NwN Server and security update

[Legacy_Lazarus Magni]

               

PlasmaJohn wrote...

How do I know there were weaknesses with Bioware security? Goodness, revealing my insider knowledge might have consequences, but perhaps the community deserves to know so I'll just have to suffer for the good of us all.

I know because they got hacked.

Wow thanks PJ, you really shed some important light on the issue.
               
               

               
            

[Legacy_Squatting Monk]

               

Lazarus Magni wrote...

In case you hadn't noticed... NWN 1 has been around for over a decade. Many PWs have had many generations of hosts. And many PWs have been posted on the vault, with their server vaults and all...

Aventia is one of them... tell me... how do I tell a legit returning player from some jerk who downloaded the mod, and looked in the server vault, and said, wow I would really like to check this guys toons out?

So you're complaining that your admin team made some bad decisions? à² _ಠ

Oh and you are saying it is the community's (customers) responsibility to ensure the integrity of the community? It's great and all they are willing to contribute, but is it their responsibility? I think not. It is the developers responsibility. And working with the community, instead of putting it all on their shoulders would seem like a much better course of action to me.

NWN is unsupported and has been so ever since the final 1.69 patch was released. It was astounding that BioWare supported it as long as they did. They could have spent their time and money on new titles that would actually make money. Instead, they spent it on NWN. That was wholly unexpected. Why? Because it's not their responsibility. They could have abandoned it years before, and most other companies would have, because that's what businesses do. They sell a product, make what they can off it, then move on. You pitching a fit that they won't drop a ton of time and money to fix a portion of an officially unsupported game is pretty lame.

Edit: maybe they could charge a monthly fee...
               
               

               

                     Modifié par Squatting Monk, 03 septembre 2012 - 07:39 .
                     
                  

            

[Legacy_Lazarus Magni]

               My admin team? Sorry bucko, but my PW is not me, nor are any of the contributors alone the PW. Aventia was founded on a community dynamic. It's an open system. 100's have contributed to it, and I am merely the 3rd host of such a community endeavor. So does this make us idiots? No that makes us collaborators in a joint endeavor over many years and generations of hosts and players. One which we would like to see preserved.

You think my stake in all this is all about me? Do I make money off my mod? No. Do I have something financial to gain from this? No. Do I have a vested interested in seeing our art work protected. You bet you azz I do! Many of us have spent countless hours on NWN art, and if you think we are going to lets some punk azz hackers ruin it for is you have another thing coming.

Astounding a developer supported a game they produced... Really??? Seriously??? You want to play that card? Ok... yeah why would a company support a product they released? You produce a car and the wheels fall off... well tough luck suckers! You bought it, I have no obligation to make sure it actually works right! I don't think so, that's not how things generally work.

I have one question for you all who seem to be in opposition to this whole idea of restoring the master server. What is your true motive?

And hi! Nice to see another of your Alias’. Mr. I change my account name whenever I need to to best suit my aims.

Oh and how bout another face palm pick guys. And keep it up. That might help improve you cognative abilities.
               
               

               

                     Modifié par Lazarus Magni, 03 septembre 2012 - 08:05 .
                     
                  

            

[Legacy_Lazarus Magni]

               The difference between you and me is I am who I am, and I don’t pretend to be otherwise. I state my opinions, and I don’t hesitate to stand by them. I don’t jump ship to another log in just to make someone else look bad by ganging up on them. I don’t sell out to the prevailing wind just because it is blowing the strongest currently. I steer the clear course, despite it not being easy. It’s easy to jump on a bandwagon, and attack an individual as a pack of hyenas. It’s much tougher to hold your ground against such an attack, and stand by your convictions.

If I am wrong, and it can be proven I am the first to lament that fact, and come forward as such. The thing is, no official Bioware representative has come out to give that proof. It has been nothing but a bunch of nay sayers, preaching everything is ****** dory as is, for who knows what reason? Even though it is clear it is not.

I am not doing this for my own personal benefit. I am doing this for NWN 1, a game I love, and have been a part of it’s community for a long time (even if the community would prefer that not be the case.)

We are not asking for the world, we are just asking the game have it’s integrity restored and preserved.

Despite the bullying, and pack mentality on here, you can see from the petition:

http://www.change.or...erver-for-nwn-1#


which was opened up to out side (outside being fellow nwn players, but not the vocal clique on here) input, many others feel the same.

