FOSS gamedev and creative worlds

[gaf99]

I was playing on Xanandu server when another player dropped several books. When I opened the book https://i.imgur.com/oPJtgS3.jpg it contained 11 pages of what appeared to be java code. The other players and I began to lag, so I logged out, ran a virus scan, check firewall log ect.. found nothing. I contacted the sever admin TenPlus1 and expressed my concern and gave him/her the location of the book, no response other than finding my account banned the next day. I was unable to get any answer from mods or the server admin in reference to the suspicious book. My question and concern is if it's possible for a skiddie to add their code to minecraft items and use as a exploit, do devs audit the code of mods? I'm not a programmer or very tech savvy, but the entire situation seems very odd to me. I run the 0.4.13 version ,no mods added by me on client side, and have had no other glitches other than when I opened this book. Thanks

[TenPlus1]

These are just hoax books made to worry players on server, they cannot harm either the server or the players machine since text is read only and does nothing else.

[kaadmy]

what appeared to be java code.

Minetest is written in C++ and Lua, no Java here.

add their code to minecraft items and use as a exploit

This isn't Minecr**t, it's Minetest.

do devs audit the code of mods?

Nope, that's the problem of the server owner.

no mods added by me on client side

Minetest has no client-side mods yet, mods are run completely server-side.

[maikerumine]

I was playing on Xanandu server when another player dropped several books. When I opened the book https://i.imgur.com/oPJtgS3.jpg it contained 11 pages of what appeared to be java code. The other players and I began to lag, so I logged out, ran a virus scan, check firewall log ect.. found nothing. I contacted the sever admin TenPlus1 and expressed my concern and gave him/her the location of the book, no response other than finding my account banned the next day. I was unable to get any answer from mods or the server admin in reference to the suspicious book. My question and concern is if it's possible for a skiddie to add their code to minecraft items and use as a exploit, do devs audit the code of mods? I'm not a programmer or very tech savvy, but the entire situation seems very odd to me. I run the 0.4.13 version ,no mods added by me on client side, and have had no other glitches other than when I opened this book. Thanks

That is not code.
That is not book.
You are trolling and starting drama on a great server.
Return 0

[rubenwardy]

1. Java and Javascript are different.
2. This is not MCPE
3. That is not code, it's an error backtrace.

Java:



Javascript:

[gaf99]

That is not code.
That is not book.
You are trolling and starting drama on a great server.
Return 0

No, this is a concern of security and privacy with me, and I would like to stay within the context of this post rather than defend against childish accusations of being a dramaqueen, thanks. The image I provided is indeed that of a "book" I cropped to hide names of other players visable in the full size.

[TenPlus1]

OK, let's put this scare tactic to rest... I audit every mod that is run on Xanadu server and a simple book containing text of any kind, language or program will do NOTHING to the game/system it's viewed on.

[kaadmy]

[...] will do NOTHING to the game/system it's viewed on.

AFAIK, the server can't force the client to break anything.

[Hybrid Dog]

[...] will do NOTHING to the game/system it's viewed on.

AFAIK, the server can't force the client to break anything.

Once on the VaE vanilla server there was a sign.
When you looked at it, which usually makes the infotext become shown, your minetest crashed.
If you joined again on the server, your position, yaw and pitch were saved, you crashed again.
Thus you can't longer play on this server with your playername.

And recently there was a change that server owners can't longer find out passwords of players of their servers l think.

[kaadmy]

[...]
AFAIK, the server can't force the client to break anything.

When you looked at it, which usually makes the infotext become shown, your minetest crashed.

Hmm, that sound like a rather annoying bug, and I've never seen it before. Wonder how he figured out how to crash it via text in the sign.

[gaf99]

TenPlus1, Please don't take this personal, with all due respect, I don't know or trust you. Coming here and seeing that you have a talent for developing mods, coupled with the communication failure between us on the server ( book related), I became more suspicious. I simply mailed you the location of the book with a brief description of what happened. Without dragging out the issue, and following advice from a moderator to wait and talk to you or another admin , I found my account banned. I made a new account and was told by a mod "something about virus book drama" and to speak with you or another admin. When I finally reached you on the server I was banned again within seconds of asking about the book. This action seemed defensive and made me even more suspicious. I don't think it's unreasonable for me to seek advice about a item that has nothing to do with normal function of the game. I'm not here to debate my ban, or make friends. I simply want to shed some light where there is none, and possibly prevent a skiddie rampage from harming anyone else. Note that the book was 11 pages, and the average user can't copy paste from desktop to app, so "nothing to worry about" didn't do it for me. Sorry if I'm just some idiot, but it freaked me out, and I went through a lot of trouble. So there it is, I'll leave it to the pros. Thanks

[Don]

I can not speak to the book incident but I would like to add my thoughts. I have had dealings with TenPlus1 a number of times. I have read a lot of the forum. From what I have seen, TenPlus1 is one of the most trustworthy people on here. He has added a lot to minetest and is more then willing to help people out. I have seen no actions that would show that TenPlus1 would do anything malicious.

As for code in the book, do not under estimate people. Some people have plenty of time and a bad attitude. They are willing to go to extremes to mess with others. It would not surprise me if someone wrote 11 pages of stuff. They may have found a way to add text to the book using shortcut keys or a script on their computer.

I can not see any way for that code to do anything to a computer. After around 2 years of being involved in Minetest I have not seen anything that would mess up my computer. When people post mods to the forum they are quite often reviewed by other developers. I personally have had developers reply to my mods with comments about my code. They had reviewed it and let me know of problems. I have reviewed peoples code. We help each other out all the time. The chances of a mod being malicious is very unlikely on the forum. If someone tried to it would most likely be seen within a few hours and be called out for it right away. I have not seen this happen yet. Not sure if anyone else has seen a malicious mod posted here.

To sum up what I said, you have little to worry about and I believe TenPlus1 is someone that can be trusted.

[IceAgeComing]

I am rather interested to know
who wrote the book? Do you happen to have screenshot of it?

[Don]

Screenshot is in the first post

[IceAgeComing]

Screenshot is in the first post

The screenshot in the first post is not showing who wrote the book. (at least i am not seeing it)
Every written book in Xanadu server shows wrote wrote it...so i am very curious to know who was the one trying to stir up the trouble.

[rubenwardy]

Once again, the text isn't even code, it's an error traceback. It obviously faked, it talks about Javascript and then about Java. It also mentions MCPE.

On Linux, there is a bug where you can't copy and paste. On Windows you can.

1. Java and Javascript are different.
2. This is not MCPE
3. That is not code, it's an error backtrace.

Java:



Javascript:

[Dragonop]

Btw, you can copy-paste stuff, just select with shift+arrows, and then ctrl+c and ctrl+x, and you know the rest.

I don't know about coding myself, but I'm able to read code and undestand most of it, and that screenshot you took looks like an error message.

As Don said, TenPlus1 is a nice guy, and I can't think about he being some sort of baddie.

If you ran a virus scan, and stuff, if it detected nothing, not even a false-positive, there is nothing to worry about.
You also mentioned Minecraft, Java, client-side mods (those affect the multiplayer in Minecraft), this is starting to look kinda suspicious...

My last word is that somebody saw some kind of code that might break MCPE, and pasted in in a book; what an ingnorant "troll"...

[gaf99]

starting to look kinda suspicious...

I've been playing minetest 1 month, "craft" was a simple typo. You're probably right about the crash for mineCRAFT attempt on the wrong game. My search results showed the error relates to a MCPE .apk file.
IceAgeComing, right, the book and it's title does show the user name. I viewed the list of players from this sites server list, he/she was logged in at least twice yesterday.