Official Soldat Forums
Soldat Talk => General Discussions => Topic started by: Veritas on March 28, 2010, 08:07:50 am
-
Let's talk about open sourcing Soldat. For those unfamiliar with the concept, it would make Soldat's source code freely available to modify by the public. First, let's deal with some of the concerns people usually have with this.
zOMG HACKING EVERYWHERE
It is true that exposing Soldat's code makes it easier for hackers to find and exploit the weaknesses within. However this works both ways, as it allows more people to find those exploits and patch them. Linux is a prime example of how open source breeds more security than holes.
There will then be a billion slightly different Soldats, right??
Not so. There will still be a main "Soldat," controlled (presumably) by nC and friends. Forking projects into separate ones is frowned upon in the open source community unless the project is no longer being maintained or some other pressing reason.
Won't this mean no registration, and therefore no money for MM?
I think this is the largest concern for MM. Based on his blog, he's coding LD fulltime, so any bit of income helps. But Soldat's registration is already easy to crack, and we go back to the point on hacking: allowing more coders to look at the code will improve the security of the registration process. It's also worth noting that what happens to $60 games doesn't apply here - you already get what you need to enjoy the game for free.
People will continue to register Soldat because they love the game, and more people will come to Soldat if the game improves. Open sourcing Soldat will help to do this by truly adding community involvement to the development process, and dramatically speeding up development time.
Please bring up any concerns you have about this, I'll do my best to address them.
-
IT'S JUST YOUR DESIRE.
there are wheels within wheels. if make soldat open source, the more, the better hacks can make.
-
It's already been said that this won't happen anytime within the near future. However, an open source clone is being developed:
http://opensoldat.u13.net
if make soldat open source, the more, the better hacks can make.
This isn't how open source works. Look at quake3. Multiplayer, open source. No hacks. Keeping something secret isn't necessary when it's written well enough.
-
It's already been said that this won't happen anytime within the near future.
Could you link me? I'd like to know the justification for this.
-
egh, damn you Waco. Your post on sctfl.net made me think this was actually being considered by the powers that be.... no such luck I spose... $_$ / €_€
-
various MM's interview (very old)
What are your expectations concerning Soldat for the next years?
I would like people to play it from time to time. If there would be at least a couple of servers in 10 years I will be happy. I hope to make Soldat open source sooner or later and I think it will give the game a whole new life.
Golum also wants to know, a bit merged with this question, will you ever let soldat be open source?
Well i definetely have to end this game some time and then is when it's going open source, and open source will make a whole new start for soldat because people could remake it and it would be fun for me because i would be free.
I don't know when it is going to happen, another 2 or 3 or 4 years i don't know.
do you have any other plans for soldat?
Besides open source i don't know, and i won't add vehicles.
[Witcher] Another question from KeFear, do you plan to make soldat fully customable in the near future? People mean soldats main interface and will you add a mod selector in the game?
[MM] With every version I try to do more and more stuff that are customisable. I think the same will happen in next versions until soldat becomes open source and you can change everything. That will be the final thing.
-
Thanks biohazard!
His statements are a little confusing. I'm not sure if he realizes that the upstream people - those who control what changes are applied to the main Soldat version - still retain much of the control over the program. It seems he thinks open sourcing is sort of "setting it free," rather than creating a new development process.
egh, damn you Waco. Your post on sctfl.net made me think this was actually being considered by the powers that be.... no such luck I spose... $_$ / €_€
Sorry, I just wanted more people to discuss it ):
-
I f12 this notion. Sadly, other than that, I have no relevant input.
-
Personally i think that MM's idea was to fix the code to make it somewhat accessible to the programers and just then open source it as the current state is full of bugs and just a few people would develop it as it is.
Ignore the lack of punctuation, mobile phone.
-
It seems he thinks open sourcing is sort of "setting it free," rather than creating a new development process.
That's exactly the impression I got too.
And to me, this is not the right way to go. It's like saying that open-source will surely kill Soldat, so it's best to leave it till Soldat is already dead. That's not necessarily true. There are many good sides to open sourcing, and it's very possible that Soldat will become a whole lot better. Soldat has many fans, and I'm sure Soldat has more "good" programmers on its side than hackers.
