Login Power~
 

This is a repost from dev/noobs topic becuase from a point of view other than mine, it twists the orignal topic, so i appolize to those parties who beleived this to be a hyjack.


You know i am curious i was talking with someone in irc last night and we debated for a bit, and finally came to an agreement.. so i wanted to put in my 2c.

First off, i have noticed that alot of this thread (not all of it) has to do with the way image was having a "powertrip" here, so i am going to touch on that here, because quite frankly i think its funny that the devs (like wiz wrote "But I really never wanted anything else than getting rid of the powertripping.") think that requiring people to use their login server isn't a "power trip", I mean after all, people can't run their server without a login server, and that gives the devs a feeling of "power" over the project.

First of all, as was put by my friend in irc (and is commented at the top of every single source/header/text file that is in the eqemu source) this project is protected, and follows the rules of the public GNU agreement.

(( Copy of the GPL can be found >>HERE<< ))


And there is a text file called GPL.txt in the source folder. So as such, it should follow the rules, one more important one follows

And ofcourse this doesn't include the Operating system, or compiler etc.., however correct me if i am wrong, but as of 2 or 3 versions ago, (when mini login no longer worked) this program required A Login Server.

The reason i put A in bold is to make the point, that no this project does not infact require YOUR login server. however it requires A login server. But the problem with this fact is that, according to the GNU you must supply all aspects of the project that allow it to work, at compile time, This server source will not run without a login server.

You did infact at one time supply everything that was needed to run a server, (this is when minilogin worked) the problem was, you never released the source to minilogin, or atleast i have never seen one. It could be debated that under the GPL it does state that any code that is not copied or modifed from the program under the GPL, and you could by reading the source say it was written without any direct refrence to the program (hard to believe a server meant to work with another server doesn't have some direct refrence to it but <shrug>,) then it it isn't subject to the GPL and thus it can be closed source.

So now we see that in distributing a working minilogin you are IN A WAY following the rules, however... i just don't see how this can be correct if the minilogin has to directly connect and pipe all the information going into world.exe

And as such i would believe the true login server uses code that directly refrences or corilates with code in the standard eqemu source (Someone prove me wrong), and thus is considered a module of the program and as such, even though it may have be written with clearly identifiable code that has nothing to do with the eqemu server. (I.e. some of the interal workings of the login) it is subject to the following

however you can also see in there if it is part of the whole, then no matter what it does, and who wrote it, it now becomes a part of the main project, and thus anyone should be able to find a copy of the login source at any time, by simply asking..

Now, again someone prove me wrong, but this also means minilogin source should have at anytime been at public grasp, and it was not.

So if this program does infact (which i would believe it does) contain code that is directly linked, or copied/modified from the code in the eqemu server code, its part of the whole ( i think i have said that enough times now).

But let me try to answer a question before any devs ask it.

that question would be of course, what about crypto?

Well there were a few things i was thinking about before i posted this, and i conducted a tiny experiment.

While running the following command in windump.exe (from http://windump.polito.it/install/default.htm )
i the following packet info.

(( Replaced a few things for my own protection )).

The $ represent characters in my password, which in the unmodifed file, is sent in pure plain text. with no encryption what so ever.

however after running windump.exe while running the eqlive version listening on all ports. i found an enourmous amount of server communication between my computer and the eqive login, but i found no evidence of plain text information, but plenty of cases where encryption is evident.

So my question is, where exactly does the eqemu crypto come into effect? My guess would be that the eqlive servers send some sort of command that tells the client what encryption algorithim to use, allowing them to change it from time to time, sadly i don't know the answer to this. but why is it that when using the eqemu login the names/passes are sent in plain text format.

With this, it doesn't seem as if there is any crypto going on at all.

I do not in anyway agree with the fact that they keep the login source to themselves, and that they do control 90% of the eqemu communties servers by making them pipeline all the server information through them first, before anyone can play on any of the servers..

And although i do not agree with it, the alternative is somthing i don't want to see, which ofcourse would be for them to close the project, but in that they would lose the support of the community (which is stated as the only alternative in the GPL, don't follow the rules, close the project).

And trust me there are several ways you could still get people out there to use the eqemu login without keeping the code to yourself.

• 1. You could not realease any binaries, ever, and atleast 30% of the people out there wouldn't have any way, or knowledge of how to compile it, thus they would use the eqemus login.
  
  2. People don't have the kind of internet connection or computer resources that are required to support both a world server, sql server and login server, and as such they would want someone who could handle the workload needed and would use the eqemu login.
  
  3. Release a working copy of minilogin source (yea that means it would have to be fixed), and then the community could update it as needed, and they could host their own privite server again. And if they wanted to host a public server they would have to use the eqemu login. This is a very viable solution, which would allow you to once again follow the rules of the GPL.

So ask yourself, as of right now, 99% of the servers based on eqemu use the public eqemu login servers, the devs have never offered the source to the login, as they should under the GNU GPL, call me stupid, but thats sounds alot like project control to me. I understand the devs don't want people going off and just taking the source as they see fit, and as such they require people to use their login so they will keep comming back, otherwise many people would possibly deadlock their client version, and never have to get new source code to work with the newer eqemu login server.

This in my book, could be defined as a "power trip" They sure seem to like having control over the project, (not managment over it, managing a project, and controling it are very different), and as such i think they would enjoy the power it gives them.

