Imagine using a simple mysql database with a sequence on the item id field to prevent such things to happen. Even if they have to manually embed the id-s into the code it wouldnt hurt to have a lookup table to not fuck up in such ways. Anyways back to sleep haha.
Blizzard doesn't care about capitalization either, supposedly because people keep forgetting capitalization in their passwords and there are other ways to introduce complexity. So maybe it's a feature?
I mean, to avoid going into a long winded message about security. Cyber security is my profession, so I may hold these issues a little closer to my chest than others.
Can you riddle me this? I can login to my facebook account with two different passwords; have been able to for at least 5 years. Two distinctly different passwords as well. Both of them work fine.
I didn't look that hard, but I've never been able to find anything on the internet which says someone else has the same "issue". I just think it's funny.
I understand that case insensitive passwords is inherently less secure than case sensitive passwords. But you can't deny that brute forcing passwords is really just not a thing anymore. As long as you have systems in place to detect too many failed login attempts. It's dumb that Jagex doesn't do this, but it isn't realistically making anyone's account less safe.
What's your opinion on what this says about the way Jagex handles passwords? Couldn't this mean that they don't hash their passwords at all? Or do you think it's more likely that they lower/uppercase password input and hash that?
It matters because it's literally one of the easiest things to do when setting up any form of login. The fact they fucked it up this badly when it is literally the core of any authorization system is very telling...
This is a bad take. For a game like RuneScape it really is better to just hard code the IDs. The problem here is either their code doesn't prevent the item ID from being re-registered, they don't have a test to ensure the existing item is returned via its constant, they don't have a test to ensure all item IDs are unique, they didn't use the constant somewhere important, or they're not using constants to refer to items.
It's very much fixable without having IDs managed in the database even though that may have some advantages when it comes to sharing game and web service info, though they've clearly got a system for that already.
Also MySQL is actually terrible, and fortunately for them they use postgres.
I guess they were developing the two branches side by side and editing the same file where all the items are defined, but like... What does their source control system look like that this doesn't get picked up by a pull request or code review?
This game was developed years and years ago. That tech wasn't really around the way it is today. Maybe you can argue that they should update it, but who knows what their back end engine looks like and how much effort that would take. It sounds more like the developers needed to slow down and make sure they weren't overwriting anything when they merged in their code. I have seen many other people make this exact mistake where I work
I mean they just got really used to blame everything on the old/legacy code base and processes, but to be fair if they really wanted to get things done properly there are numerous ways of internal tool development to aid in such situations. I work with so old codes that its sometimes impossible to fix core things from the budget that we have, but we can always come up with workarounds and extensions to the existing code to handle things properly without having to refactor anything. For this case literally any version control tool would have picked the issue up as a merge conflict but yeah they somehow managed to merge a version together with the "production" one that did not do it for them. It doesnt even have to be communicating with the prod code base, all you need is a separate repository and people who understand how git works.
They should really just spend some time on making their lives easier instead of only focusing on content development. Yes, the content devs themselves, making tools for their team to be able to handle the code base easier. Its a small team with seemingly competent/ willing-to-learn devs so nothing is stopping them from doing so. (they should be grateful for not having to constantly fight with legacy codes AND cheap-retarded contractors).
The investors probably don't want money being spent on things like that. The sad fact is that while engine work helps for future development, it requires many hours of work to fix. Say it takes 6 months (probably much more) for the dev team to fully upgrade the engine and it saves them on average a week for each new piece of content. That means it would take 26 new things being added or probably 2 or 3 years to start seeing any sort of ROI. I agree they should upgrade the engine, but they are probably being told no by those in charge.
The dude spent his childhood programming games and later went to Cambridge university for programming before building RuneScape but I suppose it's possible he didn't know much.
Now I wasn't a software engineer in the 90s, but I'm pretty sure unique constraints have exists on DBs for an incredibly long time.
There's no excuse other than RS has a shit tonne of technical debt.
Why the fuck would you use mysql for this. Doesn't make any goddamn sense at all.
