Scumpernickle Posted April 13, 2012 Posted April 13, 2012 Besides the obvious (automated farms, electric machines) are there any parts of Forestry that actually help in ways that may push you ahead in other mods? Is it just me, or am I trying to convince myself that I'm better off without Forestry? Quote
Pulse95 Posted April 13, 2012 Posted April 13, 2012 Bio fuel so you never have to find and pump oil + it is renewable. Quote
gotyaoi Posted April 13, 2012 Posted April 13, 2012 One of the nether bees provides a renewable source of lava. Peat can be used in generator or burned in other machines for a lot of power. In general, there's nothing that's irreplaceable, but there's things I will miss. Quote
Scumpernickle Posted April 13, 2012 Author Posted April 13, 2012 Maybe I should stop focusing on breeding bees so much... Quote
Arkalius Posted April 13, 2012 Posted April 13, 2012 Bee breeding can be fun if you're into it. I appreciate beeswax as a source of pipe waterproofing, which I find easier to come by than cactus. But, you could also run an automatic cactus farm to get it too. Quote
jakj Posted April 13, 2012 Posted April 13, 2012 Well, you can still use forestry. You just have to install a little fix for it. That is, if you trust that there aren't any more little "gems" in the code we have yet to find. Who knows what someone will put into code who already has done what he's done. Quote
Naturam Posted April 13, 2012 Posted April 13, 2012 Don't think I'll be touching mods that are purposely rigged with malicious software. Some of these things barely run as it is with the developer making every effort to make it functional. Never mind mods that have purposely been sabotaged. Quote
MechaCrash Posted April 13, 2012 Posted April 13, 2012 The ability to make cans and capsules which are capable of holding oil and fuel was also useful, because there have been plenty of situations where the ability to carry around some fuel would have been useful, but I didn't want to set up a liquid transport system. It was also a handy way to move water and lava, because while it was possible to put water and lava into cells, there was no way to get it out. But Sengir's poisoned the well, and everything he's touched is to be regarded with extreme suspicion. For that matter, I'm pretty sure I won't be touching mods from non-Technic sources, because if this is the kind of dickery that's not just tolerated but encouraged on the MC Forums, I don't want anything to do with it. Quote
linkthegamer Posted April 13, 2012 Posted April 13, 2012 Yeah, I mean the current one seems harmless enough but it shows a disturbing new possibility. My fear is something along the line of this: "I am a mod maker. I made a mod, Jay? made a mod like mine. I HATE Jay? for that. I decide that anyone who uses his mod must be punished. I have the program send me their info so i can blacklist them and sell the account to greifers. I also decide they do not deserve their saves or minecraft so i execute code (if possible, i am not a java wiz) to FUBAR all their saves and even minecraft itself." All it would take is one nutjob to feel such a measure is justified. I am trying to use Forestry to see how it is useful... some of the stuff from "Tekkit with Duncan" looked quite nice. Quote
Pilchard123 Posted April 13, 2012 Posted April 13, 2012 Yeah, I mean the current one seems harmless enough but it shows a disturbing new possibility. My fear is something along the line of this: "I am a mod maker. I made a mod, Jay? made a mod like mine. I HATE Jay? for that. I decide that anyone who uses his mod must be punished. I have the program send me their info so i can blacklist them and sell the account to greifers. I also decide they do not deserve their saves or minecraft so i execute code (if possible, i am not a java wiz) to FUBAR all their saves and even minecraft itself." All it would take is one nutjob to feel such a measure is justified. I am trying to use Forestry to see how it is useful... some of the stuff from "Tekkit with Duncan" looked quite nice. Unfortunately, most of that's do-able. Stealing/selling accounts, not so much, but deleting/corruping saves and MC...yup. Just some fairly simple file I/O. EDIT: Well, thinking about it for a few seconds more, your MC is probably safe, as you need to run MC to run the mod. I can think of some ways around that too, though. Quote
linkthegamer Posted April 13, 2012 Posted April 13, 2012 Unfortunately, most of that's do-able. Stealing/selling accounts, not so much, but deleting/corruping saves and MC...yup. Just some fairly simple file I/O. EDIT: Well, thinking about it for a few seconds more, your MC is probably safe, as you need to run MC to run the mod. I can think of some ways around that too, though. Yeah like i said i'm not a wiz. Didn't know if you could at least send lastlogin file data to a server to sell/give away that or some such. Just sad any of what i said is possible in the first place. Quote
Pilchard123 Posted April 13, 2012 Posted April 13, 2012 Hoo boy, I forgot about the lastlogin thing. Account leeching is probably possible as well. Great. Quote
jakj Posted April 13, 2012 Posted April 13, 2012 Yeah like i said i'm not a wiz. Didn't know if you could at least send lastlogin file data to a server to sell/give away that or some such. Just sad any of what i said is possible in the first place. You can easily send the lastlogin file to an outside source, but that file is encrypted, so only the most dedicated of crackers with the strongest of hardware (or botnet) stand a chance of getting into it. Unless your password is shit like 'iluvminecraft", in which case they'll just run a dictionary attack against the thing and have you as soon as the hash matches. You want to know what's actually scary, though? Java running standalone (as opposed to in a browser) has only the most basic of sandboxes running. Minecraft does not run under a Security Manager: That's why all this reflection stuff is possible, that I can use to fuck around with other mods and Minecraft itself without changing