Of course, for most of you this isn’t a “yay”. It’s sad news – we still won’t be able to host mods properly, there won’t be custom-made maps, and there probably still won’t be proper server admins. Of course, that’s better than Black Ops, where you had to pay a lot of money to be a server admin, but still no custom maps.

But in MW3 this will be better!

IF the rumors are correct (host-based, no kick, no mods, no custom maps) then I promise to write a MW3SA tool. It’ll have some pretty epic features, fix the lag issues which we’ve seen with MW2SA, and most of all, you won’t have to wait weeks for it! I plan to have it ready at the release of MW3.

Xifon
aka Tom

UPDATE (mid August)
IW has announced that MW3 gets dedicated servers. While I suspect this to be yet another lie, I myself definitely welcome this. However, don’t cheer just yet: there are different definitions of dedicated servers. For me, a true dedicated server system lets us host servers without paying. We want mod tools and other things which all games in the past have brought us – except for Modern Warfare 2.

UPDATE (November 5)
Oh, there’ll be IWNet. I just setup the new MW3SA homepage.

When I play a game on the internet, I usually use the name Xifon. If you ask a PC gamer for Xifon, it’s possible that he/she knows the name. I once wrote a little piece of software which has been used by over 40.000 people, influencing a game called Call of Duty: Modern Warfare 2. The tool was called “Modern Warfare 2 Server Admin”.

Let’s go back a few months first. Back in the old days (before the tool) the game had a huge amount of cheaters, hackers, and other people nobody wants in public games. I didn’t like that. The day I bought the game there weren’t any cheaters. The second day there were, and it didn’t look like Infinity Ward, Activision or Valve were going to do anything about it.

So I decided that there had to be a way to somehow “kick” those players from the games. First, I had to figure out how the game worked. After a lot of research (actually in this case that just involved gaming a lot) I found out that Modern Warfare 2, while claiming to use Peer to Peer technology, actually used a client-server model for the actual games: when you launch the game, the game talks to IWNet to find a server (it’s a bit more complicated and actually does involve P2P) which it would join. If it couldn’t join any, it would tell IWNet that it would create its own server. IWNet would then send players to this server. Like I mentioned, it’s a bit more complicated, but that’s not really the point of this post.

To avoid confusion, I’ll now call this server the host. The host is the player who has been chosen by IWNet to be the server.

The client-server model has good things and it has bad things. Bad things include the fact that the host needs a fast connection, which explains the huge amounts of “lag” people can have in MW2 games. Good things include that it’s easy to make (for the programmers) and also easy to disrupt (in this case, for me). So, I did even more research (I gamed even more).

It took me a few days to figure out how the game communicates with the host. When a player joins a game it sends some information (classes, level, name) to the host. It took me a few tries but I managed to intercept this information via WinPcap. The big advantage of WinPcap is that it works on the Operating System level of Windows, not on the Application level. Basically this meant that VAC couldn’t detect it without major modifications. Since Valve hadn’t done a lot against cheaters by then, I assumed that it never would make those modifications. So far, I’m still right.

So by then I knew how the basic functions of the game worked. The next step was writing the actual first version of the tool. My development steps are usually very simple: research, develop, wipe everything and develop again without the v1 bugs.

The first version was very simple. I used a standard webserver, PHP and MySQL (if you’re not a programmer, this will most likely mean nothing to you) and wrote the first script. This took me a few hours and then I was ready to test. Note that this was before the big Steam update – the webbrowser in the game still sucked so I didn’t even consider using it – so I used my laptop to steer the application. It worked, I kicked one of my friends from the game and we all cheered (well, I did, can’t really tell about them. I never asked).

So then it was time for the version 2 of the application. I recently installed the new Steam update which came with a proper webbrowser so I knew that it would be easy. However, if I was going to make a tool which would work for everyone I wouldn’t be using a webserver, PHP and MySQL. This would take far too much time for the average user to install. I decided to learn C++ (it’s a programming language) for this task.

