02:08 <+bridge> [ddnet] Why bans so ineffective? If anyone list reports we can see some ppl that break rules over and over again. May be need to more variants to identify players, for more effective bans? HWID, IP, logpass (so, it's also stop faking other ppl nicknames) with mail, ban indicator into game files for repeating ban if it same client, but new others. 02:08 <+bridge> [ddnet] 02:08 <+bridge> [ddnet] I think it all divide all "crime" by zero 02:08 <+bridge> [ddnet] 02:08 <+bridge> [ddnet] If u really need to wait weeks after doing shit u think twice before doing this 02:09 <+bridge> [ddnet] 02:09 <+bridge> [ddnet] For example, i talked a little with some idiots. With BlockMark and Rety. Those category of shit players think identically: "I'll not be punished, i can do what i want. If i got baned I just avoid this, lol" 09:13 <+bridge> [ddnet] HWID, IP, and some other type of bans are known to be very ineffective 10:10 <+bridge> [ddnet] could send drive serial or gpu uuid to server, not sure how much of a privacy concern that is though 10:33 <+bridge> [ddnet] No, we can't send those. DDNet is open source, anyone can change the client to send fake info 10:38 <+bridge> [ddnet] Better use an account system 10:48 <+bridge> [ddnet] Yes, but that only works if you make registering accounts hard, for example by having to pay 10:49 <+bridge> [ddnet] if people cared about their ingame name, we could nameban them already 10:49 <+bridge> [ddnet] Maintain a hidden branch with "anticheat"? 10:49 <+bridge> [ddnet] This would totally destroy the purpose of backwards compatibility & open source though 10:50 <+bridge> [ddnet] Or rate-limit account creation per ip 10:50 <+bridge> [ddnet] that'd be equal to ip ban 10:50 <+bridge> [ddnet] not a solution 10:50 <+bridge> [ddnet] Most of those guys are using known proxy/vpn ranges 10:51 <+bridge> [ddnet] and would also destroy backwards compatibility. 10:51 <+bridge> [ddnet] How would it destroy backwards compatibility? 10:51 <+bridge> [ddnet] Do official servers not use getipintel.net or whatever it was called? 10:51 <+bridge> [ddnet] account system. 10:51 <+bridge> [ddnet] I don't see a way to implement an account system without a client update 10:51 <+bridge> [ddnet] KoG uses the account system for years now 10:51 <+bridge> [ddnet] yes, but you don't need one to join 10:51 <+bridge> [ddnet] Yeah, but you cant kick logged in members for example 10:53 <+bridge> [ddnet] We have a way to detect vpn ranges, but we don't disclose which one we use so botters can't test to find a vpn provider that is not detected. 10:53 <+bridge> [ddnet] Either way, getipintel is very decent. 11:29 <+bridge> [ddnet] +1 11:43 <+bridge> [ddnet] I think it possible to do register system using ddnet.tw, affecting only ddrace servers. 11:43 <+bridge> [ddnet] Login in game once per day using log pass. And for register need to link email, with restriction one mail - one account and nickname, + ban services that provide 1 minute mail, + ban for registration multiple accounts from same ip, + ban for registration from VPN services. 11:43 <+bridge> [ddnet] And change vote system a little. For example, only registered users can start vote for kick, + if target is unregistered user kick without vote. 11:44 <+bridge> [ddnet] "Once per day" I about don't need to relogin every time, just one login and u gaming all day, like in KoG 11:45 <+bridge> [ddnet] what about tempmails then 11:46 <+bridge> [ddnet] As ridiculous variants may be link phone number with verification, and seriously restrict unregistered users, but it's too complicated 11:47 <+bridge> [ddnet] phone numbers nowadays is useless 11:47 <+bridge> [ddnet] it can be easily bypassed 11:47 <+bridge> [ddnet] onoff app and done 11:47 <+bridge> [ddnet] I write about tempmails, 1min mails, etc, need to ban registration using that services 11:49 <+bridge> [ddnet] dunno if there's any existing online db to get domains used by 1min mails 11:49 <+bridge> [ddnet] Yes, much of this can still be bypassed separately, but the point is that the "terrorists" spend much more nerves and efforts to bypass the blockages. 