even try, they make a new account or play on other servers to push their frag and get a ******.
Regards
Graf
-
Great to see the forum back. GJ.
If I may reply a bit to Grafs message. I think the modded servers should stay untracked. It was a step into the right direction and I wouldn't suggest changing it back. Then it becomes the junge with mod servers only.
Server admins should be more integrated into the background of assist. I mean like to have a server admin section where only admins can post players that have been banned on what server or are suspicious. So other server admins are warned. Adding a better ingame banlist or somehow server ini banlist where you can add BT IDs would be definitely great. And some lite versions of tools for server admins. Like checking if the player has logged into second accounts. MAC links and so on. Could be very useful to minimalize cheating. And dont give away the tools and access for every random server admin. At the beginning just to the major servers that are played the most like ATAS, IGC, HT, NoG, PE. (and PUF)
-
Don't forget =PUF=KAUTO CLAN WEALREADY BAVE 13 MEMBERS A
ND stil growing and alot mod lovers are in ths world that like us :cool:
AGreat to see the forum back. GJ.
If I may reply a bit to Grafs message. I think the modded servers should stay untracked. It was a step into the right direction and I wouldn't suggest changing it back. Then it becomes the junge with mod servers only.
Server admins should be more integrated into the background of assist. I mean like to have a server admin section where only admins can post players that have been banned on what server or are suspicious. So other server admins are warned. Adding a better ingame banlist or somehow server ini banlist where you can add BT IDs would be definitely great. And some lite versions of tools for server admins. Like checking if the player has logged into second accounts. MAC links and so on. Could be very useful to minimalize cheating. And dont give away the tools and access for every random server admin. At the beginning just to the major servers that are played the most like ATAS, IGC, HT, NoG, PE.
-
Hi guys, I already posted a bit somewhere else, but I will support your comeback, if you need any non-technical help with anything, feel free to contact me
-
TS coming back up too ?
-
TS coming back up too ?
probably not, it was Hosted for Free from an ex-admin, TG Pegesus :)
it had some downtimes etc but He doesn't need to keep it online as it was done for free.
Hi all.
What happened was a breach of trust (I hope - that is the right translation), but you don't like to discuss it, as I read in the 1st post...
Quite interesting to read. The Auth Server is the site Battletracker.com (=bt), isn't it? It's based on a wbb-board, so the passwords for sure are stored crypted (there's the possibility since version 2, if I remember right). Homey made you an API to check, if the submitted login data is correct and to send you some stats and the bt-number back.
But what about the delivery of my personal data to assist? That is not crypted. When I login in Assist with my bt-name and bt-password are send in "clear text" to assist-server. Nice to see only " ******** " in passwordfield, but the data finally send is plane text.
right when Jonny shut assist down, he was working on a better/ more secure way to send/receive data on Assist. idk what will happen with it cuz it wasn't released.
I think outside of your "staff team", there are a lot of players who have coding abilitys. In my case, I offered my help not ony once or twice. I got rejected several times and than I finally lost the interest on trying it again.
While you "re-setup" this page, there was a short massage like: "Can anyone host the site?" I perhaps could do so but didn't have a way to contact you. I wrote a pn to Johnny on bt, because it was the only name and person I clearly could identify. Perhaps he forwarded it to the rest of the team...
When we don't are rly in need of someone we use to reject/forget cause of security etc, but once a year 1-2 ppl join Assist lol.
ATM I guess we already have a host. I'm not 100% sure :P
For the future I'd like to have more transparency about what is going on and less restrictions. In my eyes it's a stupid thing, that modded servers are not tracked, only one account per person is allowed and many more... For sure, if there is a server-mod running, which gives 1.000.000 points per kill or something like that, it shouldn'n be tracked. But there are a lot of people who like to play with sf-weapons on standard maps (which was / is allowed from the game by forceclassing), so why you don't let them play that way? Also "low gravity" aka. "high jump" is settable by admin, so let them have some fun with it.
Cheating / Hacking in my eyes is a big problem, but there are only a few things we could do against. Evenbalance stopped PB support and the PB-scripts could only handle known hacks. I play this game for a long time and in my eyes there are a lot of cheaters playing very often. I have no evidence, so I won't call anyone a cheater.
