2.2b Backdoor?!
wrote:wrote:...
Appollo straiten your facts before accusing because it doesn't make sense..
Also shady is missing some days around, maybe is ESR's fault..
i don't consider them as private data.
_________
epsislow
Isn't this just supposed to be a service that makes job easier for people analyzing demos and monitoring ac software data so they don't have to be on EVERY cw and on every server all the time? people don't want to play on servers while there are cheaters freely roaming around
I agree that they DEFINITELY should have told server owners what was going on, because now that secret (and potentionally very useful) feature is not secret at all... this is what happens when people try to be too mysterious! I can bet if you informed server owners they would know to keep the secret a lot longer than it turned out this way
There is a serious lack of communication between server administrators and e+ staff (both developers and administrator) which again led to creating even bigger gap between the two groups.
There should be a team of public servers administrators and e+ staff with private forum so it would be easier to communicate
Only the following people are WORTHY of seeing it: Skullhead, Falat1ty, BlackRose, Leukothea, MoeDe, 2!S Monk, MICRWAR, ex-*ZMB*Ultra.
I'm glad that I'm in your head, but it's funny how you create a list of names of people that "don't like temy for no apparent reason bcuz brother is so real, loyal and unique" (xD plz), and you miss out sooo many people in the process.
On another note wtf do I have to do, or ever had to do with beta testing and anticheat tools?!? when did my opinion matter in those circles?! and still I'm being mentioned in some paranoid schizoprhreniac "scenarios", which probably everybody knows are your actual beliefs.
the conclusion:
new big brother features secrecy = fail
overreaction and mistrust = win
shady = still gay
, cuz it still has some flaws and we need to track certain behaviours to fix them asap, thats why this command is still here and hidden, once anti cheat tool became an atleast 99% non fault proggy this command will be for sure removed and nobody will see output from it, it will simply work by its own if enabled on your server.
Does this mean you have released it still as beta, is 2.2c just round corner then?
The picture painted here and it is only my perception of that image, is that the dev team dont trust the server owners, or the players.
no matter what is developed, someone with a true desire to circum-navigate any safeguards implimented will find a way through sheer perciverance percaverence dedication to the cause.
including server owners in the whole scenario would solidify the community. f1 for what fala said about a database accessable by all.
Whilst saying all this, one thing has crossed my mind, VSP stats gather user data without users knowledge and noone complains at this, same principle. so maybe its not such a concern??
database accessible by none aside ACS crew...
u guys missing a point, there is no FUCKING private data there, or any useful informations u cloud use in any other way than capturing cheaters! If u going to get all those data u won't going to understand that at all...
the tool is already working and everyone can configure it, all is explained in readme.txt witch probably u haven't bothered to read
and still u do demand a access to developers section witch is ridiculous the same way as everyone who have q3 can crate a server so it means u say dev team should explain gears of the ACS to every freaking person of this mod while not even 10% of this community knows how to handle the weapons cfg's...
oh god why i am not a moneky ://// going to shop to get some bananas & beer
locked due to discussion purposes, I will unlock as soon as I have finished a LONG LONG post. Edit: was needed so I can answer on every important aspect.
Shox: ...nice backdoor...
First of all, the definition of a backdoor is to gain further access to stuff through a flaw in something. The thing we talk
about is rather a front door, go a path thats just known to people who have been introduced and all they can read is the front
door of someone.
Shox: that a hand full of random guys can spy on people on a server, that is payed by others.
First of all, we do not spy the people, we spy more of the server. The APM is completly server side, any info it displays has
been send by the user to the server, the info is just analysed nowadays, you could have done the same back in 1.03, the info the
user send was 100% the same. This was made to keep the ability of people without the mod join the server.
Shox: whoever came up with that "brilliant" idea, isn't better than the cheaters themselves, in my eyes.
maybe, besides the fact the cheater wants to slap you in the face directly while the coder wants to protect you from that.
Shox: serverowner or the admins, who probably won't know about that exploit, is the wrong approach
Again, it is not a exploit, it is 100% really in the code and not a flaw
Shox: possibility to let the serverowners / admins decide about the amount of rights, which is given to their
guests.
Aj, so how about E+ devs decide about the amount of features given to server admins? @Hammer: remember that you asked me to get
the anticheat before official release? Funnily that now its there you complain about the way it works, especially since it wont
work if all info is public, same as an anticheat quake3.exe does not work if its open source - thats why it is in mod code.
Hammer: [...]started to ask one of the betatesters what some lines of that followtool meaned , and he reacted to me in
the way : this is totally secret ! and : Im not gonna tell u that !!
The "it's secret" info was from me and thats all I told you, unluckily, you didn't listened and made it public. And as you said,
I didn't tell you it.
