Menu
What's new
RunUO Community

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

precompiling your shard to run on a remote host - repost

D

DarthICE1

Wanderer
Kiff said:
a) Safe. Not all people can find a safe host. If you can afford it, good for you, some people can, some don't.
Click to expand...

Thats another great thing about linux/unix hosts. There are plenty of professional linux hosts offering shell accounts at a fraction of the cost of windows servers.

For between 10 and 25 bux a month you can get a nice shell account on a fast linux server with a nice 100mbit connection located at a data center. That should give alot of RunUO admins the peace of mind of being able to start a shard on a professional, cost effective and secure server :p

Something for admins to at least consider when Mono catches up 8)
 
Zippy

Zippy

Razor Creator
I think some of you misunderstood what i ment about sharing scripts....

I realizing most public shard, especially big ones, will likely not share their scripts, and thats fine by me. I know there is some stuff I wouldn't share if I ran a shard, i want to be the ONLY place you can find it, i respect that.

But, I would rather the choice be this cut and dry, either you share your scripts so everyone can see how they work and do whatever you want with them, or you don't share them at all. Allowing compiled dlls gives a 3rd option, share the dll so people can use it as you have it (and no other way). I'd rather them not be shared than be shared in a DLL.

And yes, i'm aware an uncompiled script is just as dangeous as a compiled DLL, but anyone can look in an uncompiled cs file, and its not hard to see something obviously out of place. Not ever many scripts run threads, processes, open ports, or open files (let alone system files). If the person reading the script is unsure about it's security, they can always learn enough C# to find out, or ask someone else.

With a compiled DLL, these options aren't avaliable. There's no way for you to know whats really going on.

If an uncompiled script harms your machine, I consider it to be more your fault than mine. There's a whole community here, many of which know C#, along with 'the devs' who could easily be asked about potential script backdoors, if you don't want to ask them, thats your problem.
but if RunUO allows compiled DLLs, and you get harmed, I consider it my fault and not yours, although you should be more careful, other than just not using the dll,t heres nothing more you can do.


But for those who are wordering, the change required to allow precompiled DLLs is like 3 or so lines in the core. So it's not like it's hard to imnpliment, it's just a question of whether it's what we want.
 
Q

Quinox

Sorceror
I don't like the idea of taking a script and compiling it into a DLL. There are too many security risks. Even if it is a script that is intended to be shared between the creator and the host explcusively, sooner or later the community is going to use this ability and will turn to sharing DLLs, and that is dangerous. It is too easy for someone to slip destructive code into a DLL and get away with it. And believe me, there are plenty enough people out there willing to do it. And there are also plenty enough people that don't know the dangers, until it happens. Once again, yes you can do it in script as well. But with all the programmers in the community, how long do you think a malicious script would stay in circulation when you can just read the code and spot it. Not long enough to do much damage. But what about a DLL? You can't read the code. And it is very easy to make a malicious script that you may never know is running. How long do you think that will stay in circulation? It could be a long time before someone get suspicious of it. Long enough to do lots of damage.

But then, switching point of views, there are also good reasons to allow precompiled DLLs. Omitting script security (because I only see insecurity from it), there are plenty of commercial DLLs out there that someone my find they need. For example, scripts for web applications, or SMS paging services, or other DLLs that let you tap into other applications, services, or resources. I do not promote precompiled server scripts in any way. I really don't see it solving anything, only causing risks. But commercial DLLs can give a user quite a bit more power over something.

What we need to ask ourselves is, is the risk of malicious scripts worth what DLLs can bring us. Keep in mind, it doesn't just affect you whether or not to we have this feature, but also those that are new and don't know the risks. Everyone needs to be protected. Some may think the threat is nothing, but it opens a seriously big oportunity for hackers and others that want to do malicious acts.
 
Zippy

Zippy

Razor Creator
Commercial DLLs like that can be loaded by your RunUO scripts and used.... These really have nothing to do with runuo allowing precompiled sript DLLs. These commercial DLLs are used differently, and would require that you write a script to use them (and as i said, your script can load and use these DLLs).
 
P

Phlegyas

Sorceror
Ahh, the old balance between flexibility/power and security.

Anyway, what about a commandline switch?

ie:
RunUO.exe --nocompile

So the default would be to compile all scripts (to help the newbies) and it would only be disabled with the commandline (by those who hopefully are aware of the risks of running somebody elses dll).

Just throwing out ideas here.

Thanks,
Phlegyas
 
Z

zero

Not Nice
I could understand the big concern if each indivudual script or package came compiled, but who the hell would run their whole shard from someone elses compiled dll?

I'm half and half on this subject because of the fact that the scripts in compiled form are all or nothing. This makes it so a LOT less people would just take a dll "as is".

It does two things I suppose. Having distributable DLL's means that the shard scripter/admin doesn't have to worry as much about a host stealing their scripts. What the DEV's point is though, its far worse than a good host to get trojans, virii, and have other possible implications due to a malicious runuo scripter.

At least with open scripts a host could have the potential to see what they contain, so that there wont be any nasty suprises.