Let me give an example: a person is dying every round and has 1 kill and 10 deaths in 11 rounds. Next round he kills nearly every enemy with one or two bulles and has a 30 kills / 11 deaths 5 rounds later, his bullet holes across the map are fitting on a 1-Dollar-Coin, than he is not clean for me, especially if you could watch this a lot of times.
Don't ban those players globally if there is no evidence. Offer us the possibilty to ban players by bt-numer like PB-Guid before. Give us the possibilty to find 2nd accounts, so that he can't join my / our server anymore. If I don't trust him, I'll ban him. In the past "innocent" players tryed to contact the admin and excused or explained. Especially the german community is very small and we know each other. "guilty" players don't even try, they make a new account or play on other servers to push their frag and get a ******.
Regards
Graf
Since the last AC efforts(not the one that made it goes down lol) we rarely banned on thoughts, most ban were set with real proof and legally imo(read the above msg before you try to say otherwise).
-
Good to see you back !
-
any news when the auth comes back online?
-
very very good to see you back would like to see the game back but guess its a start :)
-
welcome back again :))
-
The game is still offline and you start talking about mods,Skripts and stuff..! LoL
Admins should only keep working on the auth-system asap, to avoid losing players/game!
BTW the solution like befor is for me and the community perfect to Keeper the game origin and smart as well. Who like mods just leave and play Garry's Mod!!!
yes please, make a download section to have a version the will work for playing. even without honors. otherwise a lot of players are going to aa4 - and will not comeback.
thank you!
-
just go back one release - if possible - and let us play until you made final decisions about the way this perfect game will go.
would really be great!
-
I personally think it would be smarter to let people play once you know you won't make any more updates for a little while, once you know it's up and rolling , otherwise it might be a mess ...
-
it depends on when the final version is rolled out. in 1-2 weeks, no one will play this game i guess.
my mindset of that
-
Better roll out some version and then you have time to think about it. More waiting is just gonna make more players quit.
-
Indeed,first bring up some old version of assist,then we can think on the future :up:
-
Don't understand what all the fuzz is about.Just go back to version 7.4... whatever and lets play!!! :up:
People had fun without these anti cheat programs as well.
I think cheaters are being easily spotted by the experienced players and admins can take appropriate steps like kicking, temporarily or even permanent banning.
Too much rocket science also spoils the game and an online game will never be perfect - some smartass will always find a loophole.So dont even attempt to make it perfectly bulletproof.
I hate all this talking from wanna be experts :rtfm:
Lets get this game online again before it is too late
Thx :D
-
i agree with lord at least we can all have a game then i know a hacker when i see one as im an experienced aa player and seen it all been playing it for 9 years and then it just finally stops like that it feels worser than my smoking addiction this does
without this game i think i would crack up missing it with a passion please hurry and get us back online and if any help is needed i will gladly help i couldnt stand to see this game gone after all its been threw thanks for listening and hope to be playing again realy soon
Wello3 :)
-
Johnny has retired completely... Only until the next time. How many times each one of you guys have retired competely only to bcome back again later?
So long how long you will be jew.
-
i agree with lord at least we can all have a game then i know a hacker when i see one as im an experienced aa player and seen it all been playing it for 9 years and then it just finally stops like that it feels worser than my smoking addiction this does
without this game i think i would crack up missing it with a passion please hurry and get us back online and if any help is needed i will gladly help i couldnt stand to see this game gone after all its been threw thanks for listening and hope to be playing again realy soon
Wello3 :)
i know a hacker when i see one as im an experienced aa player and seen it all been playing it for 9 years and then it just finally stops like that it feels worser than my smoking addiction this does
i agree with you if you are =IGC=[W]ello3^ excluding the glow part.how much players got cought in your clan by cheating? just remember "Darkened.pt, wolf,chavez...! sorry but after 9 years playing you are still a noob.
-
I think [W]ello3^ is a good player
I really had a good laugh at your profile picture Mike Is that u and what are you doing there lmao really funny
-
Is this the new setting in admin Assist land!!
big_sergio, blueblaster, elizsweden, natenkiki2004, vortex666br
-
I wonder who the (¿banned?)Nazi was who ratted out to the host company...
