January 2002
- Toontown Koster, Raph
- FW: MMORPGs & MUDs Daniel.Harman@barclayscapital.com
- FW: MMORPGs & MUDs Skaei@aol.com
- DGN: Question about MU* acronyms Randolf Richardson
- DGN: Question about MU* acronyms Lars Duening
- DGN: Question about MU* acronyms J C Lawrence
- DGN: Question about MU* acronyms Frank Crowell
- ADMIN: I goofed J C Lawrence
- Pueblo MUD client info Bruce Mitchener
- Pueblo MUD client info Piotr Banski
- Pueblo MUD client info Bruce Mitchener
- Pueblo MUD client info Mathieu Castelli
- Pueblo MUD client info William B. Taylor
- The MUD Companion Derek Snider
- Game animations Jon Lambert
- Boys and Girls - was (MUD-Dev digest, Vol 1 #163 - 25 msgs) Joel Palmtag
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Mathieu Castelli
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Andrew Hefford
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL ling@slimy.com
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Bruce Mitchener
- Quake II has gone GPL Brian Hook
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Marc Hernandez
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Noplex
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Nicholas E. Walker
- Quake II has gone GPL Eli Stevens
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Dominic J. Eidson
- Quake II has gone GPL J C Lawrence
- Quake II has gone GPL Nicholas E. Walker
On Wed, Jan 16, 2002 at 03:18:41PM -0800, J C Lawrence wrote:
> Much of the vaunted security advantages of Open Source comes from
> the "many eyeballs" argument. The problem with that argument is
> that it scales non-linearly with the size of the population
> using/abusing the product. With a small user base (in the
> developer/useful-eyeball sense) it is easy for the badhats to
> effectively outweigh the benefits of the rest purely by percentage
> dominance. Additionally in the case of a custom MUD client where
> the server side sources are not also Open Source (and thus with a
> supporting community), the incentive for a badhat versus a good
> hat is considerably larger, especially if there is the potential
> for financial gain (eg the various people running UO/EQ/etc
> auction farms on EBay).
I am a free software bigot. I am also a good software bigot. If
you keep the hit-points or item list of my character stored in my
client, then I can and may change it, with or without the source
code. "If you want it done right, do it yourself." comes to mind
for when thinking about designing a system. I don't mean to imply
that any programmer will ever do anything right. If you want
something done securely, you should do it in a secure place.
What comes to mind as the best way to secure a system is to trust
only the code that will be under your control, and to design your
interfaces properly. If some person can modify their client, or
write a new one, and come out with an advantage or a way to crash a
remote process (maybe one of your game servers), then something is
obviously wrong.
If I am showing my ignorance of the design of MMORPG systems, please
forgive me. In my experience with developing distributed systems (I
mean systems where multiple processes are participating, not "peer
to peer", just to clear that up), designing with secure interfaces
and appropriatly located logic is standard stuff that happens before
any code is written. For instance, can you imagine an on-line
ordering system where the total cost of your order was stored on the
client, and that is what got billed? Even if the cost is stored on
the client so that it can be conveniently viewed, the server must (i
hope!) do some accounting and recalculate the cost before the
billing is done. If a gaming system (any system) performs critical
information on untrusted data, something is wrong.
So, as a free software bigot, I respond that the only way to write
secure software is to write good code with secure interfaces. Even
bad code with good interfaces shouldn't cause you any problems.
Security through obscurity is an excuse for poorly designed
software.
Security through "many eyeballs" is suitable for when the software
isn't so much designed as evolved (as in some open-community
projects). I am one of many people who belive in free software who
do not participate in the open-community model of development.
I am afraid that one day a software developer may be able to trust
personal computers to keep information hidden from their users.
Obscuring a bad design only puts off the amount of time it takes to
find a flaw. So-called digital rights management is a whole other
issue..
