Jump to content
Message added by daredevil

Please DO NOT download ETlegacy 2.76 as it will not work on any servers using pk3 as menu of char ~~ or Ext ASCII characters. Matter of times server admins start spamming zzzzz in pk3 names. I have no idea what is the logic behind blocking pk3 file name rather then blocking menu override itself. 

 

I have tried to talk with @kemon  , IRATA and other member of Legacy team. They went out with this approach which really doesn't make any sense. Let's be honest here - it doesn't - no matter how much anyone tries to justify it. Even @kemon you and IRATA both even agreed to that i.e. blocking file characters is not a good logic,  in our conversations so i have no idea what happened during release. 

 

Here is prime example - Gun control is an issue for massive crime so some people decided to block ONLY SMG's but rest of the guns would be still freely available in market. Does that make any sense? Because you ban SMG but rifles, other guns, pistol, etc etc are still available in market.  

 

So same happened in ETLegacy 2.76 version. They just banned 2-3 characters in ETLegacy version. Matter of time admins will start spamming pk3's with name zzzzzzzz, yyyyyyyyy, xxxxxxxxxx - etc... etc. 

 

I have no idea what else to say. I have tried to convey the message since months to the team but they did - what they wanted to do it even though few members had told me that in next version they will not block any file names. No offense intended to anyone. In my book - it's horrible logic. It really is. 

Recommended Posts

Posted

Hi there,
I was just on a walk and had time to think about the rather heated discussion from this morning.

First of all, let me stress that we are not implying F|A is using any malicious pk3 files. The problem is that our attempt at providing our players with security clashes with your attempt at providing your players with convenience.

Neither party is either good or bad in this, we are both trying to simplify the lives of players by the means we have.

Now, I realize I should have started with this post this morning, because it might have prevented some reactions on both sides.

 

lkFOiST.png

 

What is the deal of those pk3 and why are we so worried about them?

 

Why the tilde [~] character?

When you start the game, it goes through all the pk3 it can find in its directory starting with game (etmain) and then the loaded mod (e.g. legacy, nq, jaymod,...) and loads them alphabetically. So, pak0, pak1, pak2 (the standard etmain pk3) are loaded before pak3 (our legacy pk3). This is causing some servers to enter an outright war over which pk3 gets loaded last, because the content of that pk3 overrides content from all previously loaded pk3. Whichever is the last loaded pk3 containing UI files for the main menu is the one that gets to display what the player sees in their main menu. The tilde [~] and other ASCII characters are in the alphabetical list after alphanumerical characters, making them popular choices for titles for those pk3.

 

Why are we worried about pk3 using those characters?

By itself, this is not necessarily bad, like you can see at the example of F|A. Your menu is intended as additional convenience to the player. However, there are several servers that for example remove all content from the main menu except for a connect button to their server. This leaves the player with no choice and options. Some even go as far as immediately connecting to a server without previous action needed by the player.

Imagine you start your game and it automatically connects you to a server you do not want to play on, because it executes that main menu file on startup. Once on the server you disconnect, because you want to play on another server. You disconnect to the main menu and immediately connect to that server again, because the main menu file gets executed. This is a loop that a player not necessarily knows how to exit, so they might uninstall.


Isn't all of that going to move the war to zzz_* pk3?

Not necessarily. There are two different kinds of reasons for those pk3. For the sake of argument, let's call them 'good' and 'bad'. Good is your menu file that wants to increase player convenience and be loaded last to prevent other potentially malicious files to be loaded after it. Bad are pk3 that need to be loaded last to maliciously tamper with the player's main menu in ways outlined above to bring as many players as possible to their servers.

It's likely (not safe) that those server admins won't also stop using tilde [~], because ET: Legacy has a few other exploit fixes (e.g. global server redirect from last summer) that they might not want. Also ET: Legacy is by no means the new standard (yet), so other servers on 2.60b will still use tilde to drive players to their server. So if one of the bad servers switches they are losing to the other bad servers who still use tilde.

 

What is going to happen now?

The easiest way for server admins to prevent any issues with ET: Legacy is to only use alphanumerical characters in pk3 names.

If F|A renames their menu pk3 to z_*, they are immediately compatible with ET: Legacy. Players do need to redownload that pk3, but don't need to do anything else.

By using z_* your menu file is loaded after the original game paks, ensuring that your players will have your convenience again.

All clients using ET: Legacy will not be vulnerable to the potentially malicious tilde pk3 from bad servers. All vanilla clients would need to be instructed to not blindly connect to servers they don't know.

As far as I understand it from reading your messages is that most of you play exclusively on F|A. This means they never even connect to those bad servers, which removes the need for F|A to enter the war of the tilde pk3.

Some of you also play on other communities like for example ETc. What could be possible is that you enter some sort of partnership with a z_FA_ETC menu file, that has two buttons in the main menu, one for a sub-menu with all FA servers and one with all ETc servers. By doing this, you also prevent a civil war of last loaded pk3 among 'good' servers.

