After a year of radio silence, LEMMiNO just dropped this banger today.
i am nicest guy ever wth
Basically, it was a hoax started as a joke by specific players who wanted to spook the admins. From our perspective, we weren't aware that it was a joke and were genuinely convinced that there was an exploit in Figura that leaked IP addresses. Somewhere down the line they joked about it being a botnet (and had the Figura developers go along with it) and that's what led to it being assumed to be a botnet. This isn't the case, but that's what happens when you dick around too much on a community that is becoming increasingly unstable overall.
In Ryan's defense, he took action to help protect players against a threat he believed existed with the information that was available at the time (Figura executes user-created LUA scripts and that someone apparently had IPs). He doesn't want to have another repeat of what happened with Log4Shell or any of the other related serious incidents, which led to him take the "better safe than sorry" approach. Even if he turned out to be wrong, I believe he made the right choice nonetheless because if he did nothing and it turned out to be true, he would have likely been blasted for not taking action. He's stuck in a situation where he's fucked regardless.
With news that the entire thing was a hoax out, Ryan is incredibly pissed that he was blasted over a nothing burger and I expect some consequences to happen in the near future.
To those who were involved: Good job. You took an already very unstable community and shook it like a fucking snowglobe and expected it to not go as far as it did. You really should have known better, given the unstable nature of this place.
I'm going to be blunt, I'm part of the problem and not the solution. I rarely communicate on Teams and when I say I'm going to do something, I end up procrastinating like a bitch.
I don't know what I'm going to do about this yet.
I'm going to put this bluntly: Allink is part of a friend group sphere that I believe is gaining too much influence in the community, which could turn problematic very quickly as history has shown time and time again. I trust him as a developer, but due to his history and his connections to certain players, I cannot trust him as an administrator at this moment in time.
Object.
Can we go just one day without something retarded happening? I am experiencing an incredible drought of fucks to give right now.
We don't need more Senior Admins right now. We already have an imbalance of Senior Admins to regular Admins, and opening the floodgates honestly would make things worse.
This entire suggestion seems like it was written with ChatGPT.
I don't trust nor do I like Microsoft. They went back on their word that Windows 10 would be the very last operating system they'd make, killed support for otherwise perfectly capable hardware, intentionally blocked updates for newer CPUs on Windows 7 and 8 to force people to use Windows 10, shitcanned an internal testing team that would have ironed out bugs or other visual inconsistencies in favor of their "insider preview" system which makes the users the testers (I'm betting it was to save money), track the everlasting fuck out of you, intentionally released an extremely incomplete version of Windows hoping that people wouldn't notice (people certainly did, much to Microsoft's dismay), copied design principles from MacOS and ChromeOS (namely the fucking centered taskbar, why the hell would you change something that has been a staple of your operating system for literally decades?), and much much more.
Especially in recent times, they made their operating system increasingly invasive and disruptive by controlling how you use your own fucking computer to prevent you from doing things that they don't want you doing, including (but not limited to):
When you buy something, you should be able to do whatever the fuck you want with it. You own it. If you want to get rid of the default garbage web browser that your operating system comes with because you have your own browser installed, you should be able to do so without any bullshit. I understand that some of these are intended to protect the user from doing something stupid that would brick or otherwise fuck over their computer, but the bullshit related to using other browsers, having a black title bar, not having your every move tracked and sold to advertisers, or not having shit shoved down your throat is inexcusable. That should be the user's choice, not Microsoft's.
On August 24, 2022, I discovered an exploit in Minecraft that allowed me to dump the NBT of any player in the same world I was in, even if I was nowhere near them. I called it Worldcom, paying homage to the infamous Nocom exploit from 2b2t. Instead of patching it (which, in retrospect, I really should have done as my #1 priority), I created a fork of EpsilonBot that used the exploit to track consenting players on the server with the goal being to build a heatmap of player activity that I could then use to find builds when I would eventually scrape the flatlands again.
After scrapping the project in September 2022 due to issues with the way everything was structured, I brought it back in June 2023 and began to work on it again. However, other players (namely frizzydoggy, props for finding it by the way) discovered the same exploit I was using shortly afterwards on their own and shared it with several individuals including Yurni, riawo, (presumably) Allink, and (presumably) maniaplay. However, I refused to patch the exploit because I wanted to allow my bot project to continue (which was stupid of me and I really should not have done that). When concerns about malicious actors potentially abusing the exploit in much more devious ways arose, I finally decided to patch the exploit in Scissors 1.17.1 on July 4, 2023. I should have done it sooner, and the fact that I didn't was incredibly irresponsible of me and I'm sorry that I didn't take action sooner.
