Tremulous Forum
General => Feedback => Topic started by: FisherP on March 19, 2009, 08:00:41 pm
-
Something that I've noticed about the tremulous community which is generally different from other games I've encountered. Of the people playing trem a lot are pricks (no offense intended to those good people I know). This gets in the way of a good game, and many good people leave the community because they don't have to put up with rubbish. One of the reasons I think that tremulous is a lot of pricks is because there's no real penalty. People do what they can get away with, and in trem, that's a whole lot. If they have a dynamic IP, they just reset their modem and go at it again. Any ban by GUID is easily dealt with by removing the GUID file. This can be easily done with a bat/script file.
I've heard a lot of noise about game balance and weapon views etc, but is there much thought into improving the lot of the people behind the scenes. (Please don't tell me to go read the svn, because it's like straining gnats, or finding a needle in a haystack OK)
Other games have some REALLY good player administration tools for the server operators/game admin people. One game I know (Savage2) requires you to log in using an email address. The stats of each game are logged on the master server. You don't get any in-game bonuses for server side stats. If you get banned then you can't get into the game anywhere. What I suggest is that trem introduce a similar system but do it on a three strikes you're out basis. Get banned from three servers, and you need to register again with a new email address. I also suggest that this email address is an ISP only address making it a real penalty.
If you enforce anti-spam, anti-decon then that's the battle half fought.
-
This has been discussed, and it is a terrible idea.
First, this game is not dying because of "OMG SPAM CAMP" or "OMG HE DECUNNED", it's dying because people are losing interest. There isn't that many more pricks in Trem than in UrT or other free games.
Second, banning by email is IN NO WAY AT ALL (/emphasis) harder to evade than an IP ban or a GUID ban.Did I get banned? Oh well, I have 7 other Yahoo accounts.
Third, it would drive off a lot of the new playerbase. (The little there is) We don't want to have to sign up, we want quick action.
Fourth, it would be a near-impossibility to maintain, and would require extensive server resources and extensive coding for the client.
There's also the issue of an open source clients. Don't want to log in? Go get a modded client that bypasses log-in and has a mirror of the master server.
Then, we have to discuss server security. The server that hosts these accounts would undoubtedly be hacked or DDoSed at some point or another, releasing massive amounts of leaked passwords or a complete inability to play the game.
In short, there's no reason to, and we don't want to.
/repeated_rant,
Whales
-
Oh well, I have 7 other Yahoo accounts.
Please refer to my suggestion of ISP only... Yahoo accounts don't comply
Your arguments are just as flimsy (though I'm not too familiar with the server security issues, I'll have to rely on other's say so on that one)
I don't know what you are refering to regarding the modded client... certainly if the game server talks to the master server to prove identity of the one trying to log in there would be no avoiding that, unless the game server is haxed. I didn't know that the master server can be mirrored :-? Is this a security issue with the master server? Has this been done before? Maybe the tremulous devs can talk with the Savage2 Devs to see how they've implemented it. I don't think that Savage2 is OpenSource though and they may have a patent pending.... but what can it hurt to ask?
Please do not tell me that the game is purely dying due to lack of interest. I've chatted with too many people who tell me that they've left for no other reason than the jerks and pricks that made thier gaming experience a negative one. Do not claim to know something that you don't.
Regarding your concern that it would drive player base away... what do you think the pricks do now? Oh, and if you think that the whole login process will reduce the player base, that argument is very poor... there's other games out there with a similar system to what I'm proposing, and they are gaining more players because for the same reasons as I'm saying here. Of course they also provide additional functionallity for a small fee.
If you have doubts please feel free to try out Savage2... if the devs here will allow it, I'll provide the link if you can't find it on google yourself.
-
Replying to the same discussions over and over again is so damn tiring...
1. Go to a server that is well administered
2. How are you determining what an ISP only email adress is? I don't have one, so I shall not play?
3. Why do people always think they have THE SOLUTION(tm) when all they do is blurt out huge amounts of DUH
-
hurr durr im a drooling moron with less grey matter than blood2.0
-
Fisher, you missed the entire part where this is AN OPEN SOURCE GAME.
If someone wants to release a modded client that links to a mirror of the master server, allowing you to connect to servers without login, it can be done.
If someone's leaving because there's too many assholes, they're either playing on the wrong server, or they did something to bring aggression on.
Tremulous does not have an abnormal amount of pricks. If you see any less in a game like Counter Strike, then you're playing on a server with no chat, no FF, no collision, no sprays and no names.
I don't have an ISP email account either. I guess many of us here wouldn't be able to play.
Login systems may work for games like MMO's, where there's something to be gained or lost; they also work for paid games, as there's very few ways to verify paying customers other than.
Your argument that login systems keep pricks away is a VERY flimsy one. Go play any MMO in the history of ever for about five minutes. You'll find some dick ready to ruin your game around every corner. In fact, many people sign up JUST so they can go be a prick.
You're trying to tell us to be like Savage 2, but these are totally different situations. Savage 2 is a closed-source game, making the login system viable. Tremulous is an open-source game, meaning anyone can do whatever they want.
This (lovely) zombie of a game has a great lack of interest, as most people have tried it/are done with it, and anyone new has to go straight to servers like AA if they want a match with more than 4 people. If you quit a game because of "OMG PRICK", try quitting life, there's a lot of them out there too.
Whales
-
if(tremulous.is_open_source()) {
thread.set_moot(true);
}The whole point of open-source software is that you can change or fork it if you so desire. I guarantee that any system you can propose will be able to be bypassed by anyone with a handful of coding skills. Hell, getting around the pure check is fairly easy too — for obvious reasons, I won't mention any specifics here.
Also: The "jerks and pricks" can only be found on bad servers; in Tremulous, these are the equivalent of the ghetto. Have you been playing on X? I bet you have.
Additionally: If someone is being a jerk/prick at you, it's usually because you're acting stupid or otherwise being a jerk/prick yourself. Just be polite, have some basic manners, and don't be an idiot.
-
This has been discussed, and it is a terrible idea.
First, this game is not dying because of "OMG SPAM CAMP" or "OMG HE DECUNNED", it's dying because people are losing interest. There isn't that many more pricks in Trem than in UrT or other free games.
