Security Codes and Text-Based Log Files

[darklorddrexx]

I've come across a website called www.Magic-League.com, where players are able to join online tournaments and so forth for free. They allow users to choose what application they wish to use as long as it adheres to the following criteria:

Deck security codes Log files for matches, that are stored in plain text. Print whether a deck is sideboarded or not at the commencement of a game. Currently they use an application called Magic Workstation, as it is the only one that meets these criterion so far. The application itself is absolutely atrocious, however. Often there are crashes, disconnections, and a myriad of other errors. Attempting to play with other users creates for a terrible experience. I play with a couple of friends there that do not yet have Octgn and even just casual play with them can be imfuriating.

I understand that the way the application functions is that once a room is started, only then is a deck loaded and that from a deck file where the side board is predefined and separate from the deck, but even so they would require something to the extent of stating the deck code and checking that the deck matches the original list.

But to the point, what would it take to implement these three things into Octgn so that online communities such as Magic-League can run their tournaments through Octgn, and other such communities might be created for other games your application has plug-ins for.

Perhaps a feature could be implemented as well, that allows a list of currently running games to be displayed, and users would then be able to join and spectate (no control over the game whatsoever, or the chat). This would make sure people who do spectate (as some do) cannot mess with the game, but also allows something like a judge to be called during a match. This feature resembles one from a site called www.duelingnetwork.com.

Thanks for your time.

[kellyelton]

I've e-mailed the people running the show over there and asked for a list of criteria, as I am very interested in making OCTGN more tournament friendly.

[darklorddrexx]

That's awesome. I do hope to see tournaments on Octgn soon. =]

[kellyelton]

I talked to the guy and he emailed me some specifications in order to make this work. We should have hopefully have this out soon, keep an eye on this thread we'll close it once its complete.

[glyphx]

Please do this! The most usage your program will get would be at magic-league. But to play on magic-league both of these features, logs and sec codes, are required. (we would also love a spectator mode, for judges or community members to watch high-profile games.)

[kellyelton]

Spectator mode/reconnects is something I've been working towards the past 3 weeks or so, so hopefully that'll come into fruition soon.

[pg8]

Magic-league judge here. Spectator modes and reconnects are great features, but without security codes (along with the algorithm used to generate them) and text-format log files (preferably timestamped), we can't use the software at all. Do you know whether those will be in place soon?

[kellyelton]

Hello @pg8 The two things are part of a larger improvement on the network stack, which would allow for a lot of security issues to be completely removed, among many many other things

I'm not sure I understand what you mean by security codes, security codes for what? Also, for the text log, would that be just a list of all the actions that happened in a game?

[glyphx]

On magic-league, users are in an IRC chat, we have a bot that starts tournaments at the behest of judges like pg8, users sign up for the tournament with their deck lists for constructed tournaments, the software generates a security code for the deck, and magic-league uses this security code to verify the opponent is playing the deck he registered, its a way for players to verify before a match. The software also prints this code at the start of every match, so it is in the log, and convienant for the players to check before play begins. We use a web application on magic-league.com to generate sealed lists with a security code. However since your software features a sealed deck generator, maybe something could work there too. The security log should be as verbose as possible. Perhaps some direct export feature, like export log to target client @ IP (the judge most likely) so it could be verified the log wasn't tampered with. Or some other clever anti-tamper feature. I don't think we require tamper proof, but it sure would be awesome.

[glyphx]

The other issue that would prob get you full adoption rate and kill MWS would be to copy one of MWS's features, I saw you can connect to a game @ target IP, or you can use the lobby. However, for tournament players on magic-league, we wouldn't want to see all these random lobby games, have random opps join our games, it'd be a bit messy, also, for security reasons, or proxies and etc, we might not be able or want to connect directly to eachother. So my proposal is to let people have some of the server code to run their own lobbies, and a UI feature to be able to select a lobby.

[glyphx]

Optionally could make a Room type construct to the current lobby system, so users could create rooms that are essentially lobbies within lobbies, with irc like abilities, kick, ban, administrators.

[kellyelton]

Wouldn't the 'password' feature I've been meaning to implement suffice for that?

[kellyelton]

or are you saying it would be a separate list of games?

[glyphx]

Sure, but look at the lobby in mws, the mwsplay.com room, if you hit critical mass like that, its just so incredibly messy with hot join games, adding league on top of that just will look messy. But ya, short-term password is fine.

[glyphx]

yeah, basically. Just a way to seperate oursevles, maybe just something as simple as adding a flag to the game, so we can just searched games with this flag.

