IT view at the Star Citizen universe - what do you think

[Bruce]

Errm .. I love the discussion, but I am old and lazy and fail to follow. The idea of polar coordinates is simple

0. There is an arbitrary object in the middle of SC universe that is called "Level 0 center of everything .. aka "42"" all stars (or centers of masses of multistars) in the very same universe at any moment of time are positioned based on two angles and one distance from this point in the "level 0" units of measure

1. For each star system - it's own star (or center of mass of its stars in case of multi-star system) is Level 1 center of coordinates ( and don't forget - its relative location against Level 0 center is always known in Level 0 system of polar coordinates.

2. For each planetoid in each star system same things as for p.1 are applied etc.

Recursively we could go down to player avatar level, and all things that this avatar drops are (as long as they are persisted) stored in the system of coordinates related to the avatar .

WTF are the benefits of his approach ? Good question : 1> it is piece of cake to show "direction" to any object in this system (just several vectoral operations w/o taking care of precision loss, as it doesn't matter by design ) 2> it is quite easy to identify what can't be seen because the distance is too long (again we always get a distance as a direct result :) ) 3> and most important - due to nested data structure - capturing of the data on paper doesn't help at all :)

 

[Vindictive69]

I would love CIG to allow a mobile app for price checking various systems. I mean it is the high tech future.. why shouldnt we be able to see market prices simply by looking it up remotely? :) They are trying to be as realistic about things as they can :)

 

[Bruce]

I would love CIG to allow a mobile app for price checking various systems. I mean it is the high tech future.. why shouldnt we be able to see market prices simply by looking it up remotely? :slight_smile: They are trying to be as realistic about things as they can :slight_smile:

I'd totally expect in-game or out-of-game (web) app, that allow you to QUERY remotely prices of some commodities in the location that you have good standings with (and perhaps visited personally .. just for the sake of in-game progression :) )

 

[Sirus7264]

I would love CIG to allow a mobile app for price checking various systems. I mean it is the high tech future.. why shouldnt we be able to see market prices simply by looking it up remotely? :slight_smile: They are trying to be as realistic about things as they can :slight_smile:

Don't know why I overlooked that and you bring up a fantastic point this is the future. If we can have coms from one point to another why couldn't we download the data from station to station to check prices of cargo and so forth. In this case I retract my statement of Cig not allowing an API over "Exploration" of prices. Now it just sounds like a must do type of thing.

 

[CrudeSasquatch]

Look how technical it all got. Even @Blind Owl shenanigans can't stop these nerds or derail their geek conversation!

 

[EpilepticCricket]

One thing i'll say about their current version of 2 step is that it is complete garbage...

Agreed. What you know, what you have, and what you are. It's not difficult to set up 2 or 3 layer security (and with some people having spent tens of thousands, I'm surprised that true 3 factor auth isn't an option.

CIG may end up giving us the ability to add mods. Assuming they don't, my first question would be do they allow this sort of automated data scraping.

Waaaay way way back (like, before the game hit 20 million in funding back) CIG talked about eventually allowing for private servers with open mod support and that the most popular mods that fit in universe could be integrated into the live client (much the way that Blizzard handles the most widely used WoW mods).

If they do, the easiest way would probably be an external tool that uses a combination of user input automation and network sniffing and screen scraping

I would love CIG to allow a mobile app for price checking various systems. I mean it is the high tech future.. why shouldnt we be able to see market prices simply by looking it up remotely? :slight_smile: They are trying to be as realistic about things as they can :slight_smile:

This is the most likely scenario. We can already see prices on almost everything in real time IRL today (thanks to Amazon, stock markets, retailer websites, online catalogs, etc)! There will definitely be something in game that allows for price lookups universe wide.

I'd totally expect in-game or out-of-game (web) app, that allow you to QUERY remotely prices of some commodities in the location that you have good standings with (and perhaps visited personally .. just for the sake of in-game progression :slight_smile: )

I agree. CIG seems smart enough to know that they can either play eternal cat and mouse with players pulling game data without permission, or set up a system that people can use and CIG has enough control over to prevent fuckery from transpiring.

 

[Blind Owl]

Look how technical it all got. Even @Blind Owl shenanigans can't stop these nerds or derail their geek conversation!

