Jump to content
Sign in to follow this  
maddogx

Uniting the Multiplayer community

Recommended Posts

To clarify our view further on: addon signature are viable and flexible method. There can be many ways to use it and specific signatures for servers are one possible scenario. Of course users need to have valid public keys in any case. Server signed addons are good option for situations when addon maker didn't sign it etc. Of course, any kind of auto synchronization of public keys is potentially dangerous.

My post didn't intend to decide on behalf of the community which way to go, I just wanted to say that server based signatures are valid community scenario that could make sense in some cases and could make it easier for people. E.g. server provides with a package of addons needed to play on it, including all necessary signature files (which can be simply created by server admin).

Share this post


Link to post
Share on other sites

Maruk;

If I understand this correctly:

E.g. server provides with a package of addons needed to play on it, including all necessary signature files (which can be simply created by server admin).

You're envisioning that a server admin would set this up as part of a mission/mod download at the player connection time?

Share this post


Link to post
Share on other sites

I think he's saying:

"We provided a decent means of securing your addonbase. How you get the addons that players are allowed to use ingame is a matter that's up to the serveradmin."

Maruk, just a small question on the side: do you like or dislike what the addonsync tool does? What would you suggest to improve it?

I bet the guys at BIS have some kind of love-hate relationship with all these addons wink_o.gif

Share this post


Link to post
Share on other sites

Auto addon download isn't plain simple. The engine cannot

(AFAIK) integrate new files and configs during runtime.

A system to auto download, auto restart the game and auto

reconnect to the former server seems like a possible way though.

As for signatures. A server admin can allow additional

addons on his server. People can use addons.

They do NOT have to.

A server can also have multiple signatures for one and the same

addon signed by multiple people and authorities.

It may not be perfect, yet its not as strict to deny people

access to your server as you believe.

Only a mission can require addons, so that people cannot join

and play without them (think of new vehicles).

Yet the vast majority of addons are replacements instead of

new entities.

The other way round - denying specific addons - can be way

tougher however with the current possibilities.

Share this post


Link to post
Share on other sites

Hi, one thing that i think that may be possitive, will be to don't

modify the addons signatures; so the people could use the addon's

original bikey & signature instead look for the server's page (in case

of exist...) and download again the addon signed (without even ask

the addon maker) by that server for be able to play there. It's sad

to can't play in some places because they've re-signed addons that

you've yourself installed but that the server has re-signed for some

reason that i don't get unless in the very improbable case that the

addon/addons is/are not signed; which in this case i don't even

use the addon or keep it in the HD (the Sigma-6 vehicles are the

exception to this). So please, use the bikey and signature that

comes with the addon and we could play all together. Let's C ya

Share this post


Link to post
Share on other sites

wipman you can have two signature for addon A loaded at the same time.

So you sign your addon A, so does server admin B sign your addon A.

He now puts both your signature + key and his pair on the server.

No problem at all.

PS: the addon doesn't get modified by signing.

Share this post


Link to post
Share on other sites

I tried to read the whole thing but gave up, it's too long now.

But I wanted to say I don't understand how such a sound idea has strayed so far. A committee evaluates new and updated addons for suitability in the MP game. If found appropriate that committee signs that addon with its own key and adds that signature to its database for download by admins and players. Server-admins may choose to honour those signatures (generally to the exclusion of all other) and include a recognisable tag in the server name (i.e. "GPMP") to indicate as much to players. The only rub I see is where a server-admin doesn't necessarily want all of the approved addons used on his server to which end I'd suggest two versions of the tag (i.e. "GPMP"/"GPMP-All" and "GPMP-Mix"). I don't want anything automatically downloaded to my PC, I'd prefer to maintain my own ArmA folder.

Who might form the committee? Well where possible I’d break it down into sub-committees based on the AddOn type. I'd love to see NWD head up a vehicles addon panel for instance.

Share this post


Link to post
Share on other sites

Of course i fully comprehend you want to download addons manually, but on some servers you'll find that a very hard and discouraging job.

Unless you like searching for the latest addons all the time that is.

Most likely you'll end up being the one getting kicked all over the place for wrong/conflicting/non-installed addons.