Besides, this interview is old, and it seems MM didn't even realize that he'll leave development to someone else (EnEsCe). He doesn't even seem to care much about Soldat anymore, and Enesce hates open-source (or even just having multiple people working on the game) with passion.
-
So let's make e-survey about open sourcing soldat and show the results to MM. If we'll find enough people he will agree to it.
Evil solution: Let's spam his inbox. :)
-
So let's make e-survey about open sourcing soldat and show the results to MM. If we'll find enough people he will agree to it.
Evil solution: Let's spam his inbox. :)
I doubt MM will listen to an opinion of random forumers even if 99% say "Yes". What really matters here is the opinion of experienced game developers who already had to deal with open-sourcing a game.
-
[quote author=Wookash link=topic=37839.msg460177#msg460177
I doubt MM will listen to an opinion of random forumers even if 99% say "Yes". What really matters here is the opinion of experienced game developers who already had to deal with open-sourcing a game.
Soldat is kinda non-democratic, but due MM's lack of something, Soldat means 2/3 of community source. I mean, MM/eC do the code, and community ppl do the WM and maps.
But its true, as long Soldat give few bucks to MM and he dont care himself for this game, he dont give a shit, same eC.
-
"Forking projects into separate ones is frowned upon in the open source community unless the project is no longer being maintained or some other pressing reason." <-- what are you talking about? It is not frowned upon at all
More importantly, how would they (MM/eC) keep people from developing and building their own client or server? Like a server that gives certain players extra HP or special <something>? I'm a huge proponent of open-source but I really can't see this working well. It is a game that was never designed to be open-source and I see it being vulnerable to a whole host of issues because I can't think of a way to control what people do with the source code.
-
Ehh, it was discussed dozens of times before. The best solution would be to enlarge soldat's developing staff from "OneManArmy" to collaborative group. (I don't know if it's a proper adjective - I'm getting more and more dumb.)
-
"Forking projects into separate ones is frowned upon in the open source community unless the project is no longer being maintained or some other pressing reason." <-- what are you talking about? It is not frowned upon at all
It is if not done properly (if name of the modified version is same as the original, for example). I've seen something like that before - a program with exactly the same name, but very different versions of it.
But if the name clearly states that it's some sort of mod - that should be fine.
More importantly, how would they (MM/eC) keep people from developing and building their own client or server? I'm a huge proponent of open-source but I really can't see this working well. It is a game that was never designed to be open-source and I see it being vulnerable to a whole host of issues because I can't think of a way to control what people do with the source code.
There doesn't have to be a complete control over everything. Control over the "official" server and client should be enough.
For example, there are tons of mods for Half-Life, Unreal Tournament and other games, but most of those mods exist separately from the main game (take Half-Life and Counter-Strike as an example).
If a game is open-source - there's still a place for closed-source security elements, server and client verifiers and such. These could be used to have some control over modified versions of clients and servers.
Like a server that gives certain players extra HP or special <something>?
can't you already do that with scripting? ;O
-
"Forking projects into separate ones is frowned upon in the open source community unless the project is no longer being maintained or some other pressing reason." <-- what are you talking about? It is not frowned upon at all
"There is a strong social pressure against forking projects. It does not happen except under plea of dire necessity, with much public self-justification, and requires re-naming." - ESR
More importantly, how would they (MM/eC) keep people from developing and building their own client or server?
You don't. It's open source.
It is a game that was never designed to be open-source and I see it being vulnerable to a whole host of issues
There's no issue that can't be fixed, given enough time.
because I can't think of a way to control what people do with the source code.
GPL to keep any derivatives open-source; the pressure of keeping the developer and user community together to keep people working on the main branch; the ability of the upstream people to decide what does or doesn't go in the final build. I don't know why this strategy would work for 99% of other open-source projects and not here.
-
Veritas, but you're ignoring the underlying point of my post:
How do you keep people from creating clients and servers which give them unfair advantages?
-
i think its very true. Even if Soldat grew from nothing for a almost playable nice game, itself structure is not coded to be "standard" and allow other ppl understand.
Like, openSoldat, will be coded to be opensource from the very start. So if Soldat become nice to play after some releases, oS will be even greater after some feedback. Just need a kick to things start on roll.
