Slashdot Mirror

And we might not always tell you what you want to hear.

Back in The Day, I wrote a borg client ("Rogerborg") for Netrek which used a man-in-the-middle attack (and a bit of library overriding) to spoof the RSA authentication scheme used to detect blessed client binaries - Netrek was decades ahead of its time with regard to security.

It was a great learning experience, and convinced me that trusting the client is futile; there are always more people out there trying to crack it than you have developers to protect it. I kind assumed that in the 18 or so years since then that lesson would have been learned, but even to this day, we still see game after game released that try to play whack-a-hack on the client side.

Please take it from me: you can't win that fight. And that counts double if you have to pay developers to effectively fight against the enthusiasm of your playerbase. The more successful your game, the more potential crackers you have.

Saying "Yeah, put some checks in the binary, or ship it with Punkbuster and we'll fix it later."? That's a great strategy if you're planning for failure.

Secure the servers, come up a network protocol that designs out the ability for cracked clients to profit, and you're done. If your game doesn't lend itself to that design - like a twitch FPS where an aimbot can get an auto-kill - then bad news: You. Are. Screwed. Just try to make your costs back before your client gets raped and your game collapses under the weight of the bots.

Can anyone say: NeTrek??

http://www.netrek.org/cinema2/

Ooops. You can still use that client to play, you just need to issue the -o argument like it says to; most servers let expired clients play. It only expired January 1st. But we just took down the front page links to it to avoid further confusion; if you want it, it's still at the big downloads page. Windows and Mac clients work fine, new Linux build up real soon. There are two games going as I write this.

Netrek is still alive and doing fairly well. The client that a previous responder referred to was the paradise-2000 client, the only closed-source client I know of for netrek. And yes, unfortunately it has an embedded expiration date. There is really no reason for the expiration date, especially considering that it's developer is now MIA.

There are other *NIX clients available though such as BRMH and COW, both of which should be available for download in the clients section on http://www.netrek.org./

There are also win32 clients available such as xpmod-4.4.0.4 (http://netrek.keyos.org) and others available for download in the clients section at netrek.org.

As to the vitality of the netrek community: while this is indeed not the golden days of netrek with multiple full servers at any time of the day we are still managing to fill the most popular server, pickled.psychosis.net, every day; and we have resurrected weekly clue games which are doing fairly well. There are also 5 active teams again, even though the INL / WNL are long, long gone.

For more information please refer to the official website at http://www.netrek.org./

Netrek is still alive and doing fairly well. The client that a previous responder referred to was the paradise-2000 client, the only closed-source client I know of for netrek. And yes, unfortunately it has an embedded expiration date. There is really no reason for the expiration date, especially considering that it's developer is now MIA.

There are other *NIX clients available though such as BRMH and COW, both of which should be available for download in the clients section on http://www.netrek.org./

There are also win32 clients available such as xpmod-4.4.0.4 (http://netrek.keyos.org) and others available for download in the clients section at netrek.org.

As to the vitality of the netrek community: while this is indeed not the golden days of netrek with multiple full servers at any time of the day we are still managing to fill the most popular server, pickled.psychosis.net, every day; and we have resurrected weekly clue games which are doing fairly well. There are also 5 active teams again, even though the INL / WNL are long, long gone.

For more information please refer to the official website at http://www.netrek.org./

Can you name one game that has not been hacked or cheats made for it?

I can name you a competitive multiplayer game that has a client/server design that's so robust that cheating has a negligible effect on competitiveness, due to the information hiding, request/react and interactivity model used. That's not quite what you asked, but then your question wasn't particularly relevant to my point either. "Never been done before" is an argument made by defeatists.

Now, I haven't played Legacy on my 360. I was hoping to download a demo last weekend, but it wasn't available. Still, it's getting bad reviews all over the place. So... *shrug*. But there is a free alternative.... I know, nobody cares about netrek any longer. But I remember first seeing this game on a Sun 3/60 back in 1987 or so and was *very* impressed. It's still a fun game... probably a whole lot more fun than this 360 Trek game. Especially if you're into military strategy gaming.

