whitelist

whitelist it in your jk2mf please
[You must be registered and logged in to see this link.]

is this the correct usage of "whitelist"?

A wild Lelouch appeared!

Where the firetruck are you?!

Xasomur wrote:

is this the correct usage of "whitelist"?

To add a clientside mod to the whitelist you simple take its cgame.qvm, rename it to something like catzv12.qvm, put it inside the jk2mf/plugins folder, and then do a map change to get the list refreshed

wow, I read what you wrote, but I didn't understand a single word. o.o

isn't a whitelist something that only allows certain people to join a server?



....Why do we even want that????

Angelis wrote:

isn't a whitelist something that only allows certain people to join a server?



....Why do we even want that????

The JK2MF whitelist is where you put clientsides that you want the anticheat to allow If you have the anticheat enforced/enabled, then everyone with an unallowed clientside will be unable to join the game Cannot see why you would not want to make more people able to play on your server, especially since I am 100% positive that there is absolutely no cheats or hacks in Catz's clientside, so you can savely add it

I don't have JK2 installed right now so I can't test. The JK2MF documentation is ambiguous with regards to how it handles "unallowed clientside" mods. It says that it both identifies them and disables them. Obviously this only applies to people using JK2MF clientside in the first place, so my question is, what happens when you join a server that has anti-cheat enabled but NOT enforced (people can join without JK2MF), you're using JK2MF, and you're using an "unallowed clientside" mod? Are you prevented from joining? Does it simply list "UNALLOWED CLIENTSIDE" in the /cheaters output but still allow you to play? Or does it disable the clientside modification?

The other thing is, we don't have any proof that there are no cheats in the mod if we don't have the source code. There will probably be very few people using BOTH JK2MF clientside AND this particular mod. We might still add it to the mod whitelist but I'd like some more information first.

NickdeClaw wrote:

I don't have JK2 installed right now so I can't test. The JK2MF documentation is ambiguous with regards to how it handles "unallowed clientside" mods. It says that it both identifies them and disables them. Obviously this only applies to people using JK2MF clientside in the first place, so my question is, what happens when you join a server that has anti-cheat enabled but NOT enforced (people can join without JK2MF), you're using JK2MF, and you're using an "unallowed clientside" mod? Are you prevented from joining? Does it simply list "UNALLOWED CLIENTSIDE" in the /cheaters output but still allow you to play? Or does it disable the clientside modification?

The other thing is, we don't have any proof that there are no cheats in the mod if we don't have the source code. There will probably be very few people using BOTH JK2MF clientside AND this particular mod. We might still add it to the mod whitelist but I'd like some more information first.

I have not checked your server settings, but yea, they would be able to join if it is set to "Optional", although they would still be marked as "Unallowed Clientside" instead of "Cheatfree" in the /cheaters menu, which I can understand why people is not happy with, especially when the clientside they are using does not contains any cheats or hacks

The Catz clientside is partly (well, mostly really) developed by Boy, who first of all dislike all kinds of cheats and hacks, but who have also done some work on JK2MF himself (Both working hard on making most of the port to make it work in JK2 1.02, but also his forcecrash fix etc.)

Quite sure you will not be send the sourcecode for it, but I can asure you that the only features in the client is those listed on this topic: [You must be registered and logged in to see this link.] - I know Boy well enough to know that he would never put in hacks and other cheats ^_^

- A little reminder: I'd recommend that you update your JK2MF btw. The current version is 3.0.4 and you are still using 2.2 on SoL

NickdeClaw wrote:

what happens when you join a server that has anti-cheat enabled but NOT enforced (people can join without JK2MF), you're using JK2MF, and you're using an "unallowed clientside" mod? Are you prevented from joining? Does it simply list "UNALLOWED CLIENTSIDE" in the /cheaters output but still allow you to play? Or does it disable the clientside modification?

