[MUD-Dev] Re: Alternate UOL's

Felix A. Croes felix at xs1.simplex.nl
Sat Jul 11 14:56:36 CEST 1998


J C Lawrence <claw at under.engr.sgi.com> wrote:

> This is by no means the only attempt, but it seems the most advanced
> of what I've seen to date:
>
>   URL:http://www.warzone.com/~uor/

What are your selection criteria for "advanced"?  I see a lot of
strutting and posing, but no server to back up his claims.

I found another one that includes GPL'ed server source:

    http://uox.stratics.com/files.html

I just verified that this actually works (after fixing some bugs).


> The attemps to clone UOL are already underway, tho I see little to no
> analysis of what it is about UOL that they want to copy.

Don't forget that most people who want to run a (non-commercial)
mud pick a stock mud because it is easier than writing one yourself.
And a graphical mud is certainly more imposing than a text-only mud.
Tellingly, the makers of UOX seem prefer adding special GM commands
over making the simulation more accurate.

Imitation is the most sincere form of flattery, but...  Raph, what
is Origin's position concerning the UO server clones?

This sort of thing would be much more difficult if public key
encryption is used to authenticate the server:

The client uses public key E to encrypt, and the server uses private
key D to decrypt.  Initially, the client creates random number M,
seeding the random number generator with hardware timings (for
instance, the number of miliseconds needed to preprocess one of
the .mul or .idx files, which depends on harddisk speed).  M is
encrypted with E, resulting in encrypted message C, which is sent to
the server.  The server decrypts C using private key D resulting in M,
which is sent back to the client.  The client verifies that the
response is M.

To use the client for a clone server, tricky things now have to
be done on the client side rather than the server side: the client
has to be persuaded to generate a M that is the same each time,
or the client has to be patched to accept any response from the
server, or the TCP connection has to be hijacked and redirected
to a clone server after the client authenticates itself with a
genuine server.  In any event, it would do much to stop the
casual use of clone servers that is now possible.

Felix Croes




More information about the mud-dev-archive mailing list