IMO, that's what a lot of these recent trek games is missing. They focus on the characters, interior imagery of the ship, and blah blah blah. I would love a game that focused on presenting a realistic 3D galaxy with various groups fighting over borders and resources. A kind of MOO Axis and Allies in space, if you will.

Just - please - no FPS type stuff set in Trek-Land. Feh.

I dunno, I always thought the best Trek game was Netrek :) It definitely made time in the computer lab go by much faster.

Netrek is the probably the first video game which can accurately be described as a "sport." It has more in common with basketball than with arcade games or Quake. Its vast and expanding array of tactics and strategies allows for many different play styles; the best players are the ones who think fastest, not necessarily the ones who twitch most effectively. It can be enjoyed as a twitch game, since the dogfighting system is extremely robust, but the things that really set Netrek apart from other video games are the team and strategic aspects. Team play is dynamic and varied, with roles constantly changing as the game state changes. Strategic play is explored in organized league games; after more than six years of league play, strategies are still being invented and refined.

I never did finish my degree, despite taking several extra years (part-time) attempting to complete courses. I did get pretty darn good at netrek however. My guess is his priorities are probably a tad different from mine.

1. One form is simply that a game player likes the computer game. The player might spend hours on playing the game. A good example of an absorbing game is Netrek of the early 1990s. Many geeks at UC-Berkeley spent hours on playing this game instead of working on their Ph.D. dissertations.
2. Another form is a means to escape an abusive household. The article at the "Washington Post" states, "'I can understand my son's suffering,' she said. ' He could never satisfy his father and was failing at school. But when he plays his games, he becomes an undefeatable warrior.'" When parents physically or emotionally brutalize their children, the victims try to flee to safety. In a Western nation, most people oppose child abuse and would offer to help the victims of abuse.

   In Korea, the story is quite different. In Korea, you would consider someone with different blood to be inferior and to be not worthy of your help. The overwhelming majority of adopted Korean orphans are adopted by Westerners. The typical Korean could not care less about orphans -- or abused children. In this kind of cold, brutal environment, an abused child has nowhere to run. So, the child escapes into on-line gaming: a fantasy world where the abused child can have the wonderful childhood that he cannot have in real life.

I can remember people getting unhappy about bot-clients in Netrek, way back in 1994...

Interesting point. In fact, I noticed this with a game called Netrek that I used to play in the early '90s at Cal (it's still around--the game and the University :)

Basically, people got sucked into an open source game with a very flat learning curve and complex teamplay by going to labs and seeing people playing it during work breaks and late at night (despite a NO GAMES) policy that was spottily enforced by the "web trolls". A lot of the cultural aspects of the CSUA, a CS student social organization, also stemmed from people hanging out and working in close proximity to each other in these labs.

When home PCs (and broadband in dorms) became more ubiquitous, a lot of this was lost; the geeks didn't hang out so much anymore. Interestingly enough, at about the same time you started getting an upsurge of people wanting to major in CS-related topics due to their perceived profitability in the dot-com market, so you got a far higher percentage of non-hardcore-geek types who just did the academic work and that was that.

Don't forget all those poor nerds sitting in windowless university basements for years on end, no sunlight, no social life, no access to reality, sacrificing all to bring forth things like http://www.nethack.org/ and http://www.netrek.org/.

I don't know anyone else still playing network games from 1996 except for Quake.

Your point, in general, is taken, but there are those of us that still enjoy a game of Netrek now and then :-P

Shit, now I feel old...


Mechanik

Exactly.

This looks like less fun than the almost aincent nettrek game. Not to be a slam on nettrek, it's addictive as hell and insanely fun for something that is a game I remember playing back in the 1.2.x kernel days.

But this "expansion" lacks goal and drive. in nettrek you are to capture planets and there is a great amount of teambuilding and roles and tactics that can be used. people will take risks in order to attain the goal. anything where you are a single player and you die that player dies, is always full of people that are overly cautious and or do nothing but increase wealth in the game.... whooptie doo.. I want combat, good space combat!

