• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

FerumbrasBOT - Development thread

Nekiro

Legendary OT User
TFS Developer
Joined
Sep 7, 2015
Messages
2,496
Solutions
113
Reaction score
1,747
Why isn't it open source if you want to help community?
People cannot use it as a base to create something on their own for example. I would strongly recommend putting this on github.
I see no reason to keep it private, if you offer it for free.
 

atef201080

Member
Joined
Aug 16, 2009
Messages
27
Solutions
1
Reaction score
17
Yes, but your tone and attitude is disgusting. There's no need to be so aggressive to someone making something useful that "you have no intention of using".

Or maybe just ask for those features, instead of just attacking the creators. It'll probably return better results.
His concerns are valid, I wouldn't give that kind of access to a random on any of my private projects, I recommend you doing the same.
 

Alpha

Relentless
Premium User
Joined
Apr 3, 2011
Messages
649
Solutions
35
Reaction score
446
Location
South Korea
Do it, it would be a great contribution for the opentibia community and it will help the rest, thanks from now!

Edit: Why you've edited your post?, posting your files wouldn't be enough to cover that selfhost require that you have for the rest of the community?
Because I posted it before adding the last line, why else? Ask a mod for the edit history if you want to.
And no, my bots won't be enough, because of multiple reasons:
  1. Each of my bots serves a single, specific purpose, they were not designed to be multifunctional allrounders or deal with user commands
  2. Mine don't use this new API, they were made long (years) ago, using database polling on a memory table
  3. It's not going to change the fact that you still keep yours closed source and for some reason want full control over everything that goes through it, why are you trying to shift the attention away from releasing your own?
I don't get why you're trying so hard to avoid releasing the code, very suspicious

The help channel bot is there now, might refactor the server event bot later, because it's in TypeScript, without really making any use of the language, and that would just complicate things for people.
 
OP
OP
ayusutina

ayusutina

Banned User
Joined
May 10, 2013
Messages
127
Solutions
3
Reaction score
101
Because I posted it before adding the last line, why else? Ask a mod for the edit history if you want to.
And no, my bots won't be enough, because of multiple reasons:
  1. Each of my bots serves a single, specific purpose, they were not designed to be multifunctional allrounders or deal with user commands
  2. Mine don't use this new API, they were made long (years) ago, using database polling on a memory table
  3. It's not going to change the fact that you still keep yours closed source and for some reason want full control over everything that goes through it, why are you trying to shift the attention away from releasing your own?
I don't get why you're trying so hard to avoid releasing the code, very suspicious

The help channel bot is there now, might refactor the server event bot later, because it's in TypeScript, without really making any use of the language, and that would just complicate things for people.
We already discussed with you yesterday on prívate and it looks like you don't want to help instead, we offered you solutions about the problems that you are actually giving and it seems like instead helping you are just here hating.

All of the security concerns also doesnt need the code released for free, soon as the direct code execution is done by evil hero or someone else, it would need the API that we designed, it will be in github, feel free to be still hating, until now you have done nothing for the community
 

Michael 4463

Premium User
Premium User
Joined
Nov 15, 2007
Messages
762
Solutions
5
Reaction score
273
Location
Santiago, Chile (Australian)
We each choose who we trust and with what we trust them with.
  • Obviously there should be protections and clear control in the implementation of the api - So you're pretty much trusting them with the same abilities that a standard-issue gamemaster might have.
  • Not everything provided for free needs to be open source too. Providing a free service can be a marketing tool for providing a paid service (not saying that is the case here). This can be true for open source too, but not so much if somebody goes all FerumbrasBOTv8 on you.


btw @Alpha the ascar.us icon in your signature is 0.5 pixels off-center. You're killing me man.
 
OP
OP
ayusutina

ayusutina

Banned User
Joined
May 10, 2013
Messages
127
Solutions
3
Reaction score
101
His concerns are valid, I wouldn't give that kind of access to a random on any of my private projects, I recommend you doing the same.
Not at all, we offered some solutions and we asked for some suggestions, alpha just looks like a random hater, we never reached a solution or a way to avoid what he is saying (instead we offered a lot of ways to limit our access to your server making the api better), if you also got suggestions on how we can do it better, count with us
 
Last edited:

Evil Hero

Legacy Member
TFS Developer
Joined
Dec 12, 2007
Messages
1,236
Solutions
25
Reaction score
647
Location
Germany
I really like this idea, but you kinda misunderstood what the intention is behind the lua api.
Instead of letting your bot connect directly to the tfs server it should connect to the self hosted api of the server (which acts as the middle man) and verifies all traffic going in and out.
That way we add authentication and such.
example picture:
luaapi2.png
You are basicly trying to do the first which is actually a no go due to security.
I'll sit myself down with a few web devs and try to make one standard API which your bot can connect to with either http / socket / or whatever else is preferable, which then converts and verifies the data which will be send to tfs then, the only thing your bot has to provide then is the lua file.
 
OP
OP
ayusutina

ayusutina

Banned User
Joined
May 10, 2013
Messages
127
Solutions
3
Reaction score
101
I really like this idea, but you kinda misunderstood what the intention is behind the lua api.
Instead of letting your bot connect directly to the tfs server it should connect to the self hosted api of the server (which acts as the middle man) and verifies all traffic going in and out.
That way we add authentication and such.
example picture:
View attachment 59463
You are basicly trying to do the first which is actually a no go due to security.
I'll sit myself down with a few web devs and try to make one standard API which your bot can connect to with either http / socket / or whatever else is preferable, which then converts and verifies the data which will be send to tfs then, the only thing your bot has to provide then is the lua file.
I would be happy on colaborate doing that soon as the final result is still being released, the plan with the project as ive stated before it's a solution
 

Alpha

Relentless
Premium User
Joined
Apr 3, 2011
Messages
649
Solutions
35
Reaction score
446
Location
South Korea
We already discussed with you yesterday on prívate and it looks like you don't want to help instead, we offered you solutions about the problems that you are actually giving and it seems like instead helping you are just here hating.

All of the security concerns also doesnt need the code released for free, soon as the direct code execution is done by evil hero or someone else, it would need the API that we designed, it will be in github, feel free to be still hating, until now you have done nothing for the community
A public Discord server with over 200 members is not private. I did indeed not plan on helping, apart from preventing another OTCV8 scenario. I voiced some ideas, but also the facts for why they won't make it into the final version. Now Evil Hero told you the same thing about the security as I did, and when he says it you seem to accept it. Also you asked me to release the bots, and so I did, yet here you are telling me I did nothing for the community. ¯\_(ツ)_/¯
At this point you just seem like a little butthurt child that's about to run to mommy because someone stole your lollipop.
 
OP
OP
ayusutina

ayusutina

Banned User
Joined
May 10, 2013
Messages
127
Solutions
3
Reaction score
101
A public Discord server with over 200 members is not private. I did indeed not plan on helping, apart from preventing another OTCV8 scenario. I voiced some ideas, but also the facts for why they won't make it into the final version. Now Evil Hero told you the same thing about the security as I did, and when he says it you seem to accept it. Also you asked me to release the bots, and so I did, yet here you are telling me I did nothing for the community. ¯\_(ツ)_/¯
At this point you just seem like a little butthurt child that's about to run to mommy because someone stole your lollipop.
We asked you for suggestions and you just trashed the evil hero commit and for as far i've heard about you, you only are hating projects randomly (because you didn't told us any idea more than do it by yourself when we asked your colaboration), you should check your own mental health buddy. My thoughts haven't changed since the start and my posts can tell it, we're actually offering ways to mitigate the "security problem" as we already did a suggestion yesterday.

You? I don't see your github links to see all of your tools

Edit: poor way of doing your code with SQL sentences, i already see the spam of people chatting and the bot delayed to handle those queries xD
 

Alpha

Relentless
Premium User
Joined
Apr 3, 2011
Messages
649
Solutions
35
Reaction score
446
Location
South Korea
We asked you for suggestions and you just trashed the evil hero commit
Not really, all I said was that the maintainers (Don in this case) don't want it to be going into master in it's current state, they want it to be remade with a proper protocol

i've heard about you, you only are hating projects randomly
I don't, but it's also irrelevant to me what you, or anyone for that matter, may think

because you didn't told us any idea more than do it by yourself
I told you a few ideas, and I didn't say do it yourself. I was saying they'll probably trash the PR in this state anyway and remake it. I don't see a reason to help "completing this PR" when it's all going to be overhauled soon anyway. Apart from that, again, I personally don't care much for this API, so why are you expecting me to devote all my time to that? The only thing I did care about was your bot model being a man-in-the-middle attack and a security risk to every server owner that uses it in this state.