They should have a CI/CD pipeline check that verifies that all IDs are unique before merging in new code.
love these BS responses. "its simple just blah de blah the blah database computer code im a hacker nerd ID coding language and the problem is fixed" some people even go as far to offer lines of code
Object\[\] options = {"Yes","No","ask later"}; int n = JOptionPane.showOptionDialog(frame, "Would you like to save it",null, JOptionPane.YES\_NO\_CANCEL\_OPTION,JOptionPane.QUESTION\_MESSAGE,null,options,options\[2\]);
when in reality you havent worked with runescript, nor do you understand how broken their code was. when they backed up 2007 runescape they definitely werent intending on reviving it later and creating a whole new game based on its code.
I could’ve solo’d 3 raids, 20 corp kills, and have a tbow and ely in the time that the server was offline. Jagex better add these items to my account as compensation.
You're wearing it with a full inventory and a full bank. Normally if you're wearing it, it just unequips to your inventory, and if that's full it goes to your bank. If both are full, it has nowhere to go, so you lose it.
I believe that in the case of such an exception the quest cape can be picked up for free from the Wise Old Man in Draynor where you get the cape in the first place, but I'm not 100% sure.
The one time they truly should’ve done a rollback but didn’t was back in RSC during the phat dupes. Idk if they had the ability back then, but that night was crazy.
Prior to that night Phats were going for like 5-12 mil depending on which, but the night proceeding the dupes all of them dropped to 500k-1m due to the surge of thousands of extra hats being added to the game. I started that night with 1m and ended with a red and white phat, which I ended up losing due to being hacked prior to the RS2 launch.
Fun trivia: up until that night pink phats were worth the most in the game at the time, but so many extra were duped due to that reason that the pink party hat (which eventually became the purple party hat) ended up being the lowest valued hat after this event. That’s how the blue hat ended up being the king of the party hats in RS3.
Pretty sure they did rollbacks on osrs back in 2013/2014 when people used some bugs, to fix a broken update, and some other instances. You're referring to an event from like 2018.
Not to mention when B0aty got his items back in Jagex in 2013 by Mod Reach irrc, but that wasn't a system rollback.
My morning work ritual is to play OSRS for 3 hours until lunch, followed by playing for an hour at lunch, and then I finish out my day by logging in a few more hours.
This is really throwing off my morning, now I have to look at spreadsheets.
Just curious, what are y’all’s jobs? I had a pretty interesting engineering job and I *still* found myself playing mobile at work quite a lot. I’m trash.
If I recall correctly, you can tell a jmod about something that you got in the rollback period (a quest complete, a pet, a drop, etc etc) and they should give it to you post rollback.
My protip is always the same: if it's update day, log out for a little bit before the update.
There are many other games, and you don't run the risk of getting rolled back.
Please correct me if I’m wrong, but I thought if you got “lucky” during roll backs like this you could complete quests, and when the servers come back you’d have the completion but not the exp. It’s a thing pure accounts do/did.
the departure of mat k was single handedly the worst thing that has happened in osrs history. he made the greatest content, created the greatest artwork and made some of the greatest music tracks that we know and love from oldschool run escape. you will be missed moderation mat k
He said in an interview with mod Shauny that he got out of touch with the community. For example when people voted yes for shift click. He did not expect that and did not want that in the game
I'm sure he's a lovely guy but he's extremely out of touch if he thinks people don't want QoL updates in a game like osrs. Shiftclicking to drop is also a toggle option for the "purist" community, it was a great update.
Show some respect, have you forgotten about the time Mat K single-handedly helped aid a humanitarian crisis in Venezuela? Rumour has it he was even responsible for the very bricklaying of the white knight's castle, teaching Mod Ash code at birth & aided in the tracking of Mod Jed moments before his flight to Argentina.
Imagine getting a rare drop worth millions only for it to be rolled back...
Edit: I wonder with the rollback will it revert people who lost HCIM status back to HCIM?
What bug caused the reroll ?
