Messages

1

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 12:13:16 PM »

Names

2 factor.  Support.  It automatically works for new users without them receiving and typing in a key (a major sticking point believe it or not). 
Ok.

Ok, so don't totally remove steam support. Obviously. Why remove non-steam support and rework the entire auth system? All compromised users were of course key users, so it's not like it would be extra work to recover their keys through two platforms.

2

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 12:02:00 PM »

>Yes this is the obvious solution.
So why steam and not e-mail?

>I can see you already have your key tied to steam.  This doesn't even affect you.  You're just being mad for other people.
I don't like steam.

Names.

3

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 11:15:21 AM »

You want me to .. email.. new keys to people.  To the email address that you just foamed at the mouth about them not having access to anymore?

you could have just allowed people to request new keys via e-mail, and used the same protections for that as I'm sure you plan to use for switching to steam.

Not sure if you remember a couple minutes ago when I enumerated these exact protections either, so here's that as well:

If you're wondering what the hypothetical solution to this problem is, it's to let non-compromised users link to steam using their key, and let compromised users do so only from their locked IP.

You don't have to do this immediately, and you could even do something else, just replace the word "steam" in either this or whatever other solution you think up with "an e-mail account".

And still no answer to the names question, other than "because some people who change their name do it to troll" and "you're a handicap".
I know you're a busy man with lots of unfinished updates to roll out, so in case my posts are a little too wordy for you to read all the way through, I'll try to keep the name questions concise from here on out. Making the text a little bigger might help it stand out too.

Change name good. No change name bad. Why no change name?

4

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 10:55:13 AM »

>Too slowly or too fast
Doing stuff that doesn't matter at breakneck speed, like removing key auth and changing the master server, while ignoring the important things, like fixing the game and letting people play it. Removing key auth does not count as fixing the game.

Nothing about why no e-mail solution. Not sure if you read the whole thing, but if you let people request new keys via e-mail, you hand off the task of resolving stolen accounts to their e-mail provider.

Still nothing about names.

If I hadn't mentioned the name thing, no one would have noticed for weeks.  Maybe I'll add a cooldown to it later but it's just not a priority.  Normal people do not change their username that often.

More of the same "Everyone except me is a handicap. If they disagree with me it's because they're dumb."

5

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 09:49:14 AM »

Thanks for taking time out of your busy day of rapid-firing broken-ass untested updates to answer my questions. I've tried to sum up your answers in a Q&A format with citations. Correct me if I'm wrong on any of these.

>The solution to both problems is to implement the safest solution first and let people use that while the other options are developed
Q: What will be done about users who don't have access to their old E-mail
A: Something
Q: When will this undefined solution be implemented
A: At some point

>Sure, but that sounds like a job for steam support or the police, not Badspot.
Q: Why steam
A: So in case anyone finds another RCE exploit in my game, which is not unlikely since I disabled protections against it due to an issue I don't feel like debugging, them stealing peoples accounts won't be my problem anymore.

Maybe I'm missing something here, but it seems to me like if you wanted an easy solution that didn't involve breaking the game for a week, you could have just allowed people to request new keys via e-mail, and used the same protections for that as I'm sure you plan to use for switching to steam.
This would have achieved the same effect as the steam-only solution, also allowed you to step away and let the e-mail host handle stolen accounts, and not required a total overhaul of the auth system. It would have also meant people could play the game without having steam constantly running and taking up half a gigabyte of memory, but I know you don't give a stuff about that.
Instead of spending weeks implementing an overly difficult solution to a nonexistent problem, you could be trying to get CFG working, and working toward preventing this from ever happening again, whether on your watch or someone else's.

Q: Why are you inconveniencing users for little benefit by disabling name changing
A:
No quote to show here because you didn't address this.

6

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 07:52:39 AM »

Literally just run steam.  Such inconvenience.  I'm so cruel.  Write more paragraphs.

Consider reading past the first line.

7

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 07:42:42 AM »

i mean, no. the rce couldn't have stolen access to your steam account considering the base level of entry is your username + password + immediate access to your email (you're alerted whenever someone tries to log in.) and you're encouraged to put in a phone number to do basic tasks. by shifting it over to steam badspot is giving you protection from these kinds of RCE's that keys didn't provide

They have full user-level access to your computer. They can install any kind of malware, create and delete files, and generate actions directly from your PC as if you did them. Anything you can do on your computer, an intruder with RCE can do, including changing the passwords to accounts you're already 2fa'd into. Trying to mitigate an RCE attack by not letting them steal your blockland or steam account is loving pointless, you should be more worried about them stealing your identity and credit cards, or installing ransomware or any other kind of malware.

8

Development / Re: 2020/05/20 - Blockland r2023-r2024

« on: May 20, 2020, 07:17:33 AM »

Why are you putting so much inconvenience on regular users to try to stop every form of abuse? I'd rather deal with a few annoying individuals than go through all the crap you're laying on us just to play the game. Not being able to change names? Tell me you're joking.

