Open-sourcing Soldat Dedicated Server

[Polifen]

Hey, I've already asked Shoozza about that, but he said it's MM's decision, as we all know MM doesn't care too much, so we need to show our opinion to have at least small chance. Some facts:
- It's bugged, script core is causing a lot of problems, mostly with big scripts, or servers with big amount of scripts.
- Also SDS has an hole ( one well known ) to crash server in less than 30 seconds.
- If devs gonna take care about both client and server we won't see big changes to in next 10 years.
- Soldat has a lot of talented scripters, who will be able to at least understand the code and hopefully find the source of bugs ( so someone who knows Delphi will be able to fix it ).
- If someone will change something that shouldn't be changed ( some server-side hacking ) people won't join the server, it's not a problem for players.


I wrote even more at school, but the connection died and I lost everything. If you'd like to add something just post it, I'll update the most, so we will be able to show MM all info in one list.

[Furai]

Wasn't SDS using some commercial libraries and thus it cannot be opensourced?

[Monsteri]

I don't think it should be open-sourced for all people here, maybe it could be given for some people, who can script, and they could do the thing?

[Polifen]

But why not? It does no harm to normal players. They could just don't play on modified server if it's not working properly.

[KYnetiK]

On a security standpoint, I would say no. If there are commercial aspects in play, its a def no-no. I see where youre coming from though.

[Polifen]

What's the problem of security? If we're gonna have 30 ppl looking in the code to fix holes and 1 looking to find a hole to abuse, there is no danger at all.

[jrgp]

I don't think this is happening any time soon. Open sourcing only the server (and not the client) would be moot since the netcode is closed source and impossible to debug without having access to both codebases.

- If devs gonna take care about both client and server we won't see big changes to in next 10 years.

Not true at all. At the rate they're going right now, it'll be perfect within the next few releases or so, which shouldn't take anywhere near as long as ec/MM took to release.

[KYnetiK]

yeah...now multiply those numbers by a 100 and you have an issue.

There's more than 31 people in the world who have the internet and like math. Open Source is a two-way street. Just because there's more traffic in one lane doesn't mean traffic in the other lane doesn't have roof-mounted artillery. OSing means that not only can people find holes to fix/exploit, they can create them too. Dont ever think for one second that a hacker has no guile.

If everyone has the freedom to see the program, everyone has the freedom to exploit that program. Believe it or not, 1 intuitive person can impact many. Your argument is like saying that because there are 30 police officers with pistols by their sides that one maniac with home-made C4 is not an issue. 3000 officers and 100 maniacs with C4 doesnt improve the situation.

I know it sounds overly paranoid, but its a valid issue. Soldat has always been a popular choice for hackers-in-training, and I think its safer not to give them inspiration to stick around. jgrp makes a good point that only half of the code is even a part of the server. If the server was OSed, it wouldnt take long for posts like these to promote OSing the client netcode also, and then everyone will be really worried about security.

[JotEmI]

I for one would love to have opensource SDS, but for reasons mentioned above I still think this would be bad idea. I'd rather have one or two guys from the Dev team to focus only on developing SDS, while the rest continue to work on client. For me, SDS is all I care now. I don't play Soldat any more, I just host servers and write scripts so fixing all those client bugs is not that important to me. But that's just my opinion and I know that majority of players are more concerned with getting bugs free client as soon as possible rather then adding new features to the server. I just hope I don't have to wait years for new ScriptCore

[Polifen]

Looking at what people say forces me too give up, even when imo it's way better to OS it, "Making holes" is not an argument, cuz it's hoster who choose binaries to use. There would still be one SDS on Soldat's page, probably the one we're using atm and maybe after some weeks/months the users made could become the official way. I've read an opinion that SDS should be completely remade, that's true, but we can't do it now. With open source we'd be able to write it from scratch ( maybe rewrite it in C++? ). Finding holes is way harder if you're just looking to crash the server, but if you know that there is hole in admin connection protocol ( there is ) and there are a lot of people looking for it, I'm sure we'd find it.

@JotEmI, that's why we have a Dev Team for client - that's their job. People who doesn't know anything about programming and just want to play have some people who work on the game. And we as people who care about SDS more could improve it - we WANT to do it,

[Clawbug]

Open sourcing it won't help at all really in the long run. No one else is going to commit any real changes than the official developers, despite the situation. Rewriting it would be such a major task that it's not a feasible solution at all, unless there are going to be a major overhaul to the protocol, which would then require large parts of the networking to be rewritten on the client. Never going to happen.

Security holes are found by disassembling and reverse engineering, not by looking at the source code. While having the source code in hand could be handy, most security holes are not so obvious at all that a dev would spot them if not already knowing their presence in certain code region.