Jump to content


Community Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

dave_k's Achievements


Discens (2/14)



  1. Okay, glad that fixed it. Thanks for trying the instructions even though you haven't used a development version of the game. From the video, it looks like the installation path for the game that you chose, where JohnDoe is your Windows username, is "C:\Users\JohnDoe\AppData\Local\0 A.D. alpha", correct? And, you didn't install any mods that were not compatible with 0ad version alpha 0.0.25b? Hey, @wraitii, could this installation path interfere with the bug fix of #6320?
  2. Here is another possible explanation and solution. If you used a development version of 0ad between alpha 0.0.24 and alpha 0.0.25 then you could be affected by a bug explained here that causes a black screen on startup of the game. The resolution of that bug is to ensure that you're using the latest stable version of the game (0.0.25b) and then backup and delete all files in the "C:\Users\JohnDoe\Documents\My Games\0ad\mods\user" folder, where "JohnDoe" is your Windows username. If that doesn't work then try backing up and erasing all user config files and cache data, at the paths listed here.
  3. It seems like we haven't done enough "comparison shopping", because I found several CI/CD tools that support Svn, Git, and even Mercurial. Apache's comparison of CI/CD tools How seriously is Svn being considered as a solution? It seems like it is completely possible. The decision process for selecting CI/CD tools would need to be less rushed. These are the options that I would suggest. Tools that support Svn and Git, are actively developed and maintained, and allow self-hosting OpenProject (Ruby) Tuleap (PHP) FusionForge (PHP) Redmine (Ruby The first two options have commits within the past few days. The second two options have most recent commits as of 2 years ago. OpenProject has 359K lines of code, and 4 documented security vulnerabilities since 2017. Tuleap has 1.3M lines of code, and 14 documented security vulnerabilities since 2014. FusionForge has 702K lines of code, and 3 documented security vulnerabilities since 2013. Redmine has 414K lines of code, and 44 documented security vulnerabilities since 2008. Gitlab has 1.6M lines of code, and 601 documented security vulnerabilities since 2013. The only project that seems to encourage their contributors to write secure code is Tuleap. But, they also acknowledge that their codebase is huge, and some parts are 20 years old and probably have flaws. This is part of the basis for my recommendations above for CI/CD tools, listed above in order of preference from highest to lowest. Whatever CI/CD tools we consider choosing, we should do at least a cursory evaluation of how securely they were programmed. After skimming this article, I can see how difficult is is to write secure apps with Ruby. And, PHP wasn't designed with security in mind, so it may also be difficult to write secure apps in PHP. Also, see the guides on SQL Injection Prevention and PHP Configuration, and the OWASP Top 10 categories of vulnerabilities. My opinion of the ranking of web-based languages from most likely to be secure to least likely: Python, Perl, PHP, Ruby, Go, Java. Justification: Python and Go are the only type-safe and memory-safe languages used by CI/CD tools in the lists that I have found. It is not possible to use Go with private modules, so Go requires trusting a third party. Therefore, I consider Python to be the best language, as long as pip is NOT used to install modules. As a result, I recommend using a traditional distro for hosting the CI/CD tools. Java has had numerous articles written about its vulnerability to arbitrary code execution. Apache Bloodhound is the only Python-based CI/CD tool that supports SVN, as far as I'm aware. I don't see active development on it, though. The last release appears to be in 2015. Maybe there are more actively developed CI/CD tools out there that I haven't found. If you know of options that aren't listed on the Apache comparison page, besides OpenProject, then please suggest additional options for us to consider.