I always wondered why the developers of nettrek and parsec dont get together and make a combination that would kick the living arse of games like starwars:light speed

The weak point is that it's possible to extract the private key out of a blessed client and use it to sign challenges in a hacked client, but the impact is mitigated since it's very easy to remove the compromised key from the list of approved keys.

Anyways, certainly not 100% protection, but it stops casual cheating, while still being open source.

No plot at all, unless you count things like the t-mode messages. Goldmine for a movie, better as one of the oldest multiplayer games in existance!

That's pretty interesting.

I am an avid (if second-rate) BF1942 player, on regular BF, RTR and SW servers. I've only seen about 3 players in the last year where I definitely suspected cheating, including engineers who would score headshots on moving, concealed targets at massive distances while jumping (!).

Out of curiosity, I once downloaded and tried out a few cheats, including an aimbot. They were utterly horrible and useless. First, a complete pain in the ass to get installed. Second, the ones that ran outside the cilent slowed my machine (2.4ghz PIV/1 gig memory, good gfx/sound) to a miserable crawl. Lastly, the only one I found even remotely useful, one which pointed out players to me, actually hurt me in combat, as I realized I was far faster spotting actual players than trying to associate some symbol with a guy hiding somewhere.

One thing I learned when playing Netrek during several years in college was that 'borgs', or partial-to-full robot clients, never substitute for skill. This is a generalization, I realize, but it usually holds for BF1942 as well. Only someone who knows what they are doing and is generally pretty decent on his own merits will be able to use a cheat as a crutch, and those players are usually good enough not to have to/want to.

In addition, the beauty of large, objective-based games like BF is that the effect of the odd cheater may increase his personal score, but it is no substitute for a decent team with good cooperation and clue. Yeah, a cheater may defend a flag better against one or two people, but if you have a few decent players going for the target, it's no different than without cheats. Sure, we all look at our scores, but I'd rather play to win the game for my team. If I fight the cheater on his own ground (i.e. turn it into a personal, one-on-one vendetta) I will probably come off the worse, and my team will be down one useful player. Do as master Sun says, flow around obstacles :) The hackers may tweak the laws of statistics a bit, but they can't defeat them.

All in all, actual cheating hasn't bothered me nearly as much as the backlash from it (good players automatically being labelled 'cheaters').

I'm going on 30--I nearly fucked up my college education by spending aeons of time on Netrek and progressed from that to C&C, to Red Alert, to Tomb Raider (my girlfriend loves to watch me play for some reason) to Half Life to Homeworld to Deus Ex to Battlefield 1942 (which I play pretty often.)

I was never too interested in always trying out the latest and greatest, but I notice increasingly that, once I've found something I enjoy, I tend to stick with it for far long--it just holds my attention better.

I don't know how people have time to always finish the newest games right when they come out and move on to something new--the only times I do that is when I find something episode-based or story-based (like Half Life), play it through once, then move on, but I take my time with that, sort of like reading a good book a bit at a time before going to bed.

Don't I agree with you. BF1942's eject feature is a bit lame, especially since (a) most average players have no idea what the console even looks like, and (b) it takes so many people to eject, even if it's a tkick instead of kick.

However, I've seen eject done with lower threshholds in Netrek, with the predictable result that...you can imagine what happens when the twat quotient passes a certain level. Of course, those aren't really games you'd want to be in anyway.

The thing I don't like about the supreme hand of dog kicking idiots out is that it's too subjective. Of course, as we also saw in Netrek, servers with excessively restrictive policies (i.e. server god being too ham-handed) quickly turned into ghost towns. The market decides, and all that.

As it stands, I find the most effective moron cleanser (wipes morons away!) to be a bit of patience and a steady aim. If there's one on the other team, the fair thing to do is to hole up somewhere reasonably safe and make sure you whack them again and again. They're usually not too skilled, and give you easy kills. If they decide to start coming after you, well hey, I've found that it sharpens my attention immensely to have to constantly watch my back from some idiot child who's pissed off at me.

