Tremulous Forum
General => General Discussion => Topic started by: Confess on December 24, 2007, 06:37:23 am
-
http://www.tremcentral.com
Hello!
With the help of many people, as of today Tremcentral has been fully launched. Tremcentral is a map hosting service for Tremulous. It has elite new technology which enables you to automatically download the maps to your server when one is uploaded and approved by a mod. Alongside with that, it has a WWW Base Download available for servers that wish to use it. You do not need to use our www base download in order to use our FTP Subscription, however.
So, how does it work?
Well its simple. When someone uploads a map to Tremcentral.com, the map is then sent to an isolated folder for mods to approve. The mods will then test the map at all angles for any issues that may be wrong with it. After it has gone through testing, the map will then be approved and sent to the base folder which then sends it to the subscribed servers. It is sent by FTP.
How do I subscribe?
Go to http://tremcentral.com/subscribe.php and enter all of your FTP information. Directly after entering the information, you will be subscribed, and all new maps will be added to your folder.
What happens after I subscribe?
After you subscribe, the server will then send you all of the maps that it has (it may take up to an hour for this to happen). This is a JAVA application which uploads directly to your FTP folder. This is also good if you want to download all of the maps, but dont want to click on all the downloads! Soon, we will have it so if you do not want it to download certain maps, you can state so.
How do I unsubscribe?
Simply enter your host and password on the subscribe.php, and then click remove me and you will be removed.
Thats sweet! But, where is the server hosted?
The server is hosted on a dedicated server in the Netriplex.com Asheville, NC datacenter. It has several GiGe connections from companies such as ATT, Timewerner, Qwest, Level 3, Global Crossing, and Sprint!
Intel Pentium D 3.0ghz
1gb Ram
250GB hd
Windows 2003 Web Edition
100mbit connection
Wow! How do you pay for this financially?
If you are willing, and if you have money (although not required to use our services, infact we highly request you use them even if you cant) we ask that you possibly donate to cover the cost. Simply click on the Paypal Donate button and go from there!
Ok! How do I setup the WWW Base?
Thats easy! If you have the latest tremded and the latest qvms, you should be able to simply edit the server.cfg with this info:
set cl_allowDownload 1
set cl_wwwDownload 1
set sv_wwwBaseURL "http://tremcentral.com"
set fs_game "base"
set sv_dlURL "http://tremcentral.com"
Who helped make this site!?
The people that made this site are Seeeker, Mom, Myself, and several people gave advice as to how the site should be designed.
Who are the mods?
The mods are currently:
Seeeker (Staff Member of SST)
Oblivion1337 (Owner of Dretch*Tsunami)
Rezyn
Paradox (Head Admin of SST)
----------------
So, please, help us spread the word!
-
Nice & Well done!
-
Very Cool, I'll check it out.
-
So as I understand it, you're offering two things:
- MG-style free map hosting
- A service whereby your server will regularly upload all of the maps you have (!) to the subscriber's FTP folder
Nifty!
Folks please remember to create a special FTP user that only has access to your Tremulous maps folder, and do NOT give these guys your full administrator FTP account, although I don't think they'd mind too much. :police:
-
Yay!! I can advert now.
Thanks Confess for finally getting it up and running, by the way the site looks good now.
Told ya there was something missing and it was not me :)
-
So this means i let you controlling my server, letting you fucking it up if you wish
for me the answer(if i had a server) is NO
-
So this means i let you controlling my server, letting you fucking it up if you wish
for me the answer(if i had a server) is NO
You don't understand it entirely. If you would have read Risujin's post you would have known that by simply creating an account which only has access to the map directory almost all trouble is avoided.
-
Seems kind of nifty, too bad it's slow as molasses.
Khalsa
-
Please ignore Oblivions comment, as there appears to be nothing wrong with the wwwbase. However, if anyone else is having trouble, please contact me so we can resolve the issue.
Also, yes, you should limit your FTP account. It would be unwise to not do so. Even my FTP accounts are limited to an extreme so that they can only upload maps and not edit anything else. However, your FTP information will never be used for anything other then uploading maps, but there is always a chance of a security leak(which could happen to any site like this) which is why it is wise to take all the precautions at limiting the FTP account.
Thanks
-
Please do not set your server to start downloading from Tremcentral.com until this error is fixed.
http://www.gamez-host.com/images/HTTP-Error.jpg
We are working on it as we speak. We will keep you informed.
normly that just means the wwwdl just anit got the map u are tryin to dl.
-
Good job guys!
