Security Vulnerabilities fixed by Patch #2 and Character wipe

[Azrail (DayZ) 211]

Think this topic should get back on the game, and not negative individuals. Great work so far Rocket and co. 

 

^this

 

though, i personally enjoy a troll every now and then.

like a pet, you know - just for the giggles. feed it, but with care!

not to much, else it will go overboard and get banned. not to little, else it will starve.

 

 

 

 

with that in mind,

how is server availability right now?

past two days were a mere pain to get on any server,

how is it going post-patch?

[TheRedScare 353]

I died right before this patch so I lost nothing :D Except for a pristine green ushanka......RIP little buddy.

[WalkerDown (DayZ) 296]

This is the old BE approach, and to be honest i don't like it.. i hoped into some more efficient workflow than: "hey look, there's a new public cheat available on UC, let's download it, see how it works and then change our pointers so the script kids won't understand the difference...", it will surely stop the idiots, it won't stop the smart cheaters (or the hackers). Better than nothing I see.. but with this route you will never eradicate the cheaters from the game, it will be exactly like DayZ mod.

[ashjones86 8]

 

 

though, i personally enjoy a troll every now and then.

like a pet, you know - just for the giggles. feed it, but with care!

not to much, else it will go overboard and get banned. not to little, else it will starve.

 

 

 

 

 

hahaha 

[greenborg 0]

Thanks for the hard work, and stopping hacker is importen. DayZ mod is ruiend by hackers. keep up the good and hard work :thumbsup:

[PinkSushi 0]

So, I've now been wiped a good 5 times, It appears that my character data is'nt being saved at all, A soon as i leave and even if joining the same server or another it results in the same wipe of my character.(xxx Nude Mode)

A character wipe is fine, but when you're bugged in a loop everytime you log out to go pee, it's a little much ^_^

 

[nasdero68 0]

No problem at all, everybody was pointed to the state of this game, do what you need to do, but please fix this unconscious thing, it can't be right, can it?

[archone88 29]

Seems like theres alot of people that dont understand what an Alpha is.. Maybe not even what comes! A Beta! GASP!!!

[Zyryanoff 227]

You have your own code base? Which multi-million dollar, triple A title code base would that be then?

Here's my pro tip to you. Trust the professionals. They sold 100 000 copies in 24 hours. They know what they're doing bro.

If this is your "'pro' <_<  tip" I feel sorry for you IMHO. This is blind step into abyss. Obviously "guys with millions" (except Rocket B) ) basically don't have time to sit on forums. With this logic you can't have your opinion about music (cause you're not professional musician), about Steam (cause you're not Gabe) etc. etc.

Yes, they sold 100k copies, but don't forget that "we" bought.

I don't know why that lazy-guy was deleted/banned/suspended because healthy community needs not only people who are talking:"Rocket it's cool! :lol: ","Rocket it's awesome! :lol: " (probably because they are using such "pro" <_< -tips) but constructive critics too. Yep, he was a little flamer but looks like he really likes Dayz. And I think that such guys can be very useful for Rocket unless he comes to this forum only to hear praise. (which I doubt)

Another thing, it does not make any sense to insult Dean and be rude (maybe he did it to get attention or he can't do it other way).

Trust the professionals.

If you're going to blindly "trust the professionals", they can easily be tempted to cheat you.

 

PS All this thread became big offtop.

Edited December 19, 2013 by Zyryanoff

[Respec 0]

deleted

Edited December 19, 2013 by Respec

[joe_mcentire 2073]

If this is your "'pro' <_<  tip" I feel sorry for you IMHO. This is blind step into abyss. Obviously "guys with millions" (except Rocket B) ) basically don't have time to sit on forums. With this logic you can't have your opinion about music (cause you're not professional musician), about Steam (cause you're not Gabe) etc. etc.

Yes, they sold 100k copies, but don't forget that "we" bought.

I don't know why that lazy-guy was deleted/banned/suspended because healthy community needs not only people who are talking:"Rocket it's cool! :lol: ","Rocket it's awesome! :lol: " (probably because they are using such "pro" <_< -tips) but constructive critics too. Yep, he was a little flamer but looks like he really likes Dayz. And I think that such guys can be very useful for Rocket unless he comes to this forum only to hear praise. (which I doubt)

Another thing, it does not make any sense to insult Dean and be rude (maybe he did it to get attention or he can't do it other way).

If you're going to blindly "trust the professionals", they can easily be tempted to cheat you.

 

PS All this thread became big offtop.

you need to distinguish however. that lazy-guy maybe made some points. but his whole appearance and constant provoking/flaming is just not tolerable.

[Jew (DayZ) 0]

Good job Dean, good job.  :thumbsup:

[peavey_p 15]

You know I totally get this, dirty/elegant hacks are a standard of the business when dealing with non-in house engines....but seriously. You can pull up an entire page of interviews with Dean from over the last year alone where server/client security was a major topic of discussion....the ability to just "forget" to remove superceded architecture if you've actually replaced it simply boggles the mind.

 

It shouldn't boggle the mind.

I don't always agree with Joel on Software, but on the balance he got this one right: Things You Should Never Do, Part I

We tend to want to scrap and rewrite systems from scratch in order to improve them, and this is a decision that tends to unfold with tragic consequences in large software systems when on a deadline.

It seems evident that the standalone devs, about 15 months ago and under a then-looming deadline, opted for a surgical approach: implement a new client/server architecture while breaking a minimum amount of existing mod code.

Based on Dean's comments it sounds as though such an approach allowed the old client script system to remain functioning, while providing a path to migrate scripts to the server side under the new architecture, in a piecemeal fashion.

