Page 4 of 4

Re: TMW organization structure - TMW Committee

Posted: 13 Mar 2013, 23:42
by Platyna
Big Crunch wrote:
BoomerTheKran wrote:This is a step in the right direction. As for "undisclosed location," anyone with traceroute can find it.
The hosting company is not undisclosed, just the person who is paying for the hosting services.

BC
You mean, the real owner of the machine, who can change his mind anytime or do rm -rf / when he see fit? This is completely irresponsible.

Regards.

Re: TMW organization structure - TMW Committee

Posted: 14 Mar 2013, 08:38
by EJlol
Platyna wrote:
Big Crunch wrote:
BoomerTheKran wrote:This is a step in the right direction. As for "undisclosed location," anyone with traceroute can find it.
The hosting company is not undisclosed, just the person who is paying for the hosting services.

BC
You mean, the real owner of the machine, who can change his mind anytime or do rm -rf / when he see fit? This is completely irresponsible.

Regards.
Agreed with Platyna. He/she should not be anonymous. I think it's a very bad choice.

Re: TMW organization structure - TMW Committee

Posted: 14 Mar 2013, 11:58
by Platyna
Not only he is not related to TMW complete stranger, not only he can do what he want with the files, he is also supposed to be anonymous. Why? Because are dangerous and may harm him - I beg your pardon, but this is ridiculous - and here goes the transparency in OSS project...

Stalin-like modus operandi.

Regards.

Re: TMW organization structure - TMW Committee

Posted: 14 Mar 2013, 12:05
by blackrazor
@Cody: I think the problem with that kind of logic is that it could apply to everything. Surely the developers, admins, GMs could all do their jobs more comfortably too, if their main (non-job related) characters and identities remained perfectly secret, so they would be under no pressure from player demands also.

I think what outweighs this is the community's right to know, in a transparent free game and environment. If our benefactor is uncomfortable with the community's scrutiny, then perhaps we are better off with Platyna's hosting solution. Especially if the community is also concerned with the type of hosting service or other details of the virtual server or for-profit hosting company http://www.hetzner.de/en/

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 12:36
by Crush
The person who hosts the server has disclosed their identity to me before the relocation. It is a well-known person in the TMW community. The person does want to stay anonymous, however because

1. the person doesn't want their status as the server host change the way the community sees them

2. the person doesn't want to be attacked personally. Looking at the current shitstorm, I can understand that.

Also, the information posted by me that it is a virtual server was wrong. It is a virtual machine on a root server on which no other resource-hungry applications are running. That was my misunderstanding, I apologize.

Re: TMW organization structure - TMW Committee

Posted: 14 Mar 2013, 12:55
by blackrazor
cody wrote:What kind of "scrutiny" do you want to put the owner under?
Does the owner have admin access?

Can the owner see our passwords?

Can the owner spawn items in the game?

Can the owner gain full access from the command line to do any of the above?

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 18:14
by Frost
These are very important questions. We tried to answer them in the TMWC Organization Structure, but sometimes a simple, straight answer is best.
blackrazor wrote: Does the owner have admin access?
No.
Can the owner see our passwords?
No.
Can the owner spawn items in the game?
No.
Can the owner gain full access from the command line to do any of the above?
Yes, anyone with access to the Linux account which runs TMW can gain full access to the binaries, data files, client updates, forums, and wiki.

That last answer begs explanation.
First, this is not different to the previous hosting.
Second, not only the owner has access, but any admin (all are published), anyone who can gain physical access to the server, and anyone who can break into the operating system. Although this was true for the old host also, I think it's important to identify all those possibilities.

The major change from our previous hosting is a separation of roles. The new server owner does not have authorization to gain admin access, see passwords, spawn items, or make arbitrary changes to the TMW server. There is always the risk of unauthorized access, regardless of host.

This was not asked yet, but it seems as important:
"Do we have backups that are independent of the server?"
Yes. We have backups of all TMW data at another site. These backups are independent of the server itself, the server owner has no control over them (although it's with his approval), and even if the main server is fully compromised the backups will be intact. Such backups are our best protection against the server owner trying to manipulate TMW.