-
Is this the new setting in admin Assist land!!
big_sergio, blueblaster, elizsweden, natenkiki2004, vortex666br
-I hope serius that the new group of people who will creat the future admins understand that we need each other to get a healthy climate and a freedom of game play.
-
I wonder who the (¿banned?)Nazi was who ratted out to the host company...
It wouldn't surprise me one bit if pit had something to do with it
-
AAO25.com was not re-opened to discuss what happened, it was re-opened to discuss the future of this game for those that wish to continue playing it.
-
i know a hacker when i see one as im an experienced aa player and seen it all been playing it for 9 years and then it just finally stops like that it feels worser than my smoking addiction this does
i agree with you if you are =IGC=[W]ello3^ excluding the glow part.how much players got cought in your clan by cheating? just remember "Darkened.pt, wolf,chavez...! sorry but after 9 years playing you are still a noob.
About Wolf you would never know that he was a hacker, you know why? No bad history, no suspicious gameplay or anything else.
For chavezz and darkened I wasn't sure (but hey, there was no proof right?) After they got caught IGC kicked them out. Even other clan have cheaters in there without the admins knowing about that. At the end you can't blame the clan for having a hacker as a member, because without a good anti-cheat system you will never know if someone is really clean or not.
Offtopic, but I had to say that
-
So how long we must wait to meet each other on the field of war? :style:
-
It wouldn't surprise me one bit if pit had something to do with it
Pit had nothing to do with it. I Host the site. My hand was forced to suspend the site until the issue was resolved.
In taking down the auth server, and removing the AC Protection methods used from distribution they met my requirements to restore the site.
There we're never any hard feelings, just business.
The website is back, and I'm working with the developers to get a playable version out ASAP.
Enough about what happened, Lets move on. What would you the players like to see in the near future?
-
Just keep the game playable and reliable. With anti cheat, competition, and community.
-
My thought, which may not mean much though I'll still throw it out there :idea:
I agree that a playable game would be great right now, though I do feel spending the time to get it done right is needed as well. It wouldn't bother me if it took a few more weeks to come back on, especially allotting time to test which is crucial so we can play with less crits and so on.
There are a lot of things that need to be address and or fixed before we could play a reliable game that allows for piece of mind in regards to hackers. Johnny was close and his intentions were good, though now they need to take a step backwards and figure out a new method to keep the community clean.
To be honest I don't foresee too too many people leaving, as long as everyone is kept up to date on the progress and they understand that it will be re-released. I think a lot of the players love this game for reasons they cannot find elsewhere in any other game that is still being supported.
Patience is a virtue and I feel that the loyal fans and players of this game will stick it out with us till it's ready for release.
As far as newer features, we can throw out ideas all we want though this will once again create more time to implement as well as to test out. So my thoughts would be to work on the current problems at hand to get players to playing and the trust to be regained, then we can work on some new sweet features to be released down the road. Anyways, I'm a nobody :D
Just wanted to say hello, vent out some thoughts, and say it's great to hear that there's hope to flashing each other again :cool:
-
Quite interesting to read. The Auth Server is the site Battletracker.com (=bt), isn't it? It's based on a wbb-board, so the passwords for sure are stored crypted (there's the possibility since version 2, if I remember right). Homey made you an API to check, if the submitted login data is correct and to send you some stats and the bt-number back.
Battletracker is just a place where accounts are stored. We have a VPS server that runs everything else (controls authentication, server querying, server list, banlist, and more).
But what about the delivery of my personal data to assist? That is not crypted. When I login in Assist with my bt-name and bt-password are send in "clear text" to assist-server. Nice to see only " ******** " in passwordfield, but the data finally send is plane text.
It's not sent in clear text. There is a special hashing method inside Assist that hashes the passwords with salt before they're sent to Assist/Battletracker.
I think outside of your "staff team", there are a lot of players who have coding abilitys. In my case, I offered my help not ony once or twice. I got rejected several times and than I finally lost the interest on trying it again.
While you "re-setup" this page, there was a short massage like: "Can anyone host the site?" I perhaps could do so but didn't have a way to contact you. I wrote a pn to Johnny on bt, because it was the only name and person I clearly could identify. Perhaps he forwarded it to the rest of the team...
