Congrates to you Sarisel!. You held out long enough and now you have solved the mystery. Most importantly you raised awareness of something that others dismissed, without your first posts we still would have been with this bug. Well atleast the [C.A.P] server, and im sure a fix or knowledge of a fix will reach other admins also and CAL itself, and maybe soon all will learn also. Good luck in the future and good bye.
should try and get a bunch of people just for testing this <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Now work on getting SoM's server back <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Sarisel.::' ( O ) ';:-. .-.:;' ( O ) '::.Join Date: 2003-07-30Member: 18557Members, Constellation
<!--QuoteBegin-Even~Flow+Jul 1 2004, 01:09 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Even~Flow @ Jul 1 2004, 01:09 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-TyrNemesis^+Jun 27 2004, 09:49 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (TyrNemesis^ @ Jun 27 2004, 09:49 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> We have nailed one particular and 100% reproduceable cause of this bug. It is logged in the bugtracker privately because it can be employed intentionally by a knowledgeable person. I intend to see if this same effect works in other steam mods.
Fixing this one case may not end ALL of the "lagging hitbox" problems, but let me just say for once I can assure you all that we aren't on crack. There IS a player-specific issue which pops up under very very specific circumstances and causes the player to be extremely hard to hit.
Thanks to the community for helping us research this bug.
Note: If you happen to know which cause i am referring to, PLEASE do not post it anywhere. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Thank you. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Since the next version of NS might not come out for a little while, I really think that a full disclosure and suggestions on how to bypass the bug on servers should be posted. It is much easier than keeping it hush-hush, since it appears people knew at least part of the root of the problem before I was aware of it - possibly even before the guys from [C.A.P.] did, although they were the pioneers that took the data and matched it with the descriptions to find the process. It is very abuseable, especially when you know how to reproduce it. It is also very easy to prevent it from occuring, if only people knew what to do.
Right now, if only some people already know how to abuse it (and have been) and others don't, then might as well raise awareness so that the abuse can be prevented. I'm not going to publicize anything unless I'm given the go-ahead, but it is my opinion that with the amount of leakage that has already occured, something needs to be done now. The new version or patch may still take a month or more to come out - that's a lot of time in which abuse can occur.
When the thread died off for a while i thought we were'nt going to get any kind of recognition out of the dev's etc. But now, we have progress.
As for the abuse side of things, how did you get the server-side mod for unchaining the chambers? Why not try and get an anti-PSHB server mod made up. I'm sure that as long as it doesn't take too long and is stable under linux/windows that alot of admin's would be putting the server side mod onto their server.
For now however, i've moved on to getting the general dodgyness under steam's netcode worked out. You may have seen the thread i posted you may have not, but regardless i'm moving on. Good luck with you're research.
Sarisel.::' ( O ) ';:-. .-.:;' ( O ) '::.Join Date: 2003-07-30Member: 18557Members, Constellation
There's already a setup that prevents the occurance of this bug on [C.A.P.]'s server - which is pretty much the only server to my knowledge that is immune to PSHB at this point in time.
Will there be any public distro of the prevention measures, at least? I'm fairly certain competitive NS would benefit hugely from a new influx of trust <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html//emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif' /><!--endemo-->
Sarisel.::' ( O ) ';:-. .-.:;' ( O ) '::.Join Date: 2003-07-30Member: 18557Members, Constellation
edited July 2004
The way I look at it, this could be compared to finding the cure for a deadly disease. Compare it to AIDS. A lot of people are uneducated about how the disease is contracted. Now, if a cure was found, you wouldn't be able to justify keeping it secret just because it would involve educating people about how the disease spreads. If someone were to use that knowledge to try and spread the disease to others, they would know what was going on and wouldn't stand for it - because they'd be educated and would most likely know what not to do. At the same time, many would be cured.
The bug is not something you can simply get by walking into any pub server. It depends a lot on when you enter it and even then, you'd be lucky to get it - which is why it seemed very random at first. In competitive games, with less players, it is much easier to reproduce it - but then nobody in the games would stand for the abuse because it is so easy to identify bugged players and sound the alarms. As soon as a bugged player is identified (and it is very very easy to do so) then appropriate measures can be taken to get rid of the unfair advantage.
Okay, I'm confused, first you're saying the rational thing to do would be to disclose right here and now. And then we suddenly start playing "Decipher the cryptic message to learn how to cheat" - k, which is it now? :/
Please stop speaking like a freaking politician and just post the preventative measures so pub and clan server operators can implement them. Two pages of people asking for it and you still sidestep the solution.
If the settings (or whatever they are) to prevent the bug don't give away how to get bugged, I see no reason not tell us how to do it <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html//emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif' /><!--endemo--> But I guess if it would be the case, you would have told us already. Nice work though, at least the cause is now known.
Sounds like its time to push for beta 4a1... Even if no other bug fixes or changes are implemented, this would be a great thing to have. Well done to all involved.