Remember, if you can get them _that_ mad by just playing regularly, they don't shoot straight...

Hmmm...

4 Armies/Races.. take over planets to establish galactic dominance...

Sounds familiar.

clicky linky

My sympathies. Honestly. This might be the right point in time to mention a solution to the l0z3r problem we had at Berkeley.

Vice Provost of information technology Ray Neff (he of the Berkeley CSUA Ray Neff Risk Tournament, so the lore goes, one day decided that Berkeley needed something on the level of CMU's Andrew system.

So Ray buckled on his suit and trusty sheaf of purchase order forms, and bought several thousand Sun 3/50 workstations and 4/whatever servers (yes, those of SMD disks.) As the story claims, this put Sun on the map, more or less.

The reaction to this, given that he put the UC CS department into hock for several years, appears to have been "you bought _what_?" Needless to say, ole' Ray wasn't given the chance to get long in the tooth in that job.

4 megs of memory, b&w 19" monitors, swap over the net. On a shared 10mbit segment. Yee-haa!

The upshot of all this is that, if someone logged onto one of these things via the modem annex to do something pointless like, oh, I dunno, CS61B homework, the machine became useless, I say USELESS for dooshing (slang for playing Netrek, the greatest game ever written.)

Good thing a certain Mr. Mehlhaff (evil ERic, to be exact) wrote a nice little proggie called "N0H0Z3RZ". ~> bin/N0H0Z3RZ would grab all ttys left of the machine's 38 total (1 being used for a twm xterm from which to start a netrek client.) All this, of course, after a swift L1-A (L1 being the equivalent of 'stop', for you post-type 3 keyboard sun weenies) to drop the box into OBP for a few minutes while waiting for the idiot currently logged in via modem to get off, then 'go' to get back to the really relevant bits.

Whacking Klingons.

It makes me nostalgic for the days when technology mattered, really.

"What fuel is there on the moon?"

Dylithium Crystals. What else is there ;-)

> How is it that the RIAA can see what songs you're sharing.

The classic game netrek had a lovely feature called a "cluecheck" where on some servers, you had to answer simple multiple choice questions using the in-game messenging system before being allowed to play. Can I suggest something similar for Slashdot. Here's one to get us started:

If you choose to run a P2P client/server that works by serving content to anyone who asks for it, should you expect it to know that it's the RIAA asking, and to refuse to talk to them?

1. YES TEH CONSTURTUTIUN PORTECTS MEE!!!!!!
2. What's a server?
3. Oops.

Cool point. I played Netrek for many many years, and the 'borgs', or robot/semi-robot players usually didn't have much of an effect on game outcome. They would make the less-experienced players get pissed off and leave, which is a regrettable side effect, but they would often be replaced by better players who were more focused on winning games than battles.

It's not really a shooter per se, but Netrek is quite playable on older machines and slower connections. Plus it's a damn good game. Maybe the best team game ever written.

http://www.netrek.org

http://www.google.com/search?q=netrek

<Grumpy old mans vocie>

If you want to roll your own: http://quozl.netrek.org/ts/

I bought the kit for the one on the second link and it works great.

Hey, what the fuck is an Ogg?

This is.

*DOOSH!!*

Note, I'm not a really hard-core gamer or expert, so take this with a grain of salt, but...

Cheating in online games is always going to be a problem. You won't solve it, but can at least reduce it to the point where a server admin can deal with individual accusations.

-Only send each client information it really needs.
-Use checksums on binaries and libraries and things.
-Try to get more 'mature' gaming crowds together. I have noticed vast difference playing Battlefield 1942 at various times during the day, such as when it's mostly high school kids, or people with jobs who start playing after dinner, whatever.
-Make it clear that cheating sucks and won't be tolerated--this can help catch the remaining people with aimbot screen overlays and things that automated means won't take care of.

Netrek used some anti-cheating mechanism, by embedding an RSA key in every "authorized" client, to which only a few developers known to the "RSA guy" and the Netrek community as a whole had access. Imperfect system, but it reduced use of bots to the point where it didn't really matter.

