Actually, if you filter properly (so that the most likely filters are first, etc) and use a good switch, you're not wasting too much time. And an extra 15ms on my ping times isn't a big problem, that's hidden by the light-speed delays even.
(Based on a test where we gave a high-end router a bunch of rules and the difference in ping times through it was 2-3ms. Then assuming 5-6 routers per packet trip, that would be configured in such a way... Usually one per ISP and two per backbone.)
Tipping is easy to justify if you ever eat in the same place twice, waiters can spit in your food before they bring it out, or worse.
I myself won't pay for the book, because I don't like King. I'll probably grab a copy from a friend later (so as not to screw up the stats for those who do) and give it a read... if I like it, I will pay, but a system designed to extort money should fail.
Keeping track of downloads is the wrong way, it's like saying, give it a try, but if you don't like it, pay anyways, so you don't screw everyone.
Yup, it's trivially obvious so we can pretty well count on some jerk doing it. It'd only take one guy with a fast connect to do it. And it probably counts when it starts the download, just start the download and drop the link.
This will fail the way it's written, it has to be set to a flat fee, and a counter so people can see how close they are to it.
The escrow idea would help, but I'm sure he's famous enough that he can get people willing to lose a buck, at least in the beginning.
You think not? He gets to keep the money from this even if he doesn't put out any more installments. And it's blame-free, because he just points a finger at the evil internet who tried to cheat him.
It'll die anyways, some script kiddy will download ten thousand and kill it.
It was fairly obvious even without the article that it won't work if it's based on percentages.
Two things *need* to be changed... First, there needs to be a set ammount of money per installment, not a percentage. Second, there needs to be a limit of the number of installments.
I'm not a SK fan, but I might download a free book to give it a read, *if* it's free and won't hurt anything. Then, if I like it, I'll pay for it. Not before. But I won't do that now because it hurts the whole process if I don't like it and choose not to pay.
I'd also feel cheated if I payed for the first few parts, then found out that instead of ending it in a reasonable ammount of words, SK decided to stretch it out to 500,000 words, in $1/8000 word installments.
At some point, if he decides to keep going, the installments should be free. Otherwise he's suckering people in with the idea of paying less for a book then milking them...
I'd say that the installments should stop at four, or be free from then on. I'd only pay $4, *tops*, for an e-book.
It does seem that he's set it up to fail. He's getting a large whack of cash from fans, and a large percentage of that will go straight to him, and it's gonna go down the tubes, 'forcing' him to stop, and because there's no escrow involved, he has to keep the money... poor boy, cheated by the evil internet.
Because the RFCs provide that some addresses aren't supposed to route. If an ISP passed a 192.168.x.x address on, they're misconfigured.
I myself want an ISP that doesn't filter too much, I'd rather be in charge myself, but I want them to do their job first, dropping packets that aren't intended for their network, let alone being passed on to me. That frees more bandwidth for my pr0n downloads, or whatever.
This happens *all* the time. Friends of mine admin a fairly large ISP (multiple OC3, 50k users, etc) and they tell me that they and other admins blackhole a lot of sites on an informal basis...
They maintain their own database of spammers and use it as well as checking over MAPS and ORBS lists, they MD5 mail bodies, checking for duplicates and when they get an identical message being sent to more than ten users from an unknown address, a human looks at it before it gets forwarded. (Usually it's spam, sometimes it's a new mailing list.)
Similarly, if there's a local ISP that's been used for spam, or attacks, they simply drop all traffic from it. On the off chance that something at that one ISP is wanted by customers, they set up a filtering proxy, or such, as appropriate, to allow just certain things through.
And they've done it with large national ISPs too.
The users don't know why a site is unreachable and the internet is too chaotic for them to be able to tell.
And really, what's the difference if a site is down because it crashed, or because it's so insecure it's a hazard? In either case, badly configured/run ISPs don't talk to the rest of the net for long.
Quite right. In fact, there a good article on this by a game designer. It details his insanely complex protection scheme.
Some of the traps included writing in an off-by-one error in the program so it'd run out of memory and crash at some undefined point in the future, etc.
The problem with some of the ridiculously complex ideas (race conditions in self modifying code) are that they only work on one processor, and only one model of that. Things that worked in the 486 days won't fly now...
I remember a friend writing self modifying code that wrote *just* in front of the instruction fetch. Sometimes when he reached the end of the loop he'd patch the code *after* the instruction fetch so that next time the loop wouldn't even be tested for. This was automatic because his extra few cycles testing for this let that location be passed by the instruction fetch.
The code was very clever and incredibly fast. With good caching algorithms it was even faster because what he wrote to was guaranteed to be loaded into L2 from the instruction fetch, so it just required another read to copy it into the data L1 cache as well as the instruction L1 cache.
But, the coming of Pentiums broke the code. We looked at it and determined that it could be made to work but it'd have problems in the future, every new processor was changing the prefetch depth and the caching schemes...
Had that been used in a game, it wouldn't work anymore. In our litigious society, that's a class action lawsuit waiting to happen.
Even id Software's fairly basic CD Keys are open to a lot of problems. They're open to DNS problems... You specify the server by IP and connect but you can't get an IP from the master server's name and can't connect, etc..
