Jump to content

Benefits of Foresty?

Scumpernickle

By Scumpernickle
in Cafe Lame

 Share

Recommended Posts

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

jakj Bedrock

jakj

Posted
Posted

Well, you can still use forestry. You just have to install a little fix for it.

That is, if you trust that there aren't any more little "gems" in the code we have yet to find. Who knows what someone will put into code who already has done what he's done.

Link to comment
Share on other sites
Naturam Grass

Naturam

Posted
Posted

Don't think I'll be touching mods that are purposely rigged with malicious software. Some of these things barely run as it is with the developer making every effort to make it functional. Never mind mods that have purposely been sabotaged.

Link to comment
Share on other sites
MechaCrash Iron

MechaCrash

Posted
Posted

The ability to make cans and capsules which are capable of holding oil and fuel was also useful, because there have been plenty of situations where the ability to carry around some fuel would have been useful, but I didn't want to set up a liquid transport system. It was also a handy way to move water and lava, because while it was possible to put water and lava into cells, there was no way to get it out.

But Sengir's poisoned the well, and everything he's touched is to be regarded with extreme suspicion. For that matter, I'm pretty sure I won't be touching mods from non-Technic sources, because if this is the kind of dickery that's not just tolerated but encouraged on the MC Forums, I don't want anything to do with it.

Link to comment
Share on other sites
linkthegamer Obsidian

linkthegamer

Posted
Posted

Yeah, I mean the current one seems harmless enough but it shows a disturbing new possibility.

My fear is something along the line of this: "I am a mod maker. I made a mod, Jay? made a mod like mine. I HATE Jay? for that. I decide that anyone who uses his mod must be punished. I have the program send me their info so i can blacklist them and sell the account to greifers. I also decide they do not deserve their saves or minecraft so i execute code (if possible, i am not a java wiz) to FUBAR all their saves and even minecraft itself." All it would take is one nutjob to feel such a measure is justified.

I am trying to use Forestry to see how it is useful... some of the stuff from "Tekkit with Duncan" looked quite nice.

Link to comment
Share on other sites
Pilchard123 Emerald

Pilchard123

Posted
Posted

Yeah, I mean the current one seems harmless enough but it shows a disturbing new possibility.

My fear is something along the line of this: "I am a mod maker. I made a mod, Jay? made a mod like mine. I HATE Jay? for that. I decide that anyone who uses his mod must be punished. I have the program send me their info so i can blacklist them and sell the account to greifers. I also decide they do not deserve their saves or minecraft so i execute code (if possible, i am not a java wiz) to FUBAR all their saves and even minecraft itself." All it would take is one nutjob to feel such a measure is justified.

I am trying to use Forestry to see how it is useful... some of the stuff from "Tekkit with Duncan" looked quite nice.

Unfortunately, most of that's do-able. Stealing/selling accounts, not so much, but deleting/corruping saves and MC...yup. Just some fairly simple file I/O.

EDIT: Well, thinking about it for a few seconds more, your MC is probably safe, as you need to run MC to run the mod. I can think of some ways around that too, though.

Link to comment
Share on other sites
linkthegamer Obsidian

linkthegamer

Posted
Posted

Unfortunately, most of that's do-able. Stealing/selling accounts, not so much, but deleting/corruping saves and MC...yup. Just some fairly simple file I/O.

EDIT: Well, thinking about it for a few seconds more, your MC is probably safe, as you need to run MC to run the mod. I can think of some ways around that too, though.

Yeah like i said i'm not a wiz. Didn't know if you could at least send lastlogin file data to a server to sell/give away that or some such. Just sad any of what i said is possible in the first place.

Link to comment
Share on other sites
jakj Bedrock

jakj

Posted
Posted

Yeah like i said i'm not a wiz. Didn't know if you could at least send lastlogin file data to a server to sell/give away that or some such. Just sad any of what i said is possible in the first place.

You can easily send the lastlogin file to an outside source, but that file is encrypted, so only the most dedicated of crackers with the strongest of hardware (or botnet) stand a chance of getting into it. Unless your password is shit like 'iluvminecraft", in which case they'll just run a dictionary attack against the thing and have you as soon as the hash matches.