I split the program into three parts: the ban management system, the packet capture system and the web interface. I wrote them, and the program worked. I gave it to my friends, and while it worked a bit, it still had major flaws: in a lot of cases it wouldn’t display the names properly (like cut the last 3 letters of the name, etc) or simply not display them at all. Also, after a few rounds the list became cluttered with names of players who left a long time ago.

The fixes for this were pretty simple. I rewrote the code that parsed the packets so that the names got displayed properly, I wrote some code which tracked all IPs that communicated with the game and display them as unknown IPs, and I decided to put a timeout on each name. If no packet was received before the timeout expired, the player would be considered gone. This worked very well and the application was ready to be released.

Of course, I’m no idiot. I know that if you give a police man a gun, he’ll use it properly, but if you give that same gun to a homeless he might shoot you. I implemented a few safeguards: if there was an update available, the user would be forced to update or the application wouldn’t work. If I decided that the tool would be abused too much, I had to be able to stop people from using it, and since I’m not a cheater I didn’t want to be banned by it. I added these three measures in the application and gave it to my friends. They loved it, so it was ready to be released.

As you can see in the screenshot on Xifon.eu, it was still called MW2Fix by then. I decided to change the name to MW2SA, as it wasn’t really a fix but a tool. Me being lazy, I wrote a very quick page which introduced the application as a pre-alpha application. The page looked ugly and I didn’t expect a lot of people to view it. I posted it on 1 forum and I think I’ve seen about 10 downloads from that site. No feedback, so that was pretty useless. I decided to go a step further. I became a fair “moderator” in the game and if I was certain someone was a hacker, I kicked that person. If I was “lucky”, this happened about once per 3 matches, on Ground War this was 2 matches. The players, which had been calling the person a cheater for a few minutes, were always happy and loved to check out the tool I wrote. I got some feedback, made some minor improvements, and then did some updates.

What I didn’t expect was a huge amount of users to come out of nowhere. In a few days I had 50 users, and a few days later that was 100. You can call these people “early adopters” although I’d call them stupid for using a tool which wasn’t confirmed to be VAC-proof yet. Anyway, I pretty much dropped the project because it had too much bugs. Of course, since it worked perfectly on my own machine, I kept using it myself, and some of my friends did as well.

About a month later I checked back on the amount of users. It hadn’t been increasing a lot, but people were still using it. Another month later it passed the 200 daily users, and half a year after writing the application I had almost 1000 daily users! For a 17 year old kid that’s a lot, and to be honest it still is.

In that 6 months, I had gotten a lot of complaints from MW2 players about the tool, but also a lot of great feedback and compliments. I discussed the tool with a mod on the Steam forums and while I initially got a ban for mentioning the tool in two different topics (by then the user base was so large that it had been mentioned 50 times or something already) the mod unbanned me after deciding that he liked the tool (okay, I’m just making that up, but he did unban me). I posted some stats on the forum (in a post that was somewhat shorter than this one) and started a heated discussion about the tool. Of course, this topic eventually got closed because of the flamers, but I’ve seen a lot of good things in the topic.

However, in these 6 months I didn’t get a single mail, complaint, or anything else from IW or Activision. You might say “of course not” but consider what the tool did: 1000 users per day, average match with 10 players, 8 matches per day, is 8.000 “affected” matches per day for up to 80.000 players. Do they simply not care at all, or are they stupid? It wouldn’t take long to figure out that the tool uses a master server to check for permission to run and taking this server down would break the tool. They could have sent me an e-mail asking me to take down the tool. I would have done that (unless they immediately started throwing lawyers at me, lol). But they didn’t send me anything.

The tool is now 13 months old. I don’t have a good way to measure the amount of users (IPs change a lot) but judging by the statistics I can collect I think it’s somewhere around 40.000. A friend of mine, who still plays Modern Warfare 2 (I don’t) says that the tool gets abused a lot nowadays. This doesn’t surprise me: proper server admins would have hired a server for Black Ops (or Modern Warfare 1), and cheaters don’t have a lot of chances on that game (well, that’s what he told me, I’ve never played it after the major fail of MW2).

