[QUOTE=Sally;43599384]Guys, you can be mad at OP all you want. But he's doing the right thing.
If he was to release it privately he could of easily of made a good lump some of money and the chance of Garry caring about fixing it is around 0%
Now its been publically released Garry might give half a shit to work up a newer system.[/QUOTE]
Can't see a newer system being made really. It's not a massive security risk, doesn't break the game, and as far as I know Garry gives zero shits about people selling code, so he probably cares about as much when it comes to protecting it.
But it does bring attention to it and give developers something to watch out for when making addons.
[QUOTE=Fortune11709;43599407]Or he could of not released it at all and there would be nothing to fix :v[/QUOTE]
So what you are saying is instead of closing a window you should just put a curtain over the opened window?
[QUOTE=Sally;43599384]Guys, you can be mad at OP all you want. But he's doing the right thing.
If he was to release it privately he could of easily of made a good lump some of money and the chance of Garry caring about fixing it is around 0%
Now its been publically released Garry might give half a shit to work up a newer system.[/QUOTE]
This is more insignificant then you think. I can't just connect to a server, decompress their crap, and then copy it right over to my server instantly. It's the same thing with models, materials, and sound. All this does is decompresses them, it doesn't arrange them into a directory structure, it doesn't even name the files. It's pretty much useless you know a bit of Lua or how the script you're looking at works.
As long as there is a clientside cache, there will always be an exploit, and thus an update to this program.
An example would be the 420 server files -- [URL]http://puu.sh/6hsF8[/URL] -- Some of the stuff requires the net library, if you didn't know Lua you couldn't use those scripts. If you didn't know what a SWEP file looked like, you just mindlessly use the workshop, you wouldn't know where to put them. Lots of clientside code depends on other clientside files, if you didn't know Lua you wouldn't be able to see what files they depended on. (Ex: Some gamemodes create fonts in cl_init, and they're used through out the gamemode)
If you had a server with cs lua turned off, you could send the clientside portions via the net library securely, excepting the players who cheat around the cs lua block.
It would, however, not be worth the bother of rewriting your code to work with such a setup.
[QUOTE=bitches;43599506]If you had a server with cs lua turned off, you could send the clientside portions via the net library securely, excepting the players who cheat around the cs lua block.
It would, however, not be worth the bother of rewriting your code to work with such a setup.[/QUOTE]
You're right, it wouldn't be worth it. There are already[I] thousands [/I]of exploits for sv_allowcslua.
(also that's a stupid idea, stop trying to pitch an invisible audience ideas)
There's nothing wrong with speculating precautionary measures for the concerned. I don't even have anything notable to be stolen, and it isn't a stupid idea beyond the impracticability issue that I noted without your assistance.
[QUOTE=bitches;43599600]There's nothing wrong with speculating precautionary measures for the concerned. I don't even have anything notable to be stolen, and it isn't a stupid idea beyond the impracticability issue that I noted without your assistance.[/QUOTE]
But this thread isn't for speculating precautionary measures for the concerned. You're being counter-intuitive.
Let's leave it at that.
You post a program to let any uninformed player read private assets, and say it isn't the time for workaround/protective speculation? Unbelievable.
[editline]19th January 2014[/editline]
Oh, I didn't realize this thread was only for congratulating you and agreeing that coderhire should be all free.
[QUOTE=bitches;43599655]You post a program to let any uninformed player read private assets, and say it isn't the time for workaround/protective speculation? Unbelievable.[/QUOTE]
They aren't private assets, they're essentially zipped and sent to the client. Most of it's stolen/open source anyway. I feel as if this has already been covered 10 times.
Go create a new thread: "Post your ideas on how to make clientside code unreadable!"
That's like arguing that a game without DLC is totally ok to pirate.
Edit: DRM*
[QUOTE=bitches;43599686]That's like arguing that a game without DLC is totally ok to pirate.[/QUOTE]
How exactly does that have any bearing?
[I][B](Instead of clogging up the thread with this meaningless discussion, take it to a PM if you have a moral or ethical problem)[/B][/I]
this thread is going to be immensely entertaining (and has been this far)
My bad, I meant to say DRM not DLC.