Also, one thing that a lot of people forget is that a lot of 'active' cheats (mainly bots in action games) fall into one of two categories:

a) Fully-automated -- these are predictable.
b) Partially automated -- things like aimbots. Their "owners" probably suck otherwise. If they see you, they'll get off a clean shot, but you don't have to confront them directly to smash them.

I am usually sufficiently gratified when I crush someone I suspect strongly of cheating by knowing it's probably some whiny 13 year old staring at his screen in impotent frustration to not really care about the other 9 out of 10 times he's beat me, not by skill but through some technology he most likely didn't create.

This is one of my favorite topics whenever games come up, but an interesting trend I've seen with Netrek, a multiplayer graphical (albeit fairly primitive) free online space combat game.

It's been around in various forms since the early 1980s, going from text-only iterations, to xhost-and-telnet on unix/VMS, to client-server, to multicolored, to multiplatform. Funny enough, even though the action is comparatively clunky-looking (10 updates/second) and the graphics look like they belong on a mobile phone (ships are 24x24 pixel bitmaps) the game still has a very large following, even a league.

I like comparing this sort of thing to chess--a game becomes refined over time, while games lacking the potential for such maturity are just forgotton. Frankly I don't think that the rules of chess have changed within my lifetime; that's because the game is as balanced as it's going to get.

When Quake first came out and went online, we scoffed at it as a flash-in-the-pan that wouldn't last. We were partially right, as you'd probably be hard-pressed to find people who play Quake I anymore. However, the whole FPS genre matured enough to get people to play it fairly seriously. Same with games like StarCraft (look at how much it's played in Korea.)

I think this goes to show that, parallel to the 'newer-and-flashier-is-better' way of looking at game development, as well as the need for constant innovation, there are proven game types, which evolve to the point that the gameplay is almost perfect and thus supersedes the actual way the game looks. As the author of the piece hinted, you put movie character faces on any FPS and name it after that film, but fundamentally the gameplay wouldn't change.

The Paradise game client already had a kitchen sink (version 2.2p8).

This variant of the game Netrek, which completely revamped the gameplay of the original and added a ton of 'features', many of which tended to irritate purists of the game. The client developers added a little outline kitchen sink which would pop up on the screen when a given button was pushed, along with the phrase 'Kitchen sink activated! Bad guys beware!'

Just a piece of trivia for you, and a great game at that.

No Netrek? Come on, get a clue :)

No Netrek? Come on, get a clue :)

At least netrek is addictive without the monthly cash.

And the game hasn't been improved in years! (Well, unless you count the extinction of Paradise...)

Netrek figured this out about fifteen years ago. The source is open, so it was assumed from day 1 that clients couldn't be trusted. Attempts at client authentication were added later, but those were add ons (and could be and were subverted), they weren't the prime means of preventing cheating.

The strength of the Netrek model is that the game was designed from its infancy to send exactly and only the information that each client needs to display what it's supposed to be displaying. For example, cloaked units are supposed to be shown as unidentified contacts and on the galactic window only, with erratic position and irregular updates. One of the first things a hacked client developer will do is to display them on the tactical window as well, and there's nothing that the design can do to stop that. Also, it's not perfect; an ID is sent for the cloaked units, so the client can show what they really are. However, the server does only send irregular updates, and it flat out lies about the position, heading and speed of the unit, so the client can only show so much.

One of the most controversial design decisions involved torpedo weapons. The servers sends "start" and "end" packets, but instead of sending speed and heading and letting the client handle movement of the weapon, it sends regular "position" updates, with a jitter built in. This increases the bandwidth requirement significantly, but it means that the client doesn't know the exact speed and heading of the weapon, so can't make an easy calculation about how to dodge it.

The Netrek model is replete with decisions like this. There are a few snafus (like the cloaked ship ID), but in general there is very little that a client can display that it's not supposed to. And believe me, I tried.