11:51 <+bridge> [ddnet] Along with this, it will still not be so "cool" that it causes the slightest difficulty for ordinary players. 11:53 <+bridge> [ddnet] Target is making ban really serious thing, not just "i change thing1 and thing2, and i go do shit again" 11:57 <+bridge> [ddnet] We just have "serial killers" and many of them are not very technical. It turns out that at the moment almost no effort needs to be made to bypass the blockage, which is why they continue to do all this. 11:57 <+bridge> [ddnet] (some Google translate, sorry) 11:59 <+bridge> [ddnet] (some Google translate, sorry)(some write self) 12:01 <+bridge> [ddnet] speaking of Mac, has anyone tried running DDNet on M1? How is the performance there? 12:01 <+bridge> [ddnet] as an additional measure, you can force to verify in Discord even during registration, and same, one ds - one reg. 12:03 <+bridge> [ddnet] the 1min mail thing won't work. I can generate emails with a custom domain all day long 12:04 <+bridge> [ddnet] there really is no good solution until you introduce $$$. Bc if it's free then it's trivial to do 12:04 <+bridge> [ddnet] imo 12:06 <+bridge> [ddnet] Whitelist emails? To only popular ones 12:06 <+bridge> [ddnet] its easy enough to make email with gmail 12:06 <+bridge> [ddnet] Anyway -> 12:06 <+bridge> [ddnet] ```Yes, much of this can still be bypassed separately, but the point is that the "terrorists" spend much more nerves and efforts to bypass the blockages.``` 12:07 <+bridge> [ddnet] I considered this but the several clients that do have these kinds of features are extremely easy to reverse engineer. I really dont want to be in this game of cat and mouse 12:07 <+bridge> [ddnet] Fan tried, said it's fine iirc 12:08 <+bridge> [ddnet] that's good to know 12:08 <+bridge> [ddnet] Depends on how you approach this 12:09 <+bridge> [ddnet] You could use Code Virtualizer and things like that to make it harder to reverse engineer. 12:09 <+bridge> [ddnet] But anyway, grabbing disk serial & gpu uuid, and sending it, encrypted with AES-256 or smiliar, will do very well 12:09 <+bridge> [ddnet] The OpenGL backend on M1 can be a bit odd bc it's really only tested against professional apps and bigger games 12:09 <+bridge> [ddnet] We could do accounts and require like an hour of proof of work to create a new one. If people invest in fpgas to create ddnet proof of work then we are fucked :D 12:09 <+bridge> [ddnet] even without obfuscation 12:09 <+bridge> [ddnet] Yep, it's good. 12:10 <+bridge> [ddnet] but I don't recommend using a touch pad for this game 12:10 <+bridge> [ddnet] lmao 12:10 <+bridge> [ddnet] or the magic mouse lol 12:10 <+bridge> [ddnet] what's the framerate like? 12:10 <+bridge> [ddnet] Sacrificing tons of performance for a solution that will only stop people not commited to the task. Things like VTIL are getting better day after day 12:10 <+bridge> [ddnet] 0% performance impact if done properly. 12:11 <+bridge> [ddnet] That sounds like fairy dust 12:11 <+bridge> [ddnet] You wouldn't run this in a loop 24/7. 12:11 <+bridge> [ddnet] You would only run the hwid routine when you connect to aserver 12:11 <+bridge> [ddnet] You would only run the hwid routine when you connect to a server 12:11 <+bridge> [ddnet] that's it. 12:11 <+bridge> [ddnet] what's stopping anyone from changing the source code 12:12 <+bridge> [ddnet] That's why it'd be a hidden brach. 