I think it's time that ETF2L, TeamFortress.TV and logs.tf get open sourced, i.e. released on github or something such that people can see, learn, and most importantly, contribute.
If enough people care to fix a problem, someone talented in the community will do the work voluntarily. But in the state we are in as of now, it's impossible for someone outside to propose and implement features/fixes themselves.
A common problem that comes up is the "lack of manpower" to get things actually done, if you let people submit their work, you as host still have the ability to deny changes, but don't have to do them yourself.
On the subject of security risks, I believe it's even more beneficial if more sets of eyes can go through the code and report errors early, before malicious people get the chance to exploit it.
Upfrag this post if you think so too, and downfrag if you don't, however I am interested in your reasoning.
I think it's time that ETF2L, TeamFortress.TV and logs.tf get open sourced, i.e. released on github or something such that people can see, learn, and most importantly, contribute.
If enough people care to fix a problem, someone talented in the community will do the work voluntarily. But in the state we are in as of now, it's impossible for someone outside to propose and implement features/fixes themselves.
A common problem that comes up is the "lack of manpower" to get things actually done, if you let people submit their work, you as host still have the ability to deny changes, but don't have to do them yourself.
On the subject of security risks, I believe it's even more beneficial if more sets of eyes can go through the code and report errors early, before malicious people get the chance to exploit it.
Upfrag this post if you think so too, and downfrag if you don't, however I am interested in your reasoning.
labricecatUpfrag this post if you think so too, and downfrag if you don't, however I am interested in your reasoning.
You can't upfrag #1 post of thread if i'm not wrong.
[quote=labricecat]Upfrag this post if you think so too, and downfrag if you don't, however I am interested in your reasoning.[/quote]
You can't upfrag #1 post of thread if i'm not wrong.
Ah, for a post it's called "upvote", not "upfrag", weird.
Ah, for a post it's called "upvote", not "upfrag", weird.
labricecatAh, for a post it's called "upvote", not "upfrag", weird.
oh shit I didnt know you can upvote it. I just discovered it thx to you :O
[quote=labricecat]Ah, for a post it's called "upvote", not "upfrag", weird.[/quote]
oh shit I didnt know you can upvote it. I just discovered it thx to you :O
I'm very grateful for anyone that contributed and provided feedback about serveme.tf. After nearly 14 years of being an open source TF2 project that's somewhat important to the comp TF2 community, this is what the contributions look like:
https://i.imgur.com/EyTLMw8.png
I'm very much in favor of open sourcing things, but in my experience, just being open source didn't make a big difference to the project.
I'm very grateful for anyone that contributed and provided feedback about serveme.tf. After nearly 14 years of being an open source TF2 project that's somewhat important to the comp TF2 community, this is what the contributions look like:
[img]https://i.imgur.com/EyTLMw8.png[/img]
I'm very much in favor of open sourcing things, but in my experience, just being open source didn't make a big difference to the project.
Yes, most projects are carried by one or a handful of people, and we all greatly appreciate you guys efforts.
There is no downside to being open source though, I am sure many people learned from serveme.tf and other such projects simply by being open source, and occasionally someone new comes around that wants to add something.
Yes, most projects are carried by one or a handful of people, and we all greatly appreciate you guys efforts.
There is no downside to being open source though, I am sure many people learned from serveme.tf and other such projects simply by being open source, and occasionally someone new comes around that wants to add something.
agree completely. was just thinking this for mge.tf .
The mge.tf website is now open source https://github.com/mgetf/website-next
We are working on support for other sized leagues (1v1, 2v2), and also more discord support so it pings you when you have a match. and there are more ideas...
agree completely. was just thinking this for mge.tf .
The mge.tf website is now open source https://github.com/mgetf/website-next
We are working on support for other sized leagues (1v1, 2v2), and also more discord support so it pings you when you have a match. and there are more ideas...
Open source or otherwise for logs.tf specifically it's probably suboptimal to have such a fundamental part of competitive tf2 be reliant on one dude who hasn't played in like 8 years. Blessed be to zoob, afaict he still fixes shit whenever it breaks out of nothing but sheer love of the game (based based based based) but does feel like a ticking time bomb in some respects.