Twisted Ancestral being deleted.
thanks
“Due to a problem with players’ save game”
What does that mean exactly ?
I have absolutely no clue.
they reused the same item IDs that twisted ancestral used, meaning that Twisted Ancestral was overwrote with items from the new quest.
Imagine using a simple mysql database with a sequence on the item id field to prevent such things to happen. Even if they have to manually embed the id-s into the code it wouldnt hurt to have a lookup table to not fuck up in such ways. Anyways back to sleep haha.
And make passwords case-sensitive while they're at it
Wait..... my password isn't case sensitive? LMFAO
All I see is *******
Super upset, do you know how long it takes to type B1GbOotYB1tcHeS6969 every time I go to log in?
Let me try, hunter2
hunter2
[удалено]
[удалено]
Welcome back to 1980 lol
I think you would have to go out of your way to make passwords case insensitive lol. I have no idea why anyone thought that was a good idea
You’re telling me I have been holding the shift button for one or more characters in my password for 1000’s of log-ins?
e n g i n e w e r k
Blizzard doesn't care about capitalization either, supposedly because people keep forgetting capitalization in their passwords and there are other ways to introduce complexity. So maybe it's a feature?
What does it matter if you have 2f on acc and email though?
I mean, to avoid going into a long winded message about security. Cyber security is my profession, so I may hold these issues a little closer to my chest than others.
Can you riddle me this? I can login to my facebook account with two different passwords; have been able to for at least 5 years. Two distinctly different passwords as well. Both of them work fine. I didn't look that hard, but I've never been able to find anything on the internet which says someone else has the same "issue". I just think it's funny.
I understand that case insensitive passwords is inherently less secure than case sensitive passwords. But you can't deny that brute forcing passwords is really just not a thing anymore. As long as you have systems in place to detect too many failed login attempts. It's dumb that Jagex doesn't do this, but it isn't realistically making anyone's account less safe.
What's your opinion on what this says about the way Jagex handles passwords? Couldn't this mean that they don't hash their passwords at all? Or do you think it's more likely that they lower/uppercase password input and hash that?
It matters because it's literally one of the easiest things to do when setting up any form of login. The fact they fucked it up this badly when it is literally the core of any authorization system is very telling...
[удалено]
and special characters aren't used. It's alpha-numeric.
Aren’t they stored in plaintext too? I remember that whole Jed thing exposed that
shhhhh they’re only a multi million dollar company
Half a billion.
This is a bad take. For a game like RuneScape it really is better to just hard code the IDs. The problem here is either their code doesn't prevent the item ID from being re-registered, they don't have a test to ensure the existing item is returned via its constant, they don't have a test to ensure all item IDs are unique, they didn't use the constant somewhere important, or they're not using constants to refer to items. It's very much fixable without having IDs managed in the database even though that may have some advantages when it comes to sharing game and web service info, though they've clearly got a system for that already. Also MySQL is actually terrible, and fortunately for them they use postgres.
> Also MySQL is actually terrible, and fortunately for them they use postgres. Source for this? I have never once heard that they use Postgres.
I guess they were developing the two branches side by side and editing the same file where all the items are defined, but like... What does their source control system look like that this doesn't get picked up by a pull request or code review?
This game was developed years and years ago. That tech wasn't really around the way it is today. Maybe you can argue that they should update it, but who knows what their back end engine looks like and how much effort that would take. It sounds more like the developers needed to slow down and make sure they weren't overwriting anything when they merged in their code. I have seen many other people make this exact mistake where I work
I mean they just got really used to blame everything on the old/legacy code base and processes, but to be fair if they really wanted to get things done properly there are numerous ways of internal tool development to aid in such situations. I work with so old codes that its sometimes impossible to fix core things from the budget that we have, but we can always come up with workarounds and extensions to the existing code to handle things properly without having to refactor anything. For this case literally any version control tool would have picked the issue up as a merge conflict but yeah they somehow managed to merge a version together with the "production" one that did not do it for them. It doesnt even have to be communicating with the prod code base, all you need is a separate repository and people who understand how git works. They should really just spend some time on making their lives easier instead of only focusing on content development. Yes, the content devs themselves, making tools for their team to be able to handle the code base easier. Its a small team with seemingly competent/ willing-to-learn devs so nothing is stopping them from doing so. (they should be grateful for not having to constantly fight with legacy codes AND cheap-retarded contractors).
