• Our Minecraft servers are offline but we will keep this forum online for any community communication. Site permissions for posting could change at a later date but will remain online.

Lets Stop Hackers - For Good

Status
Not open for further replies.

SonicSplit

Career
Joined
Aug 30, 2013
Messages
1,407
Reaction score
371
The site apparently doesn't realize that I DON'T SPEAK KOREAN :p Well I would like to see if this works.
 

SpaghettiSquid

Platinum
Joined
Jan 20, 2013
Messages
343
Reaction score
267
...
I will say tho, you should probably explain exactly what API is. A lot of our younger players are probably sitting there like... ????
Haha of course. I'll update the original thread later this afternoon with an in-depth explanation but for now a brief summary. An API (Application Program Interface) is a means of communication, a 'back-end'. When you embed a YouTube video on a website, you are taking advantage of YouTube's API. Twitter's API allows the embedding of tweets, and Java API's are made to allow the insertion/referencing of code externally. Essentially, if I want to use an API I must make an account, write a program that can take advantage of the API, link the API and my program using my account, and then they can communicate freely. Mojang's Modding API would allow the mods in a client to communicate with the API for validation purposes. :)

still not gonna work. and no offense but I don't think you'll be getting 15,000 signatures
15,000 is not a 'must have'. I set the goal there because I know for a fact I can get it, but also so that the goal wouldn't be reached in a matter of days. If we want Mojang to do something, we need a sizable number of people. Also, I know you have stuff against me on a personal level from the way you've spoken to me on other servers, but I'd ask that you keep that negative bias out of this discussion. (I'm looking for constructive criticism, feedback, and ideas. Not someone who wants to poke holes where there aren't any for the sake of argument.)

--

Thanks to everyone who has signed so far! With the support of YouTubers like ThatOneTomahawk and others, I know that we can hit 15K. Updates soon!
 

reven86

Platinum
Joined
Nov 27, 2012
Messages
2,055
Reaction score
3,302
Haha of course. I'll update the original thread later this afternoon with an in-depth explanation but for now a brief summary. An API (Application Program Interface) is a means of communication, a 'back-end'. When you embed a YouTube video on a website, you are taking advantage of YouTube's API. Twitter's API allows the embedding of tweets, and Java API's are made to allow the insertion/referencing of code externally. Essentially, if I want to use an API I must make an account, write a program that can take advantage of the API, link the API and my program using my account, and then they can communicate freely. Mojang's Modding API would allow the mods in a client to communicate with the API for validation purposes. :)



15,000 is not a 'must have'. I set the goal there because I know for a fact I can get it, but also so that the goal wouldn't be reached in a matter of days. If we want Mojang to do something, we need a sizable number of people. Also, I know you have stuff against me on a personal level from the way you've spoken to me on other servers, but I'd ask that you keep that negative bias out of this discussion. (I'm looking for constructive criticism, feedback, and ideas. Not someone who wants to poke holes where there aren't any for the sake of argument.)

--

Thanks to everyone who has signed so far! With the support of YouTubers like ThatOneTomahawk and others, I know that we can hit 15K. Updates soon!
if you can get some big youtubers like huahwi or tomahawk to announce this on one of their vids to tell their fans to sign this.. you could easily get 15k people. Huahwi ThatOneTomahawk
 

Col_StaR

District 13
Staff member
Joined
Mar 10, 2013
Messages
1,260
Reaction score
6,722
Let's be realistic here: Mojang is great at ignoring many of the largest player-requested features, especially since it's a lot easier for them to simply allow users to create and maintain their own unofficial plug-ins than it is for Mojang to do the same themselves.
Plus imposing such a large change to the fundamentals of Minecraft (e.g. locking out modifications to the client) creates many issues for them as well. You know what else might be locked out via API? Optifine.
And they can't legally create certain loopholes for some mods to work with, because then they'd have two issues on their hands: they'd be endorsing a third-party plug-in that they have no control over (creating legal issues or requiring a Mojang buy-out of Optifine), and they'd be creating a loophole that regular hacks could easily exploit (where there's a will...).