Ah, yes, the point of this post I’d like to apologize to all the honest players of MW2 who have got kicked by the people who manage to abuse this tool (the homeless, as I called them before, sorry if this insults some of you, it’s not intentional). I’d like to apologize to the non-honest players of MW2 who have managed to keep their addiction up by using a non-bannable tool. I’d like to apologize to Valve, for creating a tool that doesn’t allow VAC to ban it. I’d like to apologize to Infinity Ward for interfering with their game on such a large scale, and I’d like to apologize to myself for buying MW2.

I’m currently considering taking down the tool. Infinity Ward, please contact me. Thanks!

Tom
aka Xifon

So every developer who develops an application for Twitter gets these secret keys. Yes, that means that they are secret. And it means that they are supposed to stay secret. When you accidentally give away these keys by putting them in your application unprotected, Twitter HQ will revoke these keys and your application will stop working. Which is bad. However, Twitter only seems to be enforcing this policy on the smaller developers, not the big ones. I have keys stored on my hard drive for several applications – including Itsy, Twitter for iPhone, Twitter for iPad and Twitter for Mac. Yes, really, Twitter doesn’t even protect its own keys. In the case of Twitter for Mac, you can simply open your favorite text editor, search for “consumersecret” (or something like that) and you’ll see an Objective-C function that simply sets the secret. You then simply place a breakpoint on that function with your favorite debugger (in my case `gdb`) and you have the key in less than 5 minutes of work. Yes, that does include download time.

For a lot of secret keys that’s no big deal. The only thing they do is confirm that it’s actually your application sending the requests and not some random API client. For bigger websites which store user secrets in a cookie, it means that you could get access to their accounts by stealing the cookies (although if the cookies were that easy to steal it probably wouldn’t have been too hard to login to that website as the specific user, but okay). However, for the bigger desktop clients (including the 4 I named earlier in this post) it’s a problem: xAuth. Basically xAuth is a system that allows an API client to exchange an username and password for a set of tokens, which can then be used to make API calls. You’d think “so?”, but that’s actually a big vulnerability. Not too long ago a large website (I forgot its name) leaked all of its usernames and passwords. With the normal OAuth 1.0 authentication flow it would take the hackers ages to try every single one of those usernames on Twitter, but with xAuth it’s really simple. After all, that’s what xAuth is for.

But there’s still one more issue: xAuth itself. I believe that it’s too easy to actually get xAuth approval from Twitter. Sure, you have to e-mail api@twitter.com and sometimes you even have to include a screenshot of your app, but it’s fairly easy to just open Interface Designer (or the Microsoft equivalent) and design an interface, make a screenshot of it and mail it to Twitter. They’ll give you xAuth approval, and you can convert your username/password database (which you didn’t obtain properly) to tokens. My own application, ΞTweet, also has xAuth approval. It’s an easy way, sure, but I don’t need it. I could implement a custom xitweet:// URL scheme to do the OAuth dance. It surprised me that Twitter HQ actually granted my request, because you’d think they know that a desktop application doesn’t actually need xAuth.

But somehow I don’t think that Twitter HQ will actually listen to this blog post. After all, they’ve also chosen to do things the easy way, instead of doing things the proper way. And if they do it, why shouldn’t the rest?

Tom

Leuk jaartje weer. 2010 bedoel ik dan hè, over 2009 zal ik het niet hebben en 2011 moet nog komen. Het was het jaar waarin ik mijn eerste èchte laptop kocht, het jaar waarin ik voor het eerst heb gesolliciteerd voor een baan en het jaar waarin ik naar een nieuwe school ging. Het was ook het jaar waarin ik eindelijk weer eens het land uit geweest ben, het jaar waarin voor het eerst een van mijn projecten dagelijks door bijna 1000 gebruikers werd gebruikt en het jaar waarin ik veel nieuwe vrienden heb gemaakt.

Maar in dat jaar zijn ook negatieve dingen gebeurd. Ik ben van school geschopt vanwege lage cijfers (inmiddels gaat het goed op de nieuwe school), ik ben helaas bij twee projecten niet in staat geweest op tijd mijn opdracht te voltooien, en ik ben niet al mijn goede voornemens nagekomen (maar dat doet toch niemand?).