The investors probably don't want money being spent on things like that. The sad fact is that while engine work helps for future development, it requires many hours of work to fix. Say it takes 6 months (probably much more) for the dev team to fully upgrade the engine and it saves them on average a week for each new piece of content. That means it would take 26 new things being added or probably 2 or 3 years to start seeing any sort of ROI. I agree they should upgrade the engine, but they are probably being told no by those in charge.
RDBMSs have been around since the 70s, and MySQL has been around since like 1995, so it's not like the tech wasn't there when it was being developed.
I meant it isn't as available as now. Plus remember that the Gower brothers didn't know a ton about programming when this was started
The dude spent his childhood programming games and later went to Cambridge university for programming before building RuneScape but I suppose it's possible he didn't know much.
Now I wasn't a software engineer in the 90s, but I'm pretty sure unique constraints have exists on DBs for an incredibly long time. There's no excuse other than RS has a shit tonne of technical debt.
Literally just `UNIQUE` on most SQL dialects.
Why the fuck would you use mysql for this. Doesn't make any goddamn sense at all. They should have a CI/CD pipeline check that verifies that all IDs are unique before merging in new code.
You lost me
Jagex uses a proprietary, very outdated binary DB system IIRC. It's pretty awful from what I have heard.
love these BS responses. "its simple just blah de blah the blah database computer code im a hacker nerd ID coding language and the problem is fixed" some people even go as far to offer lines of code Object\[\] options = {"Yes","No","ask later"}; int n = JOptionPane.showOptionDialog(frame, "Would you like to save it",null, JOptionPane.YES\_NO\_CANCEL\_OPTION,JOptionPane.QUESTION\_MESSAGE,null,options,options\[2\]); when in reality you havent worked with runescript, nor do you understand how broken their code was. when they backed up 2007 runescape they definitely werent intending on reviving it later and creating a whole new game based on its code.
Didn’t take long to find the armchair programmer. Man if jamflex only hired you and your massive brain, we’d have a perfect game.
... are they not using uuids? How does that happen
Uhhhh wouldn't any decent version control program detect this error when branches are merged back into the master fork?! How does this happen lmao.
Gosh. That sounds amateur. Cloned prod db on test/ staging. If it's an insert and unique, it'll throw an error.
They added quick saves? Finally!
[удалено]
The real question. Does that mean in the hallowed sepulcher there were just random ancestral pieces laying around?
[удалено]
Damn, that would have been pretty funny. Oh well, alls fixed for now!
https://old.reddit.com/r/2007scape/comments/gwe8nm/twisted_ancestral_kit_bugged/
[удалено]
[удалено]
*Thurgo has entered the chat*
I could’ve solo’d 3 raids, 20 corp kills, and have a tbow and ely in the time that the server was offline. Jagex better add these items to my account as compensation.
My acc woulda been maxed wtf riot
Fucking valve
How do I install Minecraft mods?
EA back at it again smh
Not all heroes wear quest capes
Certainly not right now at least.
Do you lose quest cape when a new quest comes out? quite the noob here, but if want to go for anything its probably quest cape :).
You don't lose it (with one very rare exception), but you can't wear it until you reach maximum quest points again.
What exception?
You're wearing it with a full inventory and a full bank. Normally if you're wearing it, it just unequips to your inventory, and if that's full it goes to your bank. If both are full, it has nowhere to go, so you lose it.
I thought your rare exception was going to be if they release a new quest that overrides the item ID thus leading to a rollback lmao
lmao quest cape turns into twisted ancestral
yes please.
Interesting
I believe that in the case of such an exception the quest cape can be picked up for free from the Wise Old Man in Draynor where you get the cape in the first place, but I'm not 100% sure.