HAMBoneProbably the best CommanderJoin Date: 2003-04-02Member: 15139Members, NS1 Playtester, Contributor
Awesome work guys. One thing I always wondered though was, is bugged bugged and thats it? Or can a user just be slightly bugged, enough to make a difference but not enough for it to be very obvious.
Just another random question, is there such a thing as being reverse-bugged? I can recall more than one situation where I would identify someone as bugged, tell them to restart steam and come back, and when they came back they would claim to be reverse bugged, e.g. to their client everyone in the game is bugged.
Sarisel.::' ( O ) ';:-. .-.:;' ( O ) '::.Join Date: 2003-07-30Member: 18557Members, Constellation
edited July 2004
In this case, the bugged player was just bugged and that's it. The bug seems to only affect the way that attacks get registered on the client, but I'm sure there'll be more testing to see the extent of the problem. Since you can reproduce 100% in servers, you can do testing freely to see the effects. I'd really like to release the report for the bug publicly, since so many people know about it already. I have it ready, just need the go-ahead. Hopefully it will come today.
PS: The CAL admins are aware of the bug and how to prevent it, and will be taking steps to prevent it from happening anymore.
Is there a simple way to make a server side demo as if it were an HLTV client or the likes? I would be very interested to see the game from the server side, and be able to switch players and move around, fast forward, reverse, and pause from the server's perspective just like HLTV, but without all the issues and such.
I feel it would also be beneficial in tracking down a great many bugs, and better for league play demos than HLTV, and I do not think it would be to terribly difficult to implement the idea.
Very nice work, Saraph and Tyr <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Please stop speaking like a freaking politician and just post the preventative measures so pub and clan server operators can implement them. Two pages of people asking for it and you still sidestep the solution.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> I think it was already explained that by making the steps to prevent people from exploiting this bug, you also give out the information about HOW TO exploit the bug. And not everyone is reading this, and trust me, word on how to exploit the bug will spread way faster than how to prevent it. I'd rather see that the game should be left as it is and the fix included in the next update.
<!--QuoteBegin-Sarisel+Jul 1 2004, 07:25 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Sarisel @ Jul 1 2004, 07:25 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> PS: The CAL admins are aware of the bug and how to prevent it, and will be taking steps to prevent it from happening anymore. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> I have a server how do I prevent it in mines??
<!--QuoteBegin-Sarisel+Jul 1 2004, 03:42 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Sarisel @ Jul 1 2004, 03:42 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> There's already a setup that prevents the occurance of this bug on [C.A.P.]'s server - which is pretty much the only server to my knowledge that is immune to PSHB at this point in time. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Do the details of this setup reveal the way to exploit it? If not, please share immediately and lay some sticky on it.
Even if it does reveal how to exploit it, if there's a simple server-side prevention it would still be worth releasing.
Or, barring either of those suggestions, any possibility of getting a 3.04b with just the relevant settings locked and no other changes? Possibly even just server-side.
Yes, it does reveal the exploit to the admins using the fix on their server and it can reveal it to server users who have a good sense of observation as well.
Because of that, I would prefer the head bug exterminator to authorize us to release the exploit publicly to let the majority of servers have an immunity against it until an official version containing a fix is released.
I think Sarisel is totally right about letting the community know about this exploit, his post about it made complete sense.
The community would then have to do a vast information compaign to let server admins who don't visit forums know about the possible fix.
The fix itself has a disadvantage that I can't talk of and a Beta 4b would honestly be much more appreciated.
This said, I will not do anything without the head bug exterminator's authorization.
Please don't send private messages asking for the fix. I know there are many honest admins who would make good use of it, but unless the whole community can beneficiate from the fix, it would be too risky to have the exploit get in the hands of few people with bad intentions who could exploit unprotected servers.
Sarisel.::' ( O ) ';:-. .-.:;' ( O ) '::.Join Date: 2003-07-30Member: 18557Members, Constellation
I really think it is difficult to exploit the bug in pubs, unless a malicious admin feeds some code into a plugin to control the bug to his advantage. You can't just write a simple script and be bugged all of the time.
Otherwise, a lot of it has to do with luck for a player joining the server. In clan matches it is more of a problem. I really don't see the problem with posting information about this bug, because it is already happening in most non-empty servers as I type this. If anything, the information will prevent the exploitation of this bug.
if you posted it here, everyone in CAL would know about it. The only problem you would have would be people in the know joining pubs in the dark. But most server admins do visit these forums. I don't think it would be as much of a problem as it is now, I think it would be less. But what do I know, i am just guesstimating.
Comments
should try and get a bunch of people just for testing this <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Now work on getting SoM's server back <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Fixing this one case may not end ALL of the "lagging hitbox" problems, but let me just say for once I can assure you all that we aren't on crack. There IS a player-specific issue which pops up under very very specific circumstances and causes the player to be extremely hard to hit.