Anyway you posted a tool for getting around garry's crude script protection, so I feel it is perfectly suited to the thread to discuss and brainstorm ways to protect scripts.
[QUOTE=bitches;43599772]My bad, I meant to say DRM not DLC.
Anyway you posted a tool for getting around garry's crude script protection, so I feel it is perfectly suited to the thread to discuss and brainstorm ways to protect scripts.[/QUOTE]
It's not protection -- it's compression. It was never ment to be a form of encryption, just a way to speed up script transfer time.
Make your own thread in the Next Version Moaners Club, stop moaning.
That section no longer exists. Why would garry devise his own slight moderation of compression, if not to stop unknowledged users from simply opening up a folder and realizing they have access to scripts?
You're complaining that I'm moaning (by the way, that section doesn't exist anymore) because you don't like that I'm supporting the sale of scripts for this game. You make this painfully clear in your OP. This is still a thread explicitly about gaining access to paid content (you said it yourself), and so it is still an appropriate place to discuss the nature of client code protection.
[quote] I'm sick of servers only being cool because of how much money someone's mom gave them to spend on CoderHire Pointshop skins[/quote]
[QUOTE=bitches;43599772]My bad, I meant to say DRM not DLC.
Anyway you posted a tool for getting around garry's crude script protection, so I feel it is perfectly suited to the thread to discuss and brainstorm ways to protect scripts.[/QUOTE]
Compression =/= encryption
The datapack is not protected by anything, it's just compressed with LZMA to decrease the filesize. The only difference between the standard LZMA and Garry's implementation of it is the signature (first 4 bytes are normally 'LZMA', for GMod datapacks they're 'CATS').
I don't support OP's cause because it's a personal vendetta that's not really doing anything to benefit the community, but is instead arming script kiddies with yet another tool they shouldn't have easy access to.
gj fixing the problem of people stealing code from each other by adding fuel to the fire tho op, you nailed it
[QUOTE=bitches;43599886]That section no longer exists. Why would garry devise his own slight moderation of compression, if not to stop unknowledged users from simply opening up a folder and realizing they have access to scripts?
You're complaining that I'm moaning (by the way, that section doesn't exist anymore) because you don't like that I'm supporting the sale of scripts for this game. You make this painfully clear in your OP. This is still a thread explicitly about gaining access to paid content (you said it yourself), and so it is still an appropriate place to discuss the nature of client code protection.[/QUOTE]
rbeslow said in the post you're replying to that the compression is to make stuff go faster; i don't know if that's true or not, but you asked why garry would devise such a system and he already provided his own explanation as to why
[QUOTE=bitches;43599886]That section no longer exists. Why would garry devise his own slight moderation of compression, if not to stop unknowledged users from simply opening up a folder and realizing they have access to scripts?[/QUOTE]
Because that's how Garry's personal utility library [URL="https://github.com/garrynewman/bootil"]Bootil[/URL] compresses things. He never devised this, Bootil is free and open-source, I rather like it.
If I had my own library with decompression, I'd use it in my game to speed up development.
[QUOTE=McSimp;40143974]
[code]
#include "Bootil/Bootil.h"
using namespace Bootil;
int main(int argc, char** argv)
{
BString folder = "C:/YourSteamApps/garrysmod/cache/lua";
String::List fileList;
File::GetFilesInFolder(folder, fileList, false);
BOOTIL_FOREACH_CONST(f, fileList, String::List)
{
AutoBuffer inBuf;
File::Read(folder + "/" + *f, inBuf);
// Extract using LZMA (first 4 bytes are junk)
AutoBuffer outBuf;
Compression::LZMA::Extract(inBuf.GetBase(4), inBuf.GetSize()-4, outBuf);
// Write to file.luad
File::Write(folder + "/" + *f + 'd', outBuf);
}
return 0;
}
[/code][/QUOTE]
[editline]19th January 2014[/editline]
"My personal utility library, feel free to steal :)" ~[I]Garry[/I]
All this does is makes something that anybody could already do themselves if they knew a few basic things easier by giving them an easier way to do it.
Why are people making such a big deal of this
I was wrong.
So where from here? Is this thread to only have posts like 'hey i tried to peek at all the code of xxserversrpxx but i got a bug help me', and 'hey thanks now i can learn how gmodtower is gmodtower'?
