Ops cannot access ME Security Terminals

[oleg599]

Operators cannot open ME Security Terminal if it protected to another player, please fix.

[PiggyWhiskey]

isn't that the point? you place it, its yours?

[oleg599]

No, but im op (admin) and don't have pernissions to open players terminals

[yueh]

Because OP does not give you the rights to steal from your users?

[PiggyWhiskey]

Ah, I'd agree with Oleg on this (Didn't realise that Operators = OP/Staff)

Might be needed to check for cheating players.

[oleg599]

@PiggyWhiskey Yes, players hides duped items in security terminal/trying to craft blocked items and we can not tracking this

[yueh]

I personally do not see this as an issue. If it is really about removing dupes, just break the Security Terminal.

Otherwise if an OP just wants to steal stuff from their users they can do so, but it leaves a clear notice that someone messed with the security.

[thatsIch]

Sounds more like an issue, that you should resolve the duping. At most we should at this as a config option that server owners can activate it, but this should not be default behavior imo

[thatsIch]

Ok, I just looked into this, anybody who would rename themselves to the names in the OP list, would get access to it. This sounds like a security breach, so using the internal Minecraft Structures is not an option for me, cause it ignores the UUID of the player and just compares the display names.

Needs own wrapper for the ops.json file handling

[AlgorithmX2]

I believe when I was still working on this I planned to add a command to enable a by pass security, and only allow ops to use that command. not sure if this would be better or not, I also planned on announcing its use so people would be discouraged from using it for anything other then "legit use"

[thatsIch]

sounds good to me

[riking]

Brief summary. (I was confused by the title.)

Better issue title: "Ops cannot access ME Security Terminals" Workaround (comment 7): use creative to break all security terminals on the network (this requires the other player to undo)

[oleg599]

@riking need to open without players notify and block break, shadowing in vanish

[riking]

Remember, if all else fails you can code a custom plugin/mod to detect crafting/carrying of the forbidden items and follow up with administrative action.

[oleg599]

@riking Applied Energistics doesn't work with bukkit plugins

[mushi1996]

@yueh

As an OP I can spawn items in why would I want to steal from my players? In fact I have never even heard of a case where an op steals from players simply because he can spawn the items in himself. I am almost insulted as a server owner that you said that. What this saves me from doing is using world edit to delete the terminal wherever its hidden.

[yueh]

If you really want to find the terminal it is extremely easy to find it even without mcedit/worldedit/etc and then destroy it. It is also not about stealing for themself, mostly about taking stuff from players without notifying them. If you are a server op, you should be able to approach your users openly and state that you have taken the dupes away as well as give them a warning/tempban/permban/whatever.

Things like "blocked recipes" are sounding very suspicious to me, because recipes are either completely disabled or freely available. Blocked really sounds like there are recipes only available to specific user groups, maybe even paying ones (EULA and that stuff). But AE2 might be bypassing their own protection build on bukkit, so they want to remove it.

The only benefit I am seeing is a bit more convenience for the server OPs, which is just not enough to dismiss my personal doubts.

[ghost]

i say that op shouldn't have access to security terminal it would be really overpowered... and admin would just steal it

[PiggyWhiskey]

I think the issue is if a player managed to cheat in a creative item. The current solution would be break the security terminal (potentially allowing other players to take a things) while the server OP couldn't remove the cheated item and issue a tempban etc

Blocked recipes most likely refers to disabled via minetweaker (ME4 uses this extensively for quite a few items.)

[mushi1996]

I am still not getting the logic behind ops not being able to access it because you think they will steal it.

1) I break the terminal and now anyone can access their system and opens them to grief

2) I go in find they are duping. ANY server you go on bans cheaters. They don't get/deserve notification as they are the problem which always results in a promt ban.

3) Blocking recipes are actually very necessary in very select cases. For example I own a modsauce server and due to an issue with MFR I need to ban grinders and slaughterhouses because they crash the server the moment the kill a mob. Yes servers that charge money to bypass item restrictions are a joke and should be removed but people who would use this shouldn't be punished.

4) I still never got an answer to "why would an op steal from players when he can just spawn it in himself".

