rugk

Yeah, thanks for the link. (BTW the like feature in this forum is not working.)

BTW, also created some ad (sources available) for the 34c3. See this thread for details: https://wildfiregames.com/forum/index.php?/topic/23610-advertisment-on-34c3/

Hi, thanks for all the teams. I changed the position of the link: https://github.com/rugk/0ad-ad-34c3/blob/master/0ad-banner_originalpng1.png Also, I've of course exported the files as PNGs/JPGs, SVG was just for creating them.

It is live, in two versions …

Hi, I am goi ng to publish an advertisment for this nice game on 34c3. This is how it looks currently: https://github.com/rugk/0ad-ad-34c3/blob/master/0ad-banner.svg If you have any suggestions or so, feel free post them here.

Are you kidding? I am trying to help and you write this nonesense… I explained each issue in every detail, presented solutions instead of just complaining and you are complaining that you have to read too much text? If that is your problem do something else and do not reply me – you just have to read so much text afterwards. Downloads are mirrored. Yes and I don't care. Nobody cares. No user ever notices the download mirrors… What are you even trying to say? And if no HTTPS is used you can just say that, instead of defaming me or pushing blames here. The easy logical alternative is TLS under whatever protocol you actually use. And BTW: I am a user of 0ad. Not a dev. So I do not look at the code, obviously. Do you want to require that one has to browse through the source before opening issues? Okay, sure, I do not report any bugs anymore without looking at the source. And I should suggest everyone to do the same. Then you will likely have a big problem. Your "free" QA department you have just vanished. I was very calm and tried to excuse every thing you said, but at some point you have to stop. I am very willing to help and to do something constructive, but not in that way, with such destructive replies. I thought you care about your game, but at least for @leper, I am obviously wrong.

Ahh now I understand this sentence. Yes, of course, I think everybody should know.

Again: This issue is not about passwords. Also BTW, this issue is already confirmed to be "likely" solved in the next release as @implodedok said in #2. And that is okay. I also opened a trac issue. So I see no reason for discussing this anymore. And even if, then please discuss it in a serious way.

Yes, and you can also say people they should not kill each other… Hmm, they seem to do it anyway. You can say many things, yes. Paper does not blush. (that's a proverb)

I do not know if Steam uses HTTPS, but I really think they use HTTPS. But I think this is another typo… Also in this issue no password is transmitted. This issue is not about any password at all… You seem to have replied to the wrong topic or so. What I take from your reply is: There is not 100% security. That is correct, of course, but that does not mean you should not use HTTPS. I mean your house door can also be broken – does that mean, you do not use a door? Also I am not such a big target as HBO. And finally when HTTPS is not used you do not have to "hack" anyone. YOu can just sit on a chair next to them, when they are logged in the same WLAN as you. It has nothing to do with hacking in the sense of breaking into computers.

HTTPS for lobby: https://trac.wildfiregames.com/ticket/4705 Checkbox for not saving password: https://trac.wildfiregames.com/ticket/4708 Hash passwords on server: https://trac.wildfiregames.com/ticket/4709 Passwords in OS keychain: https://trac.wildfiregames.com/ticket/4710 Secure downloads: https://trac.wildfiregames.com/ticket/4706

Shortsighted? Yes, if I had the programming language knowledge (C/C++ or whatever you use) I could, but this is a not that easy issue, you may need interaction with openssl… or use curl, whatever… So it is not really easy. And it should be done properly, so better someone else does it. My reply about open source was just because of elexis' reply. I still have no clue about what he was trying to say.

I do not understand your sentence, but my general answer would be: 0ad is open-source, so everybody can "certify" any "defense mechanism" in the game.

Every heard of three-letter agencies, which do exactly that and do not target a user individually? In any case opened a trac issue for that: https://trac.wildfiregames.com/ticket/4707

Exactly. And that's why you should use an unique salt for each password/user and save it together with the password. Maybe read the links I've provided, there is plenty of information how this should be done… No, why? I explained that previously. Client send exactly the same password as usually… Servers just hash it (again!). No client work… Would you mind to elaborate this? I see no difference here. Exactly that's the thing we want. If you would not care, sure, go ahead and do not hash passwords at all and store them in plain-text! If you do not value your user's securty at all, do so, but please do not complain when you are being called out when something bad happens… To get back to topic: I originally requested keychain integration. I could not see that this thread/topic was going such crazy… (And keychain integration needs more than 5 lines.) I also think it makes no sense to discuss three different feature suggestions in one thread. This is going weird here, anyway, already… So I am opening issues in trac for all discussed things, in order to track them properly and – most importantly – separate from each other.