-
So this means i let you controlling my server, letting you fucking it up if you wish
for me the answer(if i had a server) is NO
You don't understand it entirely. If you would have read Risujin's post you would have known that by simply creating an account which only has access to the map directory almost all trouble is avoided.
What restricts them to put crap in the said PK3s?
-
All PK3s are scanned for viruses, manually gone over by a human being, and tested.
If it has stuff in it, it doesn't get through.
-
manually gone over by a human being
n00b h4xx0rs say "Oh noes! We is pwnt!!"
-
n00b h4xx0rs say "Oh noes! We is pwnt!!"
Hey, it worked for H.B.org's movie database
-
to all the nay-sayers: if you don't like it, don't use it. kthxbai
-
Oh, if your worried about security, the database hashes all passwords.
-
It has elite new technology which enables you to automatically download the maps to your server
Easy there, old chap.
-
Oh, if your worried about security, the database hashes all passwords.
you need plaintext passwords at some point to login to another server, so either they have to be stored as plaintext, or encrypted with some algorithm that offers no security because it has to be easily reversed. the only instance where hashes offer any security is when yours is the server being logged into.
-
I likey, I likey! This takes away the need for a tremfiles.filefront.com, good job. How about (and I know this will get a lot of shudders and gasps) getting people to review all the maps? Almost like they do on the FileFront network sites.
-
Oh, if your worried about security, the database hashes all passwords.
you need plaintext passwords at some point to login to another server, so either they have to be stored as plaintext, or encrypted with some algorithm that offers no security because it has to be easily reversed. the only instance where hashes offer any security is when yours is the server being logged into.
A) Receive new user account, create MD5 sum of password value. Do not store password, store user name and MD5 hash.
B) User logs in. Take password, create MD5 sum, and compare with stored MD5 for that account's password. If they match, login success. If not, deny request. Do not store password.
Ta-da!
-
Oh, if your worried about security, the database hashes all passwords.
you need plaintext passwords at some point to login to another server, so either they have to be stored as plaintext, or encrypted with some algorithm that offers no security because it has to be easily reversed. the only instance where hashes offer any security is when yours is the server being logged into.
A) Receive new user account, create MD5 sum of password value. Do not store password, store user name and MD5 hash.
B) User logs in. Take password, create MD5 sum, and compare with stored MD5 for that account's password. If they match, login success. If not, deny request. Do not store password.
Ta-da!
How do I subscribe?
Go to http://tremcentral.com/subscribe.php and enter all of your FTP information. Directly after entering the information, you will be subscribed, and all new maps will be added to your folder.
Login to TremCentral = can be secure, password can be MD5'd.
TremCentral logs into your FTP = TremCentral has your password.
They can't login to your FTP, if they don't store the password somewhere. Ta-duh.
-
Which is why they said to use all necessary precautions. Such as creating a dedicated FTP folder for trem map files, with its own password. XD Ta-da!
-
With most FTP accounts, you can limit a FTP account to login only from a certain IP. This would decrease any likely hood of something happening. TC's ip is 208.83.140.6.
-
alternatively, write a 3 line shell script that does the same thing, without giving ftp access to anyone.
-
Which is why they said to use all necessary precautions. Such as creating a dedicated FTP folder for trem map files, with its own password. XD Ta-da!
You're missing my point. Paradox says the system hashes passwords for security. Kev points out that they have to be able to recover the password to use it to login to your FTP account, therefore by design the system has to have passwords stored in some kind of cleartext (or recoverable cypher). You then describe a system, using MD5, which is sufficient to keep the system from saving a password as it stores the hash and compares the hashed input to the stored hash; which is impossible for them to do with the password used for your FTP.
Yes, you can create a separate FTP account for them to upload the files, but the point that Kevlarman was making, which you appeared to defeat and I was pointing out that you did not, is that no matter what is done they will have the password to that account, and should the system be compromised then someone else can have that password too. As Kev said, hashing passwords is fine for logging into *them*, but for them logging into your FTP it means nothing. Please do not attempt to debate me about security systems and their usage :P
@OP: In the vein of security, if you want to make it tighter you should offer some way of using 'sftp' with public key authentication. Allow the site owner to upload a private key to you which would be used to login to their FTP. It could then be limited by the subscriber to where that key can login, and even where it can login from. That would not stop someone from using the same private key they use to login to their account, but if they're that stupid they're asking for a compromise anyway (and are likely the same type to use the same password for everything from these forums to their banking information)... even better yet would be to run rsyncd and allow clients to pull from you instead of you pushing to them, though that may end the need for a "subscription" service.
-
At MG we say we just host files, no guarantee as to what's in them, if you don't want it, don't DL it. You however, push files out to people and say you check them, so, that like offering a guarantee right? I hope your lawyer put a lot of effort into the TOS. (BTW, the current is invalid, and that style of 'we own you for reading this' has been laughed out of court before).