  4. What are the current limitations and what are possible solutions for that? The current limitation is that Phabricator is no longer actively maintained by its parent corporation. This is it. This is the only major cause for action that I can see. So, we need to be careful to avoid creating new problems in our suggested approach to solving this major problem What is required from the version control system and CI? Security Reliability Longevity Companies involved are allies of FLOSS instead of enemies Ease of use, particularly for newer contributors Development data is not fragmented Which features are required? A solution for storing binary files What is only nice to have? GPG signing of commits or at least tags and pull requests 2-factor authentication End-to-end encrypted backup of data Easy export of data What are the pros and cons for them? I will address two of the traits that are, in my opinion, key requirements: Security and Ease of Use. Security Solarwinds was hit by malware that targeted the build environment. It was described in some articles as "IT's Pearl Harbor". I encourage people to personally examine the security of the build environment, if only briefly. If you can think of vulnerabilities then so can the bad guys. One step to achieving security of the software supply chain is to cryptographically sign patches or tags and pull requests, as well as releases. Also, a fundamental method of achieving security is to minimize the attack surface. Don't use unnnecessary software, and don't use overly complex software. Some of these CI/CD systems have more than 1 million lines of code. Do you think they've been reviewed? Do you think they've been designed with security in mind? I like the advice, "Trust, but verify." If you weren't involved in the development process of the CI/CD tool, and you haven't read the source code, then you're trusting something but not verifying it. Ease of Use We need to address the wants and needs of stakeholders who are not participating in this conversation, but who are nevertheless valued contributors to the project. We have more than 20 developers and artists, and probably a handful of them have strong IT skills. Visualize a scenario where you have little knowledge about source control system inner workings and little free time to learn about them. You just want to make content or contribute a feature or bug fix. If the VCS is complex with a confusing user interface and inconsistent or invalid metaphors, are you going to spend a lot of time reading documentation and watching tutorial videos in order to contribute your improvements to WFG? Or, are you going to throw up your hands and not contribute the improvements at all? That decision depends on the individual, but the decision about which VCS we use can have an impact on how many contributors we have in the long term.
  5. Alt+G is a toggle that disables the UI in 0 A.D., although it doesn't remove the selection circles. Maybe a game engine modification could help with this, unless there is a feature that removes even more of the UI. I would also recommend disabling the sound effect of a horn that plays whenever you're under attack.
  6. Hey, this is a great idea. I would really like to see this type of movie, since it would bring a story from history into a modern presentation. No, your movie does not have to be Open Source. It's explained by this answer in the FSF's frequently asked questions about the GPL. The answer assumes some knowledge of copyright, such as what "fair use" means. It also assumes that you know the license of each part of the game. I encourage you to read about fair use here and here. The articles have information that is relevant to your movie idea. The FSF answer mentions that you might need a license in order to use the music. The music of 0ad is licensed under Creative Commons Attribution Share-Alike 3.0 Unported instead of the GPL. So, if your use is not consistent with "fair use" then you would need to license your movie under CC BY-SA 3.0 Unported. Here is a list of the license for the art, music, maps, source code, etc. of 0 A.D. Notice that the source code is not always GPL. 0 A.D. offers high quality original art and audio (including voiceovers, music, ambient sounds, sound effects). Using significant amounts of this content would definitely subject your movie to being licensed under the applicable CC license. What's significant? For music, I've heard that anything more than 15 seconds is unlikely to be fair use. If you're ever in doubt, contact the author of the content and ask if your planned use is consistent with the license or fair use. Free software and free content licenses (where free means freedom) are great things. You don't pay money and become a customer. Instead, you get a bunch of free content, and you are encouraged to reciprocate in the future so that everyone benefits. And, you can read the blueprints, modify the game engine, art or sounds, make derivative works such as movies, and it's completely legal, in fact encouraged, as long as you follow the license terms or limit your use to "fair use". One idea for shortcuting the issue of the music license is to just mute the 0 A.D. in-game music when you record the movie footage. Then you can dub royalty-free music, Creative Commons Attribution only music, or other music that you have a license for, so that you aren't required to license your movie under CC BY-SA 3.0 Unported. Or just license it under CC BY-SA 3.0 Unported. It would be a good way to contribute to the community.
