SonicSplit
Career
- Joined
- Aug 30, 2013
- Messages
- 1,407
- Reaction score
- 371
The site apparently doesn't realize that I DON'T SPEAK KOREAN 
Well I would like to see if this works.
Well I would like to see if this works.
-
Our Minecraft servers are offline but we will keep this forum online for any community communication. Site permissions for posting could change at a later date but will remain online.
Lets Stop Hackers - For Good
- Thread starter SpaghettiSquid
- Start date
- Status
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
Haha of course. I'll update the original thread later this afternoon with an in-depth explanation but for now a brief summary. An API (Application Program Interface) is a means of communication, a 'back-end'. When you embed a YouTube video on a website, you are taking advantage of YouTube's API. Twitter's API allows the embedding of tweets, and Java API's are made to allow the insertion/referencing of code externally. Essentially, if I want to use an API I must make an account, write a program that can take advantage of the API, link the API and my program using my account, and then they can communicate freely. Mojang's Modding API would allow the mods in a client to communicate with the API for validation purposes.
15,000 is not a 'must have'. I set the goal there because I know for a fact I can get it, but also so that the goal wouldn't be reached in a matter of days. If we want Mojang to do something, we need a sizable number of people. Also, I know you have stuff against me on a personal level from the way you've spoken to me on other servers, but I'd ask that you keep that negative bias out of this discussion. (I'm looking for constructive criticism, feedback, and ideas. Not someone who wants to poke holes where there aren't any for the sake of argument.)
--
Thanks to everyone who has signed so far! With the support of YouTubers like ThatOneTomahawk and others, I know that we can hit 15K. Updates soon!
reven86
Platinum
- Joined
- Nov 27, 2012
- Messages
- 2,055
- Reaction score
- 3,302
if you can get some big youtubers like huahwi or tomahawk to announce this on one of their vids to tell their fans to sign this.. you could easily get 15k people. Huahwi ThatOneTomahawkHaha of course. I'll update the original thread later this afternoon with an in-depth explanation but for now a brief summary. An API (Application Program Interface) is a means of communication, a 'back-end'. When you embed a YouTube video on a website, you are taking advantage of YouTube's API. Twitter's API allows the embedding of tweets, and Java API's are made to allow the insertion/referencing of code externally. Essentially, if I want to use an API I must make an account, write a program that can take advantage of the API, link the API and my program using my account, and then they can communicate freely. Mojang's Modding API would allow the mods in a client to communicate with the API for validation purposes.
15,000 is not a 'must have'. I set the goal there because I know for a fact I can get it, but also so that the goal wouldn't be reached in a matter of days. If we want Mojang to do something, we need a sizable number of people. Also, I know you have stuff against me on a personal level from the way you've spoken to me on other servers, but I'd ask that you keep that negative bias out of this discussion. (I'm looking for constructive criticism, feedback, and ideas. Not someone who wants to poke holes where there aren't any for the sake of argument.)
--
Thanks to everyone who has signed so far! With the support of YouTubers like ThatOneTomahawk and others, I know that we can hit 15K. Updates soon!
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
I've already been in contact with Tomahawk and he'll likely pass it around. Thanks for your thoughts tho!
- Joined
- Mar 10, 2013
- Messages
- 1,260
- Reaction score
- 6,722
Let's be realistic here: Mojang is great at ignoring many of the largest player-requested features, especially since it's a lot easier for them to simply allow users to create and maintain their own unofficial plug-ins than it is for Mojang to do the same themselves.
Plus imposing such a large change to the fundamentals of Minecraft (e.g. locking out modifications to the client) creates many issues for them as well. You know what else might be locked out via API? Optifine.
And they can't legally create certain loopholes for some mods to work with, because then they'd have two issues on their hands: they'd be endorsing a third-party plug-in that they have no control over (creating legal issues or requiring a Mojang buy-out of Optifine), and they'd be creating a loophole that regular hacks could easily exploit (where there's a will...).
But you know what? I signed it anyways, if only as a symbolic measure of what I want to see happen.
Plus imposing such a large change to the fundamentals of Minecraft (e.g. locking out modifications to the client) creates many issues for them as well. You know what else might be locked out via API? Optifine.
And they can't legally create certain loopholes for some mods to work with, because then they'd have two issues on their hands: they'd be endorsing a third-party plug-in that they have no control over (creating legal issues or requiring a Mojang buy-out of Optifine), and they'd be creating a loophole that regular hacks could easily exploit (where there's a will...).
But you know what? I signed it anyways, if only as a symbolic measure of what I want to see happen.
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.
Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!
Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!
Hope this clears up your questions.
reven86
Platinum
- Joined
- Nov 27, 2012
- Messages
- 2,055
- Reaction score
- 3,302
seems legit. I kind of want to read up some more on this whole thing. You seem to know what you are talking about, but I kind of want to look all this up myself.First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.
Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!
Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!
Hope this clears up your questions.
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
Ava
Administrator
- Joined
- Jan 1, 2013
- Messages
- 1,346
- Reaction score
- 5,399
I appreciate what you're trying to accomplish, but I still see a loophole: modified clients would modify Minecraft's code itself and nullify the mod checksum check, making the system useless.First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.
Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!
Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!
Hope this clears up your questions.
Public/private key authentication could be a possible method to do it, but I believe it'd still fall prey to the same loophole (I would explain more in depth, but I'm pretty tired right now
).
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
True, however when the launcher starts it scans the assets and whatnot and repairs any missing files. (For example, you cannot remove/replace the music disc .ogg files as they are just recreated. I suppose someone could modify the code further to prevent that check, but there has to be some way to embed it deep in the code or not allow the client to play online (offline mode only) without that check.I appreciate what you're trying to accomplish, but I still see a loophole: modified clients would modify Minecraft's code itself and nullify the mod checksum check, making the system useless.
Public/private key authentication could be a possible method to do it, but I believe it'd still fall prey to the same loophole (I would explain more in depth, but I'm pretty tired right now
I saw these loopholes coming, but I think there are still ways to patch/close them.
Thanks for your reply!
Last edited:
SpaghettiSquid
Platinum
- Joined
- Jan 20, 2013
- Messages
- 343
- Reaction score
- 267
Quick bump (sorry for the double post):
We are three signatures away from 100! I hope to soon have Huahwi, Graser, and others publicizing the petition as well but every bit helps! Sharing the petition on Twitter/social media will help drastically (as it would likely spread exponentially!)
Again, thank you all for your support and criticisms!
We are three signatures away from 100! I hope to soon have Huahwi, Graser, and others publicizing the petition as well but every bit helps! Sharing the petition on Twitter/social media will help drastically (as it would likely spread exponentially!)
Again, thank you all for your support and criticisms!
- Status
