Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
eve online drama again ?
cosy
Member UncommonPosts: 3,228
History:[20:16] <Abuser> So. Talking with Arkanon wasn't fruitful.
[20:17] <[IA]Morpheus> Not quite, what are you trying to achieve?
[20:17] <Abuser> Make CCP confirm some things they are refusing to confirm ...
[20:18] <Abuser> Make intelligent approach to fixing bugs and perfomance issues instead of messing with game balance
[20:18] <Abuser> at least
[20:18] <[IA]Morpheus> You have no idea how we even work, theres 350 employees working at CCP and you don't know the slightest about our processes.
[20:18] <Abuser> I don't know HOW you work
[20:19] <Abuser> i see the RESULT of this work
[20:19] <Abuser> and UNDERPANTS of it
[20:19] <Abuser> I have enough experience researching MMO's
[20:19] <Abuser> eve isn't first
[20:19] <Abuser> and won't be last
[20:20] <Abuser> so if you want to tell i don't have the understanding of CCP infrastructure related to eve - you are somewhat wrong
[20:20] <Abuser> but question isn't about this
[20:20] <Abuser> from what i know previous sourcecode leak
[20:20] <Abuser> was couple years ago
[20:20] <Abuser> and from what i see, nothing changes in terms of quality
[20:21] <Abuser> neither things, allowing people to exploit eve (for botting) - were fixed
[20:21] <Abuser> is that how 350 people (i doubt if at least 1/5 - 1/7 of them are programmers)
[20:22] <Abuser> work?
[20:22] <Abuser> Customers without in-depth knowledge will not notice this
[20:22] <Abuser> but what if somebody will explain the situation for them?
[20:23] <Abuser> or you consider USD14.95 people pay you every month aren't enough to be fair with them?
[20:26] <[IA]Morpheus> This is the wrong way to go about things and will not lead to a revolution in how CCP does things internally.
[20:26] <[IA]Morpheus> Sorry if thats what you were after.
[20:26] <Abuser> I'm not looking for revolution
[20:27] <Abuser> Do you know such term as "Proof of Concept"?
[20:27] <Abuser> It's only enough it to get into hands of people who consider themselves to be programmers
[20:28] <Abuser> Currently eve don't have any clientside (and i'm 100% no serverside, except logs) routines to detect bots
[20:28] <Abuser> Even stupid ones, using OCR and called Macroses
[20:28] <Abuser>
[20:29] <Abuser> Won't the wave of intelligent bots make CCP work at least in the direction of securing the engine?
[20:29] <Abuser>
[20:29] <[IA]Morpheus> Of course it will, that's obvious.
[20:29] <Abuser> Nice
[20:29] <Abuser> that's at least part of the plan
[20:29] <[IA]Morpheus> If thats what you want to achieve then congratulations, we are always working on improving security and plugging holes. If you want to help with that, try a normal approach like say sending us an email with suggestions.
[20:30] <Abuser> No, you are lying
[20:30] <Abuser> Security wasn't improved since last theft
[20:30] <Abuser> except some CryptoAPI and zlib
[20:30] <Abuser> so don't try to fool me
[20:31] <[IA]Morpheus> Security is always being worked on, I trust you know programming takes a lot of time and effort.
[20:31] <[IA]Morpheus> You say we have no ways to detect bots, yet we continue to ban thousands of exploiters who sell ISK and so forth.
[20:32] <Abuser> And that's all?
[20:32] <Abuser> And what if people start using some hypothetic people2people trading service
[20:33] <Abuser> that will avoid of using sellers who are constantly monitored via logs?
[20:33] <Abuser> so there will be signle and not interconnecting trades
[20:33] <[IA]Morpheus> Then we'll pick up on that and fix it..?
[20:33] <Abuser> that's how Blizzard can't do anything with such theme
[20:33] <Abuser> don't think you will manage
[20:33] <Abuser> they are losing more than you
[20:33] <Abuser> Why not to add client-side routines to detect bots?
