cross

Yep...DL and have a look. For hidden tabs, put a tick on the enable Upload and enable Launching dedi server in settings tab. It launches a local dedi server of course, not on a remote server. On the other hand, if you need more info re setting up a dedi server and options to use, also check; http://www.kellys-heroes.eu/files/tutorials/dedicated/

cpbo works fine for me in W7 x64 RC1 .. you need to have admin rights.

http://www.kegetys.net/dl.php/tools06062009.zip You can also use Binpbo in BItools which can be used to pack and sign.

http://community.bistudio.com/wiki/Armed_Assault:_Addon_Signatures

New "Appending" option makes updating the repositories much much easier using the GUI thru RDC. :bounce3:

On the contrary, if you are signing certain mods yourself for your server, you'll need to upload those .pbo.bisigns to CSS so that players get them and use when they connect to your server. Of course they'll still need to get the real addon files from somewhere else or from your server, if you tweaked them.

I know but the problem is CSS signs and distributes whatever comes to it. The BAD guy can just release an update with bad code in it. It gets signed and distributed. It really does not bring another level of security because the responsibility is still with the server admin to find out that malicious code. If I am a server very sensitive to security & fairness etc...I'll sign all the mods allowed on my server and shere thru Yoma so that they can sync before playing on my server. we have 500 mods out there and what do you think security centric admins would do? They will still a)allow everything by downloading every bikey from CSS b)Pick certain authors and allow everything that has the tag of say..ionos (malicious or not) c) allow requested/certain addons/mods. Now if they'll choose C then CSS is overqualified because server can sign all allowed and use Yoma. Now if they'll choose B then CSS is again overkill because then what is it that stops author from inserting a malicious/unfair code. Nothing. Same for a. Only that Admin has to find it out and it will disable that specific pbo. What would you do? I'd completely shut that author out and all his work. I wouldn't take that chance again. Now don't get me wrong...I am not against CSS. But I am for local operation of signing (you can delete local privatekeys generated after signing process and before uploading bisigns and bikeys to CSS) rather than forcing authors to to upload all of their pbos just to get it signed and deleted afterwards.

What are you talking about...??? You don't need a launcher or anything. Just go to the beta site where the links are. Download the zip file. Apply beta patch. Use the shortcut to launch arma2. It is no usenet or cracksite or anything... it is an official site and all you ned to do is right click and do "save link as"

Well you cannot expect server admin to download and sign every single pbo themselves, can you? No matter how safe it might be. I for one won't. I'd rather disallow them than to run after every single release. Now...I've read you posts. All I get is CSS will generate a privatekey & bikey for every single pbo and do the signing & distribution of signatures. Write it more openly if what you are saying is something else. What YOU don't get is the fact that admins cannot & will not go thru every single addon they'll allow and check for malicious code in them. Out of hundreds of pbos, it may be next to impossible to identify which pbo create the problem. ie apart from a simple virus check for the ones they download & put into their server. Perhaps you need write it more clearly because there are certain assumptions you are making about the behaviors of key actors and saying this system will solve the trust/security problem. IT WILL NOT, unless admins behave in a certain way, no matter what your CSS does. Because CSS WILL distribute signatures for pbos with malicious code and it is still upto the admins to find out that bad code. If you are not going to do it FOR them than what is the point of generating a privatekey and signing every single pbo. Because if admin finds out something like this ( a bad code), he not only avoids that single pbo but disables everything related to that author or group. I don't care how good his other addons/mods are. You can say, modularity...BUT it is up to the author whether to split his work or not. If he wants more penetration, he makes it more modular and issue separate keys for each addon...so that it is not all or nothing. There will always be a selection/filtering process (and forum feedback process) for the servers as I for one don't want to allow everything out there and than find out which ones crash my server or generate Gbs of RPT. My design would have included these components below... 1-rfactorcental type front end where all authors post their addons and can be rated in certain aspects. Rather than going thru all sorts of forum topics. Well forum is good for discussion but releases must be submitted to a cental DB. example here 2-CSS-Client_Signer&Uploader&Updater&Downloader_Program for authors & players & admins. 3-CSS-Server_Category,Author&KeysDB 4-CSS-Server_KeyDistribution_Web_Interface ...for easier start-up of course unless CSS brings in 1-addon_file_hosting 2-pre-sign protection by checking against malicious code or malicious free certification, 3-MultiPlayer certification making sure it is MP friendly and does not crash the server. You bring in a new idea/initiave or a tool which makes the life easier for every party or make creations more accessible and people will use it.