12:12 <+bridge> [ddnet] That's why it'd be a hidden branch. 12:12 <+bridge> [ddnet] then now you can't compile DDnet anymore? 12:12 <+bridge> [ddnet] You can, simply include the "hwid" module in your source code and you're all set 12:12 <+bridge> [ddnet] Well any part of the code that isn't virtualized makes it trivial to reverse. E.g. look at escape from tarkov 12:12 <+bridge> [ddnet] Let's be real, barely anyone knows how to circumvent hwid checks in here. 12:13 <+bridge> [ddnet] They keep attacking the point where the game interfaces with battleye 12:13 <+bridge> [ddnet] and no one will bother to do so for something like ddnet. 12:13 <+bridge> [ddnet] BattlEye is totally different, and has a totally different player base. 12:13 <+bridge> [ddnet] Trust me that it'd prevent a LOT of ban evasion if done properly 12:13 <+bridge> [ddnet] and if this would become a thing, i'd be happy to assist 12:13 <+bridge> [ddnet] Well the guy that developed one of the most popular bots right now also sells bots for AAA games. So atleast one guy here that has that sort of reverse engineering skills 12:14 <+bridge> [ddnet] Let's say you can simply download the hwid module .dll, and place it in the same folder as your ddnet build 12:14 <+bridge> [ddnet] should be very easy to implement 12:14 <+bridge> [ddnet] yeah that works for windows fine but for linux maybe not as well 12:14 <+bridge> [ddnet] ship a linux module aswell 12:14 <+bridge> [ddnet] 🙂 12:15 <+bridge> [ddnet] I don't quite get what stops you from just hooking the dlls calls. The dll just asks winapi for the information at the end of the day. This is why most modern anticheats are moving into the kernel and even requiring they be loaded up at startup 12:16 <+bridge> [ddnet] having proper integrity checks. 12:16 <+bridge> [ddnet] you can directly query the disk driver instead of using winAPIs 12:16 <+bridge> [ddnet] same for gpu uuid 12:16 <+bridge> [ddnet] Leave a few traces if the offending player has been banned, and it should prevent most offenders from joining back (temporarily) 12:16 <+bridge> [ddnet] you can always go even further in-depth 12:17 <+bridge> [ddnet] Anyway, lets not talk more about this here. Bot people watch this channel all the time 12:17 <+bridge> [ddnet] 👀 12:17 <+bridge> [ddnet] 👋 hi bot people 12:18 <+bridge> [ddnet] But in general we dont really love the idea of a closed source blob being required. All our proprietary integrations are also all optional if you notice, so you can run the game without any blobs right now 12:18 <+bridge> [ddnet] yes stallman is happy with us 12:19 <+bridge> [ddnet] Is he? We dont use gpl :P 12:22 <+bridge> [ddnet] With serious registration and serious limitation for registration it need to change a much more things. 12:22 <+bridge> [ddnet] For account use mail and DS verification. And very serious restrict to: 1 ip = 1 account, 1 mail = 1 account, 1 DS = 1 account. If u already used any of this, u cannot register, in addition, ban registration using known VPN services and ban registration if used unknown mail service or if used known bad services, providing mail for 1 minute. 12:23 <+bridge> [ddnet] 12:23 <+bridge> [ddnet] And in game we just ban account, IP and HW. 12:23 <+bridge> [ddnet] Imagine that, for bypass u need literally change everything. IP, mail, Discord, HW, ip cannot be known VPN, need to register/use new normal mail, etc. Yes, moms hacker kids still can bypass, but it significantly down repeating of rule-breaking. 12:23 <+bridge> [ddnet] lol please don't force users to register with discord 12:24 <+bridge> [ddnet] Still exist other measures 12:24 <+bridge> [ddnet] no 12:24 <+bridge> [ddnet] there are no other measures 12:24 <+bridge> [ddnet] tw is open source 12:24 <+bridge> [ddnet] u can spoof any measure 12:25 <+bridge> [ddnet] I about all listed, but not DS 12:25 <+bridge> [ddnet] Site is open source too? 12:25 <+bridge> [ddnet] what is DS 12:25 <+bridge> [ddnet] btw if i was forced to register email, and my own email didn't work bc it wasn't popular enough, I'd not bother. Though I might be the odd one out there 12:25 <+bridge> [ddnet] Ds - discord 12:26 <+bridge> [ddnet] what's stopping anyone from creating a new gmail account lol 12:26 <+bridge> [ddnet] It is already longer, than just change only ip 12:29 <+bridge> [ddnet] i only have 888 hours in the game, but so far I've only seen one guy evade bans anyway and he never disrupted anything anyway 12:29 <+bridge> [ddnet] when people get kicked I don't see them return. do you? 12:29 <+bridge> [ddnet] maybe this is a regional issue idk 12:29 <+bridge> [ddnet] And, i listed it much upper, we can do some fingerprint in client shadowly, only about ban info. If ban info detected, we ban all new things 12:30 <+bridge> [ddnet] Idk, in Russia we have mad guy's that everytime bypass restrictions and block all again and again 12:30 <+bridge> [ddnet] u can just recompile ddnet code with anything u want added 12:30 <+bridge> [ddnet] well i dont think theres a perfect solution 12:31 <+bridge> [ddnet] on my servers i have a better list of blocked providers + detection for bad inputs 12:31 <+bridge> [ddnet] and it works a littel better 12:31 <+bridge> [ddnet] Yes, but not all is super mega hackers 12:31 <+bridge> [ddnet] ive suggested some of these things to ddnet 12:31 <+bridge> [ddnet] they added a couple of them 12:31 <+bridge> [ddnet] but their tolerance towards false bans is very low 12:31 <+bridge> [ddnet] Good 12:31 <+bridge> [ddnet] so they arent gonna accept every strategy ive implemented for my servers 12:31 <+bridge> [ddnet] and thats fine lol 12:33 <+bridge> [ddnet] Anyway, cheaters is more rare in ru regions. Really common thing is idiots that bypass ban everytime, it's annoying. 12:35 <+bridge> [ddnet] what XD 12:35 <+bridge> [ddnet] no they arent 12:35 <+bridge> [ddnet] i did a statistical analysis on my main server 12:35 <+bridge> [ddnet] it was a ger server 12:35 <+bridge> [ddnet] and i found that russian ips are roughly 3.7x more likely to be cheaters than german ips 12:35 <+bridge> [ddnet] In other news, our gear in germany is coming up by tuesday 🥳 12:35 <+bridge> [ddnet] I'll likely release the old mitigation code for DDNet here (the reconnecting in 3 seconds one), as this will be deprecated by then 12:36 <+bridge> [ddnet] I about ru ddrace servers, ddrace mode. May be fng more common cheat situation 12:36 <+bridge> [ddnet] tbh im not sure 12:36 <+bridge> [ddnet] i was talking about fng 12:36 <+bridge> [ddnet] I think cheating in fng do more profit for ego of cheaters 12:36 <+bridge> [ddnet] yes 12:37 <+bridge> [ddnet] its far easier to cheat at fng 12:37 <+bridge> [ddnet] ~~theres a reason my banlist is 3.5k lines long~~ 12:37 <+bridge> [ddnet] :D 12:38 <+bridge> [ddnet] Anyone can ddos server with just a giant attemtps to connect? 