Jump to content
rocket

Security Vulnerabilities fixed by Patch #2 and Character wipe

Recommended Posts

 

Wtf-did-i-just-read.jpg

 

Seriously? You forget? Listen I have my own code base and its got a lot of legacy stuff in it too but that legacy code from 2007 has functional use in 2013, otherwise it would have been outmoded and superceded by better functionality.

 

I don't usually communicate in memes but you're not really giving me alot of choice in the matter. That is single handedly the silliest thing I have ever read from a lead developer. Who forgot? And if they forgot...why? And exactly how do you forget something that is such a key component of how your server and client packages communicate that you just....forget to remove it. What? You can't even just comment out the code...I mean leave it there but just add a couple forward slashes so its not actually read by the process? Thats not that hard.

 

Good god almighty.

 

 

You have your own code base? Which multi-million dollar, triple A title code base would that be then?

 

Honestly, from what you wrote its clear that coding is probably something you took up in your spare time and you now have a whole website running tens of lines of javascript or something. When you move onto proper monolithic code bases, you usually can't simply forward slash stuff away.

Here's my pro tip to you. Trust the professionals. They sold 100 000 copies in 24 hours. They know what they're doing bro.

  • Like 1

Share this post


Link to post
Share on other sites

We are going to be cleared before the game comes out anyway,

so it doesn't matter at all about resets.

 

I like to have Gold, a Tent and a Bike though!

Then,

Throw in the Night Vision, TWS, AS-50's  

and let them COD babies cry--> its your game- do what your want!

Also,

I think you should put in a couple 6-5 Fast Big Black Zombies to act like the witches in L4D,

if you see one you 80% dead.

It could ead to more teamplay 

Edited by iDash

Share this post


Link to post
Share on other sites

So... you're implying they lied to us and the architecture is still the same as Arma2? You got all this from hackers finding an open door in the code? Damn, your detective skills, they're mind boggling.

We're not talking about some discrete/hidden "backdoor". We're talking about easily cheating the exact same way you can in ArmA 2. People were injecting scripts the exact same way they had been in ArmA 2 hours after the release of DayZ. Visit any active cheat forum. I obviously can't link/show you what I mean.

Bear in mind... the clients ability to dictate the server with a scripting language was specifically advertised to have been resolved. So in way, yeah, they did lie.

Edited by lazy2guns
  • Like 3

Share this post


Link to post
Share on other sites

"if you've actually replaced it"

 

So... you're implying they lied to us and the architecture is still the same as Arma2? You got all this from hackers finding an open door in the code? Damn, your detective skills, they're mind boggling.

 

The entire reason this is a key point of debate today is due to Reddit exposing the entire server package as "pretty much the same thing as the A2 server package". Reddit isn't exactly an authority on things but tends to be a haven for people that aren't morons that are speaking out of their asses, after reviewing that data and looking over the available information from non-admin players that have photographically documented various hacks that are obvious simply from looking at them what they are...its pretty safe to say that detective skills aren't even necessary in regards to this scenario.

 

Now I'm not saying the situation can't be improved...my point in case is that according to a year and a half of interviews it shouldn't have been a situation in the first place. As I said in another post, I never once expected this team to eliminate hacking forever on day 1 or even day 1000, but I did expect a far more secure client/server relationship than A2's laughable architecture.

Edited by semipr0
  • Like 3

Share this post


Link to post
Share on other sites

Cheers.

Okay so after much though I've come to the conclusion that you have no idea what you're taking about.

  1. This server architecture is based on other people's code, not written by Dean and the DayZ team. Have you ever tried reviewing thousands of lines of other peoples code? Advancing on other peoples work? It's difficult. You miss things.
  2. It's 'Early Access'. This is not a label you can just slap on a game so you can do experiments on it, and use it as a shield to hide behind. It means the game is being sold in an unready state. This means the developers can move all of their testing onto the people who in the end are going to use it, meaning they do not need to pay testers and other people who will actually be searching for bugs, and not playing the game in the right way. People buy into it and face multiple warnings that this is the case. You're telling me that you bought the game expecting no problems/bugs? Because if you did you're probably an idiot.
  3. The game is already very different to Arma. There have been quite clearly been many changes made to the engine/architecture this was initially based on. And they're changing it to make it better for YOU. We buy into this to become 'testers', not 'players'.
  4. Your name is a piss take of Dean's username. If you were a legit software engineer you'd understand the trouble he is going through in making this game. You'd be supporting and helping out, instead of being argumentative and taking the piss.
Edited by mrtomrichy

Share this post


Link to post
Share on other sites

We're not talking about some discrete/hidden "backdoor". We're talking about easily cheating the exact same way you can in ArmA 2. People were injecting scripts the exact same way they had been in ArmA 2 hours after the release of DayZ. Visit any active cheat forum. I obviously can't link/show you what I mean.

