Aug 19, 2010, 01:11 PM | |
Just to avoid doing something stupid
Let's say I want to upload to J2O a program that scans for the valid passwords of a J2L file. Is someone among the admins going to get angry?
I know there are much easier ways to force the opening of a passworded level file, but apart from how useful it would be, it's a sort of personal challenge. But I don't want to have/cause problems with the license or anyway that kind of BAD legal stuff, so I prefer to ask the administrators before doing something perhaps stupid. So?
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti |
Aug 19, 2010, 02:12 PM | |
Go ahead.
__________________
Mystic Legends http://www.mysticlegends.org/ The Price of Admission - Hoarfrost Hollow - Sacrosanct - other - stuff |
Aug 19, 2010, 02:17 PM | |
Yeah!
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti |
Aug 19, 2010, 03:31 PM | |
J2O has never historically supported or endorsed hacking into other people's levels without their consent, and I don't see why we would start now.
|
Aug 20, 2010, 02:12 AM | ||
Quote:
Think of it as an analogy to open/closed source. (Personally I despise the GPL view of "everything must be open source and if you disagree you're a corporate fascist" but there you go) Reworder can re-open levels that were previously broken by the designer, surely that's "worse" than WhiteBlaster's idea?
__________________
Mystic Legends http://www.mysticlegends.org/ The Price of Admission - Hoarfrost Hollow - Sacrosanct - other - stuff |
Aug 20, 2010, 11:21 AM | |
One of the main purposes of my program is to allow a level creator to open his level even if he has forgotten the password, without having to smash the Security Envelope of his level.
If someone really wants to open someone else's passworded level then he doesn't really have to use this program, a hex editor is all you need...
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti |
Aug 20, 2010, 12:35 PM | |
Reworder is respectful and will not open a passworded level unless you know and can type in the password. I spent some time learning from Overlord how passwords worked so that I'd be sure I had that right. The mode you're probably speaking of is explained explicitly as being there not to prevent people from looking at how your level works, but rather to ensure they don't accidentally press Ctrl+R. It's not that kind of security feature.
The thing is, there's no way to give someone a program to bypass passwords and ensure that they only use it on their own levels. Historically (there's that word again), if someone accidentally locks themselves out of their level, they get someone with password-removing tools to help them and demonstrate that it is their own work (usually through the level never having been seen before). Anyone who doesn't believe in passwords is completely free to release their own levels without passwords. But if a level does have a password, that's because its creator wanted it to. We all have the right to want something made by someone else to be "open-source," but not to make it that way if the creator didn't intend it. Would we have to put another message on the J2O upload page warning users that any security they try to install in their levels may be compromised by folks who don't care about the preferences of the people who put the creative work into their files? And that several years down the line, this may happen to them? Now, the original post listed not a program that removes passwords (we're already happy enough not to host TECJCS for that), but one that reads the password hash and comes up with a list of possible matches. This was cited as a personal challenge. That sounds fine -- people might well get a kick out of seeing the random strings that they could conceivably use to edit their own levels -- but they should prove they have the right to see that list by first proving that they do indeed know at least one valid password, presumably the one they input in JCS in the first place. |
Aug 20, 2010, 12:50 PM | |
You're no fun =(
__________________
Yes, I am, in fact, ALWAYS the one to blame for everything. And none of your are full of yourself. Good job. Do you like Stijn? Take my poll! Windows is not a virus. A virus is small and efficient... Note to Stijn: how am i even getting away with this |
Aug 20, 2010, 07:33 PM | |
Meh it hardly matters. Editing out the password using a HEX editor takes about 5 seconds so I don't think this would be that big of a deal
__________________
<a href="http://www.jazz2online.com/J2Ov2/downloads/info.php?levelID=5301">Episode 1 The War begins</a> Epsiode 2:N/A Episode 3: Probably never Episode 4: Probably never <a href="http://www.jazz2online.com/J2Ov2/downloads/info.php?levelID=4882"> Deckstar V3</a> <a href="http://www.jazz2online.com/J2Ov2/downloads/info.php?levelID=5408">Colonial Fix</a> Jazz 1 Fanolint: 98% <a href="http://www.jazz2online.com/J2Ov2/downloads/info.php?levelID=5407">Finished secret levels</a> |
Aug 20, 2010, 08:15 PM | |
You could just say that since there's no point tracking down JJ2 (or any other old game, for that matter) you should just download it. But last time I checked, piracy was illegal. On this specific subject, though, I don't really think it should be uploaded. UR's semi nf example was a good one. You can't say that people would open the level to see the JCS tricks, because there are hardly any new JCS tricks anyway, if you ask me.