The reason for this tight design is simple if you think about it. Netrek, like XPilot and Xfire, was originally an X-display game. The server handled both mechanics and display. When Netrek moved to a TCP(later UDP)/IP based model, that model was preserved and the server took on a lot of responsibility for culling information that each client shouldn't know.

It never fails to amaze me that commercial games developers never seem to learn the lessons that open source projects can teach them. I know (from bitter experience) that there's a huge rush to get results on screen, but hey, guys, do it right, don't do it twice.

Um, perhaps you're thinking of Netrek, a completely unrelated game (save for having a name starting with "net"), which does use signed clients to exclude players using robots or cyborgs?

For networked nethack, the "client" is (as others have noted) a remote login program like telnet or ssh, so that kind of cheating isn't so much of an issue. Although, in simpler times, there was ROG-O-MATIC...

• Using a bot to play a game is pretty lame.

Writing a game that a bot can beat a human at is pretty lame. I spent years hacking a netrek cyborg/bot client, and finally came to the conclusion that I was, by and large, wasting my time. Info features were useful, but as for getting it to fly and aim weapons, it got smacked by clued human players nearly every time, because the mechanics of combat meant that you had to beat the opponent, not beat the game engine. It shocks me just how badly designed most commercial game are in this respect: they give too much info to clients, they trust clients too much, and they allow dreadful behaviour like "Make an immediate turn to point right at opponent X, and fire the railgun. Gib!" Tsk tsk.

Back in the day, when I was hacking netrek, I had a damn good go at writing a learning robot client, using a genetic algorithm.

I failed, along with every other developer that tried it. I failed because while the game is composed of simple concepts - speed, turn, weapons, tractors, transporters - the emergent strategic complexity is way beyond an artificial player.

The robot could win dogfights, but while it won the battle, the opposing humans were winning the war. It could never figure out or negotiate strategies. Even if I had got it to play a good strategy, the human opponents would have just found a better one, as they have done again and again when playing each other.

That emergent complexity and strategic depth is what makes netrek such a great game, even today. As a simple rule, if you can write an AI that can beat a human, then you've got a game that's strategically limited, like chess, rather than one where strategy must be a flexible concept, like go.

Note to those looking for staying power: the 1974 game Empire is still being played and developed today as Netrek. The name has changed, the Klingons are back, the graphics and sound have improved and the galaxy has been shrunk to make for fast, intense games, but the essential gameplay is unchanged. 28 years and counting.

And it's the one that the designers of the open source multiplayer action game Netrek figured out from day 1. You accept that the clients will be compromised, and you design your server and your network model appropriately.

It's only very recently that commercial games developers are even beginning to understand this, and they're still not getting it right. For example, Counterstrike now attempts to check that your opengl.dll is correct. Fine, but that still relies on the client being uncompromised and reporting the correct number. That's a small barrier for a crackers with a hex editor.

They really need to get it through their heads: you can't trust the client. Every packet that comes in has to be assumed to come from a borg or robot client, and dealt with accordingly. What this means in practice is:

• The server has the final word on the world state. It accepts only requests for actions from the client, not state data, and it verifies that the client is in a state that it should be requesting this action. If that means that it rejects valid actions from a human player experiencing lag, tough, that's the cost of trust.
• The server sends only the information that each client needs to know. The Netrek server sends position, heading and speed information to clients, but only if there's a friendly unit close enough to scan them, less frequently for distant units, and when it sends information about cloaked units it lies, so that even if you hack the client to display cloaked units, you end up displaying an infrequently updating image of where they might be, which can sometimes be more of a hinderance than a help. All this requires extra processing on the server. Tough. Hardware gets cheaper by the day. Sometimes it means that clients miss out on information, and see things appearing and disappearing. Again, you have to accept that as a necessary price to pay.
• You design your game so that perfect execution doesn't guarantee you perfect results. Unlike the rail gun in quake, for example, in Netrek if you fire perfect vector torpedoes aimed precisely where your target is going, a decent human player will dodge them nearly every time. Instead, you have to use your (human) skill and judgement to decide where your (human) target will dodge once you fire, and fire where he's going to go, not where he was going. Or you fire where you don't want him to go, for strategic purposes. A netrek client firing perfect vector torpedoes is actually a liability against clued players!

