Popular Post Akinari Posted August 21, 2013 Popular Post Posted August 21, 2013 We here at rAthena believe that the users have the right to know what our team believes this project should be.rAthena Goals: Emulation AccuracyOur top priority of this project should be put towards creating an experience that matches that of the official servers. Right now, we are far from reaching that goal, but with focus on this particular issue, and with the help of people like you, we can close the gap between the official servers and ourselves. While this may never reach 100% accuracy due to constantly changing aspects in official servers, we could definitely do better than where we are right now. StabilityWhile we continue to fix bugs and add additional new content, it is extremely important that we remain focused on creating a project you can rely on to manage itself while you are away from your server. We want you to feel comfortable walking away knowing that you won't come back to a downed server. Resource ConsumptionCode speed and resource reduction should remain a lower priority as accuracy and stability are more important than saving some memory or process time. A successful project requires this understanding. Sometimes we may improve code that we come across during fixing other bugs or re-writing sections of code, but at this time, we should not focus on finding and fixing some of the more resource consuming portions of code. CustomizationWe're "core" developers. We develop a platform for people to build off of. Out of the box, we aim to maintain parity with AEGIS, and beyond that, we will provide tools and support (as long as it doesn't detract from the core!) for people aiming to customize beyond that. Anything our users make and wish to have added to the public source also needs to be approved and improved on an individual basis. If you're looking to start up a server project which follows the above principles, then rAthena is the project for you. 24 Quote
lakasmonk Posted August 22, 2013 Posted August 22, 2013 This is the reason why i keep learning about everything on RO but it takes time and patience you rA team are my motivation and inspiration thank you for providing us the emulator more power 1 1 Quote
Talaysen Posted August 23, 2013 Posted August 23, 2013 My server's goal matches this 100%. No customizations, no deviations from official behavior. If you (the rAthena devs) need a guinea pig server, we (my server/community) are willing to help anywhere possible. 1 Quote
TheFinalEpisode Posted August 30, 2013 Posted August 30, 2013 +1B i like this line: we can close the gap between the official servers and ourselves. Quote
anacondaq Posted August 30, 2013 Posted August 30, 2013 How about SECURITY? As i see you start apply to much good features for emulator + optimizations. Rathena stable as never. But let's talk about another problem: SECURITY; Can are developers & community start&grow security part? I talking about server-side protection against 3rd party tools & problems: packet-flooding/spam; encrypting packets (like it do hercules with some 2012-13*.exe) Protecting against bots Maby now is the time start to think about this problems together and let's fight with it? What are you can say guys? Quote
helvetica Posted August 31, 2013 Posted August 31, 2013 Bot detection is not within the scope of this project, as every server will have different requirements and tolerances when it comes to anti-bot systems. As for packet flooding/spam, that also depends. A general DDoS protection is impossible, this needs to be handled at the network level. Attacks that involve WPE or other packet crafting to induce undesired or abusive behaviors should definitely be reported and will be handled based on severity. As far as encrypting packets go, I'm not sure where we stand on this. Lighta is our main dev who handles the packet system. Quote
anacondaq Posted August 31, 2013 Posted August 31, 2013 I do not talk about DDoS. DDoS it's network problem, and #1 problem in internet. Against DDoS many services to solve it. I talking about packet-security, server-side delays, packet encryption by knowed algorythms. I do not talk about client-side protection. Try to understand me please. Quote
helvetica Posted August 31, 2013 Posted August 31, 2013 If there's something that can be exploited from the client side, whether through client bugs/exploits or through crafted packets, that results in undesired or potentially dangerous server-side behavior, then it should be reported and will be handled based on severity. This has nothing to do with securing the client, but whether the server is hardened against input from the client that could lead to abuse. Packet obfuscation is a different story entirely, that's about potentially securing the communication between server and client. I'm not the one that handles the general packet routines so I couldn't tell you where we're at as far as implementing it. I mentioned the quip on DDoS because you mentioned "packet flooding" and I was responding in a general tone that handling such issues is impossible from the server end. There could still be specific denial of service attacks we can and should handle, but when people say "packet flooding" they generally mean distributed denial of service (the extra D) so I wanted to clarify a bit on that. And anti-bot I brought up because that's commonly referenced as part of "server security". I'm not sure how to make this any clearer. If you have any examples of potentially insecurity of any kind and are unsure about other people finding out about it, you can always PM me and I can make sure it gets listed as a private bug so it can't be actively exploited until it gets fixed. If it's something that we can't handle or is better handled outside the scope of this project, then we will let you know. But we will ALWAYS take reports of potential security flaws seriously. Security and stability go hand in hand, you can't have one without the other. A stable server is a secure server. Quote
anacondaq Posted August 31, 2013 Posted August 31, 2013 We with you have two different "security". I talking about server-side security against 3rd party software. You talking about server-side security against bugs/exploits/duplications etc. Do not teach me please, i am not newbie in security. If my language looks like it 13 years boy, is't it. I just say about next step feature of developing, but you wont to do anything, even understand of i talking about. I hope rAthena community & other developers understand how is important. Quote
