Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Badspot

Pages: [1] 2 3 4 5 6 ... 48
1
Drama / MOVED: Anime and Manga Megathread
« on: November 29, 2020, 10:56:06 PM »

2
General Discussion / MOVED: An Apology to eveyone.
« on: October 15, 2020, 10:40:36 PM »

3
Off Topic / MOVED: forget! instead of OUCH!
« on: August 04, 2020, 07:35:39 PM »

4
Development / 2020/05/29 - Blockland r2033
« on: May 29, 2020, 09:55:15 AM »
Blockland r2033
  • Duplicate clients are now kicked by default.  If you want to allow multi-clienting, set $Pref::Server::AllowMultiClient = 1
  • Fixed case where netEvents could overflow the packet buffer and be partially sent.  This should fix some cases of freezing during datablock load and "(Mis)" disconnects.

5
Development / 2020/05/20 - Blockland r2023-r2031
« on: May 20, 2020, 04:16:50 AM »
Blockland r2023
  • The Blockland client now requires Steam to join internet games.  LAN and single player are unrestricted.
  • You can still use the launcher or a portable installation, you just need to have Steam running in the background.
  • Dedicated servers do not use Steam, but must have a login token in order to post the to the master server (details below)
  • Multiple BLIDs can be linked to one Steam account.
  • You can no longer change your username.  One BLID = one name.
  • Everyone with the default "Blockhead" name has had their name cleared and will be able to set a new name when they log in.
  • My BLID has changed from 0 to 1.
  • Joining a server now more complicated than before.  I would advise that add-ons should avoid direct creation or manipulation of GameConnection objects.  Just use the default ConnectToServer(%address, %password, %useDirect, %useArranged) script function if you have your own server browser/join gui.

There are many code changes involved here so if you see any bugs with names, joining, hosting, etc, don't hesitate to report them.

Blockland r2024
  • Added getKeyNumID() back in for add-on compatibility.

Blockland r2025
  • I meant getNumKeyID()
  • Added isUnlocked() for backwards compatibility, always returns true.

Blockland r2026
  • Fixed server list bug
  • Compiled without control flow guard

Blockland r2029
  • Renamed parts of default joinServerGui in an attempt to avoid add-on interference
  • Fixed joining passworded servers
  • Fixed passworded servers not showing up as orange
  • Fixed server filters
  • Fixed server list mixing up as pings come in
  • Added %client.bl_id back in for add-on compatibility
  • Fixed main.cs syntax error/unterminated string
  • Added steam_appid.txt to support using steam from launcher/portable install

Blockland r2030
  • Fixed eval error on colorGui
  • Improved error message when joining a server using old arguments, now immediately gets "Bad connection arguments" instead of going ahead with auth and getting "invalid blid"
  • More join dialog renaming in attempt to avoid mystery add-ons

Blockland r2031
  • Fixed server list not pinging more than 10 servers
  • Selected blid is now remembered in a $pref and automatically applied
  • Can now multi-client on a server without auth failing



Convert your game to Steam:

You can link Blockland IDs to your Steam account using your original purchase email.  Other methods of conversion will be added based on feedback, but this is the most sure-fire.
  • If you do not already use Steam, create a new account
  • Choose the purchase email method, forum email method, or key method and log in with Steam
  • You will be redirected to the Steam site to log in, and then redirected back to Blockland.us.  The page uses openID, your login credentials never leave the Steam site.
  • Enter the email address you used to purchase Blockland.
  • A list of Blockland IDs purchased from that email will be displayed.  Select the ones that you wish to link to your Steam account.
  • Click "Request Email Link".  A confirmation email will be sent to you.
  • Open the email and click the confirmation link within 1 hour.



Hosting a dedicated server:
  • Connect your Blockand ID to Steam (see above)
  • Go to the Dedicated Server Token Management page.
    • A list of your BLIDs will be displayed
    • Click "Regen" to get a dToken for each BLID you want to host a dedicated server with
    • Copy the token and add it to your dedicated server command line arguments like so:
Code: [Select]
-dtoken 5716e25fa0c81149e2c24b977aa20f3e

    It's basically a password that allows a dedicated server to post to the master server in your name.  They can be regenerated at any time, so there is reduced risk in using them on a third party hosting provider.  However, you are still responsible for what is done with your login tokens, protect them accordingly. 

    You'll also need to log in to your BLID on the client at least once to set the username. 

    7
    General Discussion / MOVED: Problems running the Steam Version
    « on: May 05, 2020, 01:29:09 PM »

    8
    General Discussion / MOVED: THE BLOCKENING
    « on: May 03, 2020, 05:30:50 AM »

    9
    Development / 2020/05/03 - Blockland r2005-r2012
    « on: May 03, 2020, 04:33:24 AM »
    r2005
    This update patches 2 buffer overflow bugs in response to this ongoing incident.

