January 2002
- Toontown Koster, Raph
- FW: MMORPGs & MUDs Daniel.Harman@barclayscapital.com
- FW: MMORPGs & MUDs Skaei@aol.com
- DGN: Question about MU* acronyms Randolf Richardson
- DGN: Question about MU* acronyms Lars Duening
- DGN: Question about MU* acronyms J C Lawrence
- DGN: Question about MU* acronyms Frank Crowell
- ADMIN: I goofed J C Lawrence
- Pueblo MUD client info Bruce Mitchener
- Pueblo MUD client info Piotr Banski
- Pueblo MUD client info Bruce Mitchener
- Pueblo MUD client info Mathieu Castelli
- Pueblo MUD client info William B. Taylor
- The MUD Companion Derek Snider
- Game animations Jon Lambert
- Boys and Girls - was (MUD-Dev digest, Vol 1 #163 - 25 msgs) Joel Palmtag
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Mathieu Castelli
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Andrew Hefford
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL ling@slimy.com
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Bruce Mitchener
- Quake II has gone GPL Brian Hook
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Marc Hernandez
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Noplex
- Quake II has gone GPL Jeremy Noetzelman
- Quake II has gone GPL Nicholas E. Walker
- Quake II has gone GPL Eli Stevens
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Dominic J. Eidson
- Quake II has gone GPL J C Lawrence
- Quake II has gone GPL Nicholas E. Walker
- Quake II has gone GPL J C Lawrence
On Wed, 16 Jan 2002 23:06:00 +0000
Nicholas E Walker <new@gnu.org> wrote:
> On Wed, Jan 16, 2002 at 03:18:41PM -0800, J C Lawrence wrote:
> I am a free software bigot.
<nod>
> I am also a good software bigot. If you keep the hit-points or
> item list of my character stored in my client, then I can and may
> change it, with or without the source code.
There are ways to detect and (largely) prevent this.
> What comes to mind as the best way to secure a system is to trust
> only the code that will be under your control, and to design your
> interfaces properly. If some person can modify their client, or
> write a new one, and come out with an advantage or a way to crash
> a remote process (maybe one of your game servers), then something
> is obviously wrong.
Quite very true, its also very simplistic.
Designing secure compartmentalised complex protocols is not easy.
Designing internally secure compartmentalised logical systems that
make no cross-compartment exposures is hard.
Proving that a design is correct for a non-trivial (which
basically means unbounded) is also hard.
Maintaining the correctness of such a design across growth,
requirements changes, marketing demands, versionitus, etc is very
hard.
Demonstrating that an implementation is a faithful version of the
design and makes no further exposure than the design does is
very hard.
Been there, done that. There are very good reasons that time to
release for MoD/DoD projects in this sort of space (usually SEI
level 4 or 5 projects) spend multiple years in just the design
stage, and then further multiple years in the implementation design
state (not a byte of code has been written int his time), and then
yet further years doing a pseudo code implementation and then a
couple more years after that doing a real code implementation.
Real life example:
1.3Million LOC project, 36 competent software engineers (no
junior engineers, total time for project from inception to
delivery: 7.5 years.
That's an average of 4248 lines of code per engineer per year.
FWIW They spent the first 3 years in design, a year in review,
the next two and half years in pseudo code and pseudo code
review, and then two years translating the pseudo code to real
code and reviewing that.
FWVLIW the case cited also came in on schedule and under budget.
Remember: The exploiting client has no effective runtime CPU,
resource, or cost limits -- but you do have those limits, and quite
hard ones.
> If I am showing my ignorance of the design of MMORPG systems,
> please forgive me.
Its not that, its that the problem looks simple from the outside,
but rapidly becomes a tarbaby once you try and work with it --
especially for something with as softly defined boundaries as a MUD.
> In my experience with developing distributed systems (I mean
> systems where multiple processes are participating, not "peer to
> peer", just to clear that up), designing with secure interfaces
> and appropriatly located logic is standard stuff that happens
> before any code is written.