12:38 <+bridge> [ddnet] and i mostly just use iprange bans instead of this fwiw 12:38 <+bridge> [ddnet] depends on ur defn of giant but in general yes 12:38 <+bridge> [ddnet] most tw dos attacks involve connect or info requests 12:38 <+bridge> [ddnet] most are spoofed with either random or player ips 12:39 <+bridge> [ddnet] I just thinked about "oh, u need to check about guy bot in ban list, and other things" 12:39 <+bridge> [ddnet] oh no 12:39 <+bridge> [ddnet] my servers skip the info and the first handshake packet when checking banlist 12:39 <+bridge> [ddnet] to show banned players the discord link + to protect a little bit against dos 12:40 <+bridge> [ddnet] it only shows them the link on the second stage of the handshake 12:40 <+bridge> [ddnet] once they send back a correct packet with a token 12:40 <+bridge> [ddnet] Hmm 12:40 <+bridge> [ddnet] that's why we made a filter that will block both query floods, and other traffic 12:40 <+bridge> [ddnet] just dealing with capacity issues in frankfurt atm 12:40 <+bridge> [ddnet] which will be solved by tuesdaay 12:40 <+bridge> [ddnet] which will be solved by tuesday 12:41 <+bridge> [ddnet] and yes fan servers are better protected than mine, lol 12:41 <+bridge> [ddnet] which means we'll also be able to utilize our newer ddnet filters 12:41 <+bridge> [ddnet] that are pretty much transparent. 12:41 <+bridge> [ddnet] against dos at lest 12:41 <+bridge> [ddnet] against dos at least 12:41 <+bridge> [ddnet] Fun fact 12:41 <+bridge> [ddnet] they're also a lot more complex, probably the biggest filter I've made so far (except for FiveM) 12:41 <+bridge> [ddnet] Most games use one single protocol, no4 12:41 <+bridge> [ddnet] Most games use one single protocol, not 4 12:42 <+bridge> [ddnet] Pretty much, only issue we're seeing in Frankfurt is limited capacity at the moment 12:42 <+bridge> [ddnet] i host on a $5 vps so 12:42 <+bridge> [ddnet] lol 12:43 <+bridge> [ddnet] Eh, there's a difference between multi-k$ equipment and a $5 VPS I guess 12:43 <+bridge> [ddnet] ofc 12:43 <+bridge> [ddnet] id hope so at least 12:44 <+bridge> [ddnet] So, in ru regions we have a problem, that in most cases we have just agressive and unstoppable (i about ban ignoring) ppl, that not cheaters. 12:44 <+bridge> [ddnet] Still waiting for our Threadripper 3995X in Dallas with an additional 200Gbps in capacity to come up too, filtering is still running on a 3900x there, which does suffice due to the nature of XDP being very great performance-wise 12:44 <+bridge> [ddnet] o__o 12:44 <+bridge> [ddnet] Hah 12:44 <+bridge> [ddnet] Strong 12:44 <+bridge> [ddnet] on my servers i use rangebans to deal with such players, thers a system to correlate names to ips and it lets me easily find which ranges i can ban 12:44 <+bridge> [ddnet] i dont think ddnet is willing to do this 12:44 <+bridge> [ddnet] but its one option 12:45 <+bridge> [ddnet] i also have a system to ban providers 12:45 <+bridge> [ddnet] Who knows, we're potentially gonna have 2.5Tbps in capacity by the end of year (globally), if things go as planned. 12:45 <+bridge> [ddnet] 🙏 12:45 <+bridge> [ddnet] "globally" being an anycasted network 12:46 <+bridge> [ddnet] nice 13:14 <+bridge> [ddnet] Or making the module optional for self compiling, just disallowing account registrations on the Server side 13:15 <+bridge> [ddnet] btw, could custom servers use these identifications like gpu nr or so too? 13:18 <+bridge> [ddnet] Nice! 13:22 <+bridge> [ddnet] can you show me that? then i dont have to waste vpn requests when i have the network address of a bad ip cached 13:22 <+bridge> [ddnet] If you compile your own ddnet client, and distribute it, sure 13:23 <+bridge> [ddnet] wym? 13:23 <+bridge> [ddnet] I mean, my Server for example 13:23 <+bridge> [ddnet] So I can identify banned people too 13:28 <+bridge> [ddnet] u live in EU 13:28 <+bridge> [ddnet] the whois system is probably illegal for u 13:28 <+bridge> [ddnet] (u can add vpn caching without this btw) 13:28 <+bridge> [ddnet] I do have vpn caching already 13:29 <+bridge> [ddnet] But i think caching the network address of a vpn ip is more effective 13:29 <+bridge> [ddnet] wdym network address 13:29 <+bridge> [ddnet] like the network