I don’t speak for them, and they don’t speak for me. Many of them have their own reasons. And if you read the comments you will see the heartfelt feelings behind them. But all of us, I think, are united in the fact that we would like to see some real explanation for this, and a real resolution to this problem.
               
               

               

                     Modifié par Lazarus Magni, 03 septembre 2012 - 08:34 .
                     
                  

            

[Legacy_Squatting Monk]

               

Lazarus Magni wrote...

My admin team? Sorry bucko, but my PW is not me, nor are any of the contributors alone the PW.

That's why I said "your admin team" instead of "you". Whoever it is who manages the PW (the admin team of the server you play on: your admin team) made some decisions that put the security and usability of your server at risk. That sucks for you, and I'm sorry it makes things hard on you. But it's not BioWare's fault.

Astounding a developer supported a game they produced... Really??? Seriously??? You want to play that card? Ok... yeah why would a company support a product they released? You produce a car and the wheels fall off... well tough luck suckers! You bought it, I have no obligation to make sure it actually works right! I don't think so, that's not how things generally work.

Actually, yes, it's exactly how it works. No product is guaranteed to last forever, software especially. From the EULA:

9. Disclaimer of Other User Conduct and Gameplay Risks. You agree and acknowledge that an integral feature of NEVERWINTER NIGHTS is the ability to play online with other game users, including playing Variations created by other users. Infogrames and BioWare specifically disclaim any warranties relating in any way to such user-created content, and you agree that neither Infogrames, BioWare, their assignees or successors, nor any of their licensors or suppliers shall in any way be responsible for the content or functionality of such user content. You further agree and acknowledge that while playing multi-player games, you may be subject to conduct of other users that may impact your own gameplay and characters, or that you may find objectionable or offensive. Infogrames and BioWare also specifically disclaim any warranties relating to the conduct of other users (including in-game, and in game-related forums, chatrooms, etc.), and you agree that neither Infogrames, BioWare, their assignees or successors, nor any of their licensors or suppliers shall in any way be responsible for the conduct of other users.

...

11. General Disclaimer. EXCEPT AS EXPRESSLY SET FORTH ABOVE, INFOGRAMES AND BIOWARE EXPRESSLY DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NEITHER INFOGRAMES NOR BIOWARE WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET YOUR REQUIREMENTS. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY INFOGRAMES, BIOWARE OR ANY INFOGRAMES OR BIOWARE-AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

12. Limitation of Liability. UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE, SHALL INFOGRAMES OR BIOWARE BE LIABLE FOR ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE SOFTWARE, INCLUDING THOSE THAT RESULT FROM THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF INFOGRAMES OR BIOWARE HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. IN NO EVENT SHALL INFOGRAMES' OR BIOWARE'S TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT OR OTHERWISE) EXCEED THE AMOUNT PAID BY YOU FOR THE SOFTWARE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.

(Caps in original, emphasis mine.)

I have one question for you all who seem to be in opposition to this whole idea of restoring the master server. What is your true motive?

We told you. We think it's a waste of time and we'd rather see you doing something productive. Or maybe you'd like to spend your time insinuating that we're teh l33t h4xx0rz n ur s3rv3r pwn1n ur n00bz. Over in here in the real world, though, we actually do care about the continuance of the NWN community. We just think it's silly making a big deal about the Master Server.

And hi! Nice to see another of your Alias’. Mr. I change my account name whenever I need to to best suit my aims.

Oh, cool. Apparently I'm a sock puppet. 

Oh and how bout another face palm pick guys. And keep it up. That might help improve you cognative abilities.

*cognitive (oh, the irony)
               
               

               

                     Modifié par Squatting Monk, 03 septembre 2012 - 08:44 .
                     
                  

            

[Legacy_Shadooow]

               

Squatting Monk wrote...

We told you. We think it's a waste of time and we'd rather see you doing something productive. Or maybe you'd like to spend your time insinuating that we're teh l33t h4xx0rz n ur s3rv3r pwn1n ur n00bz. Over in here in the real world, though, we actually do care about the continuance of the NWN community. We just think it's silly making a big deal about the Master Server.

this

Make a petition to release nwn source (to the hand of trusted community members) and I will support it. That would be certainly more likely that MS coming back again.
               