their files. What a .jar running under javaw.exe can do is generally the same things any other .exe can do. Including read any data on your entire filesystem that's read-accessible to the currently-authenticated local user. All of software is really about trust. Even open-source: The only way to 100% trust an open-source program is to not only examine the code for yourself line-by-line, and all its libraries, but also to compile it (and its libraries) with your own tools...and do you trust your tools? You have to draw the line somewhere. You can't live in fear. So, for me, I draw the line at "I trust things unless I see comments saying something got screwed up, in which case I investigate" and further "Now that SirSengir has been shown to be untrustworthy, I have to check his code myself before I use it". That's all I have time and energy for in my life. Read this. http://kolmafia.sourceforge.net/ To make things absolutely clear, open sourcing a program does not make it secure -- it strictly makes it easier to take advantage of work already done by other people, provided you are willing to act in accordance with the terms of the license under which the source code is provided. That said, I believe KoLmafia is safe. However, I'm the main developer of KoLmafia, and I only use a small fraction of its features, so my opinion of it should be taken with a grain of salt. My personal belief is that running any program (including the web browser you are using to view this page) is about near-unconditional trust. If, for any reason, you don't trust the companies and individuals involved in the development of the program, I strongly suggest that you should never run the program, no matter what the promised benefits may be. I believe these same guidelines should be applied if you're thinking about using KoLmafia. Quote
Pilchard123 Posted April 13, 2012 Posted April 13, 2012 You can easily send the lastlogin file to an outside source, but that file is encrypted <snip> You don't need to decrypt it, you only need to distribute it. Thinking about it, I reckon we should stop this line of discussion. Call me paranoid, but if any very-anti-technic modders were to come in here... EDIT: Hurr durr. Distributing it is a little pointless, because you can only log into the game with it. Still. EDIT AGAIN: Once you have the lastlogin file, mess with a launcher to show the password as a human-readable string, rather than a blanked-out array of characters. Does that sound doable? Quote
jakj Posted April 13, 2012 Posted April 13, 2012 They call them one-way hashes for a reason. But fuck: I just realized that having someone's lastlogin file does let you access their account until they change their password. Jesus. We have to think of some defense against this. Any mod could access that file. Quote
jakj Posted April 13, 2012 Posted April 13, 2012 Not using it is one method. Good point. Everybody should delete their lastlogin file and always enter the password manually. Quote
Pilchard123 Posted April 13, 2012 Posted April 13, 2012 Call me a noob, but where would one get the source for the launcher? I want to look at a few things. EDIT: I also want to be be able to edit the launcher source easily without messing around with hex editors, but that's not the point of this edit. Quote
The Merchant of Menace Posted April 13, 2012 Posted April 13, 2012 Good point. Everybody should delete their lastlogin file and always enter the password manually. Just pointing out that the lastlogin file isn't something that's strictly necessary. Then again, the same goes for mods themselves so it's not a particularly good argument to use :P Quote
Pilchard123 Posted April 13, 2012 Posted April 13, 2012 I make two assumptions here: 1. The launcher will populate the password field of the login with your actual password, not some thing that looks like it. 2. You are gullible enough to install my lastlogin stealer. I can now, by modifying the launcher at my end slightly, steal all of your passwords. I'll explain how later, but it's really simple. Quote
Neowulf Posted April 13, 2012 Posted April 13, 2012 1. The launcher will populate the password field of the login with your actual password, not some thing that looks like it. Easy enough to test: login once, close the launcher, change your password on the minecraft website to add a 1 to the end, add that 1 to the end of the blanked out password in the launcher. If it works, the launcher is recreating your plain text password for field entry. Quote
jakj Posted April 13, 2012 Posted April 13, 2012 No, passwords are not sent directly. You type in your password abd it is hashed. The hash is stored which cannot be used to get your password. When you type your pasword agaon it is hashed again and the hashes are compared. You can use the stolen hash to login but not get the password. The password is not stored anywhere the launcher can get it again. Quote
Scumpernickle Posted April 14, 2012 Author Posted April 14, 2012 Now I'm terrified of every mod by everyone. I'm going to proceed to lock myself in my closet for the rest of eternity to stop people from stealing my account credentials. Anyone care to join me? Quote
linkthegamer Posted April 14, 2012 Posted April 14, 2012 Now I'm terrified of every mod by everyone. I'm going to proceed to lock myself in my closet for the rest of eternity to stop people from stealing my account credentials. Anyone care to join me? Just mods? You know it could happen with anything (in fact there was a rouge "downgrader" that sent the last login file to someone's server a while back). Trust no one. Quote
Husan9000 Posted April 15, 2012 Posted April 15, 2012 Benefits? Well lets see... Automated farming, Industrial-To-Buildcraft energy with electrical engines, Biogas Engine, and Biofuel. Pretty much a role in the renewable items of Technic. And you cannot just use the IC2 Mass Fabricator for everything. I know you can get the farm items with EE, but magic is stupid. I enjoy the most realistic renewable parts of Technic. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.