Server Side Administration for 1.2

[rotacak]

Making people wait 30 minutes before they can play is a great way to drive people away.

You will do that only once.

I created account for online game Fantasy Tenis. Email was delivered after 4 hours later. It's common to make account somewhere and wait for activating email. That can take some time. So you will not play immediately first day. But how we can see around MMORPG games, nobody care and nobody running away.

[FisherP]

My last question, who's paying for all of this?  You'd need strong keys so admins/master server operator couldn't take over accounts, centralized authentication, etc.  How fucking big of a server/pipe do you expect someone else to donate so that you don't have to admin your own server?  Sure, looking at keys is easy.  How about looking at 1000 of them?  Strong keys would be larger, more bandwidth.  This game isn't exactly kept alive with donations to the site you know.

OK, let's try and estimate how much of a burden this will be. At it's hey day trem attracted about 7,000 players in a day (http://tremulous.net/forum/index.php?topic=6928.msg104417#msg104417). let's assume that Trem1.2 will be twice as popular so we might expect 14,000. I don't know a whole lot of what's needed but let's assume that you only need 1kbyte to be transacted which includes all the cryptography and player details (I'll say again this is my biggest, most doubtful assumption). In a days traffic the master server would transact about 14,000/1024 = 13.6Mbyte a day, or 410Mbytes a 30 day month.

I don't know one way or the other if this is onerous or not. Only the owner of the Master Server can answer this I feel. It would be too much for me, but then I'm on a domestic server with limits on how much i download

[Syntac]

@OP: Consider yourself lucky — there was a time when I would have flamed the shit out of screaming pundits like you.

I notice that you've said a number of variations on "another clueless, half-brained reply". Do you really think that's any way to convince people of your idea's validity? Especially since, compared to the rest of us, you are relatively new to this forum.

All I'm saying is, tread carefully. It's very easy to make enemies here.

[Bissig]

1. You are talking about a complicated solution which even large organizations fail to implement in 3-5 years for a game with about 200 servers and about 300 players up to 600 players max online at the same time. I think the already sparse developing resources can be put to better use
2. No server with a medium to large player base uses a vanilla qvm
3. Serial griefers want one thing: Recognition. They usually use the same name, a similar name or a name out of a group of names. I have administered alot and I know many serial griefers. Other occassional griefers can be stopped by auto-kick automatism with auto-reverting of structures

Your idea is so out of proportion that the only comparison that comes to mind is: Guarding an ant farm with an Apache helicopter.

[FisherP]

@OP: Consider yourself lucky — there was a time when I would have flamed the shit out of screaming pundits like you.

I notice that you've said a number of variations on "another clueless, half-brained reply". Do you really think that's any way to convince people of your idea's validity? Especially since, compared to the rest of us, you are relatively new to this forum.

All I'm saying is, tread carefully. It's very easy to make enemies here.

Who is screaming? I'm trying to provide feedback, and I've had very little intelligent discourse regarding this subject. I am just trying to point that out to the readers of this forum. As for flaming the shit out of me, I'm afraid doing so would show me (and others) how brainless you could be. Though I do value the fact that you seem to have grown up.

It's next to impossible to make friends on this forum so making enemies is the norm.... I only claim a post to be clueless or half-brained when there's no facts, based on FUD, or the poster is only intrested in flaming.

Regarding validity of my claims make up your own mind.

Relatively new to this forum? If you care to look at my profile (simple click of the button), I've been a member here since August 08, 2006, 02:04:16 AM and you? I see that you have joined when? Ahhhh, August 29, 2008, 12:01:57. No, I've been a Tremulous player for a long time (two years longer than you it seems). I've been around. I just don't post up all the time.

@Bissig: Sorry, but all I hear from you is BLA BLA BLA, what it comes down to is I'm not sure that you are qualified to say whether or not this sort of system has failed on commercial games or that it's not worth implementing in Trem. In addition you haven't addressed my question about if you KNOW those commands you are using are in 1.2 or not. The rest of your post is irrelevant we've already discussed the deficient banning system that exists currently. My proposal is for an improvement if you don't want to discuss this rationally then don't post.