 

What's your point? All it takes is one open door to let them run scripts. The fact that scripts were run doesn't automatically mean the engine architecture is the same as Arma2. Which is what you guys are trying to make it sound like.

Share this post


Link to post
Share on other sites

We're not talking about some discrete/hidden "backdoor". We're talking about easily cheating the exact same way you can in ArmA 2. People were injecting scripts the exact same way they had been in ArmA 2 hours after the release of DayZ. Visit any active cheat forum. I obviously can't link/show you what I mean.

 

Its pretty obvious that its not the "exact same way". Why is that obvious? Well, lets see. Game was released yesterday some time. Patch was released within 24 hours. Now the backdoors were a fundamental issue in ArmA 2 that were essentially lost causes to try and fix, which is why nobody ever did. However, this time, they fixed it within 24 hours. Now I'm going to go out on a limb here and say that they didn't discover the holy grail of development, which allowed them to fix a previously insurmountable problem. Instead, I'm guessing that they plugged the existing hole some time ago, and there were a few minor leaks around the edges which they then quickly found and plugged as well.

 

Why did they only find the additional leaks now? Well, I would wager it would have something to do with the 40 000 new fucking alpha testers they just got. Well done. Job accomplished. Alpha progressing as planned.

Edited by Imbalanxd
  • Like 1

Share this post


Link to post
Share on other sites

Have you ever tried reviewing thousands of lines of other peoples code?

Well, since you asked, I have.

  • Like 1

Share this post


Link to post
Share on other sites

We're not talking about some discrete/hidden "backdoor". We're talking about easily cheating the exact same way you can in ArmA 2. People were injecting scripts the exact same way they had been in ArmA 2 hours after the release of DayZ. Visit any active cheat forum. I obviously can't link/show you what I mean.

Bear in mind... the clients ability to dictate the server with a scripting language was specifically advertised to have been resolved. So in way, yeah, they did lie.

 

Issues that were a HUGE focus on post EA release blogs etc., exactly.  So all the work that was supposedly done to stop said hacks from being an issue in the SA, and somebody "forgets"...

byvdmf7cmaaqskr.png?w=599

Share this post


Link to post
Share on other sites

You have your own code base? Which multi-million dollar, triple A title code base would that be then?

 

Honestly, from what you wrote its clear that coding is probably something you took up in your spare time and you now have a whole website running tens of lines of javascript or something. When you move onto proper monolithic code bases, you usually can't simply forward slash stuff away.

Here's my pro tip to you. Trust the professionals. They sold 100 000 copies in 24 hours. They know what they're doing bro.

 

Heres my pro tip to you, don't expect me to reveal my curriculum vitae simply to establish some level of credibility with you because I don't frankly care what you assume about what I do.

 

And yes you can simply comment code out, even in strict C library environments...which I'd like to point out...SQF is not and the entire top layer of what DayZ does is based in SQF, not monolithic C libraries.

 

Other than that, trusting professionals is fine. Trusting six overworked guys in a small development environment is another thing entirely.

  • Like 1

Share this post


Link to post
Share on other sites

Heres my pro tip to you, don't expect me to reveal my curriculum vitae simply to establish some level of credibility with you because I don't frankly care what you assume about what I do.

 

You didn't seem to mind waving your "curriculum vitae" around like a dick a minute ago. Now suddenly tight lipped.

Edited by Imbalanxd

Share this post


Link to post
Share on other sites

So I still got all my gear. Will my character be wiped later on?

Share this post


Link to post
Share on other sites

You didn't seem to mind waving your "curriculum vitae" around like a dick a minute ago. Now suddenly tight lipped.

 

I don't beleive I stated anything about sales figures, or the size of my genitalia. I maintain a code base for a project I've been working on for seven years and it is a publicly available project. Theres nothing else to say about the matter.

 

Is it Battlefield 4? Or something which allows me to "preach from the mountain"? Uh...no, its not, but is this something that requires Moses level credibility to formulate and communicate an opinion on? I think not.

 

We all know what was promised over the last year and a half and better security from the script injection based disruptions of server environments was on the table in every single discussion. You don't just "forget" that.

  • Like 2

Share this post


Link to post
Share on other sites

They entire reason this is a key point of debate today is due to Reddit exposing the entire server package as "pretty much the same thing as the A2 server package". Reddit isn't exactly an authority on things but tends to be a haven for people that aren't morons that are speaking out of their asses, after reviewing that data and looking over the available information from non-admin players that have photographically documented various hacks that are obvious simply from looking at them what they are...its pretty safe to say that detective skills aren't even necessary in regards to this scenario.

 

Now I'm not saying the situation can't be improved...my point in case is that according to a year and a half of interviews it shouldn't have been a situation in the first place. As I said in another post, I never once expected this team to eliminate hacking forever on day 1 or even day 1000, but I did expect a far more secure client/server relationship than A2's laughable architecture.