Yes every addon MUST have its own bikey for each version. If an addon is modular like Proper or Heinbloeds for example, every standalone pbo MUST have its own bikey for each version. So you are saying you are going to ensure that CSS will NEVER sign a malicious code? If this is not the case and if one decides to use the his key as a backdoor to servers, all he has to do is to release another addon (with his trusted/neutral name) and have his code in the file. It will get signed and distributed as usual. And I, as server admin, will download & allow it because I allow all the addons of this guy. As you said for max security, every server signs every allowed file on their server and clients download those bisigns but this is not possible as you can imagine. So it will always be authors (or CSS) signing and servers allowing. What I gather from your posts is, the process is still the same; -Authors upload their files. -CSS signs them. -Author downloads bisigns back to his local and adds them to his addon pack. -Author uploads the files to megaupload/filefront etc.. -Servers get the addon from filefront if serverside. -Servers download bikeys from CSS for Keys folder. -Players download the addon from filefront. Tell me if you have a different general CSS workflow in mind. As for the current system, the reason why it is not widely used is; 1- It is not infested enough by haxors...yet. When/if they start to fuck up 60/70 % of servers they WILL use signature verification. 2-Servers using sig verification usually only allow requested or mostly known addons/mods. For the rest it is not possible for a server admin to download every single addon/mod just to get the bikey. THIS is why it is NOT working. THIS is the Number 1 reason for poor signature usage. Servers need a single location from where they can filter & download keys. 3-None cares to read the Signatures wiki. I don't buy it. I don't believe how any addons maker (16 years old or 30 years old) cannot open command prompt and write a single line to sign their addons unless they have severe ADD. My suggestion is no different than yours except having the signing process on the client machine rather than on the server. This does not make it more simple, actually makes the process more complex but avoids unnecessary upload of files to the server. I can see the merit in generating and keeping the private keys within CSS for security's sake BUT unless you can ensure identification of malicious codes within addons/scripts, it is no better than leaving the privatekey with the author. I think my suggestion may serve as a spring board. Your CSS Program, having real time connection to the CSS Server will perform the signing process locally but interactively. I don't want to repeat what I wrote above. I suspect it is quite a bit of a challenge but you don't have to leave the privatekey with the user, you can upload it the CSS and delete the local copy. CSS serverside will still be doing lots of stuff. From keeping the DB to generating unique identifiers that will be transferred to the program before signing process. You cannot force people to use something but if the program is easy enough to use and if you can manage the CSS serverside good so that server admins can filter & download bikeys easily, then it might get used. It will definitely used by servers who are using sig verification. As for the other insensible servers which don't care to use it, they'll need some haxors fckin up their server to switch over. If we are to force signatures on the community, then it should be BIS doing it, by a very simple method. ArmA2.exe or the engine should check signature verification...ie all the addons vs their bisigns and bikeys DURING game launch. This should ensure all the custom files HAVE signatures, hence forcing all the addon makers to sign their releases, to be able to have them in-game. Posts are getting longer :D

Dunno what to say...Eotech & flashlight on an AK is like sweet'n'sour :D It just doesn't feel right

They won't be interested because this will divert traffic from their site...totally understandable. Unfortunate for this project. A local program in contact with the CSS server doing the below is a good solution IMO; -Yoma's tool does the signing and does it locally so it is achievable. -Distribute the signining tools with this pack. -Force them to open/login to their account online on your server thru this program. -Ask the user to browse to the addon folder. -Possible to impose a naming format if you want or add the date automatically -If you want you can even generate a unique identifier serverside (after the user logs in using this little program or even to the site) and add it to the bikey/privatebikey name. -Generate privatebikey. -Sign pbos and generate server bikey. -Upload the infos and bikey to the server. -Done. -Addonmaker uploads the folder to any mirror/server they want. It now has all the pbos signed and have the bikey copied there too. -Serveradmins download any bikeys they want from your server. Sorry but I really don't understand the good in uploading the pbos UNLESS you are going to host/transfer pbos to a download site. So maybe we should not discuss about it.