But you know what? I signed it anyways, if only as a symbolic measure of what I want to see happen.
 

SpaghettiSquid

Platinum
Joined
Jan 20, 2013
Messages
343
Reaction score
267
Let's be realistic here: Mojang is great at ignoring many of the largest player-requested features, especially since it's a lot easier for them to simply allow users to create and maintain their own unofficial plug-ins than it is for Mojang to do the same themselves.
Plus imposing such a large change to the fundamentals of Minecraft (e.g. locking out modifications to the client) creates many issues for them as well. You know what else might be locked out via API? Optifine.
And they can't legally create certain loopholes for some mods to work with, because then they'd have two issues on their hands: they'd be endorsing a third-party plug-in that they have no control over (creating legal issues or requiring a Mojang buy-out of Optifine), and they'd be creating a loophole that regular hacks could easily exploit (where there's a will...).

But you know what? I signed it anyways, if only as a symbolic measure of what I want to see happen.
First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.

Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!

Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!

Hope this clears up your questions. :)
 

reven86

Platinum
Joined
Nov 27, 2012
Messages
2,055
Reaction score
3,302
First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.

Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!

Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!

Hope this clears up your questions. :)
seems legit. I kind of want to read up some more on this whole thing. You seem to know what you are talking about, but I kind of want to look all this up myself.
 

Ava

Administrator
Joined
Jan 1, 2013
Messages
1,346
Reaction score
5,399
First off, thank you for signing the petition. Secondly, I agree that Mojang is great at ignoring player-requested features, however this is not a feature. It's a patch to a bug that has existed since multiplayer began. My goal is for Mojang to view it as such and patch it accordingly.

Also, there aren't loopholes! Any client (modification) can be registered with the API. However, every single mod gets its own unique ID. Optifine's might be ofgt4380tu50fjviehvn30443=, while Nodus's could be r937t5h3y9ghndsfugh2r408rf=. That way servers can allow clients running Optifine to join but not Nodus! And servers that don't care can allow everyone to join, and servers that want NO mods can allow no one to join with a modded client!

Pasting from the petition: "Couldn't a hacked client just use Optifine's UUID?" Nope! When a player launches Minecraft, the specific version is compared to the version hosted on the Mojang API. This means that tampering with a mod would invalidate it's UUID. Another method would be using public and private API keys. Regardless, it would have no impact on in-game performance and would prevent unwanted modded clients from joining!

Hope this clears up your questions. :)
I appreciate what you're trying to accomplish, but I still see a loophole: modified clients would modify Minecraft's code itself and nullify the mod checksum check, making the system useless.
Public/private key authentication could be a possible method to do it, but I believe it'd still fall prey to the same loophole (I would explain more in depth, but I'm pretty tired right now :p).
 

SpaghettiSquid

Platinum
Joined
Jan 20, 2013
Messages
343
Reaction score
267
I appreciate what you're trying to accomplish, but I still see a loophole: modified clients would modify Minecraft's code itself and nullify the mod checksum check, making the system useless.
Public/private key authentication could be a possible method to do it, but I believe it'd still fall prey to the same loophole (I would explain more in depth, but I'm pretty tired right now :p).
True, however when the launcher starts it scans the assets and whatnot and repairs any missing files. (For example, you cannot remove/replace the music disc .ogg files as they are just recreated. I suppose someone could modify the code further to prevent that check, but there has to be some way to embed it deep in the code or not allow the client to play online (offline mode only) without that check.

I saw these loopholes coming, but I think there are still ways to patch/close them. :) Thanks for your reply!
 
Last edited:

SpaghettiSquid

Platinum
Joined
Jan 20, 2013
Messages
343
Reaction score
267
Quick bump (sorry for the double post):

We are three signatures away from 100! I hope to soon have Huahwi, Graser, and others publicizing the petition as well but every bit helps! Sharing the petition on Twitter/social media will help drastically (as it would likely spread exponentially!)

Again, thank you all for your support and criticisms!
 
Status
Not open for further replies.

Members online

No members online now.

Forum statistics

Threads
242,192
Messages
2,449,550
Members
523,971
Latest member
Atasci