You? I don't see your github links to see all of your tools
They are where I said they would be going this morning, edited into an earlier post.

poor way of doing your code with SQL sentences, i already see the spam of people chatting and the bot delayed to handle those queries xD
That already tells me enough about your technical abilities, as you don't seem to understand it's doing 1 asynchronous query each 2 seconds from the bot's side, to fetch all current messages. It then sends a channel message to Discord, which, if even, would be held up by the Discord.js library, due to Discord's rate limits at which you can send bot messages (spoiler alert: you're very likely never going to hit that rate limit Discord Developer Portal — API Docs for Bots and Developers (https://discord.com/developers/docs/topics/rate-limits#:~:text=All%20bots%20can%20make%20up,per%20second%20during%20normal%20operations).). And from the game server's side it's adding the help channel message to the memory table using an asynchronous query, hence it's not holding the game thread up at all. Furthermore, the database tables use the MEMORY engine, hence it will never write any of this data to disk and is fast. Sure, it could be improved architecturally by e.g. combining the 2 database tables into 1, but yeah, whatever, it's years old code, as I said. A pub/sub architecture would be nicer (albeit just as irrelevant to the server load as the memory table), but you're not gonna get that without adding a dependency to the game server.

Honestly, talking to you anymore is a waste of time, you don't seem to have a grasp of neither security, nor much technical knowledge. I'll not reply again.
 
OP
OP
ayusutina

ayusutina

Banned User
Joined
May 10, 2013
Messages
127
Solutions
3
Reaction score
101
Not really, all I said was that the maintainers (Don in this case) don't want it to be going into master in it's current state, they want it to be remade with a proper protocol


I don't, but it's also irrelevant to me what you, or anyone for that matter, may think


I told you a few ideas, and I didn't say do it yourself. I was saying they'll probably trash the PR in this state anyway and remake it. I don't see a reason to help "completing this PR" when it's all going to be overhauled soon anyway. Apart from that, again, I personally don't care much for this API, so why are you expecting me to devote all my time to that? The only thing I did care about was your bot model being a man-in-the-middle attack and a security risk to every server owner that uses it in this state.


They are where I said they would be going this morning, edited into an earlier post.


That already tells me enough about your technical abilities, as you don't seem to understand it's doing 1 asynchronous query each 2 seconds from the bot's side, to fetch all current messages. It then sends a channel message to Discord, which, if even, would be held up by the Discord.js library, due to Discord's rate limits at which you can send bot messages (spoiler alert: you're very likely never going to hit that rate limit Discord Developer Portal — API Docs for Bots and Developers (https://discord.com/developers/docs/topics/rate-limits#:~:text=All%20bots%20can%20make%20up,per%20second%20during%20normal%20operations).). And from the game server's side it's adding the help channel message to the memory table using an asynchronous query, hence it's not holding the game thread up at all. Furthermore, the database tables use the MEMORY engine, hence it will never write any of this data to disk and is fast. Sure, it could be improved architecturally by e.g. combining the 2 database tables into 1, but yeah, whatever, it's years old code, as I said. A pub/sub architecture would be nicer (albeit just as irrelevant to the server load as the memory table), but you're not gonna get that without adding a dependency to the game server.

Honestly, talking to you anymore is a waste of time, you don't seem to have a grasp of neither security, nor much technical knowledge. I'll not reply again.
"I don't see a reason to help "completing this PR" when it's all going to be overhauled soon anyway. Apart from that, again, I personally don't care much for this API", well we did:
- Change to deny direct lua code execution by UReddington · Pull Request #1 · EvilHero90/forgottenserver (https://github.com/EvilHero90/forgottenserver/pull/1) (This actually solves and fixes your "security issue", so the bot itself and we don't have access to your server or whatever, leading to the use of the api that we shared with you yesterday using a dedicated byte: 106)

I don't even need to read the rest, you're in that otland group filled with haters that doesn't give a about the community or his progress, you're just here to bash and trash whatever that the rest can do and you can't xD

Thanks for the answers anyway, we've seen how you can handle situations here
 
Last edited by a moderator:
Top