Official PyGG2 Development thread

[Phantom Brave]

physics is coded in gg2 on a per-object basis
so yeah
that's like the final step in remaking it :U

[Port]

How do I actually install Pygrafix?

[nightcracker]

How do I actually install Pygrafix?

If you are on windows it's easy. You download [this zipfile](https://github.com/downloads/nightcracker/pygrafix/pygrafix.win32.zip) and you unzip it's contents into C:\Python27\Lib\site-packages.

Obviously replace C:\Python27 with the path where you installed Python.

[Nukleus]

HOW TO RUN PyGG2 ON WINDOWS

1) INSTALLING PYTHON 2.7

Download Python 2.7

Install it to "C:\Python27".
Go to "controlpanel>System>Advanced>Environment Variables".

In the "System Variables" box, click on "Path", then click "Edit".
In the "Variable Value" box, add to the end: ";C:\Python27;C:\MinGW\bin".
Click OK, then OK again in the system menu.

2) INSTALLING PIL, PYGRAFIX AND MINGW

Download and install PIL

Download Pygrafix
Unzip, and move to "C:\Python27\Lib\site-packages"

Download and install MinGW

3) INSTALLING PYGG2 AND BITMAP EXTENSION

Download and unzip: PyGG2

Move the folder to My Documents and rename it to "PyGG2".

Go to command prompt (start>accessories>command prompt) and type "cd " (with a space after cd).
drag the PyGG2 folder into the command prompt window and press enter.

Type in "python make.py build" and press enter.

After it is finished, exit command prompt.

4) MAKING PyGG2.bat

Go to notepad (start>accessories>notepad).

Type the following, but change <USER> to your computer's username.

cd "C:\Documents and Settings\<USER>\My Documents\PyGG2"
python make.py testclient


Click file>save, and in the "File Name" box, type "PyGG2.bat", and set the "Save as Type" box to "All Files".
Save it wherever you like.


And you're done! Whenever you want to run PyGG2, you just have to open PyGG2.bat
If you want to update PyGG2, just repeat delete the PyGG2 folder in My documents and repeat step 3.

Should probably put this on the OP

[dAn]

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done? Because right now some things that should be skill indexed are easily emulated by the computer.

[Port]

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done? Because right now some things that should be skill indexed are easily emulated by the computer.

[Orpheon]

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done? Because right now some things that should be skill indexed are easily emulated by the computer.

What Port said is mostly correct. Those two hacks are very hard to prevent, as they are completely independent of the server, and are only client-side.
The easiest fix would be making gg2 closed-source (which of course won't and can't happen). The next easiest is making the server check by some hash-check whether the client is a vanilla client, which would kill any sprite-mods too, and still be hack-able by the best.
As for the fix for the second problem, I'm a bit scared of that because of desync. Imagine shooting in the air. You'll only see blood when the server confirms there was a spy there, which means an extra event to confirm that, the need to sync graphical stuff (usually a very bad idea), and just in general a huge desync.

The only viable solution I see is just to ban distribution of them as best as possible (which we're already doing), so at least only the coders can do it (they usually don't).

Also, although this is inconsequential, the first mod ever of pretty much every modder is usually some form of a hack (It is so damn easy to make the second kind of hack, and it teaches much). 

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done?

Although I have yet to discuss this with NC, we need a policy for automatically downloading stuff (a server can tell a client "go download and execute that"). Mods like they exist now are fine.

[Port]

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done?

Although I have yet to discuss this with NC, we need a policy for automatically downloading stuff (a server can tell a client "go download and execute that"). Mods like they exist now are fine.

I can see how validating the safety of a downloaded script could be problematic. One solution could be running it in a virtual environment with most potentionally harmful features removed.

Instead of allowing full scripts to be downloaded, we could also just simply allow only resources to be downloaded (images, sounds, etc). Then for instance, the server could manually tell the client to play a sound or create a sprite at a specific position, deciding itself whether it should have physics applied and being able to transmit velocity, position and other parameters. Possibly also being able to tell the client that a specific object (such as a character, autogun, etc) should have a different sprite.

If the latter solution was used, we could also have options such as "Download Sounds", "Download Images", "File Cache Size" and other things to allow users to control policies themself.

[Orpheon]

Hey I have a question on pyGG2:

You mentioned mod lobby being disabled until you think of a policy, but how is vanilla-capable modding done?

Although I have yet to discuss this with NC, we need a policy for automatically downloading stuff (a server can tell a client "go download and execute that"). Mods like they exist now are fine.

I can see how validating the safety of a downloaded script could be problematic. One solution could be running it in a virtual environment with most potentionally harmful features removed.