__________________
Define 'normal'. |
Aug 20, 2010, 11:16 PM | |
I also would imagine that finding out the password someone uses could be more of an issue than just allowing you to open their levels. I know many people use the same password for most things that need passwords, such as their level, their J2O account, etc, so it's easier to remember. And while I may not care much if someone tries to take credit for my levels, I would really not like having my identity stolen.
__________________
Lexicographer: Someone who writes dictionaries Neophyte: A novice, or newbie Hemisemidemiquaver: In music, a sixty-fourth note Exit Troglobite, Stage Left |
Aug 21, 2010, 03:03 AM | |
Whoa. It looks like everyone used this thread to take down my reputation. Thank you. But that doesn't matter. It's not my fault if the person uses the same password all over again. His/her fault. And remember,the older versions of JCS for the older versions of JJ2 didn't even have the ability to lock the level. There are still other ways to break the password,the admins allow WhiteBlaster to upload this program,so what's the problem?
__________________
Best offlane WR of Soviet Russia! |
Aug 21, 2010, 03:54 AM | |
Given the fact that there are instructions on how to remove passwords from JJ2 levels on this very forum, in addition to links to versions of JCS that allow you to open levels regardless of the password (or at least mentions of it clear enough for anyone wanting to find a way to download them), I don't think allowing a utility like this is a huge stretch.
People may be using the password they use for J2L files for other purposes as well but this utility would not reveal that very password (because it is not stored in the level file), only its CRC32 hash, if I recall correctly, and other text strings with the same hash. This hash is stored plainly in the level file anyway and is easy to look up for anyone in the posession of a hex editor reading the file format documentation on J2O. The only thing this utility would do is making this whole process easier. If J2O has "never historically supported or endorsed hacking into other people's levels" it seems strange that at the same time we provide all information needed for, well, hacking into other people's levels. I personally think the J2L password protection is so trivial and rudimental it is not worth holding off easier ways to bypass it. At the same time providing an instruction manual is obviously not the same thing as providing a tool to do it with one or two mouseclicks. I don't think the difference is big enough to hold off hosting such a tool at J2O though, for reasons stated. Last edited by Stijn; Aug 21, 2010 at 09:40 AM. |
Aug 21, 2010, 05:38 AM |
CrimiClown |
This message has been deleted by CrimiClown.
Reason: whatever
|
Aug 21, 2010, 10:51 AM | ||
Quote:
The JCF is not, nor never has been, J2O. On neither site have links to TECJCS ever been allowed, and on both sites there are mentions, but that's all. The instructions on the JCF, with Neobeo, Grytolle, and Overlord, and whatnot, and are not the clearest in the world. Accuse me of elitism, but I feel that currently, anyone who wants to bypass a password must already have a reason to do so, in order for them to seek out the means, and many people don't really understand hex editors anyway (let alone enough to derive the base text of three characters of a four-character hash on their own). Putting a program on J2O would just open up the whole thing for those who hadn't even thought about it but now find the idea of breaking into other people's work without permission quite appealing. |
Aug 21, 2010, 02:04 PM | |||
Quote:
Quote:
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti |
Aug 21, 2010, 02:45 PM | |
I wouldn't even get interested in this program at all, as it (if I understand its description correctly) only provides me with a seemingly random string of letters and numbers (something I myself don't find very attractive). Something it (luckily) doesn't do, is to find a word that matches the hash. The probability of finding the exact password the creator used would be much larger then, which could lead to breaking into J2O/JCF or other accounts sharing the same password.
But I think we all agree that the J2L passwording mechanism is a failure, now that we know exactly how it works. So I don't think it's such a big deal to upload this program, as we have found other easy ways to break into passworded levels. The only thing it adds is a bunch of uninteresting codes. Though still, there is a reason people decide to lock up their levels. And if we ever get to actually release a 'JCS+' addon/replacement for JCS, I think it would be worth to investigate the possibilities of encrypting J2L files altogether (or at least password them more securely). Level creators opting for this 'secure saving format' will pay for the fact that an unpatched Jazz2 can't play those levels, though. But at least it would provide level creators with a way to protect their babies.
__________________
|
Aug 21, 2010, 11:06 PM | |
You can't upload something to the internet and expect people to not want to crack it. Plain and simple. And even if you don't allow this program up on J2O, it's still going to get around. I know that's a pretty lame excuse.