Thanks to the community for helping us research this bug.
Note: If you happen to know which cause i am referring to, PLEASE do not post it anywhere. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Thank you. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Since the next version of NS might not come out for a little while, I really think that a full disclosure and suggestions on how to bypass the bug on servers should be posted. It is much easier than keeping it hush-hush, since it appears people knew at least part of the root of the problem before I was aware of it - possibly even before the guys from [C.A.P.] did, although they were the pioneers that took the data and matched it with the descriptions to find the process. It is very abuseable, especially when you know how to reproduce it. It is also very easy to prevent it from occuring, if only people knew what to do.
Right now, if only some people already know how to abuse it (and have been) and others don't, then might as well raise awareness so that the abuse can be prevented. I'm not going to publicize anything unless I'm given the go-ahead, but it is my opinion that with the amount of leakage that has already occured, something needs to be done now. The new version or patch may still take a month or more to come out - that's a lot of time in which abuse can occur.
When the thread died off for a while i thought we were'nt going to get any kind of recognition out of the dev's etc. But now, we have progress.
As for the abuse side of things, how did you get the server-side mod for unchaining the chambers? Why not try and get an anti-PSHB server mod made up. I'm sure that as long as it doesn't take too long and is stable under linux/windows that alot of admin's would be putting the server side mod onto their server.
For now however, i've moved on to getting the general dodgyness under steam's netcode worked out. You may have seen the thread i posted you may have not, but regardless i'm moving on. Good luck with you're research.
The bug is not something you can simply get by walking into any pub server. It depends a lot on when you enter it and even then, you'd be lucky to get it - which is why it seemed very random at first. In competitive games, with less players, it is much easier to reproduce it - but then nobody in the games would stand for the abuse because it is so easy to identify bugged players and sound the alarms. As soon as a bugged player is identified (and it is very very easy to do so) then appropriate measures can be taken to get rid of the unfair advantage.
Edited for clarity..
Saraph is the man! Saraph, did you ever get my demo's I had of this? And matchbox even made the movies of it... but they are really old.
I'm amazed, I gave up trying to figure out what the hell this bug was back in the beta, and yet you continued and figured it out.
You are my hero!
EDIT:
Release the results! Omg nem we have to talk...
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><b><u><span style='color:red'>I told you so.</span></u></b><!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->Doesn't it just feel <i>good</i> to say that? <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->
Just another random question, is there such a thing as being reverse-bugged? I can recall more than one situation where I would identify someone as bugged, tell them to restart steam and come back, and when they came back they would claim to be reverse bugged, e.g. to their client everyone in the game is bugged.
PS: The CAL admins are aware of the bug and how to prevent it, and will be taking steps to prevent it from happening anymore.
I feel it would also be beneficial in tracking down a great many bugs, and better for league play demos than HLTV, and I do not think it would be to terribly difficult to implement the idea.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Please stop speaking like a freaking politician and just post the preventative measures so pub and clan server operators can implement them. Two pages of people asking for it and you still sidestep the solution.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
I think it was already explained that by making the steps to prevent people from exploiting this bug, you also give out the information about HOW TO exploit the bug. And not everyone is reading this, and trust me, word on how to exploit the bug will spread way faster than how to prevent it.
I'd rather see that the game should be left as it is and the fix included in the next update.
I have a server how do I prevent it in mines??
Quite.
Do the details of this setup reveal the way to exploit it? If not, please share immediately and lay some sticky on it.
Even if it does reveal how to exploit it, if there's a simple server-side prevention it would still be worth releasing.
Or, barring either of those suggestions, any possibility of getting a 3.04b with just the relevant settings locked and no other changes? Possibly even just server-side.
Because of that, I would prefer the head bug exterminator to authorize us to release the exploit publicly to let the majority of servers have an immunity against it until an official version containing a fix is released.
I think Sarisel is totally right about letting the community know about this exploit, his post about it made complete sense.
The community would then have to do a vast information compaign to let server admins who don't visit forums know about the possible fix.
The fix itself has a disadvantage that I can't talk of and a Beta 4b would honestly be much more appreciated.
This said, I will not do anything without the head bug exterminator's authorization.
Please don't send private messages asking for the fix. I know there are many honest admins who would make good use of it, but unless the whole community can beneficiate from the fix, it would be too risky to have the exploit get in the hands of few people with bad intentions who could exploit unprotected servers.
Screw authorization and just spread the bug around yourselves. Knowledge is power, and you guys have it.
As soon as you start spreading it through trusted server admins and players it will catch on like wildfire.
Also, ampednews could do an article posting how to fix it as well.
Otherwise, a lot of it has to do with luck for a player joining the server. In clan matches it is more of a problem. I really don't see the problem with posting information about this bug, because it is already happening in most non-empty servers as I type this. If anything, the information will prevent the exploitation of this bug.