I play UrT and Trem. Trem has by far more arseholes. I'd imagine it has something to do with it's slow gameplay which gives people time to talk instead of play.
Also: The "jerks and pricks" can only be found on bad servers; in Tremulous, these are the equivalent of the ghetto. Have you been playing on X? I bet you have.
Fisher and myself both play on Tremwars and Game Arena mainly. X server is complete and utter bullshit in regards to game play.
While I'm not a big fan of this sort of idea it could work albiet with a bit/lot of effort. Probably the easiest idea would be you authenticating against a master server each session. The master server would provide you with a temporary GUID or similiar. You then present this temporary GUID to the game server. The game server then sends your temporary GUID, ip and account name to the master server. The master server verifies that the IP and temp. GUID match the account. If the verification succeeds then you can join the game.
I don't think there's a problem with that idea except for the amount of coding/resources it would require.
-
I don't think there's a problem with that idea except for the amount of coding/resources it would require.
it drives away new players better than an engine requiring a $300 video card.
-
A lot of free games require you to sign up using an email address. It's really not such a big deal especially compared to the hoops players currently have to jump through before they can play Trem (find and download a client for instance).
-
Like finding and downloading a client is a particularly difficult hoop to jump through. ::)
-
Compared to signing up with your email address then yes it is. Especially when the official sites makes no mention of other clients.
-
Look, regardless of how much you want it, it is never going to be implemented. Ever.
You could, of course, write such a system yourself — Tremulous is open-source after all.
-
... it is never going to be implemented. Ever....
Is this coming from the same mob/mentality that said that the slow turrets (from an earlier svn of 1.2 'upgrades') had nothing wrong with them.
Never say never, it's a long time.
I understand that this idea was possibly brought up before (i may have done it in the past already) and if the question of security has been brought up soooo many times in the past that the development team have grown sick of answering the concerns don't you think that it's a cry from the gaming community for something better than is already in place.
I also note that my question about what improvements HAVE been implemented to the administration of Trem has been TOTALLY ignored in favor of a flame campaign directed at a serious concern that a member of the trem community has raised. You say there's not any more pricks than other games... do you even know what one is? maybe look in a mirror because I see one in the flames that you spread.
Seriously people, I've heard stories about what benefits the players will see in the game... what about those who administer the game? Has this been ignored? If you all seem to be so all knowing about what cannot be done, what have you done with what you can do?
Are we all to just accept some weak excuse that because it's open source there's nothing we can do? I DON'T BUY IT. yea mods can be written, but so what. Why not TRY to make the game administrators life EASIER ffs.
Where is the list of improvements for the administrators !!!!!!!!!!!!!!!! What's being done for them?
Like finding and downloading a client is a particularly difficult hoop to jump through. ::)
Which client? the only client I can find in the official download section is for 1.1.0 vanilla. Is there any other?
I don't think there's a problem with that idea except for the amount of coding/resources it would require.
it drives away new players better than an engine requiring a $300 video card.
Do you have any proof, or are you relying on FUD If you have proof that systems such as this reduce the player base of games then you have a valid point and I'll say no more about the matter. If you are reacting based on FUD, then I would suggest you re-think your stance on this matter. In addition elsewhere it's said that the changes implemented in 1.2 are in themselves going to drive people away. If it drives some away is that a bad thing? Could the very changes that drove them away attract others? I don't think we shouldn't "throw babies out with the bathwater" without careful consideration.
-
Look, regardless of how much you want it, it is never going to be implemented. Ever.
You could, of course, write such a system yourself — Tremulous is open-source after all.
Which doesn't mean it'll be accepted into Trem though. If the devs/community don't want such a system then it doesn't matter how well it's coded it won't be accepted. Not only that but this is the feedback section. By definition most/all of the ideas proposed won't be implemented :P
I'd like to restate that I'm ambivalent towards such an idea as proposed by Fisher. While it would be nice to have I don't think it's quite worth the effort. Of course if someone did decide to write such a patch I wouldn't complain.
-
Old idea is old. Please search before posting.
Admins have more tools and powers in this game than 99% of other open source games.
If you are so concerned with what is being added/removed READ THE CHANGELOG (http://projects.mercenariesguild.net/projects/tremulous/repository/revisions). Nobody who is coding has time to go through and summarize all the changes just for your sake. There are people out there who do this and google and forum search will help you find them.
Khalsa
-
Yeah this idea is very old. About 3 years old in fact (I had to search for ticket to find it....). Considering the length of time do you really think it's such a bad idea that the issue be re-examined?
Just because Trem has more admin tools then most other open source games doesn't mean we should stop looking at ways to improve the admin situation. I mean Trem has more alien vs human action then most other free games. Does that mean we should stop concentrating on the alien vs human aspect of the game?
-
Nothing has changed in those 3 years. If you read the original threads, all of the arguments still hold.
Personally I think trem might be coming up on having too many admin tools. Every "good" server with active admins has soooo many tools, commands, and things at their disposal that there are rarely ever any problems.
And I think you're right, maybe we should rethink this whole alien thing...
Khalsa
-
Admins have more tools and powers in this game than 99% of other open source games.
Sorry to sound disrespectful but is this a valid excuse for not wanting to improve on what's already there.
Thanks for the link to the CHANGELOG but I've looked in the log back to late 2006 and I really only see improvements/bug fixes in the systems that are already in place in the tjw version of tremded eg "(bug 3096) bans sometimes fail inexplicably". I know there's commands in some qvm's out there to download the buildlog and some other things, but I'm sorry I didn't see anything worth mentioning apart from some fixes to broken systems.
I did notice however flood protection which is a real +1 from me
Another example of a fix to a broken system :
(bug 2954) when g_admin is enabled use !ban [ip] instead of !kick [slot]
on vote kicks. this is to deal with people disconnecting before the
vote ends to avoid the temp ban and prevents an innocent from grabbing
the slot only to be kicked when the vote ends. ...
-
I think that global registering system would be good. Yes, you can use new email and activate new account, but it's one more step what bad player need to make. Also player will lose his nickname and his statistics (if any will be) and all admins rights on other servers. Nobody can steal nickname etc.
GUID would be in master server database, you can reinstall system and you need only nickname and password - no admin loss anymore.
If someone wants to release a modded client that links to a mirror of the master server, allowing you to connect to servers without login, it can be done.