I would love to have a solid answer to those 4 points as it's just ridiculous claiming theft as a reason to not allow access to terminals.

--- Original Message ---

From: "yueh" notifications@github.com Sent: January 19, 2015 6:43 PM To: "AppliedEnergistics/Applied-Energistics-2" Applied-Energistics-2@noreply.github.com Cc: "mushi1996" mushi1996@hotmail.com Subject: Re: [Applied-Energistics-2] Ops cannot access ME Security Terminals (#523)

If you really want to find the terminal it is extremely easy to find it even without mcedit/worldedit/etc and then destroy it. It is also not about stealing for themself, mostly about taking stuff from players without notifying them. If you are a server op, you should be able to approach your users openly and state that you have taken the dupes away as well as give them a warning/tempban/permban/whatever.

Things like "blocked recipes" are sounding very suspicious to me, because recipes are either completely disabled or freely available. Blocked really sounds like there are recipes only available to specific user groups, maybe even paying ones (EULA and that stuff). But AE2 might be bypassing their own protection build on bukkit, so they want to remove it.

The only benefit I am seeing is a bit more convenience for the server OPs, which is just not enough to dismiss my personal doubts.

---

Reply to this email directly or view it on GitHub: https://github.com/AppliedEnergistics/Applied-Energistics-2/issues/523#issuecomment-70580831

[yueh]

1) As said, not steal for yourself. Just take away the items from the user without any notice. There are even ways to bypass the security terminal without breaking it and reconnecting it without notice (and this is extremely easy and does not need other mods).

2) How do you recognise dupes? Are they tagged somehow or do you just assume "guy x seems to have to much of item y"? Even vanilla has a dupe bug in 1.7.10. So even if every mod fixes their own dupe bugs, one will always be available. Thousands of HV solars are easily detectable, but it is extremely hard to say that second HV is duped or the user just pressed for it.

3) Disabled recipes are disabled recipes. If they are gone by means of minetweaker or mod configs the patterns will become invalid and cannot be used. If blocked means you listen on PlayerCraftingEvents to identify which user is crafting it and then cancel it, because the user is not allowed to craft it, it means some are allowed to craft it.

4) Related to 2) If the items are locked away in a safe, what use do they have? It is the same as taking it away from them, just they do the work for you. The moment they start putting HV solars everywhere you will notice it and can take action against it.

I am seeing it more as OP does not give you the right to spy on your users everywhere.

[PiggyWhiskey]

1. That's generally a bad server.
2. It is difficult to detect, but most players who dupe on purpose are greedy, so they'll have an abundance.
3. The point being if they've hacked out creative and have an item that should be disabled is what it refers too.
4. Duped items would be voided (well on the server i'm staff on, thats how it works.)

I understand your reluctance for this, OP isn't given out randomly or even to all staff. If an OP abuses they're commands/access, well thats a bad OP.

[yueh]

I can understand the request for it. But currently it is like 3 clicks, if you know where the terminal is instead of one. If not maybe 5 more and these might be even a good idea in general, if you have a greedy duper.

It is basically possible, just the barrier to do it is a bit higher.

I currently have some ideas with AE2 regarding safe storage systems. It could allow a pretty safe storage system, which is not accessible through ingame ways while protected. But that is not limited to a security terminal and could also protect a vanilla chest. Fixing it is probably not possible without breaking parts of AE2 completely and it would only prevent crashing the game, when you want to access the storage, but not find it.

[mushi1996]

exactly however being op damn well gives me the right to spy on people. Im paying for the server and I am making sure everyone is playing fair. if your not breaking the rules you have nothing to hide.

All in all this terminal thing doesn't stop ops from accessing the ME system as it can be easily broken. Which means they can still go through it this just allows a stealth method while im vanished.

what is this method of disconnecting without them knowing?

--- Original Message ---

From: "PiggyWhiskey" notifications@github.com Sent: January 20, 2015 7:44 AM To: "AppliedEnergistics/Applied-Energistics-2" Applied-Energistics-2@noreply.github.com Cc: "mushi1996" mushi1996@hotmail.com Subject: Re: [Applied-Energistics-2] Ops cannot access ME Security Terminals (#523)

1. That's generally a bad server.
2. It is difficult to detect, but most players who dupe on purpose are greedy, so they'll have an abundance.
3. The point being if they've hacked out creative and have an item that should be disabled is what it refers too.
4. Duped items would be voided (well on the server i'm staff on, thats how it works.)

