Request for Review of P99 Source

[loramin]

Quote:

Originally Posted by tristantio [You must be logged in to view images. Log in or Register.]

However, I wonder if any part of the custom DLL's/distributed files that p99 provides incorporate GPL'ed code (whether GPL'ed via the eqemu server source release, or by including GPL'ed code from other GPL projects).

I think for the GPL to work like that the code has to be distributed, and in the case of server code it never gets distributed. This is one of the "loopholes" (if you're a Stallman fan) that GPL3 "fixes".

[quido]

It is more than just the recent ghosting issue. Even before the TT fixes there existed a lot of issues. I'm talking about issues like this, and the issue of mobs appearing to be pathing at 2 o'clock, then teleporting 10 feet in the 9 o'clock direction from where they started, and pathing at 2 o'clock again, over and over. We have been dealing with these issues for over a year. Even though we deal with these bugs every day, nobody seems interested in fixing them. Why not let people help? I don't think you guys really have that much in the source that is that precious, and what is there you could simply not share. I think most of the source fixes on P99 are pretty obvious and you are simply doing yourselves a disservice by not throwing some of these problems at the community.

There's a lot of smart people out here.

[Haynar]

Quote:

Originally Posted by quido [You must be logged in to view images. Log in or Register.]

There's a lot of smart people out here.

Yes there are. And the majority who would look at the code, would be to find stuff they can exploit.

[loramin]

(Mandatory pre-amble: P99 source code is the hard work of a group of individuals who have every right to do whatever they want with it, and I in no way wish to pressure them in to doing anything they don't want to with their code.)

Quote:

Originally Posted by Haynar [You must be logged in to view images. Log in or Register.]

Yes there are. And the majority who would look at the code, would be to find stuff they can exploit.

That logic has long been used to argue against open source in general (not game code specifically); just replace "exploit" with "security hole". After all, how could a project like Apache possibly be secure when anyone can just look at it's source code to find security holes?

The answer (and the reason why Apache safely runs the majority of the websites out there) is called "Linus's Law" (http://en.wikipedia.org/wiki/Linus%27s_Law). It states:

Quote:

given enough eyeballs, all bugs are shallow

or more formally:

Quote:

Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.

Now of course that does depend on how many beta-testers and co-developers you have involved, but I'd be willing to wager that there are more than enough of us "good guys" (coders and testers) to more than make up for all the "bad guys" who would try and abuse the open code. In fact, my (completely un-backed up by facts) theory is that P99 would have less bugs and exploits if open sourced, not more.


EDIT: But again, it doesn't have to be an either/or thing; the devs could open source the non-exploitable parts of the code base, either as an experiment in open source or just to get the benefits of it on part of the codebase.

[quido]

I would assume that most of the stuff you can exploit already exists publicly from EQEmu. I'm not even advocating sharing the majority of stuff - most things probably don't even merit review, though completeness is important in trying to isolate problems. The nature in which a number of these systems needing work manifest themselves makes the releasing of the source relatively harmless in my opinion. Take for instance pathing. I seriously doubt someone looking to exploit pathing will be better equipped to do so having read the source code. In fact, they would be better equipped to perform such an exploit by doing what anyone could do - simply sitting there and taking the time to see how things path, and bearing in mind an effective grid that mobs adhere to in a particular area. This code is likely independent of anything that can be realistically exploited by a player. Also consider the code relating to the disparity between broadcast mob animations (position deltas) and the reality of these mobs' positions on the server (which are then corrected upon a tick, causing the mob to teleport). I seriously doubt that anything relating to this issue is exploitable. I can, however, appreciate not wanting to share code relating to trading, tradeskills, vendors, and other systems that appear to be the likely targets of exploitation.

I fully acknowledge my own ignorance on a sysadmin level and am seriously impressed you guys manage to hold this whole thing together. I couldn't imagine trying to host near 100 static zones on a box or two, but I can imagine some of what you'd have to do to get the source to run efficiently. Nonetheless, I think the benefits of selectively releasing source to the community far outweigh the risks which can be eliminated with a little diligence.

[Pint]

Quote:

Originally Posted by Haynar [You must be logged in to view images. Log in or Register.]

Yes there are. And the majority who would look at the code, would be to find stuff they can exploit.

Hehe this is the first thing that went through my head when I read thread title the other day, I guess I'm a bad person

[tristantio]

Quote:

Originally Posted by loramin [You must be logged in to view images. Log in or Register.]

I think for the GPL to work like that the code has to be distributed, and in the case of server code it never gets distributed. This is one of the "loopholes" (if you're a Stallman fan) that GPL3 "fixes".

Yea, that is what my post went on to mention (although I reference AGPL since it covers a bit more, AGPL3 that is) [You must be logged in to view images. Log in or Register.]

If anyone wants some code to read/work on/contribute to, I have lots of open source projects on my github [You must be logged in to view images. Log in or Register.]