How? He can links to his master server, but game server expecting response from original master server, isn't?
-
@FisherP
I DO administer a server. And the admin situation has been improved constantly over the past two years. I do not miss any tool at the moment. If you have enough admin coverage on a server, there is no need for drastic new tools.
Your claims are invalid. YOU are the one who spreads FUD.
-
Bissig: What server? And how do you solve dynamical ip address? Subnet bans? Don't you think that new registration, new email, new nick, all stats from zero, losing all admins etc is another good thing for admins?
-
Nothing has changed in those 3 years. If you read the original threads, all of the arguments still hold.
Actually only thread I found that had a very similiar idea was by Fluffy and everyone pretty much just said "yeah, that's a good idea".
Personally I think trem might be coming up on having too many admin tools. Every "good" server with active admins has soooo many tools, commands, and things at their disposal that there are rarely ever any problems.
I agree actually. Do we really need half of the commands available too most admins? I don't really think so. I only every use kick/ban and sometimes mute (exculding the commands needed for a scrim).
@FisherP
I DO administer a server. And the admin situation has been improved constantly over the past two years. I do not miss any tool at the moment. If you have enough admin coverage on a server, there is no need for drastic new tools.
As do I until recently and Fisher was an op on the main Aussie trem server for a fair time. I think most people on this thread have had a fair amount of admin experience.
This idea can be seen as not another new tool that has limited uses but an extension to the ban system. It adds another step that ban evaders have to complete before they can rejoin the server. Also as rotacak pointed out this system could have other uses (although some of those ideas have their own problems).
-
YOU are the one who spreads FUD.
OFF TOPIC
FUD = Fear, Uncertainty & Doubt
Hrm, please tell me of anything that I've mentioned that has or can spread Fear, or Uncertainty, or Doubt.... unless it's true (maybe I am spreading it. Oh, noes Trem is going to MAJORLY FAIL if it doesn't have the username/password authentication)
ON TOPIC
I'm pleased that they are improving the Admin tools/command set but can you name which of them will be in 1.2? Perhaps you can enlighten me of the ones you are using from that changelog. I can't find much that's new there (again from TJW's work, not 1.1.0 vanilla). Are you an admin on the official MG Dev server?
Edit:
The only reference to the username/password idea I've found is in this thread http://tremulous.net/forum/index.php?topic=1012.0 is there any others??
-
Bissig: What server? And how do you solve dynamical ip address? Subnet bans? Don't you think that new registration, new email, new nick, all stats from zero, losing all admins etc is another good thing for admins?
I'll answer this one.
Bissig currently OPs SST and the N servers, afaik.
Solving dynamic IP's? !namelog person, !showbans IP, !ban evader. that's not so hard, now is it?
Subnet bans can use !subnetban, then you can !suspendban and give !immunity to any unfairly blocked players.
I have no clue what you're talking about in this fourth part.
-
Solving dynamic IP's? !namelog person, !showbans IP, !ban evader. that's not so hard, now is it?
Another clueless, half brained reply.. this only works IF the idiot logs on immediately after WITH a similar name. So, the evader logs on next day or at random times, new name, new IP. What r u gunna do? What about people that your other admin's ban under a different name. You still have idiots roaming your server AND YOU ARE POWERLESS to stop them.
Subnet bans are a pathetic attempt to block idiots because there's no BETTER way to do it. They prevent anyone from the same ISP from entering unless you KNOW for certain the "trusted" IP addresses. If you are going to go down that path, why not have a register of trusted IP's or whatever ID you wish to give them. Oh, I know why we don't... 'cause it sounds TOO much like a username/password authentication process.
Killer, if you are going to make good arguments then direct them at people who haven't been there before... you might sound smart.
Do you know for certain that !subnetban or !immunity are going to be in 1.2? Have you looked at the changelog. I didn't see them in there when I looked. Have you made some assumptions that because you are currently using them then they must be in 1.2? If you don't know for certain... and you seem to use them ... wouldn't you like to know for sure that those commands are going to be there? If they aren't in there wouldn't you like them to be?
Bissig: What server? ......
I'll answer this one.
Bissig currently OPs SST and the N servers, afaik.
So tell me, what exactly is Bissig's authority when he talks about what admin commands will be in 1.2? Does SST or N use exactly the QVM that MG are using?
-
This has been discussed ad nauseam. There are threads for it, and there are discussions of it buried in other threads.
Some of the problems I've noticed:
Any centralized system means someone is at the center. That person can potentially ban at will from all servers(depending), or quietly remove bans, or finagle accounts, change accounts, disable accounts, etc. How about a server operator pisses off the master server operator and then has their account vanish? Is there any recourse? Now you need a whole jury type structure to handle such disputes. Wait, I'll run it. Crown me the king of tremulous!
Different master servers for different versions? Buh Bye tremulous.
All servers are donations, essentially. If I run a server, why should I relinquish control of it to others from other servers (who will also be banning people)? Why should you trust me to not ban your friends from my server? (and ultimately from your server) Why should I trust that some centralized system is fairly handing out accounts and cannot be abused?
You can't stop me from setting up new accounts. Its open source software, you cannot run anything on my machine that I can't manipulate, much less manipulate the source code of, so thats out.
You cannot set up a system with enough integrity that doesn't also abuse my right to privacy. Want to see a bill to verify my address? Noone would do that, suggesting it is silly ;) .
Restrict email addresses to something? Think of any combination of letters you can imagine and multiply it by the number of root domains. Now, make a list of which ones are allowed/disallowed. Make an exception for gmail or yahoo mail? Now its even more worthless but it still takes 47.8 hours to parse your domain list.
Ultimately, you can't make a system that doesn't centralize power away from the server operators in a way that is acceptable to the server operators. The closest thing I've seen is a web of trust idea, where servers can choose to share a system (or not). But telling all server operators that someone else will be deciding who can/cannot play on their server is just silly and would never work. A web of trust at lease allows friendly server operators to share bans/admins/whatever, but wouldn't require it.
What it really comes down to is: If banning me from one server doesn't ban me from all servers, and I can make a new account, what is all this work for?
