Is anyone using a stand-alone app to connect to PsiNet chat? I seem to remember that you could load up PsiNet and it would spawn the WizFE and you could chat when the game was down. Is there any way to set something up so that I could have a little app window with OOC running and not have Wiz/SF/SGE/Launcher on the computer?

Having OOC on my phone would be really awesome to pass the time when I am waiting for connecting flights/trains and I don't want to whip out the laptop. Figure getting a small desktop app working first would be a good step towards making that happen.

The old Psinet used to be able to do this with the WizardFE. You could log into just Psinet chat without connecting to the game. Not sure if the newer one can.

I know Jamus talked off and on about having a standalone chat client; you wouldn't be able to write one yourself because you'd have to know his authentication mechanisms.

A pidgin plugin would be nice.

A pidgin plugin would be nice.

this.

The old Psinet used to be able to do this with the WizardFE. You could log into just Psinet chat without connecting to the game. Not sure if the newer one can.

I know Jamus talked off and on about having a standalone chat client; you wouldn't be able to write one yourself because you'd have to know his authentication mechanisms.

Why do they need to be secret? Simu's god awful SGE protocol is "documented" (http://www.krakiipedia.org/wiki/SGE_protocol_(saved_post)) and they seem to be able to authenticate users and restrict access just fine.

As in Jamus intentionally convuluted the connection to psi-net in order to stop people from impersonating admins on his system (if I'm remembering correctly). I haven't looked at it, but I'm sure it is possible, just not straitforward.

As in Jamus intentionally convuluted the connection to psi-net in order to stop people from impersonating admins on his system (if I'm remembering correctly). I haven't looked at it, but I'm sure it is possible, just not straitforward.

Last time I checked Simu had GMs which have slightly more power than Psinet admins.

I think you are a touch mislead/confused as to how psinet/lich intercept the game server.

Last time I checked Simu had GMs which have slightly more power than Psinet admins.
Not sure I was so clear with stating my post... Simu's authentication works fine, it's not exactly secure, but it'll work. Psinet doesn't have an account creation, it relies on the fact that you're connected to simu, at one point I don't believe he had the psinet keys thing he has now, so all you had to do was intercept the connection between psinet and simu and you could tell psinet you were connected to simu as someone else.

That he fixed a while ago I'm pretty sure... the other issue was that he either had people connecting as characters that didn't exist to circumvent his bans (people who gay bash got banninated), or he wasn't scrubbing data and people using lich were sending him bad data, so he put in something to try to verify he was the only connection between the FE and Simu.

He doesn't have an open protocol because he wants to ensure he is the only connection between the FE and Simu. Of course this is impossible to truely enforce if someone wanted to put the effort into looking at how he did it.

I think you are a touch mislead/confused as to how psinet/lich intercept the game server.
This wasn't directed at me was it?

The SGE protocol is documented because they don't care if you create a third party game entry. You still need a correct login and password to get access to a GM account or any account. While you would still need a pin number or whatever to access PsiNet, Jamus doesn't want any third party software connecting to his server, even if you're not up to something. If you were actually up to something, it wouldn't be too hard to get past this. If you're not up to something, there's not much point in getting past it, because the authentication mechanism would eventually just be changed and the third party program would be broken.

Summary of convoluted authentication mechanism: Leave the door open for anyone that wants to cause trouble. Screw over honest users.

This wasn't directed at me was it?

Nope. It was directed towards Bigworm. By his statements I think he was incorrectly assuming that psinet somehow authenticated its users through a simu server/sge sort of thing.

The issue with the bad data was fake stormfront for the wizard confusing the fuck out of psinet.

In the issue of fake stormfront and PsiNet.. Lich was on the proper side of PsiNet. If Lich was allowed to be between PsiNet and the game server, there would have been no problem. Lich wasn't actually sending any bad data to the local PsiNet client, or the PsiNet server. Lich requested XML from the game server, but PsiNet connected to the GSL game server and expected GSL. The data confusing PsiNet came directly from Simu. If Lich could be started first, it could tell PsiNet that it's going to get XML. It can't, so you have to select Stormfront when logging in so PsiNet doesn't get confused. Then you can tell Lich to launch the Wizard even though the login file says Stormfront. So, a PsiNet security measure actually caused this problem. It wasn't in response to this problem.

Nope. It was directed towards Bigworm. By his statements I think he was incorrectly assuming that psinet somehow authenticated its users through a simu server/sge sort of thing.

The issue with the bad data was fake stormfront for the wizard confusing the fuck out of psinet.