I understand your reluctance for this, OP isn't given out randomly or even to all staff. If an OP abuses they're commands/access, well thats a bad OP.

---

Reply to this email directly or view it on GitHub: https://github.com/AppliedEnergistics/Applied-Energistics-2/issues/523#issuecomment-70647873

[RAnders00]

I agree with the command thing: If e.g. direwolf20 (who is a op on forgecraft) goes to quetzz's base and wants to steal borrow a few materials, and quetzz wanted to protect his AE system from greedy direwolf, direwolf would not notice that it is actually secured and bypassed the security - even though he did not want to.

Simply something like /ae-op [player] would make [player](or if not specified the executor of the command) an AE-Secrity-bypasser for seconds.

OP's should be notified when they are denied from accessing a system in chat: "This system is secured by a security system. As an operator on this server, you may bypass any security terminals with this command for a specified amount of time: /ae-op You may also authorize other players: /ae-op [player]"

[malcolmamal]

in case anyone is interested in a workaround:

using thaumic tinkerer's wand focus "disclocation" is the way to go

you can either dislocate a cable or even the "me security terminal"

if you don't know where exactly is the security terminal or you can't really dislocate a cable, just add another "me security terminal" using dislocation.. if there is more than one security terminal - neither will work and you can access the network with ease.

[thatsIch]

Systems made by humans will always be hacked by humans ^^

[BoboSims]

In my opinion, the main point is this: most servers have a rule that states: if you cheat, you're banned! So if someone ignores that rule and still cheats, the OP needs to be able to confirm their suspicion, and - if so required - ban the perp. And if the perp is banned, he won't be playing on that server anymore. So how is he going to need a notification that an OP snooped around his system? He's banned! That should be notification enough!

And if they did NOT cheat, the OP should still be able to confirm that, to remove his suspicions. In that case, if the OP is a decent person, they themselves will notify the player, that they were required to perform a check.

From that point of view, one shouldn't force the OP to break stuff just to enforce the rules. The OP should have a legit means to check these things. Because what purpose do rules serve, if the OP has no power to enforce them legitimately?

[mushi1996]

thankyou bobo you summed it up perfectly.

[yueh]

As said, I see a need for something like a cheat protection. But this discussion is not about constructive feedback on how to solve it. It is mostly about trying to sanctify something like "stop and frisk", but without really caring about cheating.

Your assumption is, that only the owner of that particular ME system can be the one cheating. While completely ignoring that everyone can put something in an ME system regardless of a security station. Anyone can pipe something into an interface as otherwise no machine would be able to insert something into a protected network. Technically putting the burden of proof on your player without a way for them to disprove it. And also enable the cheater to circumvent your rules and have someone else banned instead.

To summarize it (hyperbolically). Your statements can be mostly interpreted as "I do not care about your cheating, but to be safe dump it into your neighbors inventory. They will get banned for it instead of you."

But if you really care about cheating in general and not just a cheap excuse to not really deal with it, then I can only recommend raising the issue to Forge itself. This is not something each mod needs to handle by itself but at a central location like Forge. Also it cannot be based on ingame things as these can be easily tampered with. But of course there could be an ingame tool for viewing the data instead of digging through the log. Of course this cannot be perfect, for example something like an item ownership would also be duped. So the cheaters will not use their own items to dupe, but just the ones from someone else. But dealing with it in Forge can reduce these shortcuts way more easily. Some security mod is also not the ideal solution as it would be mostly an opt in. Just one mod not supporting it might break the chain of trust.

[BoboSims]

First of all, I merely wanted to make two obvious points that seemed to be implied, but were never said in so many words: 1) If someone cheats, they lose the right to privacy! 2) If someome is banned for cheating, then who cares if they lose some items, some loot, or even their privacy. That should be the least of their worries.