               

               
            

[Legacy_Lazarus Magni]

               

Squatting Monk wrote...

Lazarus Magni wrote...

My admin team? Sorry bucko, but my PW is not me, nor are any of the contributors alone the PW.

That's why I said "your admin team" instead of "you". Whoever it is who manages the PW (the admin team of the server you play on: your admin team) made some decisions that put the security and usability of your server at risk. That sucks for you, and I'm sorry it makes things hard on you. But it's not BioWare's fault.

Yes it sucks for us, and all of our players, and all the other PWs like us, and all their players too. And yes, bioware is complacent in this fact.

Squatting Monk wrote...

Astounding a developer supported a game they produced... Really??? Seriously??? You want to play that card? Ok... yeah why would a company support a product they released? You produce a car and the wheels fall off... well tough luck suckers! You bought it, I have no obligation to make sure it actually works right! I don't think so, that's not how things generally work.

Actually, yes, it's exactly how it works.

Actually no that's not how it works. Usually that's what prompts a recall.

Squatting Monk wrote...

We told you. We think it's a waste of time and we'd rather see you doing something productive. Or maybe you'd like to spend your time insinuating that we're teh l33t h4xx0rz n ur s3rv3r pwn1n ur n00bz. Over in here in the real world, though, we actually do care about the continuance of the NWN community. We just think it's silly making a big deal about the Master Server.

"We told you"? (now that's how you use a real quote). I am sorry I didn't realize I was on the outside looking in. I will be sure to tell my players that, and everyone else who is not in on the "in" crowd.

Squatting Monk wrote...

Oh, cool. Apparently I'm a sock puppet. 

Oh and how bout another face palm pick guys. And keep it up. That might help improve you cognative abilities.

*cognitive (oh, the irony)

No comment, on either account...
               
               

               

                     Modifié par Lazarus Magni, 03 septembre 2012 - 09:40 .
                     
                  

            

[Legacy_Lazarus Magni]

               Tell me all of you nay-sayers. What PWs are you players of? What PWs are you developers of? What PWs are you hosts/owners of?

I have laid all this out on the line in true transparency. Everyone in opposition to this is hiding behind a veil. How bout you all ante up, like I have. If you want to shoot down my ideas, and play my feelings (and those of all the others that have not only signed the petition thus far, but have contributed to this thread which has had over 13k views) off as insignificant, how bout you lay your chips on the table too?

I think that's what's called, calling someone’s bluff. Be real or be gone... I am getting tired of this bull.
               
               

               
            

[Baaleos]

               

this

Make a petition to release nwn source (to the hand of trusted community members) and I will support it. That would be certainly more likely that MS coming back again.

Im not sure I would support the idea that the entire nwn source be turned over to a member of the community.
In fact, I really doubt it would ever happen.
nwn is property of Bioware and associated publishers.
They invested alot of money in its creation, and they would not simply hand it over, free of charge, to any 3rd party, trusted or otherwise.
There would be nothing preventing that 3rd party from looking at the source code, getting ideas, and then developing derivitive works of that code.
(Imagine Sony, Apple, and Samsung patent wars)
Hundreds, maybe thousands of developers worked on it, and even they didnt get the ability to turn around and claim ownership of it at the end of development, and keeping copies of the source code for personal use would have probably counted as theft of intellectual property of Bioware etc.

Besides
If ShaDoOoW were to get a copy of the source code, I'd probably request a copy just out of badness.
No one member of this community deserves nwn source code more than anyone else.
It was developed by developers for a multi-million dollar company.

I would say, open source, or not at all.
It wouldnt be fair to give it all to one person.

With regards to the Master Server.

I can understand why some people want it re-instated, but I tend to agree mostly with those who dont care either way, or lean towards not implimenting it.
Lets face it,
It costs money to develop it,
Money to host it,
Money to Run it.

Are you going to pay for these things? Why should Bioware - when its not needed.

All functionality, besides legitamit cdkey checking can be replicated via nwscript.
And if anything, the lack of a master server, has given players the incentive to come up with creative ways to create pseudo master servers, and cross server banning systems.

In answer to your questions.
Im a player, Developer, and Hoster of 'Worlds of Rhun'
a Persistent Server that has been open for 4-5 years now.