I think it all comes down to this. We care more about peoples computers, and well being, more than we care about your scripts that you should be sharing anyways.
 
R

ray8alot

Guest
zero said:
I think it all comes down to this. We care more about peoples computers, and well being, more than we care about your scripts that you should be sharing anyways.
Click to expand...

My couple cents. I agree with Zero's comment more than anything else I have seen. I am responsible for two networks, as well as quite a few standalones. Get yourself a dedicated line/DSL/cable/satelite, or someone to host a secure server.

From my first BBS on a 14.4 till now, the end-users experience is everything. Seems to me that the Dev's are building this, and for those folks who feel that there are things they want in a shard the dev's do not feel like building, I suggest building your own. And I say this across all the forums.

Please forgive my next statement if it offends you wrongly. This is a flame of napalm type.

I have read nearly every post on the whole RunUO Forums. I have read more than I have been on the shard. I have read some incredible stuff, thankfully most of it good and fun. Unfortunately a few flames and folks who cannot seem to get a couple of facts.

There are no paid Dev's here, flaming them is idiocy. Theydo it for us the folks who want to play, as well as themselves.

Got a great idea, offer to pay the Dev's. Pay them wages and then expect them to do what U want. But as long as they are doing this on their time, ask them nicely, and when they say no, welp get a clue. Your reasoning doesn't line up. And if you don't like the shard, go build yer own
 
D

DarthICE1

Wanderer
Well thats the freedom of free speech for ya ;) Maybe if everyone all "puts in their 2cents" then the topic may die here instead of being ressurected every few weeks :?
 
W

wookie

Guest
It was good to see other's opinions on this subject. My needs are still the same and as Zippy pointed out if I can modify RunUO to have this functionality then I will. I won't share the code again out of respect for the dev team and the excellent work they are doing. You see me as an enemy but I am not. My intentions with the original deleted post was not meant to harm anyone or to cause trouble.

Please don't private message me for the original code, at least not if you haven't even expressed your opinion here.

Apart from the risks I still feel it would be greatly usable functionality to have a single file for running shards. As I have shown and Zippy has stated it is easy to achieve. Just my opinion.

I noted that the original author that showed how to use VB.NET instead of C# with RunUO also had his post deleted. It was his post that inspired my modifications. Its a pity as there are propably more vb coders than C# even in this small community. At least this is an issue still under consideration after the initial release I believe.
 
Ryan

Ryan

RunUO Founder
Staff member
Making modifications to RunUO.exe is illegal.

In essence... I dont like your trying to flaunt the idea.
 

Guest
wookie said:
Assumption is the mother of all screwups. As you said sometimes you just push the wrong button.

Phantom your initial reply to my post was nothing but a personal attack on me. You have no idea who I am or what I do for a living. Find a job? No thanx m8, thats why people work for me and I pay the salaries.

TYPING IN CAPS is widely accepted as a method to indicate sreaming at someone. I would never condone such behavior from the people on my helpdesk. Bad day or not you deal with the stress of the job or quit. You guys are trying to build a descent community behavior such as that does no good for the building process.

This guy is clearly only here to cause trouble
Click to expand...

No this girl is not here to cause any problems. I raised an issue that I feel has not been given due consideration. You can see that as causing trouble or as contributing. Its your choice as to how you view it.

You propably had a bad day, no hard feelings.
Click to expand...

you feel bad becaues they dont do what you want well boohoo.

its not the end of the world because you didnt get your way.

and how can you talk about other people when you have had no involvment in producing scripts.

I atleast have produced one script and I am working on the harrower as we speak.

Making code and having lots of posts dont make people l33t its the participation like everyone has already said.
 

Guest
Ryan said:
Making modifications to RunUO.exe is illegal.

In essence... I dont like your trying to flaunt the idea.
Click to expand...

dude just encript the source code to DOD standards.
my friend did the same with his source code for his File Share client he made.

http://bbn.datakill.com/news/

if you want to ask him more about encrypting source to DOD standards just shoot him a mail or me if you cant get a hold of him because he might have alot of daily mail

his aim name is Nexea
mine is JUDUFU
 
N

nox

Wanderer
Couldn't keep on staying silent but, the idea is always in my mind, making it run precompiled assembly, making it non sharable (though ways for this exist, just not supporting nor agreeing would do), just one file for the shard, simple. Not asking for it, though would be a good feature to keep a shard private.
 
Z

ZixThree

Wanderer
After reading you telling it was already possible, I felt like I missed something.

I've got it working quite nicely right now. Thanks Zippy.

The only thing it does not right now is checking for script related problem (like serialize and deserialize method missing). Anyway, it works!

ZixThree

EDIT: Removed every thing about my old post. New post.
 
T

Tz'arken

Wanderer
can a site admin lock this post plz, tired of reading the same reasons over and over, not to mention this post is just a bit old to be brought up again
 
P

Phantom

Knight
no kidding...

The only people that want pre-compiled script support are those that won't share. If you want to share then you don't hold your scripts as being sacred. You will do alot to protect them but you don't go over board.

making them into a dll and only uploading that is going overboard.

PLEASE LOCK!
 
You must log in or register to reply here.
Top