[20:34] <Abuser> Why using petitions?
[20:34] <Abuser> People can lie, people can put a bucket of dirt on player who never violated eula
[20:35] <Abuser> And he will be banned, if petition will contain only right details describing the things you will never log, but that are surely be bot's actions
[20:36] <Abuser> EVE Clientside is enough to put bot-detecting routines there
[20:36] <Abuser> you can even use
[20:36] <Abuser> your spyware approach
[20:36] <Abuser> similar to when downloading PC identification python object during authentication as payload
[20:37] <[IA]Morpheus> Let it all out, I'll be sure to forward the conversation to all of our programmers, if thats what you want.
[20:37] <Abuser> No, your programmers are just following the plan
[20:37] <Abuser> they aren't that bad guys who caused all this anarchy
[20:37] <[IA]Morpheus> Care to tell me who did?
[20:38] <Abuser> Those who plan eve development and/or who decide the priority of client upgrades to be implemented.
[20:39] <Abuser> Currently Shiny Features have more priority than solidifying security and fixing bugs, from what i see
[20:40] <Abuser> Or how else you can explain the ability for the bots to use same approach to exploit eve engine as when previous sourcecode leak was?
[20:41] <Abuser> Nothing changed to prevent this?
[20:41] <Abuser> But we've got tons of content patched
[20:41] <Abuser> but still lagging jita and deadly lagging blobs
[20:41] <Abuser> but from patchnotes i see that these things aren't your priority
[20:42] <[IA]Morpheus> I see that your intentions are good but this isn't playing out nicely for either parts.
[20:43] <Abuser> Guys, theres no other way that will play better.
[20:43] <Abuser> You simply ignore community requests to fix the core of eve, rather than add new coats to it, to make community forget about the bugs.
[20:43] <[IA]Morpheus> I despise bots and hacks over everything, but this is also a business, we've got developers designing content and EVE needs to grow. I know for a fact that there are programmers working on security, more than that I can't really say.
[20:43] <[IA]Morpheus> If you think we are releasing new content to make you forget about bugs then I'm not sure what I can say to convince you.
[20:44] <[IA]Morpheus> Patches have always been 50% bug fixes 50% content or so.
[20:44] <Abuser> Could you certainly say me what your programmers did to secure clientside from exploiting Eve?
[20:44] <Abuser> what's certainly
[20:45] <Abuser> I don't have anything against content makers - their ideas are good, really good
[20:45] <Abuser> I have full eve sourcecode, so you know what's did, and what's not;)
[20:46] <Abuser> From all security i saw - were ROLE permissions for logins with priviliges higher than usual player, and some minor things in relation to prevent some remote service calls (some with potentially bad payload)
[20:46] <Abuser> nothing else
[20:47] <Abuser> is that called "programmers working on security"?
[20:47] <[IA]Morpheus> Are you cruising for a job or something?
[20:47] <Abuser> Nah
[20:47] <Abuser> neither job, neither anything else
[20:47] <Abuser> you may think of in such direction
[20:48] <Abuser> Digging the situation to uncover the truth
[20:49] <Abuser> You may compare me to fox mulder from x-files series
[20:49] <Abuser> it's the best description of why i do this
[20:49] <[IA]Morpheus> Ah, well, nice to meet you Mr Mulder.
[20:50] <Abuser> So... would you like to answer what AWESOME ccp programmers did in relation to client/server security (at least for client?)
[20:51] <[IA]Morpheus> No, we won't respond to blackmail. If you think we don't care or aren't working on improving security you are sadly mistaken.
[20:51] <Abuser> IA
[20:51] <Abuser> did you saw the code yourself?
[20:51] <[IA]Morpheus> Yeah, and?
[20:51] <Abuser> or you are just telling me someone else's words?
[20:52] <[IA]Morpheus> Nop, I'm all alone.
[20:52] <Abuser> And where do you see security fixes or bot catching routines in client?
