Force clients to download GUI's, Textures, Sounds and FastDL support?

[Tetro Block]

Doesn't a .wav file go like:

000000
001100
010010
100001


How can you fit malicious code in that lol?

[Ad Bot]

[otto-san]

every file goes like that

[Dannu]

That's binary, it makes up your entire computer. Every information that is stored, processed or sent in your computer 'goes like that'

[Tetro Block]

Oh, I see it now. Well that's a real shame, A lot of my old game-modes I made relied heavily on sound effects. And it was pretty annoying when a lot of people couldn't even hear them.

[Ipquarx]

Back when internet threat awareness wasn't a thing that was very common, you could get a virus from a e-mail, because not only was there lacking security, but it was very common to use a application on the computer to receive mail, not web-based. Now-a-days none of that stuff flies.

Doesn't a .wav file go like:

000000
001100
010010
100001


How can you fit malicious code in that lol?

Again, it's not the file, the file has nothing to do with it. It's how programs interpret the file. if there's an exploit that allows you to write arbitrary code and then execute it using nothing but that file format, then that allows you to create a virus that happens when the file is interpreted. This even goes for EXEs too, it's not the file itself that causes the virus, it's how the exe is interpreted by the OS.

[Dannu]

Yea, I was just bringing up some example, but you posted as i was writing it up, so it seemed like i was using the example to somehow argument your point.

[ZSNO]

This isn't even close to reality holy stuff lol. The only custom things that servers can download to you are models and textures, they can't be used to give you a virus

Ehh they technically can but not through normal server operations. You'd get the virus through HTML page the client loads when you join. There is a way in Source to disable the HTML loading but I forgot how.

[Tetro Block]

Ehh they technically can but not through normal server operations. You'd get the virus through HTML page the client loads when you join. There is a way in Source to disable the HTML loading but I forgot how.

On TF2 You just go into adv. options and check "Disable html motds"

[ZSNO]

On TF2 You just go into adv. options and check "Disable html motds"

Not all source games have that as an option in the menu, there's a way to do that via console but I forgot how.

[SWAT One]

Another problem is keybinds.  You'd have to have some notification that new GUIs and stuff were added and that keybinds are needed.

Also it would be interesting if there was a file host verification that would allow guests on servers to download only verified mods, like suppose there was a "Mod Security Key" in a text file that verifies it's safety, and when the server starts, it refers to the database, which verifies if the version you have matching the MSK is safe, character by character, and then installs it on the client if it passes.

[otto-san]

Also it would be interesting if there was a file host verification that would allow guests on servers to download only verified mods, like suppose there was a "Mod Security Key" in a text file that verifies it's safety, and when the server starts, it refers to the database, which verifies if the version you have matching the MSK is safe, character by character, and then installs it on the client if it passes.

or sha1 probs, like the update system uses

[SWAT One]

or sha1 probs, like the update system uses

Sorry,"sha1"?

[Ipquarx]

Sorry,"sha1"?

sha1 stands for "Secure Hash Algorithm 1"

It takes in an arbitrary amount of data and returns 160 bits (for example, the sha1 of "Blah123!" is 8e8df429011c2a94e4f21050f6e56 82491a27117) that attempts to be unique to that piece of data. The goal is to make it infeasible to create data that results in a specific hash value, and to make it infeasible to make two pieces of data (that aren't exactly the same) that have the same hash.

[Dannu]

It's used by large websites to store passwords iirc.

[portify]

It's used by large websites to store passwords iirc.

sha1 can be used to store passwords in a safer way, yes, but sha1 itself is not very safe at this point - there's far superior hash algorithms. Generally you'd store passwords using something like bcrypt however.