Edit:
If I am screaming it's because I'm frustrated that no-one seems able to tell me what admin commands are in 1.2. It seems that no-one knows. I feel that the dev team has a responsibility to the server operators (donators) to provide them with this list of possible changes to the admin tools. That changelog that khalsa nicely provides does not show enough of the details. Of course it might provide everything, which should be the cause of great concern to the server operators because many of the tools that they have now are not mentioned therefore do not exist in 1.2.

[KillerWhale]

Well, the admin commands we use now are not technically "1.1", per-say. They're actually community-made patches.

I'm sure most, if not all of these commands will be ported over for use very quickly.

The point that all of us have been trying to get across here is:
The current admin system works, and trying to do anything like you're saying would just create a lot more work to enforce.
Whether it be creation of, maintenance of, or anti-circumvention measures; it's not worth it, as we have the tools to do everything needed.

[FisherP]

Killer,

Thank you first of all for being honest and open with admitting that you do not know what's going to be in 1.2. Thanks also for your point of view. I do understand that this is how you feel. I would though if I were you petition the development team to inform the server operators (including yourself) of what tools are going to be put in. I have a suspicion that there's going to be a rude shock when 1.2 comes out. I hope not for yours and many others sake, but up till now I haven't seen anything to indicate otherwise.

Your opinion of the current admin system is not necessarily shared with other people (as I've tried to point out). I would ask you to respect that and not to flame other peoples point of view for the sake of it, especially when the concept hasn't been properly fleshed out.

[Amanieu]

The reason this kind of system works on commercial games is that once you get banned, you need to waste money to buy a new account. Since Tremulous is a free game, that doesn't work, even with your time restrictions and all that.

On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.

[FisherP]

The reason this kind of system works on commercial games is that once you get banned, you need to waste money to buy a new account. Since Tremulous is a free game, that doesn't work, even with your time restrictions and all that.

On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.

My friend there's two things I'd like to say.
1) I think any of these delays are incentive enough + it provides a better piece of mind that someone banned will not just pop back on in < 2 minutes
2) I +1 your TODO list, it sounds suspiciously like the scenario I had in mind... though I'd personally make logging in compulsory. This is a very good idea you had (seriously and without sarcasm).

[rotacak]

Amanieu: I was talking about free MMORPG games. I playing only these and registration cost 0 money.
Your TODO is good, but I fear that there will be halfsucces, because it will be optional.

[danmal]

This has been discussed ad nauseam.  There are threads for it, and there are discussions of it buried in other threads.

Some of the problems I've noticed:

Any centralized system means someone is at the center.  That person can potentially ban at will from all servers(depending), or quietly remove bans, or finagle accounts, change accounts, disable accounts, etc.  How about a server operator pisses off the master server operator and then has their account vanish?  Is there any recourse?  Now you need a whole jury type structure to handle such disputes.  Wait, I'll run it.  Crown me the king of tremulous! 

First off I'd like to say that yes this discussion has popped up a few times but usually they're all slightly different from each other and as such have their own faults. Hopefully we can iron out any possible faults in this version of the idea though 

I see what you're saying but couldn't someone modify the current master list server to prevent a server from showing up? Also I think the bans should remain on the game server. The master server would only provide identification details (these could include statistics, sign up name, clan, prior bans, etc) to the game server.

Different master servers for different versions?  Buh Bye tremulous.

Ehhh... not quite sure what you mean here.

All servers are donations, essentially.  If I run a server, why should I relinquish control of it to others from other servers (who will also be banning people)?  Why should you trust me to not ban your friends from my server?  (and ultimately from your server)  Why should I trust that some centralized system is fairly handing out accounts and cannot be abused?

You're right and I don't think the idea of shared banning across all servers could work properly. People could just create one time servers and trick players into entering it and then banning them.

You can't stop me from setting up new accounts.  Its open source software, you cannot run anything on my machine that I can't manipulate, much less manipulate the source code of, so thats out. 
You cannot set up a system with enough integrity that doesn't also abuse my right to privacy.  Want to see a bill to verify my address?  Noone would do that, suggesting it is silly .