However, it's not private once it hits the internet. Otherwise, I wouldn't have a copy of 3D Studio Max 2011, now would I? And why does Jazz2Online endorse JJ2+? Obviously it's a violation of many laws including that of decompiling somebody's code or tearing apart a copyright program to figure out mechanisms (I wish I had a citation here). And don't even get me started on program's in the past such as Death Controller... Also, even Project Controller 4 can easily crash any coop server. Also, Forest can be used to open up any trigger as a client. But rather than list off a name of borderline potentially dangerous programs, my point is that of Stijn's. J2O would not be moving that far backwards by allowing such programs. We've already got JJ2 turned into something Epic, compared to what it was before. So why wouldn't we work towards the advancement of j2l and JCS? Obviously, such effort would have to start somewhere with some type of program... ^_^ I'm done ranting, sorry.
__________________
Yes, I am, in fact, ALWAYS the one to blame for everything. And none of your are full of yourself. Good job. Do you like Stijn? Take my poll! Windows is not a virus. A virus is small and efficient... Note to Stijn: how am i even getting away with this |
Aug 21, 2010, 11:43 PM | |
Cough.
How does it "advance" JCS/.j2l files to work further towards removing (the functionality of) a feature? |
Aug 22, 2010, 08:13 AM | |
I already told it, the purpose is to remove the problems connected with the feature, not its functionality (which has already been overridden).
And, another thing, related to what Troglobite said. Today a very basic version of the program became operative. Using this version, anyone trying to hack a password that is longer than 4 characters would probably kill himself before getting to know your original password. Of course I've got to radically renew the interface (at the moment it's only using Message Boxes, try to imagine...) One last thing: remember that if you change the password and fill in "nEobEo GRYToLLE ANd OVerLOrD" the level becomes unpassworded? (If not, see this) I just found out that using "RO= ", "Tsd&", "8RKi" or "-k{s" will work too. They're just shorter.
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti |
Aug 22, 2010, 10:33 AM | ||
Quote:
__________________
Mystic Legends http://www.mysticlegends.org/ The Price of Admission - Hoarfrost Hollow - Sacrosanct - other - stuff |
Aug 23, 2010, 03:45 AM | |
However, I do think that if it was made available it would attract newbies that just edit the level and upload it. If somebody can be bothered searching through the jcf, then chances are they'll realise the utter pointlessness of uploading it. Probably not the best example, but I'm tired.
__________________
Define 'normal'. |
Aug 23, 2010, 04:39 PM | |||
Quote:
Quote:
Agreed, if they wanted it passworded, imo it shold b left passworded, chances are you can ask someone on j2o whod know how to help you without password removing |
Aug 24, 2010, 09:46 AM | |
Excuse me, what?
They're hosted on the same hosting service, they're run by mostly the same people for over nine years now, the rules are identical (common sense), quality control levels are the same. Everything on J2O that warrants discussion is discussed here, in threads such as this, the recent layout discussion thread, and in the two J2O admin subforums as you know. Seeing J2O and JCF as split, separate entities makes no sense, because even if they don't necessarily attract the same people, they still stand united the main hub of the Jazz Jackrabbit community. If the guidelines to removing a level's password haven't been removed from the JCF for four years now, and it's unlikely that they will be removed in the future, it makes little sense to prohibit WhiteBlaster from uploading his program to J2O once it's ready. Your analogy may as well say that "Firefox is not, nor never has been, Netscape".
__________________
Mystic Legends http://www.mysticlegends.org/ The Price of Admission - Hoarfrost Hollow - Sacrosanct - other - stuff |
Aug 24, 2010, 11:20 AM | ||
Quote:
We're opening up one door at a time. And yes, reworded is a decent program. However it's just one brick. Or would you like to just create a monopoly? Not let any other programmers in. Blur did that too when he implemented music downloading, ruined the whole purpose of JJM. idgaf about my reputation because my point stands clear that we need to encourage these types of coders and this form of pro-creating or we're not going to go ANYWHERE, clear? In fact, it would just piss off members and cause us to LOSE people. If he does a decent job on this, perhaps he could play a part in the next version of reworder, or whichever other program you have in mind. If you keep his program off J2O anyways, is there any assurance whatsoever that community members won't get a hold of it? Or why not just upload it to JCF since it's a separate entity and keep it off J2O?