helvetica Posted August 31, 2013 Posted August 31, 2013 I'm not referring to just the official Ragnarok Online client when I say client. A client is anything that communicates to the server that isn't another server. A client can be anything from a legitimate player on an official client, a bot created to emulate a player, someone using WPE to craft packets, or someone simply sending garbage to the server on the ports it listens on. It doesn't matter what generates the packets or where they come from, what matters is how the server handles it. If the server can be induced to produce undesired behavior, whether that's something in game like bypassing restrictions or manipulating the server state, or something more severe like being able to crash the server or break out of the server and run arbitrary code, it needs to be fixed and we will put any and all resources into fixing it. The server must be able to handle legitimate input as well as be able to handle illegitimate input gracefully. When the latter doesn't occur is when potential security flaws occur. It doesn't matter how the input was generated or how it gets there. Quote
Lighta Posted September 1, 2013 Posted September 1, 2013 keep it cool guys. So ya I do not believe is rA role to secure client side. Or at least not now. This may evolve as we standing on supporting only few client so we could build on it but it look more like a side project. Like helvetica said, whenever is a legitimate client, or simply a telnet you could still send a shitload packets to server to rnu arbytrary code or whatever, this is far more important imo then encrypt packets. Encrypt make it a little harder to edit and also cause they attach some id/time on it prevent to redo the action. So that help that player don't cheat IG but doesn't really increase security imo. To fix this I think we should work on fixing/review Wconversion branch in priority. Now how we stand on this. We could improve flushing some invalid data and add some tick check to prevent doing same action too fast. If you using a non legitimate client you wont have a valid session recorded on serv and will be flushed really fast so it's "better" to enter and send a big chunk after. Now for encryption is very simple to merge most of it, only issue is do we want to support many key at once ? Cause we currently support multiple-client at once (partially working, incoming 100% outgoing 60%), we would need to attach a key to each version, just like we attach a date anyway. 1 Quote
chatterboy Posted September 6, 2013 Posted September 6, 2013 Dont argue if you know how then help. If not well just proud coz rathena is free wohooooo.... Nice work guyz!!! 1 Quote
Azura Skyy Posted September 8, 2013 Posted September 8, 2013 Maybe I am ignorant, but I don't understand the bit about closing the gap between rAthena and Gravity official...We are talking about the emulator itself of course, right? What do you think could be fixed or changed to close that gap? It seems to me that any gaps in feel between Gravity and privately run are in the hands of the Administrators behind each server.I think the gap varies based on community interest too. PvP oriented servers aren't going to play like Gravity Official. Certain servers remove any sort of leveling or don't look into balancing enough (maybe they do, but they fail to balance as they increase the level/stat caps).Am I totally off base? If you meant something other than 'the feel,' please let me know.~Azura Skyy Quote
Emistry Posted September 8, 2013 Posted September 8, 2013 the emulator isnt build to follow what other private server wanted to be ..... but following what the kRO have ... all the contents should be the same with kRO as many as possible ... the issue for balancing a server for other private ....most of the time it's their server problem ... rAthena will just adjust or implement everything based on kRO ..and not other private server ... rAthena main aim for following the same contents of kRO. Quote
helvetica Posted September 8, 2013 Posted September 8, 2013 Maybe I am ignorant, but I don't understand the bit about closing the gap between rAthena and Gravity official... We are talking about the emulator itself of course, right? What do you think could be fixed or changed to close that gap? It seems to me that any gaps in feel between Gravity and privately run are in the hands of the Administrators behind each server. I think the gap varies based on community interest too. PvP oriented servers aren't going to play like Gravity Official. Certain servers remove any sort of leveling or don't look into balancing enough (maybe they do, but they fail to balance as they increase the level/stat caps). Am I totally off base? If you meant something other than 'the feel,' please let me know. ~Azura Skyy No you're right, the inevitable final product is wholly based on how the administration wants to run it. What our goal is here is that out of the box, our server should be a drop in replacement for Gravity's official servers. If you just pull from GIT and compile and load up the game you should get a 100% point for point accurate recreation of Ragnarok Online. And since this is a open source project, you are free to make modifications and extend it beyond the original gameplay Gravity envisioned, or maybe you just don't like Gravity did some things. That's totally up to you! As far as we the core developers are concerned though, our goal is lock-step emulation with the official servers. Anything custom beyond that is for the community to provide. We provide the base product for everyone to build the game they wish to play. Quote
wall_cf Posted September 9, 2013 Posted September 9, 2013 (edited) I think that the db paste should be update, because monsters like bakonawa and bangungot are with its items outdated. Edited September 9, 2013 by wall_cf Quote
Boom Posted October 17, 2013 Posted October 17, 2013 StabilityWhile we continue to fix bugs and add additional new content, it is extremely important that we remain focused on creating a project you can rely on to manage itself while you are away from your server. We want you to feel comfortable walking away knowing that you won't come back to a downed server This sets rAthena apart from any other out there. Stable and reliable. For what I'm seeing is, every update is really tested before implementing it. Updates might be a bit slow at some point but when the updates are out, it sure is gonna work reliably. Cheers to rAthena's great developers and community. /no1 Quote
joelolopez Posted October 28, 2013 Posted October 28, 2013 keep it up rathena!!! because of this ill be having my own release of my works for free soon!!! Quote
Sharpienero Posted October 29, 2013 Posted October 29, 2013 Thanks a ton for this post, I'm happy to see the community moving forward as a whole. Quote
Zeiyan Posted November 1, 2013 Posted November 1, 2013 Thanks a ton for this post, I'm happy to see the community moving forward as a whole. Hello mr Sharpienero! Your youtube videos helped me a lot when i was starting my server! 1 Quote
joelolopez Posted November 11, 2013 Posted November 11, 2013 rAthena Goals crash always XDDDDD instead of making unproductive criticsm, i recommend you to file a bug report on the bug tracker section regarding your issues in rathena.. 5 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.