Hammer: A secret tool hidden for own serveradmins to spy other players with a secret masterpassword whats also secret for
serveradmins
Again we are not spying the persons, we are analysing the stream send by client to server, it is the same as people do it in
defrag to catch scripters and strafebots there.
hammer: So if u have a own server , with ure own trusted admins , be careful , peepz from outside ure adminteam can see
exactly what players on ure servers do , how they shoot , how many times they do that on what place etc and way more ,
...
So tell me where this differs from actual watching a demo or something? If I watch a demo, I can see where people shoot and when
and how, I can even scale models back to see how it was ingame. I can measure the time difference between shoot A and shoot B
via doing a 125 fps capture which takes me a half hour for 1 demo and then i have to analyse tgas with a size of 2.5 mb each.
Great. As somebody told in past, put skull on every server and problem solved.
Hammer: They even can see suspicious stats about any player ...its the same , u pay for a house but 200 others have they
key of that house and u are so stupid to pay for it !!
Except that before you leaked info only about 20-25? person knew about it and besides being capable of accessing your outside
water at the house, they can not sleep in your bed. Your example is pretty lame tbh, it has nothing to do with a house.
In real, its a server, you pay for it and you are free to do with it what you want, run cpma, defrag, e+ or edawn. If you decide
to run e+ with anticheat, remember, its you who runs it and decides to have an programm running, that reports its way of working
to people who know about it, for everyone else this programm is a 100% nonpartisan worker and even if it tells you further info,
it still kicks you if you cheat. It just tells you straight into the face it does so. If you want a comparison, its like a
bodyguard of a club checking everyone and as soon as you do something against the houserules you get kicked out. If you want to
engage them is your free decision, feel free to run e+ 2.1 if thats to privat for you. Especially since a server is not a house,
you basically invite everyone to play on your server and now complain people do so with all features given.
About the argument that the server owner doesnt know about it, follow this post till it's end.
ozy: I found out by incident Skull has created on a well known server by attacking the owners in public (on full server)
how they dare to change the password. This has leaked of course, and then i found the solution.
Imo it has been other way round, you knew ahead besides that I talked with that person in privat mostly, so you couldnt know
anything crucial.
Ozy: If you allow unauthorized & hidden access, to sensitive informations of other people private property, then im not
sure if there is any other way to call it.
again, the Info is just analysing of the stream the client sends to the server, therefor, its server owners property, who is
free to run e+.
Ozy: Now i know from personal experience, this is totally bellow easys level and against his ethical standards.
Easy is harvey dent, he does as the law says, but he is not batman who is needed for gotham city. (just wanted to quote that
)
Ozy: It's simply poor & very defective, and can result in a longterm mistrust.
Mistrust? Quake3 itself prevents users from sending personal data besides pb, on which you all agreed, which also has a backdoor
and has access to all files of your system.
fala: i wonder who was so smart to give a razor to the monkeys this time, meh
Everyone who is/was in the beta forum, especially ozy/bunz - all of these could have been it. I did not leak any info that
wasn't known anyways to the person and keeping my answers as unspecific as possible. After all its me, isn't it?
Terror: IMO at this point we should start using it on clan wars + add some rules to ranking. Ofcourse it could be still
buggy (due to beta)
Rank rules enforce newest e+ version, which has been running on all serverst hosted by asphyx and more.
Camel: simply because we dont want some hacker/cracker to get his hands on it and build own cheat that can fool this anti
cheat tool and be undetectable.
Which will take effectively less then 5 mins, as panda shown with the color based autoshoot bypassing pb.
Shady idiot: And "ranking being frozen for 2 weeks" was simply because Skullhead found out that the masterpassword can be
changed so you can't hoard stats from every CW during that time (note: apparently not everyone changed, so they froze the
rankings just cos there's a possibility they might not check EVERY cw).
o'rly?
The issue was that you could use wallhack2 command if you knew rconpw skipping pbchecks. Since Rank can not trust all server
admins, we had to shut rank down to not check every player in every mvd played at that time.
If you want I can upload you 2.2 normal version if I still have it so you can check yourself.
Shady: You have been detected as a cheater in our new anticheat system that is called GELBE KARTE. Oh no, you're not
allowed to see the proof cos our system is top secret.
Those evidence comes along with demos, those demos were posted within acs (yes, there is a hidden forum including trustworthy
people and the best players around e+, if you dont trust them, you can morph into killerdud and ragequit cuz everyone cheats
anyways) and have been verified. Further Note, there had been a heavy discussion within about dsharpe where we in the end,
decided he did cheat because on public the APM caught him, while on pb servers he never had a problem with it.
Mad: Again, you could have avoided all this if you contacted the major server owners and explained the purpose of this
thing to them. I'm just sayin'.
Its not that easy, time and experience shown, people you dont know are not to be trusted. For example german servers.
Monk: an aimboter or a autoshooter are much more easily detectable with the eye in game.