-
Yes, I 100% support the openSoldat project and will do anything I can to help them succeed.
-
How do you keep people from creating clients and servers which give them unfair advantages?
I know this question wasn't for me, but:
If a game is open-source - there's still a place for closed-source security elements, server and client verifiers and such.
You can't keep people from creating such things, but you can prevent their use in public if we have a closed-source anti-cheat (BattlEye?) for both client and server if necessary.
-
How do you keep people from creating clients and servers which give them unfair advantages?
Anti-cheat measures, same as any other game? Closed source doesn't prevent them from doing this in the first place, and while open sourcing the code does make development of hacks easier, it also makes developing good security measures easier as well.
itself structure is not coded to be "standard" and allow other ppl understand.
If this was true, the game wouldn't have been handed over to eC. Since he can make the transition to developer, there's no reason others can't do the same and make it easier for others to follow in their footsteps.
Like, openSoldat, will be coded to be opensource from the very start. So if Soldat become nice to play after some releases, oS will be even greater after some feedback. Just need a kick to things start on roll.
oS has been going for awhile now, and hasn't seem to built any momentum. Soldat proper has the momentum needed to get development done.
-
If BattlEye can successfully prevent or at least alert clients and servers when a non-default binary is being used, then I guess that'd be ok. I guess my faith in being able to reliably catch and report these is not all that high.
All other things being equal, I'd rather see a completely open-source project like openSoldat succeed than Soldat be open-sourced at the risk of destroying it.
-
Keep certain core components secret or somehow encrypted (like BattlEye's integration itself), so that no one except the official development team can actually build it. That way, people can still make contributions to the code, but the only thing you'd have to worry about then is possible forks that would probably be very unplayable because it's missing things the official version isn't.
-
If BattlEye can successfully prevent or at least alert clients and servers when a non-default binary is being used, then I guess that'd be ok. I guess my faith in being able to reliably catch and report these is not all that high.
I don't think anyone is suggesting that binary validation be the primary check to make sure things are legit, because that's pretty easily faked.
-
If BattlEye can successfully prevent or at least alert clients and servers when a non-default binary is being used, then I guess that'd be ok. I guess my faith in being able to reliably catch and report these is not all that high.
I don't think anyone is suggesting that binary validation be the primary check to make sure things are legit, because that's pretty easily faked.
How easy is faking the checksum of a binary?
-
How easy is faking the checksum of a binary?
It depends. If we're talking about client-server communication: At some point the client says, "Hey server, the hash of my binary is: sha-1(soldat.exe)." You can easily change this to send a precomputed hash of a valid soldat.exe, rather than the hashing functions result. There are tricks you can play to make things harder to fake, but it's one place that being open-source makes things difficult to hide.
For something like BE hashing the client: This is harder, but still doable. For instance, patch the DLL that handles the hashing function to something like this:
string sha1(string filename){
if(filename.equals("soldat.exe"))
return "abc123"
[calculate as before]
}
-
If BattlEye can successfully prevent or at least alert clients and servers when a non-default binary is being used, then I guess that'd be ok. I guess my faith in being able to reliably catch and report these is not all that high.
I don't think anyone is suggesting that binary validation be the primary check to make sure things are legit, because that's pretty easily faked.
Right, I agree. So I'm asking you how else it would be accomplished
-
If BattlEye can successfully prevent or at least alert clients and servers when a non-default binary is being used, then I guess that'd be ok. I guess my faith in being able to reliably catch and report these is not all that high.
I don't think anyone is suggesting that binary validation be the primary check to make sure things are legit, because that's pretty easily faked.
Right, I agree. So I'm asking you how else it would be accomplished
Server validation of what the client is sending (e.g. if the client is saying he has +30 health, something is wrong here), continued BE integration to detect memory hooks, and active developers fixing exploits.
-
Right, and that's how Soldat should have been written from the start (which it isn't, which is one of my reasons for not open-sourcing it).
What about preventing other modifications being modded in client-side that improve the player's experience unfairly?
Also, largely I've been talking about making server side modifications. What you said is great and all, but what keeps someone from modifying the server source code such that it allows modified clients from a particular IP address or client, or gives certain players unfair advantages?