True, but that's a much more constrained problem set where
inter-node and link latency is not an issue, link reliability is not
an issue, user performance perception is less an issue, and you have
a reasonable control over the RPC/IPC space and rates.
> For instance, can you imagine an on-line ordering system where the
> total cost of your order was stored on the client, and that is
> what got billed? Even if the cost is stored on the client so that
> it can be conveniently viewed, the server must (i hope!) do some
> accounting and recalculate the cost before the billing is done.
> If a gaming system (any system) performs critical information on
> untrusted data, something is wrong.
Which is the reason Raph has this as one of his laws.
> So, as a free software bigot, I respond that the only way to write
> secure software is to write good code with secure interfaces.
> Even bad code with good interfaces shouldn't cause you any
> problems. Security through obscurity is an excuse for poorly
> designed software.
Security is all about risk management, and in particular risk versus
cost/benefit management -- or as I like to put it, its all about
intelligent assessment.
Security thru obscurity is not the best tool, but it is a tool and
can be a valuable and effective tool.
The problem is that it is rarely used well or with correct analysis
of its values.
Security thru obscurity works, and works more often that not if
carefully applied. The problem is that its unreliable and the
metrics for predicting when it will fail are also unreliable.
However, that doesn't mean that SWAGs aren't made and those weighed
against the cost/benefits of "Doing It Right".
Stupid example:
For several years I ran SSH 1.2.26 on a public server. That
version of SSH had well known (by me) to have security holes (root
compromises), large enough to drive to drive a truck thru. I did
nothing to defend myself against an SSHd exploit. The box was
regularly probed over the years with several scores of thousands
of attempted exploits run against it.
This went on for several years. The system was never cracked.
Reason: It was an AlphaStation. The exploits for SSHd which
were in wide distribution were x86 specific. They didn't work
on non-32bit systems, and especially didn't work on non-x86
instruction set systems.
I knew this. It was also why I didn't bother upgrading. I knew
the exploit was possible, but for various RL reasons upgrading the
box at the time was difficult and inconvenient so I didn't. The
probability of risk was very low (it would require a near-custom
exploit), my exposure was small (I run very tight and twitchy
HIDs), and the implications of a crack serious but not
catastrophic. So, assessing the risks, the costs, and the
benefits, leaving the hole in place and not upgrading the box came
out significantly cheaper.
Security thru Obscurity won, and rightly so.
Of course Diablo also learned that you do have to really think the
obscurity process thru and not just dismiss it as, "nobody will
bother". Then again, Diablo was a much more attractive target than
I was (which fact was part of my calculation).
This also explains why for otherwise well administered secure
systems I prefer running non-x86 non-SPARC non-32bit CPUs. They
cheaply increase the size of my breathing window given latency
between exploit creation and patch creation/installation.
> I am afraid that one day a software developer may be able to trust
> personal computers to keep information hidden from their users.