  7. Hey Ranyel, The latest version of 0 A.D. available for Debian is 0.0.25b, but it's only in the "unstable" or "sid" repository. You can temporarily add an unstable repository in order to install 0ad from it, then remove the repository. Just be careful that apt doesn't try to install versions of important packages like libc6, gcc, the kernel, etc, from the unstable repository. Also, MX Linux version 21 is the latest, based on Debian stable (bullseye). I don't know which version of Debian that MX Linux 19 is based on. 0ad from the unstable repository might work, or it might not. There are potential solutions. Please join IRC, and I'll help you with getting 0 A.D. version 0.0.25b installed. Click "IRC Channel" or "IRC Chat" at the top of the webpage. -- dave_k
  8. Okay, this is good to hear. Does it always work when you connect to players who are known to have properly configured their networks? Are you able to host games? On the other hand, "if it isn't broken, don't fix it," can be a useful aphorism. See the screenshot of the router administration interface for "port weiterleitung" (port forwarding), which you posted in this thread in your last post on September 28. When I first looked at the screenshot I made an assumption that 1:1 port mapping was enabled, but maybe it's not. There is no red line below it, so maybe it's just an alternate option that is not currently enabled. I have translated the German interface using Google Translate (which was able to infer the correct accents on characters). For anyone else reading this, here is the translation. Die anderungen wurden erfolgreich angewandt. Das Firewallregelwerk wird nun im Hintergrund neu geladen. Uberprufen Sie den Fortschritt des Filterneuladens. Port Weiterleitung Ausgehend NPt Ausgehender NAT Modus Automatische Erzeugung der NAT-Regel fur den ausgehenden Verkehr. (IPSec Durchleitung inklusive) Hybride Erzeugung der NAT-Regeln. (Automatische ausgehende NAT & folgende Regeln) Manuelle Erzeugung der Regeln fur ausgehendes NAT. (AON - Advanced Outbound NAT) Automatische Generierung von ausgehenden NAT regeln deaktivieren. (Keine ausgehenden NAT Regeln) Schnittstelle Quelle Quellport Ziel Zielport NAT-Adresse NAT-Port Statischer Port Beschreibung Aktionen The changes were successfully applied. The firewall regulator will now be reloaded in the background. Check the progress of the filtering backup. Port forwarding Starting NPt Outgoing NAT mode Automatic generation of the NAT rule for outgoing traffic. (IPSec throughput inclusive) Hybrid generation of the NAT rules. (Automatic outgoing NAT & following rules) Manual generation of the rules for outgoing NAT. (AON - Advanced Outbound NAT) Disable automatic generation of outgoing NAT rules. (No outgoing NAT rules) Interface Source Source port Target Destination sport NAT NAT-PORT Static port Description Actions It helps to know the difference between source NAT and destination NAT. I think that source NAT is designed for connecting as a client to other players' hosted games. And, destination NAT is designed for allowing other players to connect to your hosted game. Destination NAT is also known as port forwarding. Destination NAT is usually only necessary if you want to be able to host games. However, maybe it is also necessary if you want to enable static port mapping. I am curious what the effects are of each of the modes for "Ausgehender NAT Modus" (Outgoing NAT mode). Capturing traffic and listing the raw rules with each of the choices for the "Ausgehender NAT Modus" could help answer the question. I would advise that you avoid posting your raw firewall rules on a public forum, though, as it could show untrustworthy people gaps in your firewall configuration. Here is some info on the difference between source NAT and destination NAT (in particular, see chapter 3, "The Two Types of NAT", and chapters 6.1 and 6.2). Yes, it's talking about Linux and netfilter, but the explanations of networking concepts are universal for any operating system. And, it might be useful for internet searching to find more detailed explanations. If things work well enough then experimentation and troubleshooting can be a long-term project, of course. Let me know if you have any other questions.
  9. Hello wald, Thanks for sharing a screenshot of the error message. Unfortunately, it's not enough information to know how to solve the problem. It will take some exploration into OS networking settings, network configuration, ISP filtering, etc. Please join IRC during US daylight hours and talk to me for troubleshooting advice. In order to join IRC, click "IRC Channel" at the top of the 0 A.D. website.