__________________
Yes, I am, in fact, ALWAYS the one to blame for everything. And none of your are full of yourself. Good job. Do you like Stijn? Take my poll! Windows is not a virus. A virus is small and efficient... Note to Stijn: how am i even getting away with this |
Aug 24, 2010, 09:33 PM | |
Look, the main question is wether the admins will allow the program on j2o. Now, I don't quite understand what their opinion is (mixed, it seems). For that matter, I haven't really noticed who is an admin on j2o and who isn't. There hasn't been an agreed answer to the question yet, as far as I'm concerned. I agree with dermo that they'll just get a hold of the program anyway, but in the end it's up to the admins.
__________________
Define 'normal'. |
Aug 25, 2010, 02:10 AM | ||||||||||||
http://www.jazz2online.com/j3f
http://www.jazz2online.com/jcsref http://www.jazz2online.com/tilesets http://www.jazz2online.com/jdc Much like nagcentral once did, the Jazz 2 Online webserver hosts a number of other sites, presumably in part to lessen the chances of their going down without warning when their maintainers abandon them. Quote:
http://www.jazz2online.com/user/inde...0000&contains= There are a lot of different names in those lists. And you know, the ones that are the same? Not very active anymore. Quote:
http://www.jazz2online.com/node.php?title=j2oRules Granted, there's a lot of similarity. But note also that many of these rules are direct extensions of the policies of the hosting company, and that the same would apply to JCSref, JDC, Haze's Hideout, and many other sites that allow user interactivity in some form. Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
To the point that discouraging this program will discourage people in general from wanting to make tools: nonsense. Earlier in this thread I suggested a modification to the proposed program, one which would even make it (very slightly) more personally challenging to code: have it only display alternate passwords for the level if you can first prove that you know one of them. That's still just as much of a challenge for WhiteBlaster to code, has the same basic purpose, and it completely gets rid of the possibility of breaking into other people's levels without their consent. Here's a review I wrote recently in which I again encourage someone to add more functionality in order to make a more useful program. More programmers is good, but their programs should be useful ones that give us new powers, rather than taking away old ones. I would much rather support someone who edited the Home Cooked Levels episode to include more than 256 files than someone who just removed it entirely. Quote:
Look, here's what I don't get about this discussion. Everyone who's supporting the program seems basically to be making one point (and if someone's made a different point and I missed it, I apologize): it wouldn't be too much of a bad thing, because it's already possible to get around passwords. First, it seems to me that this argument admits that getting around passwords is inherently a bad thing, but argues that it's a war that's already been lost. Second, no one has pointed out any actual good (rather than limited bad) that would come out of this program. Third, just because it's already possible, doesn't mean it's the easiest thing in the world, either to do or to find. And the very fact that it's somewhat difficult suggests that some people probably won't end up doing it. If it's made easier, then not improbably, more people would do it than would otherwise. And for the JCS user who wants to use a password to protect their level, a possible world hosting a smaller number of people who may potentially ignore their wishes is preferable to a world hosting a larger such number. And since there are still other programming challenges available for WhiteBlaster and the rest of the community, it seems to me that making the world better -- or at least, not making it worse -- for that poor JCS user is the right thing to do. Quote:
|
Aug 25, 2010, 04:34 AM | |
I think that for all intents and purposes the JCF is a part of J2O, not a separate site hosted on the same domain. It's linked to like any other site section on J2O, it shares most of its staff (in the sense that apart from Torkell, active JCF staff is also J2O staff), it is the primary place to discuss J2O itself (in this forum) and even the default layout is largely similar. I suppose the fact that they have distinct userbases and aren't integrated is more for historical and technical reasons than because the sites are not connected.
|
Aug 25, 2010, 04:55 AM | |
Oh, and the JCF admin list really doesn't say much. When the JMMB closed, pretty much all admins there were also made admins at the JCF, but part of those people have never even used their admin powers (or even visited the JCF much), and all of those have not been active in a very long time.
In practice, the JCF staff now consists of Torkell, FQuist and me, and the active J2O staff is BlurredD, EvilMike, Violet, cooba, FQuist and me. Bobby is occasionally active on both. So apart from Torkell the JCF staff is a subset of the J2O team. Besides, if the JCF is a regarded as a subsection of J2O, it wouldn't necessarily be strange for both to be run by different people; after all, even on J2O there are certain people running certain parts of the site (we've had Download Moderators, for example, and I originally started as a maintainer of the wiki; not to mention those who keep track of the featured downloads). So I don't think comparing the staff listings says all that much; they're outdated, and even if they were different that wouldn't necessarily mean anything. What does, in my opinion, mean something is that J2O and JCF share most of their active users, that the JCF serves as a forum to discuss stuff happening on J2O, and that J2O references the JCF as a section of the site. |
Aug 25, 2010, 05:29 AM | |
I wouldn't be in favor of it. These levels are password protected because their author didn't want them to be edited. I would choose to respect that wish. But I'm pretty conservative to sticking to the game's original spirit.