My last question, who's paying for all of this? You'd need strong keys so admins/master server operator couldn't take over accounts, centralized authentication, etc. How fucking big of a server/pipe do you expect someone else to donate so that you don't have to admin your own server? Sure, looking at keys is easy. How about looking at 1000 of them? Strong keys would be larger, more bandwidth. This game isn't exactly kept alive with donations to the site you know.
Alright, so this is pretty disjointed and not very eloquent. I jump around varying concepts of what such a master server would be without actually pointing out that every argument may be the result of a different concept of such a server. I may search for more later, when I'm awake and have more time. :D Just think of some of these as questions to ask yourself no matter what kind of master server you envision.
-
tuple,
For a change, a response on this thread that's intelligent (apart from danmal and rotacak), thank you.
I'm not saying that my idea was perfect, I never do. Some details might not be robust BUT it was a concept, not a detailed plan. Well, how about an opt-in approach, those server operators that want to operate that way can. Others who don't can forget it... or (and this is a little excessive) have the process at the server level. I know that I only have a handful of servers that I visit. This can be an optional feature too perhaps. A third idea, a bit of a union of the two... have a master table but the bans are localized to the game server. I will admit that there is still an additional load on the master server every time some one attempts to log in. If you are concerned about the database getting too large... purge all accounts that haven't logged in for 12 months.
Oh and if it takes >40hours to get a ISP email address then it's a guaranteed 40 hours ban, unlike the un-guaranteed 2 minute ban that trem has now. I've known people to boast that they can get back into a server in under a minute. What I'm asking for, isn't an excuse to not admin a server. What I'm asking for is a better way to admin the server. I mean 'cmon most of us have day jobs too you know.
Certainly the additional traffic for one server isn't much. To be frank I don't think the additional load on all the Trem servers put together wouldn't be that high at the moment judging from the number of empty servers. Oh, and this forum already has a key base.... everyone who logs into the forum has a key. Is it unwieldy?
All I ask is dialog about the possibilities, it does no harm to dream, or to discuss issues. Flames on the other hand are someone's pathetic excuse to look smart.
-
Bissig: What server? And how do you solve dynamical ip address? Subnet bans? Don't you think that new registration, new email, new nick, all stats from zero, losing all admins etc is another good thing for admins?
I'll answer this one.
Bissig currently OPs SST and the N servers, afaik.
Solving dynamic IP's? !namelog person, !showbans IP, !ban evader. that's not so hard, now is it?
Subnet bans can use !subnetban, then you can !suspendban and give !immunity to any unfairly blocked players.
I have no clue what you're talking about in this fourth part.
If you ban dynamic IP now, one second later is deconner back and someone innocent can be banned. If you use subnetban, you will ban many players. But how you can give them immunity? They cannot connect, they will not contact you - they just connect to other server. And most probably - they have no GUID.
Now is there only one way how to keep good game - always enough good admins online. And that cannot be done on servers what are new or less populated, because they have zero or few players, admins even fewer.
This password solution will not solve everything, but it can help. Sure, this is no MMORPG, but why not make some similar? Look:
New player need to register. He need email adress, nick and password. Account need to be activated from email message. Email with registration can be delayed 30 mins etc. Ok, player can now play with his nick. He can gain score/kills/time/anything in statistic for each server - can be displayed on master server page. Player will gain few admin rights on some servers. Player will reinstall OS and lose password, but he can request for new password what will be sent to his email. Ok, he is back with his nick, stats and admins. Player being idiot and start deconning. He is banned from one server and in master server stats is vissible where is banned, why and how long (others admins can pay atention on him on their servers). His ip is not need to be banned. And what now? He can play on other servers or he is still idiot and want to return back to this server. So he need to make new email, make new registration, wait 30 minutes, activate new registration and he can return back to this server. But he lose all global stats, nickname and admins. And he will be banned again, maybe even with ip address and GUID (yes, it can be changed, but many deconners don't know how). And what now? Again that procedure with registration? Atleast it is more work for idiot (whole registration), than work for administrator (!ban idiot).
Also if you meet with "Rotacak" in game (regardless on what server), you can be sure that he is really Rotacak and nobody else who want be only so popular like him ;D
Any centralized system means someone is at the center.
Why? You can ban anyone on your server, nobody else care about your bans.
That person can potentially ban at will from all servers(depending), or quietly remove bans, or finagle accounts, change accounts, disable accounts, etc.
It's same like this forum. Khalsa can quietly delete anyone etc...
You can't stop me from setting up new accounts.
No, but it decrease amount of idiots and make harder to create new identity.
My last question, who's paying for all of this?
I don't think that is hard. Registration is quite easy.
-
Making people wait 30 minutes before they can play is a great way to drive people away.
-
Making people wait 30 minutes before they can play is a great way to drive people away.
You will do that only once.
I created account for online game Fantasy Tenis. Email was delivered after 4 hours later. It's common to make account somewhere and wait for activating email. That can take some time. So you will not play immediately first day. But how we can see around MMORPG games, nobody care and nobody running away.
-
My last question, who's paying for all of this? You'd need strong keys so admins/master server operator couldn't take over accounts, centralized authentication, etc. How fucking big of a server/pipe do you expect someone else to donate so that you don't have to admin your own server? Sure, looking at keys is easy. How about looking at 1000 of them? Strong keys would be larger, more bandwidth. This game isn't exactly kept alive with donations to the site you know.
OK, let's try and estimate how much of a burden this will be. At it's hey day trem attracted about 7,000 players in a day (http://tremulous.net/forum/index.php?topic=6928.msg104417#msg104417). let's assume that Trem1.2 will be twice as popular so we might expect 14,000. I don't know a whole lot of what's needed but let's assume that you only need 1kbyte to be transacted which includes all the cryptography and player details (I'll say again this is my biggest, most doubtful assumption). In a days traffic the master server would transact about 14,000/1024 = 13.6Mbyte a day, or 410Mbytes a 30 day month.
I don't know one way or the other if this is onerous or not. Only the owner of the Master Server can answer this I feel. It would be too much for me, but then I'm on a domestic server with limits on how much i download
-
@OP: Consider yourself lucky — there was a time when I would have flamed the shit out of screaming pundits like you.
I notice that you've said a number of variations on "another clueless, half-brained reply". Do you really think that's any way to convince people of your idea's validity? Especially since, compared to the rest of us, you are relatively new to this forum.