The purpose of the APM was to have an eye on every player on the server, way faster then any admin could be and 100% automatic,
time shown it works great when no admin is around, after all you can simply post the has been dropped due to suspected cheating
and its fine.
Frank: Imagine if microsoft used these tactics... public outcry, board of enquiry etc.
Now for gods sake, microsoft did/does use those tactics, all windows copies send stuff back home if you are not aware and
microsoft has backdoors included in it.
Ultra: Isn't this just supposed to be a service that makes job easier for people analyzing demos and monitoring ac
software data so they don't have to be on EVERY cw and on every server all the time? people don't want to play on servers while
there are cheaters freely roaming around
Thats the point, it keeps an eye on everyone, without being personal like shady claims about me. Even a ref like froggy who
failed to see that wit had autoshoot can see that somebody is dropped for suspected cheating. (note its called suspected).
Ultra: I agree that they DEFINITELY should have told server owners what was going on, because now that secret (and
potentionally very useful) feature is not secret at all... this is what happens when people try to be too mysterious! I can bet
if you informed server owners they would know to keep the secret a lot longer than it turned out this way
We didnt really have much of a choice, if this anticheat shall work as it does, its info has to be as well hidden as possible.
This is because this Anticheat has a different Idea then other anticheats.
Ultra: There should be a team of public servers administrators and e+ staff with private forum so it would be easier to
communicate
Its called E+ beta forum and everyone with a serius intent of helping E+ can become a part of it.
Frank: The picture painted here and it is only my perception of that image, is that the dev team dont trust the server
owners, or the players.
Aj, know holy, face of death, polandamg or the d4 guys? eod - Experience > theory.
Frank: Whilst saying all this, one thing has crossed my mind, VSP stats gather user data without users knowledge and
noone complains at this, same principle. so maybe its not such a concern??
They collect even more data then the apm does, vsp tracks you down like the police can track down your handy. Besides that E+
vsp is written by Beast+, who is also E+ dev, so if you dont trust the APM, you can't trust the vsp.
Fala: and still u do demand a access to developers section witch is ridiculous
Probably the most true thing in this thread, giving public access to developers sections is just the prestep of a open source
code which easy denied.
Now lets draw a Final result of all the stuff said:
- E+ APM does not collect more Data then vsp.
- E+ APM does not collect private data of clients, just data the server gets anyways.
- E+ APM does not grant somebody extra rights in form of gameplay advantages.
- E+ APM does collects even less info then any other anticheat on the net.
- Moar... (honestly, I won't do the list to the end, just read the post), already working over 70 mins on this1.
Compared to Any other anticheat on the net, E+ APM is the nicest around:
- Punkbuster: Access to every file on the system and ram
- EasyAnticheat: Background driver, access to every file on sys,ram.
- Vac: Access to whole ram, hdd.
- Vac2: probably also background driver monitoring your actions.
- Esl wire: Also background driver monitoring your whole actions, access to whole system and ram
- Aequitas: First Idea for a background driver, catching all those x22 bots in the esl, also full access.
- Defrag metrics: Analysing of the stream client/server
- E+ APM: Simple Analysing of the stream client/server
Even Marks anticheat which he mentioned in the cheater report discussion runs a background driver - those making you reboot
windows during installation. Besides that It gathers pc specific data for verifying the persons, due to security purposes I will
not mention what kind of data it collects, but basically you can make a pc fingerprint, just as every human has a dna
fingerprint.
If you guys are more advanced into Pc stuff, then remember, everything that can access the pc's ram can intrude naughty code
into your pc, especially over your graphic card game makers can introduce your pc, because the gfx has full access to ram via
shaders. (source: CCC)
This anticheat is the first light against cheaters in this game since years, even cpma public servers have cheaters on them,
even ru national team once had a autoshooter in it who would have been caught.
And most of all, clanbase admin Jaz who always kicked spectators claiming they would lag him would have been caught cheating instantly eventhough he had a pb proof hack in ql.
http://www.esreality.com/index.php?a=post&id=2032073
http://www.youtube.com/watch?v=U8oWg5WFtIo
And now you both, shox and Hammer, are complaining about the way how this tool works, you guys are so nuts.
@skull please do not get to much paranoid both we know the group is not as that small and i expected some e5 guys out of space are also out there, or i should consider u narcissistic masturbator?
"backdoor" sounds amazing
@ camel ,
Call us crybabys but at least we have the manner to talk about this stuff when we see it ... testwork = nice ,
but keep urself quiet that there is a secret tool+ all servers have a masterpassword where u install new e+ on is bad !!!
U guys should be ashamed ..
The one who pays for his server decides who see what !! and not u mr camel !!
The one who pays for his server decides who see what !! and not u mr camel !!
once again, you decided to install e+ under any risk. Why do you trust E+ devs? they could even create a more hidden backdoor to a root even you don't know.