Posts by videogamesm12

Best of luck. You're still a poopy head, and you're not invited to my birthday party.

Thank you for all that you have done. I wish you the best of luck.

This was a heartwarming thread to wake up to. Thank you.

↩  Zarcana Locking a non-cosmetic feature like this behind essentially a paywall goes against the foundation of the server.

Apologies, should clarify. Login messages are required to have the following:

• %name%
• %rank% (or %coloredrank%)

↩ @'Ryan' T'was my aim. I just want something to add for a "default" configuration of some sorts.

↩  SuperRyn This thread is not intended to add onto the original suggestion. It's intended to give me a list of login messages and packs to add as part of the process to implement FS-139.

Vouch and confirmed recommendation.

I've gone on a development spree where I'm implementing a bunch of issues. Among many of the other changes people have been wanting for a while (/trail being a shop item, the ability to pay others coins, [Discord] being a hyperlink), I'm implementing FS-139, which allows players to buy login messages in packs. The problem is, I don't know exactly what login messages to implement and what packs they would be in. So, I'm asking you, the community, to decide this for me.

What login messages do you want to be in a pack? What packs do you want, exactly?

Personally I enjoy the peace and quiet, though I'm not sure if it will last for long.

Excluding neutrals, there were 13 votes in total. Out of those, only 6 users (\~46%) voted in in your favor. As this does not meet the threshold requirement, this application is denied. You may reapply in 30 days.

Object

↩  enchy Hence the "about as" part.

This is about as unfunny as an episode of Family Guy.

Vouch. To prove Packs' point, Rylie has a physical server in her room that she messes with all the time. During the twilight days of the Seth era, she was also one of the few who had FTP access to the server. I think it's fair to say her technical knowledge would prove to be useful when setting up events.

Reminds me of when I was forum banned on the old ProBoards forum and proceeded to communicate with my profile picture by hotswapping the image it linked to.

↩  RedEastWood

1. A size limit would not protect against schematics with embedded exploits (e.g. crash exploits), like I've said before.
2. A hidden rank that gives players more permissions than other players doesn't really make sense for a server like TF.

↩  RedEastWood The suggestion isn't to completely replace the Discord bot with a panel or put it out of service. The suggestion is to move the whole "manage the Minecraft server" role the Discord bot serves to a dedicated panel. Under the Seth era, the TotalFreedom bot would communicate with the panel and use its own dedicated account to do its tasks.

The difference between the Discord bot and a dedicated panel is the point of failure called Discord. If a situation were to occur in which the TotalFreedom bot becomes unavailable in some capacity (e.g. it deletes the whole server again, Discord goes under unexpectedly, the bot gets banned), then it becomes impossible for us to properly manage the server in the event it needs to be restarted or manually stopped. If we had a panel, we wouldn't be relying on a third party service like Discord to enable access to server controls, as the panel would work independently from that.

You can argue that it opens up another attack vector, but I'd say relying on a Discord bot (especially one where the main defense is an easily bypassed role check) opens a far worse attack vector than a panel. Why, you may ask? Multiple reasons, actually.

• A panel would not be accessible to anyone who wants it. You would need an account created for you by someone with permissions to do so. As the Discord is publicly accessible, anyone can create an account and use a privilege escalation method such as a backdoored bot to give themselves Senior Admin. Most attacks involving a panel would require the use of an already existing account.

• Discord is not open source, meaning we're basically relying on Discord being secure (I'll touch on that next) without knowing what actually makes it tick. If there is a security vulnerability in Discord, the only ways we'd know is if we were the first to be attacked, if we were notified about it by Discord themselves, or if someone reported it publicly.

• Discord's security is notoriously terrible. I won't go too in-depth about this but I will say that even with 2FA, someone other than you can get into your account and wreck havoc.

What the fuck did I just listen to

I haven't listened to these yet as I'm in class but when I have some free time I'll listen to them. Surely they can't be as bad as people are saying they are.