Posts by wild1145

So I'll give some general feedback here, because a lot of people have been quite "To the point" and I only partially agree with their position.

Suggestions are always welcome, and they can be technically difficult / complex, that's really not an issue.

In the case of this suggestion, the issue for me is the lack of detail.

Quote

↩  matscalle custom setup gamemodes like
lifesteal
smp
free op
skyblock
minigames
arena

Display More

With these the questions I need answers to are things like how are they custom, how do they work, what does that look like and what is the appeal.

While I have no intention of trying to launch something like artnos / mine hut, because frankly they have far more money to throw down the drain than I do, the creation of new community game-modes is something we're looking at, and a suggestion like this if it had the detail of what mini games, how they work, what sort of SMP are you thinking, what makes it a bit special etc etc we might then be able to go "Well the original suggestion isn't something we want to do, but game mode X actually would be cool, we'll do some more investigation to see if that's viable".

I don't want to discourage you or anyone else making suggestions, I just would ask there be some more detail in what you want. Your idea of an SMP and my idea of an SMP will likely be very different for example, and that could be the difference between community support and no support...

Added guidance for MultiMC

I have had to warn and remove the vast majority of votes from this application as people have failed to follow the rules on hub moderator voting. Please check the original guidelines and re cast a vote.

↩  iVacon update to 1.18.1 is the best bet.

If not the flags and creeper host method would be best based on the info I know right now.

Added additional guidance to include Fabric based on content in their Discord server along with guidance for servers.

As many of you will be aware, some rather large shit hit a rather large fan late last night (UK Time) with the announcement of a 0 day vulnerability which was tweeted out in the format of an un-patched proof of concept.

This vulnerability impacts the Log4J dependency, a logging tool used extensively in the Java programming world, and within the Minecraft clients and servers as well.

It was originally believed that the remote code execution was limited to only some early Java 8 builds, however that has since been suggested not to be the case.

While I don't plan to go into the deep technical here, there's a lot of interesting write-ups already and a lot of security researchers working on analysing this further, so far it's scored a 10/10 in terms of criticality and I would be surprised if that dropped a lot. There's also an excellent write-up from Sophos's security labs team, and would suggest you read it if you want to understand the technical - https://nakedsecurity.sophos.c…o-safeguard-your-servers/

What You Need to do urgently

This impacts both servers and clients, you will need to patch your local Minecraft instance to be secure from this vulnerability

Clients:

The simple solution is for you to move to the 1.18.1 release if you use the Mojang Launcher, the issue has been resolved and is baked in, so nothing too complicated you need to do.

Likewise if you are using older versions in the native Mojang launcher, we believe a re-start should resolve the issue, ensure all launcher instances are closed. We would NOT suggest depending on this 100% though, especially if you use older versions. Likewise this will NOT resolve issues with modded game play.

For those using MultiMC, you will need to fully re-start your client, and connect every instance you have with online mode enabled at least once. By doing so you should pull down the patch. For more info and how to verify this please see this MultiMC Blog Post.

If you are using FORGE ensure you are running these Forge versions as a minimum:

• 1.18-38.0.17
• 1.17.1-37.1.1
• 1.16.5-36.2.20
• 1.15.2-31.2.56
• 1.14.4-28.2.25
• 1.13.2-25.0.222
• 1.12.2-14.23.5.2857

If you are running the FTB Launcher, force it to re-start fully and it should be fully patched. Again though we suggest caution with this assumption and taking additional care.

For those using Fabric, it looks as if from version 0.12.9 onwards there were patches for the 1.17 and 1.18 clients, It looks as if the recommendation is to update to 0.12.10 which patches it in all cases. We've not verified this is actually the case, but we'd strongly suggest updating to version 0.12.10 or newer ASAP.

Finally, for anything else or where you want to ensure you are secure, the following steps should be taken:

• As per Sophos's Guidenace, Block JNDI from making requests to untrusted servers. If you can’t update, but you’re using Log4j 2.10.0 or later, you can set the configuration value log4j2.formatMsgNoLookups to true, which prevents LDAP and similar queries from going out in the first place.
• Use the CreeperHost provided JAR as part of the execution, this will mean the vulnerable code can't make it to be executed, and will help safeguard your game: https://www.creeperhost.net/blog/mitigating-cve/

Servers:

Most server clients have already updated versions and the guidance above applies. I've only been able to personally verify the updates to Paper based on the changes in their source code, so again please do your due diligence to verify patches are actually applied.