When I was using jk2se made by a friend it was listing me as unallowed clientside in /cheaters but it was letting me to join, however it wasn't letting me to join e.g. zazzou's server I think. It was because of jk2se.qvm file which I later deleted. Since then I am listed as 'cheatfree' even though jk2se is not even 0% a cheat. jk2se was basicly just a mod with some funny looking letter styles like bold/italics/underline/strike/jello (wiggling letters)/some other colors and some bugfixes

Kameleon wrote:

I have not checked your server settings, but yea, they would be able to join if it is set to "Optional", although they would still be marked as "Unallowed Clientside" instead of "Cheatfree" in the /cheaters menu

If people with cgame.qvm mods can still play, I would rather just leave it unallowed then. Most people won't use a QVM mod anyways, so if anyone who does use one wants to prove they aren't a cheater, they can just disable their mod temporarily. If lots of people start using a particular QVM mod, I would reconsider.

Kameleon wrote:

A little reminder: I'd recommend that you update your JK2MF btw. The current version is 3.0.4 and you are still using 2.2 on SoL

I prefer to stick with older things unless there's an important benefit to something new. I didn't read anything in the changelogs for 2.3 and 3.0.2 that looked important for SoL. I didn't find the changelog for 3.0.4. Which specific changes do you believe are worth updating for?

I assume older serverside versions of JK2MF are compatible with newer clientside versions. Is this true?

[You must be registered and logged in to see this link.] - Your server does not even show up on servers with JK2MF anymore.

Here is a list of the changes:

JK2MF 3.0+ changes (Click to show content):

The anticheat bypass that was fixed in 3.0.4 was something that somehow allowed someone (Not sure how) with the JK2MF clientside installed to use JKBot and still be marked as cheatfree. ^^

- I would say the Catz clientside is quite common; most members of [DARK] (Possibly people outside [DARK] too, though the amount is unknown) have been using it for months Takes no time to add the qvm in the plugins folder and do a map chance ^^

- I am not sure if older serversides are still compatible to new clientsides, but I would asume so

Kameleon wrote:

[You must be registered and logged in to see this link.] - Your server does not even show up on servers with JK2MF anymore.

This is not due to the version, and is intentional.

Kameleon wrote:

The anticheat bypass that was fixed in 3.0.4 was something that somehow allowed someone (Not sure how) with the JK2MF clientside installed to use JKBot and still be marked as cheatfree.

This is useful, I would update for this.

Kameleon wrote:

Takes no time to add the qvm in the plugins folder and do a map chance

Yes, but how easy it is to implement is irrelevant.

Kameleon wrote:

I would say the Catz clientside is quite common; most members of [DARK] (Possibly people outside [DARK] too, though the amount is unknown) have been using it for months

I'm not familiar with [DARK] member list. Who from [DARK] plays on SoL?

Kameleon wrote:

I am not sure if older serversides are still compatible to new clientsides, but I would asume so

Could you test on our server the next time you join? That would be helpful, thanks.
If you had the time, I'm interested to know whether 1) New versions of JK2MF in AppData are themselves compatible with older server versions of JK2MF, OR 2) if the downloader in your JK2 installation folder simply downloads the old JK2MF version to AppData and uses that.

NickdeClaw wrote:

1. The other thing is, we don't have any proof that there are no cheats in the mod if we don't have the source code.

laughable moment #1.
oh no, you caught my superhax which is why I gave you a direct link to the topic and download which is created by a known developer that helped make jk2mf!!! pls no ban!!! I'm not even going to waste any more keypresses after this because of how stupid this statement is.

NickdeClaw wrote:

Kameleon wrote:

I would say the Catz clientside is quite common; most members of [DARK] (Possibly people outside [DARK] too, though the amount is unknown) have been using it for months

Who from [DARK] plays on SoL?

laughable moment #2. If only you had eyes friend, if only you had eyes...
someone shoot me now please

you should be a comedian because I'm dying over here.

Lelouch wrote:

laughable moment #1.
oh no, you caught my superhax which is why I gave you a direct link to the topic and download which is created by a known developer that helped make jk2mf!!! pls no ban!!! I'm not even going to waste any more keypresses after this because of how stupid this statement is.