[pg8]

I'm not sure how the password works, but possibly. A "security code" is just a string of letters/numbers that's unique to an individual decklist. This ensures that people play with the same deck that they signed up with. For example, today I played a Modern tournament with UWR Midrange. My security code was 14b884a3. If, for example, I had swapped out a Path to Exile for a Negate because I knew my opponent was playing combo, the code would change to 473c3fe9 and my opponent would know I was cheating.

[kellyelton]

so like a hash then.

[pg8]

Exactly.

[glyphx]

Oh, yeah a hash, md5 checksum or some such. sorry i thought you meant a password lock on open games.

[pg8]

I'm pretty sure the algorithm MWS uses is around somewhere if it would be easier to use the same one.

[kellyelton]

If I gave you guys an algorithm for that then, you could have a way for players to upload there decks and generate a security code?

[glyphx]

yeah, i'm pretty sure you guys have to have it since the website knows the sec code before mws generates it. I remember the apprentice codes were hackable or some such, mws never had this issue?

[pg8]

Right. The site code generates security codes now, but only for MWS/Apprentice. If we had whatever algorithm you use, then it shouldn't be too much of a problem to update it.

[pg8]

And yeah, MWS's algorithm fixed that problem, glyph

[kellyelton]

One thing about our deck format is that it's basically a list of guids, which have really no significance outside of octgn, so one wouldn't really be able to know what the deck ment without downloading it and opening it. Is that an issue?

[pg8]

As of right now we do convert submitted decks into text (so they can be displayed on the website). I don't think that would be too much of a problem though so long as the security code can be extracted from the file.

[kellyelton]

Actually, this is a deck file https://github.com/MagnusVortex/Standard-Playing-Cards---OCTGN/blob/master/54.o8d I guess we have at least the name of the card in there, so that should be good.

[glyphx]

dont understand how that's good, the opponent can't view that file for obvious reasons :P

[kellyelton]

The idea is that when a user submits his deck to your site, then you know what those guids mean...out of context a guid is irrelevant, and wouldn't allow you to verify anything, except the amount of cards there are in a deck.

[pg8]

I'm not exactly sure how our current site coding reads .mwDeck files. I'll try to find someone a bit more knowledgeable.

[glyphx]

the best option like pg8 said is since I guess we're happy with the mws algorithm, and since we won't have an immediate 100% adoption rate, it would be nice if the codes were the same so hybridization of tournaments wouldn't be an issue. (some players will switch back and forth)

[glyphx]

oh, yeah, if the .odb file generates the alogorithem you mean

[glyphx]

that sould work if it reads it

[kellyelton]

I can't grab the mws algorithm, as they are a competitor, but I can do a simple hash on the whole file or something that can be easily implemented in any language.

[kellyelton]

Heck I could even write it in any language you needed.

[glyphx]

ya so long as you share the algorithm i'm sure they could add it to the site, same difference

[kellyelton]

And as far as the log, once the games done we could post it somewhere online, would that be preferable?

[glyphx]

that sounds pretty awesome

[glyphx]

would the game have a unique code then too ?

[glyphx]

how would some one look it up

[kellyelton]

Well they already have guids, I just dont' expose them.

[glyphx]

ah, sure.

[kellyelton]

Maybe I could add a second to Octgn.net for game log retrieval. Could create a code for users to look that up maybe. I'll hash something together and get back to you guys...Seems like an interesting challenge so I might start today.

[glyphx]

Wow, awesome :D By the way, is the game mostly coded in .net? I saw some perl in there too, that just the install script?

[kellyelton]

Heh, It's like 95% .net or something, but there have been pieces in java, perl, php, c++, python, powershell(probably more that I can't think of)

[kellyelton]

erlang blah

[kellyelton]

we're a small team, but fairly agnostic when it comes to languages.

[glyphx]

I'd like to get involved in a git-hub project, just never know where to start. I've done some Java, C++, but never like a multi-person project. .net like java?

[glyphx]

Have to say, microsoft language not on the top of my lists to learn.

[kellyelton]

I love it personally. I used to think c# was a beginner language, but once I dug into it, it's awesome. The .net library is so well rounded, and documented, and extensive. Shoot, I could spend a whole day and a half working on one piece in a c++ program, and get the same thing done in two lines of code in c#(was just thinking about that last night, forget the exact thing I was thinking about though). The syntax is very close to java.

[glyphx]

Would you say it lends itself towards rapid application development, like somewhere between VB and Java?