It's mainly the inconvience factor. Currently it can take less then a minute (if you're good) to evade a ban. If you have to additionally sign up for another account and create a new email address then the time factor increases pretty rapidly. You'd have to remove some email hosts like mailinator and a few others which are similiar but I doubt you'd have to remove all free email addresses.

Restrict email addresses to something?  Think of any combination of letters you can imagine and multiply it by the number of root domains.  Now, make a list of which ones are allowed/disallowed.  Make an exception for gmail or yahoo mail?  Now its even more worthless but it still takes 47.8 hours to parse your domain list.

I'd only remove the popular mail hosts which are specifically designed to allow you to sign up to a site with no email address.

Ultimately, you can't make a system that doesn't centralize power away from the server operators in a way that is acceptable to the server operators.  The closest thing I've seen is a web of trust idea, where servers can choose to share a system (or not).  But telling all server operators that someone else will be deciding who can/cannot play on their server is just silly and would never work.  A web of trust at lease allows friendly server operators to share bans/admins/whatever, but wouldn't require it.

I think you're right here. I'm not sure how you could share your bans among friendly server operators without using the master server (unless the servers connect directly to each other...). However if there was an option to upload bans to the master server it may work. This would allow other servers to select that they would accept all bans from server 111.111.111.111:9999 for example. However such an idea could easily spin out of control in regards to complexity.

What it really comes down to is:  If banning me from one server doesn't ban me from all servers, and I can make a new account, what is all this work for?

It might be different in America but in Australia it's basically one server is full at one time. If you're banned from that server you don't have anywhere else to go. Again the main reason would be the convience factor. It's a lot more work to create a new email account and create a new account then it is to ban evade currently.

My last question, who's paying for all of this?  You'd need strong keys so admins/master server operator couldn't take over accounts, centralized authentication, etc.  How fucking big of a server/pipe do you expect someone else to donate so that you don't have to admin your own server?  Sure, looking at keys is easy.  How about looking at 1000 of them?  Strong keys would be larger, more bandwidth.  This game isn't exactly kept alive with donations to the site you know.

First off I'll admit I don't know much about cryptography. However why does it have to be anymore complicated then the current database for the forums. The passwords of the users are encrypted and they can't be decrypted by the site owners. Remember I'm not advocating that the password be sent to the game server just a temporary ID.

Alright, so this is pretty disjointed and not very eloquent.  I jump around varying concepts of what such a master server would be without actually pointing out that every argument may be the result of a different concept of such a server.  I may search for more later, when I'm awake and have more time.   Just think of some of these as questions to ask yourself no matter what kind of master server you envision.

The main problem with such a master server idea is not technical ones. It is instead developer effort. It's a fairly large task and if nobody wants to code it then it won't get created. However this doesn't stop us from discussing the idea in case by chance a developer drops from the sky and notices this thread on his way down

On my TODO list for Tremfusion I am planning on adding individual player tracking to the master server, but it is completely optional. You will create an account on the website or ingame (haven't decided yet), and it will give you a private key that will allow you to authenticate to servers (kinda a replacement for GUIDs). Also I will add clan management directly into the game, so you can manage your clans on the website, and only the clan leader can allow people into clans, and the clan tag is protected from misuse.

Sounds like a good idea (similiar to what is being advocated in the thread as well). How do you plan on protecting the clan tag though? Would the server kick/rename players who are not in the 'database' of allowed clan members? If so then how do you deal with people who do not use the private key? Would they be banned from wearing the tag even though they are actually in the clan?

[Syntac]

Relatively new to this forum? If you care to look at my profile (simple click of the button), I've been a member here since August 08, 2006, 02:04:16 AM and you? I see that you have joined when? Ahhhh, August 29, 2008, 12:01:57. No, I've been a Tremulous player for a long time (two years longer than you it seems). I've been around. I just don't post up all the time.

Yes, I noticed. Don't assume I'd make such claims without doing some research first.

By "new" I mean "not having participated as much". And how are we to know you've been active all that time? Who knows, you could've been in a two-year coma without us knowing.

