Jump to content

ShadowLordAlpha

Alpha Team Vanguard
  • Posts

    255
  • Joined

  • Last visited

Posts posted by ShadowLordAlpha

  1. You all seem to be thinking about it wrong (at least to me) You don't actually need a pressure system simply a few Booleans connected to a construct and an environment check. you can fake stuff extremely well without actually having a lot of the complicated parts.

  2. Something I have always found extraordinarily dumb in a lot of the Science Fiction books I have read is the fact that, under combat conditions, the ships stay pressurized with atmosphere. In general for a plain flight this would be fine but in combat it can lead to many problems such as fire, depressurization, secondary explosions, people getting blown out into space, ect. It would make far more sense to simply deal with the problems of some space suit (its a future so I am assuming the suits are no where near as bulky and hard to move around in as current). Maybe some places could stay pressurized but the whole ship doesn't need to. In game this could be as simple as slightly changes damage values like some things don't actually penetrate as much or cause secondary explosions though its very dependent on the mechanics in the game. Those two suggestions were basically to simulate it without actually needing to model a simple atmos type system.

  3. Decently sure they said their would be power lines and such. The main thing you have to remember is redundancy and people using it. It would make ships more complicated to wire up but less likely for something like that to take them out. You also have players that can do repairs running around most likely and you would have to prioritize those repairs so if your guns and engines both go down due to different breaks in the power supply and both would need the full attention of your engineers to properly fix then you have a damage control choice to make. repair the guns and make yourself basically a sitting duck with a little firepower or the engines and try to stay alive until the other repairs at least have some spit and duct tape so you won't fall apart and could maybe get a shot of two off.

  4. 5 minutes ago, mrjacobean said:

    Hang on, what is the point of being a spy right now? What is there to gain except the ire of your target? If the answer is "there isn't", then why are people mad at you for being accused of spying?

    There is no point (maybe gathering information but on what exactly?) and until they get the full permissions system or whatever worked out espionage type stuff isn't actually allowed as far as I am aware. They are mad because a number of orgs did actually get disbanded and are probably thinking its those alt accounts that are used for spying that were being accused of boosting the numbers. If NQ actually made a mistake like that I would be surprised as they mention that that is actually allowed as I recall and honestly its not really that hard to check who made an account as long as some decently basic logging or data collection is set up and the person making the account isn't being sneaky.

  5. 11 hours ago, Omfgreenhair said:

     

    What? Gods, no! I want to be the shop-owner, polish my front desk and sell my wares. Don't let automation take my job, again! :P

    you could still be one it would just automate your shop while you are gone :P but honestly they would probably be used mostly for grunt type work that no one actually wants to do in a game after a certain point or as you said in events that are hosted that would basically be like last man standing or blow that thing up

  6. Just now, yamamushi said:

     

    By the time you have enough traffic built on handshakes alone, it would have to be hundreds of thousands of players all using the same script or connecting to the same host, by which point they should have implemented a real API by that point. 

     

    Not only that, but it would have to be a constant stream of traffic to cause a DDoS. 

     

    Open a packet analyzer and look at all of the traffic you already have going on your network, a handful of handshakes is not going to cause a problem. 

     

     

     

     

    never said they would i said they could

  7. 14 minutes ago, LurkNautili said:

    But what I'm getting as that e.g. Google couldn't get DDoS'd by DU scripts because they haven't installed a thing that listens for a connection. That way you wouldn't need to waste NQ resources on a screening process of IPs or domains, but rather users of the internet connecting scripts would be able to set up both ends of the connection themselves. This shifts responsibility to the users, which, if the subset of operations/features is kept nice and controlled and well-vetted, should get rid of both DDoS and security problems.

     

    You don't need to install something to listen for a connection its there with a socket.

     

    Just now, yamamushi said:

     

     

    That's what the handshake is for. 

     

     

     

    handshakes can be used to DDoS just like ping packets can be

  8. Just now, LurkNautili said:

    It's less of an issue of attributing blame and more of an issue of avoiding the thing in the first place.

     

    Having to be listening for connections explicitly and dropping connections that you're not expecting isn't a difficult thing to write. It's generous to even call it a protocol.

     

    no but listening and not accepting or accepting is the servers responsibility not the client. LUA would be a client so filtering based on something makes more sense

  9. 3 minutes ago, LurkNautili said:

    I'm not sure we're talking about the same things anymore, so let me take the liberty to better define some stuff here.

     

    So you have the client Lua scripts (call them internet capable DU scripts or something like that maybe)whose developers want to access the internet with them. Then you have the servers online (called... internet DU script targets, maybe) that would be what they want to connect to with their scripts. The concern in terms of DDoS, if originating from within the scripts running in people's game clients, would be that the connections would be either entirely unsolicited (probably what you meant, I now realize) as part of a malicious Lua script developer's DDoSing campaign (kind of an unlikely scenario since there are easier ways to DDoS, imo -- also easily stopped), or as a result of poorly designed scripts that idle around pinging web servers (what I was initially thinking about) without any real need to do so. Or just the sheer popularity of a script overwhelming unconsenting server endpoints (maybe this is what JC was refering to with his million DU users specifier).

     

    Defining a small list of IPs would serve to protect e.g. web servers that haven't been included in the list from being flooded with any type of traffic from within the client, but that would already be solved by a consent-based two-ended protocol type of deal that OP posited. Restricting access by IP would also have the downside of being less flexible without much added benefit imo.

     

    Idk if I left anything important out, but I tried to be a bit more verbose to prevent further miscommunication (whereas usually I try to keep things terse for the sake of short attention spans, as nobody likes walls of text).

     

    No developing a whole new protocol would be far more restrictive normally than simply allowing sockets and the list would not be to protect others but allow a few to be access. I don't know how you think developing something new would be less restrictive but whatever. Scripts could also send payloads or have the IPs they connect to hidden in which case any poorly designed script would be the fault of its creator and not a user.

  10. 1 minute ago, LurkNautili said:

    Right, a changing list, fair enough.

     

    Still, would that not restrict the system excessively? And if it were possible to get yourself  onto that list, what does it change exactly?

     

    It still doesn't address the type of incidental DDoS to those IPs, the type that JC mentioned in his tweet. However, OP's suggestion in principle would.

     

    the type of DDoS you are talking about is normal and in general is fine because its nature of more traffic than expected. Also he only mentions DDoS not the type. To get on the list would depend whatever they decide but would allow them to track who added what to the list or things like that. Also the system would be less restrictive than simply not having it in the first place

  11. Just now, LurkNautili said:

    I see... The whole "registering an external app" part confused me.

     

    I'm not sure if hard coding in a bunch of IPs would result in the kind of functionality OP is asking for.

     

    For one, only people with access to servers on these IPs could realistically use the luasockets type system, right? Secondly, domains and IPs change, so you'd need to have it be more dynamic than that, imo.

     

    a registration system would not need to be hardcoded and you could update it as things change.

  12. Just now, LurkNautili said:

    Well, we're talking more about incidental DDoS rather than intentional. You think writing a custom back-end and front-end for a fully fledged application would be easier than just writing a communications protocol and building a web frontend for it? I'm not sure I follow entirely

    I was talking about a list of valid, registered and approved IPs that LUA applications could connect to so how in the world is that a whole front and back end?

  13. 33 minutes ago, LurkNautili said:

    In terms of security concerns, I think they'll have to design their own custom implementation regardless to close out the possibility of any exploits, so regardless there would be quite a bit of development time involved as it's a section of the program at high risk for exploitation.

     

    In terms of DDoS concerns, even with a neutered set of operations I agree that you'd need some kind of a protocol set up between the web server end implementation and the clients with lua. I.e. you couldn't form connections with just any server out there, you'd have to install the API on the server you want to connect to as well, with some kind of a protocol (at least in spirit) similar to what was suggested in OP.

     

    I do think it would be useful to have this, but I can also see it being a headache to implement and iron the bugs/exploits out of. It's the sort of thing I wouldn't deploy in the live version of the game, but rather either early in the testing phase or on a dedicated testing branch to reduce impact on at least the in-game economy.

     

    how about just registering an external app or something with them as anything else would take far to much development time and still be vulnerable to all the same things. The limits already should limit the DDoS type things because its much easier to just ping the server with a false IP then work around them most of the time

  14. 45 minutes ago, huschhusch said:

    English (Translator used)

     

    Hello yamamushi,
    I hope you are already clear that the LUA script operator in the game and close to the script item must be? So what for the phone app?

     

     

    These are actually useful for tracking things like a facility designed to produce things and timings as well as price lookups on external sites. They could also be used to distribute loads to other external servers so that NQ doesn't actually have to run the script but another server can do so and the script can just grab the result. There are also other things but a script should also activate if a player is nearby so you could use them as warning systems as well

  15. Welcome to the community, GimmeMyGold.

    Here are a few things you should know before having an epic journey and destroying the economy chit-chatting on the forums:

     

    Take everything with a light-heart. Here, we are all about humour and slowly waiting for the Alpha.

    Cybrex is known for being suspected of creating alts, so make sure to meme about him.

    Terran Union is the biggest corporation and nobody actually knows what the Union is about.

    Follow all the rules (because I mean some civility is needed)

    Make sure to research aerodynamics, physics, economics, EVE Online, and various organs in order to know what CaptainTwerkMotor is talking about. No, seriously. You should really research it because Twerk is like a person who worships science.

     

    Enjoy your stay, and stay Cheeki Breeki.

    I thought I (SilverLight Industries) was the biggest corporation :P . They are the biggest organization though.

  16.  manipulate the market itself to trick others to buy or sell, and so on

    That sounds like any game with a player driven market. I may have crashed the price of a real money object in another game so i could buy more for less. I got it to somewhere around a third of what it was worth before and the market didn't recover until i inflated it so i could by more of a different object

  17. Markets work on supply and demand so eventually they will stabilize with or without intervention somewhat though it will vastly depend on players unless NQ does step in and, more or less, standardize prices though that gets rid of a whole shipping and trade market basically so while I doubt they would it is possible that they will

×
×
  • Create New...