Anyway, what happens when someone uploads a pk3 with a vm in it? Or a autoexec.cfg? Or anything else like that?
Anyway, what's easier for a server op, cron job to rsync / wget / whatever, or make a new FTP account, (who even has ftpd installed any more??), and then a cron job to move files from that folder to trem via all the rules that rsync / wget would have made so easy?
And anyway, MG is faster for me.
-
So, how does it work?
Well its simple. When someone uploads a map to Tremcentral.com, the map is then sent to an isolated folder for mods to approve. The mods will then test the map at all angles for any issues that may be wrong with it. After it has gone through testing, the map will then be approved and sent to the base folder which then sends it to the subscribed servers. It is sent by FTP.
The content quality is thus assured.
Now, the only problem is the passwords for uploading to everyone's FTP. If the TC.com security is high enough, then it shouldn't be a problem, should it? You'd need either a) physical access to the TC.com computer and the password, or b) a security vulnerability in the TC.com computer setup and the master password.
Am I correct in those premises?
-
And its SST, so I'm going to assume its windows.
But anyway, you also have to trust the people running it, who as of right now, have done nothing to prove there trust worthiness, which ranks them at zero on the trust scale, which is well below the level needed for me to give them anything.
Also, you have to trust they know about security. There using FTP, which puts them in a negative there, but maybe they want to share details of there security systems?
But anyway, the SST folks are trying to do something nice for us, so I don't want to bash too hard.
-
Actually, David, I have done a lot for the community and gained a lot of trust and respect. And although I do not want to turn this into a bashing thread, MG is the reason why TC was started. As all MG does is attempt at bashing SST and other servers/clans, which appears to be their main goal, and I will not support a group of people that acts like this. I do, however, greatly appreciate the months of you letting us use your MG wwwbase. Perhaps I have not gained your trust, and thats fine, but if anyone has gone through my track record, you'd realize that in the event of any crisis I am always on top of things.
However, our security is not tip top. Just as any place could, we could have leaks. And although we are working to make sure any unknown leaks are found and patched, its still possible that others will find them faster. If you're interested in helping beef up the security, please let me know. I'd love the help.
This is not about SST though, as SST and TC are completely seperate. TC is only supported financially by myself and donaters from SST.
TC has bigs plans for the future. Rest assured, this is only the first step into fully launching TC. Our plan is to become exactly the name "TremCentral", whereas we will be a referance to tremulous for new players, that will easily plug them into the game. We will also hopefully be able to properly allow for other mirrors to add themselves for downloads/maps.
Really quickly - Anyone that can code in Mysql or C and is interested in a huge project that will greatly benefit and centralize Tremulous, please PM me. We could greatly use your help.
-
The problem is, if you become the hub for new players, you will teach them to play Tremulous as it is played on SST, which is really not Tremulous as it was designed/envisioned or how it is played on other servers. It's all well and good if you teach people to play Tremulous, but being as this is a project associated with SST, the logical assumption is that you will encourage them to play your version of the game under the guise of teaching them to play actual Tremulous and that's really not such a good thing.
-
Well, I could easily comment and fight with you about how there are several different themes/etc, but as I said..SST is completely seperate, however the SST bashing is pissing me off and my patience can only go so far, so I am requesting that it cease and desist.
-
please retexture your site with non-atcs textures :D
its not a bad idea i think. would be nice to see more information about the maps hosted like levelshot readme etc, id do that (php/mysql) if it would be a great help :P
-
Actually, David, I have done a lot for the community and gained a lot of trust and respect.
Were not talking about giving admin on a server or mod on a forum, were talking about access to a server, where there are legal and financial ramifications. If you look in the TOS from any data centre, it says your responsible for anything and everything. When you get hacked and they find out that A) your were running ftpd, and B) you gave out passwords, they wont be very sympathetic to you. Also, the trust isn't just you, its you and all your team. And were not just trusting you to not be evil, were trusting your skills at security. (which, AFAIK, are unproven.)
Your trying to help the trem community, that's good, and gets you a +1 in my book. I don't disaprove of what your doing or why your doing it, what I do disagree with is how. rsync / wgetable lists are just as good, and add a thing to ping places if you want to keep the push aspect.
I would love it if all the map repos could work together, aside from anything else it would make it easier for us from the stand point of finding / checking maps.
Gareth:
The map details thing is half done (along with everything else I started and gave up on...), I'll dig it out and see if I can finish it some time.