Anyway.

Let's have a group hug?

[another thing] How is one's forum join date any indication of how long one has played Tremulous? I didn't even realize there was one until two years after I'd got hooked.

[rotacak]

The main problem with such a master server idea is not technical ones. It is instead developer effort. It's a fairly large task and if nobody wants to code it then it won't get created. However this doesn't stop us from discussing the idea in case by chance a developer drops from the sky and notices this thread on his way down

I don't see any large task. It's basically very simple. Login+pass -> master server -> sending ok -> game server -> allow join. It's only basic autentization and small changes in server qvm.

[Amanieu]

It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.

[FisherP]

Yes, I noticed. Don't assume I'd make such claims without doing some research first.

By "new" I mean "not having participated as much". And how are we to know you've been active all that time? Who knows, you could've been in a two-year coma without us knowing.

Anyway.

Let's have a group hug?

[another thing] How is one's forum join date any indication of how long one has played Tremulous? I didn't even realize there was one until two years after I'd got hooked.

Ahhh, I see your meaning, new=non-participant    Regarding this, the definition of assume is to make an ass out of u and me, it doesn't do any good to make them.

I agree with you about the metaphorical group-hug. It's a shame that it had to come after flames and a bit of aggravation.  A realization that we are all intelligent  and an attitude of "Let's all discuss this rationally". I understand that most people have good intentions, but it does no-one any good to try and flame others ideas. If you want to tell someone their idea is rubbish, point them to a better way constructively. (And I don't believe that throwing more administrators at this issue is a better way)

And for the record, I'm never one to be satisfied with the status-quo. I'm a dreamer or a visionary. I hold a mirror up to other's contentment and challenge them to think better. I strive for the future. If you don't want to go there, that's your prerogative.

I maintain through all of this that a) the current system can be improved , and b) no-one seems to know what admin improvements have been made to Trem 1.2

It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.

This is good stuff, do you mind elaborating a bit... to 'educate the masses' I am curious.

[rotacak]

It's actually a lot bigger, since you have to create the account creation system, link that with the master server, change the master server protocol, and break lots of stuff.

Account creation system = easy.
Link with master server - master server need to look into database, compare login/pass and send info to game server. Its like authoring system in this forum or anywhere else.
It will break lots of stuff - yes. Tremulous 2.0 will appear

[gimhael]

I could easily set up a server that logs all the logins and passwords it sends to the master server and hijack every player's account that was ever on my server. 
Maybe security isn't that easy, is it ?

[rotacak]

I could easily set up a server that logs all the logins and passwords it sends to the master server and hijack every player's account that was ever on my server. 
Maybe security isn't that easy, is it ?

Really? Do same thing with logins and passwords in this forum then.

[gimhael]

You surely don't use the same password on a public forum and your 'real' accounts ? 

Ok, back on topic. A secure authentication system is not easy to implement if you have control of neither the clients nor the servers. IMHO the best would be a ticket system ala Kerberos, i.e. the client logs in to an authorization server, the authorization server grants the client a signed "ticket" which the client passes on to the game server. The game server verifies that the ticket comes from a trusted auth server and allows the login.

This way there's no trust needed between the client and the game server, both only have to trust the auth server. (Btw. the client doesn't need to transfer the passwd in cleartext to the auth server, there are ways to check the password without actually giving it away to the auth server).

This wouldn't even require one centralized auth server, there could be several alternative auth servers to choose from.

[rotacak]

This way there's no trust needed between the client and the game server, both only have to trust the auth server.

But I saying same thing. There is master server (and only one). That server will collect all accounts. He will send to gameserver only "ok, player can connect" or "no, player cannot connect".

[FisherP]

@gimhael, Good stuff. I was thinking of sending the auth stuff straight to the master server, and bypassing the game server pretty much in order to get a ticket. The ticket mind you would be pretty much like a GUID, where the master hashes the password, email address and a unique number/key known only to the master. This would be, like I said pretty much the same for each player but unique for each game server. I think this might be a little confusing but i don't have time to explain more. The reason it's a fair constant is so that the game server can use it in the ban table, or the valid player list (whichever is easiest). I guess in a way it's an extension of the GUID system but stored on the servers, not on the client machine. The main thing is, that a players ID on each game server is unique. In this way a ban on one game server is not a ban on another, and noone can steal the password, because it's hashed before it gets to the game server (even before it gets the the authentication server).