I have heard of you offering help in the past but not this last time. In any event, some things are kind of disorganized on our end. One of which is the offers of help we receive. Some are discussed briefly and then ignored or are outright ignored in the first place. This is not good. I've created a new thread in the admin area with a list of people who have offered to help, what they're good with and a way to contact them. This list will be used any time we need anything. Any offers of help from here on out will not be in vain.
For the future I'd like to have more transparency about what is going on and less restrictions. In my eyes it's a stupid thing, that modded servers are not tracked, only one account per person is allowed and many more... For sure, if there is a server-mod running, which gives 1.000.000 points per kill or something like that, it shouldn'n be tracked. But there are a lot of people who like to play with sf-weapons on standard maps (which was / is allowed from the game by forceclassing), so why you don't let them play that way? Also "low gravity" aka. "high jump" is settable by admin, so let them have some fun with it.
For the transparency, we will have a TOS that outlines what Assist is and what it does on your computer. As for mods, I don't think we'll track them again. We didn't remove them from the game, people are welcome to play. From this standpoint, we've accepted them MORE than the AA devs have. SF weapons can still be done by forceclassing as long as it's not abused/done every round. It's been explained many times that this disrupts classic gameplay. This project is about keeping the core gameplay alive, true to what the original developers wanted.
Don't ban those players globally if there is no evidence.
It's been a long time since we've banned without evidence. There's plenty of players reported but honestly, everybody that's been banned has been banned with proof.
-
Hey guys just lets turn the switch on! I know is not that easy but I'm glad that things are moving forward to get the best game going again!!
-
Pit had nothing to do with it. I Host the site. My hand was forced to suspend the site until the issue was resolved.
In taking down the auth server, and removing the AC Protection methods used from distribution they met my requirements to restore the site.
There we're never any hard feelings, just business.
The website is back, and I'm working with the developers to get a playable version out ASAP.
Enough about what happened, Lets move on. What would you the players like to see in the near future?
wtf regarding doing business. your business should ve been done sometime around 2006. when the game was in its peak. and how da fak have you been forced to suspend everything..please, do explain!
if that is truth then something should be decentralized..i bet there are companies out there that can provide better service then yours "lowpingservers".somebody really faked up that johnnyM dude since he left for good.that someone should be labeled by the community and expelled forever.
-
wtf regarding doing business. your business should ve been done sometime around 2006. when the game was in its peak. and how da fak have you been forced to suspend everything..please, do explain!
if that is truth then something should be decentralized..i bet there are companies out there that can provide better service then yours "lowpingservers".somebody really faked up that johnnyM dude since he left for good.that someone should be labeled by the community and expelled forever.
LowPingServers hosts AAO25.com and 3 game servers. That's it. LPS didn't host Auth, Auth was shut down by Jonny, as explained many times before.
Let's move on shall we?
(https://dl.dropboxusercontent.com/u/464376/aac_maap/7.48.png)
-
If you do not agree with the Terms of Service, please remove Assist and all related software from your computer.
Already done.
IMHO the only possible way to bring back AA is without third party software.
-
Already done.
IMHO the only possible way to bring back AA is without third party software.
You realize with no third party...there is no auth, ie no accounts, no tracking, no anti cheat. And there is an alternative out there. 2.8.5, and nothing stopping anyone at any time from playing any past 2.# versions are all available out there for download and server files to play "offline" / lan / connect by ip.
The whole idea is we need a middle man / management and some sort of community for those things. .
LowPingServers hosts AAO25.com and 3 game servers. That's it. LPS didn't host Auth, Auth was shut down by Jonny, as explained many times before.
Let's move on shall we?
(https://dl.dropboxusercontent.com/u/464376/aac_maap/7.48.png)
Will low ping servers continue to deal with 2.# after this? They removed the game from their options...think they will bring it back? What other hosting options are there
-
Already done.
IMHO the only possible way to bring back AA is without third party software.
See, it would take a LOT more work to modify the AA code and setup a server similar to the devs did for the Personal Jacket. Getting that right would be next to impossible. Not to mention, AA would have to be modified and recompiled which we don't have the tools/knowledge/files to do so. Assist is much easier. If you don't trust it, that's fine. There's others that will.