You'd be better off asking other admins, I don't do to much administrative work on J2O. I recall removing a virus infected download a couple of months ago, and some small jobs people asked me to do. Oh yes, I always end up being the one who turns off the Christmas background for some reason. Why's that? |
Aug 25, 2010, 12:28 PM | |
I'm somewhat undecided on this program - on one hand, it's a neat programming exercise and a potentially very useful utility (everyone who's forgotten a password raise their hand now), while on the other hand it breaks the password protection feature which people may want to use to hide secrets or protect their own levels from casual editing.
If I had to decide I would say no to providing it on J2O/JCF, as the potential for abuse is too great. If it displayed alternate passwords for a known password (as Unknown Rabbit suggested) then I would have no objections, as it couldn't be used to break the password protection. As an alternate idea, what about posting details of the algorithm used for passwording levels? I've no objections to that, as you'd already need some programming skill to turn that information into a password breaker (and would likely be able to work out the passwording yourself). |
Aug 25, 2010, 12:40 PM | ||||
Quote:
Quote:
Quote:
|
Aug 26, 2010, 03:40 AM | ||||
Hey, guys, calm down! Let's stop the civil war for just a minute, ok?
Quote:
Yes, he. Quote:
Quote:
Not mentioning the fact that I decide what to write in the download description, and this may have a considerable influence. Anyway, if it isn't enough lamer-discouraging for you, you may suggest something else... The UI has to be (re)programmed from scratch, after all. EDIT: Replying to the last point of what Torkell said, the source code will be released together with the program, and a half-decent documentation with it. There may be a problem anyway: very few understand Assembly... If it's a problem for you, I may post a more user-friendly description of the algorithm here, or I may include it in the source code. Anyway it's not a problem for me, just ask.
__________________
Mercatura musicae delenda est. There is a flame untamed Deep in my heart Unyielding, pure Ain Soph 'tis measureless Our right divine: Aspire to all horizons To seek nature ov things Retreat within yourself To find the primal breath Behemoth - Transmigrating Beyond Realms ov Amenti Last edited by WhiteBlaster; Aug 26, 2010 at 03:57 AM. Reason: I was forgetting about Torkell... |
Aug 26, 2010, 09:07 PM | ||
Whew! Took a while to read through this...
Quote:
__________________
Define 'normal'. |
Aug 26, 2010, 10:30 PM | |
I don't mind the arguing one bit. It shows different mindsets for this thing.
UR, you bring up some interesting points. Now debating who runs J2O compared to whom runs JCF really is not conducive to this program's legality. Let him decide. And I'm serious. If he f*cks up the community, that's on him, then everybody can come back at him. But in all honesty, at least here in the US, commerce went a HELL of a lot better with free market.
__________________
Yes, I am, in fact, ALWAYS the one to blame for everything. And none of your are full of yourself. Good job. Do you like Stijn? Take my poll! Windows is not a virus. A virus is small and efficient... Note to Stijn: how am i even getting away with this |
Aug 26, 2010, 10:55 PM | |
I concede that discussion about J2O vs. the JCF is only marginally related; my point was only that different ethoses obtain in each. I don't think I have any further arguments to make and as such rest my case; there is no present functional difference between a program that lets you recover your own password and a program that lets you discover someone else's password against their will and without their knowledge. Password recovery systems only work on websites and such because they require you to input some other identification, usually your email address, to verify your identity. However, there is no place that email addresses are stored in .j2l files, and I doubt we could instantiate any tradition of putting one in the Bonus Level field or anything in case one ever forgets one's password, so that's not an option. Page claim.
|
«
Previous Thread
|
Next Thread
»
Thread Tools | |
|
|
All times are GMT -8. The time now is 03:07 PM.
Jazz2Online © 1999-INFINITY (Site Credits). Jazz Jackrabbit, Jazz Jackrabbit 2, Jazz Jackrabbit Advance and all related trademarks and media are ™ and © Epic Games. Lori Jackrabbit is © Dean Dodrill. J2O development powered by Loops of Fury and Chemical Beats. Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Original site design by Ovi Demetrian. DrJones is the puppet master. Eat your lima beans, Johnny.