[Bissig]

1. This is a public forum. I post my opinions or rants as much as I like or the mods allow me to
2. From all your posts I only gather one information: You have never managed a server with a huge playerbase. You have no clue what admins need or don't need. So stop disregarding everything I say.

This is my last post in this thread because you start to severely aggravate me.

[FisherP]

1. This is a public forum. I post my opinions or rants as much as I like or the mods allow me to

Yes, your opinion is as valid as anyone elses, just don't expect to be treated seriously when you rant, or flame.

2. From all your posts I only gather one information: You have never managed a server with a huge playerbase. You have no clue what admins need or don't need. So stop disregarding everything I say.

Well, I've never been an admin on an American server, so if that's your definition of a server with a huge playerbase then no, I haven't. Regarding disregarding what you say, are you not doing the same to my ideas? I do hear what you are saying. Are you at least doing the same for what I am saying? I don't get that impression.

This is my last post in this thread because you start to severely aggravate me.

That's up to you

EDIT:
Are the commands to auto-revert or auto-kick going to be in the 1.2 release?

[KillerWhale]

Fisher, you are missing the point that nobody uses the default QVM.

Lakitu7's QVM, the one that 90% of servers use currently, is not the default 1.1 QVM.
In the same way, people will not stick with the vanilla 1.2 QVM.
People will update commands, make commands, port commands, and do whatever else they can to make the QVM Z0//.G-uB3r-4w350//.3-1337h4x. (Pardon my 1337)


We don't need a command to be included for it to be used.

[FisherP]

Killer, I appreciate that, most of the servers out there currently are not stock, and those that are, probably reside on some persons private computer who doesn't know any better. But does that excuse the Dev team from improving their own work? Or, for that matter include other people's work so that the 'custom' qvm's don't need to be so different? OR to tell the people who are contributing to the community what to expect (or not to expect). The more I think about it, the more I believe that most of the custom commands are not going to be included (but then Lak is now in the dev team, so who knows).

I do appreciate that there's a lot of people out there doing modification work to Tremulous. However, until all that porting happens a lot of server operators will have to wait. There's going to be a lot of disruption and being forewarned is forearmed.

Yes, I'll admit that there's a lot of admin commands out there, but until the custom 1.2 QVM's are out there's going to be a lot of "WTF, NO ROLLBACK" or whatever command you are used to. Additionally, maybe some of them are redundant, or ineffective therefore could be removed without much trouble.

I have to admit I haven't administrated a Lakitu7's server so I'm not all that familiar with his improvements. But I know that the dev team thought high enough of him to invite him into the dev team. Maybe he might enlighten us on how much of his work will be included in 1.2. I'd like to hear more from the dev team on this issue.

I re-iterate that I believe that amongst all this chatter about in-game improvements to 1.2 there should also be some notification from the Dev team about the server side.

[FisherP]

OK, I guess since there has been no more discussion, or any of the Dev team come to shed any light on what's going to be in, I would make an attempt (with my limited knowledge) at making a list of which of Lakita7 (and one Risujin's) commands I do not see in the Changelog that Khalsa provided. Remember this list is what's NOT going to be in 1.2