What's done is done, and there's nothing I can really change that. Now that the exploit has been patched, I've decided to publicly disclose the exploit and how my bot used it along with multiple other quirks with how Minecraft works to track players on the server. Keep in mind that while the exploit is properly patched in Scissors, I've installed a custom plugin that allows exclusively my bot to continue working even with the exploit patched.
To facilitate the ability to press F3 + I to get the NBT data of any entity on the server, Mojang added a packet specifically for requesting and responding with entity data in their protocol. The way they did this was by utilizing the numerical entity ID that all entities have when they are on a server. When you press F3 + I when looking at an entity (like a player), your client sends a request containing two numbers: the numerical entity ID (which is incremental and thus can be guessed) and a transaction ID, the latter of which allows your client to keep track of what entity/block entity you requested so that it can deliver the correct message. The server then responds with the NBT data of whatever you're requesting plus the transaction ID. This only works if you have operator permissions.
Mojang messed up in two different ways when they were implementing this:
As a result, you could essentially track any player you want if you knew their numerical ID by repeatedly making requests for their data using it. Because there are no distance checks, you could literally get a player's coordinates even if you were in a completely different part of the map. If you wanted to track multiple players at once, you could simply supply their numerical IDs as the transaction IDs, which would uniquely identify the resulting data as a specific player's. This was the basis for how I would use the exploit.
The bot has three different ways of finding players.
In all three scenarios, the bot will check the response it gets to see if the entity is opted into being tracked. If it has, then it proceeds to link the entity's numerical ID with the UUID and stores it memory until either the player leaves, the player opts out, or the bot shuts down.
After finding players to track, the bot will repeatedly make requests every 3 seconds to get the NBT data of players it has linked to the server using their entity ID. To keep track of whose data belongs to what request, the bot supplies the entity ID as the transaction ID. Once it gets a response from the server, it then sends a dataset consisting of the player's UUID, a Unix timestamp (to keep track of when it was created), the player's X and Z coordinates, and the world they are in to a PostgreSQL server. No other data is stored.
I've taken the opportunity to update some plugins again tonight.
We also started work on PlotSquared a few weeks ago, but due to bullshit related to how that plugin is currently compiled and the fact that it seems to not support 1.17.1 properly, I am unable to give a timeframe for when that will be complete, if at all.
it doesn't require me to do it. Rylie for one is able to do so
Would it not require you, the only person on this server with access to NetworkManager, to add it as a server to the network?
There's very little network wide currently that only I can do
You mean aside from the plan to update to 1.19.4 that we are supposed to and need to carry out as soon as possible which requires you to create another server to add to the network, which requires you yourself to do in our current situation?
Vouch. Welcome back.
vouch, you were removed for inactivity but youve been more active recently according to plan
It's all going according to plan
Oh my fucking god that is so bad
Code{SkullOwner:{Id:[I;1398490606,2104504966,-1836201878,1073330139],Name:"Akefu_Brewer",Properties:{textures:[{Signature:"C2NoNEWc4go6qLUvMHgDJ0FCbFWjmr0/pxKfyC3p0p3EtgPKhft/mxJwI/FEKS/c68WXEudjFGAEEqF3P5diDbDpgx7ed7jZ22V4UsbJYkZYAMd+a2tL828sQMZWA+Q7GU1tUqaMH76fUQXjDm4c7CPe2OeMTVj2hndWS/vjVbpq6dD5mgcYtjbrksw+pGhsXoFEy4rQupF85r7KgEO/bCjBbSp+eY/GNdK3EjGqLXZZfc3tv23McWdPSaANdhM2ULRBpVwvdt0cMhGAC1KUF1KBXS53HpQOW9XSX+KnpFiauzKHM92v9Ftqn1EFN4s0x8DSbY9cHZAjazWN0Yl5QaCOQjeZvN+Wp5cBDV61mkdG55NDQK2fuo5wO7ORv5XNaeSRJkeSP79oCQ1qtQKQrYYH9yZ0NfI7huHmgHGfaTevab9ER0PdHDNFoI9WIz7YNdm6fbtJKMgdL8fQWJ3vwe9qM1kD61slHTngPMnT30TbsA2o0qwmP0zAr61b4CSSenQJJUH1H5TxG5Sp7Oh5CMmb8s6MP4F2NuvtNn0XN7JG2i2q23lGf/lgdhK1QLUiQGwX4DG6k8DZb9O89Kz3g8p+CMD3Ah2RuIdt72au63Bq3tLv++dacc2ZPAxLL6xSkivOkNNPCC4XD3bhh+YW/jBTQUyAOwLVNNu+TFse2bI=",Value:"ewogICJ0aW1lc3RhbXAiIDogMTY1NDEwNTA4NTM5NCwKICAicHJvZmlsZUlkIiA6ICI1OWFiMzAwYWFlYzc0ZDRkYTAxMzFjN2RhZjRiYmNlYyIsCiAgInByb2ZpbGVOYW1lIiA6ICJBa2VmdV9CcmV3ZXIiLAogICJzaWduYXR1cmVSZXF1aXJlZCIgOiB0cnVlLAogICJ0ZXh0dXJlcyIgOiB7CiAgICAiU0tJTiIgOiB7CiAgICAgICJ1cmwiIDogImh0dHA6Ly90ZXh0dXJlcy5taW5lY3JhZnQubmV0L3RleHR1cmUvZTI4NDZiNmQ2OWM4MmUxYjdmNjBkZDZkNGNkZjU1Y2QyNmRhYjczYTkyZmIwNmI4ZGY2MGQyMThkZmIxZTFiOCIKICAgIH0KICB9Cn0="}]}},SkullOwnerOrig:[I;1504391178,-1362670259,-1609360259,-1353990932]}
This is another version of the Akefu head (a better version imo)
Added as "Akefu Brewer 2".