No, I was comparing Psinet's convoluted and obfuscated "secret" authentication methods to Simu's convoluted authentication system.

Jamus is a control freak who insists on re-implementing the wheel all the time, but that's his right.

No, I was comparing Psinet's convoluted and obfuscated "secret" authentication methods to Simu's convoluted authentication system.

Jamus is a control freak who insists on re-implementing the wheel all the time, but that's his right.

As fail as it may be.

You used to be able to by going into the PSInet folder and clicking on the application, with the new Sage it doesn't appear to work.

I recall doing it when the game would go down and we would chat waiting for it to come back up. I just tried it and it didn't work.

No, I was comparing Psinet's convoluted and obfuscated "secret" authentication methods to Simu's convoluted authentication system.

Jamus is a control freak who insists on re-implementing the wheel all the time, but that's his right.

Tillmen knows Jamus's secerets.

Tillmen knows Jamus's secerets.

I spoke with Jamus the otherday. He's back and actively working on psinet. Going to start beta testing his scripting engine soon (if they arent already doing it). During the conversation he offered an olive branch towards the lich community saying that he would give us any info we needed for calculating spell durations and such. Tillmen probably doesn't need it but it was a nice gesture.

Jamus ain't all that bad, just misunderstood.

I guess my main point is that if asked nicely and we worked together this might be a possibility.

Nah, Jamus is the Microsoft of Gemstone 3rd party add-ons. Tillmen is Linux.

Nah, Jamus is the Microsoft of Gemstone 3rd party add-ons. Tillmen is Linux.

qft

qft

nono, you're right... He's much more like the Apple of Gemstone 3rd party programs.

Not sure I was so clear with stating my post... Simu's authentication works fine, it's not exactly secure, but it'll work. Psinet doesn't have an account creation, it relies on the fact that you're connected to simu, at one point I don't believe he had the psinet keys thing he has now, so all you had to do was intercept the connection between psinet and simu and you could tell psinet you were connected to simu as someone else.

That he fixed a while ago I'm pretty sure... the other issue was that he either had people connecting as characters that didn't exist to circumvent his bans (people who gay bash got banninated), or he wasn't scrubbing data and people using lich were sending him bad data, so he put in something to try to verify he was the only connection between the FE and Simu.

He doesn't have an open protocol because he wants to ensure he is the only connection between the FE and Simu. Of course this is impossible to truely enforce if someone wanted to put the effort into looking at how he did it.

This is EXACTLY accurate. If I ban someone, I do not want them simply replacing their reported character name to one that does not exist, which would not require a key to connect. This, like the key system itself, was done in response to an actual event that occurred.



If Lich was allowed to be between PsiNet and the game server, there would have been no problem. Lich wasn't actually sending any bad data to the local PsiNet client, or the PsiNet server. Lich requested XML from the game server, but PsiNet connected to the GSL game server and expected GSL. The data confusing PsiNet came directly from Simu.


I wasn't involved in this, but that is likely true. It would have been a simple matter to change which parser PsiNet used when it detected the alternate stream- but it would not change the fact that I insist that PsiNet be closest to the game server, making it a moot point.



The SGE protocol is documented because they don't care if you create a third party game entry. You still need a correct login and password to get access to a GM account or any account. While you would still need a pin number or whatever to access PsiNet, Jamus doesn't want any third party software connecting to his server, even if you're not up to something.

Yes, except- as mentioned above- that because I do not require registration, you could connect using arbitrary names, as you pleased, so a password system is inadequate.



If you were actually up to something, it wouldn't be too hard to get past this.


It has served me well, so far. It is certainly not fool-proof (and I am, honestly, a teensy bit surprised the concerted efforts of the Lich community haven't found a way to circumvent it), but it has been enough to maintain what I insist upon.



If you're not up to something, there's not much point in getting past it, because the authentication mechanism would eventually just be changed and the third party program would be broken.

Summary of convoluted authentication mechanism: Leave the door open for anyone that wants to cause trouble. Screw over honest users.


Nobody has caused trouble thus far, so it appears to be working- as a deterrent if not an outright preventative. You're right though- the moment that this was circumvented, I would very likely shut down and implement public/private key encryption for the entire stream.

Incidentally, honest users of my software are more than welcome to connect to my server as they please, using my software.

I feel like your last post was a challenge to circumvent your authentication mechanism and force you to implement real security.

Not much of a challenge.

Doing it regularly, without being detected, now that is an accomplishment only a few could achieve.

Because, once more than a few figure it out, Jamus will do as he stated.