In het afgelopen jaar ben ik meerdere projecten gestart, en sommige projecten lopen nog uit het jaar daarvoor. Een project dat zeker even genoemd moet worden is ΞTweet (spreek uit als XiTweet). Dit kleine Twitter-programmatje is gemaakt zodat ik kon Twitteren op mijn laptop zonder een groot programma als TweetDeck te gebruiken, maar tòch nog mijn lijsten enzo kon gebruiken in een kolom-gebaseerde interface. Dit programma is inmiddels al zo ver gevorderd dat deze skinbaar is met “CSS”, meer kan dan alleen Twitter, maar is eigenlijk alleen nog maar voor eigen gebruik.

En daarom ben ik van plan om, net als vorig jaar, weer een lijstje goede voornemens te schrijven. Maar, voordat ik dat doe, analyseer ik eerst de goede voornemens van 2010.

• “Minder computeren” – Ik kan wakoopa niet meer vertrouwen omdat ik inmiddels werk met 2 computers (en dat telt dus dubbel) maar ik denk niet dat deze gelukt is. Dit is ook omdat ik op school altijd een laptop voor me heb, en thuis niet echt veel veranderd is.
• “Hobby’s” – Mislukt
• “Gedrag” – Gelukt, zonder problemen.
• “Sociaal” – Ook wel redelijk gelukt.
• “Werk” – Geprobeerd maar ik heb het gevoel dat dat niet meer lukt in 2010
• “School” – Ik ben van school geschopt, dus nee, deze is niet gelukt. Inmiddels gaat het al beter.
• “Games” – Redelijk gelukt, behalve de afgelopen dagen, maar het totaalbeeld is netjes.

Kijkende naar de voornemens van vorig jaar en wat ik eerder heb aangegeven, kom ik op deze goede voornemens voor 2011:

• (nog) Meer aan school doen.

En eigenlijk is dat ook het enige. Opzich zou het leuk zijn als ik in 2011 een vriendin krijg, al is dat een apart goed voornemen.

Aan al mijn bloglezers: gelukkig nieuwjaar!

–
Tom

Waarom?
Net zoals vorig jaar zat ik te twijfelen of ik mee zou doen of niet. Het was erg gezellig, maar toch ook wel “saai”. Op de laatste schooldag voor de vakantie kreeg ik echter een tweede reden om mee te doen (weten dat veel vrienden ook mee gaan doen helpt!) en heb ik mij ingeschreven.

Wat vond ik er van?
In 1 woord: helemaal geweldig. Ik ben zo’n regel-persoon, zo’n persoon die van de ene plek naar de andere schiet om alles te regelen en toch een overzicht te houden. Natuurlijk is dat vrij lastig met 1300 man die verspreid over 4 sessies langs komen, en andere mensen die ook hun best doen alles te regelen niet voor de voeten lopen is ook niet makkelijk, maar juist dat maakt het leuk: de complexiteit en tegelijkertijd de simpelheid. Ik vind het overigens ook heerlijk om gewoon lekker door de school (en bijgebouwen) te rennen om snel eventjes iets te regelen. HEERLIJK gewoon.

Conclusie
Ik vond deze dagen gewoon zo heerlijk, dat zelfs als het 10 euro zou kosten om mee te doen, ik het betaald zou hebben. Volgend jaar sowieso weer. =) Al zou ik het wel fijn vinden als ik een iets meer organisatorische rol krijg, want het grootste deel van de tijd moest ik gewoon achter een leraar aan lopen, en that’s it. Ook wil ik volgend jaar niet voor een vak (informatica ofzo) staan, want dan regel ik al helemaal niks meer. Volgend jaar dus sowieso weer!

Tom

Foto’s zijn klein gehouden om privacyredenen.