Wordle 740 4/6
⬛🟨⬛🟩⬛
⬛🟨🟨⬛🟨
⬛⬛🟩🟩🟩
🟩🟩🟩🟩🟩
Wordle 739 3/6
⬛🟩⬛🟩⬛
⬛🟩🟩🟩⬛
🟩🟩🟩🟩🟩
management was almost completely transparent
Management during the Seth era was only transparent in matters that helped their image. Members of the community that the elites didn't like were either relentlessly bullied into leaving, quietly indefinitely banned, or had votes related to them rigged against them on purpose. It was rotten at its core. The "transparency" you're referring to was an illusion. Had it not been for the efforts of Luke, Zaid, and I, none of the information that came out about the administration at the time would have ever seen the light of day.
You could call the Seth administration a lot of things, but it was not truly transparent. It was a one-sided mirror; you could see things through one way, but not another. On one side you could see how the server was being run during its day-to-day operations, but you could never see the true reality of what those involved were actually doing to their victims.
Let me make this clear before we begin, I am not against the server being a network, but I am against how we're running it as a network currently. No offense to Ryan, but I believe we need to re-evaluate how we run currently.
The idea would be to kill the Bungee concept entirely for now and just run the server as a standalone box again. This would hugely simplify our infrastructure and quite frankly would make running the server infinitely easier. It would take much less time for us to perform maintenance with this simpler infrastructure. We wouldn't need to worry about free-op or some other potentially hazardous plugin potentially causing network-wide chaos because there wouldn't be any network for the bullshit to spread to. I believe this might be one of the best solutions currently, and here's why.
Management's eyes are on the prize (being a network), but not how we manage to get there, and that's causing a lot of issues. We're needlessly over-complicating how we run things by an insane amount (e.g. stupidly restrictive development) which requires us to waste time playing hopscotch by jumping through all of the hoops and then acting surprised when the extremely limited development resources we have (namely, Paul, Allink, and I in our free time) can't deliver. Furthermore, Ryan is, in my opinion, trying to juggle way too many at things at once whilst having a schedule that is more tightly packed than a can of sardines, which prevents him from effectively doing his job as the owner of the network. Simplifying our infrastructure and how we run would help massively with this because it would take much less time to do what we need to do.
I wouldn't be as open to this idea of simplifying our infrastructure if it wasn't for the fact that in practice, we're not very successful as a network, and this is based on the state of the network as it stands right now, not the player count. We're running as a network, we only have a single active gamemode and that's only because it has been established for nearly 13 years now. We lack a solid, proper foundation (namely, a variety of fully implemented gamemodes instead of just two), which is something that is crucial for us to be a network. What we have right now just doesn't count. We've been at this state for practically 3 years, and I'm afraid things haven't changed. With how over-complicated things are currently and given the unsuccessful nature of the network concept, simplifying what we have makes sense.
TL;DR - I'm not saying we shouldn't be a network at all, but I am saying we should be mindful of the resources we have and to avoid being too ambitious. We should wait until we have a solid foundation to even be a network before we can call ourselves one. Management is being overly ambitious about how we run our shit and this is taking an incredibly negative toll on the state of the server and community. We should try to simplify how we run to account for our limited resources and our schedules.