All I'm saying is, tread carefully. It's very easy to make enemies here.
-
1. You are talking about a complicated solution which even large organizations fail to implement in 3-5 years for a game with about 200 servers and about 300 players up to 600 players max online at the same time. I think the already sparse developing resources can be put to better use
2. No server with a medium to large player base uses a vanilla qvm
3. Serial griefers want one thing: Recognition. They usually use the same name, a similar name or a name out of a group of names. I have administered alot and I know many serial griefers. Other occassional griefers can be stopped by auto-kick automatism with auto-reverting of structures
Your idea is so out of proportion that the only comparison that comes to mind is: Guarding an ant farm with an Apache helicopter.
-
@OP: Consider yourself lucky — there was a time when I would have flamed the shit out of screaming pundits like you.
I notice that you've said a number of variations on "another clueless, half-brained reply". Do you really think that's any way to convince people of your idea's validity? Especially since, compared to the rest of us, you are relatively new to this forum.
All I'm saying is, tread carefully. It's very easy to make enemies here.
Who is screaming? I'm trying to provide feedback, and I've had very little intelligent discourse regarding this subject. I am just trying to point that out to the readers of this forum. As for flaming the shit out of me, I'm afraid doing so would show me (and others) how brainless you could be. Though I do value the fact that you seem to have grown up.
It's next to impossible to make friends on this forum so making enemies is the norm.... I only claim a post to be clueless or half-brained when there's no facts, based on FUD, or the poster is only intrested in flaming.
Regarding validity of my claims make up your own mind.
Relatively new to this forum? If you care to look at my profile (simple click of the button), I've been a member here since August 08, 2006, 02:04:16 AM and you? I see that you have joined when? Ahhhh, August 29, 2008, 12:01:57. No, I've been a Tremulous player for a long time (two years longer than you it seems). I've been around. I just don't post up all the time.
@Bissig: Sorry, but all I hear from you is BLA BLA BLA, what it comes down to is I'm not sure that you are qualified to say whether or not this sort of system has failed on commercial games or that it's not worth implementing in Trem. In addition you haven't addressed my question about if you KNOW those commands you are using are in 1.2 or not. The rest of your post is irrelevant we've already discussed the deficient banning system that exists currently. My proposal is for an improvement if you don't want to discuss this rationally then don't post.
Edit:
If I am screaming it's because I'm frustrated that no-one seems able to tell me what admin commands are in 1.2. It seems that no-one knows. I feel that the dev team has a responsibility to the server operators (donators) to provide them with this list of possible changes to the admin tools. That changelog that khalsa nicely provides does not show enough of the details. Of course it might provide everything, which should be the cause of great concern to the server operators because many of the tools that they have now are not mentioned therefore do not exist in 1.2.
-
Well, the admin commands we use now are not technically "1.1", per-say. They're actually community-made patches.
I'm sure most, if not all of these commands will be ported over for use very quickly.
The point that all of us have been trying to get across here is:
The current admin system works, and trying to do anything like you're saying would just create a lot more work to enforce.
Whether it be creation of, maintenance of, or anti-circumvention measures; it's not worth it, as we have the tools to do everything needed.
-
Killer,
Thank you first of all for being honest and open with admitting that you do not know what's going to be in 1.2. Thanks also for your point of view. I do understand that this is how you feel. I would though if I were you petition the development team to inform the server operators (including yourself) of what tools are going to be put in. I have a suspicion that there's going to be a rude shock when 1.2 comes out. I hope not for yours and many others sake, but up till now I haven't seen anything to indicate otherwise.
Your opinion of the current admin system is not necessarily shared with other people (as I've tried to point out). I would ask you to respect that and not to flame other peoples point of view for the sake of it, especially when the concept hasn't been properly fleshed out.
-
The reason this kind of system works on commercial games is that once you get banned, you need to waste money to buy a new account. Since Tremulous is a free game, that doesn't work, even with your time restrictions and all that.
On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.
-
The reason this kind of system works on commercial games is that once you get banned, you need to waste money to buy a new account. Since Tremulous is a free game, that doesn't work, even with your time restrictions and all that.
On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.
My friend there's two things I'd like to say.
1) I think any of these delays are incentive enough + it provides a better piece of mind that someone banned will not just pop back on in < 2 minutes
2) I +1 your TODO list, it sounds suspiciously like the scenario I had in mind... though I'd personally make logging in compulsory. This is a very good idea you had (seriously and without sarcasm).
-
Amanieu: I was talking about free MMORPG games. I playing only these and registration cost 0 money.
Your TODO is good, but I fear that there will be halfsucces, because it will be optional.
-
This has been discussed ad nauseam. There are threads for it, and there are discussions of it buried in other threads.
Some of the problems I've noticed:
Any centralized system means someone is at the center. That person can potentially ban at will from all servers(depending), or quietly remove bans, or finagle accounts, change accounts, disable accounts, etc. How about a server operator pisses off the master server operator and then has their account vanish? Is there any recourse? Now you need a whole jury type structure to handle such disputes. Wait, I'll run it. Crown me the king of tremulous!
First off I'd like to say that yes this discussion has popped up a few times but usually they're all slightly different from each other and as such have their own faults. Hopefully we can iron out any possible faults in this version of the idea though :D
I see what you're saying but couldn't someone modify the current master list server to prevent a server from showing up? Also I think the bans should remain on the game server. The master server would only provide identification details (these could include statistics, sign up name, clan, prior bans, etc) to the game server.
Different master servers for different versions? Buh Bye tremulous.
Ehhh... not quite sure what you mean here.
All servers are donations, essentially. If I run a server, why should I relinquish control of it to others from other servers (who will also be banning people)? Why should you trust me to not ban your friends from my server? (and ultimately from your server) Why should I trust that some centralized system is fairly handing out accounts and cannot be abused?
You're right and I don't think the idea of shared banning across all servers could work properly. People could just create one time servers and trick players into entering it and then banning them.
You can't stop me from setting up new accounts. Its open source software, you cannot run anything on my machine that I can't manipulate, much less manipulate the source code of, so thats out.
You cannot set up a system with enough integrity that doesn't also abuse my right to privacy. Want to see a bill to verify my address? Noone would do that, suggesting it is silly ;) .
