First of all, if you're playing the downloaded game, you will have to download a new version of the launcher from here:
The reason for this is that I had to add some authentication bits to the launcher instead of to the game (which is downloaded after authentication), and the launcher can't update itself yet.
- Added support for more records
- Added online authentication for online servers
- The server can now be started in either online/secure mode or offline/insecure mode. A secure server requires all connecting players to first authenticate on www.minecraft.net , then checks that the authentication matches, before letting the player in. A server running in offline mode won't do any such checks, nor will it ask the client to authenticate, but you can't be sure that people who connect really are who they claim they are. Offline mode is meant for LAN plan where you know the people connecting to the server.
- Added ban/pardon commands to ban and unban a player from the game
- Added ban-ip/pardon-ip commands to ban and unban a specific ip (you have to kick the player manually)
- Added op/deop commands to add/remove a player from the op list
- Added player ops. They can send server commands by typing a slash followed by a server command. Server ops can also build/destroy blocks near the spawn area.
- Made the server save terrain more frequently
- New command: “tp ”, moves player1 to player2’s location.
- New command: “save-all” forces a full save to disc
- New command: “save-off” disables all saving (except save-all)
- New command: “save-on” re-enables saving
If you're writing a backup script, please consider making it call “save-off” before doing the backup, and “save-on” when it's done. If you don't do this, you can get corrupted zones in your backup.
Server-side inventory is coming next week, including shared chests and so, and this is also when I will fix some of the bugs in SMP, like the ladder thing and the looking through walls bug.
TkTech contacted me over IRC and pointed out a flaw in the authentication scheme that would let hackers connect to a server a player was last logged into.
This has been solved now by turning the login key into a proper nonce that gets changed every time a new TCP connection is made to the server.
If you worry about name impersonation, I suggest you get this update ASAP.
As you might have seen in news posts and blog updates, some fairly important people who I consider my heroes want to talk to me (I've spoken with three of my favorite companies so far). Initial contact has been established, but nothing concrete has happened yet. I will go on a trip to the US in the start of September to meet with a couple of companies. I have no idea what will come out of it, but hopefully it will be cool.
If anyone in the northwestern area of the US wants to say hi somewhere around then, I'm sure we can work out some meeting. I'd love to meet you!