Anyway, i think serveradmins should get together on this and install some kind of voting system for server admins only.

This way you could come up with a list of decent multiplay compatible addons. Nothing needs to be done for that aside for making a small webpage and contacting lots of server admins.

There are endless ways of distribuating the sign files between server admins. I bet the most simple one would simply be a mailing list... (the sign files being so small) How to get the actual addons (if needed) to the players is then totally up to the server admins.

Share this post


Link to post
Share on other sites

Hi, to *Q: i've entered in servers where they had only theyr

own signature and i was kicked for don't have it; why they do this?

no idea, but ain't like it. And why sign two times an addon...?? the

signature that comes with it don't likes you...!?.

Im sure that i could *much more MP missions if many servers were

using only the bikey & signature that comes with the addon,

that way the players will not require by force to download somehow

those new bikey & signature that you didn't included in your addon.

Ohhh.. and of course other thing that will help will be if all the servers

admins add that "on different data not = kick" to the servers...

because you may have some more addons installed, signed and

resting in your own mod folder, that the mission may not require;

but that you've 'em there for your own mission editing pourpouses.

Let's C ya

*Play

Share this post


Link to post
Share on other sites
Hi, to *Q: i've entered in servers where they had only theyr

own signature and i was kicked for don't have it; why they do this?

no idea, but ain't like it. And why sign two times an addon...?? the

signature that comes with it don't likes you...!?.

Im sure that i could *much more MP missions if many servers were

using only the bikey & signature that comes with the addon,

that way the players will not require by force to download somehow

those new bikey & signature that you didn't included in your addon.

Ohhh.. and of course other thing that will help will be if all the servers

admins add that "on different data not = kick" to the servers...

because you may have some more addons installed, signed and

resting in your own mod folder, that the mission may not require;

but that you've 'em there for your own mission editing pourpouses.

Let's C ya

*Play

-keys can be used for multiple addons

=> also for addons the server admin may not like or possible cheat addons that have been signed by the same maker of a valid addon. I think this is why Maruk mentions that autosynching keys is dangerous, it may lead to a leaphole for cheaters.

=> the only real way a server admin can avoid this is by signing all addons he want on this server HIMSELF. This way he can trust the addons, if he can protect his private key.

-Not kicking people with unsigned addons will only lead us back to the cheating hell Arma used to be.

-Use modfolders to separate your editing mods from playing mods, keep your default Arma/addons DBE/Addons folders clean.

I know it's not fun and that it complicates stuff for players. You have to understand that the very reason they made this system is to avoid

-server crashes by addon incompatibilities

-discourage cheaters

We all know this system also discourages non-tech savvy players. But think how much you would like arma when cheating 12 year olds are flying around in vulcans dropping bombcarpets all over the map...

Share this post


Link to post
Share on other sites

Hi, *Yoma:

Quote[/b] ]-Not kicking people with unsigned addons will only lead us back to the cheating hell Arma used to be.

read again man, i've said:

Quote[/b] ]have some more addons installed, signed and

resting in your own mod folder

signed; i've said: signed addons. Of course that i do agree on kick

anyone that dares to use a unsigned addon in any MP server. But,

what i'm 100% is to kick people that only have the original bikey &

signature that comes with the addon as you download it.

Example: my damn M4's pack, my damn M4's pack is just as the

BIS M4's and M16A4's... but much more pimp; are you telling me or

anyone that my M4's are a cheat?? they use the same values

than the BIS weapons, so... why they sign 'em again in some

servers?, and like that, many more addons that are not any kind

of cheat or hack; a better example: the Johnn's USMC v1.5 .

Are they a hack or a cheat...?? no. So then there is no reason

for re-sign 'em again.

It's annoying to be kicked from a server because you don't have

that server's key for your own addon; and the fact of don't use

only, the bikey & signature provided by the addon maker/owner

is killing alot of the MP posibilities of the game in many aspects.