It's amazing how focused they are. I haven't seen this level of dedication since I told you there was beer after training in the army. I have geek wood.

And the thing is, these guys are smart. Like really smart. What the hell are they doing in TEST? This level of intellectual conversation is almost heresy here. SPAIs!!

Kudos gents. Continue. I'm learning. Dunno what, but I'm learning.

 

[mindfart]

Oh cmon .. I'm lazy as well, but still - as it was mentioned couple of messages above - sniffing on the end user machine is potentially detectable, and also creating any program like this brings a risk of bad guys taking it and converting into hacking software .. on the other side - it would be piece of cake for any networking guy to provide instructions (or upgrade his own router) to the more or less open version, that would allow install of any of linux sniffers, and careful capture of the packets into cloud storage for future analysis by more programming oriented TESTies :slight_smile:
// please note - while I have some ideas I usually can't go far away from end user analytical apps .. hence we need a team

Sys/networkadmin here, if CIG doesn't want you sniffing the traffic they will just encrypt it end to end, and ur done. U might be able to extract the key from ur client files somehow, but this will 100% be a breach of ToS. So if they don't encrypt it end to end, and you can read traffic with ie. wireshark, ur good to go, they probably will not be monitoring if you are running wireshark.. and even if they are there are many other reasons for people to have wireshark open while playing SC (besided using it to intercept SC traffic)

/2cents


/edit
A lot of traffic will be encrypted end to end, especially authentication. They will probably have to go out of their way for game data traffic not to be encrypted(also this would be a security issue, enabling owners/pwners of open(or not-open) networks to intercept and change ur incoming data if ur using it to play SC)

 

[Bruce]

Sys/networkadmin here, if CIG doesn't want you sniffing the traffic they will just encrypt it end to end, and ur done. U might be able to extract the key from ur client files somehow, but this will 100% be a breach of ToS. So if they don't encrypt it end to end, and you can read traffic with ie. wireshark, ur good to go, they probably will not be monitoring if you are running wireshark.. and even if they are there are many other reasons for people to have wireshark open while playing SC (besided using it to intercept SC traffic)

I also saw this "do not decrypt" statement in ToS, and that's why I mentioned somewhere above that all of the sniffing part would work only if there is no encryption for this specific part of the data exchange.

A lot of traffic will be encrypted end to end, especially authentication. They will probably have to go out of their way for game data traffic not to be encrypted(also this would be a security issue, enabling owners/pwners of open(or not-open) networks to intercept and change ur incoming data if ur using it to play SC)

My personal expectation would be that in-game market data will be reflected on in-game or out-of-game webpage, and the whole story is - are they going to use https or http for the secondary connection ... most probably it will be https and in this case our only hope to stay nice and white is to get permission to simulate such connection from our crawler(s) :)

 

[Bruce]

And the thing is, these guys are smart. Like really smart. What the hell are they doing in TEST? This level of intellectual conversation is almost heresy here. SPAIs!!

Hey, that's just another proof that TEST is big enough for everyone ... even for those guys who could have this geek talk for hours and days lol

Kudos gents. Continue. I'm learning. Dunno what, but I'm learning.

And it is the whole idea - while it is possible to have good life just on beer and steaks, having beer, steaks, and geek talk is even better :slight_smile: (at least for me :) )

 

[CrudeSasquatch]

having beer, steaks, and geek talk is even better

I like bears, steak, beer, moose stalking, wearing stockings, stocking shelves in muy fridge with beer, camping, fire places, and making fun of the American Revolution.

 

[Bruce]

I'm out of camping for good .. my back doesn't allow it to be fun any more, that's why I stick with geek talk. As for american revolution

Spoiler: The original one

 

[mindfart]

My personal expectation would be that in-game market data will be reflected on in-game or out-of-game webpage, and the whole story is - are they going to use https or http for the secondary connection ... most probably it will be https and in this case our only hope to stay nice and white is to get permission to simulate such connection from our crawler(s) :slight_smile:

Crawling a website over http or https remains the same legally and technically(except that it takes some more resources because of the encryption/decrypion). https is encryption, but it's public encryption, anyone should be able to decrypt the traffic because they (should) be using a publicly signed https cert. (and even if they used a self-signed cert you would be able to decrypt the traffic)