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 18:33
by Platyna
Frost wrote: These are very important questions. We tried to answer them in the TMWC Organization Structure, but sometimes a simple, straight answer is best.
blackrazor wrote: Does the owner have admin access?
No.
Define admin access.
Can the owner see our passwords?
No.
He can get pw hashes and break them.
Can the owner spawn items in the game?
No.
But he can edit the files and add himself any rights.
Can the owner gain full access from the command line to do any of the above?
Yes, anyone with access to the Linux account which runs TMW can gain full access to the binaries, data files, client updates, forums, and wiki.
He is root, he already has a full access and may use it as he wishes (see below).
That last answer begs explanation.
First, this is not different to the previous hosting.
Wrong answer - the previous host was active and well known, long time contributor and game/community admin, not a complete stranger who can be anyone - eg. a psychopath, with anger management problems who does rm -rf / and demolishes his appartment anytime he goes late for his TV show or a kid, who one day will play with debugfs and will wipe everything. Most likely he is some guy, who bought himself a dedic, and will tell you go away after he gets an invoice for extra traffic after some DDoS.
Second, not only the owner has access, but any admin (all are published), anyone who can gain physical access to the server, and anyone who can break into the operating system. Although this was true for the old host also, I think it's important to identify all those possibilities.
The old host was one of the best secured machines around, administrated by a security expert with almost fifteen years of experience, not a complete stranger, who we don't know, we don't know if he even has any idea of security, maybe he is just a kid with password "God.123". We can't say because WE DONT KNOW HIM, we have no OFFICIAL AGREEMENT with him, we have basically no security at all, we can't be even sure if tommorow there will be any hosting. It already happened in the past - before I became a host (it wasn't even bad will of the admin, but he wanished for a month and the server first crashed and then was closed).
The major change from our previous hosting is a separation of roles. The new server owner does not have authorization to gain admin access, see passwords, spawn items, or make arbitrary changes to the TMW server. There is always the risk of unauthorized access, regardless of host.
Again, wrong answer. The major change from previous hosting is accumulation of roles - previous host disagreed to give developers power over community (it is not neccessary for development) current host made developers are also community administrators, which is wrong.

And the current root has authorization of see and use everything he has on his system, because you did not sign any agreement with him (show us the scanned copy if you did).
This was not asked yet, but it seems as important:
"Do we have backups that are independent of the server?"
Yes. We have backups of all TMW data at another site. These backups are independent of the server itself, the server owner has no control over them (although it's with his approval), and even if the main server is fully compromised the backups will be intact. Such backups are our best protection against the server owner trying to manipulate TMW.
By doing so you are breaking international privacy law as well as moral transparency law. Platinum complies to these laws, so all backups were stored within Platinum's infrastructure and there were no consent to move them to foreign sites, so users had a full control over where are their personal data and what is being collected.

Regards.

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 21:01
by Ablu
Platyna wrote: He can get pw hashes and break them.
You do not simply break hashes. Even md5 is still rather safe to use when doing salting / hashing multiple rounds.

Regards
Ablu

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 21:41
by Platyna
Ablu wrote:
Platyna wrote: He can get pw hashes and break them.
You do not simply break hashes. Even md5 is still rather safe to use when doing salting / hashing multiple rounds.

Regards
Ablu
I don't think so if eA does that. ;-)

Regards.

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 21:45
by Ablu

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 21:53
by Platyna

Code: Select all

// Whoever wrote this FAILS programming
Oh well. ;-)

Anyway, there are more issues I raised. Seems that Impeachment Comitee is quite resistant while having to explain impoartant questions, that hardly can be explained with propaganda.

Sine ira et studio I do expose lies, irresponsibility and attempts to comprimise my reputation, that were used just to fullfill someones ambition at the cost of security and welfare of this project.

Regards.

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 22:17
by Crush
It's a rather unorthodox and inefficient way of implementing salted password hashing (you usually only need one, not three, hash operations to do it), but it isn't unsafe.

Re: Relocation of the Mana World Services - March 9th 2013

Posted: 14 Mar 2013, 22:28
by o11c
Crush wrote:It's a rather unorthodox and inefficient way of implementing salted password hashing (you usually only need one, not three, hash operations to do it), but it isn't unsafe.
Though it is slightly weaker than MD5 due to the truncation.