Jump to content




[OS] XoXOS - Keep your server safe.



38 replies to this topic

#21 XoX

  • New Members
  • 53 posts

Posted 09 November 2012 - 09:51 AM

I never said anything bad about afterlifelochie and I'm sure he did a great job coding his BIOS file, my point is that as long as all users have access to run any lua script there is always a possibility that they find an exploit.

#22 bubbaduddles

  • New Members
  • 2 posts

Posted 09 November 2012 - 11:03 AM

I Found A Small Problem And I Am Dumb With Lua Coding But I Did Exactly Like You Said I Put All The Files Right And Got The Computer Id And I Am Getting 1 Error

In The Line You Provided
if os.computerID() = SERVERID then shell.run("XoXOSLS") else while true do shell.run("XoXOS") end end

I Placed At The Bottom Of The Startup Like So.
local sPath = ".:/rom/programs"
if turtle then
sPath = sPath..":/rom/programs/turtle"
else
sPath = sPath..":/rom/programs/computer"
end
if http then
sPath = sPath..":/rom/programs/http"
end
shell.setPath( sPath )
help.setPath( "/rom/help" )
shell.setAlias( "ls", "list" )
shell.setAlias( "dir", "list" )
shell.setAlias( "cp", "copy" )
shell.setAlias( "mv", "move" )
shell.setAlias( "rm", "delete" )
if fs.exists( "/rom/autorun" ) and fs.isDir( "/rom/autorun" ) then
local tFiles = fs.list( "/rom/autorun" )
table.sort( tFiles )
for n, sFile in ipairs( tFiles ) do
  if string.sub( sFile, 1, 1 ) ~= "." then
   local sPath = "/rom/autorun/"..sFile
   if not fs.isDir( sPath ) then
	shell.run( sPath )
   end
  end
end
end
if os.computerID() = 32 then shell.run("XoXOSLS") else while true do shell.run("XoXOS") end end

but It Is Coming Up With The Error
bios:206: [string "startup"]:33: 'then' expected

Please Help Me Fix This

The Line 33 Is The Line He Provided In Startup

#23 Leo Verto

  • Members
  • 620 posts
  • LocationOver there

Posted 09 November 2012 - 11:12 AM

View Postbubbaduddles, on 09 November 2012 - 11:03 AM, said:

Please Help Me Fix This
You need to replace
if os.computerID() = 32 then
with
if os.computerID() == 32 then
Use a single '=' to define a variable, use two to compare two variables.

#24 bubbaduddles

  • New Members
  • 2 posts

Posted 09 November 2012 - 11:19 AM

View PostLeo Verto, on 09 November 2012 - 11:12 AM, said:

View Postbubbaduddles, on 09 November 2012 - 11:03 AM, said:

Please Help Me Fix This
You need to replace
if os.computerID() = 32 then
with
if os.computerID() == 32 then
Use a single '=' to define a variable, use two to compare two variables.

thank you very much i appreciate this a-lot :unsure:/>

#25 XoX

  • New Members
  • 53 posts

Posted 09 November 2012 - 11:26 AM

Oh sorry, I didn't notice I messed that up in the instructions. I'm going to update this very soon, I think this time I will upload the collection of files in a .rar

#26 bjornir90

  • Members
  • 378 posts
  • LocationFrance

Posted 09 November 2012 - 11:35 AM

And so ? If no one use this it is the problem of XoX, you don't need to be agressive like that.... I think he made a good work and spend some time to do that so I believe he don't want to get blamed like that ... And if XoX's server is quited by everybody cause of the restrictions what that do to you ?

#27 XoX

  • New Members
  • 53 posts

Posted 09 November 2012 - 11:54 AM

Updated to V1.2 ,
Major changes
- Added DevNet . Chat for Devs
- Added version for turtles, lets users use excavate and tunnel..
Minor changes:
- Added Pastebin support into the UI
- Maybe some bugfixes if I found any, dont remember.

#28 Sammich Lord

    IRC Addict

  • Members
  • 1,212 posts
  • LocationThe Sammich Kingdom

Posted 09 November 2012 - 10:43 PM

View PostXoX, on 09 November 2012 - 11:54 AM, said:

Updated to V1.2 ,
Major changes
- Added DevNet . Chat for Devs
- Added version for turtles, lets users use excavate and tunnel..
Minor changes:
- Added Pastebin support into the UI
- Maybe some bugfixes if I found any, dont remember.
Do all users have access to pastebin? If so then the point of this is useless because you can just download any script that exploits bugs in the outdated version of ComputerCraft.

My point is that to protect a server you do not deny access to features, you have to fix the bugs and let people do what they want. Somebody could spend a while coding a script that exploits the bugs, try to use it on a server that has patched the bugs, then the malicious coder will then rage quit after finding the bugs have been patched. Do you see my point now? You never want to change the base place for coding in ComputerCraft, if there is a bug patch it, don't just restrict access to the main part of the mod.

As for the code, you could of done better on indenting and comments. Also, the code could of been better. The base propose of it is to protect the server, which is done well, however in my opinion not in an ethical way.

#29 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 03:13 AM

View PostHuman, on 09 November 2012 - 10:43 PM, said:

View PostXoX, on 09 November 2012 - 11:54 AM, said:

Updated to V1.2 ,
Major changes
- Added DevNet . Chat for Devs
- Added version for turtles, lets users use excavate and tunnel..
Minor changes:
- Added Pastebin support into the UI
- Maybe some bugfixes if I found any, dont remember.
Do all users have access to pastebin? If so then the point of this is useless because you can just download any script that exploits bugs in the outdated version of ComputerCraft.