[20:52] <[IA]Morpheus> I wouldn't know, I'm not a programmer.
[20:52] <Abuser> YAY
[20:52] <[IA]Morpheus> If you think we are gonna tell you everything we've done or are going to do then I've got a bridge to sell you.
[20:53] <Abuser> so how you can tell if there are security pathces?
[20:53] <Abuser> Morpheus, i have a client sourcecode
[20:53] <Abuser> and have a people who can supply me with updates
[20:53] <Abuser> of each new version
[20:54] <Abuser> (where my python decompiler won't be able to handle optimized bytecode)
[20:54] <[IA]Morpheus> There's probably more to it than meets the eye, Fox Mulder.
[20:54] <Abuser> so in relation to client i have the same about of knowledge as you
[20:55] <Abuser> So you insist that security patches are applied to client and client is secure and non-exploitable?
[20:55] <Abuser> Maybe i should release a small hack with portion of eve sourcecode to eve forums that will exploit something?
[20:55] <Abuser> or you will continue to talk that everything is fine?
[20:56] <[IA]Morpheus> Heh, I'm not saying there aren't exploits, don't be naive..
[20:56] <Abuser> o
[20:56] <Abuser> there's 1 big exploit )
[20:56] <[IA]Morpheus> There are and probably will always be, however we will continue to work against them. What else do you want?
[20:56] <Abuser> and tons of small ones
[20:56] <Abuser> not the ones requiring people to do queue of actions ingame to achieve the result
[20:57] <[IA]Morpheus> And you want this fixed?
[20:57] <Abuser> i'm talking about the ones, that are coming to light when you are exploiting eve python engine (oh god they said me it's impossible)
[20:57] <Abuser> Easiest way was to start using c++ and completely rewrite the code some time ago
[20:57] <Abuser> but i assume it's too late
[20:58] <Abuser> so you will not get rid of python injections
[20:58] <[IA]Morpheus> Time will tell, I suppose.
[20:58] <Abuser> but you can think of coding anti-bot routines
[20:58] <Abuser> I wonder if your programmers and qa know at least 1/20 of they ways possible to use to inject the code
[20:59] <Abuser> starting from most stupid approach
[20:59] <Abuser> and ending with ring0 injector
[20:59] <Abuser> trust me
[21:00] <Abuser> you can try
[21:00] <Abuser> ugh
[21:00] <Abuser> you COULD try
[21:00] <Abuser> but nothing was done in this direction for years
[21:00] <Abuser> i know people who are safely botting (first with ocr, then on python code bots) from early years of eve
[21:01] <Abuser> and they also agree nothing was changed in terms to stop or make the bots function wrong
[21:02] <[IA]Morpheus> You know, if you want that to stop you should let us know exactly how those bots function instead of threatening to leak source code.
[21:02] <Abuser> only if i will have public guarantess and confirmation that certain list of things will be fixed
[21:03] <Abuser> confirmation on each exploit
[21:03] <Abuser> otherways - there's no sense
[21:03] <Abuser> i'm not only want to see these things fixes
[21:04] <Abuser> it also requires CCP to confirm that these bugs existed (and exist) over years
[21:04] <Abuser> you understand what i mean
[21:05] <Abuser> i'm thinking of some patching for trinity graphic engine
[21:05] <Abuser> to show that it's possible to make client show much more fps
[21:06] <Abuser> at least in space, during large fights
[21:06] <Abuser> (and that's one more stone to the window of your programmers, who must be forgot of such thing as level of details)
[21:07] <Abuser> there are many things - some interesting constants, that should be controlled by server, but they are not; ability to faster change sessions, unloading unnecessary services in runtime when they are not required
[21:08] <Abuser> truth on some strange session roles like viplogin
[21:08] <Abuser> 10 megabytes of code are enough to find a lot of things that should be there
[21:10] <Abuser> *should not
[21:11] <Abuser> And How these bots are functioning?