Lelouch why so hostile?
1) However laughable, my statement is still correct.
2) It's fairly easy for any compiled program to have an exploit that only the creator knows. This is why open software allows people to compile programs themselves. Whenever you run a compiled program, you are trusting the person who gave you that program. The creator of the mod is unknown to me and, in fact, I've never heard anyone in JK2 talking about him as a person. Furthermore, even if you do "know" the creator, you're still trusting him.
3) If you can still play without the mod whitelisted, it's just a slight inconvenience to you.
4) Since you always have to trust the author of a compiled program, you have to weigh #2 against #3. What are the benefits of the mod and how inconvenient is it to not use it? What are the risks if it's malicious? The benefits and convenience must outweigh the risks.
5) The benefits of whitelisting this mod seem pretty tiny to me so far, so it seems reasonable to choose not to whitelist it. I already stated that I would reconsider if I receive additional information.
6) For the sake of argument, I realize this is complicated by the fact that the mod creator contributes to JK2MF. In a worst case scenario, this means the developer has easier access to creating cheats that circumvent JK2MF's detection, meaning it wouldn't really matter whether you whitelisted it or not. Regardless, whitelisting a mod isn't a necessary step (just a convenience), and it wouldn't be reasonable to whitelist all seemingly safe modifications in existence. That's why I said I would reconsider whitelisting it if I knew there were a high demand for it. Which leads me to your second spiteful comment:

Lelouch wrote:

laughable moment #2. If only you had eyes friend, if only you had eyes...
someone shoot me now please

you should be a comedian because I'm dying over here.

You are the only one with a [DARK] tag I ever notice on the server. That's why I said I'm not familiar with the [DARK] member list and asked who plays on the SoL server.

You're not being a very nice person, Wolfy.

Also, on a related note, the download mechanics of JK2MF clientside seem soooooo unsafe. In all probability, the creator is a great person. But the fact that it's designed to automatically download something from basically a random person on the internet making neat programs (hopefully safe ones too!) is super unnerving. I used JK2MF clientside for a little while but this behavior scared me, and I don't use it anymore. The main reason SoL uses JK2MF now is that the server-side modification prevents crashing exploits.

NickdeClaw wrote:

2) It's fairly easy for any compiled program to have an exploit that only the creator knows. This is why open software allows people to compile programs themselves. Whenever you run a compiled program, you are trusting the person who gave you that program. The creator of the mod is unknown to me and, in fact, I've never heard anyone in JK2 talking about him as a person. Furthermore, even if you do "know" the creator, you're still trusting him.

3) If you can still play without the mod whitelisted, it's just a slight inconvenience to you.

4) Since you always have to trust the author of a compiled program, you have to weigh #2 against #3. What are the benefits of the mod and how inconvenient is it to not use it? What are the risks if it's malicious? The benefits and convenience must outweigh the risks.

5) The benefits of whitelisting this mod seem pretty tiny to me so far, so it seems reasonable to choose not to whitelist it. I already stated that I would reconsider if I receive additional information.

6) For the sake of argument, I realize this is complicated by the fact that the mod creator contributes to JK2MF. In a worst case scenario, this means the developer has easier access to creating cheats that circumvent JK2MF's detection, meaning it wouldn't really matter whether you whitelisted it or not. Regardless, whitelisting a mod isn't a necessary step (just a convenience), and it wouldn't be reasonable to whitelist all seemingly safe modifications in existence. That's why I said I would reconsider whitelisting it if I knew there were a high demand for it. Which leads me to your second spiteful comment:

Also, on a related note, the download mechanics of JK2MF clientside seem soooooo unsafe. In all probability, the creator is a great person. But the fact that it's designed to automatically download something from basically a random person on the internet making neat programs (hopefully safe ones too!) is super unnerving. I used JK2MF clientside for a little while but this behavior scared me, and I don't use it anymore. The main reason SoL uses JK2MF now is that the server-side modification prevents crashing exploits.

@2: DcMod is not open source either, so it could in theory have a hidden backdoor for a corrupt mod creator too Also, Boy is probably one of the most known modders in modern JK2 ^^ In most newer mods being run on other servers (KaMod, LoL Mod, CA Mod, [DARK]TwiMod, BROmod, hell even TwiFire - the Catz clientside too) you can find his name in the credits; in LoL Mod and the [DARK]TwiMod for being the developer, and in most other mods for having helped with either code pieces or advice ^^

@3: Aside from being annoying for those using it, that they are marked as cheaters even if they do not cheat, I can tell you that even Ouned added the Catz clientside as a default allowed clientside in the latest release of JK2MF Possibly even a few releases ago, but it is at least in the plugins folder already when you download 3.0.4 Ouned would never add a clientside in that folder if it contained cheats and hacks. ^^