This isn't theoretical. I wrote a 'borg client for Netrek (bypassing the pretty darn good RSA binary check that still surpasses that in many commercial games), and found that it gave me at most a marginal advantage. It hardly effected my combat ability at all, and it made only a slight improvement to my strategic ability (by recording the limited information it received and making best guesses about what was actually going on in the game state). It certainly didn't spoil play balance like many FPS hacks do, and it didn't require any server fixes, because I simply could not exploit it very far to start with.

The reason why the Netrek developers understood all this was that it was open source (so it was trivial to hack up a client), and also that servers developers were somewhat separate from the client developers. The server developers could dictate the architecture and packets and the client developers had to work with what they were given. Contrast that with the way that commercial games development tends to get done, with the same people writing both server and client, with a mandate to get it working as quickly and easily as possible.

If I was back in commercial games development, this is the first change I'd make: separate the server developers and client developers, and only let them communicate through the code - and with the server guys calling all the shots. That sounds inefficient, but if you don't make the effort early on, you'll damn well have to do it later, once the problems are out there in the field. We need to fix the attitude endemic in commercial games development that there's never time to do it right, but always time to do it twice.

I also think I've seen someone playing with Paradise 2.99 for Darwin, but I don't see the binary anywhere. As far as I know, no one has ported COW or BRMH to MacOS.

After doing a little searching, here's a link to a Windows client on another page on the netrek.org site that actually works. The ftp server they list doesn't work properly

http://www.netrek.org/cow/

There are still some people playing netrek. If you use Linux, check out my client Paradise-2000. If you download IBM's viavoice package for linux, you can have it speak messages and macros outloud to you.

Another game that still has a small following, but is perhaps the oldest game played on the net over TCP-IP is Netrek. The bronco version (which is closest to the original version and the only version still played daily) is a very subtle game focused on strategy and teamwork. It's easy to learn, but hard to master.

Unfortunately, netrek has suffered a serious decline due to old graphics, and the expiration of the paradise client for windows. Newbies tend to like the paradise version of the game because it's a little more fun, a little less complex, and the clue on bronco servers can be quite abusive.

Anyone else here remember playing Netrek? I know I spent a year of college tuition back in '93-'94 playing the game...

If you're lucky, there are nights when you can play the hockey version of the game. Long Live the SC!

To this day, when I hear the word "Ogg", I don't think about the music encoding format. Ogg is a verb, not a noun.

• the number one problem with online games is cheating

Let the mists of time roll back to the early 1990's. A open source X11 game called Netrek was all the rage. It involved little spaceships flying around shooting at each other and capturing planets.

Now, I loved Netrek, but I sucked badly at it. So I decided to crack it and write a cyborg client that did all the hard stuff for me. Netrek had (has) a fairly robust RSA authentication scheme to try and stop this, with some clever tricks that a most commercial games still haven't caught on to. But I perservered, and managed to insert a spoofing borg in between a blessed client and a server. Hurrah!

So then I added all my borg features. Cloaked ships showed up on the tactical screen. My torpedoes auto-aimed. My shields flicked up and down by themselves, and my phasers would get and keep a mortal lock with one keypress. I even coded up complex behaviour, like engaging a suicide attack that coordinated engines, helm, weapons, defences and tractors to practically guaranteed mutual destruction against a more valuable ship. And what was the net result?

I was able to dedicate more time to read messages and become a better team player. And that was it. Because Netrek had been designed from day 1 to be cheat proof. There was simply very little advantage to be had from it.

Examples: I fired perfect vector torps, aimed precisely where my target was going to be. Only that was pointless against anyone halfway decent, because they would dodge them. Every time. Torpedoes in Netrek are used to deny areas of space, not just to destroy. I couldn't do that.

I could see cloaked ships on the tactical, sure, but the information I got from the server was bogus. Speed, direction and position were all wrong. The server only gave enough information to display vague ?? marks on the galactic map, so all I could do was to make myself more aware of an incoming cloaked ship.

