Jump to content
Shenna

The future of Legacy, starts now!

Recommended Posts

after all, you know... its all about github stars^^

ty for finally making the nost promise come true

and for the db leak stuff... entforce password reset for everybody + preventing picking the old password again should be pretty effective... And please, i saw some of the leaked code... remove the french comments :S

Edited by ruohki

Share this post


Link to post
Share on other sites

Most of you tin foil hat children seem to forget that Nost had already planned to make the core open-sourced. 

LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLO

Share this post


Link to post
Share on other sites
2 hours ago, TheHappyCatsTail said:

except they changed their minds. you seem to be rather ignorant. lol

Only because Blizzard strong-armed their whole team.

Share this post


Link to post
Share on other sites
On 28.02.2017 at 10:40 PM, Gyaq said:

It's fun reading what non-programmers think will happen. If open source was so insecure then Linux servers would have died off long ago. Not to mention all the security tools, networking tools or the thousands of other projects in the financial space.

Just relax people, the sky is not falling.  

just quoting this again for the lulz

seems we pesimistic doomsayers have more touch with reality than you leet programmers

i can feel the server improving already due to core and db being leak.. I'm mean being released to the public to continue as an open-source project.

Share this post


Link to post
Share on other sites
5 hours ago, alkovirus said:

just quoting this again for the lulz

seems we pesimistic doomsayers have more touch with reality than you leet programmers

i can feel the server improving already due to core and db being leak.. I'm mean being released to the public to continue as an open-source project.

Security through obfuscation is not security.

Share this post


Link to post
Share on other sites
On ‎2‎/‎28‎/‎2017 at 9:05 AM, Shenna said:

The official repository is going to be ready later this week.

There is a link to a repository? I can barely contain my excitement ^.^

<3 Elysium team!

Share this post


Link to post
Share on other sites
On 2/28/2017 at 2:13 PM, alkovirus said:

how long has linux been open source project, how long is nostalrius core in open source? see the difference bro? it's all about time perspective.

look i get it - all of you white knights, who don't want the server to collapse happen to be expert programmers and you say it will be fine cos open source projects are TEH SHIT!!!

like i said before - it's all about time perspective. elysium doesn't have enough time, but the future private servers will surely profit.

get over it.

Actually its not about perspective. All open source projects started somewhere. There are many of us that are chomping at the bit to dig in to the code. I haven't worked in C or C++ in 15+ years but it should be fun to dig in there and see if I can help out in some way. Might be fun to return to C++ time will tell. 

As for all the white knight expert programmers, no clue. I'm not a game programmer, I build business applications for a living. Nah, not an expert but not clueless either.

Trust the people with the experience, that's what their here for. 

Share this post


Link to post
Share on other sites
4 hours ago, Honeyhash said:

Get ready for tons of pull requests :D

 

1 hour ago, Gyaq said:

Actually its not about perspective. All open source projects started somewhere. There are many of us that are chomping at the bit to dig in to the code. I haven't worked in C or C++ in 15+ years but it should be fun to dig in there and see if I can help out in some way. Might be fun to return to C++ time will tell. 

As for all the white knight expert programmers, no clue. I'm not a game programmer, I build business applications for a living. Nah, not an expert but not clueless either.

Trust the people with the experience, that's what they're here for. 

When I hear things like this I get all warm and fuzzy inside. 

Share this post


Link to post
Share on other sites
8 hours ago, Gyaq said:

Actually its not about perspective. All open source projects started somewhere. There are many of us that are chomping at the bit to dig in to the code. I haven't worked in C or C++ in 15+ years but it should be fun to dig in there and see if I can help out in some way. Might be fun to return to C++ time will tell. 

As for all the white knight expert programmers, no clue. I'm not a game programmer, I build business applications for a living. Nah, not an expert but not clueless either.

Trust the people with the experience, that's what their here for. 

With an argument as lame as "All open source projects started somewhere" I doubt you're convincing anybody. When it comes to experience Elysium took some serious damage even before the leak. Now there's hacker at Elysium headquarters supposedly running around with database dumps and they won't even talk to us about it. You're propagating for blind faith just like Shenna did for Vitaliy.

Share this post


Link to post
Share on other sites
On 3/7/2017 at 1:58 AM, Wirt said:

Now there's hacker at Elysium headquarters supposedly running around with database dumps and they won't even talk to us about it. You're propagating for blind faith just like Shenna did for Vitaliy.

Where is Elysium Headquarters? I want a tour!

Do you even understand what is contained in the ManGOS database? It's the spawn points, loot tables, etc. that make the game work. 99% of this information is already available at the ManGOS Zero project and on sites like http://db.vanillagaming.org .

The only sensitive information in any database are the hashed passwords of the game accounts. Looking at the ManGOS realmd sources they are hashed using SHA1. This is an issue as it would cost only a few hundred dollars to brute force every account password in the database using modern distributed GPU processing.

Something you should be excited about is software engineering professionals like @HudsonHawk and myself who understand this stuff and want to patch it for the team.

Share this post


Link to post
Share on other sites
2 hours ago, qbradq said:

Where is Elysium Headquarters? I want a tour!

Do you even understand what is contained in the ManGOS database? It's the spawn points, loot tables, etc. that make the game work. 99% of this information is already available at the ManGOS Zero project and on sites like http://db.vanillagaming.org .

The only sensitive information in any database are the hashed passwords of the game accounts. Looking at the ManGOS realmd sources they are hashed using SHA1. This is an issue as it would cost only a few hundred dollars to brute force every account password in the database using modern distributed GPU processing.