that ip is in 13:29 <+bridge> [ddnet] like its in a /24 network for example 13:30 <+bridge> [ddnet] Then one vpn provider has a /24 and all of these ips are used 13:30 <+bridge> [ddnet] my main vpn detection relies on a db of ASNs and a list of blocked ones 13:30 <+bridge> [ddnet] the seocndary one uses an api 13:30 <+bridge> [ddnet] well 13:30 <+bridge> [ddnet] i use an api too, which works very good 13:32 <+bridge> [ddnet] EU uses mostly dynamic IPs, so there's no reason to block VPNs 13:32 <+bridge> [ddnet] it's useless 13:34 <+bridge> [ddnet] that logic doesnt make sense xd 13:35 <+bridge> [ddnet] It does 13:35 <+bridge> [ddnet] most EU users can simpy log into their router dashboard, and use the "acquire new ip" button 13:36 <+bridge> [ddnet] and done. 13:36 <+bridge> [ddnet] yes thats true 13:36 <+bridge> [ddnet] this is an entirely different problem (that can sometimes be somewhat solved by rangebanning) 13:36 <+bridge> [ddnet] has nothing to do with vpn bans 13:36 <+bridge> [ddnet] which will lead to banning legitimate users aswell 13:36 <+bridge> [ddnet] which can* lead to that 13:36 <+bridge> [ddnet] yes 13:36 <+bridge> [ddnet] depends on the provider really 13:37 <+bridge> [ddnet] it ultimately will. 13:37 <+bridge> [ddnet] There is smaller "local" ISPs that have a single /24 13:37 <+bridge> [ddnet] and if theres only one person using that isp and playing tw 13:37 <+bridge> [ddnet] then its an easy solution xd 13:37 <+bridge> [ddnet] tw isnt very popular afterall 13:38 <+bridge> [ddnet] Ok, chances are high that it'll affect legitimate players regardless 13:38 <+bridge> [ddnet] If you are ok with taking that risk, sure 13:38 <+bridge> [ddnet] i personally would not 13:40 <+bridge> [ddnet] banned players can see the server and get a discord link when they try to connect so they can appeal false bans; i also check recent player ips and only do a rangeban if it seems safe 13:40 <+bridge> [ddnet] its still not totally safe but these two measures make it feel a little safer and it seems to be worth it for now on my relatively small servers 14:52 <+bridge> [ddnet] nobody tested a native build, only the emulated x86 14:52 <+bridge> [ddnet] OpenGL seems to be wrapped by metalHe said the fps arent the real problem, but the input delay 14:52 <+bridge> [ddnet] https://forum.ddnet.tw/viewtopic.php?f=118&t=7282 14:52 <+bridge> [ddnet] (@aodq) 14:54 <+bridge> [ddnet] but generally spoken, i dont see why the M1 should be bad at it, it's more likely that the OS/drivers is the fault 18:45 <+bridge> [ddnet] hello, I need help, I got banned for no reason. 18:45 <+bridge> [ddnet] hello, I need help, I got banned for no reason. 18:45 <+bridge> [ddnet] https://i.imgur.com/pSfeEOn.png 19:25 <+bridge> [ddnet] USA test servers are gone 19:37 <+bridge> [ddnet] Excuse me, I'm a Asia player, I can't join German server. How could I fix it? 19:38 <+bridge> [ddnet] is it anybody know? 19:38 <+bridge> [ddnet] is it anyone know? 19:48 <+bridge> [ddnet] u have probably done something very illegal. 19:49 <+bridge> [ddnet] but I just look at pros play 19:50 <+bridge> [ddnet] I never play at german 19:50 <+bridge> [ddnet] i was joking 19:51 <+bridge> [ddnet] lol 19:52 <+bridge> [ddnet] so weird 19:52 <+bridge> [ddnet] lmao 19:52 <+bridge> [ddnet] ik 19:52 <+bridge> [ddnet] tbh idk why u cant join GER servers 19:53 <+bridge> [ddnet] what servers do u play on? 20:07 <+bridge> [ddnet] wym you can't join? Do they not show up on the serverlist? 20:30 <+bridge> [ddnet] Yeah, OpenGL is emulated on top of Metal. 21:24 <+bridge> [ddnet] japan server 21:24 <+bridge> [ddnet] bruh 21:25 <+bridge> [ddnet] I can't look that ping 22:18 <+bridge> [ddnet] you see some characters in ping label?