--
Nicholas E. Walker <new@gnu.org> - Quake II has gone GPL J C Lawrence
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Travis Nixon
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL shren
- Quake II has gone GPL Travis Nixon
- Quake II has gone GPL Joshua Judson Rosen
- Quake II has gone GPL shren
- Quake II has gone GPL T o F
- Quake II has gone GPL shren
- Quake II has gone GPL John Buehler
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL John Buehler
- Quake II has gone GPL shren
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL John Buehler
- Quake II has gone GPL shren
- Quake II has gone GPL shren
- Quake II has gone GPL T o F
- Quake II has gone GPL shren
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL shren
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Nathan F. Yospe
- Quake II has gone GPL Nicholas E. Walker
- Starting out. Joel Palmtag
- Starting out. Edward Glowacki
- Starting out. ghovs@plex.nl
- Starting out. Joel Palmtag
- Starting out. Lars Duening
- Starting out. J C Lawrence
- TECH: Managing all your code Eric Rhea
- TECH: Managing all your code Lars Duening
- TECH: Managing all your code J C Lawrence
- Boys and Girls - was (MUD-Dev digest, Vol 1 #1 63 - 25 msgs) Koster, Raph
- MOBPROG and other scripting languages William Murdick
- MOBPROG and other scripting languages Jason Gauthier
- MOBPROG and other scripting languages Acius
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Christopher Allen
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Eli Stevens
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Lazarus
- MOBPROG and other scripting languages Daniel.Harman@barclayscapital.com
- MOBPROG and other scripting languages Matt Mihaly
- Two 'Mini-Series' Complete at Skotos Articles... Christopher Allen
- Replacement For MUD Acronym Luke Parrish
- Replacement For MUD Acronym Skaei@aol.com
- Replacement For MUD Acronym J C Lawrence
- Replacement For MUD Acronym Christopher Allen
- Replacement For MUD Acronym Matt Mihaly
- No bots allowed Frank Crowell
- No bots allowed J C Lawrence
- No bots allowed Alex Kay
- No bots allowed J C Lawrence
- No bots allowed shren
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed Travis Casey
- No bots allowed Roy Trubshaw
- No bots allowed Colin Coghill
- No bots allowed Marc Hernandez
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed Frank Crowell
- No bots allowed Marc Bowden
- No bots allowed Paul Schwanz
- Boys and Girls - rayzam
- Issue of the "Experience" (Was MMORPGs & MUDs) Michelle Elbert
- Issue of the "Experience" (Was MMORPGs & MUDs) J C Lawrence
- Issue of the "Experience" (Was MMORPGs & MUDs) Michael Tresca
- Issue of the "Experience" (Was MMORPGs & MUDs) Nathan F. Yospe
- Issue of the "Experience" (Was MMORPGs & MUDs) Michael Tresca
- Issue of the "Experience" (Was MMORPGs & MUDs) Alex Kay
- The use of virtual reality in the assessment of spatial skills J C Lawrence
- Boys and Girls - rayzam
- Boys and Girls - Marian Griffith
- Commercial web based MUDs Azeraab
- Commercial web based MUDs Peter Tyson
- Commercial web based MUDs J C Lawrence
- Commercial web based MUDs Peter Tyson
- Commercial web based MUDs Matt Mihaly
- Majestic and Failure of Episodic Games Christopher Allen
- Majestic and Failure of Episodic Games Dan Hon
- Majestic and Failure of Episodic Games Matt Mihaly
- Majestic and Failure of Episodic Games Talies the Wanderer
- [TECH] Eiffel and Assertions... Adam Martin
- [TECH] Eiffel and Assertions... Brian Hook
- text MUDs' character longevity (The Two Towers) Val Trullinger
- [TECH] PS: Eiffel and Assertions... Adam Martin
- GDC (was Majestic and Failure of Episodic Games) Sellers, Mike
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Travis Casey
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day volstoff@brutele.be
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day rayzam
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Koster, Raph
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- TECH: What about Perl flavored MUDs? James Edward Gray II
- TECH: What about Perl flavored MUDs? Nicholas E. Walker
- TECH: What about Perl flavored MUDs? Luke Parrish