Actually not a terribly difficult thing to do, but that's another
matter.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. - Quake II has gone GPL Frank Crowell
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Travis Nixon
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL Valerio Santinelli
- Quake II has gone GPL shren
- Quake II has gone GPL Travis Nixon
- Quake II has gone GPL Joshua Judson Rosen
- Quake II has gone GPL shren
- Quake II has gone GPL T o F
- Quake II has gone GPL shren
- Quake II has gone GPL John Buehler
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL John Buehler
- Quake II has gone GPL shren
- Quake II has gone GPL Daniel.Harman@barclayscapital.com
- Quake II has gone GPL John Buehler
- Quake II has gone GPL shren
- Quake II has gone GPL shren
- Quake II has gone GPL T o F
- Quake II has gone GPL shren
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL shren
- Quake II has gone GPL Vincent Archer
- Quake II has gone GPL Nathan F. Yospe
- Quake II has gone GPL J C Lawrence
- Starting out. Joel Palmtag
- Starting out. Edward Glowacki
- Starting out. ghovs@plex.nl
- Starting out. Joel Palmtag
- Starting out. Lars Duening
- Starting out. J C Lawrence
- TECH: Managing all your code Eric Rhea
- TECH: Managing all your code Lars Duening
- TECH: Managing all your code J C Lawrence
- Boys and Girls - was (MUD-Dev digest, Vol 1 #1 63 - 25 msgs) Koster, Raph
- MOBPROG and other scripting languages William Murdick
- MOBPROG and other scripting languages Jason Gauthier
- MOBPROG and other scripting languages Acius
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Christopher Allen
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Eli Stevens
- MOBPROG and other scripting languages J C Lawrence
- MOBPROG and other scripting languages Lazarus
- MOBPROG and other scripting languages Daniel.Harman@barclayscapital.com
- MOBPROG and other scripting languages Matt Mihaly
- Two 'Mini-Series' Complete at Skotos Articles... Christopher Allen
- Replacement For MUD Acronym Luke Parrish
- Replacement For MUD Acronym Skaei@aol.com
- Replacement For MUD Acronym J C Lawrence
- Replacement For MUD Acronym Christopher Allen
- Replacement For MUD Acronym Matt Mihaly
- No bots allowed Frank Crowell
- No bots allowed J C Lawrence
- No bots allowed Alex Kay
- No bots allowed J C Lawrence
- No bots allowed shren
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed Travis Casey
- No bots allowed Roy Trubshaw
- No bots allowed Colin Coghill
- No bots allowed Marc Hernandez
- No bots allowed shren
- No bots allowed Daniel.Harman@barclayscapital.com
- No bots allowed Frank Crowell
- No bots allowed Marc Bowden
- No bots allowed Paul Schwanz
- Boys and Girls - rayzam
- Issue of the "Experience" (Was MMORPGs & MUDs) Michelle Elbert
- Issue of the "Experience" (Was MMORPGs & MUDs) J C Lawrence
- Issue of the "Experience" (Was MMORPGs & MUDs) Michael Tresca
- Issue of the "Experience" (Was MMORPGs & MUDs) Nathan F. Yospe
- Issue of the "Experience" (Was MMORPGs & MUDs) Michael Tresca
- Issue of the "Experience" (Was MMORPGs & MUDs) Alex Kay
- The use of virtual reality in the assessment of spatial skills J C Lawrence
- Boys and Girls - rayzam
- Boys and Girls - Marian Griffith
- Commercial web based MUDs Azeraab
- Commercial web based MUDs Peter Tyson
- Commercial web based MUDs J C Lawrence
- Commercial web based MUDs Peter Tyson
- Commercial web based MUDs Matt Mihaly
- Majestic and Failure of Episodic Games Christopher Allen
- Majestic and Failure of Episodic Games Dan Hon
- Majestic and Failure of Episodic Games Matt Mihaly
- Majestic and Failure of Episodic Games Talies the Wanderer
- [TECH] Eiffel and Assertions... Adam Martin
- [TECH] Eiffel and Assertions... Brian Hook
- text MUDs' character longevity (The Two Towers) Val Trullinger
- [TECH] PS: Eiffel and Assertions... Adam Martin
- GDC (was Majestic and Failure of Episodic Games) Sellers, Mike
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Travis Casey
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day volstoff@brutele.be
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day rayzam
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Koster, Raph
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- Finding What a Gamer Lacks in Their Day John Buehler
- Finding What a Gamer Lacks in Their Day Sasha Hart
- TECH: What about Perl flavored MUDs? James Edward Gray II
- TECH: What about Perl flavored MUDs? Nicholas E. Walker
- TECH: What about Perl flavored MUDs? Luke Parrish