• Minder computeren. Wakoopa.com/tvdw zegt op het moment dat ik sinds 22 maart 2009 (omgerekend) 2505 uur heb gecomputerd. Dat zou betekenen dat ik sinds 1 januari 2009 (ongeveer) 3615 uur heb gecomputerd. Ik schrik daar van, maar ik reken eventjes verder. 3615 uur over 52 weken is zo’n 70 uur per week, 10 uur per dag. Totaal zitten er in een jaar 8760 uren. Het lijkt me toch dat ik mijn computer-tijd wel kan verminderen met tenminste 25%?
• Hobby’s. Ik ben, zoals hierboven genoemd, bijna een dubbele werkweek bezig met computers, en dat is toch wel veel te veel. Als ik minder wil gaan computeren moet ik dat opvullen met iets anders. Zo zou ik erg graag gitaar leren spelen (en nu echt ^^) en ook wil ik een oude hobby, boeken lezen, weer oppakken. Dit heb ik eigenlijk al anderhalf jaar niet meer gedaan: sinds ik mijn mooie laptop heb. Ik was tevens van plan binnenkort een nieuwe computer te kopen, doe ik bij nader inzien toch maar eventjes niet.
• Gedrag: In 2009 heb ik altijd nee gezegd tegen elk glas alcohol dat mij aangeboden werd. Best dom, eigenlijk. Ik weet van mijzelf dat ik mijzelf kan beheersen als het gaat om het consumeren van schadelijke stoffen (chips enzo ^^) dus een klein beetje alcohol kan geen kwaad. Ik ga het jaar in met 3 glazen champagne, niet meer en niet minder.
• Sociaal: Ik kan zeker een paar echt goede vrienden gebruiken. Meer socializen met anderen dus.
• Werk: Ik neem een baan. Niet voor het geld, maar voor het ontwikkelen van vriendschappen etc.
• School: Ik kan zeker beter mijn best doen, en ik weet dat het zal moeten, zelfs al vind ik het nutteloos.
• Games: Ik game te veel, ik ga minder gamen. Ik kijk hierbij naar een goede vriend: Bob Droog.

Dat is ‘t wel zo’n beetje. Ik weet nu al dat de meeste van bovenstaande dingen niet gaan lukken, maar ik ga het proberen!

Tom

Basically, you are a part of the US Army and fight a battle against the Russians. Not just the Russians but the Russian Terrorists. In the second (or was it third?) part of the game, you go deeply undercover (in a very cruel scene) and infiltrate the terrorists. You kill dozens of civilians and it’s really unethical. In the end you get killed by one of the terrorists, and they get away.

It’s very clear that the most important quote in the game is “History is written by the victors”. This is said on the intro, and the developers even dedicated a complete mission to it, where you have to kill the person telling lies about what happened and get it all right. After all, when you kill that person, you are the victor, and then you are the one writing history, right?

What makes it even more clear that that the most important thing is, is the fact that, in the credits, you are in a museum. You go through all places you have been through. At first you wouldn’t notice, but slowly you will notice that things look better than they were. For example, there’s a part of the museum dedicated to the scene where you were trapped in a chamber that would explode in 10 seconds. This part is true. However, the museum displays it as 2 persons being constrained with ropes on chairs, with a 10 second timer behind them. In the real (it’s just a game, I know) version, they weren’t constricted to chairs and they got out very easily.

Another example is the terrorist scene I mentioned a bit above. Basically the most failing mission in the game (you failed because you got killed, it’s not about the quality of the game here!) was pictured as a great victory, and all the civilians that were killed there was unavoidable.

It was just a game, I know. But don’t forget that games can get really close to reality, not only by graphics. I’m no expert, but I think that a part of this game is targeted at getting people to realize that what is published, is not always true. And, to be honest, I think they are right. History is written by the victor.

Tonight as well. My last tweet was about me needing a Bashir-62. It’s a Star Trek “holo-program”. Then I realized I needed some time away from my life. I ended the tweet with #FML (Fuck My Life).

But the thinking had only just started. I have a German test tomorrow and haven’t found the motivation to learn for it, so I will fail the test. I must admit that it’s pretty much the same with my math test tomorrow, but I’m rather good at math so it shouldn’t really be that much of a problem.