You want to know what's actually scary, though? Java running standalone (as opposed to in a browser) has only the most basic of sandboxes running. Minecraft does not run under a Security Manager: That's why all this reflection stuff is possible, that I can use to fuck around with other mods and Minecraft itself without changing their files. What a .jar running under javaw.exe can do is generally the same things any other .exe can do. Including read any data on your entire filesystem that's read-accessible to the currently-authenticated local user.

All of software is really about trust. Even open-source: The only way to 100% trust an open-source program is to not only examine the code for yourself line-by-line, and all its libraries, but also to compile it (and its libraries) with your own tools...and do you trust your tools? You have to draw the line somewhere. You can't live in fear.

So, for me, I draw the line at "I trust things unless I see comments saying something got screwed up, in which case I investigate" and further "Now that SirSengir has been shown to be untrustworthy, I have to check his code myself before I use it". That's all I have time and energy for in my life.

Read this.

http://kolmafia.sourceforge.net/

To make things absolutely clear, open sourcing a program does not make it secure -- it strictly makes it easier to take advantage of work already done by other people, provided you are willing to act in accordance with the terms of the license under which the source code is provided. That said, I believe KoLmafia is safe. However, I'm the main developer of KoLmafia, and I only use a small fraction of its features, so my opinion of it should be taken with a grain of salt.

My personal belief is that running any program (including the web browser you are using to view this page) is about near-unconditional trust. If, for any reason, you don't trust the companies and individuals involved in the development of the program, I strongly suggest that you should never run the program, no matter what the promised benefits may be. I believe these same guidelines should be applied if you're thinking about using KoLmafia.

Link to comment
Share on other sites
Pilchard123 Emerald

Pilchard123

Posted
Posted

You can easily send the lastlogin file to an outside source, but that file is encrypted

<snip>

You don't need to decrypt it, you only need to distribute it. Thinking about it, I reckon we should stop this line of discussion. Call me paranoid, but if any very-anti-technic modders were to come in here...

EDIT: Hurr durr. Distributing it is a little pointless, because you can only log into the game with it. Still.

EDIT AGAIN: Once you have the lastlogin file, mess with a launcher to show the password as a human-readable string, rather than a blanked-out array of characters. Does that sound doable?

Link to comment
Share on other sites
jakj Bedrock

jakj

Posted
Posted

They call them one-way hashes for a reason.

But fuck: I just realized that having someone's lastlogin file does let you access their account until they change their password. Jesus. We have to think of some defense against this. Any mod could access that file.

Link to comment
Share on other sites
Pilchard123 Emerald

Pilchard123

Posted
Posted

I make two assumptions here:

1. The launcher will populate the password field of the login with your actual password, not some thing that looks like it.

2. You are gullible enough to install my lastlogin stealer.

I can now, by modifying the launcher at my end slightly, steal all of your passwords. I'll explain how later, but it's really simple.

Link to comment
Share on other sites
Neowulf Bedrock

Neowulf

Posted
Posted

1. The launcher will populate the password field of the login with your actual password, not some thing that looks like it.

Easy enough to test: login once, close the launcher, change your password on the minecraft website to add a 1 to the end, add that 1 to the end of the blanked out password in the launcher. If it works, the launcher is recreating your plain text password for field entry.

Link to comment
Share on other sites
jakj Bedrock

jakj

Posted
Posted

No, passwords are not sent directly. You type in your password abd it is hashed. The hash is stored which cannot be used to get your password. When you type your pasword agaon it is hashed again and the hashes are compared. You can use the stolen hash to login but not get the password. The password is not stored anywhere the launcher can get it again.

Link to comment
Share on other sites
linkthegamer Obsidian

linkthegamer

Posted
Posted

Now I'm terrified of every mod by everyone. I'm going to proceed to lock myself in my closet for the rest of eternity to stop people from stealing my account credentials. Anyone care to join me?

Just mods? You know it could happen with anything (in fact there was a rouge "downgrader" that sent the last login file to someone's server a while back).

Trust no one.

Link to comment
Share on other sites
Husan9000 Dirt

Husan9000

Posted
Posted

Benefits? Well lets see...

Automated farming, Industrial-To-Buildcraft energy with electrical engines, Biogas Engine, and Biofuel. Pretty much a role in the renewable items of Technic. And you cannot just use the IC2 Mass Fabricator for everything.

I know you can get the farm items with EE, but magic is stupid. I enjoy the most realistic renewable parts of Technic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

Announcements

  • Anything claiming to be official Technic servers are not allowed here, for obvious reasons


×
×
  • Create New...