Shockeray

From what I have heard/read, actual force-fields are going to be stationary, but movable constructs like ships will probably have virtual shields where your ship can take a certain amount of fire before it actually starts taking damage based on some kind of shield generator in the ship. This would be easier than a bubble since ships can vary in size and shape so much.

Hey I can answer your question more directly now. Check out the recent dev diary
 
My ship is no longer under NDA apparently! ... It's at 2:28-2:29 about, and it's on the left hand side of the screen. You'll also see my name. So if this is what you mean by forcefield , it should answer the question.

From what I have heard/read, actual force-fields are going to be stationary, but movable constructs like ships will probably have virtual shields where your ship can take a certain amount of fire before it actually starts taking damage based on some kind of shield generator in the ship. This would be easier than a bubble since ships can vary in size and shape so much.

Hi everyone, 
Here are some answers to your questions!
 
@Kurock: "Will the actions taken by a Player Character (assuming he interacts with something related to the Organization) be added to an Audit Log (so we can know who has done what recently)?" Yes, this is a feature planned right from the beginning. It wouldn't make sense if players couldn't trace a minimum what has been done (especially in the case of infiltration/sabotage). We have to see however how fine grained this tracking can go, for obvious performance issues.   @Sunrider44: "Will the role tag system work with an item ownership tag system?" Not sure what was exactly the question here. Role & Tags are two different things. If the question was: “Will there be Tags attached to any item power, and/or resource power in-game?”  Then the answer is yes.   "Will it be possible to carry items or resources that your Player Character doesn't own and can't use?" It’s possible to carry assets that you don’t own. Whether you can use it will totally depend on how the RDMS in the Organization will be configured. In the case where the RDMS is configured in a way where resources harvested by the Player Character for the Organization can't be used, then you won't have the right to use it, but you can try to bypass this interdiction. Depending on which type of asset is forbidden to use, there might be two cases: 1) The involved asset is a Resource. If the Player Character isn't allowed to use it, it can override the interdiction if he wants to, by stealing it. If he does that, then it might affect his reputation (the reputation system is meant to balance abuses). 2) The involved asset is an Item or an Element. If the Player Character isn't allowed to use it, it can't use it and can't override the interdiction, as some electronic security (let's say fingerprint or retina check lore-wise?) won't let it me to do so. Later, (after the official release) this might be affected by hacking game mechanics, but only if this doesn't unbalance the game. We will discuss later such topic.   @Pang_Dread:   Regarding the worries being too complicate because of the micro-management, as said in the DevBlog, there will be generic templates for Functions and Tags. Besides, tags will be organized into automatic hierarchies that will allow you to immediately designate a set of powers or a set of people with one single tag, considerably reducing the micro management. For those who don't want to do micro-management, using this default configuration will be hopefully enough, as we don't want to force anyone to micro manage their organization if they don't want to.   @Kurock: "If an item is tagged as belonging to a specific org, let's use a hunk of ore as an example, will it be possible for someone outside the org, be able to smelt that ore?" Again, it depends how the RDMS of the Organization is configured. If it's forbidden by the organization, then it won’t be allowed by default, but it will be possible to override the interdiction. However, by doing so, it might generate diplomatic and reputation issues   "Can a hand-held weapon that belongs to an org be used by someone outside the org without any of that orgs rights?" Here we are in the second case mentioned above. Until the Hacking game mechanics implementation (and depending how we will implement it), there will be no way to use an item or element that the Player Character isn't allowed to.    @Lethys: "what happens when players die? Does the tags from those items get deleted?" Nope, the tags can only be removed upon decision of the Player Character(s) who have the right to decide such thing.   "Can players (not legates) delegate their rights?" Which rights are we talking about here? If you mean the right to vote, only Legates have the right to vote. If you were talking about the rights they have on some assets, we have in mind a mechanism that will allow a right to transfer a tag to certain people, depending on what tag those people have. Think about delegating the “tag distribution job” to some manager, who has the right to distribute certain tags but only to certain members of the organization.   "Can a true democracy exist when only legates can vote?" Yes, but for that you need to have all your members considered as Legates. It will be on option for some of the template organizations.   "Will tags be deleted when a player leaves the org? Or can they be set to inactive by a delegate?" By default, yes, this will be the simplest solution: it will prevent abuse such as leaving an Organization, then joining an hostile Organization to the previous one.   "Is there a limit to tags?" At the moment, no limit has been defined yet, but we might define one in the future.   "Can we set tags for a limited time? (Passage through your territory)" We have such a mechanism in mind, as well as conditioning the use of a tag to the payment of some fee (per usage or per month). We can’t say when this will be implemented however, it’s still in discussion.   @Kummobob: "Will you have the same tags set when you log in that you had when you logged off or will it always default to your basic single user tag?" Yes. Tags won't be removed on Player Character by logging off or by dying. However they will be removed on decision by Organization administrators having the hand on the Right and Duties Management System and the fact of leaving an Organization.   @Ripper: "Can a LUA script create and assign a tag to a player?" This is not planned for the moment..   @Mmtheboss: "Is this system going to be implemented on the Website Organizations and In-game ones or both or neither?" This is in-game mechanics we are describing here. For many reasons, we don't want to make them available outside the game. Some of the effects (such as Status in the Organization) might be displayed on the Community Portal in the long run, but this will be limited to display information, not to manage the Organization through the Community Portal.   @BenFargo: "Can an organization prohibit legates from delegating their votes?  Can it force everyone to vote for themselves?" At the moment we haven't thought to such context, but the ideas are interesting. We will come back on this topic later.   "Can an organization set the number or percentage of votes needed to approve a decision?  Can it say some decisions require a unanimous vote while others just need a simple majority?" Yes, all the voting threshold, quorum, etc will be fully customizable… via a vote!   "Can an organization assign a tag to a power and then not assign the tag to anyone?" Yes, it will be possible.   "Since organizations can be members of other organizations, can an organization assign tags to them like it can to player members?  Would that mean anyone representing the tagged organization would in effect have that tag?"  So far, yes, this will be possible to add Tags to an Organization. We are still working on the precise meaning of this assignment of tag. One direction we are exploring is the possibility to designate a representative in an org that would effectively inherit from the org tags.   Best Regards, Nyzaltar.