Please see the above guidance for FTB, Forge and Fabric.

Finally, for anything else or where you want to ensure you are secure, the following steps should be taken:

• As per Sophos's Guidenace, Block JNDI from making requests to untrusted servers. If you can’t update, but you’re using Log4j 2.10.0 or later, you can set the configuration value log4j2.formatMsgNoLookups to true, which prevents LDAP and similar queries from going out in the first place.
• Use the CreeperHost provided JAR as part of the execution, this will mean the vulnerable code can't make it to be executed, and will help safeguard your game: https://www.creeperhost.net/blog/mitigating-cve/

Hopefully this is useful to folks and helps provide some guidance on how to protect yourselves against such a vulnerability.

↩ @'FT ' The hub player data was wiped separately. I am not sure about the freedom server though so @"StevenNL2000"#2 might be able to advise.

The main overworld world has now been restored and CoreProtect corrected.

I would ask folks to check their builds are still in the world and there isn't anything missing / weird with them. They should all be 100% fine, but better off checking, and the sooner you tell us of any issues (Hopefully there aren't any) the better, else it might be much more tricky to restore them if there are issues.

Whisper is the "Official" plugin for Flarum, and seems to be one gaping security mess. Given the state of their official plugin and other 3rd party ones before, I'm not going to entertain adding one where I'm not actually convinced anything remotely private will be enforced.

https://discuss.flarum.org/d/2…less-private-messaging/70 also for reference.

I don't think that at the current time we really have enough interest in this to justify the time & effort that it'll take to make it happen, but happy to re-visit it in a few months if things change.

↩ @'Panther' And as I've said, I don't want to support legacy versions...

↩ @'Panther' I don't think that's quite right... ViaVersion allows you to support newer versions. Hub is on 1.17.1 and can then support 1.17.1 (Native) and 1.18 (Via)

I've already tried connecting to the hub on 1.16.5 with ViaVersion running (And default config) and I get kicked for running an older client and that I need to upgrade.

I think the chart is just poor.

In any case, the minimum version to use the network is 1.17.1, and I don't plan on changing that. If game-modes aren't updated, stringing along backwards compatibility is not the answer.

↩ @'Panther' ViaVersion is used on the hub, it's what's allowing 1.18 support.

As I've said on Discord, we won't be supporting the older versions.

Moved to Freedom game-mode suggestions as TFM is only ran on the Freedom game-mode.

↩  videogamesm12 I've not disabled 1.17.x, I've disabled 1.17... The versions 1.17.1 and 1.18 are globally accepted on the network.

We've had to remove 1.16.5 and 1.17 support because the hub is now on 1.17, and it had to be updated due to the new hub world containing 1.17 blocks, and the fact that it was due to be updated months ago, as a result now if you are on a 1.16.x or 1.17(.0) client on Freedom-01, if the server goes down or you're kicked, you get ejected from the network and it is a shitter player experience.

1.17.1 is the global minimum version for the entire network now, I can't keep putting it off in the hopes we might finally get the Freedom game-mode updated and I won't sacrifice the end-user experience by ejecting people from the network which isn't the pre-update behaviour.

Added a TLDR to make this more clear.

As of the hub maintenance today, we have moved Hub-03 to 1.17.1, as a result we have now removed 1.16.5 and 1.17 support across the network.

The Freedom game-mode due to various delays is still not actually running 1.17, however ViaVersion has been configured to block anything that is not 1.17.1 or 1.18 from connecting to the Freedom game-mode. This is because now if players join on 1.16.5 they will get kicked from the network rather than bounced to the hub if there are issues in the game-mode.

As part of this we've done a minor update to the Bungee software to add 1.18 support, and ViaVersion is setup on the Hub and Freedom game-modes to support 1.18.

We will be continuing to work towards full native 1.17.1 and 1.18 support in due course.

Cheers.

TLDR:

The following Minecraft versions are able to connect globally across the TF Network:

• 1.17.1
• 1.18

Support was removed for the following versions:

• 1.16.5
• 1.17 (.0)

↩  lyicx No

I will also clarify, as per the updates to the Executive policy, this executive role is specifically for the marketing of the Freedom Game-Mode, marketing of the other game-modes is out of scope - https://forum.totalfreedom.me/…ame-mode-executive-policy

↩  characterslimits actually it's not.

Denied.

Let me clarify. The plots are 25x25. If builds are a tiny bit bigger I can probably merge 2 or 4 plots together. If they're significantly bigger then the plot server probably isn't the place yet (at least in the showcase part)