My point is that to protect a server you do not deny access to features, you have to fix the bugs and let people do what they want. Somebody could spend a while coding a script that exploits the bugs, try to use it on a server that has patched the bugs, then the malicious coder will then rage quit after finding the bugs have been patched. Do you see my point now? You never want to change the base place for coding in ComputerCraft, if there is a bug patch it, don't just restrict access to the main part of the mod.

As for the code, you could of done better on indenting and comments. Also, the code could of been better. The base propose of it is to protect the server, which is done well, however in my opinion not in an ethical way.

Your entire argument so far is that it could be done simply with bug-fixing but your logic is flawed because it is based on your believe that it is possible to fix all bugs. I bet you that if you set up a server with whatever bugs fixed etc, I would still find a way to crash it with computercraft.
Also, it seems as if you think that as soon as someone says "I know Lua" they get dev access on my server. No, if I see someone has played for a few days and built a house and town, etc that's when they even become eligible, because if they are actually willing to waste all that time just to crash the server once and then get banned then sure, go ahead.
No matter how good your bug fixing is, if there is even a single bug left that can be exploited then ANYONE can join and crash your server without any effort.
With this there can 10000 bugs that could crash the server but no one can abuse them because the time they would have to spend on the server to get access to computercraft just isn't worth it, and the people who are actually interested in staying can play normally and eventually ask for access.

As for what you said about my code.
The main XoXOS file is tabbed fine now, the others aren't because I wrote them ingame most likely.
As for comments, as I don't plan to show this code to anyone who plans to learn from it I don't comment, no need to comment if I'm the only one reading it.
And don't just say "Could be done better" without suggesting even a single thing I could improve.

#30 Sammich Lord

    IRC Addict

  • Members
  • 1,212 posts
  • LocationThe Sammich Kingdom

Posted 10 November 2012 - 09:47 AM

Spoiler

Think about it this way, if you are a game dev and there is a map that has a glitch in it, are you going to take the map out or are you going to fix the glitch?

I used to grief a lot. I would spend about a week doing recon on a server and gaining people's trust just to destroy everything. Also, you can exit out of your program if you cause one of the programs to crash some how. Also, tell me how you would know who crashed the server? I can easily name quite a few exploits in ComputerCraft 1.3 that can crash a server fairly quickly. Two of them are, the coroutine exploit and DVX.1(Abuses rednet and the FS API).

Now if you would excuse me, I am going to go play some Medal Of Honor: Warfighter.

#31 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 11:59 AM

View PostHuman, on 10 November 2012 - 09:47 AM, said:

Spoiler

Think about it this way, if you are a game dev and there is a map that has a glitch in it, are you going to take the map out or are you going to fix the glitch?

I used to grief a lot. I would spend about a week doing recon on a server and gaining people's trust just to destroy everything. Also, you can exit out of your program if you cause one of the programs to crash some how. Also, tell me how you would know who crashed the server? I can easily name quite a few exploits in ComputerCraft 1.3 that can crash a server fairly quickly. Two of them are, the coroutine exploit and DVX.1(Abuses rednet and the FS API).

Now if you would excuse me, I am going to go play some Medal Of Honor: Warfighter.

You are again completely disregarding my statement about your logic being flawed because it is simply not possible to fix all bugs, Also, if you exit out of the other scripts you simply return to XoXOS, the script it was loaded from.

#32 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 12:08 PM

Also, FYI, the loginserver now logs all PCID's which should help in case someone does make a script because I can simply look for these for the script in question.

#33 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 10 November 2012 - 12:32 PM

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft

#34 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 12:36 PM

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.

?

#35 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 12:40 PM

View PostPixelToast, on 10 November 2012 - 12:32 PM, said:

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft
??

#36 Sammich Lord

    IRC Addict

  • Members
  • 1,212 posts
  • LocationThe Sammich Kingdom

Posted 10 November 2012 - 12:55 PM

View PostXoX, on 10 November 2012 - 12:40 PM, said:

View PostPixelToast, on 10 November 2012 - 12:32 PM, said:

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft
??
LMFAO!!!
Funny shit. Leave it to Mk to realize something that is obvious.


View PostXoX, on 10 November 2012 - 12:08 PM, said:

Also, FYI, the loginserver now logs all PCID's which should help in case someone does make a script because I can simply look for these for the script in question.

Ever heard of bytecode?

#37 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 01:04 PM

View PostHuman, on 10 November 2012 - 12:55 PM, said:

View PostXoX, on 10 November 2012 - 12:40 PM, said:

View PostPixelToast, on 10 November 2012 - 12:32 PM, said:

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft
??
LMFAO!!!
Funny shit. Leave it to Mk to realize something that is obvious.


No idea what you mean.

View PostHuman, on 10 November 2012 - 12:55 PM, said:


Ever heard of bytecode?

No idea what you mean.

#38 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 10 November 2012 - 02:28 PM

View PostXoX, on 10 November 2012 - 01:04 PM, said:

View PostHuman, on 10 November 2012 - 12:55 PM, said:

View PostXoX, on 10 November 2012 - 12:40 PM, said:

View PostPixelToast, on 10 November 2012 - 12:32 PM, said:

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft
??
LMFAO!!!
Funny shit. Leave it to Mk to realize something that is obvious.


No idea what you mean.
No idea what you mean.

seriously though
i dont get it :S

#39 XoX

  • New Members
  • 53 posts

Posted 10 November 2012 - 03:06 PM

View PostPixelToast, on 10 November 2012 - 02:28 PM, said:

No idea what you mean.

seriously though
i dont get it :S

Well what were you referring to with this?

View PostPixelToast, on 10 November 2012 - 12:32 PM, said:

View PostMechaTallon, on 10 November 2012 - 12:27 PM, said:

xD XoX you're being trolled.
especially by me and mandrake :unsure:/>
were going to make a blog post about it after we finish geevancraft






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users