This evening, I couldn't start FG, and at the same time the Website was down. I'm guessing this is because an authentication server was also down. Is there any way that FG could be set up so that if you've authenticated in the last 48 hours *and* the server is down, it would go ahead and let you load your campaign?

It will still let you load your campaign, but it may take a couple minutes. I believe you can remove the extra time if you disable the alias in your Load Campaign screen.

The only thing that won't work are any Free licenses attempting to connect to an Ultimate license.

Cheers,
JPG

Of course, my experience may not be typical, but when I pressed the "Start" button on the loader, it just clicked back, and didn't move on. But maybe I just needed to wait.

If you have "Enable alias" checked and the server is down you have to wait for the server to time out - which might be a minute or so.

Hi

I am owner of an ultimate license, only two of my five players have bought a license, too. It had happened two times, that I've tried to play with them and wasn't able to because server was down. (not yesterday but on other occasions) This is very frustrating because its not easy to bring them all together and we only play about 15 times a year. Is there a way to automatically upgrade the free licences at server-down-time to regular licences? I am a total noob in such things, so sorry, if this is a ridiculous suggestion. Thank god servers are very rarely down, but if it happens and you wanna play it is frustrating.

Greetings and sorry for stupid language usage
Hastur

Yeah last night was the first time I've had people unable to connect to my ultimate client; it was disappointing to say the least. It would be nice if there was some "it's our fault, just connect" failsafe, but I don't know how vulnerable that makes FG to a hacked client then. Luckily it doesn't happen often.

Is there a way to automatically upgrade the free licences at server-down-time to regular licences? I am a total noob in such things, so sorry, if this is a ridiculous suggestion. Thank god servers are very rarely down, but if it happens and you wanna play it is frustrating.

While this would definitely be a good thing in cases where the authentication server is down, it would be easy to abuse and would compromise the security of the product licensing.

It's definitely something we are interested in solving. Any option will take us some time to develop, implement and test. The leading proposal was to come up with some sort of feature where if it fails to connect, it assumes that it is still okay to continue but puts the system in a probation mode. The product would continue to work on probation for X amount of time and if it hasn't connected successfully to the server before that time expires, then the probation will no longer be accepted. The difficulty is just making sure that we can do it in a way that doesn't make it super easy for hackers to abuse.

Yeah last night was the first time I've had people unable to connect to my ultimate client; it was disappointing to say the least. It would be nice if there was some "it's our fault, just connect" failsafe, but I don't know how vulnerable that makes FG to a hacked client then. Luckily it doesn't happen often.

Thinking of ways to hack that. If auth.fg.com was the authentication site, I could block that at my router or in my hosts file. Might look like it's always down in the software. You can put a date check in there though to make sure validation has happened in the last few days. That could be gotten around with changing the system clock, but it'd be a PITA for a hacker to be messing with a system clock all the time.

Well, you (development types) probably know about how long the longest server outage would be .. let's say it's for four hours. Then if it can't authenticate, an internal clock would count down four hours, and after that you'd have to authenticate. I certainly don't want it to be easy for people to play without supporting you, but on the other hand, I want to be sure that I can play on schedule. But if all I needed to do was uncheck the "enable alias" then that's an easy enough fix for the interim.

Two ideas;

Instead of a allowable date if unreachable, allow something like 2 times of connection (though that would be stored local to the host and could be purged by a hacker)

Second, a backup/alternate authentication server that if the first times out (maybe set a shorter timeout) and one not hosted on the same hardware or same site as the main FG server(s). I would think this would be best, but would require an ongoing cost to SW so :(

It doesn't really need to be overthunk too much. If a hacker wants to "own" the FG software they're going to do it no matter what. A hacker can download the client, hack the licensing into another mode and hack out any checks. Then they can just give that binary to anyone who wants to play with them via direct connections.

What stops hackers are the updates. The next update will blow away the hack change and if the devs see those hacks out there, the update may slightly change the checks so the prior hack doesn't work. Hacking gets even harder when you start to "subscribe" to any service. As soon as you buy the Savage Worlds ruleset or a 5E book, suddenly your binary associates with the account used to download updates and if you have a hacked binary Smiteworks may ban your entire account which nukes you from future updates on your purchased material.

It doesn't really need to be overthunk too much. If a hacker wants to "own" the FG software they're going to do it no matter what. A hacker can download the client, hack the licensing into another mode and hack out any checks. Then they can just give that binary to anyone who wants to play with them via direct connections.

What stops hackers are the updates. The next update will blow away the hack change and if the devs see those hacks out there, the update may slightly change the checks so the prior hack doesn't work. Hacking gets even harder when you start to "subscribe" to any service. As soon as you buy the Savage Worlds ruleset or a 5E book, suddenly your binary associates with the account used to download updates and if you have a hacked binary Smiteworks may ban your entire account which nukes you from future updates on your purchased material.

Old versions of FG were regularly hacked. The current versions are not out in the wild as far as i can see.