When the master server went offline, I implimented the nwScript approach to securing player accounts, and no major complaints with it.
The only people who do complain about it, are those who seem to have 5 pc's in their house ,each using a different cdKey - which to be honest, seems a little dodgy -so I dont feel bad that they have to jump through extra hoops to log in to my server.
If they used the same CDKey on all machines, they wouldnt have any problems, or if they followed the ingame/on forum instructions to add said cdkeys to their allowed CDKeys list, then they would get in without a hitch.
               
               

               

                     Modifié par Baaleos, 03 septembre 2012 - 01:04 .
                     
                  

            

[Legacy_PlasmaJohn]

               

Lazarus Magni wrote...

Tell me all of you nay-sayers. What PWs are you players of? What PWs are you developers of? What PWs are you hosts/owners of?

Link is in my signature.  I play, develop and DM for Avlis and I host the servers.  I also wrote and operate a Master Server emulator for CoPaP, the other PW's we're linked to via Vaultster.

Apologies for being pedantic, but Gamespy has never had anything to do with authenticating NWN.  Instead of using GSID, I use MSID (Master Server ID).

Players must apply to register their MSID with Alpha (our MS replacement).  These are currently hand approved.  If they're a returning player there needs to be compelling evidence linking them to the MSID requested.  The strongest evidence is a PM from an account with IC posts from a character linked to that MSID.  New players can choose any MSID they want that doesn't match an existing vault. 

Yeah, it's a pain, but the alternative is to leave us wide open to people with nothing better to do than cause trouble.  This is Internet Security 101.

I've already laid out why I'm confident the Master Server will not return.  Even if it did return, we'd never go back to using it.  If the Master Server suffered an outage, so did we.  Often these outages happened during our busiest times (evenings North America).  Since Bioware did not have 24x7 coverage for it, we'd have to wait until mid-morning Mountain time (GMT-6/GMT-7) on the next work day.  Weekend outages were particularly galling.  Fool me once... et. al.

Please take this advice in the friendly spirit is intended: The description of your process sounds like you have deeper issues than the Master Server can solve.  Find somebody that you can trust to help you out with your scripting and hardening your server against the troublemakers.
               
               

               
            

[Baaleos]

               Just read Pages 8,9 and 10....
Can some moderator just lock this thread?
It resembles a flame war more than a legit discussion.

Bioware is under no obligation to develop a master server.
Their master server was tied into a database that was linked to legacy forums - which is why registering on the forum, allowed master server access.
Legacy forums got hacked
Bad security
Legacy Forums taken down
Master server no longer able to contact Legacy Forums database to get CDKeys on player account
Result: Long Delay in starting multiplayer (which can be bypassed with memory edits)

In order to re-instate a master server, they would need to
1. Create a new central repository of cdkeys linked to player accounts
(They arent going to do this for a game thats on its way out)
2. Create a new build of the master server that links to the new cdkey repository.
(They arent going to do this: due to client protocol issues: Explained Later)
3. Distribute a patch to players, telling them the new server location of the master server.
(I suppose they could just keep the new master server in the old location, but even then, if they change the operating protocols/message protocols, then a client patch will be required to facilitate communication. And since they have already said NO to official patches after 1.69 - this wont happen)


Legacy Servers got hacked
We dont know how they got hacked, but they did
For all we know - the Master Server provided entry into the database - anythings possible.
Infact, Lets just assume that the master server did provide a means for the hackers to get unauthorised access.
If they were to try to repair this hypothetical security flaw, it would definitely require a re-work of the client server networking protocols, which would definitely require a client patch.
Why would anyone add an extra layer of vulnerability to their infrastructure, when it provides absolutely no beneficial, non-redundant functionality at all.

Gonna be devils advocate here for the pirate players - surely no Master Server means you can have more players?
               
               

               

                     Modifié par Baaleos, 03 septembre 2012 - 03:15 .
                     
                  

            

[Legacy_PlasmaJohn]

               You can get NWN for $10 from GOG or less when they have a sale.  There's no reason to advocate piracy.

I'm down with a lock if they'd officially state that the Master Server is dead and gone for good.
               
               

               
            

[Baaleos]

               Sent the following to Chris Priestly

http://social.bioware.com/forum/1/topic/199/index/8398695/10#13965362

Hi Chris,
A flame war is sorta developing over on the nwn forums.
Could you comment as to whether Bioware are releasing/implimenting a new master server replacement, or whether it is dead and buried.