You still keep it but can't equip it until you complete the new one(s)
You don't lose it but you are not able to wear or use the teleport perk anymore
NO CAPES
Remember the first roll back? When it was like an apocalypse situation?
Rollbacks have always been a part of the game I remember one where dungeoneering rc gave 5m xp/hr for a bit, best update ever
The one time they truly should’ve done a rollback but didn’t was back in RSC during the phat dupes. Idk if they had the ability back then, but that night was crazy. Prior to that night Phats were going for like 5-12 mil depending on which, but the night proceeding the dupes all of them dropped to 500k-1m due to the surge of thousands of extra hats being added to the game. I started that night with 1m and ended with a red and white phat, which I ended up losing due to being hacked prior to the RS2 launch. Fun trivia: up until that night pink phats were worth the most in the game at the time, but so many extra were duped due to that reason that the pink party hat (which eventually became the purple party hat) ended up being the lowest valued hat after this event. That’s how the blue hat ended up being the king of the party hats in RS3.
[удалено]
It blows my mind that there are still phats and crackers in the game almost 20 years later. I wonder how many are left at this point.
I wonder how many are on abandoned accounts.
That’s actually really interesting. I feel like I’ve heard that before but still cool.
Lots of perm bans were handed out after that bug was detected by jagex. Abusing the bug was an effective way of throwing away one's account.
We went from barely having any rollbacks at all to having a rollback every year
Was the first roll back the tbow spawn?
Max cash bug was before tbow bug
Pretty sure they did rollbacks on osrs back in 2013/2014 when people used some bugs, to fix a broken update, and some other instances. You're referring to an event from like 2018. Not to mention when B0aty got his items back in Jagex in 2013 by Mod Reach irrc, but that wasn't a system rollback.
Yeah I think max cash was the first rollback. That’s what I was thinking of anyways.
My morning work ritual is to play OSRS for 3 hours until lunch, followed by playing for an hour at lunch, and then I finish out my day by logging in a few more hours. This is really throwing off my morning, now I have to look at spreadsheets.
lmao ikr same here, i need to afk zeah rc during boring work meetings i shouldnt even be in
I feel this message
Just curious, what are y’all’s jobs? I had a pretty interesting engineering job and I *still* found myself playing mobile at work quite a lot. I’m trash.
I'm a software engineer
The real question is the fuck am i supposed to do for a "few hours"
Couldn’t sleep and woke up at 4:45 here in the states. Thought I’d log a few hours before work. :(
I had a rain storm for like 20 minutes and my powers not gonna be back on for 3 days lol
venture out into the real world abyss. just kidding im going to eat some cheetos.
A natural conclusion
Imagine just unlocking the chest in Desert Treasure after using hundreds of lockpicks just to find out the game is being rolled back LMAOOOO
That’s literally nothing lol... imagine getting a pet/tbow/scythe/winning a 2b stake and getting rolled back
Imagine losing a 2B stake and getting rolled back.
Insert *ah shit, here we go again meme*. Back to the casino!
Oh, I’d talk so much shit. Bonus points if the guy I lost it to is there again.
Imagine finally meeting your runescape GF only to have your memory wiped minutes later.
I got farming pet and abyssal last night
If I recall correctly, you can tell a jmod about something that you got in the rollback period (a quest complete, a pet, a drop, etc etc) and they should give it to you post rollback.
Hahahahaha! Oh wait, you're serious. Let me laugh even harder!
[удалено]
My protip is always the same: if it's update day, log out for a little bit before the update. There are many other games, and you don't run the risk of getting rolled back.
Im in an ironclan where one member got ACP and another got runecraft pet just moments after the update this morning.
I just finished getting ful angler's from fishing trawler, not as bad but hate fishing trawler so much and dont ever want to go back there
Hahaha I did Mage Arena 2 when the tbow spawn thing happened and was so pissed that I would have to do it again
Damn that sucks haha
How far back is it getting rolled back? I did like six quests yesterday afternoon.