Welcome to the forums, Alex!

Shame on you @enderofworlds89 for recruiting in someone's introduction post.

My bad lol, fixed

nooo, why must you quote the whole thing! *shakes fist at sky as tears run down cheeks*

nooo, why must you quote the whole thing! *shakes fist at sky as tears run down cheeks*

Thanks for the link to the interview!
 
Since the interview is one hour long and there's no transcript, I've tried to make some notes. Mostly it's things we have already heard before. Note that English is not my first language and I may have misheard something.
J.C. really likes EVE Online. There will be multiple wipes before the release. Construct blueprints will be preserved. "Information is sacred". If your ship gets destroyed and you had no blueprint, you still get a snapshot. Everything is in first-person (for immersion). Third-person view may be introduced later. There will be mysteries in the world to discover. Everyone starts at the arkship. 20 km (minimum, may be expanded) safe-zone around the starship. No artificial content (bosses or pre-built challenges). Emergent gameplay, meaningful experiences. No quests. Organizations are expected to provide player-built quest/job boards. NPC life (to hunt, etc) is challenging to do right. Will start with something simple. Tech can handle 100 people on one ship. They can move and do things while the ship is moving. The goal is that one person can't run a 500 m long ship alone. 20 cannons = 20 people. Pre-alpha has one system with 12 planets. Will expand that later on with more systems and unlock technologies to build stargates. Exploration won't be easy ("a journey"). Planets are real (giant balls, not flat). 65 km in radius at the moment. Everything is editable. If you have several months, you can dig out a mountain and see that it's not there from space. The game client downloads parts that are modified. Estimate: 1000 players, 8 hours/day, 19 years to dig out 1% of the planet. There will be prospecting gameplay (scanning to locate minerals). It will be possible for players to organize and defend themselves. Biggest overcome challenges: server tech, recruiting people and building the dream team, financing. Often can't use off-the-shelf tech. Started with Unreal engine but couldn't do what they wanted. Switched to another engine. Building not just a game, but a whole set of game technologies. Marketing is important and they'll work on that in the coming months. There's lots of great games out there and no one knows about them. They're trying to revolutionize the MMO genre. You can "paint" by changing voxel materials. Elements (engines, fuel tanks) are static, but there may be multiple varieties later on. Construct and avatar weapons are preset (not customizable), but come in many varieties. Maybe in a few years they'll think about customizing. There will be a skill system like EVE Online (offline training). Still working on that. No offline mining, but some industrial jobs will be running offline. Anything that requires interaction with the world will require you to be connected. Mining will not be automatic so that beginners can have something to do and be competitive. If you are touching the ship when it is destroyed, you die. In principle, you could escape in a smaller ship before that or just float in space with proper equipment. Bases will require power (power generators) for certain parts. Not for lights. Food is intended to be added later. Everything is scriptable in Lua (for advanced players). Can automate a lot of things. You can play games inside the game. For the moment, no underwater bases. Would like to add a bubble that creates a water-free area. Just a matter of time until they find a way to make underwater bases happen. No boats ("water ships"), hovercrafts instead. Territory units will be expensive and there will be lots of gameplay to regulate how often you can claim territory. 1 km in diameter. The only way to get anything is to craft it or to buy/get someone to craft for you. Subscription allows you to get and enjoy the whole game (10-15 €/$ per month). There will be a free trial period. There will be a PLEX-like system.   Microtransactions: no pay-to-win, maybe cosmetic items only. In-game money is called "quanta". One aspect of the game that's not talked about enough: interactive elements (pressure plates, lasers, detection areas, force fields) allow you to make puzzle games (like Portal). You can invite friends or make a business out of it. Puzzle game are expected to be co-op (since there's no cube you can drop).