Even disabling key auth is chasing a red herring. The exploit could have easily been used to steal entire steam accounts, or worse. Perhaps we're lucky there was such an easy and enticing target already available, so they didn't resort to even worse ones. Key-sharing and other stuff you love to hate but no one cares about will still happen on steam, it will just be throwaway steam account sharing instead. The only good thing to come out of this is temporary hosting keys, but that could have been done with the normal auth system too.

And what about people who have played this game for years, and can't link to steam because they no longer have the e-mail they bought the game with? It seems like you're just telling them to forget off or buy another copy, and maybe it's my bad for expecing better of you. If you're wondering what the hypothetical solution to this problem is, it's to let non-compromised users link to steam using their key, and let compromised users do so only from their locked IP. This way you only have to tell a couple of unlucky users to eat stuff, rather than half the people who still play this game.

Maybe I have no right to ask for better, since you'll probably make a nice couple hundred bucks off the suckers who will have to buy a new copy since their e-mail from 10 years ago is no longer accessible. But come the forget on man.

9

Modification Help / Re: Terrain Research Infodump

« on: May 14, 2018, 10:37:37 PM »

Are you gonna release this?

No, but here's the save.
slopes.bls

10

Modification Help / Re: Terrain Research Infodump

« on: May 14, 2018, 09:33:04 PM »

I suspect the issue with bricks causing client lag has to do with face hiding: Whenever a brick is placed adjacent to another brick, the game checks whether one brick completely obscures a face of the other brick, and if so, stops rendering the obscured face.
My terrain, as a result of trying to be brick efficient and not placing any bricks that can't be seen, hides relatively few faces, which may contribute to it not lagging while ghosting.

11

Modification Help / Re: Terrain Research Infodump

« on: May 14, 2018, 09:22:30 PM »

Who says you can't make huge terrain out of bricks?
(Actual size, 102730 bricks, loads in 30 seconds using GhostAllBricks with no lag)

12

Drama / Re: redo - annoying

« on: January 02, 2018, 09:10:49 PM »

Kohoutek: yor hairline be lookin like the mcdonalds symble
Kohoutek: hi
Redo: hi
Redo: did you catch Brosis from wary
Kohoutek: yea fam
nixtheglaceon: its pronounced necrosis stupid

Kohoutek: hes making galaxy
Kohoutek: look
nixtheglaceon: thats the worst swaztika ive ever seen
Redo: this is a pretty good swastika
Kohoutek: yea
nixtheglaceon: pretty good at being gay lol
nixtheglaceon: hahah b

nixtheglaceon: you are literally gay
Redo: get forgetin parked on, noob
nixtheglaceon: and ur mom cancer
nixtheglaceon: car love

nixtheglaceon: i call this one the stupid
Redo: it's a symptom of schizophrenia to give yourself nicknames
Kohoutek: lmao

nix getting pranked:

Redo: look at this cool machine
Redo: nix get in here
nixtheglaceon: egg man land
Kohoutek: come see cool machine
Kohoutek: get in
nixtheglaceon: egg transporter

nix finds an infinite loop illusion room by klark:

nixtheglaceon: what the forget
nixtheglaceon: is this infinitely looping on me
Redo: no it's just really big
Redo: if you havent been keeping track of your path youre probably forgetedf
nixtheglaceon: ive climbed like 50 floors
nixtheglaceon died
Redo: what's here isnt all there is
nixtheglaceon: that thing is 5 floors on the outside
nixtheglaceon: how do you even manage that
Redo: this is only the entrance
nixtheglaceon: thats cool as hell

13

Off Topic / Re: Got a new monitor, it's pretty sweet.

« on: September 10, 2015, 06:38:58 PM »

Welcome to the 16:10 golden club.

14

Drama / Re: Goodcreature, threatening to ddos and track me down...

« on: August 25, 2015, 07:24:34 PM »

You spend your life on here.

Words of wisdom from the guy who just bought a second Blockland key just so he could post on the forums about how much he hates people.

15

Drama / Re: Goodcreature, threatening to ddos and track me down...

« on: August 25, 2015, 07:21:29 PM »

You'll regret what you said, kiddo. As we speak, me and my armed forces are tracing you down and we're going to sustain you so you can no longer harm, harass, kill, or hack anyone. You will spend the rest of your life in a jail cell. How long? 20 years, maybe even your entire life. I wouldn't run. The US armed forces can track you down in an instant, and there is nowhere you can hide. You made a huge mistake, bud. I hope you enjoyed your years of bringing terror, because now the terror will backfire. There is nothing you can do about it. You committed a crime. And you will pay.

http://www.criminaldefenselawyer.com/crime-penalties/federal/Criminal-Threats.htm