 

What's planned in the long run?

Now, to make it two official statements:

"We are not planning on removing that ban in future versions, for reasons outlined above."

"We won't be extending the ban to alphanumerical characters (zzz_)."

This ban was intended to provide additional security to players. It was always clear that by doing so we are not completely fixing this issue.

However, this ban has at least moved that exploit problem in the center of discussion. Players are now aware and server admins are confronted with their decisions.

By having that discussion we do hope that the community can actually come together and agree on common practices. Maybe even form partnerships.

Change is not happening if we ignore issues.

 

Why are we not blacklisting servers or whitelisting pk3?

This is a very slippery slope! We now have been accused of misconduct and exploitation of power with a simple attempt at providing security to players by blocking both good and bad.

Good and bad are always relative constructs and a handful of people should not have the power to decide to blacklist servers, nor be vulnerable to allegations of corruption for whitelisting pk3 from servers that donate.

 

Conclusion

Server admins can simply rename their pk3 to z_* or anything else that is loaded after the official game files and are immediately compatible.

Server admins could enter partnerships with other communities to prevent civil war of menu files among good servers.

If server admins rename their pk3 now, ET: Legacy clients will still be safe from potentially malicious files from other servers using the tilde character.

Vanilla clients would need to be instructed to not blindly connect to servers.

 

41OPvzL.png

 

  • Like 2
Posted
6 hours ago, kemon said:

The problem is the degree of 'potentially malicious'. Sure, every file on the internet could be bad, you never know. However, it's not the same.

You don't go to random sites on the internet and start downloading .exe files. You only download .exe (hopefully) from sites that you trust, because exe has a higher potential of being malicious.

The main menu files are the exe. They get executed whenever the player enters the main menu.

Like I said, we can't check for their content to be 'good' or 'bad', so we have to assume that it is bad. Because again, you wouldn't execute an exe file that you were forced to download from a site/server that you just connected to to see how it is. This is roughly the same. I don't know if you remember the horrible redirect exploits last summer. ET: Legacy was exempt from that, because we fixed that exploit on the engine level. But how are these exploits accepted behaviour?

I'm not implying F|A is doing anything malicious! By no means! I'm just saying that we can't scan the files for 'good' or 'bad' and therefore need to assume they are bad.

Don't worry I am not suggesting you are implying we are doing anything wrong, I understand your point I just don't think it's your place to inflict these restrictions, all it will do is kill your project IMO. 

 

Whenever we use our computers, it is our responsibility to ensure we trust anything we connect to or download, and we can use AV to aid our safety online. 

 

And if we do encounter issues with anything to do with our computers, we seek help to resolve them and reinstall as a last resort.  This has been the case for decades.

 

It feels like ETL is trying to reinvent the wheel, and coming up with a square! 

 

I am sorry to say this because I have always been excited to see a functional ETL release but now I am not so keen.

  • Like 3
  • 100 1
Posted
1 hour ago, kemon said:

By using z_* your menu file is loaded after the original game paks, ensuring that your players will have your convenience again.

All clients using ET: Legacy will not be vulnerable to the potentially malicious tilde pk3 from bad servers. All vanilla clients would need to be instructed to not blindly connect to servers they don't know.

 

Wait, so all players using updated ETL are now 100% safe from custom malicious menus? Even when they have zzzz in their names? Well, that's something new or I'm getting something wrong

  • Like 2
  • Administrators
Posted
22 hours ago, kajto3 said:

Wait, so all players using updated ETL are now 100% safe from custom malicious menus? Even when they have zzzz in their names? Well, that's something new or I'm getting something wrong

No it doesn't solve anything for you. This is what ETL dev team is doing causing headache for admins and players. I will tell you why - 

 

Note - @kemon - My replies are not directed to you even though they referenced you. It's direct to ETL team which you are defending so hard on their decision. I have no personal issues with any individual so i want to make that very clear, crystal clear. What I have is with the problem of bull shit approach of some people who manage ETL. Note - Keyword 'approach' and not individual. 

 

1. Any admin can still use any pk3 name and spam your installation - so eventually ETL team is saying join only good servers. Off course new player will not know it and they will join any server so no resolution to problem.

2. @kemon - Do you have permission of players of deleting files before showing which files will be deleted? If not then ETL comes under this  - 'Trojan horse' - i.e. 

In computing, a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive wooden horse that led to the fall of the city of Troy.  - https://en.wikipedia.org/wiki/Trojan_horse_(computing)

Players are downloading ETLegacy to play on servers and they are figuring it out their downloaded files are being removed i.e. even skins, sound packets, etc without any consent and they have to download it again. 

3. Please don't call ETL is for community when it's against community to satisfy ego of the ETL dev team. Yes it is. 

4. As shana mentioned - EVERY player - playing through ETLegacy or not - will have to download skins, sounds, etc because they have ~ in their pk3 name. That's BS. Selective BS. It will increase server owner redirect BW for no valid reason and people on high speed limited plan will get screwed cos their all players will have to download file again or each one will download at super slow speed. 

