Recent Posts

1

Projects / Re: OP2 Mission Hub

« Last post by TechCor on Today at 01:19:50 AM »

Of course, we don't currently have a whole lot of content to distribute. In that regards, this might not be the most impactful use of time. On the other hand, not being able to easily distribute content can create an extra barrier that may discourage creating new content.

Yes, this has kind of been the goal from the beginning - to reduce friction for content creators. The hub also has the side-benefit of reducing friction for players that want to play custom content.

--
Before you posted, I was thinking about allowing "uncertified" uploads that admins could "certify", and this would be reflected on the mission summary. Sort of like a "seal of approval". The certification would change its status from "high-risk" to "trusted". By default, untrusted missions could be hidden from the list. For edits by the author, the certification would either be reset, or put into a "pending approval" state where the old version is still available.

However, as you pointed out, you really need source code and certainty that the DLL was compiled from it to really be sure a DLL is safe.

Perhaps the system won't allow direct DLL uploads, but instead require specifying a GitHub link. A first release could be a completely manual review process, where the admin builds and uploads the DLL and certifies the mission. Future releases could automate creating and uploading the DLL, if it's deemed worth it. I doubt reviewers will be overwhelmed.

Other file types are probably safe to upload as part of the mission without certification. Pre-approved types would be .map, .opm, .txt.

--
For clarity, content uploading, certification, and administration would all be done through the Hub interface, but code review and compilation would not.

2

Projects / Re: OP2 Mission Hub

« Last post by Hooman on February 18, 2020, 07:32:25 PM »

I like the idea of a central hub to download new missions from.

I've noticed a similar trend with programming languages, where having a central repository for libraries and associated dependency management tools can really help quickly increase the usability and popularity of a language.

Of course, we don't currently have a whole lot of content to distribute. In that regards, this might not be the most impactful use of time. On the other hand, not being able to easily distribute content can create an extra barrier that may discourage creating new content.

Excluding missions with binary DLLs seems like a real hindrance. For such a system to be really useful, I think we need some way to allow binary distribution for DLLs.

One way we might approach security, is to somehow sign each version of the DLLs, so people can know who wrote it, and who declared it to be safe. That sort of matches how things are informally done now. Custom missions have started being packaged into the game download. For missions to be included in the game download, people responsible for packaging the download have to accept them, which generally implies a certain degree of review. We don't currently have a very formal vetting system, though mostly missions that are included are from long time members who have been around for years, and have accumulated a certain amount of trust. Source code helps with that.

If a new member wishes to distribute something, and they are unknown, they could potentially ask a long time member to review it, and sign off on a review. Before a level is downloaded, the user can be presented with summary information, such as who the author is, how long they've been a member at OPU (if at all), and who signed off on review (along with how long they've been a member). We could also present a link to the source code.

For review purposes, we might require the mission have source code posted on GitHub. That may increase the effectiveness of review. It may also increase the safety, as the binaries could then be built on independent Continuous Integration servers, based on the source code that was checked in to GitHub. That way the binary matches up with the source code provided for review. We could even manage this through GitHub releases, where the Continuous Integration servers publish the binary as a new release on GitHub. That could effectively be our central store for distribution purposes.

Anyway, that's a rough idea I have for how things could potentially be managed. It still needs details on how the list of missions is collated, how binaries are signed, and signing them without disturbing a release by trying to add new files to it (which could affect signing), how to revoke signing should a problem be discovered after the fact, and how users might be warned of newly announced problems.

Another part of that is Continuous Integration builds can also scan the code for potential problems, using linters, compiler warnings, or virus scanning of the result, and potentially auto signing for basic safety.

3

Outpost 2 Programming & Development / Re: When to switch to VS2019 toolset

« Last post by Hooman on February 18, 2020, 07:01:58 PM »

Sweet. Always nice to see things modernized.

4

Projects / Re: OP2 Mission Hub

« Last post by lordpalandus on February 18, 2020, 04:24:32 PM »

DLLs are a security risk sure, but as Outpost 2 is a cult classic with a small following, what level of risk is there really?

If there was a concern over infected DLLs, then someone could test that DLL in a virtual machine, and if it was infected, then it would be contained within the virtual machine. Otherwise, I think people can trust their fellow poster not to screw them over.

Now, if this was a mainstream title, like Call of Duty, I think there would be a serious concern over an infected DLL, but I don't see anyone going to the trouble here.

5

Projects / Re: OP2 Mission Hub

« Last post by TechCor on February 17, 2020, 10:09:04 PM »

Yes. I've been thinking about this.

The main issue is letting random people upload DLLs, but this can probably work with a separate curated system.

It could be possible to have a separate "DLL Mission" tab for curated DLLs that are placed by a server administrator. The mission details could include additional information such as the server providing the mission, the fact that the mission comes with a custom DLL, and that it is a potential security risk. Then, when choosing to download, have a confirmation dialog that the user trusts DLLs coming from "Outpost2.net" or whatever.