[21:12] <Abuser> Executing python code inside of eve python interpreter
[21:12] <Abuser>
[21:12] <Abuser> Or calling python api (these are less intelligent ones) to call objects, methods from eve python
[21:14] <Abuser> Untile eve uses python, there's no way to prevent these bots from using it too
[21:14] <Abuser> Untile=>*While
[21:15] <Abuser> It's possible to catch them, but not prevent from appearing and being more and more intelligent.
[21:15] <Abuser> In near perspective, other people who also have eve sourcecode (not from me) - will be able to release the bot that will be able to keep in control every single in-game activity usual player can do ingame.
[21:16] <Abuser> So only way (if you are not going to stop using python) - is to implement a bot catching routines on clientside
[21:22] <[IA]Morpheus> Well, thanks for all the advice.
[21:23] <Abuser> so
[21:23] <Abuser> i assume there will be no public excuse and to do list of bugs to fix from CCP?
[21:27] <[IA]Morpheus> Not quite, however, we are prepared to talk if you want your EVE Accounts reopened. This would also be a chance for you to give and receive feedback on the horrible bugs and exploits you know about.
[21:27] <Abuser> I'm not interested in my eve accounts
[21:27] <Abuser> The ones you closed
[21:27] <Abuser> weren't involved in testing
[21:27] <[IA]Morpheus> Then we have nothing more to discuss, thank you for your time and have a good day.
[21:32] <Abuser> It's was nice you agreed to talk with me.
[21:32] <Abuser> Personal thanks for your patience, Morpheus.
[21:32] <Abuser> Have a good day.
[21:32] <[IA]Morpheus> Sure thing. Farewell.<[IA]Morpheus> Hi, give me a few minutes to reply to your mail.
<Abuser> Sure
<[IA]Morpheus> Do you have a list of bugs and exploits, the ones that you want us to fix?
<Abuser> 1. List of exploitable clientside things.
<Abuser> 2. Description of ways to exploit python engine (with examples)
<Abuser> 3. Ways to detect the bot(-s)
<Abuser> but
<Abuser> only in case terms i listed during our last discussion yesterday
<Abuser> *case of accepting
<[IA]Morpheus> Can you list them again please so I can run this by some people?
<Abuser> 1. List of places in clientside code that allows to code small client-side hacks.
<Abuser> 2. Descriptions of the ways to intrude in EVE python engine and execute arbitary code there
<Abuser> 3. Ways to detect existing bot(-s) (at least know 1 serious enough)
<Abuser> 4. General ideas to improve EULA.
<Abuser> Only when:
<Abuser> 1. CCP published press release with:
<Abuser> a) confirmation of some bugs/holes existed for years
<Abuser> or
<Abuser> b) publishes in-depth reports on these bugs, and reports on what fixes were made for them
<Abuser> 2. CCP starts work in direction of serverside+clienside bot detection routines, also with public press releases (less detailed ofc)
<Abuser> That's all.
<[IA]Morpheus> Alright, give me a few please.
<Abuser> Sure.
<[IA]Morpheus> Going to forward this to someone who can make a decision.
is this real ?
BestSigEver :P
Comments
I Dont know But the Abuser is Clearly Retarted....
If ye love wealth greater than liberty, the tranquility of servitude; greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; May your chains set lightly upon you, and may posterity forget that ye were our countrymen.
Samuel Adams
I generally hate the whole TLDR thing but come on, That is a serious wall of text. Why not post a quick summary?
-Currently looking forward to FFXIV
-Currently playing EvE and Global Agenda
well seams some one leaker a eve source code on the pirate bay and added that note
BestSigEver :P
A few months back there was a serious security breach on CCPs database server, the publicly released story was that they noticed some behaviour that appeared to be an exploit but upon further investigation they discovered that some external source had manged to access their database and interfere or modify some data and in response they instantly cut all external access to the servers and shut everything down
That was what they told the player base anyway, if that chat log is not a fake it could be likely that its linked to this incident.