Now back to the topic:

While I can see how a lot of what you're saying is true and valid, @yueh , I have an issue with your implication that proof of cheating in one player's network might have been planted there by another player. Though I agree that nothing is beneath the truly criminal mind, and this would be a good way to hide one's activities, there is also something illogical about it.

An Annihilation Plane picks up any item within its reach, and does not care whoever dropped it there. Any player could use that mechanic to hide their loot inside a network they don't own. BUT if the OP is unable to get to it, the cheating player would not have the power to anonymously get to it either! Why would one hide stolen property in a place where you can't get it back? The only reason to even try to cheat in the first place, is to gain something from it. I don't see the gain here...

Finally, though, I also agree that security issues belong as high up in the chain as possible. So probably Forge. And that is the only reason why it would not be your responsibility to provide the OP with special powers within the scope of AE.

[mushi1996]

thankyou again mr bobosims :)

however something like this should be the responcibility of the mod. The fact that forge doesnt have its own security built in should be why a mod needs to have an op bypass. There is no way forge would implement a system where an op could not bypass it.

Now to be honest at this point weve been going back and fourth for about a month. Anyone who is opped can bypass this system simply by severing the connection to the security teminal. All we are looking for is a less distructive method of doing so.

Its been a while but too my knowledge you can open a terminal and scroll through it but cannot take anything out? If this is still the case I might have a possible idea.

[yueh]

I agree with that. But there is currently just no way to obtain a solid proof. So in my opinion: in dubio pro reo.

With the exception of a few intricate builds, it is not possible to fully protect a ME system from physical access. The easiest way is just cut the power, so the security station is offline or break a cable between it and the rest of the system. Then just take a random cell, put it into the ME chest brought with you and do whatever you want with it. Or access a normal terminal, while the security station is down. It is fairly easy to put something in any ME network and also be able to take it out again.

You would probably be able to catch the stupid ones, which are just completely greedy. But these ones are probably already pretty obvious to detect. But not the ones taking a shortcut here and there to obtain something a bit faster. Say one of the XU flying rings.

And yes, you can open any terminal without permission. Just not extract or inject items. Or interact with the security station. Which was always possible. Meaning a bypass for the security station is only needed, if you really want to tamper with our user's network. Which is quite questionable.

[BoboSims]

@mushi1996: Actually, I'm rather new to AE, so I'm not yet clear on all the mechanics behind it. But I think it is safe to assume that if the owner has not granted you permission to use their secured network, you can at the very least NOT take stuff out. But if you're right that browsing remains possible, then that is all the access the OP needs to prove cheating, and this discussion is over. (although that only covers the presence of cheated objects, not who put them there...)

Anyway, now back to the security matter. I would agree with you that it would be preferrable if the OP had some non-destructive way to access stuff. BUT, I also agree with @yueh that it's NOT their responsibility to add THAT level of security to a system. For starters, it would only be effective within any of AE's components anyway.

But if security is going to mean something, it should not be within only one mod. It should be across the board! So real security should indeed be Forge's responsibility. Not AE's!

[oleg599]

@BoboSims This security in AE, forge DOES NOT affect to this, based on this the players purposely hide duped/bugged items from op's

[mushi1996]

can it be made that it will copy an item if middle clicked while in creative?

this is so ops can look into bags and other things without removing them.

[yueh]

@mushi1996 already works like that. So you have more or less all tools available to review it. Except you cannot tamper with the network itself. And this issue is just about allowing ops exactly that.

[BoboSims]

I expected as much. Perhaps that's not even an AE feature, but available across the board as a standard MC/Forge mechanic (I'm just guessing here).

[mushi1996]

if i can still check bags and other containers stored in the me system then my apologies for not checking this earlier.

when i get home ill double check to make sure.

[thatsIch]

What about a creative only tool, when you hit a system, it dumps all content in the network to a text file? This probably better anyways than using an in-game mechanic, so you can use grep and other tools to automate the process of searching for illegal items.

[mushi1996]

or remove the recipie? but a text dump would be useful to archive chages to an ME.

[yueh]

This will ignore anything with an inventory. Except it could just dump arbitrary NBT data and then they still might have their own .dat somewhere to store the actual data. Meaning the right items can still be used to hide stuff.

But as said, if they really want to fight cheating and not just have a cheap excuse, then there are better ways to do it.