  10. Hey pixel24, Can we get an update on whether 0ad is working at your workplace? If it's still not working properly then I have some more advice. Choose which art of troubleshooting you want: Black Art or White Art. Both can be useful, I think. Black Art method of troubleshooting (recipes that might or might not solve the problem magically) 1. Advice on getting UDP gaming to work with pfSense is here. This mentions VoIP networking. VoIP usually uses UDP protocol, which is also true of most online games, including 0ad. 2. You have configured a 1:1 NAT port mapping. Do you know what 1:1 NAT is? Is that actually how you want to configure your network? Most consumer routers are configured for cone NAT instead of 1:1 NAT. But, maybe 1:1 NAT is correct for your workplace ISP. 3. Here is an example of something besides a firewall that can block traffic. This has affected me, even though I'm not using an optical network, despite what Intel's release notes state for the Windows fix. Instructions on disabling RX checksum hardware offloading in order to workaround bugs in Realtek and Intel network adapter hardware Instructions for Windows (this might be necessary if you are using Windows as the host of the VM for pfSense): Instructions for Linux (this might be necessary if you are using Linux as the host of a VM for pfSense): 1. At a minimum, add the following line to the iface section in /etc/network/interfaces or /etc/systemd/network/* for each Intel Gigabit or 10Gigabit network adapter. offload-rx off 2. If necessary, add the following line, as well. offload-tx off 3. For testing on the command line, use the following commands, replacing "[iface]" with the network adapter interface name, such as eth0 or enp1s0. /sbin/ethtool --offload [iface] rx off /sbin/ethtool --offload [iface] tx off # Note that the changes made with ethtool will be lost after rebooting the computer. # It is better to permanently configure the changes in your OS-managed network configuration 4. Another problem is packet loss caused by the Intel Puma chipset in routers and modems. Read the info here and here. Their list of affected modems and routers is incomplete. To check whether your modem or router is affected, determine which chipset it uses. https://deviwiki.com can help with this if the network device is not relatively new. There does not seem to be a fix for it other than to replace the hardware. Intel has attempted to provide firmware updates, but they have only swept the problem under the rug by making pings reliable and other traffic still unreliable. There is a class action lawsuit about this. White Art method of troubleshooting The White Art method involves the following: read the manuals; learn more about how things work; learn how to diagnose where the problem is occuring and what the cause(s) are through controlled experimentation and examination of logs and configuration; and learn how to fix it properly) First, you should setup a "development" router or VM image that is separate from your "production" router or VM image. This way you do not end up breaking your workplace router system while learning how things work and testing configuration changes. I was troubleshooting a Linux-based router recently and realized that it's useful to see a log of blocked traffic or statistics of packets blocked by each firewall rule. The pfSense documentation has advice on this here. All pfSense documentation -- explore and learn! The reason that this is important is because you need to verify whether the firewall is even the cause of the networking problem. To do this you can check the firewall logs for evidence of 0ad traffic being blocked. Also, a simpler test is to play a game of 0ad without using the lobby. Ask a friend to host outside the lobby and tell you his IP and port. It's also the most likely to be blocked by the router in some way. Here are questions that I would ask if I were in a real-time chat with you. By the way, is there a convenient means of communication that you would prefer instead of IRC? I haven't seen you on IRC. Would it help to use something supported by your mobile phone like Discord, Skype, or a phone call within the US? 1. Where is your modem? 2. Where is your router? (Maybe the pfSense system is your router, but it's probably not also your modem) 3. Where is your managed switch (if you have one)? 4. What are the brand and model of each? 5. How are they configured? Are they doing NAT or bridging? Are they doing firewalling as well? 6. What are the logs indicating at each device? 