It's mainly the inconvience factor. Currently it can take less then a minute (if you're good) to evade a ban. If you have to additionally sign up for another account and create a new email address then the time factor increases pretty rapidly. You'd have to remove some email hosts like mailinator and a few others which are similiar but I doubt you'd have to remove all free email addresses.
Restrict email addresses to something? Think of any combination of letters you can imagine and multiply it by the number of root domains. Now, make a list of which ones are allowed/disallowed. Make an exception for gmail or yahoo mail? Now its even more worthless but it still takes 47.8 hours to parse your domain list.
I'd only remove the popular mail hosts which are specifically designed to allow you to sign up to a site with no email address.
Ultimately, you can't make a system that doesn't centralize power away from the server operators in a way that is acceptable to the server operators. The closest thing I've seen is a web of trust idea, where servers can choose to share a system (or not). But telling all server operators that someone else will be deciding who can/cannot play on their server is just silly and would never work. A web of trust at lease allows friendly server operators to share bans/admins/whatever, but wouldn't require it.
I think you're right here. I'm not sure how you could share your bans among friendly server operators without using the master server (unless the servers connect directly to each other...). However if there was an option to upload bans to the master server it may work. This would allow other servers to select that they would accept all bans from server 111.111.111.111:9999 for example. However such an idea could easily spin out of control in regards to complexity.
What it really comes down to is: If banning me from one server doesn't ban me from all servers, and I can make a new account, what is all this work for?
It might be different in America but in Australia it's basically one server is full at one time. If you're banned from that server you don't have anywhere else to go. Again the main reason would be the convience factor. It's a lot more work to create a new email account and create a new account then it is to ban evade currently.
My last question, who's paying for all of this? You'd need strong keys so admins/master server operator couldn't take over accounts, centralized authentication, etc. How fucking big of a server/pipe do you expect someone else to donate so that you don't have to admin your own server? Sure, looking at keys is easy. How about looking at 1000 of them? Strong keys would be larger, more bandwidth. This game isn't exactly kept alive with donations to the site you know.
First off I'll admit I don't know much about cryptography. However why does it have to be anymore complicated then the current database for the forums. The passwords of the users are encrypted and they can't be decrypted by the site owners. Remember I'm not advocating that the password be sent to the game server just a temporary ID.
Alright, so this is pretty disjointed and not very eloquent. I jump around varying concepts of what such a master server would be without actually pointing out that every argument may be the result of a different concept of such a server. I may search for more later, when I'm awake and have more time. :D Just think of some of these as questions to ask yourself no matter what kind of master server you envision.
The main problem with such a master server idea is not technical ones. It is instead developer effort. It's a fairly large task and if nobody wants to code it then it won't get created. However this doesn't stop us from discussing the idea in case by chance a developer drops from the sky and notices this thread on his way down :P
On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.
Sounds like a good idea (similiar to what is being advocated in the thread as well). How do you plan on protecting the clan tag though? Would the server kick/rename players who are not in the 'database' of allowed clan members? If so then how do you deal with people who do not use the private key? Would they be banned from wearing the tag even though they are actually in the clan?
-
Relatively new to this forum? If you care to look at my profile (simple click of the button), I've been a member here since August 08, 2006, 02:04:16 AM and you? I see that you have joined when? Ahhhh, August 29, 2008, 12:01:57. No, I've been a Tremulous player for a long time (two years longer than you it seems). I've been around. I just don't post up all the time.
Yes, I noticed. Don't assume I'd make such claims without doing some research first.
By "new" I mean "not having participated as much". And how are we to know you've been active all that time? Who knows, you could've been in a two-year coma without us knowing.
Anyway.
Let's have a group hug?
[another thing] How is one's forum join date any indication of how long one has played Tremulous? I didn't even realize there was one until two years after I'd got hooked.
-
The main problem with such a master server idea is not technical ones. It is instead developer effort. It's a fairly large task and if nobody wants to code it then it won't get created. However this doesn't stop us from discussing the idea in case by chance a developer drops from the sky and notices this thread on his way down
I don't see any large task. It's basically very simple. Login+pass -> master server -> sending ok -> game server -> allow join. It's only basic autentization and small changes in server qvm.
-
It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.
-
Yes, I noticed. Don't assume I'd make such claims without doing some research first.
By "new" I mean "not having participated as much". And how are we to know you've been active all that time? Who knows, you could've been in a two-year coma without us knowing.
Anyway.
Let's have a group hug?
[another thing] How is one's forum join date any indication of how long one has played Tremulous? I didn't even realize there was one until two years after I'd got hooked.
Ahhh, I see your meaning, new=non-participant ??? Regarding this, the definition of assume is to make an ass out of u and me, it doesn't do any good to make them.
I agree with you about the metaphorical group-hug. It's a shame that it had to come after flames and a bit of aggravation. A realization that we are all intelligent and an attitude of "Let's all discuss this rationally". I understand that most people have good intentions, but it does no-one any good to try and flame others ideas. If you want to tell someone their idea is rubbish, point them to a better way constructively. (And I don't believe that throwing more administrators at this issue is a better way)
And for the record, I'm never one to be satisfied with the status-quo. I'm a dreamer or a visionary. I hold a mirror up to other's contentment and challenge them to think better. I strive for the future. If you don't want to go there, that's your prerogative.
I maintain through all of this that a) the current system can be improved , and b) no-one seems to know what admin improvements have been made to Trem 1.2
It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.
This is good stuff, do you mind elaborating a bit... to 'educate the masses' I am curious.
-
It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.
Account creation system = easy.
Link with master server - master server need to look into database, compare login/pass and send info to game server. Its like authoring system in this forum or anywhere else.
It will break lots of stuff - yes. Tremulous 2.0 will appear :)
-
I could easily set up a server that logs all the logins and passwords it sends to the master server and hijack every player's account that was ever on my server. :o
Maybe security isn't that easy, is it ?
-
I could easily set up a server that logs all the logins and passwords it sends to the master server and hijack every player's account that was ever on my server. :o
Maybe security isn't that easy, is it ?
Really? Do same thing with logins and passwords in this forum then.