If you think that that addon introduces cheats, isn't really made

for a clean MP use... then, don't, use it. Or do your own and

then sign it as you want. But will be better for us all if the servers

admins use the bikey and the signature that comes with the addon

just as you downloaded it; and allowing the players to have other

(not required for the mission in course) signed addons in the same

custom (no matter how it'll be called) folder; so we wouldn't need

to have 5 different games (in MB size) inside the ArmA folder

to play in each server. "i need 3Gb for play here, other 2Gb for

play here... and just 450Mb for play here" that is one of the less

smart management policies that i-have-ever-seen. Let's C ya

Share this post


Link to post
Share on other sites

You don't need a duplicate of each addon for each signature, multiple signatures can apply to the same addon. If a server admin chooses to delete the original signature, well you'd need to take that up with them, nothing anybody does here could stop that.

Share this post


Link to post
Share on other sites
of cheat or hack; a better example: the Johnn's USMC v1.5 .

Are they a hack or a cheat...?? no. So then there is no reason

for re-sign 'em again.

It's annoying to be kicked from a server because you don't have

that server's key for your own addon; and the fact of don't use

only, the bikey & signature provided by the addon maker/owner

Please read what i wrote again.

Ok so you made a non-cheating addon.

What would keep you from making a cheating one and signing it with the same key.

Therefore using the same key for multiple addons is in fact ALLWAYS dangerous unless you've signed the addons yourself.

A server admin CANNOT CHECK WETHER YOU MADE AN EXTRA ADDON THAT IS A CHEAT!

Share this post


Link to post
Share on other sites

Hi, then someone could do a complete list of what addons are or

may work, as a cheat or hack so the servers admins could have

a dayly updated addons that introduce or allow to possibility to

use cheats, hack something, crash the server due to addon's

errors or that exploit somehow the game's engine.

Re-sign all the addons yourself, is again as i've said one of the

worst management negligences that-i-have-ever-seen. Let's C ya

Share this post


Link to post
Share on other sites

The whole point of addon signatures is that the signing authority must be trusted. Sure, anyone who has ever released a signed addon could use the same key to sign a cheat - but that's the risk you take when you decide to trust a signature/key, and that's the reason why that decision is so important. The whole problem we as a community are facing right now is that there is no consensus as to which signatures/keys are trusted and which aren't. Thus my idea of having a central authority/commitee/whatever to decide upon this, in order to create a common basis.

Of course the central authority could simply sign addons themselves using an "officially" trusted key, but that would open a whole new can of worms that I really don't want to elaborate on right now.

Share this post


Link to post
Share on other sites
Hi, then someone could do a complete list of what addons are or

may work, as a cheat or hack so the servers admins could have

a dayly updated addons that introduce or allow to possibility to

use cheats, hack something, crash the server due to addon's

errors or that exploit somehow the game's engine.

Re-sign all the addons yourself, is again as i've said one of the

worst management negligences that-i-have-ever-seen. Let's C ya

Ok i give up. banghead.gif

A small example to hopefully make you grasp the idea.

Let's say i make a nice M4, fancy textures, nice model blablabla everybody likes it. I sign it.

Then i start toying around with making a cheat addon.

I sign it with the same key!

Now you tell me how serveradmins will allow my M4 and disallow my cheat addon?

Answer: by resigning ONLY the M4.

Thus you need multiple sign files for 1 addon if (as a server admin) you want to be on the safe side. People connecting with the cheatmod will be kicked because obviously you didn't sign the cheatmod.

The solution proposed here would be to have some kind of overlord organisation that signs trusted addons.

I like the basic idea (which would take not long to implement).

The basic problem however with that idea is that as soon as the overlord organisation gets infiltrated by the wrong guys you'll get perfectly good signed "trusted" cheats.

What i propose CANNOT BE infiltrated as every server admin has full control over HIS private key. This solution however has 3 main problems.

1) it's a bitch for serveradmins, they have to find out what to trust, what not and sign

2) it's a bitch for servers not using some kind of organised distribution method for addons/keys

3) it's a bitch for players that don't know about the method the server uses to distribute their addons

I'm in full support however of a limited experienced group of people signing addons for multiplay use and spreading those keys between serveradmins. However i fear that one day this "organisation" might actually do more harm then good, considering a "what if" scenario.

Share this post


Link to post
Share on other sites

Personally I think it unlikely the signing authority would be compromised, anybody who's already released 2-3 significant pieces of work clearly loves the game. I can't imagine such a person even wanting to cheat let alone risking the work that would be required to test and sign. Even if it did happen (and it wouldn't) we'd be no worse off than we are now, servers would very quickly stop honouring those signatures.