@4 & @5: I would personally say that the ability to only see your opponent when in duel, partly giving better fps performance while dueling and making it easier to focus on the target you are fighting, should be a good enough reason + the information I have already given you about the clientsides features and its author(s)

@6: He have created a force crash fix that supports both 1.02 and 1.04, as well as doing most of the port for the 1.02 version of JK2, but everything have been added to the actual JK2MF source, possibly tweaked, probably slightly rewritten & approved by Ouned himself, who first of all trust Boy enough to send him a copy of the JK2MF source to help out with the port, but even if Boy should have put some evil things in the version he would then send back to Ouned (Which he would never do, so that is quite an irrelevant concern, but let us just use this as an example), Ouned would notice it right away and of course not implement it. ^^

Also, although I can see what you mean that he probably (Not sure how such systems works), in theory, could inject some bad stuff into JK2MF and make you download it automatically, I feel quite confident in saying that Ouned would never do such things, so you can feel quite safe ^^

Also, in order for JK2MF to even be able to auto download you need to go download any version of JK2MF yourself first; in 1.02 there is a mod called NT, which somehow is able to send you a clientside containing a DLL through the default ingame download system even without having a previous version of the client installed (cl_allowDownload), which should not technically be possible; THEN one should be worried But I see no reason why not to trust Ouned and JK2MF

Kameleon wrote:

Sometimes I wonder why I even bother.

Kameleon wrote:

@2: DcMod is not open source either, so it could in theory have a hidden backdoor for a corrupt mod creator too

Two things. One is that as far as I know, the creator is not active, so the risk of ongoing exploitation is significantly reduced. This is actually one of the reasons I like using DCMod. Secondly, JK2 server-side backdoors are less concerning to me than the risk of client-side ones. At worst, the attacker gets RCON/admin passwords, IP address information, and spies on game traffic. There's not really any risk to clients' computers and personal data, nor is there really any risk of the attacker gaining complete control of the server machine.

Kameleon wrote:

Also, Boy is probably one of the most known modders in modern JK2 ^^ In most newer mods being run on other servers (KaMod, LoL Mod, CA Mod, [DARK]TwiMod, BROmod, hell even TwiFire - the Catz clientside too) you can find his name in the credits; in LoL Mod and the [DARK]TwiMod for being the developer, and in most other mods for having helped with either code pieces or advice ^^

"Most known" is relative, of course. Modern JK2 modders aren't really known to many people because not many people play the game or are interested in keeping it up-to-date. It sounds like he does a lot of great work, so thank you for sharing information about his contributions and credentials.

Kameleon wrote:

@3: Aside from being annoying for those using it, that they are marked as cheaters even if they do not cheat, I can tell you that even Ouned added the Catz clientside as a default allowed clientside in the latest release of JK2MF Possibly even a few releases ago, but it is at least in the plugins folder already when you download 3.0.4 Ouned would never add a clientside in that folder if it contained cheats and hacks. ^^

Yes, this satisfies my skepticism for Boy's mod.

Kameleon wrote:

@4 & @5: I would personally say that the ability to only see your opponent when in duel, partly giving better fps performance while dueling and making it easier to focus on the target you are fighting, should be a good enough reason

You would still be able to take advantage of this without having it whitelisted.

Kamaleon wrote:

Also, although I can see what you mean that he probably (Not sure how such systems works), in theory, could inject some bad stuff into JK2MF and make you download it automatically, I feel quite confident in saying that Ouned would never do such things, so you can feel quite safe ^^

This just comes down to personal preference. Personally, I try to only run software from people or companies whose personal information is publicly available. That way you are not trusting an author who has nothing to lose; you are trusting an author who may be sued or go to prison if they intentionally do something malicious. I make exceptions of course, but I don't know the JK2MF authors and it's not worth the risk to me. Barring some new information, I would argue that it shouldn't be worth the risk to most people, unless they don't have personal information on their computer.

I just saw this after I posted my previous message and updated JK2MF.