The topic of how the new editor's "scripting" works is a bit complicated, and I'd rather explain it in the other thread when it's released. I don't doubt that it will not be able to do everything, but it is certainly more than a skirmish editor. I intend to make a sample mission to show off its capabilities (and test it). The style is similar to StarEdit, but with a lot more options.

6

Projects / Re: OP2 Mission Hub

« Last post by Sirbomber on February 17, 2020, 09:36:57 PM »

The app would be restricted to missions created with the OP2 Mission Editor as DLLs are a security risk.

A custom mission database that disallows 100% of all custom missions created up until now?  Why bother?  No disrespect but while your new editor has an impressive UI and is far more stable than the old OP2Mapper ever was and will be great for setting up quick little skirmish maps, I doubt it will ever be able to replace the way we do things now.  How would you implement something like this through your script editor?

Code: [Select]

// Propagators effect
    Unit P;
    PlayerVehicleEnum Propagate(6);
    while (Propagate.GetNext(P))
    {
        if (P.GetType() == mapScorpion)
        {
            // Get all player-owned units adjacent to the current Scorpion
            Unit newP;
            LOCATION ploc = P.Location();
            LOCATION Adjacent[8] = {LOCATION(ploc.x-1,ploc.y-1),
                                    LOCATION(ploc.x  ,ploc.y-1),
                                    LOCATION(ploc.x+1,ploc.y-1),
                                    LOCATION(ploc.x-1,ploc.y  ),
                                    LOCATION(ploc.x+1,ploc.y-1),
                                    LOCATION(ploc.x-1,ploc.y+1),
                                    LOCATION(ploc.x  ,ploc.y+1),
                                    LOCATION(ploc.x+1,ploc.y+1)};
            for (int i = 0; i < 8; i++)
            {
                int pCType = GameMapEx::GetTileEx(Adjacent[i]).cellType;
                if (pCType == cellNormalWall ||
                    pCType == cellMicrobeWall ||
                    pCType == cellLavaWall)
                {
                    GameMapEx::GetTileEx(Adjacent[i]).wallOrBuilding = 0;
                    GameMapEx::SetCellType(Adjacent[i],cellDozedArea);
                    TethysGame::CreateUnit(newP, mapScorpion, Adjacent[i], 6, mapEnergyCannon, 0);
                    newP.DoSetLights(1);
                }

                else
                {
                    UnitEx ontile;
                    ontile.unitID = GameMapEx::GetTileEx(Adjacent[i]).unitIndex;
                    if (ontile.unitID != 0 && ontile.OwnerID() != 6 && ontile.IsLive())
                    {
                        if (ontile.IsVehicle())
                        {
                            ontile.DoPoof();
                            TethysGame::CreateUnit(newP, mapScorpion, Adjacent[i], 6, mapEnergyCannon, 0);
                            newP.DoSetLights(1);
                        }
   
                    }
                }
            }

        }
    }

7

Projects / OP2 Mission Hub

« Last post by TechCor on February 17, 2020, 06:21:32 PM »

An idea I've been thinking about for a while:

A new application called the "OP2 Mission Hub".

This would be a way to share missions by uploading your ".map" and ".opm" files along with a name and description. It would probably require a login as well as administrative capabilities for curating spam/inappropriate content. The app would be restricted to missions created with the OP2 Mission Editor as DLLs are a security risk.

On the player side of things, the app would list all missions on the server, with some filters for selecting content. This wouldn't require login. The app would generate the minimap images asynchronously, possibly during scroll. Essentially, it would download the mission files into RAM for generating the minimap.

When you choose to download the mission, the appropriate DLL is generated and the files are copied to your game directory. The app will auto-detect the mission in the game directory, and show a "delete" button for removing it.

For backwards compatibility, I will likely have the missions report which SDK version they use. The SDK DLLs will have the version number in the name so that you can have more than one in the game directory at a time. The DLLs could either be stored on the server (easier to update without changing the application), or stored in the hub app until a copy is needed.

There will be a config file for selecting the mission servers. Maybe outpost2.net will host it.
The server side will be written with PHP/mySQL.

This is currently how I envision this. It is still in the design phase, and it won't be worked on until the mission editor is finalized.

8

Outpost 2 Programming & Development / Re: When to switch to VS2019 toolset

« Last post by Vagabond on February 16, 2020, 04:36:58 PM »

Cool,

I've started updating the different projects for the new toolset. No major issues so far..

-Brett

9

Outpost 2 Programming & Development / Re: When to switch to VS2019 toolset

« Last post by Hooman on February 14, 2020, 08:16:39 PM »

Yeah, I've already gotten used to VS2019 for CI builds.

Have at it.

10

Projects / Re: Cross Platform Outpost 2 Utility Library

« Last post by Vagabond on February 14, 2020, 07:49:32 PM »

TechCor,

I just created a Pull Request for OP2Utility that should fix the issue. https://github.com/OutpostUniverse/OP2Utility/pull/334

-Brett