* 1 - cannot be vote kicked, vote muted
* 2 - cannot be censored or flood protected TODO
* 3 - never loses credits for changing teams
* 4 - can see team chat as a spectator
* 5 - can switch teams any time, regardless of balance
* 6 - does not need to specify a reason for a kick/ban
* 7 - can call a vote at any time (regardless of a vote being disabled or voting limitations)
* 8 - does not need to specify a duration for a ban
* 9 - can run commands from team chat
* 0 - inactivity rules do not apply to them
* ! - admin commands cannot be used on them
* @ - does not show up as an admin in !listplayers
* ? - sees and can use adminchat
* R - !register Registers your name to protect it from being used by others or updates your admin name to your current name.
* h - !specme moves you to the spectators
* l - !L1 Sets a level 0 to level 1
* w - !warn Warn a player to cease or face admin intervention
g_lockTeamsAtStart: Used by !restart lock options. Don't mess with it yourself. I don't even think you can anyway
g_clientUpgradeNotice: Default 1. 1 to enable, 0 to disable the notice
g_teamImbalanceWarnings: Default 30 (every 30 seconds)
g_adminSayFilter: Default 0 (off)
g_myStats: Enables /mystats. Default 1 (on)
g_publicSayadmins: Lets non-admins use say_admins to message active admins. Default 1 (on)
g_devmapKillerHP: Default 0 (off)
g_newbieNumbering: Default 0 (off)
g_newbieNamePrefix: Default "Newbie#"
g_suddenDeath: Used by SD votes. May break things if you modify via rcon manually
g_suddenDeathMode: Default 1 (off / default 1.1 behavior)
g_friendlyFireMovementAttacks: Default 1 for compatability, Recommended 0 (turns off pounce/trample damage)
g_retribution: Default 0 (off)
g_suddenDeathVotePercent: Default 75. (3/4ths must vote yes to pass) Set to 0 to disable SD votes entirely.
g_mapVotesPercent: Default 50.
g_allowShare: Default 0. Also controls /donate. Please leave this off, it ruins the game Sad
g_minLevelToJoinTeam: Default 0
g_minLevelToSpecMM1: Default 0
g_dretchPunt: Default 1
g_maxGameClients: Default 0 (no limit)
g_allowActions: Default 1
g_actionPrefix: Default "***"
g_antiSpawnBlock: Default 0 (disabled). Set to 150 to turn on.
g_deconDead: Default 0 (disallow deconning dead structures)
!slap [player name|slot] (damage)
* cactusfrog /me_team
/share
/donate
/say_area
/mystats


Some Commands which are assumed because the Dev team had to fix certain aspects to them. There is no absolute reference to their inclusion in 1.2.

* # - permanent designated builder
* d - !allowbuild restore a players ability to build
* g - !designate give the player designated builder privileges
* g - !undesignate revoke designated builder privileges
g_designateVotes: Default 0. 1 to enable /teamvote designate and /teamvote undesignate
/protect /resign (designated builder stuff)



Now correct me when I'm wrong because I'm sure that there's a few of these things which ARE in 1.2 due to the fact that it would be silly not to have them. But I've done a check on some of the more popular items all the way back to Sept 2005 using a keyword search in firefox. I recommend everyone who's a server operator to look through this list and recommend to the Dev team which ones of these that you couldn't do without. Kindly ask them to consider putting it in so that you won't have to wait for months while new custom qvm's are patched and released.  By the way I think it's silly to HAVE to resort to 'fixing' a qvm the minute it gets out, but that's just me I guess.

[Syntac]

Idea: No central auth source, but many independent ones. The server operator can "subscribe" to one by means of some cvar. MySQL, anyone?
There'd have to be a hashing system in order to prevent plaintext transmission. This is the client's responsibility.

1. Player types /login <password>.
2. Client hashes password, sends it to server.
3. Server requests a password hash from the auth source.
4. Auth source does a lookup, sends the hash back.
5. Server compares the client's and source's hashes; if they match, player gets whatever rights/priveleges the login process grants.

Just some speculation. Feel free to pick holes in it.

Obviously still easy to circumvent, but suppose it weren't so much to keep unregistered people from playing Tremulous as to grant rights to those who do register. Circumventing it would then just be robbing yourself of functionality ("shooting yourself in the foot", I believe it's called?).

[Bissig]

@Syntac

Your idea smells of OpenID

[kevlarman]

roughly half your list is already in svn (roughly half of that was there long before lakitu7 started coding for trem). majority of the rest of it isn't that useful, and the few things that are useful are slowly being added.

[Syntac]

@Bissig: Yeah, sorta like that, but Tremulous-oriented.