-
You surely don't use the same password on a public forum and your 'real' accounts ? :police:
Ok, back on topic. A secure authentication system is not easy to implement if you have control of neither the clients nor the servers. IMHO the best would be a ticket system ala Kerberos, i.e. the client logs in to an authorization server, the authorization server grants the client a signed "ticket" which the client passes on to the game server. The game server verifies that the ticket comes from a trusted auth server and allows the login.
This way there's no trust needed between the client and the game server, both only have to trust the auth server. (Btw. the client doesn't need to transfer the passwd in cleartext to the auth server, there are ways to check the password without actually giving it away to the auth server).
This wouldn't even require one centralized auth server, there could be several alternative auth servers to choose from.
-
This way there's no trust needed between the client and the game server, both only have to trust the auth server.
But I saying same thing. There is master server (and only one). That server will collect all accounts. He will send to gameserver only "ok, player can connect" or "no, player cannot connect".
-
@gimhael, Good stuff. I was thinking of sending the auth stuff straight to the master server, and bypassing the game server pretty much in order to get a ticket. The ticket mind you would be pretty much like a GUID, where the master hashes the password, email address and a unique number/key known only to the master. This would be, like I said pretty much the same for each player but unique for each game server. I think this might be a little confusing but i don't have time to explain more. The reason it's a fair constant is so that the game server can use it in the ban table, or the valid player list (whichever is easiest). I guess in a way it's an extension of the GUID system but stored on the servers, not on the client machine. The main thing is, that a players ID on each game server is unique. In this way a ban on one game server is not a ban on another, and noone can steal the password, because it's hashed before it gets to the game server (even before it gets the the authentication server).
-
1. This is a public forum. I post my opinions or rants as much as I like or the mods allow me to
2. From all your posts I only gather one information: You have never managed a server with a huge playerbase. You have no clue what admins need or don't need. So stop disregarding everything I say.
This is my last post in this thread because you start to severely aggravate me.
-
1. This is a public forum. I post my opinions or rants as much as I like or the mods allow me to
Yes, your opinion is as valid as anyone elses, just don't expect to be treated seriously when you rant, or flame.
2. From all your posts I only gather one information: You have never managed a server with a huge playerbase. You have no clue what admins need or don't need. So stop disregarding everything I say.
Well, I've never been an admin on an American server, so if that's your definition of a server with a huge playerbase then no, I haven't. Regarding disregarding what you say, are you not doing the same to my ideas? I do hear what you are saying. Are you at least doing the same for what I am saying? I don't get that impression.
This is my last post in this thread because you start to severely aggravate me.
That's up to you
EDIT:
Are the commands to auto-revert or auto-kick going to be in the 1.2 release?
-
Fisher, you are missing the point that nobody uses the default QVM.
Lakitu7's QVM, the one that 90% of servers use currently, is not the default 1.1 QVM.
In the same way, people will not stick with the vanilla 1.2 QVM.
People will update commands, make commands, port commands, and do whatever else they can to make the QVM Z0//.G-uB3r-4w350//.3-1337h4x. (Pardon my 1337)
We don't need a command to be included for it to be used.
-
Killer, I appreciate that, most of the servers out there currently are not stock, and those that are, probably reside on some persons private computer who doesn't know any better. But does that excuse the Dev team from improving their own work? Or, for that matter include other people's work so that the 'custom' qvm's don't need to be so different? OR to tell the people who are contributing to the community what to expect (or not to expect). The more I think about it, the more I believe that most of the custom commands are not going to be included (but then Lak is now in the dev team, so who knows).
I do appreciate that there's a lot of people out there doing modification work to Tremulous. However, until all that porting happens a lot of server operators will have to wait. There's going to be a lot of disruption and being forewarned is forearmed.
Yes, I'll admit that there's a lot of admin commands out there, but until the custom 1.2 QVM's are out there's going to be a lot of "WTF, NO ROLLBACK" or whatever command you are used to. Additionally, maybe some of them are redundant, or ineffective therefore could be removed without much trouble.
I have to admit I haven't administrated a Lakitu7's server so I'm not all that familiar with his improvements. But I know that the dev team thought high enough of him to invite him into the dev team. Maybe he might enlighten us on how much of his work will be included in 1.2. I'd like to hear more from the dev team on this issue.
I re-iterate that I believe that amongst all this chatter about in-game improvements to 1.2 there should also be some notification from the Dev team about the server side.
-
OK, I guess since there has been no more discussion, or any of the Dev team come to shed any light on what's going to be in, I would make an attempt (with my limited knowledge) at making a list of which of Lakita7 (and one Risujin's) commands I do not see in the Changelog that Khalsa provided. Remember this list is what's NOT going to be in 1.2
* 1 - cannot be vote kicked, vote muted
* 2 - cannot be censored or flood protected TODO
* 3 - never loses credits for changing teams
* 4 - can see team chat as a spectator
* 5 - can switch teams any time, regardless of balance
* 6 - does not need to specify a reason for a kick/ban
* 7 - can call a vote at any time (regardless of a vote being disabled or voting limitations)
* 8 - does not need to specify a duration for a ban
* 9 - can run commands from team chat
* 0 - inactivity rules do not apply to them
* ! - admin commands cannot be used on them
* @ - does not show up as an admin in !listplayers
* ? - sees and can use adminchat
* R - !register Registers your name to protect it from being used by others or updates your admin name to your current name.
* h - !specme moves you to the spectators
* l - !L1 Sets a level 0 to level 1
* w - !warn Warn a player to cease or face admin intervention
g_lockTeamsAtStart: Used by !restart lock options. Don't mess with it yourself. I don't even think you can anyway
g_clientUpgradeNotice: Default 1. 1 to enable, 0 to disable the notice
g_teamImbalanceWarnings: Default 30 (every 30 seconds)
g_adminSayFilter: Default 0 (off)
g_myStats: Enables /mystats. Default 1 (on)
g_publicSayadmins: Lets non-admins use say_admins to message active admins. Default 1 (on)
g_devmapKillerHP: Default 0 (off)
g_newbieNumbering: Default 0 (off)
g_newbieNamePrefix: Default "Newbie#"
g_suddenDeath: Used by SD votes. May break things if you modify via rcon manually
g_suddenDeathMode: Default 1 (off / default 1.1 behavior)
g_friendlyFireMovementAttacks: Default 1 for compatability, Recommended 0 (turns off pounce/trample damage)
g_retribution: Default 0 (off)
g_suddenDeathVotePercent: Default 75. (3/4ths must vote yes to pass) Set to 0 to disable SD votes entirely.