DU is set to be a game with PVP and non-PVP activities suitable for multiple playstyles. 
NQ will have to make sure that the toxic "harassment for teh lulz" mentallity that some EVE players have will not run rampant in their community. 

Hey everyone, 
 
I just found a new youtube interview with J.C.
I didn't see this posted on the forum yet so I thought why not share the joy with everyone.
 
 
Have fun. 

Shame on you @enderofworlds89 for recruiting in someone's introduction post.

Sure, but they also indicated they will give a nudge to stimulate certain events.
I don't think they are spending so much time creating all these tools to let them go wasted.
 
I still think its a bit too early to make predictions. 

I just made a new desk for my computer, but i measured wrong and it can't fit up the stairs... Oh well, I guess it can just go in the Dining room... I cut this tree down in my front yard, and because it looked so cool, i learned how to make stuff!

 

Your right its all tied into each other if you are not successful with your economics then you will probably will not have enough : materials , money , man power , or influence to fuel your war machine to conquer the galaxy if that's your thing !  *wink* 
 
My personal idea of game play style would be to control big features of the galaxy through economics and influence !   =) 
 

Yeah, I would suspect that economy is going to be a more important part of the game than PvP.

Hello explorers,
 
I see more and more communities and organizations setting up authentication based on Dual Universe account in order to identify players on Discords, websites or other places outside the game.
However, it's not a simple process and there are lots of potential security breaches (I've seen and reported a few).
 
Thus, I decided to write this post where I describe good security practices and point some common attack scenarios.
While this post is mostly directed towards developers and webmasters, I think it's also a good and interested read for all players.
 
How authentication works
 
Currently, Novaquark doesn't provide any way for third party applications to identify a player (they have other priorities like creating the game for now).
So, how to do it then ?
Usually, we rely on authenticating a player on the third party application via standard login/password authentication and then give to the player a random token he must show on his/her profile.
 
In other words, the authentication process works using the following steps:
The player create an account on the third party application. The third party application generates and gives a token to the player (ex: "my-app-auth:396943934983749839"). The player logs into his Dual Universe account and updates his profile, appending the token. The player tells the application that token is uploaded on his profile (specifying his/her profile name or URL). The application browses the profile, read the player name and public information (organizations, titles, etc.). It also double-check that the token is present and correct. The application then "links" the local account to the player profile and may autorise access to restricted content.
 
When security fails
 
This list is not exhaustive, but contains most problems I've seen or can think about.
For easier reading, I put in red the attack scenario and in green the good practices you should use/see.
 