 

[Bruce]

Crawling a website over http or https remains the same legally and technically(except that it takes some more resources because of the encryption/decrypion). https is encryption, but it's public encryption, anyone should be able to decrypt the traffic because they (should) be using a publicly signed https cert. (and even if they used a self-signed cert you would be able to decrypt the traffic)

I don't see technical problem on decryption, but there is ToS problem. Also if it is in-game connection it would require either simuluation of in-game connection or sniffing :)

 

[mindfart]

I don't see technical problem on decryption, but there is ToS problem. Also if it is in-game connection it would require either simuluation of in-game connection or sniffing :slight_smile:

I don't know the specific language in the ToS that says no decryption, so I can't comment on that (tried to google real fast but couldn't find it). But your browser is also decrypting the traffic when you are browsing an https site, I don't see how a self built client would be any different in that aspect.

And yeah if it's a connection to the gameserver, it's a whole different story. But like I said if it's not encrypted it most likely won't be a problem reading the data out(but this probably won't be the case :smile:)

 

[EpilepticCricket]

Sys/networkadmin here, if CIG doesn't want you sniffing the traffic they will just encrypt it end to end, and ur done. U might be able to extract the key from ur client files somehow, but this will 100% be a breach of ToS. So if they don't encrypt it end to end, and you can read traffic with ie. wireshark, ur good to go, they probably will not be monitoring if you are running wireshark.. and even if they are there are many other reasons for people to have wireshark open while playing SC (besided using it to intercept SC traffic)

/2cents


/edit
A lot of traffic will be encrypted end to end, especially authentication. They will probably have to go out of their way for game data traffic not to be encrypted(also this would be a security issue, enabling owners/pwners of open(or not-open) networks to intercept and change ur incoming data if ur using it to play SC)

If universe wide market price data is available to the client then someone, somewhere will want to make an app that can view it external to the client interface regardless of if it breaches the ToS. Encryption won't stop people from getting the key out of the client, nor does it prevent the client from sending bad data to the server. E2EE in an MMO is pretty pointless outside of the account authentication stage. It doesn't prevent cheating/botting at all, running the client in a debugger will show everything anyway, and the cpu requirements for encrypting everything is a great way to weaken your infrastructure to DDoS attacks.

Any vital data will be hashed, but honestly the client shouldn't have access to anything beyond what is seen on the screen anyway.

 

[Bruce]

I don't know the specific language in the ToS that says no decryption

Attempt to interfere with, hack into or decipher any transmissions to or from the servers for any of the RSI Services.

(c) https://robertsspaceindustries.com/tos

 

[Bruce]

and the cpu requirements for encrypting everything is a great way to weaken your infrastructure to DDoS attacks.

and this is why I hope we'd get unencrypted read only access to market data :)

 

[mindfart]

If universe wide market price data is available to the client then someone, somewhere will want to make an app that can view it external to the client interface regardless of if it breaches the ToS. Encryption won't stop people from getting the key out of the client, nor does it prevent the client from sending bad data to the server. E2EE in an MMO is pretty pointless outside of the account authentication stage. It doesn't prevent cheating/botting at all, running the client in a debugger will show everything anyway, and the cpu requirements for encrypting everything is a great way to weaken your infrastructure to DDoS attacks.

Any vital data will be hashed, but honestly the client shouldn't have access to anything beyond what is seen on the screen anyway.

I agree with everything you said. But like I said, it can prevent someone else in your network from messing with your game data. (/ninjaedit I haven't tested it but in my experience the overhead for encryption nowadays is next to nothing, I host quite a few heavy websites (100-500hits per second) and when we switched to https I don't think we even noticed)

Attempt to interfere with, hack into or decipher any transmissions to or from the servers for any of the RSI Services.

(c) https://robertsspaceindustries.com/tos

I don't know if legally deciphering something means the same as decrypting (of course decrypting is a form of deciphering..) but you would break the ToS just by visisting the rsi website, because your browser decrypts the traffic :P

I think this is a pretty grey area.

 

[Bruce]

I think this is a pretty grey area.

It is, and that's why it shouldn't be too difficult to get into an agreement with CGI in regards of market data processing ( providing that we'd create something interesting enough for the community ) :)