UK Rule Compliant Vault Script

[Cymopoleia]

Hi,

So I've been speaking with the creator of the original Vault script as I wanted to make a UK compliant version such that we can use Vault on the UK server. I have started this process by making a fork of the current latest repository found here.

I intend on removing any code which is not compliant with the rules of the UK market, test it still runs and operates as vault normally would and then submit the code base to the mods such that it can be deployed and hosted internally on the media.innogamescdn.com/com_DS_UK/Scripts domain. Thus, the only people with access to the data stored will be whoever has access to that domain (NOT ME).

This raises some issues and queries, the first of which is that Vault is much more than a screen-scraper javascript script, it is a set of executable services that all need to run on separate ports as well as a Postgres database, therefore making it more complex to deploy/maintain and ultimately costing more in terms of server costs and the labour required as stated. The specifications I got for the server/VM to host vault were a minimum of 2 cores and 4GB of memory so that will need to be accounted for.

Additionally at the moment deploying the application as it stands is not simple and the documentation for it is out of date, having spoken with tcamps this should hopefully be resolved and you will be able to launch the application using k3s which should make it a lot easier for anyone to deploy it, however, this isn't definitely going to be added anytime soon but it is favoured by him. This process could also be replaced by a single scripts that will pull/build/install everything and if there is a preference on this please let us know.

Finally, referring back to maintenance as detailed in the original post only major defects will be fixed and if this were to happen it would require a merge with the original repository to get that fix which will need to supervised such that the fake script isn't pulled back into the UK version.

To be clear this isn't ready yet, it is a working progress to iron out the details I'm making this post to ensure this is all good and also that it can be hosted internally.

Cymo

 

[Brian the Messiah]

Isnt this the script that sends all data to a private server and stored there?

 

[Cymopoleia]

That is how the version used on .us and .net works because it is owned and hosted by the creator. As mentioned in my post there is a postgres database which the application uses to store data. If it were to be hosted by TW then you would have your own database and you would be in control of who has access to it.

 

[tcamps]

Isnt this the script that sends all data to a private server and stored there?

I've seen similar quotes elsewhere here, so I'd like to comment. This response is to more than just Brian's comment.

I won't claim that there's much beyond good faith in ensuring my securing of the server. The concern then is that I may be mishandling security, or that I may intentionally leak data.

Tarnishing the Vault's reputation or getting it banned would be a slap in the face to the time I put into it. The idea that I have or will mishandle the data is a concern that's been around for years, and my response is the same as always - it makes no sense for me to compromise the security of my own tool. If there is a real concern, come forward with it and I'll see what I can do to address it.

If TW staff wants to connect to the server and inspect it, let me know. Ask the support staff/mods from .net servers - Vault development involved frequent communication with staff to meet security and legality concerns. For a little while there was an SMS/texting feature for reminders on launch times, etc. Before adding this feature I did an overhaul of security measures since phone numbers are extra sensitive. The feature was later removed but the extra security remains.

I don't treat any of this lightly, and do not appreciate uninformed jabs at my work. (Again, this isn't entirely directed at Brian's comment, but at some Vault skeptics in general.)

If there are any further questions, let me know.

 

[Marcus the Mad]

Spoiler

I've seen similar quotes elsewhere here, so I'd like to comment. This response is to more than just Brian's comment.

I won't claim that there's much beyond good faith in ensuring my securing of the server. The concern then is that I may be mishandling security, or that I may intentionally leak data.

Tarnishing the Vault's reputation or getting it banned would be a slap in the face to the time I put into it. The idea that I have or will mishandle the data is a concern that's been around for years, and my response is the same as always - it makes no sense for me to compromise the security of my own tool. If there is a real concern, come forward with it and I'll see what I can do to address it.

If TW staff wants to connect to the server and inspect it, let me know. Ask the support staff/mods from .net servers - Vault development involved frequent communication with staff to meet security and legality concerns. For a little while there was an SMS/texting feature for reminders on launch times, etc. Before adding this feature I did an overhaul of security measures since phone numbers are extra sensitive. The feature was later removed but the extra security remains.

I don't treat any of this lightly, and do not appreciate uninformed jabs at my work. (Again, this isn't entirely directed at Brian's comment, but at some Vault skeptics in general.)

If there are any further questions, let me know.

As far as scrutiny goes, and I'm not overly tech savvy, but as long as it's not entirely open source, you're going to get that sort of questionable looks from people with at least a bit of knowhow. From the GitHub I seem to understand that you do state that the private version is slightly different from the source you've put on GitHub. Which is fair, but that does mean that there will always be a feeling that "we can't be certain", whether you can appreciate that or not doesn't really factor in at that point.
Taking into account some passwordvaults get bashed for that when they get reviewed, while I don't think you'll gain much from it nor that this vault is even remotely as sensitive as those, it's still 'a concern' for people, informed or not.

I'm not trying to come after you or your script, nor your integrity, but there will always be people who scrutinize and they will grasp at every straw. At that point it's your choice to ignore it or try to 'educate' them and thoroughly explain how it all works. The latter takes a LOT of time and may not even give results (conspiracy theorists... vaccines and autism...). If I were you, I wouldn't get overly upset about it as long as there is no real negative influence on your persona.

I for one, pulled the auto-updating map gifs (evolution of world XX) down due to massive storage usage (we were up to a TB of images), strain on my server and some people plain ol' nagging about silly things with them.

 

[d1mension]

Apart from the better staffing, less ego trippy community and fun uk vibe

.uk has always set itself apart from other servers with its superior script rules, scripts to add functions that should have always been in game like taggers for example are kosher, but all this automated tw is not welcome

automated crap are tools of the lazy yanks, i played .net for years and find it very refreshing a server where for the most part interacions between other players are done by the account owners, i can live with some scripts that make the pve side of tw less strenuous, no one minds being op vs barbs, but all these flash tools and automaters for me at least arnt the least bit welcome.
If you want macro filled easily digestible simpwars, by all means thiers plenty of other servers out thier to utilise said tools.
But uk has historically, and should retain a higher bar in blocking these scipts from tarnishing tw.