For example there are enough tools to parse the world and player files and the including NBT data and there are no limitations regarding it. It will require some custom handling for different mods, but this is solvable and it can also benefit vanilla server or mods not providing ingame tools. Also providing a way more easier access to the data for parsing and creating statistics from it. Instead of spending potentially massive amounts of time running around and looking into chests.

But that would mean that the server admins actually need to invest time and work and do something about it as well as work together with other server admins and mod authors. Which basically means it is a job for Forge or a larger (and separate) team.

[mushi1996]

or use something similar to prism?

[thatsIch]

prism is a bukkit plugin, not sure if anything based on Forge is out there

[mushi1996]

yes but the only public servers are cauldron. no one in their right mind opens a public forge server

[thatsIch]

Cauldron is dropped since last year. There is no reason for us to support dead software.

[mushi1996]

got any ideas to replace cauldron?

windows xp is dead yet companies refuse to leave it? when there is no alternative you do the best with what you got

[thatsIch]

Blood is working on Sponge API, which is based on Forged

[Aeroverra]

Wow, I too am a bit insulted. By joining my server you void any "rights" to others seeing your progress and items. If I want to spy on someones ME system for fun I am going to do it. Obviously I don't go around doing this but I pay a fortune for a server and take a lot of my personal time to make it as good as it can be. People hide dupes and why should I not have the right to randomly check up on players. I will be disabling part of applied energistics until a solution is made by either the applied energistics authors or my own developers.

[vallard192]

5 bullet TLDR for people who don't want to read the entire thread:

1. Looking in AE systems is a bad way to find dupes.
2. You can look inside other peoples networks already (just not take items)
3. If they have bags in the AE system you can middle click them in creative mode to copy them and look inside
4. AlgorithmX2 has said he wanted to add a chat command to bypass security for OPs to use; thatslch said it sounded good and made this a feature for development.
5. No one has raised a further reason the security terminal should be changed.

@modbrian, People that I think are server owners keep talking about either:

1. Spying on users because its your server and you can do what you want
2. Spying on users because dupes are a problem and you're going to disable AE since players could hide things in AE and you can't spy on them without them knowing.

Look at Yueh's suggestions, its the only completely accurate way for you to check for dupes. AE isn't the only way that people can hide things. Bypassing ME security can already be done fairly easily... Yueh even listed several ways to do it.

Parsing your world save, going though all the items including NBT will let you figure out if there's too much of something in your world. It doesn't matter if you can get past the security terminal without people noticing... They can just store dupes in a storage cell they store in a portable cell inside a bag from some other mod that they keep in the AE system or on their person. You won't see the dupes unless you pull the bag out, open the bag, pull the portable cell out, open the portable cell, take the storage cell out, put it in a ME system, (and repeat as deep as a paranoid player wants to be).

If you want to detect duped items in your world, you need a more comprehensive solution than AE can give you.

If you want to randomly spy on your uses because it's your server, then look at yueh's posts closer... specifically:

you can open any terminal without permission. Just not extract or inject items. Or interact with the security station.

If they have bags inside the system then keep reading the conversation between mushi1996 and yueh:

mushi1996: can it be made that it will copy an item if middle clicked while in creative? yueh: @mushi1996 already works like that.

So currently you can already open and look at any ME network on your server, and if you're an op then you can go in to creative mode and see inside anything inside the AE system... You just have to do more if you want to take items from or put items in the system. An actual security terminal bypass was accepted as a new feature for development down the road.

[mushi1996]

everything vallard said is correct except for "1)Looking in AE systems is a bad way to find dupes."

Going through an AE system is the best way to spot potential dupers. You open it and see what they have. You then check how many people they are working with and how long they have played for. Once you check that if you still think they are cheating you lookup all the blocks they interacted with and quickly scan through them for interactions with known dupes.

Anyone who bans simply off of an ME system doesn't know what they are doing. (unless its something like 477583 Ultimate Hybrid Solars or something ridiculos like that).

However opening up files and scanning through the thousands of lines of nbt data is in no way practical. You need to keep in mind servers over their lifespan have upwards of 6000 players over their lifespan.