Share this post


Link to post
Share on other sites

Hi

Yoma's Quote:

Quote[/b] ]The solution proposed here would be to have some kind of overlord organisation that signs trusted addons.

A) I don't need any kind of "organization" like "that".

B) I don't need "anyone" that sign my addons.

C) I don't use cheats in half serious games like the ArmA.

If a signature or a signed addon have a different size, to the addon

installed (without any hack inside) on the server, shouldn't that kick

the player joining with the (hacked) addon signed by that KFC rat?.

There should be two ways of auto-kick (by the server) those

players with:

A) Different File Size Archives/Addons.

B) Different Name/Number of addons.

For me the way A is the good one, while the B sucks; blocks the

entrance to many non damn cheater players to servers where

play interesting and serious missions with people that do care

what they play and how.

Make clean people pay as sinners is not something that i stand

for, that i can agree with or that i'll give any kind of support.

And may be that the english is not my main language, but what

i understood is that what you propose is to create a kind of "SS"

that says what's right and what not that re-signs other's people

addons and force the players to download and install two or three

times the same addon that they want to play with, if they've the

big luck of find a mission that uses that/those addons that they

like, downloaded from "so untrustable sites..." as... Armaholic...

Armedassault.info... OFPEC... and "untrustable" places like those,

that make us the big favour of host our job. What will be good

enough and may even work, will be to create a list available for

all to see in this forum for example... with the name of the addons

that contain hacks or cheats so the server admins will know which

addons use and whichs don't. If i download something from places

like Armaholic, Armedassault.info or OFPEC.com i trust at the 100%

in the safety of the addon or mod that i've downloaded. Let's C ya

Share this post


Link to post
Share on other sites
A) Different File Size Archives/Addons.

For me the way A is the good one, while the B sucks; blocks the

entrance to many non damn cheater players to servers where

play interesting and serious missions with people that do care

what they play and how.

A)

Do you realise how friggin easy it would be to create a cheat that's named exactly like a valid addon, that's exactly the same size and that has a cheat in it?

I bet it would take about 60 seconds for someone who knows what he's doing. Just fill up part of the addon with nonsaying but nonblocking data and tada...

B)

Have you ever wondered WHY admins enable those file/signature checks/battleeye stuff?

(Yes you can still run a server without them)

Virtually no server does this because within minutes the server is stuffed with cheaters, unless you password it and only give out the password to close friends.

Anyway, i tried my best explaining stuff, if you can't,won't,don't understand then that's your problem i guess...

Share this post


Link to post
Share on other sites

Hi, no Yoma, i don't know how easy it's for someone who knows

about to hack a server that only have those few preventive measures

againist the damn cheaters, hackers and suckers in general. But

do you realize how angry makes me to do an addon crying by the

corners to every damn one who could help me and then when you

finnally find a few servers/missions that use it, be kicked because

you don't have "a valid key" for your own damn addon!?. The fact

of don't use addons in MP is what fucks the game plus it's own bugs,

that are just alot; without the addons that "valance" well the sides in

conflict, the game, is, in, panties; if i want to be able for shoot

from the hatch of the cargo coffin of my damn IFV i'll had to play

to the damn BF2 because in the "ultimate war simulator..." i can't.

And that's just one of the things that we can't do; and without

use addons that make this better, i wouldn't touch the ArmA

again. So there must be some way of allow addons to be used in

damn easy way for all or i wouldn't be doing damn weapons packs

for everyone of us, you, me and the rest of the players of this

damn game. Let's C ya

Share this post


Link to post
Share on other sites

I understand that must be very frustrating.

Beside that i nearly never play multiplay WITHOUT addons.

But all the servers i play at use my tool. I never get kicked for missing addons, missing sign files, and if i do i just sync and off i go. The frustration you are having is EXACTLY why i made my tool. In fact i took the liberty of looking for your wip_m4a1.pbo addon in my arma folder. (I never download separate addons, yet the addon is there, this means some server is using it)

Of course i understand people who don't want to use it, but for those who do: what you ask for is possible with just minor work on more and more servers.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×