I had defensive systems that were optimal at keeping me alive in a 1 on 1 duel, but Netrek is a team game. Sometimes you have to come in screaming at warp 9, yelling "Damn the torpedoes!" and take the bullet for your buddies. Or you drop shields to take a single hit on the hull, because you can repair hull and shields simultaneously. You don't always want to split damage though, it depends on the strategic situation, whether you think you can defeat your opponent and whether you need to keep your hull intact to maintain top speed to get somewhere else in a hurry. It's all about context.

Lesson learned. Each aspect of Netrek is simple. You shoot. You move. You carry armies. But the interactions are so complex as to make any automated response to any given situtation counterproductive. Add to that a paranoid server that trusts nothing, and tells the client the bare minimum (and occasionally lies) and you have a game that is effectively cheat proof. All that a hacked client could do was give a clueless player the illusion of being competent, and nothing more. It could make a small difference when used in the right place at the right time, but it couldn't get you to the right place at the right time, nor could it decide to hold fire and suck it up in preparation for getting you the hell out of there and off to somewhere more useful. Those decisions took skill and judgement. The best players still whipped my ass in personal combat, and the best teams absolutely creamed the teams that I played in.

Those really were the days, my friends.

And those of us who'd developed Netrek way back in the day read this article and fell about laughing. I mean, these guys could have saved themselves six months easy just by reading the change comments in socket.c ;-)

• • Why doesn't Blizzard provide facilities that enable these emulators to authenticate CD keys through Battle.net?

    In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys

  See above. Blizzard puts bread on the table by making money through software sales. Why should they be required to open up their scheme to allow others to be able to pirate their software more easily?

Please don't comment on issues that you don't understand. This is a bare faced lie, and has nothing to do with encryption or security. Here's why:

There is nothing to stop bnetd from doing this already.

The bnetd server could simply open a socket to a Blizzard Battlenet server, and pass on all packets from the clients until it reaches the key challenge/response. It could then kick clients out if they fail the challenge (although the client should terminate itself if it receives a "go away" from the Battlenet server via bnetd).

Why don't they do this? Because one of the points of bnetd is to provide an independent network to Battlenet, which is buggy and prone to dreadful lag and downtime. Being reliant on Battlenet is counterproductive to the basic aims of bnetd.

However, if Blizzard were to set up separate authentication servers, that do nothing but authenticate encrypted CD keys without having to go through the whole login process, everybody wins. They can keep them up more easily, bnetd can use them with more confidence, and pirates can be kept offline. If the Battlenet authentication servers go down, bnetd could let in anyone, so pirates could only play when Battlenet goes down, and, hey, Blizzard aim for 100% uptime, right? By putting a delay on servicing requests from any given IP, Blizzard could protect themselves against crackers just throwing random packets at them, but they don't really have to, because unless you know the client side encryption scheme, that still doesn't help you get valid keys that you can use.

There is exactly zero implication for security. The bnetd server would send on exactly the same encrypted client packet that it already receives. All packet passing is verbatim, there is no need for Blizzard to reveal any details of their encryption scheme. Bnetd doesn't even need to know what a "yes/no" response from the Blizzard servers looks like, although it would be trivial to sniff, and better if they did know, as they could then forcibly terminate the client.

Reminder: bnetd could do this already. Your ISP's routers are doing this already.

There is one slight caveat. Blizzard might have done something "clever" like pack the result of a getpeername() into the CD key packet as Netrek does with it's RSA packets to stop people inserting hacked "borg" clients between an unhacked client and a server. But there would simply be no reason for Blizzard to do this, and it would actually be counterproductive, as it would place a known and easily manpulated piece of data into the encrypted CD key packet, give a hint as to the encryption scheme used.

To recap: this particular statement from Blizzard is a big fat lie. I'm a professional network programmer, and I've hacked enough lousy and not so lousy encryption schemes to know. If you disagree, please spell out where the security hole is, because I'm simply not seeing one.