I ended up thinking about why I have motivational problems. Why do I go to school? It’s the law. Why are the only other people at school who have motivational problems, your friends? Now that’s a good question. Most of them are computer-geeks. How did they end up as computer geeks? I guess they didn’t have anything better to do.

And the answer to that question made me realize a possible cause of my motivational problems. All my days are the same. I go to school, then stare at a screen for a few hours, sleep. Next day, the same. And the next day, the same again. In the weekends, it’s the same, except for the school part. It’s always the same.

Isn’t it obvious what the problem is? I clearly don’t have something to look forward to. A school vacation perhaps, but that’s just staring at my screen for 16 hours a day and that gets boring very quickly. No, I need something special.

You could ask me: What do you want? Well, I don’t know. A vacation to a far country? Not alone, and not with my parents either. I kept asking myself that question for over 15 minutes, and I think I know the answer: I am lonely.

Basically, what you expect from a web-store like the iTunes store, is that it will automatically re-download the songs you had before you cleaned your PC. I mean, if Steam can do this with games of 5 GB, it shouldn’t be too much of a problem for Apple with songs of about 3 MB-. Sure, we are talking about a lot more songs than games, but I don’t think many people buy 5 GB off the iTunes store.

So, I logged into my iTunes this afternoon, after installing iTunes again, and I clicked “Check for available downloads”. It told me I already had all songs! Well, in my Purchased tab, I only saw one song, and that was a free song I downloaded from the iTunes Store because I wanted to test something. So, I checked the iTunes FAQ and it told me I would have to backup all my songs!!

Isn’t it ridiculous that I have to re-buy all my songs again? Is it really too much that I expect the iTunes Store to re-download my purchases after I re-install my computer? Steam does it. The EA download manager does it. Battle.net does it. And a way bigger company called Apple can’t do something as simple as this?

They force us to have DRM on the songs we purchase. They force us to backup everything we buy, but we can’t burn them on CDs if we want to listen to them. They can only be on five computers at the same time, and if you accidentally forget to deauthorize your computer before re-installing your PC, you can only have four computers at the same time. The iTunes Store really limits what you can do with the music.

I don’t think I’ll ever buy off the iTunes Store again. I will resume my old habits of downloading them from Usenet and Torrents, and if I respect the author well enough, I will make a donation to them. Sorry Apple folks, but it’s 2009 and this kind of trickery isn’t wise.

Our climate is changing. Probably even more than we know. Many of us know we have to do something about it. The country I live in, The Netherlands, is already making some laws to “help” us, by, for example, prohibiting sale of the old-style light bulbs, in favor of LED lights. Which is good.

But it is not our lights that use a lot of energy. It’s the big companies, who use most of it. And, with computers usually generating the worst energy consumption, it is the IT sector which should change.

Computers in homes and companies: People have them active even when they don’t need them. Each morning they get turned on to check the e-mails, to be turned off when people go to bed. And with a total of about 1.6 billion internet users (source), this uses a lot more than is necessary.

In data-centers, the same happens. Servers are active all the time. However, that is the idea of a server, so it is acceptable. The energy consumption of these may be reduced, but that is not the main issue. The temperature of the average data-center is kept at about 20 degrees Celsius. This is not needed: Servers will perform just as well if they raise this temperature to 30 degrees Celsius. System admins will not like that, which is why it is currently 20 degrees Celsius. But wouldn’t 25 degrees be a better option? It could save lots of energy, because data-centers would have to be cooled less.

Also an option, which I decided to do, is put the servers in “green” data-centers. While everyone knows this doesn’t mean the data-centers are green-c0lored, and it doesn’t mean that it’s 100% climate-neutral, it’s better than the average data-center. The data-center the server of this blog is in, for example, cools the data-center from air from the outside. Since it is a Dutch data-center, it means that the air compressor can be turned off 40% of the time. Also, the power to the data-center is “green”: Produced only with sustainable energy such as wind, sun and biomass.

There are still a lot of things that need to be changed. Now would be a good time.