7. Have you tried a simpler test, such as treating the pfSense router as a Device Under Test (DUT)? I mean, disconnect the modem (and therefore the Internet) from the pfSense router and connect a spare computer to the WAN port of the pfSense router in order to mimic an Internet-based host for a game of 0ad. See whether this affects the symptoms, or not. Then vary one variable at a time for controlled experimentation. Don't just focus on the pfSense system; look at the other elements of the network. But, also focus on the system behind the pfSense system. The host hardware and operating system have configurations that can affect 0ad traffic. To list statistics for firewall rules, use pfInfo or query raw rules with the command line (see below for instructions on querying raw rules with the pf command). The more that you know about how your networking system works, the more capable you will be of troubleshooting it. You can look under the hood of pfSense. It is based on FreeBSD. It allows SSHing in for a command line. Then you can list the raw firewall rules (pf rules). Here is the documentation for the pf packet filtering system. The most important types of statements in pf.conf are "Packet Filtering" and "Translation". To query the raw rules of the firewall from an SSH command line, you would likely use these commands. # list the currently loaded filter rules with per-rule statistics pf -s rules -v # list the currently loaded NAT rules with per-rule statistics pf -s nat -v # show per-rule statistics, including packets and bytes affected by that rule pf -s labels -v Making sense of this involves knowing how the pf firewall system works. Here is some relevant documentation. I would advise resisting the urge to manually override aspects of the firewall configuration with pf commands. If you don't understand enough of the system to fix it with the pfSense front-end then changing raw rules is not going to be a solution --- at least, not without also opening up too much of the firewall. More pf commands are explained here. Once you have read some of the documentation, you will be able to setup a test FreeBSD system (in a separate VM or ideally on bare metal hardware) with an experimental basic firewall configuration. Then you can triangulate between pfSense and a progressively more complex test FreeBSD system in order to figure out where exactly the firewall is blocking 0ad traffic (if it's even caused by the firewall). FreeBSD is a free download here. Click the correct architecture under "Installer images" to find download links. Documentation on setting up FreeBSD is here. pfSense offers professional support via email (called TAC PRO) for $399/year. They offer professional support via telephone (called TAC ENTERPRISE) for $799/year. But maybe you have an employee who knows the system very well and can troubleshoot this easily. https://www.netgate.com/support If the firewall has no indication in the logs that it is blocking 0ad traffic then the traffic is either being blocked by a rule that doesn't make a log entry, or the traffic is being blocked by something else, such as the RX TCP/IP-v6 checksum offloading bug of certain network adapters.
  11. The error message, "The connection was refused by the server" is returned by the glooxwrapper as -ConnConnectionRefused. If you understand C++ then you can get some ideas of why this might happen. It's returned in 6 places in this file. https://camaya.net/api/gloox-1.0.24/dns_8cpp_source.html One thing that I was reminded of after skimming that source module is that you should ensure that your computer has a numeric hostname. I remember reading about this somewhere, maybe in the gloox documentation or a 0ad bug report. On Linux this would involve adding an IP address for your host, including a private IP address (192.168.0.x) and a localhost IP address (, in /etc/hosts. On Windows the file is in C:\Windows\System32\drivers\etc. Instructions on editing it are here.
  12. +1 for sharing the exact error message. Please share a screenshot. Enable the Windows firewall log, attempt to connect to the lobby server, and look for firewall log entries. Read articles to find out how to do this, and what "private" versus "public" means for a network interface, and what "domain", "private" and "public" mean for a firewall configuration. Each has its own settings. Also check your router and modem firewall logs and configurations. And, can you even ping lobby.wildfiregames.com? If you can't then you need to troubleshoot that first, and that won't involve changing the 0ad configuration. Also check the FAQ for the symptoms (e.g. search for "Registering for the Game Lobby does not work:"). Based on discussion in this bug report, TLS protocol above 1.0 isn't supported by the Windows build on certain versions of Windows (XP and 10?). You might need to disable TLS lobby encryption until this is fixed (which will probably be when alpha 26 is released, several months from now).
  13. Yes, my advice about using the Magic-SysRq key to send a signal to all processes on the virtual console or else all processes would kill a lot of processes. And yes, the system might be unstable as a result. It's a last resort before resetting the computer if it's so locked up that even switching to a virtual console doesn't work. Yes, switching to a virtual console SHOULD always work. Except that it often doesn't for me. Believe me, I've tried. I think that it depends on the video hardware, the video drivers, the distro, the window manager, desktop environment, etc.
  14. Apparently people haven't read my post carefully. The process is named "main". It is not named "pyrogenesis" or "0ad". It is named "main". The process name is "main". Type killall -9 main
  15. Thales, I have posted advice on forcing 0ad to quit in Linux here. Executive summary: kill "main" from the command line or use the Magic-SysRq key to send a signal to all processes on the virtual console or else all processes (commands k or i). It might be necessary to change a config file in order to enable the necessary functionality from the Magic-SysRq key.
  • Create New...