Once this question has been answered, can the topic be locked to prevent further irrelevent discussion?

I appreciate it might be a hard topic to comment on, because it relates to the security breach etc.
A simple
'We may make a new master server'
or
'No, there are no plans at this time'

Would suffice.
Lol

Regards,
Baaleos

               
               

               
            

[Legacy_Shadooow]

               

Baaleos wrote...

this

Make a petition to release nwn source (to the hand of trusted community members) and I will support it. That would be certainly more likely that MS coming back again.

Im not sure I would support the idea that the entire nwn source be turned over to a member of the community.
In fact, I really doubt it would ever happen.
nwn is property of Bioware and associated publishers.
They invested alot of money in its creation, and they would not simply hand it over, free of charge, to any 3rd party, trusted or otherwise.
There would be nothing preventing that 3rd party from looking at the source code, getting ideas, and then developing derivitive works of that code.
(Imagine Sony, Apple, and Samsung patent wars)
Hundreds, maybe thousands of developers worked on it, and even they didnt get the ability to turn around and claim ownership of it at the end of development, and keeping copies of the source code for personal use would have probably counted as theft of intellectual property of Bioware etc.

Besides
If ShaDoOoW were to get a copy of the source code, I'd probably request a copy just out of badness.
No one member of this community deserves nwn source code more than anyone else.
It was developed by developers for a multi-million dollar company.

I would say, open source, or not at all.
It wouldnt be fair to give it all to one person.

Yea, well the releasing the source has its own consequences - it would opened doors to h2ck3rs as well, right? But I guess making this open for everybody is better idea afterall. Anyway it IMO more likely to happen because re-instating the MS would require time, work and money. Releasing the source wouldnt cost a penny. It happened to many older games already - your worries about patent rights are BS - this is covered in EULA I believe. Also - who would be interested in the ten years old game engine?

And come on Baaleos - at least something happens there, if there was said anything that would help h2ck3rs, locking the thread doesnt help. Thats why moderators are there - THEY are locking threads if the discussion went in wrong direction, why bother Bioware.
               
               

               

                     Modifié par ShaDoOoW, 03 septembre 2012 - 10:31 .
                     
                  

            

[Legacy_Lazarus Magni]

               As far as I can tell this:

Chris Priestly wrote...

Ok this seems to have degenerated into a "bash EA" thread. If this keeps up, this will be closed.

3 things:

1 - EA didn't make NwN. BioWare developed it and Atari published it. Why EA is now somehow at fault is completely off topic. BioWare is fixing these issues as best we can. No, this is not a priority, but we continue to work on it and will until it is fixed as best we can. Compared to SWTOR or Mass Effect or whatever MANY companies would have just abandoned this. It is going on a decade since this we released and it would have been MUCH easier to just say "contact Atari. They are the publisher. It is their responsibility to the NwN fans." However, BioWare cares about our fans and we will not abandon them. If you do not feel this is being resolved fast enough, you are welcome to go to Atari and see what help you can get there while we continue to work on things.

2 - You can authenticate copies of NwN and have been able to for months now. If you cannot, please contact Atari customer support.

3 - We are still working on oustanding problems and when we have information we will let you know.

Is the last official word we recieved, which is from over 9 Months ago.

I think it is incredibly sad there has been no further updates since then. The least Bioware could do is give us some resolution. If 1, and 3 aren't dead in the water, as many have surmised due to the lack of communication as to the status from Bioware, an update on the status I think would be much appreciated by many. And if 1, and 3 are dead, at least come forward and say that.

An elaboration on 2 would also be appreciated. I assume Chris is saying players can... not PWs (via the master server)... which is a big part of the issue in my book.

Laz

P.S. Bioware you can look at this as Bio-bashing, or a player venting their frustrations, or you can look at this for what it is. Which is a testimate to the fact that you made such an incredible game, even 10 years later people still feel this passionate about, an feel their work with your clay is a work of art, and one worth protecting and perserving. If you read some of the comments posted here, you can see how much this game has meant to many people:
http://www.change.or...erver-for-nwn-1#
               
               

               

                     Modifié par Lazarus Magni, 04 septembre 2012 - 01:05 .