If a bug existed in your protection schemes, think how hard it'd be to find if it could take a week before it triggered. That game'd be in Q&A forever.
And it's still no guarantee of stopping a hacker... in fact, the only thing it guarantees is to attract *more* hackers. And in today's script kiddy world, if one person cracks it, everyone can use it.
So, you're right in one sense. Writing for a specific CPU on a specific platform, you can write insanely complex code that is nearly impossible to break, especially when only developers know what the machine is doing and when hackers have to reverse engineer the hardware and the software at the same time. On the other hand, on a PC, or rather, on a million different PCs, you'll never manage any of the impossible tricks.
Yeah, the idea of not stopping cheaters, just ostrasizing them. Works for me... Except, then you get into the case where a sysop needs to examine a game log and determine if something was cheating or not. And if it's something like Quake where the servers are distributed, how do you know the server admins are honest and not labelling someone as a cheater just because they won a game...
The idea works if you never go outside of your group of friends, but it has problems when you go beyond that at all... And I do like the occasional sixteen player games which I can't get enough friends together to play.
But overall, yeah. If you know KillMaster is a cheater, just don't invite him to your games.
It's when you go to a global form of this that it's a problem... Do you let users register names so that only one person can have a certain name, or what. How do you block people, CD Keys?
NetTrek is an example of *my* point. They have decided they can't make a binary nobody can crack so they keep releasing new ones, with new protections, etc.
No, that just gets rid of "See through walls" cheats.
The biggest problem in Quake is aim bots. They can't be stopped by your scheme because they do shoot what the player can see. Only the most basic aim bots shoot anything near the player, most shoot only what's in a cone in front of the player, to disguise the fact that there's a bot.
In any distributed system you have to send *some* extra information, maybe instead of sending the other player's locations when they're seconds away, drop it to when they're close enough to be seen before the next update, usually 150ms or less, so that even if the user is cheating, they get less lead time.
But if you only send what the used can see, they need to get an update from the server when they turn their head... That's obviously broken.
Yeah, cause any stupid shit can plug a console in, it takes some ammount of brains to master typing. It's also a cheaper system.
But you have to be pretty fucking blind to think a console game can beat a PC game in depth or interactivity.
A lack of onboard storage (large flash ram or HD) cripples Consoles for anything but stateless games like Mortal Kombat or some pathetic RPG like Zelda where 'saving' the game loses everything about you expect for some basic numbers...
Unlike playing Deus Ex or System Shock 2 where you can revisit an old area and see the corpses, right where you left them and with the bullet holes in the right places, etc. If you can compare a console game to these in terms of depth, you're smoking crack...
In some ways they say that modal designs are good, that you swim in a swimming pool, etc. Then they say that limited interfaces, where all you can interact with is what's provided on the screen, are bad.
I think a modal design is a mistake, in almost all cases.
A swimming pool you can only swim in is like a tractor you can only control with reigns... kind of limited.
Why can't I use the appliances of the future in the pool? Already some phones are waterproof, and some radios/TVs. Why can't my laptop be waterproof, etc?
So, why let someone else dictate the limits of a mode? I alt-tab away from install screens while they're copying files even though the program warns me that dire consequences await those who don't sit and watch the whole process. If the author of the program had their way (or their bosses/marketing department's way) I'd be forced to sit and watch this...
It's clear, to me, that modal designs should be limited to the program that the mode is in. An install screen for Winamp shouldn't offer to let you play MP3s, it's just to install. The panel for Winamp shouldn't have an uninstall button, that's not part of the 'play music' mode. But if Winamp tried to control what I did with the system while playing MP3s I'd delete it in an instant...
A mode is only as important as the program I'm running. The biggest problem Winamp could report is that an MP3 is corrupt... The biggest problem Photoshop could report is that a picture was changed on disk, etc. I want the program to halt what it's doing to give me a critical (from its point of view) error. But I don't want it to interrupt anything else.
And big future of interfaces that I can see is to leave a stateless interface behind. In the copying to disk example, not only should the mac empty the floppy trash automatically, but it should say "You're out of room on the floppy" and pop up a file browser to allow you to make room. At least it should have a 'Go There' button on the dialog to let you deal with the problem instead of just 'OK'. The dialog of the future would have "Ok/Stop" "Go There" and "Retry"... It wouldn't be the end of your copy, it'd just pause till you made some space, either by asking it for a browser or by doing it yourself, then continuing.
Cookies (etc) have allowed us to get past the stateless web page. Now you can have a shopping cart, or a slashdot profile, that reflects changes you made when you were last there and picks up where you left off. This is where we should be going. You shouldn't have to tell something what you want to do more than once unless you change your mind.
There really is *no* way to trust a client. None. Anything that the client does can be watched, instruction by instruction, with a debugger. Any encryption it uses is performed in front of the determined hacker.
Any CRC of the binary, or the data files, is done by the EXE that the hacker has access to. They simply hardcode the values the server wants to get. Or if it's a changing algorithm, they keep the old files around to run the CRCs on, then use the hacked files to play.
It is provably impossible to write a program that can't be modified in this way. There are some anti-debugger tricks, but they'll probably increase general incompatibility and, they never stopped the pros anyways.