Currently playing:
EVE online (Ruining low sec one hotdrop at a time)
Gravity Rush,
Dishonoured: The Knife of Dunwall.
(Waiting for) Metro: Last Light,
Company of Heroes II.
The trouble is, if CCP did prevent bot programs from working they'd lose half of thier subscriptions atleast!
"Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience"
CS Lewis
BestSigEver :P
yeah a little more information about where that was found etc would be nice
LoL
Another great example of Moore's Law. Give people access to that much space (developers and users alike) and they'll find uses for it that you can never imagine. "640K ought to be enough for anybody" - Bill Gates 1981
What I see is an attention-whore guy pestering some CCP staffer about some hypothetical bugs/exploits, and refusing to report such exploits through the system made for it, but instead throwing half-way insults and attempting blackmail by IP theft by threatening to leak the source code.
I'm not a coder, so I can't say if what he says is even possible, and I don't have access to EVE source code like he apparently does, to evaluate if he's right or not.
In short, he's telling CCP that he knows how to exploit, won't tell them how, and threatens them with illegal actions. What an asshole. I would have terminated the conversation, or at least attempted some creative trackback to see if I could pinpoint the person who is leaking this information to outside the company.
kieron just gone hmmm community managers dont gone whit out say "goodbye" http://myeve.eve-online.com/ingameboard.asp?a=topic&threadID=733079
but who knows
BestSigEver :P
The thing with folks that are gullible enough to believe conspiracy theories is they spend so much time eating their hats the aluminum in the tinfoil has given them Alzheimer's.
CCP have answer at this and let the thread on
http://myeve.eve-online.com/ingameboard.asp?a=topic&threadID=749046
BestSigEver :P
The only thing remotely meaningful I got out of this whole thread is that kieron is gone
Wow EVE nerds have reached a new level of shitdom.He stole the source code to try, and blackmail CCP into fixing some fucking bugs? hahahahha
While the EVE client is distributed by us we do not allow decompiling it. Anyone found distributing or discussing decompiled client code will face an in game ban. This thread only remains to inform everyone of this decision and not post about it again.
posted in the linked thread. according to SHC several people who downloaded the code have already been banned. dont do it kiddies.
Also, avoid using the in game browser, apparently there may be a vulnerability in it.
However another reason i can think of is so that the 'scum and Villainy' who visit Piratebay can make hacks for eve or make illegal servers.
So anyone getting banned for downloading the source code deserve the ban in my opinion.
Another great example of Moore's Law. Give people access to that much space (developers and users alike) and they'll find uses for it that you can never imagine. "640K ought to be enough for anybody" - Bill Gates 1981
some links about this
http://news.softpedia.com/news/Eve-Online-Source-Code-Leaked-on-Torrent-Site-83412.shtml
http://games.slashdot.org/article.pl?sid=08/04/14/2046246
BestSigEver :P
A posible exploif for this is to save all the trade data as .CSV files, open it with Excel, and make Excel search the best trades, and the best routers.
This will get the maximun benefict for the exploiter.
Other use could be to make complete bots, maybe a transport bot that automatically transport stuff from a miner to a base, or from a base to another base.
Maybe even create a bot to farm pve.
I don't have too much time atm, but i think it speaks for itself:
Btw. i know a bit more about this, started a few weaks ago with someone both on forums and irc stating he would be in posession of the sourcecode and that he/she would release it if ccp does not "fix eve".
The devs were amused, as was everyone else on the channel...
It looks to me like someone is seeking attention or something. I'd give 3/10. 4 for the effort and -1 for lack of originality.
Btw. i know a bit more about this, started a few weaks ago with someone both on forums and irc stating he would be in posession of the sourcecode and that he/she would release it if ccp does not "fix eve".
The devs were amused, as was everyone else on the channel...
It looks to me like someone is seeking attention or something. I'd give 3/10. 4 for the effort and -1 for lack of originality.