- TECH: What about Perl flavored MUDs? James Edward Gray II
- MUD statistics Elia Mörling
- MUD statistics Sanvean
- MUD statistics Matt Mihaly
- Secure distributed operation (was: Quake II has gone GPL) Nicholas E. Walker
- Economic Growth: NPC pricing Adam Martin
- Economic Growth: NPC pricing Jason Murdick
- Economic Growth: NPC pricing Paul Schwanz
- Economic Growth: NPC pricing Timothy Dang
- Crafting in MUDs Neil Edwards
- Econ paper on EQ Koster, Raph
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Jeff Freeman
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Michelle Elbert
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Freeman, Jeff
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Paul Schwanz
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Cynbe ru Taren
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Freeman, Jeff
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Miroslav Silovic
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Hans-Henrik Staerfeldt
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Michael Tresca
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MU Ds) Koster, Raph
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Dave Rickey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Dave Rickey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) John Buehler
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) J C Lawrence
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Tamzen Cannoy
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Travis Casey
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Miroslav Silovic
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Caliban Tiresias Darklock
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Marian Griffith
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Ola Fosheim Grøstad
- "Advanced" use of virtual worlds? (MMORPGs & MUDs) Jon Lambert
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Christopher Allen
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Matt Mihaly
- "Advanced" use of virtual worlds? (MMORP Gs & MUDs) Christopher Allen
- Creating a MUD - Overview of design Neil Edwards
- Creating a MUD - Overview of design Edward Glowacki
- Creating a MUD - Overview of design Amanda Walker
- Creating a MUD - Overview of design Bruce Mitchener
- Creating a MUD - Overview of design J C Lawrence
- Creating a MUD - Overview of design Daniel.Harman@barclayscapital.com
- Creating a MUD - Overview of design Valerio Santinelli
- Creating a MUD - Overview of design Shane Gough
- Creating a MUD - Overview of design Sean Kelly
- Creating a MUD - Overview of design Daniel.Harman@barclayscapital.com
- Creating a MUD - Overview of design Adam Dray
- Some random thoughts on balance Azeraab
- Some random thoughts on balance Matt Mihaly
- Mud-Dev FAQ part II Marian Griffith
- Worlds of Carnage ( WoC ) blobule@hotmail.com
- Worlds of Carnage ( WoC ) blobule@hotmail.com
- Worlds of Carnage ( WoC ) Blobule@hotmail.com
- Simutronics' premium server Matt Mihaly
- Simutronics' premium server Christopher Allen
- Simutronics' premium server Michael Dekker
- Simutronics' premium server Matt Mihaly
- Simutronics' premium server Martin
- Enforced log out aka "real sleep" Brian Hook
- Enforced log out aka "real sleep" Michelle Elbert
- Enforced log out aka "real sleep" Michael Tresca
- Enforced log out aka "real sleep" Freeman, Jeff
- Enforced log out aka "real sleep" Paul Schwanz
- Enforced log out aka "real sleep" Travis Nixon
- Enforced log out aka "real sleep" Brian Hook
- Enforced log out aka "real sleep" Amanda Walker
- Enforced log out aka "real sleep" Sasha Hart
- Enforced log out aka "real sleep" fred@clift.org
- Enforced log out aka "real sleep" Marc Bowden
- Enforced log out aka "real sleep" Christopher Allen
- Enforced log out aka "real sleep" Matt Mihaly
- Enforced log out aka "real sleep" Skaei@aol.com
- Enforced log out aka "real sleep" Alex Kay
- Enforced log out aka "real sleep" rayzam
- Boys and Paul Schwanz
- Boys and Caliban Tiresias Darklock
- Boys and Girls Marc Bowden
- Chess ("Advanced" use of virtual worlds? (MMORPGs & MUDs)) James Edward Gray II
- Chess ("Advanced" use of virtual worlds? (MMORPGs & MUDs)) Cynbe ru Taren
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? rayzam
- "Advanced" use of virtual worlds? Travis Casey
- "Advanced" use of virtual worlds? Jon Lambert
- BIZ amusing idea (Enforced log out aka "real sleep") Nicholas E. Walker
- BIZ amusing idea (Enforced log out aka "real sleep") Valerio Santinelli