g_mapVotesPercent: Default 50.
g_allowShare: Default 0. Also controls /donate. Please leave this off, it ruins the game Sad
g_minLevelToJoinTeam: Default 0
g_minLevelToSpecMM1: Default 0
g_dretchPunt: Default 1
g_maxGameClients: Default 0 (no limit)
g_allowActions: Default 1
g_actionPrefix: Default "***"
g_antiSpawnBlock: Default 0 (disabled). Set to 150 to turn on.
g_deconDead: Default 0 (disallow deconning dead structures)
!slap [player name|slot] (damage)
* cactusfrog /me_team
/share
/donate
/say_area
/mystats
Some Commands which are assumed because the Dev team had to fix certain aspects to them. There is no absolute reference to their inclusion in 1.2.
* # - permanent designated builder
* d - !allowbuild restore a players ability to build
* g - !designate give the player designated builder privileges
* g - !undesignate revoke designated builder privileges
g_designateVotes: Default 0. 1 to enable /teamvote designate and /teamvote undesignate
/protect /resign (designated builder stuff)
Now correct me when I'm wrong because I'm sure that there's a few of these things which ARE in 1.2 due to the fact that it would be silly not to have them. But I've done a check on some of the more popular items all the way back to Sept 2005 using a keyword search in firefox. I recommend everyone who's a server operator to look through this list and recommend to the Dev team which ones of these that you couldn't do without. Kindly ask them to consider putting it in so that you won't have to wait for months while new custom qvm's are patched and released. By the way I think it's silly to HAVE to resort to 'fixing' a qvm the minute it gets out, but that's just me I guess.
-
Idea: No central auth source, but many independent ones. The server operator can "subscribe" to one by means of some cvar. MySQL, anyone?
There'd have to be a hashing system in order to prevent plaintext transmission. This is the client's responsibility.
1. Player types /login <password>.
2. Client hashes password, sends it to server.
3. Server requests a password hash from the auth source.
4. Auth source does a lookup, sends the hash back.
5. Server compares the client's and source's hashes; if they match, player gets whatever rights/priveleges the login process grants.
Just some speculation. Feel free to pick holes in it.
Obviously still easy to circumvent, but suppose it weren't so much to keep unregistered people from playing Tremulous as to grant rights to those who do register. Circumventing it would then just be robbing yourself of functionality ("shooting yourself in the foot", I believe it's called?).
-
@Syntac
Your idea smells of OpenID (http://en.wikipedia.org/wiki/OpenID)
-
roughly half your list is already in svn (roughly half of that was there long before lakitu7 started coding for trem). majority of the rest of it isn't that useful, and the few things that are useful are slowly being added.
-
@Bissig: Yeah, sorta like that, but Tremulous-oriented.
-
roughly half your list is already in svn (roughly half of that was there long before lakitu7 started coding for trem). majority of the rest of it isn't that useful, and the few things that are useful are slowly being added.
You're refering to my list? I expect some of them to be in the svn, like I've said I checked the more popular ones. I spent about 1 hour before I went to work going through the list from the Lakitu's qvm. Please feel free (from what you know already) to list out the items that you know are in the svn. I'll edit my post to reflect your comments.
@Syntac I expect that it wouldn't matter which Auth system we use it could only be as secure as say a php Auth system.
@Bissig, Even though OpenID might be a little excessive what's wrong with it?
-
The issue with your system is that the server owner knows the client's hash, and he can therefore use that hash on any other servers that the client has admin on.
-
@Syntac I expect that it wouldn't matter which Auth system we use it could only be as secure as say a php Auth system.
sense: you make little
-
The issue with your system is that the server owner knows the client's hash, and he can therefore use that hash on any other servers that the client has admin on.
Which is why I suggest that there's a central auth server
@archangel: php is an opensource system and it's authentication routines are used extensively in forum and other web applications. People have been raising concerns about security, and I just wish to point out that web pages often have authentication. What makes tremulous any different? What's so special about tremulous that it requires more security than the www.tremulous.net forums for example?
-
As far as I know there is no PHP forum masterserver which manages the logins of all PHP forums.
-
FisherP: Tremulous not need more security than forum. If someone will steel you acc, what happen? You lose all money from your bank? God no, you lose a nick! Really big tragedy.
When someone posted in this forum some ideas, then many replyes are "why is that idea bad" and "why don't do it" instead of "how to do it". I don't saw in this thread atleast one good argument why not central auth system. Player loss - no. Security - no. Too much work - no.
I see only good things. Your nick will be your on all servers - if only this will be benefit, I think it is a good idea.
-
As far as I know there is no PHP forum masterserver which manages the logins of all PHP forums.
You are not thinking in parallels gimhael. The masterserver for a php forum such as this is the forum server. All usernames and authentication is done by the server that this forum is served from. The parallel of that in the tremulous game is the masterserver itself.
@rotacak: I would have to agree with you, it's not as if you're gunna lose the farm. However this idea won't get included without the buy-in of the development team. There's also another benefit rotacak, If you have problems with your computer and you lose your GUID it's easily restored if you know your username/password. There's no need to create a backup of it.
For the record I've never been fond of the whole GUID on the client idea, it's a good start, but it's a start and shouldn't ever be left at that. Please develop the GUID idea a bit more it should be used to protect the player, AND the server operator.
-
Well, the problem with GUID-based authentication is that it's a client-side system. That makes it inherently insecure, although it really isn't intended for security as such; it's more like a token of sorts. (Although the ban system does use GUIDs, and that is insecure. Yes, I know it can also use IP addresses, but many people have dynamic ones.)
However, considering Tremulous's playerbase — mostly* kids/teenagers who wouldn't know a qkey file if one hit them in the head — it's good enough for now.
* Emphasis on "mostly". I'm not calling any of you guys kids/teenagers.
-
Here is a patch I made a long time ago that replaces GUIDs with a public key:
http://patches.mercenariesguild.net/index.php?do=details&task_id=133
Note: Do not use this code, it is outdated and has a security hole. It's just to give you an idea.