I see no harm or irrelevancy in discussing alternatives. Garry is far too busy to focus on gmod, least of all things like this, but it makes for interesting discussion that some good yet may come from.
[QUOTE=bitches;43599984]I was wrong.
So where from here? Is this thread to only have posts like 'hey i tried to peek at all the code of xxserversrpxx but i got a bug help me', and 'hey thanks now i can learn how gmodtower is gmodtower'?
I see no harm or irrelevancy in discussing alternatives. Garry is far too busy to focus on gmod, least of all things like this, but it makes for interesting discussion that some good yet may come from.[/QUOTE]
So then create a topic, or email Garry suggesting this be implemented. Again, this is not the place for your bullshit.
You didn't answer my question, you only got mad. Crying 'bullshit' doesn't win you any points. You're saying that protecting code is bullshit, which you pretty much said in your OP.
Your personal problems with paid small-scale programming don't erase the usefulness of the topic. I don't see why you should be upset with such a discussion.
[QUOTE=bitches;43600254]You didn't answer my question, you only got mad. Crying 'bullshit' doesn't win you any points. You're saying that protecting code is bullshit, which you pretty much said in your OP.
Your personal problems with paid small-scale programming don't erase the usefulness of the topic. I don't see why you should be upset with such a discussion.[/QUOTE]
I never said I was mad at you, I'm not the one who keeps retaliating for no reason. As you said, it's clear that I'm saying protecting clientside code is bullshit. If you want to talk to me personally about your beliefs, and my beliefs you can PM me.
You've already derailed the thread, and admitted you were wrong. Please leave the thread and contact Garry or request a feature ([URL]https://github.com/Facepunch/garrysmod-requests/[/URL]) instead of bringing us further away from the main topic.
IMO OP is stupid to bring something like this to the Facepunch forums.
All I can see is the encouragement of taking code from servers that you have no right to use if you do use it.
If garry wanted us to be able to see code from servers we joined, I don't think he would have encrypted clientside files in the first place.
[QUOTE=brandonj4;43600351]IMO OP is stupid to bring something like this to the Facepunch forums.
All I can see is the encouragement of taking code from servers that you have no right to use if you do use it.
If garry wanted us to be able to see code from servers we joined, I don't think he would have encrypted clientside files in the first place.[/QUOTE]
They aren't encrypted, did this entire thread go over your head?
I said I was wrong about what garry was doing with the files. I'm not retaliating; that would be you. You're stressing that countermeasures not be discussed in this thread, where they are most relevant. It is entirely in line with the topic. I see no reason for such fuss to be created out of honest discussion due to your personal views, simply because you are the one who started the thread.
This thread is balls
[QUOTE=brandonj4;43600351]
If garry wanted us to be able to see code from servers we joined, I don't think he would have encrypted clientside files in the first place.[/QUOTE]
dude did you even read the thread? he COMPRESSED it in order for things to load faster, he didn't encrypt it
[QUOTE=bitches;43600369]I said I was wrong about what garry was doing with the files. I'm not retaliating; that would be you. You're stressing that countermeasures not be discussed in this thread, where they are most relevant. It is entirely in line with the topic. I see no reason for such fuss to be created out of honest discussion due to your personal views, simply because you are the one who started the thread.[/QUOTE]
it's not a thread created for the debate of client side encryption and the solicitation of code, it's a thread where OP can show off his little gadget and people can provide feedback on its general function
[QUOTE=bitches;43600369]I said I was wrong about what garry was doing with the files. I'm not retaliating; that would be you. You're stressing that countermeasures not be discussed in this thread, where they are most relevant. It is entirely in line with the topic. I see no reason for such fuss to be created out of honest discussion due to your personal views, simply because you are the one who started the thread.[/QUOTE]
How many times do I need to tell you.
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
[url]https://github.com/Facepunch/garrysmod-requests/[/url]
I think the point of compressing them, or using a unopenable out-of-the-box format was to prevent the less savvy people from getting access to the code. Which you just ruined by releasing it to everybody, regardless of their morals or ethics of ownership.
Sorry, you need to Log In to post a reply to this thread.