- TECH: What about Perl flavored MUDs? James Edward Gray II
- MUD statistics Elia Mörling
- MUD statistics Sanvean
- MUD statistics Matt Mihaly
- Secure distributed operation (was: Quake II has gone GPL) Nicholas E. Walker
- Economic Growth: NPC pricing Adam Martin
- Economic Growth: NPC pricing Jason Murdick
- Economic Growth: NPC pricing Paul Schwanz
- Economic Growth: NPC pricing Timothy Dang
- Crafting in MUDs Neil Edwards
- Econ paper on EQ Koster, Raph
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Jeff Freeman
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Michelle Elbert
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Freeman, Jeff
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Paul Schwanz
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Cynbe ru Taren
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Freeman, Jeff
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Miroslav Silovic
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Hans-Henrik Staerfeldt
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Michael Tresca
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MU Ds) Koster, Raph
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Dave Rickey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Dave Rickey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) John Buehler
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Tamzen Cannoy
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Miroslav Silovic
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Caliban Tiresias Darklock
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Marian Griffith
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Jon Lambert
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Christopher Allen
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Christopher Allen
- Creating a MUD - Overview of design Neil Edwards
- Creating a MUD - Overview of design Edward Glowacki
- Creating a MUD - Overview of design Amanda Walker
- Creating a MUD - Overview of design Bruce Mitchener
- Creating a MUD - Overview of design J C Lawrence
- Creating a MUD - Overview of design Daniel.Harman@barclayscapital.com
- Creating a MUD - Overview of design Valerio Santinelli
- Creating a MUD - Overview of design Shane Gough
- Creating a MUD - Overview of design Sean Kelly
- Creating a MUD - Overview of design Daniel.Harman@barclayscapital.com
- Creating a MUD - Overview of design Adam Dray
- Some random thoughts on balance Azeraab
- Some random thoughts on balance Matt Mihaly
- Mud-Dev FAQ part II Marian Griffith
- Worlds of Carnage ( WoC ) blobule@hotmail.com
- Worlds of Carnage ( WoC ) blobule@hotmail.com
- Worlds of Carnage ( WoC ) Blobule@hotmail.com
- Simutronics' premium server Matt Mihaly
- Simutronics' premium server Christopher Allen
- Simutronics' premium server Michael Dekker
- Simutronics' premium server Matt Mihaly
- Simutronics' premium server Martin
- Enforced log out aka "real sleep" Brian Hook
- Enforced log out aka "real sleep" Michelle Elbert
- Enforced log out aka "real sleep" Michael Tresca
- Enforced log out aka "real sleep" Freeman, Jeff
- Enforced log out aka "real sleep" Paul Schwanz
- Enforced log out aka "real sleep" Travis Nixon
- Enforced log out aka "real sleep" Brian Hook
- Enforced log out aka "real sleep" Amanda Walker
- Enforced log out aka "real sleep" Sasha Hart
- Enforced log out aka "real sleep" fred@clift.org
- Enforced log out aka "real sleep" Marc Bowden
- Enforced log out aka "real sleep" Christopher Allen
- Enforced log out aka "real sleep" Matt Mihaly
- Enforced log out aka "real sleep" Skaei@aol.com
- Enforced log out aka "real sleep" Alex Kay
- Enforced log out aka "real sleep" rayzam
- Boys and Paul Schwanz
- Boys and Caliban Tiresias Darklock
- Boys and Girls Marc Bowden
- Chess ("Advanced" use of virtual worlds? (MMORPGs & MUDs)) James Edward Gray II
- Chess ("Advanced" use of virtual worlds? (MMORPGs & MUDs)) Cynbe ru Taren
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? Jon Lambert
- BIZ amusing idea (Enforced log out aka "real sleep") Nicholas E. Walker
- BIZ amusing idea (Enforced log out aka "real sleep") Valerio Santinelli