 

IMP Note - ETL 2.76 ONLY Blocks 2 characters at max and that's it. If we can override the menu with zz then anyone can. 

 

ETL team has provided no resolution but instead caused headache for players and good admins. So please don't say going forward that ETL is for players. No it's not because it DOES NOT resolve anything for them. In fact deletes the non menu files without their consent like a trojan/virus. 

 

Also since you are defending ETL team so much please explain why you deleted the message from Discord after PM me? Luckily, I have screenshot. Yes, I took one.

 

IMP NOTE - I have no personal dispute with you. Many clans will not change and they will not change pk3 either - then no one can use new ETLegacy. They will not speak up either because they will be afraid that other people will taint them as bad people. I am only speaking because I would like to ETL succeed and I respect you people but that doesn't mean I loose the ability to content/argue over bad decision made by few people. 

 

Please counter my arguments with logic.  - Thank you. 

 

image.png

 

image.png

 

 

  • Like 6
  • 100 2
Posted (edited)

@kemon why don't you guys remove this block and simply put a button on client main screen saying 'delete all custom PK3 files' or simpler 'Clean my Install' with a warning that it will delete files (Ok/Cancel) - so if the player joins a bad server with shit PK3s then they have an easy user friendly way to clean them up?  Problem solved. 

 

PS: I know the response will likely be that this option could be removed by the custom menu, but you could initiate a splash screen offering 'Play ET' (takes you to usual ET menu) or 'Clean My Install' (asks to confirm file deletion)

Edited by Chuckun
  • Like 2
Posted

ETL team caused chaos on our server and our players. All admins should get together and block ETL. Run small private server and have heavy modifications of 50MB which now all download again if change. No one asked for this.

 

Sorry for my bad english. 

  • Like 3
Posted (edited)

@kemon

Ever since ET is released servers / clans use there own server / clan pk3 it's nothing new and always have been the case. All you are doing now is forcing your own will on clans that putted a lot of effort to keep filling servers and all you accomplish with this is telling screw you to all players and server owners and empty the last real active servers. Thank you for harassing players.

Edited by DFighter
  • Like 1
  • 100 3
Posted

Gonna share my two cents here, since this could probably go forward and backwards for a while without any compromise at the end. Obviously ETL is like a new product at market, where existing product (ET) is already decent by itself, so new project (ETL) is trying to succeed it and make it better for the future since game on its own is quite old already. Its like making a new model of a car, specially if its very prestigious, companies always listen to their loyal customers as to what should be improved and adjusted in new models so that both parties are satisfied at the end, customer with a better model of a car and companies with good sales ratio. Its just one example out of countless more where both parties needs to be satisfied. U cant simply put something on market and completely change one thing expecting customers to embrace your view of "improvement" and then hope everyone will use it and agree to it, sadly doesnt work like that.

 

I understand both parties here, all the public clans who are now at dilemma whether to use the new patch and get tons of hastle of new pk3's, remain on older patch or completly shut down ETL project (and we dont want that do we?), on the other side, i understand that you guys from ETL want to improve security for new players who might test it out and some of the points that were made in this topic are pretty reasonable as to why this has been done, tho sadly it simply doesnt work like that when u change something so drastically and expect everyone to nod their heads in agreement.

 

If u want to make ETL happen and make it popular or even in best case scenario, have it replace original ET in years to come, u definitely need to start working now and in a term of listening your customers by what they feel needs to be changed/improved. Each project, each bussniess has always been like that, supply and demand, listen to what your customer wants and make something close to it, so both parties can be happy. If u are just going to force something and completely shut down all negotiation i can assure you that your project will die without any hope of having it succeed, so why going down that path?

 

My proposal would be, bring every leader of big community such as ETc, FA, Team Muppet and any others who are supporting ETL and gather all the feedbacks, recommendations, proposals together, then discuss what can be done and cant be done, so at the end you provide us with a product that players will love to use as well as admins be happy to support, because at the very end there is no ETL without ET community behind it.

Its sad to see that reading this topic, all we get is pointless arguments and deaf ears instead of compromsing to create some kind of resolve for both sides and providing most sufficient version for everyone to be happy.

 

I know u want to make things better for ET and its players, but accepting all decisions without your users is never going to work, so for the sake for players and their love for this game, be as equal and discuss stuffs that can be beneficial to future and exsisting players together.

  • Like 4
Posted

Maybe just put ASCII characters on every file an future files and force every one to just play on normal ET if you want to protest  :D

 

Start a #ASCIIcharacters movement

 

Didn't read this earlier sorry 

  • Like 1
  • 4 weeks later...
Posted
I play again on ETL for 3 days and ... I like it.
Stable 125 fps, OpenGL 3+, OpenAL (this is great!) and raw input (at last).
 
Only sometimes disconnects me from the server.
  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.