 

So... you're bashing the devs based on some reddit comments & screen shots of the (now patched?) hacks?

 

Let's put this in perspective. Let's say I opened a bank in my two car garage. People liked my interest rates, so they brought me all their money to keep safe. A week later some thugs bust down my garage doors and steal all the money. I recognize my lack of security and decide to start work on building a whole new bank facility.

 

A year later I open my doors to customers. My new building is big and concrete, has a nice safe front door that a few thugs can't get through easily. In the first few days, an employee accidentally leaves a door unlocked. Robbers come in and steal money. It was soon figured out that the door wasn't connected to the Banks new fancy security system, they call in the security guy and he fixes it up quickly. The thieves exposed a security hole, the bank patched it.

 

The next day you come into the bank and say you're not keeping your money in this bank anymore, because it's as vulnerable as my old two car garage.

Share this post


Link to post
Share on other sites

So I still got all my gear. Will my character be wiped later on?

 

I'm also curious what's going on here. The popular live streamers are still decked out in their gear still.

  • Like 1

Share this post


Link to post
Share on other sites

So I still got all my gear. Will my character be wiped later on?

 

Without a doubt, you are playing an Alpha you will like as not be wiped many times, when the beta is released you will be wiped, when the game is released you will like as not be wiped again! it's just stuff, don't get too attached :D

Share this post


Link to post
Share on other sites

So... you're bashing the devs based on some reddit comments & screen shots of the (now patched?) hacks?

 

Let's put this in perspective. Let's say I opened a bank in my two car garage. People liked my interest rates, so they brought me all their money to keep safe. A week later some thugs bust down my garage doors and steal all the money. I recognize my lack of security and decide to start work on building a whole new bank facility.

 

A year later I open my doors to customers. My new building is big and concrete, has a nice safe front door that a few thugs can't get through easily. In the first few days, an employee accidentally leaves a door unlocked. Robbers come in and steal money. It was soon figured out that the door wasn't connected to the Banks new fancy security system, they call in the security guy and he fixes it up quickly. The thieves exposed a security hole, the bank patched it.

 

The next day you come into the bank and say you're not keeping your money in this bank anymore, because it's as vulnerable as my old two car garage.

 

In the case of your example the door wasn't connected to the banks fancy new security system by "choice", but the actual infrastructual analysis shows that the door, whether connected to the fancy new security system or not is immaterial because the fancy new security system is basically just the same old system installed into a shiny new server rack.

 

Metaphors really get us no where. The key point is you don't spend a year doing interviews addressing security concerns and then on day 2 post alpha release go "oh yeah we forgot about that...its totally in there man, we just forgot to remove some stuff."

Edited by semipr0
  • Like 1

Share this post


Link to post
Share on other sites

Well, i just logged in to confirm my death with all the good gear i worked hard on for 12 houres or so.

 

I AM STILL ALIVE!!!

 

As a sidenote i stoped playing Dayz Mod because of the "hackers" some time ago, and really hope this is not going to be a issue in the standalone.

Share this post


Link to post
Share on other sites

No, just had a run with a friend and we got fully modded guns and everything :P.

 

well now you get to do it all again, enjoy the experience. 

Share this post


Link to post
Share on other sites

In the case of your example the door wasn't connected to the banks fancy new security system by "choice", but the actual infrastructual analysis shows that the door, whether connected to the fancy new security system or not is immaterial because the fancy new security system is basically just the same old system installed into a shiny new server rack.

 

Metaphors really get us no where. The key point is you don't spend a year doing interviews addressing security concerns and then on day 2 post alpha release go "oh yeah we forgot about that...its totally in there man, we just forgot to remove some stuff."

 

The problem is you assume you know about their security.

 

Edit: Also, the metaphor was all about how you reacted to the situation. The actual bank and security system weren't important. It's all about how you reacted to a perceived situation, while the actual situation might be different.

Edited by bad_mojo

Share this post


Link to post
Share on other sites

The problem is you assume you know about their security.

 

I don't have to assume anything, Rocket's directly acknowledged it, this entire thread is an acknowledgement of what was not assumed but established as fact...the post itself is supposedly promising the solution to said facts.

 

Now if the solution works, great, but the credibility of the security should have never been in question, not after the mod and all the experience gained there and definitely not after spending a year and a half talking about how much more secure the stand alone would be because it would "have to be".

Edited by semipr0
  • Like 2

Share this post


Link to post
Share on other sites

It's all good. Character-wipes are funny, I mean, as material for my DayZ-themed comics. I'm looking forward to all of the "growing pains" Alpha-DayZ offers up for a year as it gives birth to a fascinating game. If you want a finished game, well, you shouldn't buy the Alpha, its that obvious.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×