Will low ping servers continue to deal with 2.# after this? They removed the game from their options...think they will bring it back? What other hosting options are there
LPS is hosting AAO25.com right now. We're talking about where to host the Auth server, that's undecided.
-
It's not sent in clear text. There is a special hashing method inside Assist that hashes the passwords with salt before they're sent to Assist/Battletracker.
While on its face that may sound sufficient, unless the connection is encrypted with SSL, that hash itself is being sent in clear text. If someone can snoop and capture the network traffic, they can grab that hash and do a replay attack to login as you (without knowing your password), that is assuming that the salt doesn't change every time (rarely is that done in practice).
It is great however that the database containing usernames/passwords has salted hashed passwords stored rather than in plaintext.
You should really be using SSL for communication between Assist and the server for login data. (No need to buy a cert, just generate a self-signed one).
-
If someone is smart enough to snoop network traffic of someone, replicate it and play it back to Assist, they should probably be spending time going after something worthwhile, not a free America's Army account that only gives you access to play the game...
-
I will grant you that. ;)
SSL is cheap though, might as well use it. The risks are pretty small though like you said, so perhaps it isn't worth your time which I completely understand.
-
Don't get me wrong, I fully appreciate the advice and hopefully ELiZ or someone more knowledgeable than I can figure out how to make it work. I blab here a lot but I'm just a map guy. The other guys do far more work than me when it comes to Assist.
-
Thanks to all trying to get the game back up. Ticus on a side note, your avatar is not supposed to really look like u. lol
-
Let's move on shall we?
(https://dl.dropboxusercontent.com/u/464376/aac_maap/7.48.png)
YEEESSSSSSSSSSS. better today than tomorrow. go on please, i am standby to play this wonderful game again:)
and thanks for doing this again.
-
LPS is hosting AAO25.com right now. We're talking about where to host the Auth server, that's undecided.
we from hosters.at can also host the auth system if you like! we have 9 server online (not yet because of the auth :) ).....
-
Hi guys,
I'm not very active on the forums but some of you may know me from the game.
On the licensing model: I would be very happy with open source. Generally security by obscurity does not work. Indeed if anyone can read the source then unknown mistakes may be exploited, but I think that this is easily detectable and if there is a known issue, then a lot more ppl can help fixing it. (For example I wouldn't have time for development, but I would happily try to help in finding and eliminating security issues/exploits when they arise.) I think that the infrastructure should be restored as soon as possible with the current model (otherwise players will be lost), but then the development model should be discussed before doing actual work. Open sourcing would also provide the chance to avoid the death of the project in case the original developers leave for whatever reason (or at least enables resurrection).
On the security issues/design issues: although I'm not a cryptography expert, I have some knowledge on the topic (although mostly on the theoretical part). I would be happy to participate in the discussion concerning this topic. (I can help with system design, some cryptography, and algorithmic questions; I hate working on anything GUI related.) Spanky if you think that the project would benefit from my input please PM me and I can share IRL information with you to let you verify my background.
-
spanky tell people how long we must wait for to play AA2 it make me crazy so we are dutch people and can not so good english we see it on forum but can not so understand it and we ask every old players when the game com back nobody understand it
-
Assist should be up inside of 3 days at the latest.
-
Work quicker. Its nearly the weekend
-
nice info spanky and very thx
-
I just want to keep playing. How do we make it happen?
-
I just want to keep playing. How do we make it happen?
Wait. It's being worked on.
-
hey guys, we love you. good work and thanks
-
Great news Spanky and thanks in advance to you and everyone else involved with getting Assist back up and running :)
-
Spanky deserves a raise everyone start pitching in donations so he gets a check this week.
-
Spanky deserves a raise everyone start pitching in donations so he gets a check this week.
Send it to ELiZ, he's the one putting fourth 95% of the effort.
-
Better roll out some version and then you have time to think about it. More waiting is just gonna make more players quit.
We are still playing. Just without honor and tracking.
-
Assist should be up inside of 3 days at the latest.
Guess someone has been doing extra hours huh :)