    It is also compiled in the latest version of visual studio with Control Flow Guard enabled.  This may provide some general protection against this type of bug.

    There may be some side effects.  I have noted a slight performance decrease, but it seems to be unrelated to CFG.


    I am planning a more thorough solution to the compromised key problem, please be patient.

    r2006
    Addressed another potential vulnerability of the same type.

    r2007
    Many unsafe string copy and concatenation operations updated. 

    r2009
    Minor cleanup, one additional buffer limit fix
    Removed "-1" event on Speedkart_Lighthouse
    Removed ultra shortcut on Speedkart_Descent
    Brightened lighting on Speedkart_Harbor



    I have re-enabled key authentication, with the limitation that it will not work on new IP addresses.  That means you can log in and play as normal, but only if your IP is the same as it was a few days ago (or the last time you logged in). 

    Everyone in the list of stolen keys who had a steamID linked to their account has been made steam-only.  Of the remaining keys on the list, I found suspicious log in activity on the following BLIDs:

    4578
    20406
    22324
    27013
    30372
    35295
    39877
    43110
    46163

    I reverted their IP addresses to what they were before this started.  There may be other compromised keys, but given the pattern here there probably aren't that many that were actually logged into. 

    This isn't a complete solution obviously, it's just a stop-gap to let a few more people play while I implement a more permanent fix.



    The permanent solution is going to be using steam for authentication.  Having everyone store a password on their computer is just too high value of a target with too large of an attack surface.  It's stressful enough just keeping them on my server. 

    You will be able to host dedicated servers
    You will be able to keep your BLID (even alts)
    You will be able to have multiple installation folders

    It's going to take a little bit of time.  If I don't implement everything at once or the plan changes, try not to sperg out immediately. 



    r2011
    Removed case where key.dat would be cleared when auth failed
    Updated to latest steamworks sdk

    r2012
    Fix for unintended change in stricmp behavior

    10
    Drama / Key Compromise
    « on: May 02, 2020, 09:53:04 PM »
    A number of Blockland keys have been compromised.  The method is currently unknown.

    Current hypotheses:
    • Remote code execution - A malicious server would exploit a buffer overflow or similar flaw to execute arbitrary code on clients that joined (or vice versa).  Exploits of this nature have been found before, and a number of bad actors are constantly looking for them. 
    • Exploit in Blockland Glass - I don't know anything about this mod.  Beyond social engineering attacks (ie making a fake 'enter your key' dialog), script code should not be able to read the key data, but there may be bugs/exploits/oversights around this protection.
    • Database compromise - This seems extremely unlikely to me because no famous retired accounts have been compromised.  My key has no special protections and I doubt an attacker could resist the temptation.

    I have taken the following actions to mitigate the chaos while this plays out:
    • Disabled non-steam authentication
    • Disabled linking keys to Blockland forum accounts
    • Disabled converting Blockland keys to steam accounts

    Email or message me if you have actual knowledge of the problem.

    Edit: Blockland r2005 released.

    11
    Gallery / MOVED: Retro 1980s lego city
    « on: April 21, 2020, 07:55:26 AM »

    12
    Gallery / MOVED: Lego pirate build
    « on: April 21, 2020, 07:55:17 AM »

    13
    Games / MOVED: Re: What Garry's Mod playermodel did you use?
    « on: January 12, 2020, 08:25:59 AM »

    14
    Drama / Latest kidalex ban
    « on: July 30, 2019, 08:27:37 PM »
    Kidalex on his latest alt posted an "hrt item" add-on that in addition to its advertised features, contained code that would change the shapename of certain blockland users to "transmission friend".

    The problem is not that the add-on is offensive or that it uses bad words. 

    The problems are:
    • The add-on is labeled as an item and but is actually an abuse/vendetta list
    • The add-on undermines base functionality of Blockland (shapename) for no reason other than abuse/vendetta

    The trojan horse nature of this add-on is what warrants an immediate ban.  I know you're going to have your silly discord wars, but don't try to recruit other servers into it with back door code. 

    15
    Development / 2019/07/13 - Blockland r2000
    « on: July 13, 2019, 04:40:47 PM »
    Fixes for some issues reported by CompMix:
    • Security issue related to a network event.
    • Fix for one type of speed hack.
    • Fixed splash objects not being deleted.
    You should update your servers as soon as possible. 

    Pages: [1] 2 3 4 5 6 ... 48