If so, it is then not incongruous to arrive at some point at a state where all of the following are true: <a> all key scripts pertaining to exploitable loot spawning mechanics have been moved to the new client/server architcture; <b> the old script architecture is still used for some non-security-impacting parts of the game logic; <c> a no-longer-needed hook which allowed for loot spawning via the old architecture is still accessible even though it should have been disabled but was accidentally overlooked.

If this is the case, then the discovery and removal of any such now-unneeded-and-inadvertantly-still-active hooks in the old system would indeed constitute a genuine fix for the exploit, and not be merely the application of a band-aid measure.

In large scale software development on legacy codebases the shortest distance between two points is generally not a total rewrite.

Edited December 19, 2013 by peavey_p

[Kalle Bowo 169]

I knew it would be to good to be true that I made it up to the north west air field on day 01 :D

 

Anyway, it's an alpha and one could expact those things to happen :) Everything's fine :)

[mstaJ 0]

My can openerrrrrrrrrrrrrrrrr.

 

Awesome job cleaning up a security risk though, well done.

[sav112g 114]

Watching a stream and the guy took shots and returned fire to find the player had vanished. Both players were at the same building at different ends. So the streamer expecting a fight goes round to find no one and obviously the guy had logged out.

 

The guy logged out returns after a few minutes and kills the streamer!

 

 

Can this not be fixed I thought we had gone beyond this kind of stuff. Can you not restrict players from servers they have just left for 30 minutes if there has been combat!

 

Never having played the game I want it to be fair by the time I do. Love how they are patching all the same as I thought when the SA dropped it would be “See you next year” but its not and credit to the team for that.

[FreshmeatDK 22]

 

It shouldn't boggle the mind.

I don't always agree with Joel on Software, but on the balance he got this one right: Things You Should Never Do, Part I

We tend to want to scrap and rewrite systems from scratch in order to improve them, and this is a decision that tends to unfold with tragic consequences in large software systems when on a deadline. <snip>

 

I have often pondered on that article in regards to DayZ myself, especially since I think I found it through a link in one of Rockets post. Right now the game is held by goodwill and ducttape, and I will not be surprised when we hit another wipe. But then again, once you have a comfortable amount of gear, you are probably just going PvP, so it might keep the survivor aspect for a longer time.

[haxborn 28]

When I just managed to mod my flashlight into a fleshlight :( It's a pity.

 

But seriously, no worries, I'm just happy you updated the game, and that overrides the sadnes from loosing my current character.

[BelMarduk 169]

I'm sorry this is by far the dumbest post I've read in the history of these forums and that is saying a lot. Look, I get it, you're not a programmer, you're the game designer. You come up with some solid ideas. But fucking hell man what on god's earth are you talking about?

ad hominem attack much?

[mick17 93]

Welp I had died right before this happened and lost everything so now it doesn't matter as much!! Good work closing more of the security holes. Obviously some of these holes would only be found withcthe public alpha so completely understandable.

[benvats 0]

Well least i know it wasn't just me that lost everything, after 8hrs of gametime!

Least we are all back on an even footing.

Rocket ignore the critics! - you have clearly warned everyone that this is buggy and very far from finished so anyone who then plays it and moans obviously can't read!!!

Keep up the good work, but as a request can you guys publish what items are/are not functional in game as it goes? No point lugging a camp stove around that doesn't work.

[DMOlandsexport 0]

I have never attempted to use hacks in an online game and I have no experience with game code, but if it assists in development of the alpha phase, would you not encourage hacking in a sense?  You know, leave the holes open a little to catch the rats in the pantry?  I would.  In fact, I wouldn't even ban the p.o.s.  Let them hack to their hearts content all the while keeping a watchful eye and BANHAMMER when they're no longer any use in exploiting the game.  I expect many more wipes to come.  Keep it real people and report those bugs!

[BigCountry 26]

Wipe all you need to rocket. Do whatever you guys need to do to keep the game hack free as possible. That's what all of us want. No hackers. :D

[bulldog six 13]

isn't there a way you can ONLY punish the cheaters as opposed to punish ALL PLAYERS with a reset?

 

I thought you said this server-side architecture would prevent cheating. was it just a dream?

[admin@stainlessnetwork.co.uk 2]

Hi Dean and All,

 

Don't normally post but I just wanted to talk about the amazing feat that has been done here, developing a game such as this is hughly difficult and time consuming. The shear brutal workload that these people are under to develop this game is one of the reasons I did'nt choose to enter the game development industry for a career.

 

You've got people;

 

doing the concepts,

the ideas,

the plan the schedule,

doing the textures,

doing the models for the textures,

doing the animation live capture for each and every new animation (did you see this video of these guys, including Dean himself, actually doing the animations themselfs? https://www.youtube.com/watch?v=NdR9y3oVtZQ#t=550,

doing the map editing,

doing the mechanics,

doing the press releases,

reading all the feedback, which by the way Dean does a fantasic job of interacting with the people following him,

not to mention the massive amount of code being done,

OVER AND OVER AND OVER, day and night.

The fact that this team under the project leadership seems to have complete focus and a common understanding of what the outcome needs to be is, in itself, amazing.

 

@ HelicopterHunter  Yes maybe Dean isnt a coder I havnt seen his resume have you? But if he's the project leader, which seems to be the case he's got his guys working like a finely oiled engine.

 

Hats off to you Dean Hall and to the entire development team of which I have no doubt there are many.

 

I hope my comments inspire the team to carry on JUST THE WAY they have been doing.

 

Great job guys, great job.

 

With regards,

[GreenWookiee] Richartz (Brett Kaby).

Business owner, programmer, gamer, dayzer.

 

Many beans for you.