Don't worry I know what I am talking about. Otherwise I wouldn't be posting. You did not get my point..re-read my post. What I'm saying is, community sign server is good idea for server admins and you should do it. I always thought we should have had such a repository. But for players not so great (or needed) IF you are not hosting the pbo file in this system...be it on your box or another. They can get the bisign files along with the updated pbo. BUT make the signing process thru a local program, which then uploads the .bikey for the addon/mod along with necessary supplementary info. You don't need to force people to upload the whole bunch of pbos. Only the mod, maker info and related bikey should be enough IF you are not going to host the addon/mod pbos. Servers will still get the bikeys from CSS server. The best thing would be to have it as a one stop shop. Not only the bikeys but the addons as well. Maybe something together with download servers like armaholic etc.. Upload is not necessary because you said files will get deleted yourself in your 1st post.. Now if you are saying that files will be transferred to a download site such as armaholic, thats something else, and it makes sense. I support CSS ;) cya

you won't see it in file types. Select all files and put .tga or .png as an extension to the filename.

post arma.cfg and servers start-up line here

Using win7x64 RC1 .. I signed some pbos experimentally and it just worked fine. FYI

OK I see where you are coming from.. Couple of points from me... What I gathered from your posts is, you'll assign a different bikey for each pbo during the automated process. This create huge number of keys and will make tracking impossible. I for one wouldn't want hundreds of keys in my server_key folder as it will be impossible for me keep it under control. Another point is private keys are personal_property. This process negates that. Not only you need to sign every pbo, you also need to create a privatebikey on a public server. Third...many addon makers has their tags in their bikey or may even have single bikey and sign all final addons with the same key unless has some MP/error concerns. Fourth....If I want to allow 90 % of addons, I disable sign check in the server. We usually allow the ones we check ourselves first for security, performance & quality reasons. I sure don't want to allow anything which can generate GBs of error in the RPT file or crash the server. The more an admin loses control over what is allowed or not, harder it is to find the culprit addon crashing the server. Fifth...from the addon maker POV, I'll upload 700 MB of data the whole day on a crappy ADSL upload speed, for it to get deleted after a 15 second process, which I can do on my computer. I suggest the following.. 1-Create a simple GUI with the tools for signing the addon/mod. The process is simple enough for anyone who can deal with modeling/scripting. Even a bat file should do it, but better to have a GUI. AddonSync can do it very easily...should be OK if screen simplified a bit for signing process only. 2-You host addonmaker accounts in your server. 3-After signing the addon, this interface asks whether they want to upload their public bikey to their account to be hosted on your server. If they don't care to upload, means they don't care whether it is allowed on public servers too. 4-With a login screen, this interface uploads the addon/mod name and the relevant bikey for it. 5-Now as a serveradmin, I can go thru filter options like addon makers' folders, addons, mods, mod groups (for example like weapons, vehicles, packs, conversions etc..) and download any key I'd lke to allow. Of course you compare my keys folder and show ones I have and download ones necessary. Sort of on a screen like Yoma's GameSpy query screen combined with download addons screen Although I suport the effort, this makes more sense to me. cheers

Just out of curiosity..why duplication? why not team up with OFPEC on this? They already have the TAG database and many addon/mod makers can post their bikeys there already. Don't they want to extend their scope to include your setup?

Examine Jones' addon & configs. Talk to him if necessary. http://www.armaholic.com/page.php?id=7079

:confused::confused: you mean the usual stealing stuff ? Did you guys stopped doing addons too?

You'll definitely need more than 1GB ram. Have 3GB. I assume it is Dual core so should be enough. Are you going to share the bandwidth or will it be dedicated to the server. Even if it is for the dedi only 1.3 is a bit too slow. You can try this in your cfg. I made up just now for your approximate BW & setup. Post here or PM me if you have bad performance. MinBandwidth=262144; MaxBandwidth=1300000; MaxMsgSend = 256; MaxSizeGuaranteed = 512; MaxSizeNonguaranteed = 128; //Also try 256 MinErrorToSend = 0.005; MaxCustomFileSize=0;

talk to DaSquade http://forums.bistudio.com/member.php?u=24040

I believe it is just the coloring scheme ...

http://community.bistudio.com/wiki/Image:arguments_global.gif For any readers reference...