ahhh, the #spacestation14 drama is coming to an end. thank fuck.
tho they're going back to a single auth system, it's still cool that two different auth providers did actually function for a little while there, shows it's possible and that the community will figure it out if the centralized authentication ever has problems again.
[SS14] FFFreezzonn Liizahard.... (Live commentary)
imagine you wake up floating alone in space. you're in a ninja spacesuit and you have all kinds of cool space ninja toys, and objectives to go break into a space station and sabotage and blow stuff up.
while you're floating there getting your bearings and trying to figure out what all this cool new equipment is, a colossal, continent-sized space whale slowly appears in between you and the planet you're near.
lovely #spacestation14 vibes
This situation really does suck. Much of the community is assuming that spacestation14.com auth can no longer be trusted or relied on. But then a bunch of the community moves over to another stack that, frankly, I don't trust and don't want to rely on either, given how they've handled this split.
If I were making a decision in a similar situation, I would likely NOT have gone ahead with spinning up an alternate auth stack from a database backup. I would fear potential legal issues from doing so, and it requires asking thousands of users to do things that nobody running SSO should ever ask their users to do.
I would either wait and see how things shake out, or at least I would force everyone to reset passwords, 2fa, and backup codes if it was absolutely required.
But now I'm treating both spacestation14.com and playss14.com as untrustworthy, and I shouldn't have to do that.
It rubs me so incredibly the wrong way that, to join Starlight (and likely a bunch of other servers), I have to either do these two steps:
1. set an env var (via steam launch options) to override the auth server for the #spacestation14 launcher (SS14_LAUNCHER_OVERRIDE_AUTH=https://auth.playss14.com/)
2. acknowledge a (rightfully) big scary popup saying that the auth server has changed
or alternatively use a separate launcher provided by playss14.com (or, use Starlight's standalone launcher, but it's motherfucking Windows fucking only so that's not an option on Linux and I'm not fucking running it through wine or proton)
as someone whose last job was on a platform infrastructure security team, I'm absolutely appalled at the current situation for SSO with #spacestation14
Background:
For years, spacestation14.com was the SSO provider for basically all Space Station 14 servers.
There's been some infighting over the past few months about the lead dev holding all the keys to the kingdom, and it's escalated to a split in leadership and ownership.
Currently:
Folks who had been admins for spacestation14.com COPIED THE WHOLE DATABASE and set up an alternate SSO provider and server hub at playss14.com. And at least one major server has switched over to that.
Problem:
I was able to log into an account that I never set up with playss14.com using the same password, TOTP token, and/or backup code as spacestation14.com.
This feels SO EXTREMELY FUCKING SKETCHY. Even if it's truly the same admins and even if they are truly trustworthy, this feels like such a bad fucking idea to just wholesale copy folks auth stuff over to an additional and separate stack.
How I handled this with my personal account(s):
1. went to playss14.com to login. I did NOT enter my password from spacestation14.com. Instead I sent a password reset email, and set a new password.
2. logged into spacestation14.com, disabled and reset 2FA, setup new 2FA, and reset backup codes (storing them safely alongside my old backup codes)
3. logged into playss14.com with one of the old backup codes from spacestation14.com (which I just reset above, so they could no longer be used on spacestation14.com at this point).
4. on playss14.com, disabled 2FA, reset authenticator, setup 2FA again with a new token, and reset backup codes (storing them safely alongside my spacestation14.com backup codes)
now they're completely separate with regard to backup codes and 2fa TOTP tokens.
the second (and occasionally first) most popular #spacestation14 server, Starlight, has decided to deal with an upstream issue with SSO/auth by making their own launcher. Which is Windows only.
Granted, they do say non-Windows users can use the existing launcher by setting an env var so that it uses a spun-off auth provider. but I just don't understand why they need to go make their whole own launcher, and why it __can't__ support Linux until Microsoft supports it in November???
I've already given my feedback on the matter so please don't go dogpile on after I've got my yelling out and filed an issue requesting Linux support. But I am so, so, so frustrated with Starlight making the decision to release their own launcher and not have Linux support built into it on day one. They say it's a limitation of some web view framework they're using, but how about just....not using that framework if it doesn't support Linux, which your own poll showed 22% of your player base uses???
just, unfuckingbelievable, I know I must sound like such the entitled Linux neckbeard, but the whole damn game project has always been completely cross platform, this just feels like such a slap in the face to everyone who's put in effort to that end
Space Station 14 is dying! But you can do something to save it!
[SS14] The Mime and the King of the Tide
Noxy πΎπ³οΈβπ
SuperDicq
Bellcat