Derma Abuse

[h3xcat]

https://dl.dropboxusercontent.com/u/8081284/ShareX/2015/03/2015-03-20_09-21-28.mp4 Some servers are using derma to hide ESC menu, in this case I was afk on some server and it forced to "AFK Server" which doesn't allow to use ESC. The only way to leave the server(without joining to their other servers) was to use console. But not everyone knows how to use console.

[h3xcat]

How is this a feature? Servers abuse derma and it's a problem which should be resolved, not a perk.

[thegrb93]

Then don't visit that server.

That's not a solution. That's like if there was an entity when spawned crashes the server and you say the solution is "don't spawn that entity". The solution is to fix the entity.

[thegrb93]

Here's a nice example. https://github.com/MFSiNC/HAC/blob/f1f8159f1ce27c175215a545fbecebec34a2d0b9/v13/HeX%27s%20AntiCheat/lua/HAC/cl_BSoD.lua

Only way out is ctrl+alt+delete It might as well be a crash.

We know it's not a bug, but it's a feature that needs rethinking.

[willox]

We know it's not a bug, but it's a feature that needs rethinking.

I agree. Sadly, it's unlikely to change. I suggest you bind a key to disconnect (but servers can even stop that).

[h3xcat]

How is fixing this going to break anything. Just prioritize the ESC window on top of any other vgui windows.

[willox]

Some servers use this legitimately.

[h3xcat]

Well some servers used running cmd commands legitimately(like opening websites with OS browser), other used it to run malicious files. Does that mean just because someone use it legitimately we should ignore malicious uses?

[willox]

I'm saying it's unlikely to be fixed. If anybody cared about this the game.HideGameUI function wouldn't have been added in the first place.

[X-Coder]

There is a lot in lua which could be used to do malicious stuff, we just should disable lua all together, just to be safe.

If a server owner does it on purpose without any valid reason, don't visit his server again.

[neico]

"Blacklist server" anyone? Valve added this for a reason...

I'm just not sure if the custom html browser respects that...

[thegrb93]

There is a lot in lua which could be used to do malicious stuff, we just should disable lua all together, just to be safe.

Anything that can effectively "crash" someone should be fixed. This is one such case.

[X-Coder]

thegrb93, you are talking about killing the game, because the main menu is hidden = not a crash problem.

Of course should anything that causes crashes be fixed, but I don't see where edgarasf123 or you have a crash problem, he was talking about a hidden main menu.

Outside the game, I guess some server owners need the HideGameUI function for example in the loading screen to hide the default stuff. But whats the reason to allow hiding the main menu and console after the loading screen finished?

[thegrb93]

I said it effectively crashes the game because you have no alternative at that point other than to kill the process. I guess the correct term is soft-locking the game.

[neico]

Then you aren't aware of the correct definition of a "crash". A crash is when the program automatically closes itself because of a fatal error it can't recover from. (usually your OS gives you a pop-up to either let it close or search for the issue, or send the crash dump to the developers)

Your issue get's near the definition of a "freeze" where the program is still running, but is not responding and displaying anything anymore.

But in the end it's just a feature that can be abused (like mostly anything, gmod is a sandbox after all, it's not affecting your entire computer, not even the entire game, just some idiotic servers that abuse it).

What could be done to deescalate this a bit would be a shortcut to recover the GameUI, something like CTRL + M or so... (maybe with a little notification panel on the left corner of the screen once the GameUI is hidden)

[thegrb93]

Then you aren't aware of the correct definition of a "crash". A crash is when the program automatically closes itself because of a fatal error it can't recover from. (usually your OS gives you a pop-up to either let it close or search for the issue, or send the crash dump to the developers)

Your issue get's near the definition of a "freeze" where the program is still running, but is not responding and displaying anything anymore.

What fucking ever dude.

[Kefta]

I know multiple servers that use this legitimately; I'm pretty sure there's even some custom escape menus on script fodder. Really, there should be a clientside convar that servers couldn't override to hide these escape menus

[TheFreezebug]

Its not broken so it need not be fixed. Either way, if you really wanted to disconnect you could always use the chat escape for console commands by typing the following ' ";disconnect '

[willox]

You can't any more.