1) Token randomness
A secret must be random! Else, someone could just predict or guess the token and use it on his/her own profile.
Standard random() functions provided by languages are actually not random and may present collisions: you can predict their output (see https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d if you don't trust me).
Thus, it is important to use strong random generators like:
java.security.secureRandom() for Java random_bytes() or openssl_random_pseudo_bytes() in PHP crypto.randomBytes() for NodeJS secrets.token_bytes() (or secrets.token_hex()) in Python Etc.  
2) Your token is actually public!
Yes, the token is public: you put it on your public profile as the application needs to read it.
A hacker could read it when you update your profile and authenticates at your place before you get the time to do it yourself. If you think that it is too hard to watch all forums accounts for a new posted secret and authenticate before the player, note that there is a RSS feed which gives in real time all profiles changes.
How to prevent the attack ? Make sure to bind the token to the third party account. This way, if someone else tries to authenticate with the token, the local account won't match.
As a good practice, also send the token in private and not in a public channel.
 
3) Weak or lack of verification
Some applications may forget to actually verify the token (don't laugh, a bug is always possible).
So make sure to test it after each code update.
Another important point: the forums user feed also contains data from the posts liked or messages posted. If the verification function just looks for the token anywhere in the page, a hacker could create a post with his token in the title and this secret will appear in the feed of whoever likes or answers it.
So make sure to only check in profile updates.
 
4) Validating the wrong profile
If the player enters the URL of his profile (on the forum, this is nearly mandatory as there is no easy way to know the profile URL based only on the player name), it is possible to host a webpage on another website with a copy of your profile with modified information about your pledge, title or organizations.
Thus, it is important to double-check when validating the token and gathering player information that the URL domain is actually correct!
Hint: it should be something like *.dualthegame.com (make sure to test against URLs like "*.dualthegame.com.hacker.com" or "hacker.com/*.dualthegame.com").
 
5) Luring someone else to edit his/her own profile
This one is a bit tricky. Let me break it down into a detailed scenario:
I start authenticating on Achilles' Discord which requests me to put the "123456" token in my forums profile. I don't do it right now and instead setup my own application with authentication. I share my application with Hector who tries to authenticate there. He is requested to put the same "123456" token on his profile. Hector put the token on his profile (and finishes authentication on my application for what matters). I finalize authentication on Achilles' Discord indicating that I'm "Hector". And now, Achilles' Discord thinks that I'm Hector. Tricky.
A quick and easy recommendation is to generate a token which is clearly related to your application.
So, for example, Achilles' Discord could have generated a token like `Code for authenticating with Achilles' Discord (don't use this code if it was not given to you by the "Achilles' Bot"): 123456`.
As Hector is a smart guy, he would probably not put this token for authenticating with an application which is not named "Achilles' Discord".
It is not perfect as a player who is not paying attention can blindly copy/paste the code.
 
6) Quits and bans
Last but not least: players may quit an organization, be kicked from ATV or lose their backer title for whatever reasons.
Thus, if a third party application records groups and roles only once during authentication, the player rights may become outdated in the future.
It is important to regularly check the player organisations, titles and rights and update them accordingly (ideally before any request, but realistically a check every hour or day is ok-ish).
 
 
I hope this post will help. Feel free to ask questions or repost it anywhere.
 
Regards,
Shadow

I'm a little old school, everything should be measured in cubits.

As an American I say, all hail metric!

While this system may work for some games, the devs have already said several times that it isn't how the payment plan is going to work in DU and there was a really large discussion just last week (I think) on the forums about a very similar alternate payment method. (You may find the arguments interesting, it wasn't really my thing., too much drama mixed in.)

I listened to this a few times while working today. Can't decide if it was cheating, or moonlighting, or insubordinate... I just feel so much more prepared for tomorrow.

The Boolean logic tickles my fancy.

Absolutely they can. You just need to use relays with multiple inputs and outputs to wire things recursively.
 
Look up Minecraft redstone circtuis. It's basically the same concept as these logic gates, albeit simplified a bit since the logic is not based on minecraft block mechanics.
 
What you're looking for is a Memory Circuit, such as a NOR Latch.

The four tutorials are now released on our YouTube Channel!
Tools & UI Basics (25 min) (WATCH FIRST) Atmospheric Ship Building (12 min) Interactive Elements & Linking (21 min) Rights Management, Outposts & Territories (8 min)  
Best Regards,
Nyzaltar.