Posts by videogamesm12

  • report offline users

    So offline reports are a thing in TotalFreedomMod v2022.06, but a bug is present which causes the plugin to throw an error upon trying to report someone offline.


    To put it simply: admins in-game will still see the reports, but the message will not go through to Discord.

  • Temporary admin removals

    Quote from Ashaz

    4 months

    I'm aware. I'm constantly thinking about it every day, to the point where it almost haunts me.


    However, most of my priorities as of recently has been school work and getting the TotalFreedomMod updated to 2022.06. I have not worked on the document for some time due to my sleep schedule being all twisted up, causing me to head to bed way earlier than before.


    I'll look into logging into my Google account on the computer I use specifically for doing TF shit on the go so that when I have the free time during the next few evenings I'll be able to work on the document where possible.

  • TotalFreedomMod v2022.06 Released

    After managing to unfuck development for a bit, we've finally got a new version of the TotalFreedomMod out, and this one is rather big.

    Note

    This update for the plugin was expedited due to the recent shutdown of the official Name History API. The plugin was extensively cumulatively tested for ~12 hours to find bugs, and while we believe we got everything, something may have slipped through the cracks.


    Here's a list of things that were tested:

    • Punishment log behavior
    • Temporary sanctions (mute, cage, lockup, bans, command and edit blocking, etc)
    • The shop system as a whole
    • How player and admin data was handled when two players with matching IP addresses were on the server
    • Admin utilities like CommandSpy, Adminchat, Whitelist
    • World Protection
    • Player Reporting
    • Indefinite bans
    • Protection systems like the spawn egg resetter
      • Do note that certain entity spawn methods (like buckets) can still possibly be exploited as the protection systems never fixed these
    • Behavior of the Block Inspector
    • HTTPD
    • How the plugin behaves on both 1.17.1 and 1.18.2

    All of which were confirmed to be working. Half of the testing was done by Alco_Rs11, while the other half was tested earlier today by a number of admins (Ael, Zarcana, Anti, and myself).


    I am required to detail exactly how long it took, so here you go:

    • Alco did about 5.5 hours worth of testing on a private server.
    • I did 1.92 hours worth of testing on Dev-Freedom-02
    • Anti did 2.26 hours worth of testing on both her main account and her alternate account
    • Ael did about ~0.31 hours worth of testing
    • Zarcana did about 1.09 hours worth of testing

    Key Changes

    • The one we have all been waiting for
      This version no longer uses usernames and IP addresses for getting player and admin data and instead opts to use UUIDs. In the process of doing so, this has fixed a metric fuckton of bugs regarding players being on matching IP addresses. Server owners will need to migrate their databases before they upgrade to this version, as the plugin itself doesn't do any conversion.
    • Works on both 1.17.1 and 1.18.2
      This version no longer relies on a specific version of Minecraft to work. You can load it on 1.17.1 or 1.18.2 and it'll work just fine. This has the added bonus of not needing to update the plugin every time we want to update to a newer version of Minecraft.
    • The Discord bot is back
      This version brings back the functionality the previous bot had, with commands like tf!l working just like before.

    Full Changelog

    https://github.com/AtlasMediaGroup/TotalFreedomMod/compare/2022.02...2022.0

    Download

    You can download a binary copy of the plugin here.



  • I fucking hate AsyncWorldEdit

    Before I begin, I would like to note that I created this thread in a way that does not violate the plugin's heavily-restrictive license, which can be accessed here. This thread does not explain how to compile the plugin, because doing so would result in a violation of the license. I am, however, detailing certain things that I found that I dislike. I used information that was provided by the official pages of the plugin (the GitHub and Spigot pages) for my research.


    Source code will not be directly provided in this thread, however I will be occasionally linking to lines in the source code from the official GitHub.

    The way AsyncWorldEdit works is confusing and broken in some cases

    Contrary to what it sounds like, AsyncWorldEdit is not a fork of WorldEdit. It is a separate plugin that when installed, injects its own code into the original WorldEdit plugin by some weird Java hackery to make it behave asynchronously. As you can imagine, this breaks a lot of shit, and is most likely the reason it frequently misbehaves on the server.


    Why the developer chose to do this, I'm not sure, but my theory (do not take this part as factual information) is that that he wanted to control how the plugin was distributed or even compiled through a license of his own. You see, WorldEdit is licensed with the GNU Public License, which among the many other things it requires for compliance, states that you cannot change the license of copies of the source code you make. Since doing what I theorized before to a fork of WorldEdit would violate the license, it's possible he chose the path of writing something from scratch that injects into the existing code to avoid violating the license.

    The version on GitHub is not the same as the version in the GitHub releases

    In the GitHub version the project's pom.xml files that Maven use (primarily to you know, compile the plugin) refers to dependencies that don't actually exist or are otherwise inaccessible to the public. This includes the code that makes the plugin work with 1.13+, making compilation effectively impossible. So, if an exploit is present in the plugin, we cannot fix the exploit ourselves as we do not have access to the source code to the version that we use.


    The versions distributed through GitHub Releases do include these dependencies, however there is a catch. To deter someone from using a program to decompile the software, the developer scrambles the names of certain important class files in the distribution JARs that are provided in the GitHub releases. When the plugin starts up, it descrambles the file names of the classes and then loads them.


    The code that descrambles and loads the classes is present in both versions, but the GitHub version lacks information that is required in order to descramble the class file names. This information is present in the distribution versions, but I cannot provide that information here.


    The official GitHub pages, to the best of my knowledge, lack the information I've just noted here.

    It is prone to painful log spam

    AsyncWorldEdit's logging system is overly verbose, to the point where it can spam logs just from regular use. Many admins who have seen the shit it spews can attest to this. Sadly, there is no way to actually disable this functionality, which fucking sucks.

    Conclusion

    AsyncWorldEdit does work, but the way it works is painful and frequently breaks shit. In addition, it is impossible to modify the plugin yourself without information that is otherwise stuck behind a paywall (as the source code is actually incomplete), so if you want to maybe fucking disable the log spam caused by the plugin, you're shit out of luck.


    If you want a version of WorldEdit that doesn't immediately crash the server when you make a giant sphere for your own private use, use FastAsyncWorldEdit. If you want WorldEdit to not crash the server immediately but also allow pretty much anyone to use it in an all-op setting and not have it crash from ridiculous galaxy brain mistakes like fucking loading schematics from the web, use AsyncWorldEdit.

  • Indefinite ban appeal

    The incident that led to your ban occurred on December 18/19, 2020.


    As noted in these logs, someone (under the name "hackedlol") breached Telnet and added you to the admin list. According to client-side logs recorded by other players and entries in the punishment log, your username was recorded to be spam-banning pretty much everyone on the server. However, there are some other things to note in the case that wasn't previously noted, and they may actually be in your favor in terms of defense.

    Given what I have previously stated, I would like to propose a possibility in your defense. Someone else could have breached telnet, added you to the admin list, and then used the /gcmd command on you in order to mass-ban players on the server through Telnet with your name. The matter of you using ForceOP could have just been a coincidence.