Instead of allowing full scripts to be downloaded, we could just simply allow only resources to be downloaded (images, sounds, etc). Then for instance, the server could manually tell the client to play a sound or create a sprite at a specific position, deciding itself whether it should have physics applied and being able to transmit velocity, position and other parameters. Possibly also being able to tell the client that a specific object (such as a character, autogun, etc) should have a different sprite.

If the latter solution was used, we could also have options such as "Download Sounds", "Download Images", "Download Cache Size" and other things to allow users to control policies themself.

Another solution would be to just accept what the lobby declares as legit, and then we could manually control mods who want to be distributed, and upload their hash or whatever to the lobby server (whitelist). There aren't enormous numbers of them anyways, so it would be feasible.

Whatever. This is a discussion that should take place after we've got vanilla covered.


By the way Port, have you been here under another name already or are you new? In both cases, can you code Python? And are you interested in helping?

[dAn]

The next easiest is making the server check by some hash-check whether the client is a vanilla client, which would kill any sprite-mods too, and still be hack-able by the best.

This solution is something I thought about. TF2 has something similar for resources: sv_pure

Outside of VAC securing a server, the first line of defense against cheating is the server variable (console command) sv_pure. This variable controls where a client gets its information and acts as a means to restrict what kind of content and files can be modified/substituted on the player's side. This can be easily exploited by players if not configured properly. Its optional (but not vital) to set this variable to 1 or 2 if you don't want to allow any form of cheating on your servers. By default sv_pure is set to 0 which restricts nothing. Possible values are 0, 1, and 2 which are explained below.

sv_pure 0
allows the client to specify the location of ANY game file. A client can potentially use modified files to gain an unfair advantage by doing things such as replacing enemy player models with ones that use bright colored skins, make walls invisible, add beacons onto the intelligence, or just about anything else you can think of. VAC doesn't protect against these kinds of exploits because they don't modify the game process itself. It's up to the server to decide what its clients can do.
sv_pure 1
restricts where the client can get information from based on a white list (list of allowed content). The default white list is still set to allow custom player models as well as any potential exploits such as bright skins.
sv_pure 2
forces the client to ignore ALL user content, and instead forces them to use the information supplied by Steam. While this is the most secure, sv_pure 2 will prevent the use all custom skins/models and even custom sprays.

For more information on sv_pure servers, including information on the white list format, see Pure Servers on the Valve Developer Wiki.

Is it possible to implement something like sv_pure 1 but with a blacklist? You only talked about something similar to sv_pure 2, which is preventing any modding.
On a scale of : will/can do - will/can eventually do - will/can not do
where does this stand, if it is at all feasible?

[NAGN]

you're talking about something completely different. We're talking about the server providing recourses for the client, and not vice versa. On a scale of impossible to possible, its impossible to implement a sort of system like that without making some sort of closed-source extension which does MD5 hash checks to check to see if any data has been modified.

It is impossible because the game is open source - ANY of the client's resources are easily modified, and the client can just send a fake "default" hash back to the server upon request

[Orpheon]

you're talking about something completely different. We're talking about the server providing recourses for the client, and not vice versa. On a scale of impossible to possible, its impossible to implement a sort of system like that without making some sort of closed-source extension which does MD5 hash checks to check to see if any data has been modified.

It is impossible because the game is open source - ANY of the client's resources are easily modified, and the client can just send a fake "default" hash back to the server upon request

We could do some complicated shit like making the server send some random stuff to the client, which the client then somehow adds to itself and sends back the md5 or something. Not un-hackable, but pretty damn hard.

But yeah, client-side control in an open-source game is usually a very bad idea.

[nightcracker]

I updated pygrafix, and did a quick pygg2 update so it supports the new syntax/API changes.

The download link for windows binaries of pygrafix is now https://github.com/downloads/nightcracker/pygrafix/pygrafix.win32.latest.zip. The documentation for pygrafix can be found here: http://readthedocs.org/docs/pygrafix/en/latest/. If you are not on Windows you must download and compile from source: https://github.com/nightcracker/pygg2. Instructions for compiling can be found here: http://readthedocs.org/docs/pygrafix/en/latest/compiling.html.

I can also report that pygrafix has been successfully compiled and used on Mac OS X!

[notajf]

I can also report that pygrafix has been successfully compiled and used on Mac OS X!

That's great for the nonexistant GG2 Mac users then

[Orpheon]

I can also report that pygrafix has been successfully compiled and used on Mac OS X!

That's great for the nonexistant GG2 Mac users then

Like Nukleus. Like at least 5 separate people who appeared in IRC asking for gg2 on mac. Like me a few years ago.

Also,

I can also report that pygrafix has been successfully compiled and used on Mac OS X!

Not PyGG2. Pygra(ph)fix isn't just for gg2.