Open source or otherwise for logs.tf specifically it's probably suboptimal to have such a fundamental part of competitive tf2 be reliant on one dude who hasn't played in like 8 years. Blessed be to zoob, afaict he still fixes shit whenever it breaks out of nothing but sheer love of the game (based based based based) but does feel like a ticking time bomb in some respects.
Open sourcing these tools won't neccessarily fix the issue of fewer devs being around. Who is gonna review these PRs? Who agrees what should and shouldnt change? Whos gonna filter out the 7 million PR generated slop PRs and banned player XYZ making a PR to change serve.me to tf2isfullodpedos.me.
We cant even agree as a community whether spoon should be banned.
Open sourcing these tools won't neccessarily fix the issue of fewer devs being around. Who is gonna review these PRs? Who agrees what should and shouldnt change? Whos gonna filter out the 7 million PR generated slop PRs and banned player XYZ making a PR to change serve.me to tf2isfullodpedos.me.
We cant even agree as a community whether spoon should be banned.
AimTechOpen sourcing these tools won't neccessarily fix the issue of fewer devs being around. Who is gonna review these PRs? Who agrees what should and shouldnt change? Whos gonna filter out the 7 million PR generated slop PRs and banned player XYZ making a PR to change serve.me to tf2isfullodpedos.me.
We cant even agree as a community whether spoon should be banned.
fully agree with this take, since I was/am responsible for the way ETF2L works from a technical perspective, since 2019 I'll give my two cents
I cannot imagine opening for instance etf2l code where we used a scanner for steamids which was changed in 2012? last time because noone had time to implement modern OCR solutions like something based on tesseract because most of the people who are/were "site coders" did nothing or almost nothing for years
what I'm trying to say by that is, the code has or had some vulnerabilities, some with CVSS 7+ score and I couldn't sleep safe if I knew that some malicious actor could find a portion of a code letting you pull database data and find idk some data about admin investigation where very sensitive data are shared and without disclosing it to us used it against the site in order to gain data or access to the container of any sort
yes opening code let's some good people look at it fix it, but you have to look at both sides of a medal and in this specific scenario it's a bad idea
[quote=AimTech]Open sourcing these tools won't neccessarily fix the issue of fewer devs being around. Who is gonna review these PRs? Who agrees what should and shouldnt change? Whos gonna filter out the 7 million PR generated slop PRs and banned player XYZ making a PR to change serve.me to tf2isfullodpedos.me.
We cant even agree as a community whether spoon should be banned.[/quote]
fully agree with this take, since I was/am responsible for the way ETF2L works from a technical perspective, since 2019 I'll give my two cents
I cannot imagine opening for instance etf2l code where we used a scanner for steamids which was changed in 2012? last time because noone had time to implement modern OCR solutions like something based on tesseract because most of the people who are/were "site coders" did nothing or almost nothing for years
what I'm trying to say by that is, the code has or had some vulnerabilities, some with CVSS 7+ score and I couldn't sleep safe if I knew that some malicious actor could find a portion of a code letting you pull database data and find idk some data about admin investigation where very sensitive data are shared and without disclosing it to us used it against the site in order to gain data or access to the container of any sort
yes opening code let's some good people look at it fix it, but you have to look at both sides of a medal and in this specific scenario it's a bad idea
Security through obscurity has been considered a bad practice forever at this point: wikipedia
Looking through some tf2 projects that were open sourced, I could not find an instance of such "troll PR"s ever appearing, having looked at the aforementioned serveme, as well as demostf and tf2pickup.
The barrier of entry for people that want to contribute gets lowered; implementation work for the maintainers gets reduced for features that get an PR, only requiring a review.
Security through obscurity has been considered a bad practice forever at this point: [url=https://en.wikipedia.org/wiki/Security_through_obscurity]wikipedia[/url]
Looking through some tf2 projects that were open sourced, I could not find an instance of such "troll PR"s ever appearing, having looked at the aforementioned serveme, as well as demostf and tf2pickup.
The barrier of entry for people that want to contribute gets lowered; implementation work for the maintainers gets reduced for features that get an PR, only requiring a review.