Page 1 of 1

Pelishard New Problems... Future Code Problems

Posted: Mon Jul 27, 2009 6:51 pm
by Nalates
Well... here is a whole new level of a problem that just popped up at GoMa. The issue of Trojan software and malicious code has come up before. Here it is again before we even have a ...what adjective shall I use to not prejudice the sentence... 'real' ...?... (hopefully you get my idea) shard up.

Drizzle Pelishard Fork

ddb174 is putting out warnings. The original was in April on GoW. A recent post regarding it appeared at GoMa. Why now I don't know unless it is because of the recent GoMa management changes.

Dhelayan (Pelishard operator) responded.

No objective person has looked at the code as far as I can tell. Since credit for work done by others is apparently removed... I have problems with what Dhelayan is doing.

But this points out the problems users are going to have. SL has numerous hacks where people try to scam people into running modified viewers that can steal passwords, of course real money is involved in SL.

Modular Systems makes a viewer for SL. They are using public keys to assure people get their code without change no matter where it downloads from. They also post the code publicly so people can easily compile it and check the CRC/MD5 type results against the executables. That makes it easy for an objective party to make a check.

It looks like the MOOS effort will certainly have to have something.

I may have this in the wrong section... I have no prob with it being moved.
Mod note: I felt this was better in the System Concepts forum as it's a bit of an "infrastructure" subject.

Re: Pelishard New Problems... Future Code Problems

Posted: Wed Jul 29, 2009 8:44 pm
by Mac_Fife
Side-stepping the matter of shards and tools that are outside outside of Cyan's licensing model, I see multiple issues in that thread:
On one hand we have person X who appears to take open source code and modifies it slightly (that's OK) but at the same time removes the previous work credits (not OK). Even worse if the modification is solely to remove the credits.
But then we have a knee-jerk reaction from person Y who basically says "Oh, X did this, it must have evil in it" without actually taking the time to check whether or not it's fact. Since it's a published comment it could legally be considered a libelous claim unless it can be backed up. Cross-posting in other forums just heightens the stakes. It could have been handled better.

These kind of polemics and personality conflicts are something we can all do without; unfortunately they are a fact of life whenever you get a significant number of people working on a project. Get used to it and learn how to deal with it, I'm afraid :|. Kenguin's link to the Google TechTalk on "How OS projects survive poisonous people" is well worth a review (if you've got a spare hour!).

This particular issue relates to an external tool that isn't directly involved with the gameplay, i.e. not part of the client or the server: In such cases, it has to be a case of caveat emptor: If you download a keygen from a game cracker's site then you can expect to inherit a trojan. There's a bigger issue of course as far as "hacked" client/server code is concerned, and we have a thread on that at Trusting the Servers.