In other words this latest bit of drama has about as much validity as a fart in the wind.
Another great example of Moore's Law. Give people access to that much space (developers and users alike) and they'll find uses for it that you can never imagine. "640K ought to be enough for anybody" - Bill Gates 1981
Btw. i know a bit more about this, started a few weaks ago with someone both on forums and irc stating he would be in posession of the sourcecode and that he/she would release it if ccp does not "fix eve".
The devs were amused, as was everyone else on the channel...
It looks to me like someone is seeking attention or something. I'd give 3/10. 4 for the effort and -1 for lack of originality.
In other words this latest bit of drama has about as much validity as a fart in the wind.
as long as no one is being banned for talking about it, d/ling the source code; then, yes. if people are being banned for those things, then it'd be more of a 9.5/10.
could we please get correspondent writers and moderators, on the eve forum at mmorpg.com, who are well-versed on eve-online and aren't just passersby pushing buttons? pretty please?
A few months back there was a serious security breach on CCPs database server, the publicly released story was that they noticed some behaviour that appeared to be an exploit but upon further investigation they discovered that some external source had manged to access their database and interfere or modify some data and in response they instantly cut all external access to the servers and shut everything down
That was what they told the player base anyway, if that chat log is not a fake it could be likely that its linked to this incident.
Hello guys!
First off: Anyone can decompile the client since its written in Python, except certain things, notice the lack of comments in the source code: He used a decompiler so he wont see everything, in other words: ITS NOT THE REAL SOURCE CODE, just a decompiled client.
2nd: Most Eve players know security is mainly server side, all the bot busting stuff, anti manipulation etc. well most "old time" tech loving players anyway.
Conclusion? Just a kid that figgured out how to decompile Python and threatened CCP to release a source code that he didnt have, all he had was a decompiled client witch anyone can make for themselves in like 10 minutes using the right tools.
However CCP (as always?) is handling the situation pretty bad, banning accounts and keeping it all hush hush. I gues their preparing statements and looking into the situation, but its going slow if thats the case they should have made a statement on the first day, explaining its just a decompiled client, not the complete source code.
Have a nice day!
EDIT:
Unlike C++ and other programing languages Python is 100% decompilable meaning anyone can decompile any Python program pretty easy with decompilers that are out there, however since its not the "original" code stuff will be missing, like notes and other stuff. This gave it all away as not being the real source code, ofcourse CCP know and have always known Python is 100% decompilable, thus almost every aspect of the game is server side.
Security risks? Well eve is more secure then most other MMORPGs, as almost everything is handled server side with the client being basicly a renderer for the grafix and a terminal for communication with the server. Other MMOs have alot of things client side, thats why you could speedhack in WoW, or use sophisticated botting clients to bot in Lineage 2 etc. With everything being on the server side in Eve, you have to hack the server to cheat, something not likely to be done. Botting in eve, as in every MMO will always remain whatever developers do.
Now knowing this, Do you see how wierd Avengers proposal for client side detection routines is? OMG well botters will jsut decompile the client, change it and continue botting. Since its Python almost NOTHING can be Client side since anyone can decompile it and make a new client, thats why so mutch is server side in Eve.
Final word: Just a nublet messing with CCP, CCP however are not handling it great, thus increasing the severity and making headlines when it realy isnt anything severe at all about it..
Edit2: Well attempting blackmail is kinda severe.. hope CCP gets the kid
*Cookie powa*
It also wasn't the complete client code because its not entirely python, CCP uses a combined C++/python system. Where the python code is stuff still being tweaked while the C++ is the stuff that will not be changed for a long time. As for the bans... I'd question why they were actually banned because I saw two players that I was almost positive were selling isk that stated they got banned over this.
a little "interview"
http://www.dreamnotoftoday.com/?p=645
the ban part is just drama IMO
non of my accounts is banned atm so i dont believe that to much
BestSigEver :P