You either have to have a release schedule that beats the hackers, like updating the EXEs daily, so that they have to keep doing the work... or, you accept the fact that you can't tell if you're communicating with your certified client or a proxy.
It doesn't matter what platform it's on. As long as hardware is available, not encased in melted plastic, and development tools exist, hackers will be able to examine the game. It might be harder to disassemble Super Mario 64, or a Playstation 2 game, but it can be done, and if the stakes are high, *will* be done.
There is *nothing* that can be done to make this impossible. All that you can do is make the cheaters job harder by blocking the obvious things (like the Quake1 cheats - new player models, etc).
Anything the server does, short of sending the game out as high-res screen shots over the network at 60fps can be hacked. And even then, someone could write a proxy that would parse that pictures and auto-aim or something.
Cheaters and cheat protection will (as I think Carmack said) evolve until subtle cheaters are indistinguishable from the better players. Anything you can devise to stop cheaters, the cheaters can learn from and avoid.
You'd think it'd be worth their time to write Linux drivers, just to be buzzword compliant. I wouldn't imagine it'd be too hard for them to write a driver for their own product...
An advantage in their favour is that they could write a functional but slow driver then let the community optimize it... they're not trying to hide the register level details so they have no reason to not open-source the code.
Just a basic, feature complete, unoptimized driver would allow them to claim full Linux support and would be the basis for better community drivers later on. It'd cost them one programmer, for maybe two weeks or so, a drop in the bucket.
There may not be many Linux gamers, compared to Windows gamers, but they're a louder more vocal crowd, and are likely to turn a bunch of people onto a product if they like it.
For me, even though I use Windows 85% of the time, Linux drivers are a major concern. I'd hate to buy a $250 graphics card and find out it only works in VESA mode in Linux and BeOS. Besides, the better the Linux drivers, imho, the better the Windows drivers, simply because it's a company to whom drivers are a concern.
btw 11223: I completely agree with the moderation comment. Any moderator browsing at more than 0 is missing out on any AC posts, and the whole point of moderation is to bring the good messages up from the bottom, not to raise mediocre posts that started at karma 2 even higher.
Any moderator who doesn't moderate as you suggest is abusing the system and wasting their points on already moderated articles.
Nor should they worry. If a user deletes their own home directory, it's their choice. If they configure their email client to auto-execute scripts, they deserve it.
All the admin needs to do is restore from the most recent set of backups. If the user refuses to listen to reason and does the same thing again, the admin still doesn't need to worry, untarring stuff is trivial, much easier than spending ten minuted talking to a clueless user.
It'd be like if you properly maintained a Windows LAN, a local drive C with just the OS, apps remotely read from the server, and all data stored on a mapped drive D which the server backs up every night. The worst a virus could do would be force you to toss in a network recovery CD, ghost C and restore D from backup. But, few admins do this, I guess MSCEs don't teach practical methods.
That sort of thing is true only if the victim company is specifically targetted. If the companies banded together to stop a certain action, which involved boycotting companies that did that thing, then it would not be actionable. Similarly, if a new product makes an old company's business obsolete, the new products developers aren't at fault.
Buggy whip manufacturers can't sue car companies for restraint of trade.
Similarly, my 'ethical' company can refuse to deal with Microsoft, Shell Oil, etc. It can also publish information that would lead other companies to do the same thing, as long as shell oil (etc) are only targetted because of their actions, and theoretically would be forgiven if they turned around.
The idea behind the crypto is that the logs, once public key encrypted, couldn't be decrypted, to gain information that could be used in further cracking attempts, or to lessen anyone's privacy.
Simple logs, based on multiple users, such as bandwidth usage, number of connections to various services, etc, should all be plaintext to make them easier to use. But logs of individual connections, when someone picked up email, what sites people went to, MD5 hashes of outgoing mail, etc, shouldn't be plaintext.
And the specifics of many of these logs would be unimportant, you rarely need to prove a user did or didn't mail something, so if it sits encrypted on a CD for a year, and then takes ten minutes to decrypt and view, no big deal. Much better that it can't be easily accessed by someone unauthorized.
Of course, if your random number generation was flawed, all of your session keys could be compromised, but ideally you'd use fairly strong methods. And yeah, there are swap issues and all to deal with, but I'd left the details to the user's discretion.
And as for the trashing, that's why you'd offload them to CD or hardcopy frequently. Perhaps you'd dump the MD5 hash to a lineprinter every time a log bundle came in and dump it to a CD every time you got a few MBs... (Depending if you can write multisession CDs.)
But, to summarize. Not only are logs for catching bad guys, but they're also private info, which if you collect sensitive stuff, needs to be guarded properly.
>My morals most likely do not map well to your >morals, and arguments and violence often follow >such disagreement; and this is EXACTLY why >a codified standard defining 'right' and 'wrong' >(again, in case you missed it, that does not mean >morally but legally) is required.
So, because it's too hard to do something that is relevant, we should just follow the law... It may not be right, but hell, at least it's consistent?
Not bloody likely. Where the law conflicts with my morals, I break the law. As does nearly everyone else. A broken set of rules isn't better than nothing, it's worse!
If there was a hope in hell of changing a law without twenty million religious zealots, or a few billion dollars, then people might follow the law and try to mold the law to reflect reality. As is, the system is so broken that by trying to follow it all you do is make things worse.
You may disagree, which is your right. But I don't think you'd take it too far. What about when a law is passed that would put you in jail for performing a humanitarian act, or doing what you feel you need to do to survive?
To illustrate the point, look at the most obvious cases, then realize that the truth is in the middle. The worst abuse of law would be something like Nazi germany, where anyone of Jewish blood was forced to report to the government, sometimes just for labelling, sometimes for shipment to a concentration camp. No, imagine that you're Jewish, would you comply with the law?
So, unless you said yes, there are some circumstances where you agree the law should not be followed. So where does the line get drawn? How is this different than just doing what we feel is right?
Law exists to give society the power to stop antisocial behaviour, I can choose to break the law, that's a granted right and an inate one. *If* I get caught, and *if* it's serious, the government can chose to punish me. Otherwise, the law has no effect on me.
I've never heard of anyone stealing specifically to buy a coke, or a beer. Both *are* addictive, seriously, it's true. But both are legal, and thus fairly cheap. You can buy a beer or a coke for about the same price.
If a beer was $20 (and hard alcohol similarly expensive), I know some people addicted enough that they probably would turn to theft.
If hard drugs were cheaper, likely less people would turn to crime to purchase them. I used to live next door to a heroin addict and she was fairly nice, between the highs and lows. She would have much rather gone to the corner store, got some clean drugs, and gotten high safely in her apartment. The illegality and high price had her working the streets, shooting up in alleys, and buying untested drugs.
Sure, she'd have been better off had she kicked the habit, but I know a lot of people for whom alcohol has had different but equally serious life-destroying effects. If that okay just because alcohol is legal?
How about we meet in the middle. How about someone advertising in the yellow pages to offer a service, amidst real businesses, then when someone calls, they scream into the phone. If nothing else, they'd get removed from the yellow page listing. At worst, they'd get their service pulled if it appeared they intended to give a bad reputation to the class of business they were listed as.
That's because those arcades, which are located on the 'bad' section of the main street through town, are filled with stuff other than video games. The tamest of them have softcore games where you simply uncover pictures of scantily clan Japanese women. The other end of this range is that some of the arcades share a backroom with porno stores, which definately are unwholesome for kids.
I think he did get distracted, seeing his pet peeve instead of other issues, but it still addressed the article, and the hypocrisy of banning a game which has a possibility of incidental death of cows when it's "good" and "right" for cows to be killed. To me, this is a small piece of the issue, but it's still valid.
To me, Soldier of Fortune is a perfectly valid game, you're shooting terrorist, people who resigned from societies protection when they picked up guns and started shooting innocents. Whatever happens to a terrorist is fair game.
To say that shooting a terrorist is sickening is to say that our police are sickening. They shoot at terrorists. Should we condemn them?
As long as we're willing to let the actions of others protect us, we're obligated to not frown on those actions. I don't particularly like military service, but I'll never slam our military until all the petty dictators of the world retire and we start giving flowers to each other.
Similarly, I would have a hard time being a SWAT member, shooting terrorists, but as long as there are terrorists, I'll congragulate those strong enough to go out there and shoot them.
To say that this behaviour is disgusting is somewhat accurate, but it's something more people need to be exposed to, not less. Until we all understand the actions taken, on our behalf, to keep the world safe, we don't really deserve the protection of those actions.
I'd say everyone should spend a day, either watching a SWAT team take down terrorists, or as a hostage. Either way, you'll understand what's being done and why it has to be done.
To ban a game just because it has sensitive topics is to send a message to SWAT team members that what they do is so horrible they should never talk about it, that we barely tolerate them, despite the fact they risk their lives to save us.
Should people think that killing a terrorist is a nice clean job, where you just push a button and the guy falls down, saving the hostages? Hell no. They should understand the blood and gore, and the risk of death. Then they'll properly appreciate it.
I'd rather show _Saving Private Ryan_ or _Thin Red Line_ to every hotheaded young kid who thinks war is cool than have a bunch of clueless people running around talking about how we need to go passify some country.
Soldiering is gruesome bloody work, necessary work, but gruesome and bloody. We can't properly respect the job that soldier do until we understand this. The same goes from counter-terrorism. To demand that games get dumbed down does nothing for us except to really shock us when something bad happens. Hopefully by then we haven't gotten rid of our 'disgusting' protectors.
> and the law is the only tangible metric of right > and wrong, isn't it?
ROFL! So, if this bill passes, it becomes 'wrong' to tell someone how to make drugs, or where such information might be found.
When the DMCA passed, it became 'wrong' for someone to write a DVD player for Linux.
When Soldier of Fortune was banned in BC, the 'right and proper' actions of children who had played it *all of a sudden* became 'wrong', just because some official said so?
Bullshit. Claiming that the law is linked in any way with right and wrong is the sign of someone too weak willed to think for themselves.
Try this on for size, see if you've ever said it... "The law forbids things that are wrong, so if I don't break the law, I must be in the right!"
That's the sort of twisted rationalization that results from blindly following any set of rules.
Actually, if you filter properly (so that the most likely filters are first, etc) and use a good switch, you're not wasting too much time. And an extra 15ms on my ping times isn't a big problem, that's hidden by the light-speed delays even.
(Based on a test where we gave a high-end router a bunch of rules and the difference in ping times through it was 2-3ms. Then assuming 5-6 routers per packet trip, that would be configured in such a way... Usually one per ISP and two per backbone.)
Tipping is easy to justify if you ever eat in the same place twice, waiters can spit in your food before they bring it out, or worse.
I myself won't pay for the book, because I don't like King. I'll probably grab a copy from a friend later (so as not to screw up the stats for those who do) and give it a read... if I like it, I will pay, but a system designed to extort money should fail.
Keeping track of downloads is the wrong way, it's like saying, give it a try, but if you don't like it, pay anyways, so you don't screw everyone.
Yup, it's trivially obvious so we can pretty well count on some jerk doing it. It'd only take one guy with a fast connect to do it. And it probably counts when it starts the download, just start the download and drop the link.
This will fail the way it's written, it has to be set to a flat fee, and a counter so people can see how close they are to it.
The escrow idea would help, but I'm sure he's famous enough that he can get people willing to lose a buck, at least in the beginning.
You think not? He gets to keep the money from this even if he doesn't put out any more installments. And it's blame-free, because he just points a finger at the evil internet who tried to cheat him.
Great way to get a few quick $s.
Not saying he *is*, but he very well might be...
It'll die anyways, some script kiddy will download ten thousand and kill it.
It was fairly obvious even without the article that it won't work if it's based on percentages.
Two things *need* to be changed... First, there needs to be a set ammount of money per installment, not a percentage. Second, there needs to be a limit of the number of installments.
I'm not a SK fan, but I might download a free book to give it a read, *if* it's free and won't hurt anything. Then, if I like it, I'll pay for it. Not before. But I won't do that now because it hurts the whole process if I don't like it and choose not to pay.
I'd also feel cheated if I payed for the first few parts, then found out that instead of ending it in a reasonable ammount of words, SK decided to stretch it out to 500,000 words, in $1/8000 word installments.
At some point, if he decides to keep going, the installments should be free. Otherwise he's suckering people in with the idea of paying less for a book then milking them...
I'd say that the installments should stop at four, or be free from then on. I'd only pay $4, *tops*, for an e-book.
It does seem that he's set it up to fail. He's getting a large whack of cash from fans, and a large percentage of that will go straight to him, and it's gonna go down the tubes, 'forcing' him to stop, and because there's no escrow involved, he has to keep the money... poor boy, cheated by the evil internet.
Because the RFCs provide that some addresses aren't supposed to route. If an ISP passed a 192.168.x.x address on, they're misconfigured.
I myself want an ISP that doesn't filter too much, I'd rather be in charge myself, but I want them to do their job first, dropping packets that aren't intended for their network, let alone being passed on to me. That frees more bandwidth for my pr0n downloads, or whatever.
This happens *all* the time. Friends of mine admin a fairly large ISP (multiple OC3, 50k users, etc) and they tell me that they and other admins blackhole a lot of sites on an informal basis...
They maintain their own database of spammers and use it as well as checking over MAPS and ORBS lists, they MD5 mail bodies, checking for duplicates and when they get an identical message being sent to more than ten users from an unknown address, a human looks at it before it gets forwarded. (Usually it's spam, sometimes it's a new mailing list.)
Similarly, if there's a local ISP that's been used for spam, or attacks, they simply drop all traffic from it. On the off chance that something at that one ISP is wanted by customers, they set up a filtering proxy, or such, as appropriate, to allow just certain things through.
And they've done it with large national ISPs too.
The users don't know why a site is unreachable and the internet is too chaotic for them to be able to tell.
And really, what's the difference if a site is down because it crashed, or because it's so insecure it's a hazard? In either case, badly configured/run ISPs don't talk to the rest of the net for long.
Some of the traps included writing in an off-by-one error in the program so it'd run out of memory and crash at some undefined point in the future, etc.
The problem with some of the ridiculously complex ideas (race conditions in self modifying code) are that they only work on one processor, and only one model of that. Things that worked in the 486 days won't fly now...
I remember a friend writing self modifying code that wrote *just* in front of the instruction fetch. Sometimes when he reached the end of the loop he'd patch the code *after* the instruction fetch so that next time the loop wouldn't even be tested for. This was automatic because his extra few cycles testing for this let that location be passed by the instruction fetch.
The code was very clever and incredibly fast. With good caching algorithms it was even faster because what he wrote to was guaranteed to be loaded into L2 from the instruction fetch, so it just required another read to copy it into the data L1 cache as well as the instruction L1 cache.
But, the coming of Pentiums broke the code. We looked at it and determined that it could be made to work but it'd have problems in the future, every new processor was changing the prefetch depth and the caching schemes...
Had that been used in a game, it wouldn't work anymore. In our litigious society, that's a class action lawsuit waiting to happen.
Even id Software's fairly basic CD Keys are open to a lot of problems. They're open to DNS problems... You specify the server by IP and connect but you can't get an IP from the master server's name and can't connect, etc..
If a bug existed in your protection schemes, think how hard it'd be to find if it could take a week before it triggered. That game'd be in Q&A forever.
And it's still no guarantee of stopping a hacker... in fact, the only thing it guarantees is to attract *more* hackers. And in today's script kiddy world, if one person cracks it, everyone can use it.
So, you're right in one sense. Writing for a specific CPU on a specific platform, you can write insanely complex code that is nearly impossible to break, especially when only developers know what the machine is doing and when hackers have to reverse engineer the hardware and the software at the same time. On the other hand, on a PC, or rather, on a million different PCs, you'll never manage any of the impossible tricks.
Yeah, the idea of not stopping cheaters, just ostrasizing them. Works for me... Except, then you get into the case where a sysop needs to examine a game log and determine if something was cheating or not. And if it's something like Quake where the servers are distributed, how do you know the server admins are honest and not labelling someone as a cheater just because they won a game...
The idea works if you never go outside of your group of friends, but it has problems when you go beyond that at all... And I do like the occasional sixteen player games which I can't get enough friends together to play.
But overall, yeah. If you know KillMaster is a cheater, just don't invite him to your games.
It's when you go to a global form of this that it's a problem... Do you let users register names so that only one person can have a certain name, or what. How do you block people, CD Keys?
NetTrek is an example of *my* point. They have decided they can't make a binary nobody can crack so they keep releasing new ones, with new protections, etc.
No, that just gets rid of "See through walls" cheats.
The biggest problem in Quake is aim bots. They can't be stopped by your scheme because they do shoot what the player can see. Only the most basic aim bots shoot anything near the player, most shoot only what's in a cone in front of the player, to disguise the fact that there's a bot.
In any distributed system you have to send *some* extra information, maybe instead of sending the other player's locations when they're seconds away, drop it to when they're close enough to be seen before the next update, usually 150ms or less, so that even if the user is cheating, they get less lead time.
But if you only send what the used can see, they need to get an update from the server when they turn their head... That's obviously broken.
Yeah, cause any stupid shit can plug a console in, it takes some ammount of brains to master typing. It's also a cheaper system.
But you have to be pretty fucking blind to think a console game can beat a PC game in depth or interactivity.
A lack of onboard storage (large flash ram or HD) cripples Consoles for anything but stateless games like Mortal Kombat or some pathetic RPG like Zelda where 'saving' the game loses everything about you expect for some basic numbers...
Unlike playing Deus Ex or System Shock 2 where you can revisit an old area and see the corpses, right where you left them and with the bullet holes in the right places, etc. If you can compare a console game to these in terms of depth, you're smoking crack...
In some ways they say that modal designs are good, that you swim in a swimming pool, etc. Then they say that limited interfaces, where all you can interact with is what's provided on the screen, are bad.
I think a modal design is a mistake, in almost all cases.
A swimming pool you can only swim in is like a tractor you can only control with reigns... kind of limited.
Why can't I use the appliances of the future in the pool? Already some phones are waterproof, and some radios/TVs. Why can't my laptop be waterproof, etc?
So, why let someone else dictate the limits of a mode? I alt-tab away from install screens while they're copying files even though the program warns me that dire consequences await those who don't sit and watch the whole process. If the author of the program had their way (or their bosses/marketing department's way) I'd be forced to sit and watch this...
It's clear, to me, that modal designs should be limited to the program that the mode is in. An install screen for Winamp shouldn't offer to let you play MP3s, it's just to install. The panel for Winamp shouldn't have an uninstall button, that's not part of the 'play music' mode. But if Winamp tried to control what I did with the system while playing MP3s I'd delete it in an instant...
A mode is only as important as the program I'm running. The biggest problem Winamp could report is that an MP3 is corrupt... The biggest problem Photoshop could report is that a picture was changed on disk, etc. I want the program to halt what it's doing to give me a critical (from its point of view) error. But I don't want it to interrupt anything else.
And big future of interfaces that I can see is to leave a stateless interface behind. In the copying to disk example, not only should the mac empty the floppy trash automatically, but it should say "You're out of room on the floppy" and pop up a file browser to allow you to make room. At least it should have a 'Go There' button on the dialog to let you deal with the problem instead of just 'OK'. The dialog of the future would have "Ok/Stop" "Go There" and "Retry"... It wouldn't be the end of your copy, it'd just pause till you made some space, either by asking it for a browser or by doing it yourself, then continuing.
Cookies (etc) have allowed us to get past the stateless web page. Now you can have a shopping cart, or a slashdot profile, that reflects changes you made when you were last there and picks up where you left off. This is where we should be going. You shouldn't have to tell something what you want to do more than once unless you change your mind.
As a reply to Temporal and CaptainSuperBoy...
There really is *no* way to trust a client. None. Anything that the client does can be watched, instruction by instruction, with a debugger. Any encryption it uses is performed in front of the determined hacker.
Any CRC of the binary, or the data files, is done by the EXE that the hacker has access to. They simply hardcode the values the server wants to get. Or if it's a changing algorithm, they keep the old files around to run the CRCs on, then use the hacked files to play.
It is provably impossible to write a program that can't be modified in this way. There are some anti-debugger tricks, but they'll probably increase general incompatibility and, they never stopped the pros anyways.
You either have to have a release schedule that beats the hackers, like updating the EXEs daily, so that they have to keep doing the work... or, you accept the fact that you can't tell if you're communicating with your certified client or a proxy.
It doesn't matter what platform it's on. As long as hardware is available, not encased in melted plastic, and development tools exist, hackers will be able to examine the game. It might be harder to disassemble Super Mario 64, or a Playstation 2 game, but it can be done, and if the stakes are high, *will* be done.
There is *nothing* that can be done to make this impossible. All that you can do is make the cheaters job harder by blocking the obvious things (like the Quake1 cheats - new player models, etc).
Anything the server does, short of sending the game out as high-res screen shots over the network at 60fps can be hacked. And even then, someone could write a proxy that would parse that pictures and auto-aim or something.
Cheaters and cheat protection will (as I think Carmack said) evolve until subtle cheaters are indistinguishable from the better players. Anything you can devise to stop cheaters, the cheaters can learn from and avoid.
Uh huh, until someone throws that console online via a null modem cable to a PC and uses the PC to run a proxy server...
Anything you can devise, they can break.
It's just that the good coders don't bother with consoles, closed cabinets == crap games.
You'd think it'd be worth their time to write Linux drivers, just to be buzzword compliant. I wouldn't imagine it'd be too hard for them to write a driver for their own product...
An advantage in their favour is that they could write a functional but slow driver then let the community optimize it... they're not trying to hide the register level details so they have no reason to not open-source the code.
Just a basic, feature complete, unoptimized driver would allow them to claim full Linux support and would be the basis for better community drivers later on. It'd cost them one programmer, for maybe two weeks or so, a drop in the bucket.
There may not be many Linux gamers, compared to Windows gamers, but they're a louder more vocal crowd, and are likely to turn a bunch of people onto a product if they like it.
For me, even though I use Windows 85% of the time, Linux drivers are a major concern. I'd hate to buy a $250 graphics card and find out it only works in VESA mode in Linux and BeOS. Besides, the better the Linux drivers, imho, the better the Windows drivers, simply because it's a company to whom drivers are a concern.
btw 11223: I completely agree with the moderation comment. Any moderator browsing at more than 0 is missing out on any AC posts, and the whole point of moderation is to bring the good messages up from the bottom, not to raise mediocre posts that started at karma 2 even higher.
Any moderator who doesn't moderate as you suggest is abusing the system and wasting their points on already moderated articles.
Nor should they worry. If a user deletes their own home directory, it's their choice. If they configure their email client to auto-execute scripts, they deserve it.
All the admin needs to do is restore from the most recent set of backups. If the user refuses to listen to reason and does the same thing again, the admin still doesn't need to worry, untarring stuff is trivial, much easier than spending ten minuted talking to a clueless user.
It'd be like if you properly maintained a Windows LAN, a local drive C with just the OS, apps remotely read from the server, and all data stored on a mapped drive D which the server backs up every night. The worst a virus could do would be force you to toss in a network recovery CD, ghost C and restore D from backup. But, few admins do this, I guess MSCEs don't teach practical methods.
That sort of thing is true only if the victim company is specifically targetted. If the companies banded together to stop a certain action, which involved boycotting companies that did that thing, then it would not be actionable. Similarly, if a new product makes an old company's business obsolete, the new products developers aren't at fault.
Buggy whip manufacturers can't sue car companies for restraint of trade.
Similarly, my 'ethical' company can refuse to deal with Microsoft, Shell Oil, etc. It can also publish information that would lead other companies to do the same thing, as long as shell oil (etc) are only targetted because of their actions, and theoretically would be forgiven if they turned around.
The idea behind the crypto is that the logs, once public key encrypted, couldn't be decrypted, to gain information that could be used in further cracking attempts, or to lessen anyone's privacy.
Simple logs, based on multiple users, such as bandwidth usage, number of connections to various services, etc, should all be plaintext to make them easier to use. But logs of individual connections, when someone picked up email, what sites people went to, MD5 hashes of outgoing mail, etc, shouldn't be plaintext.
And the specifics of many of these logs would be unimportant, you rarely need to prove a user did or didn't mail something, so if it sits encrypted on a CD for a year, and then takes ten minutes to decrypt and view, no big deal. Much better that it can't be easily accessed by someone unauthorized.
Of course, if your random number generation was flawed, all of your session keys could be compromised, but ideally you'd use fairly strong methods. And yeah, there are swap issues and all to deal with, but I'd left the details to the user's discretion.
And as for the trashing, that's why you'd offload them to CD or hardcopy frequently. Perhaps you'd dump the MD5 hash to a lineprinter every time a log bundle came in and dump it to a CD every time you got a few MBs... (Depending if you can write multisession CDs.)
But, to summarize. Not only are logs for catching bad guys, but they're also private info, which if you collect sensitive stuff, needs to be guarded properly.
>My morals most likely do not map well to your
>morals, and arguments and violence often follow
>such disagreement; and this is EXACTLY why
>a codified standard defining 'right' and 'wrong'
>(again, in case you missed it, that does not mean
>morally but legally) is required.
So, because it's too hard to do something that is relevant, we should just follow the law... It may not be right, but hell, at least it's consistent?
Not bloody likely. Where the law conflicts with my morals, I break the law. As does nearly everyone else. A broken set of rules isn't better than nothing, it's worse!
If there was a hope in hell of changing a law without twenty million religious zealots, or a few billion dollars, then people might follow the law and try to mold the law to reflect reality. As is, the system is so broken that by trying to follow it all you do is make things worse.
You may disagree, which is your right. But I don't think you'd take it too far. What about when a law is passed that would put you in jail for performing a humanitarian act, or doing what you feel you need to do to survive?
To illustrate the point, look at the most obvious cases, then realize that the truth is in the middle. The worst abuse of law would be something like Nazi germany, where anyone of Jewish blood was forced to report to the government, sometimes just for labelling, sometimes for shipment to a concentration camp. No, imagine that you're Jewish, would you comply with the law?
So, unless you said yes, there are some circumstances where you agree the law should not be followed. So where does the line get drawn? How is this different than just doing what we feel is right?
Law exists to give society the power to stop antisocial behaviour, I can choose to break the law, that's a granted right and an inate one. *If* I get caught, and *if* it's serious, the government can chose to punish me. Otherwise, the law has no effect on me.
I've never heard of anyone stealing specifically to buy a coke, or a beer. Both *are* addictive, seriously, it's true. But both are legal, and thus fairly cheap. You can buy a beer or a coke for about the same price.
If a beer was $20 (and hard alcohol similarly expensive), I know some people addicted enough that they probably would turn to theft.
If hard drugs were cheaper, likely less people would turn to crime to purchase them. I used to live next door to a heroin addict and she was fairly nice, between the highs and lows. She would have much rather gone to the corner store, got some clean drugs, and gotten high safely in her apartment. The illegality and high price had her working the streets, shooting up in alleys, and buying untested drugs.
Sure, she'd have been better off had she kicked the habit, but I know a lot of people for whom alcohol has had different but equally serious life-destroying effects. If that okay just because alcohol is legal?
How about we meet in the middle. How about someone advertising in the yellow pages to offer a service, amidst real businesses, then when someone calls, they scream into the phone. If nothing else, they'd get removed from the yellow page listing. At worst, they'd get their service pulled if it appeared they intended to give a bad reputation to the class of business they were listed as.
That's because those arcades, which are located on the 'bad' section of the main street through town, are filled with stuff other than video games. The tamest of them have softcore games where you simply uncover pictures of scantily clan Japanese women. The other end of this range is that some of the arcades share a backroom with porno stores, which definately are unwholesome for kids.
I think he did get distracted, seeing his pet peeve instead of other issues, but it still addressed the article, and the hypocrisy of banning a game which has a possibility of incidental death of cows when it's "good" and "right" for cows to be killed. To me, this is a small piece of the issue, but it's still valid.
To me, Soldier of Fortune is a perfectly valid game, you're shooting terrorist, people who resigned from societies protection when they picked up guns and started shooting innocents. Whatever happens to a terrorist is fair game.
To say that shooting a terrorist is sickening is to say that our police are sickening. They shoot at terrorists. Should we condemn them?
As long as we're willing to let the actions of others protect us, we're obligated to not frown on those actions. I don't particularly like military service, but I'll never slam our military until all the petty dictators of the world retire and we start giving flowers to each other.
Similarly, I would have a hard time being a SWAT member, shooting terrorists, but as long as there are terrorists, I'll congragulate those strong enough to go out there and shoot them.
To say that this behaviour is disgusting is somewhat accurate, but it's something more people need to be exposed to, not less. Until we all understand the actions taken, on our behalf, to keep the world safe, we don't really deserve the protection of those actions.
I'd say everyone should spend a day, either watching a SWAT team take down terrorists, or as a hostage. Either way, you'll understand what's being done and why it has to be done.
To ban a game just because it has sensitive topics is to send a message to SWAT team members that what they do is so horrible they should never talk about it, that we barely tolerate them, despite the fact they risk their lives to save us.
Should people think that killing a terrorist is a nice clean job, where you just push a button and the guy falls down, saving the hostages? Hell no. They should understand the blood and gore, and the risk of death. Then they'll properly appreciate it.
I'd rather show _Saving Private Ryan_ or _Thin Red Line_ to every hotheaded young kid who thinks war is cool than have a bunch of clueless people running around talking about how we need to go passify some country.
Soldiering is gruesome bloody work, necessary work, but gruesome and bloody. We can't properly respect the job that soldier do until we understand this. The same goes from counter-terrorism. To demand that games get dumbed down does nothing for us except to really shock us when something bad happens. Hopefully by then we haven't gotten rid of our 'disgusting' protectors.
> and the law is the only tangible metric of right
> and wrong, isn't it?
ROFL! So, if this bill passes, it becomes 'wrong' to tell someone how to make drugs, or where such information might be found.
When the DMCA passed, it became 'wrong' for someone to write a DVD player for Linux.
When Soldier of Fortune was banned in BC, the 'right and proper' actions of children who had played it *all of a sudden* became 'wrong', just because some official said so?
Bullshit. Claiming that the law is linked in any way with right and wrong is the sign of someone too weak willed to think for themselves.
Try this on for size, see if you've ever said it... "The law forbids things that are wrong, so if I don't break the law, I must be in the right!"
That's the sort of twisted rationalization that results from blindly following any set of rules.