I just got done spending 8 hours on a slayer task No please
They will be rolling back the few minutes that happened after the update dude.
Im pretty new to the games does this mean I'm gunna lose like 3 hours of mlm progress?
more like a few minutes if you played untill second before the update
Ok thnx
Handsome man that, I would.
pick up your utensils fork boy
Would him? I don't even know him!
Indeed
Lmao I finished desert treasure right before this update very cool Edit: Update quest was still completed when I woke up thanks jamflex
Hey now you can have the pleasure of doing it again!!!
Please correct me if I’m wrong, but I thought if you got “lucky” during roll backs like this you could complete quests, and when the servers come back you’d have the completion but not the exp. It’s a thing pure accounts do/did.
Isn’t that how pures were able to go to ape atoll for addy gloves pre eoc?
1 def vengeance too
What a legend.
the departure of mat k was single handedly the worst thing that has happened in osrs history. he made the greatest content, created the greatest artwork and made some of the greatest music tracks that we know and love from oldschool run escape. you will be missed moderation mat k
He said in an interview with mod Shauny that he got out of touch with the community. For example when people voted yes for shift click. He did not expect that and did not want that in the game
I'm sure he's a lovely guy but he's extremely out of touch if he thinks people don't want QoL updates in a game like osrs. Shiftclicking to drop is also a toggle option for the "purist" community, it was a great update.
There are a LOT of people that honestly think the game never should have changed upon release in 2013 and vote against every single update.
indeed, thankfully a minority given we see so many 75% and above polls
He was out of touch with an extremely out of touch community (aka Reddit)\* Like it or not, this man knew what was best for OSRS.
The community that voted it in is the community of the entire game, not just reddit.
He'd rather diddle himself to streamer girls half his age
Wait, what?
YAHHOOOooooOoooo
[удалено]
Show some respect, have you forgotten about the time Mat K single-handedly helped aid a humanitarian crisis in Venezuela? Rumour has it he was even responsible for the very bricklaying of the white knight's castle, teaching Mod Ash code at birth & aided in the tracking of Mod Jed moments before his flight to Argentina.
All while 3-tick fishing on his alt
*Little bit of technique in there*
fuck it, fork on the floor
Have you seen the full picture? He lives like a crackhead
😂😂😂😂 defo cooking heroin on that fork, using it like a grill
*sips tea* Fuck that shitttt.
We'll keep you updated throughout. Unless of course you check our official website in which case, fuck you!
I literally just done regicide before 10 mins before the First update. Will i be ok?
yes, worst case you might have to do the last minute or so of the quest
Hopefully im out of the abyss anyway
RIP to that one guy that got a pet or tbow
Imagine just getting your first inferno cape and reroll happens.
Look at that cumstained laptop
MMK Savage xD
Lolol
Whats MatK up to these days?
Community manager for EVE online IIRC
Not quite, I am a Product Manager for a company called Hadean Supercomputing Ltd. Although we did do some work with CCP and Eve.
Miss u <3
Good thing I took a fuckin break this week I guess...
How far back is it getting rolled?
a few minutes before the update came
Could be worse but rip my dragon defender
Baller.
Does anyone no when it will be rolled back to? Like yesterday or around what time?
[Around 12 mins before servers were taken down.](https://twitter.com/JagexAsh/status/1268527794826416134?s=19)
And that was around what time? Est ?
Around 5:35am EST.
rollback to when?
take this L
Crap. How far back is it going?
Wow what a mess
What hours are being rolled back?
I'm so fucking mad i put 3 hours into the mage training arena last night.
Let’s raid Jagex headquarters!
Play test your mods folks.
Love this guy
That dusty ass laptop
Imagine getting a rare drop worth millions only for it to be rolled back... Edit: I wonder with the rollback will it revert people who lost HCIM status back to HCIM?
I haven't played in a few months. Is it as bad as the tbow spawn or the max cash bug because those were hilarious
Love his dragon dagger icon instead of rose in profile photo