-
Oh yes, I failed to mention. We added a feature in which if you do not want a map uploaded to your server, simply create a new file called the map name.block, IE if I dont want map-atcs1.1.0.pk3 on my FTP, i create a file called map-atcs1.1.0.block
-
And although I do not want to turn this into a bashing thread, MG is the reason why TC was started. As all MG does is attempt at bashing SST and other servers/clans, which appears to be their main goal, and I will not support a group of people that acts like this.
How exactly can you expect a statement like this to not result in a flamewar or the derailment of your thread?
People still don't get MG? The years spent saying (almost comically) that we're a guild, not a clan has not sunk in? People still perceive MG as this monolithic existence? I am one of the individuals that has "bashed" SST, I am also in MG. They are unrelated. Is this difficult to understand?
What you are doing is very nice, and that people contribute to the greater good is always to be appreciated. But can you understand why people would have concerns (justifiably so, I think) that they are expected to give what amounts to user level access to an outside organization? Lots of the MG members are coders and admins, so we look at things from those perspectives.
Wow, this really bothers me. "all MG does is attempt at bashing SST and other servers/clans, which appears to be their main goal"
http://www.mercenariesguild.net/
http://www.puretremulous.com/
http://www.mercenariesguild.net/patches/
http://www.mercenariesguild.net/component/option,com_openwiki/Itemid,12/id,documentation_project/lang,en/
http://www.mercenariesguild.net/component/option,com_wrapper/Itemid,35/lang,en/
At least 4 servers are hosted by MG right now, 2 of which regularly have players and one of which has regular games when asked for. Some of the patches applied to YOUR source comes from MG members. I regularly see MG docs linked to.
Frankly, I haven't done a whole lot lately, but I know a lot of members who have, and regularly do. I would appreciate it if you didn't condense all of their good work down to a main goal of bashing others.
edit: Might I add that Adv_Dretch, one of the bots in your irc channel was created by David, a longstanding MG member.
-
*removed post*
-
Great stuff there! As a few people have said before, it would be great to be able to rate maps et perhaps that it would be possible to display the levelshot within the pk3, as well as the complete name and other useful things.
To those complaining about security with the FTP, I have to say, there is NOTHING on the website that says "We will not use any data submitted on this website for any malicious purposes", which allows the TremCentral administrators and anyone who have any access to any information to use this information in whatever way they want.
Also, from a legal perspective, all the things said outside the Terms of Services (ToS) and the inexistent Privacy Policy (PP), whether it is on TremCentral, here on any other website is not legally bindable. This means that you can say anything on your website and have no PP, which means that by law, the owners can do anything with the information provided.
So, to all the administrators of TremCentral, you will have to create proper Terms of Services et a proper Privacy Policy, for your own security. If anything happens, then it is possible to sue you, which might be somewhat inconvenient. For your ToS and PP, I recommend you to read some good examples (Adobe ToS (http://www.adobe.com/misc/copyright.html), Adobe PP (http://www.adobe.com/misc/privacy.html), Microsoft Tos (http://www.microsoft.com/info/cpyright.mspx), Microsoft PP (http://privacy.microsoft.com/en-us/fullnotice.aspx)), and then write your own. If you're too lazy, copy Adobe's/Microsoft's ToS and PP and then adapt it to your website, removing irrelevant information, and adding any information required. (and READ through those four examples, so that you get an idea of what a legal document sounds like, and what is necessary)
btw, I do realise that Terms of Services and Privacy Policies are extremely boring, and they go forever, repeating stuff over and over, but put it in perspective, you spent hours and money in creating this website and making it available to all, this could all be thrown out the window if you don't make a good ToS and PP.
Otherwise, great idea, just need to have a legal protection now.
-
which means that by law, the owners can do anything with the information provided.
You might find that there are some automatic (http://en.wikipedia.org/wiki/Data_Protection_Act) rights (http://www.opsi.gov.uk/si/si2003/20032426.htm) which need to be specifically waivered.
-
Ok. what do you want added to the HTTP downloads for servers sticky?
I've modified it and shrunk the MG repo info considerably, and added some tremcentral.com stuff, namely the server.cfg additions. Now that I think of it, I'll add a link to your faq. What info do you want in the sticky?
Incidently, sorry this has taken me this long, it smacks of work so I've put it off ;)
One last thing, your additions to server.cfg include
set fs_game "base"
which will break mods, and seems to rule them out of using the service. I would like to note that in the sticky. Not a big deal for all, what, 2 mod servers out there :> , still, it should be noted to prevent breakage :)
edit: I experimented with html anchors/links but smf doesn't seem to like html, and I haven't actually investigated further yet. Still working on it though.