Something you should be excited about is software engineering professionals like @HudsonHawk and myself who understand this stuff and want to patch it for the team.

I've been wondering how so many people had their pws stolen the last 2 months.  Considering the profit that hackers have been getting for this I wonder if that was done on purpose.  They setup a weak security system then say it's your responsibility to setup a 2nd password without telling you why and that if you got hacked its your fault when they full well know it wasn't.

Share this post


Link to post
Share on other sites
11 minutes ago, Hurricane2 said:

I've been wondering how so many people had their pws stolen the last 2 months.  Considering the profit that hackers have been getting for this I wonder if that was done on purpose.  They setup a weak security system then say it's your responsibility to setup a 2nd password without telling you why and that if you got hacked its your fault when they full well know it wasn't.

The "weak security system" is the same as most WoW private servers. SHA1 is the hash algorithm built into the ManGOS server. If there was some conspiracy to compromise accounts to sell their stuff someone with direct access to the database wouldn't bother spending hundreds of dollars on compute time to brute force the password hashes. They would just reset the account password to a known hash and log in.

You are noticing a lot more compromised accounts since February because there are a lot more accounts since February. And it's only been since then that this place is worth an attacker's time. With great population comes a black market. Retail games have the same issues, as do sites like Etc. Your account is your responsibility. No one else can make sure you have a good password that isn't used at 100 other sites. No one can force you to use 2FA.

Final note: The "weak security system" was the industry standard when the ManGOS project started. It just needs an update.

Edited by qbradq

Share this post


Link to post
Share on other sites

Considering the amount of people getting their pws hijacked there's more going on than just weak/reused pws.  I played online poker for 13 years and virtually no one (out of millions of accounts) had their accounts compromised.  Hackers would have way more incentive to go after poker accounts due to the sheer volume and $ amounts yet such things did not happen.  All you needed to log in was an account name and p.w.  There was no ip lock or 2fa.  

Share this post


Link to post
Share on other sites
1 hour ago, qbradq said:

Final note: The "weak security system" was the industry standard when the ManGOS project started. It just needs an update.

Second this. But with 2FA it really shouldn't be high on the todo list.

Share this post


Link to post
Share on other sites

Is it true the developers/admins dont care if a player rips off another. If so, is there no penalty for ripping off each and scumming up the community?

Share this post


Link to post
Share on other sites

I can't stop laughing at those saying they're experts that could reverse a SHA-1 hash and get all the passwords from the database for a few hundred bucks. I hope you realize how ridiculous you are. Most french engineers spend at least 2 years in preparatory classes after highschool, thus getting a huge skill in maths (unlike any other country in the world, and this is basically 100% the same studies done by 100% of french mathematicians who earned the fields medal, thus french engineers are made, at first, like mathematicians), before spending another 3 years in what we call elite engineering schools. So please refrain to misinform people here when you non-french engineer wouldn't even be able to prove that the product of N matrices of M_N(R) that are nilpotent and commute with one another equals zero , and you  probably wouldn't even be able to solve basic attacks on basic encryption/hashing algorithms. A database leak would be dangerous for many users, but the probability that it hits you is very low and there's absolutely no way you could reverse all the passwords from the database, at least for now, since Google just recently managed the first-ever successful SHA-1 collision attack.

 

Anyway, I can't wait for the core and the database to see all the fixes and to contribute back myself. This is the only move that would allow the legacy community to prevail literally for ever. And for those that are ignorant, providing the database means an empty characters/users database and involves ZERO risks for the server. The only issue I see with the release is if Elysium has an anti-cheat system, I would suggest to get rid of it in the release and keep it for yourselves.

Share this post


Link to post
Share on other sites

excuse me im just aking for info: what about zeth kur? if it stays like this will beome a dead server. are you planning to merge it with elysium should his pop fail down?

Share this post


Link to post
Share on other sites
3 hours ago, FrenchElite said:

I can't stop laughing at those saying they're experts that could reverse a SHA-1 hash and get all the passwords from the database for a few hundred bucks. I hope you realize how ridiculous you are. Most french engineers spend at least 2 years in preparatory classes after highschool, thus getting a huge skill in maths (unlike any other country in the world, and this is basically 100% the same studies done by 100% of french mathematicians who earned the fields medal, thus french engineers are made, at first, like mathematicians), before spending another 3 years in what we call elite engineering schools. So please refrain to misinform people here when you non-french engineer wouldn't even be able to prove that the product of N matrices of M_N(R) that are nilpotent and commute with one another equals zero , and you  probably wouldn't even be able to solve basic attacks on basic encryption/hashing algorithms. A database leak would be dangerous for many users, but the probability that it hits you is very low and there's absolutely no way you could reverse all the passwords from the database, at least for now, since Google just recently managed the first-ever successful SHA-1 collision attack.

 

Anyway, I can't wait for the core and the database to see all the fixes and to contribute back myself. This is the only move that would allow the legacy community to prevail literally for ever. And for those that are ignorant, providing the database means an empty characters/users database and involves ZERO risks for the server. The only issue I see with the release is if Elysium has an anti-cheat system, I would suggest to get rid of it in the release and keep it for yourselves.

I'm guessing this was intended to be humorous? In case anyone was confused by this, the SHA1 bruteforce attack for a known hash and a password length of 8 costs about ten US cents on average if you rent time on Amazon's EC2/P2 GPU computing instances. No collision attack necessary. This cost can be drastically lowered by using your own hardware or subletting idle cycles. This is why most major companies have switched to using SHA2 since last July.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×