Re: [Nolug] Any way to have a program verify that it's running alegitimate version?

From: Elliott Seyler <rainrunner87_at_mailshack.com>
Date: Fri, 25 May 2007 23:47:56 -0500
Message-ID: <4657BBFC.20705@mailshack.com>

To give a bit more detail, I'm planning a full server, complete with
email, storage, and processing capabilities, along with a BBS and chat,
and I'm going to make it completely distributed. All the storage'll be
encrypted, as well as all the communication between the nodes. The goal
is to make a conclusive privacy platform that can be actually trusted by
users, and which ensures trustworthy users, mostly by making sure that
the users can't screw it up.

I need such a server specifically for hosting another project of mine
for later down the line: anonymous digital currency. But that's beside
the point. The point is to make this server, and I'm starting to wonder
if there's any way to do it and have it still be open source. The only
problem is that you can't trust a non-open source privacy project,
because there's no way to verify its trustworthiness.

Friedrich Gurtler wrote:
> Yeah, generally all you can do is sanity checks on the server side to
> catch things that should be impossible. Not sure how that would work
> on the proposed project, from the given the vague-ish description.
>
> From the bzflag faq:
>
> *Are there any cheat codes?*
> No.
>
> *Why not?*
> Cheat codes don't really make sense in a multiplayer game. If one
> player cheats, it ruins it for everybody. Soon everyone would be
> cheating, which just makes gameplay bad.
>
> *But I see cheaters all the time?!?*
> Yeah, unfortunately. Because of the open nature of BZFlag, its not too
> difficult for someone with programming experience to create a cheat
> client. At the moment the best solution is to find the server admin or
> just change servers when a cheater shows up.
>
>
>
> On 5/26/07, *Katrina Niolet* < kniolet@ildiinc.com
> <mailto:kniolet@ildiinc.com>> wrote:
>
> A number of open source projects have tried to figure this out,
> especially games where hacking can give someone an unfair advantage.
>
> I suggest taking a look at bzflag, I think they have been working
> on it for a while for that game.
> --sent from my BlackBerry 8100--
> Katrina Niolet
> kniolet@ildiinc.com <mailto:kniolet@ildiinc.com>
>
>
>
> -----Original Message-----
> From: Elliott Seyler <rainrunner87@mailshack.com
> <mailto:rainrunner87@mailshack.com>>
> Date: Fri, 25 May 2007 17:38:17
> To:nolug@nolug.org <mailto:To:nolug@nolug.org>
> Subject: Re: [Nolug] Any way to have a program verify that it's
> running a
> legitimate version?
>
> Therein lies the problem: users can't trust a closed-source
> program, and
> I can't trust users not to hash it.
>
> Friedrich Gurtler wrote:
> > Is this project going to be open source?
> >
> > You could calculate a hash of the program and have that be a
> component
> > of whatever handshaking protocol you end up using.
> >
> > However, if its open source they could just hardcode the
> expected hash
> > into the handshake, and do whatever they want.
> >
> > -- Fritz
> >
> > On 5/25/07, *Elliott Seyler* < rainrunner87@mailshack.com
> <mailto:rainrunner87@mailshack.com>
> > <mailto:rainrunner87@mailshack.com
> <mailto:rainrunner87@mailshack.com>>> wrote:
> >
> > I'm planning a rather crazy project to make a distributed
> server, and
> > one of the problems I've come across in my initial planning is
> > preventing people from connecting modified versions of the
> server. I
> > want to prevent anything but a legitimate version from being
> part
> > of the
> > server network, to prevent collusion with the intent to
> reveal secure
> > information or communication sent or stored within the network.
> >
> > The trouble is that I can't think of any reliable way to do
> > this. Any
> > suggestions you may have would be welcome.
> >
> > -Elliott
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org <mailto:nolug@nolug.org>
> <mailto:nolug@nolug.org <mailto:nolug@nolug.org>>
> >
> >
>
> ___________________
> Nolug mailing list
> nolug@nolug.org <mailto:nolug@nolug.org>
>
>

___________________
Nolug mailing list
nolug@nolug.org
Received on 05/25/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST