Slashdot Mirror
Enlisting Game Hackers Instead of Fighting Them
CVG recently spoke with Christofer Sundberg, co-founder of Avalanche Studios, the company behind Just Cause and its sequel. Sundberg expressed his disdain for both DRM and poor cross-platform ports, and talked about how he sees the hacker community as more of an ally than publishers do. Quoting:
"'... 50 percent of the people that work for me come from a hacker background - that's true.' When asked whether approaching leading hackers and asking them to put their programming skills to good use was a wise idea, Sundberg added: 'Oh yeah. I absolutely think that's a fair approach, to think about how these people can fit on the right side of the law. It's one way, at least. Perhaps the truest pirates are too much down the road of anarchy to ever work with you in a proper way; these are the guys who see us as evil! But in Sweden the [hacking] scene was huge... As a studio, we've found that there's definitely a lot of talent [in that community].'"
My cat, Joe, is a proficient hacker.
Hebrews 11:8
Jeremiah 33:3
this article used two words wrongly: Hacker and PC - http://www.gnu.org/philosophy/words-to-avoid.html#Hacker - http://www.gnu.org/philosophy/words-to-avoid.html#PC
"The DRM does not stop piracy," he said, "it just punishes the people who have actually paid for the game. It's completely useless."
Agreed. So that must be why Just Cause 2 doesn't use any DRM.
Oh, wait, it does. And it punishes people who have actually paid for the game.
So at least his customers agree with that statement.
That being said, Just Cause 2 is a lot of fun. Unfortunately, the Square Enix taint is already there, and you get half a game out of the box with the rest being released as an endless stream of DLC.
And now that they're published by Square Enix, I wonder how long until we hear about Just Cause 2 2?
At least Square Enix has a fairly simple form of DRM that they employ. The just make games no one in their right mind plays.
I wonder how much of his coders come from the cracking scene, and how much from the demo-scene.
The cracking scene has always had some ties with the demo scene (and in some cases demo groups where the 'legal-branch' of some hacking groups) but cracking PC games does not bring much skill for game coding. (or is x86 assembly code really such a special skill these days?)
The fact of the matter is that in the 21st century, media & games companies have set goals of ensuring that customers don't hang to things for too long & are always clamouring for the next upgrade with wads of money in their hands - we've already seen the results of this with the movie & music industries.
In the movie industry, it's about rechurning concepts that bring in vast profits quickly - a constant barrage of 3D movies, CGI animations with cute animal characters & endless sequels.
In the music industry, it's about elevating unknowns to pop star fame in very short periods of time, then dropping them after a year or two when they probably start getting too belligerent & demanding too much money.
The games industry is no different, games companies do not want their customers hanging on to games for too long - because they want customers demanding the next release as soon as possible. Unfortunately, the difference here is that the average new game costs at leasts 3 times as much as a new music CD, a new movie DVD or a cinema ticket.
Games hackers are therefore seen as enemies of games companies because the "nice" hackers create (at least for PC versions of games) mods that can prolong the life of a game many times over, resulting in customers being entertained for a lot longer before buying the next game, whilst the "naughty" hackers break games open so that others can copy & play them.
This is precisely why games companies (for the most part) have worked hard to convert PC gamers to console gamers because a console gamer can be restricted in what he/she does with the game a lot more than a PC gamer can be - consequently, this is why the number of PC games titles have tailed off dramatically over the past few years, despite there probably being more people than ever who own PCs and who play games. In other words, it's an artificially induced extinction of PC gaming to suit games company coffers.
As a PC gamer in my 40s, I wouldn't for one minute want to compare myself to teenage or younger gamers. But I still play a lot of PC games today despite buying very few (in all honesty, the only PC games titles I sit in anticipation of are the Fallout series ones) but I don't copy or pirate any either. All I do is enjoy playing and replaying old titles with community mods & levels, I also do a lot of retrogaming.
If the youngsters of today need better & better graphics in a game for better immersion then good luck to them & I'm not one to argue with them - if anything, graphics were something that appealed very much to me when I started computer gaming on the ZX Spectrum & the Commodore Amiga.
But ultimately, it all comes down to the hackers who write mods & emulators that allow me to satisfy my gaming needs without my having to buy any new games - not to mention, as a mostly Linux user anyway, the large number of Open Source games like Alien Arena and World Of Padman where, if I feel like a little multiplayer gaming, I can dive online for a half hour or so without having to spend weeks in an MMORPG or the like.
Gentoo Linux - another day, another USE flag.
I know, it's really tough to generalize like that but I ask this question because of an experience I am having right now and it's the very burning question I seek perspectives on.
My programming background is more formal. When I plan a project, I plan the UI, the data structures, the program code and of course, the intended functionality. Only after that do I start coding.
When I started in programming, I was a kid -- I just wanted to write code and see what I could make it do but I eventually outgrew the idea. But the more I did that, the more I realized I didn't know what I was doing and the more complex my programs became, the more lost in them I became. Those problems led to my needing to become better educated and more systematic in my approach to coding.
I have a co-worker who is absolutely enamored with hacking and cracking. He is by all definitions a script kiddie. He has managed to generate some simple apps which are useful, but when I look at the code, I am ... well, there is no kind way to put it -- it looks like a teenage boy's bedroom. And while he is coding his current project, he is routinely banging his head on the keyboard trying to figure out why he is getting segfaults and the like until he gets himself through that step of that module of code.... (I presume there is going through steps and modules) I have watched him kill himself over not knowing when to use an ampersand to pass a pointer or what have you. That's when it hit me -- he still has no grasp of C coding fundamentals -- it is not a part of his inherent thought processes when his is "thinking code into an editor" which is what a good programmer should be able to do.
As I said, I have seen his source code in PHP projects... not good. I have seen where he left output generated by program unclean and incomplete. Now I see he simply doesn't think in code at all --- he spits out commands and then tries to get them to work. All he does it hacking and cracking... he actually uses metasploit and meterpreter scripts in administrating PCs on the network.
And it goes without saying that none of this is documented particularly well if at all.
So the question is one I believe I already know the answer to -- are hackers/crackers better programmers? I think no. But what does anyone here think? I am pretty sure some will take the opposing view point and I suspect they will be the same people who once asserted that validating your input is a waste of processing and code execution time.
I have a co-worker who is absolutely enamored with hacking and cracking. He is by all definitions a script kiddie.
You pretty much answered your own question: he is a script kiddie, not a hacker or cracker. Hackers are elegant and, in my experience, have a higher sense of intelligence and thought process. That's often the divide for people who go to school to earn their degree in computer science and the ones that are successful programmers without going to school to earn their degree; the formally educated feel like they deserve some bonus credit because they blew tens of thousands of dollars getting a piece of paper. Don't get me wrong, going the degree route is the smarter choice overall, but it certainly doesn't give merit to your skills. In fact, I'd probably hire a seasoned hacker over someone with less than 10 years of school-earned programming experience.
And we might not always tell you what you want to hear.
Back in The Day, I wrote a borg client ("Rogerborg") for Netrek which used a man-in-the-middle attack (and a bit of library overriding) to spoof the RSA authentication scheme used to detect blessed client binaries - Netrek was decades ahead of its time with regard to security.
It was a great learning experience, and convinced me that trusting the client is futile; there are always more people out there trying to crack it than you have developers to protect it. I kind assumed that in the 18 or so years since then that lesson would have been learned, but even to this day, we still see game after game released that try to play whack-a-hack on the client side.
Please take it from me: you can't win that fight. And that counts double if you have to pay developers to effectively fight against the enthusiasm of your playerbase. The more successful your game, the more potential crackers you have.
Saying "Yeah, put some checks in the binary, or ship it with Punkbuster and we'll fix it later."? That's a great strategy if you're planning for failure.
Secure the servers, come up a network protocol that designs out the ability for cracked clients to profit, and you're done. If your game doesn't lend itself to that design - like a twitch FPS where an aimbot can get an auto-kill - then bad news: You. Are. Screwed. Just try to make your costs back before your client gets raped and your game collapses under the weight of the bots.
If you were blocking sigs, you wouldn't have to read this.
I think you're sort of answering your own question. He's not good at what he does, and evidently can't work or think in a structured manner, so he's a bad hacker/cracker/programmer/what-have-you. Personally, even though I don't have a formal programming education I think that it's intuitively self-evident that any "competent programmer" can learn to break copy-protection/write exploits/etc, not because "it's easy" but because most security holes that can be exploited are perfectly evident if you actually understand the systems that incorporates them. You could think of hacking/cracking as a specialized subset of programming.
Buffer overflows and stack/heap smashing attacks are as obvious as brute-forcing passwords or SQL injections if you understand how the processor and OS executes code and manages memory. But of course learning those things requires structured, hard work.
Emotions! In your brain!
That's really just it, though. DRM isn't enough to enrage the masses in most cases. You have the extreme outliers like the blow-up over Spore, but all-in-all, people just don't care. Most people will simply pay their $60, play their game, and never be the wiser.
Just Cause is a GTA style sandbox game. You're a CIA agent in a tropical paradise ruled by an evil Communist dictator who has to be overthrown because he's evil and Communist. You go around fomenting revolution. You play the "good drug dealers" off against the "bad drug dealers." You play the civilian police off against the army. You assassinate members of the Evil Communist Dictator's government. Pretty much, you go around wreaking GTA style havoc.
Oh, and advertising materials said that the island was something like "100 times bigger than GTA III." So in order to get from your successful mission with the Good Cartel to your CIA contact who will tell you to go assassinate the Evil Dictator's son, you need to steal a vehicle. The best way to do this is with your grappling hook, which can hook on to vehicles, and then you can reel yourself into the cockpit/driver's seat and commandeer the vehicle. Seems like a pretty cool feature, right? The hook in this game is literally a hook.
Here's the kicker. Like I said, I played it on PC. GTA style sandbox games universally play better with a gamepad than with a keyboard and mouse, so I have a USB one. It's not like Just Cause, or any game in this genre, is a twitch shooter. There's too many things to do that aren't move or shoot. Splitting up the various controls that are easily confused makes sense. (The classic example is tilting a helicopter left or right versus using the helicopter's rudder. GTA III era games map tilting the helicopter to the joystick used for movement, and the rudder to the left or right shoulder buttons.) Just Cause does NOT accept a gamepad as an input for some reason. It also doesn't let you remap your controls to a set of settings that makes more sense to you. Those are two basic features that every PC port should have added to it, and the lack of them means they probably cut corners somewhere else too.
Secondly, because GTA style sandbox games are not twitch shooters, most games in this genre have a lock on feature, even on PC. They took the lock on feature out of Just Cause PC (it's in the console versions) for some reason. This makes it impossible to steal a faster vehicle than the slow helicopter that spawns at your base, which makes it impossible to get from mission to mission, which makes the game not fun because all the areas outside missions are boring and not part of the gameplay. Remember how the island is 100 times bigger than GTA 3? Well, 99% of that space is useless.
The game should have interested me. I love GTA. I love Red Dawn. This game is pretty much those two concepts mixed together. By all rights, I should have loved Just Cause. But because of the poor PC port of the first one, I had no interest in the second one. A lot of people will keep buying games despite DRM. It won't kill PC gaming. But EVERYONE has a breaking point in terms of crappy ports, and THAT is what will move everyone to consoles.
Turning game poachers into game wardens is an old trick, dating back many centuries.
This is not a new thing, at all.
Yeah. I'm thinking the main drive behind cracking/releasing is recognition and cred. You get to be all secret and stuff, part of an "inner circle". You're doing things that other people can't do, and are looking in awe at - your abilities are speculated about and discussed. But given that you're not actually creating anything or making real changes (just giving people free entertainment), it's probably going to wind up feeling pretty empty I'd imagine.
Emotions! In your brain!
It's the mainstream media who have usurped the meaning of hacker to mean someone who exploits vulnerabilities in systems (without permission.) I say there's a better term: criminal.
Yep. 30 years ago. Can we get past it yet?
"tinkles at the ivories"
You mean Pees at the Keys? No, I don't think so.
Tickles the ivories.
Wow, talk about missing the point. Oh, and a basic lesson in logic: Some hackers are pirates, and some pirates cheat, but that doesn't mean that all hackers are cheaters or pirates.
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
Sometimes the simplest do the trick. I mentioned temp variables. (Although it turned out I didn't need them.) Non-programmers don't understand logic flow, which I think is the major difference between programmers and others. So something like:
You have three variables, a, b, and c. You need to make a end up holding b-a, and b end up hold holding a+b. c can end up with anything you want.
A real trained programmer will use c as a temp variable. c=a;a=b-a;b=b+c;. They won't even have to think about it, it's obvious why you gave them c.
Anyone else is going to attempt a=b-a; b=a+b, because they don't grasp that the first instruction changes things, which seems to be the fundamental perceptual issue of a non-programming mind. They see everything happening at once.
A real untrained programmer, someone who thinks like a programmer but has somehow never come across the problem before, will write it wrong at first, and then stare, baffled, for a second, until they think of using c, and then fix it. (I am not sure where you'd find such a person, though.)
And some God-like programmer is going to come along and demonstrate that you don't have to use c at all, you can magically XOR things or have a long string of a += b -= c += a or something and make it all work with only two variables. Obviously, they pass also.
Tests used to use 'swap these two variables', but people have been trained how to do that. But if you disguise what's going on, if you want them to swap and do math at the same time, non-programmers won't figure it out.
Non-programmers are not able to break things down into discrete instructions. They do not understand that. (I feel like a sighted person trying to describe how a blind person sees.) It's why the first programming class ever, at every college, starts off with something like 'break down your morning routine into steps', to try to get them thinking like that, but a good percentage of the people cannot.
Which, incidentally, is probably not a 'deficit' on their part. Seeing things as a unified whole instead of a bunch of tiny instructions is probably better for most things in life, in fact. For example, you can't read if you try to parse each word of a sentence individually.
It's just not better for programming.
If corporations are people, aren't stockholders guilty of slavery?