-
Right, and that's how Soldat should have been written from the start (which it isn't, which is one of my reasons for not open-sourcing it).
I understand that reasoning, the problem is what you have right now is simply security by obscurity (which isn't really secure at all). I would have no problems if Soldat was phased into open source: have a couple of developers join in, fix the obvious exploits, and continue to open up the code.
What about preventing other modifications being modded in client-side that improve the player's experience unfairly?
My assumption is what BE does is monitor memory hooks, and this would continue to be necessary. I believe that PunkBuster plays a similar role with Quake 3 (which is open source).
Also, largely I've been talking about making server side modifications. What you said is great and all, but what keeps someone from modifying the server source code such that it allows modified clients from a particular IP address or client, or gives certain players unfair advantages?
Can't you already do that with server side scripting? And I'm certain you could do that without scripting by editing the binary.
-
Right, I agree on all points.
However
1) servers indicate when scripting is enabled, so at least an end player will know when it is possible that something is being done
2) This would pretty much bring an end to tournament play as we know it since we would no longer be able to trust any server binary anywhere. at all. Unless you can come up with a means for the clients to know that the server binary is trusted/verified. Yes, in *theory* this could be done with modding the server binary now, but open-sourcing it would make it infinitely easier and infinitely increase the number of ways in which the server binary could be added (and increase the complexity of the evil things that can be done, instead of just nulling out parts of the binary or making simple changes)
-
1) servers indicate when scripting is enabled, so at least an end player will know when it is possible that something is being done
I doubt anyone checks this unless they're doing SCTFL, but true.
2) This would pretty much bring an end to tournament play as we know it since we would no longer be able to trust any server binary anywhere. at all.
Dude, what?
I've done a lot of competitive play. I can't speak for Euros and their servers, but almost all of all the matches I've played against other NA guys have been on either U13, fracs, or nasoldat. Those are all places I can trust to put up a good server binary, and I expect the same for any other dedicated server provider -- which is where 99% of tournament play occurs.
Yes, in *theory* this could be done with modding the server binary now, but open-sourcing it would make it infinitely easier and infinitely increase the number of ways in which the server binary could be added (and increase the complexity of the evil things that can be done, instead of just nulling out parts of the binary or making simple changes)
It wouldn't actually increase the number of things you could do, but yes, it would make it easier. It's a question of tradeoffs, and in my opinion the benefit outweighs the possible downfalls.
-
Here are my opinions, they are gradually changing so I update them:
zOMG HACKING EVERYWHERE
Quake 2 and Quake 3 are examples of multiplayer working with opensource. It is not easy but there are people that take care of the hacking aspect. Go play Q2 now and see how they do it. Last time I checked they had a tool which you had to run parallel to Q2 which checked for the binary version.
There will then be a billion slightly different Soldats, right??
I think at most 3 versions. That's how usually it happens with opensource. How many Mozilla projects can you name?
Won't this mean no registration, and therefore no money for MM?
This is an issue. The only solution I see is making a new license model where everyone using the code agrees to not change registration options and banners. The code would have to be left intact. At the same time I would agree to donate a percentage of the money for Soldat related things like website & lobby hosting.
-
Do you have any plans for open-sourcing Soldat, or is it still just a "at some point in the future this may happen" sort of deal?
-
I was once opposed to open-sourcing Soldat, but at the time didn't understand much in the name of programming and networking. Now I'm for it, but because it is a complex project and there is a lot to keep in check and organized, my solution would be to:
1) Open it up only to about 10 to 20 trusted individuals first. People/programmers you know who only want to positively contribute to the game and could be trusted in keeping the source to themselves. The task would be to cover any loose ends, clean up what needs to be cleaned up and make sure everything is organized.
2)Then, gradually make it more open, until the project is fully open and there are enough who are working with the code that can protect it and keep measures in place to help reduce/eliminate hacking, just like with Q2, Q3.
3)Optional but very favorable - return the project to the state it was in version 1.2.1, however with all the bugfixes/improved code. Get rid of the new poly types... they can be part of 1 of the few Soldat alternative projects. Keep the exploding headshot though... I like that one.
