Glass Hosting Development

[Shift Kitty]

Are we able to use .dlls on wine anyway?

[Ad Bot]

[.Kong123.]

I wish someone would just make a management tool that we could utilise with a VPS of our own choosing.

Are we talking about like some online control panel everyone can use?

[Trogtor]

what about getting this to work with it?

https://forum.blockland.us/index.php?topic=297043.0

it has the source code so i imagine you could get it to work with a vps?

[TrainandSpacelover]

what about getting this to work with it?

https://forum.blockland.us/index.php?topic=297043.0

it has the source code so i imagine you could get it to work with a vps?

yes, please

[Scout31]

The service will run on either Debian or Ubuntu, running Blockland on wine. This setup works fine and has been used by several other hosting services.

Lots of good progress. I'm limited to using a Surface for the time being as I'm in the process of moving in to my dorm, but a lot of important infrastructure is getting done.

Are we able to use .dlls on wine anyway?

Of course.

[Shift Kitty]

I've never been able to figure out how to do that.

[mctwist]

working on it
the idea i have is to create a TCP server on blockland that the menu would connect to for interfacing. i plan on letting the menu generate a key/random string each time the server is started, and that key would be sent with each command to prevent someone just coming in and wreaking havoc

Digest access authentication
It's cool, really. Even if it's plaintext it's something that sure works. I implemented this kind of thing before, so you probably shouldn't have any problem with it. Also, instead of md5 you can use sha1(Unless you want to crack the nut and implement md5 in TorqueScript).

[TheBlackParrot]

Digest access authentication
It's cool, really. Even if it's plaintext it's something that sure works. I implemented this kind of thing before, so you probably shouldn't have any problem with it. Also, instead of md5 you can use sha1(Unless you want to crack the nut and implement md5 in TorqueScript).

so from what i understand

menu connects to blockland over a TCP connection
menu asks for a username
blockland creates an expected hash from the username (if it exists), and the password sha1 hash (which i don't trust. at all. i'd rather use an external script to do all of this over sha256)
and if it works they get in etc etc blah blah, hash is sent with each command

[Metario]

downside about sha256: it can't be completed in tork without slowing the engine to a halt

ot: excited, maybe allow for DLL injection of some preset things (selectiveghosting, antispeedhack, blocklandlua, playercollision) for advanced modding

[Scout31]

For now, I'll work with people who are interested with DLL injection on a case-by-case basis. Generally, I'll want the source code and I'll build them myself to prevent any security risk.

If anyone is interested in testing speeds out, I've set up a node for development. The username is 'BLG', and the Blockland server will be up and down as I continue development. Feel free to join it and play around. From my end on an admittedly stuffty connection, I'm getting around a ~40ms ping which is one of the lowest I see on the server list. No signs of lag or strain on the server.

Edit: I remember reading somewhere that Blockland's ping is unreliable, so if you want a more accurate result, you can try pinging s1test.host.blocklandglass.co m

[Ipquarx]

blockland creates an expected hash from the username (if it exists), and the password sha1 hash (which i don't trust. at all. i'd rather use an external script to do all of this over sha256)

why don't you trust sha1? As long as you have a secure password it's fine, and you could use something along the lines of an iterated hash function to slow it down and help prevent bruteforce attacks against the hash (Which should never even be a problem assuming security is fine and you can't *get* the hash)

[TheBlackParrot]

why don't you trust sha1? As long as you have a secure password it's fine, and you could use something along the lines of an iterated hash function to slow it down and help prevent bruteforce attacks against the hash (Which should never even be a problem assuming security is fine and you can't *get* the hash)

SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptbrown townysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Microsoft, Google and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

i mean considering it's blockland, sha1 is probably fine now that i think about it

(haven't forked off to a different thread as i assume BLG could use the same system i use with a websocket proxy or something)

[Space1255]

Any updates?

[Scout31]

I'm at college orientation the next few days and can't get much done. Still aiming to launch by the end of the month.

[Mega-Bear]

I'm at college orientation the next few days and can't get much done. Still aiming to launch by the end of the month.

that's good to hear. I wish I had more time for BL between classes. makes hosting almost impossible. :(
really looking forward to the launch, keep up the good work friend.