If anyone out there that has somthing meaningful to say other than, Shut the fuck up your stupid. Then i want to hear it, but don't make it all sum up to somthing stupid, and show me a funny picture that shows me how stupid you are.

I KNOW the reason the mini-login source wasnt given out was because it was written by someone else not afiliated with the EMU and they wants it closed source, the EMU Devs had nothing to do with its creation and didnt have permition from its creator to give it out. ( they still dont FYI ) They included and kept mini-login up to be nice to people, I am not sure why they stopped, lack of time, lack of interest, or got sick of people asking for the source so they say'd screw it, or some other reason.

As to them giving out the source to there login server well I dont know so Ill let a Dev answer that.
----------------------Repost from other thread-------------------------

Now I dont KNOW who updated the mini-loin in the past I asume it was the Devs with the understanding from the original coder that the source would never be given out.


There has been discussion of this in the past and the original coder still says No to giving it out. Whether this is a violation or not I dont know, however it is what the original creator wanted and what they agreed to, just to let the community have it to use.

I know little about minilogin or, indeed, much of the GPL spiel, but I am with Charmy in the belief that the release of code for a login server would be a wise move.

I personally am not comfortable with the fact that this project hinges upon one specific group of people. You might be the ones releasing CVS's and letting all of us play the game in the fashion we want to, but some of us (not necessarily me, but various "non-devs") have put in a lot of work as well.

With that in mind, I believe we all have equal stake in the furthered existance of the project. And that, I believe, can only be guaranteed with none other than the release of a login server we can all use and adapt as we see fit.

- Bryan

Please note this is just my opinion. Some may agree or disagree, but I personally believe this to be the best course of action at this point (or any point, for that matter).

I've have always believed that the reason there isn't SOME sort of open source login program is for control. That is the one of the main reasons I stopped following and messing with the EMU. (The others being an obvious "devs > all teenage club mentality", lack of effective source control, multiple "private" unsynced source trees and a general lack of any observable project management. )

I'm am fairly sure that if there were a concerted effort to find a way to have a PD/OSS login server, it would happen...however, I don't see that the dev's (at least not in the past) have ever had great concern for the concerns of the users.

I've heard over the last couple of years the story about the encryption subroutines being the issue and find it a tired story. Why not .DLL it? How was the .EXE distributed in the first place?

The idea that an entire project is basically owned by the 2-3 people who have access to the crypt code is a huge turn-off to many with over a 17yr old "club member" mentality.

Imagine having a copy of Linux but that all the crypt functions were only distributed in binary form by Linus and a couple others...yea, that'd fly. But then again, Linux would have never become anything but a little club if that had been the case.

The only sane thing I've seen come out of the EMU is the work being done by the world buliders. I support them as much as possible, even now. They are reasonable, smart, helpful and actually seem to want to get something done besides measuring their e-penis.

im not even a dev and that offended me.

If someone had the encrypt/decrypt functions said person could easily write a little sniffer that decodes the passwords from players logging into EQLive. That's the reason they weren't published. Putting them into a DLL doesn't help, since anyone (well, not really anyone ...) could link and use it for the same purpose mentioned above.
Although I admit that someone who's able work with an "unknown" DLL is probably also capable enough to crack the encryption himself.

Another reason for not releasing the login server is make sure that all EQEMu servers are centralized somewhere. If you think of that as "control" then you should really do something about your Big Brother paranoia.

Um, the Login was never under any GPL license, ask any dev that has access to the login source, the license is not included in the top like it is on every open source file the project has. So therefore, that argument is irrelevent.

What I dont understand is, you want an answer but in every question you bash the only people who can gibe the answer. You people are proving that your the jerks, if the Devs are sutch jerks why do you have to sink to there level?


Mrwalsh is the only one who asked and didnt say something bad about / bash / act like a child wile posting.


I mean come on if you are so much better then them then STOP acting like you say they are.

bbum :i think the point here s was not "who does what", or "who did what", but "Why isn't there an open source login server available in the project ? ". Vetoeq's last part was of-topic, so nm.



No matter how pure the intentions would have been, that'd be violation of the GPL.

Now, the login server source is not GPL'ed, granted. So, can EQEMu be considered open source, when u can't use the EMU (GPL'ed) without the LS ? Not under GPL terms, that's Charmy's argument.

That information is not crypted in EQEMu's current logging process.

Actually, there is, afaik, no encryption used in any part of playing EQEMu servers

Often the case in long-since untold questions :). i can read little bashing if any.

p.s. no need to quote it to me, i'll re-read and find out myself :)

Try reading what you quote. I was talking about EQLive, and they are using encryption there. They didn't do it for a while, which is why EQEMu could pick so fast with the new login system.

The "old" en-/decrypt stuff is still used on ... um ... I think pre 0.5.6. servers (like WR ... technically).

It's correct that there's no crypting going on with the current EQEMu 0.5.6.+ servers.

LOL this is for sure, the only truth that was said in those last 2 days of totally BS.

Hypocrite.

Resorting to childish insulting is not the way to raise yourself above 17-year-old mentality, so gg on discrediting yourself.

Hmm that's not really true.. i had a typo once and it couldnt connect to the login server, but the source ran fine, the zones connected to my world, etc... just nobody could log on.

Technically the program doesn't REQUIRE a login server to run, u just need it to utilitize it.