-
1) Open it up only to about 10 to 20 trusted individuals first.
He won't find that many. Neither 5.
2)Then, gradually make it more open, until the project is fully open and there are enough who are working with the code
The individuals from the first step are "enough". Imo it makes no sense to have too many developers for such a tiny game. It just becomes unorganized and messy.
3)return the project to the state it was in version 1.2.1, however with all the bugfixes/improved code.
You're funny. That's impossible.
at the time didn't understand much in the name of programming and networking.
Seems like you still don't. Face the truth.
-
2)Then, gradually make it more open, until the project is fully open and there are enough who are working with the code
The individuals from the first step are "enough". Imo it makes no sense to have too many developers for such a tiny game. It just becomes unorganized and messy.
It becomes disorganized and messy if and only if the core team is disorganized and messy. Even smaller (and neither of us have any idea how big the codebase is) projects are scalable.
Seems like you still don't. Face the truth.
Interesting how you can be a judge of that with a short post on the internet! :I
-
2)Then, gradually make it more open, until the project is fully open and there are enough who are working with the code
The individuals from the first step are "enough". Imo it makes no sense to have too many developers for such a tiny game. It just becomes unorganized and messy.
It becomes disorganized and messy if and only if the core team is disorganized and messy. Even smaller (and neither of us have any idea how big the codebase is) projects are scalable.
If soldat becomes open source we might attract people who are not playing soldat at the moment. Open source seems to be quite hot at the moment. We as a soldat community don't have enough coding power to make a new/better soldat.
The whole idea of making it open source would be attracting a group of (semi-)professional coders to code in their spare time. (to fix some bugs and recheck the code)
I mean, ~99.95% of the soldat community is not able to help with coding soldat.
-
1) Open it up only to about 10 to 20 trusted individuals first.
He won't find that many. Neither 5.
You won't know until you try. I can say for sure that at least one person would be interested... me! :D
-
1) Open it up only to about 10 to 20 trusted individuals first.
He won't find that many. Neither 5.
You won't know until you try. I can say for sure that at least one person would be interested... me! :D
there is already an opensource soldat project and lots of ppl showed interest for it however not many have done anything except showing interest.
-
Just make Soldat in Ad-Aware... Advertisments for MM and hosting this forum etc...
-
there is already an opensource soldat project and lots of ppl showed interest for it however not many have done anything except showing interest.
I know that, zakath, I haven't been living under a rock. Really, though, that project doesn't interest me because it's starting with no code base. I want to help improve the current game instead of remaking it.
Just make Soldat in Ad-Aware... Advertisments for MM and hosting this forum etc...
He already has... but what does that have to do with open sourcing Soldat?
-
Just make Soldat in Ad-Aware... Advertisments for MM and hosting this forum etc...
He already has... but what does that have to do with open sourcing Soldat?
Sounds like he thinks "make Soldat open-source" just means "make Soldat free to everyone"
-
Seems like you still don't. Face the truth.
??? Am I supposed to laugh at you?
-
Just make Soldat in Ad-Aware... Advertisments for MM and hosting this forum etc...
Sorry, I was going to tell: Adware ::)
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware[citation needed] and can be classified as privacy-invasive software.
-
I know what adware is. I just don't understand what it has to do with open sourcing Soldat.
-
Let they make Open-Source Soldat with advertisments for MM...
-
Oh, are you answering MM's concern?
I think he wants a registration component in Soldat regardless of whether he keeps it to himself or makes it open sourced. And he's already advertising a lot anyway, so your suggestion doesn't really bring anything new to the table, I think.
-
Oh, are you answering MM's concern?
I think he wants a registration component in Soldat regardless of whether he keeps it to himself or makes it open sourced. And he's already advertising a lot anyway, so your suggestion doesn't really bring anything new to the table, I think.
Maybe, but last time this forum have got troubles about host... So MM've added advertisments...
-
I know I am bumping an old topic.
Just funny to mention it took seven years to bring us to 1st quarter of 2018.
-
I know I am bumping an old topic.
Just funny to mention it took seven years to bring us to 1st quarter of 2018.
Soldat, these people, these forums, and this situation have been around a very long time.