Kameleon wrote:

Although I dislike the way he talk like he knows everything, I think I might have convinced him. ^^

This is such a rude statement, especially considering most of YOUR posts are dripping with condescension and snark. I act like I know everything? I have been asking you questions throughout this thread, stating my reasoning when your responses don't satisfy my concerns, and stating that I'm open to more information. That's not laughable, that's being responsible. I don't know why someone who knows everything asks questions in the first place. The irony here is that, to an observer, your carefree attitude toward security suggests you do actually know less. And yet despite the condescension and "just do it plox" attitude, I've been happy to accept compelling information from you. That probably has something to do with treating you like a fellow human being.

Here's the [DARK] chatbox. Why are you two so rude?

[You must be registered and logged in to see this image.]

NickdeClaw wrote:

Sometimes I wonder why I even bother.

^
- Also, I am not "carefree" about security. I know Boy, I know Ouned, I know that they are trust worthy and that they would never add something that could be a threat to your PC and privacy. I do not personally trust the NT clientside, since that does some evil stuff that should not be possible through basejk (Sending a DLL through the game, even without having a DLL on the PC to start with) - that I do not trust ^^

- Anyway, let me end this by saying that I am sorry about the rude statement in the chatbox I usually never write such things, so even I am confused as to why I even wrote it xD Sorry if you have got a wrong impression of me now, but if so I supose that is partly my own fault I hope we both can forget, forgive, and move on after this Always seen you as a mature and respectable player

- Glad to see that you have updated JK2MF

- See you ingame at some point, if I ever play 1.04 again (Usually busy running a clan in 1.02, so I do not visit 1.04 that often xD)

Kameleon wrote:

I hope we both can forget, forgive, and move on after this

I appreciate the response, Kameleon, and I agree! Thanks again for providing all the information about the mods.

I gave you karma for two of your posts, Nick, for stay calm and on the spot! I have no idea why there is such negative atmosphere. They seem to be on a crusade for jk2mf, and we are the heathens. I felt disturbed reading all this.

it's late for a reply I know, but I found this very interesting.

NickdeClaw wrote:

If you had the time, I'm interested to know whether 1) New versions of JK2MF in AppData are themselves compatible with older server versions of JK2MF, OR 2) if the downloader in your JK2 installation folder simply downloads the old JK2MF version to AppData and uses that.

jk2mf is both backward- and forwardcompatible. This is possible because the clientside you download on the website is not the actual "clientside".
In the code the "clientside" is called "loader" and the dll's in appdata is the actual "client". I named it clientside anyway because people are used to it.

NickdeClaw wrote:

Also, on a related note, the download mechanics of JK2MF clientside seem soooooo unsafe. In all probability, the creator is a great person. But the fact that it's designed to automatically download something from basically a random person on the internet making neat programs (hopefully safe ones too!) is super unnerving. I used JK2MF clientside for a little while but this behavior scared me, and I don't use it anymore. The main reason SoL uses JK2MF now is that the server-side modification prevents crashing exploits.

This is so true.
The reasons why I didn't create a dialog which asks you yes/no or something similar in the first place is that the time I created jk2mf's autodownload system was that I did all of this without the sourcecode of jk2. (it wasn't released back then)
If you are a developer yourself you know what a massive hassle it is to do things like that without access to the sourcecode. You are using programming hacks everywhere.
The reason why I shipped it then anyway is that it's not such a security hole you might expect at first.
It doesn't allow to download dll's and run them. It only allows qvm's to be downloaded and run. QVM's are virtual machines which have very limited access to the engine (and thus to the client system). There are some bugs you can use to bypass the qvm but jk2mf fixes the most relevant one.
It's a grey security zone nonetheless and by far not perfect.
tl;dr: you are right

about blocking my server:

NickdeClaw wrote:

This is not due to the version, and is intentional.

It's not like I care (no really not)
But it would be interesting to know why you guys are blocking my server?

If you guys trust catz clientside or not is your choice.
The default qvm's I'm shipping is just a recommendation to produce as less problems as possible.

You should Kern lol, ouned made (co-made?) jk2mf, plus in far past I might have instagibed him once or twice on his server..

Kernow Pilgrim wrote:

An interesting topic to post on immediately after you have registered. Welcome to the forums! Do we know you? ^_^

I'm the developer of jk2mf, the original twimod and other smaller things.