"It's impossible to stop cheating in an environment with untrusted clients."
I completely agree. This has nothing to do with open source or closed source. It is just simply impossible to stop cheating in an environment with untrusted clients. If you force clients to be trusted somehow (which won't work anyway) by only releasing "blessed" clients, then you have just lost the benefit of open source, and made a humongous pain in the ass for/decent/, non-cheating players.
All sorts of solutions and fervent discussion is flying around about how to make it secure. It always resolves down to security through obscurity. In the end any "security" system in place will just make it harder on decent players. Because of the simple fact that any system that trusts the client is unsafe, it will never be a absolutely safe game (unless/everything/ but inputs are pushed to the server, at which point the game becomes secure (except for the behavioral cheats), but entirely unplayable). For the game to be completely cheat-proof the whole architecture has to change, and I don't think there is one that could live up to and support the fast and furious online play.
"i disagree, this seems like one of those instances it wont work. jc is right, with the source open and me being able to enter as a server op "if name == mine, scale damage by 75%","
(don't know who actually posted this)
But who the hell is going to play on your server once they realize you/your server is cheating? Do all you want to your server. Nobody will want to play with you. This is besides the issue of open source or closed source (a non-issue), or client security (a not-completely-solvable issue).
"... to your scheme would be to only audit the "n" top players, because who cares if someone is cheating if they have a crappy score right ?"
How about a cheat that allowed people to kill teammates? I mean, it really is of no use to someone unless they're an asshole spammer, but there are plenty of those. Score shouldn't be the [only] criteria. Disruption of gameplay is the big one. I mean, if someone had a cheat that exited a level, that wouldn't raise their score but it would really disrupt the game and suck, and have to be fixed.
The problem, though, is not invalid behavior. Invalid behavior can be shoved to the server and verified. What is a bigger problem is valid, but highly improbable behavior. For instance, since my client knows everthing about the state of the world, I can program valid, but highly improbably inputs, that allow me to dodge most anything, simply because I/know/ the trajectories of everything. Now is this legal? Of course...it is/possible/ that I could really have the skill to do this...but very improbably.
As long as the client knows everything about the world, these sort of exploits will be possible. I think the current protocals maintain a state in the client and then sync that state frequently. The client "knows" the state though. The only option is for the client/not/ to know the state of the world, but only the portion it can percieve. But since the permutations of changes of one state to another is smaller than the permutations of all possible states, I think it has been easier to do the "push-state-and-sync" method rather than "redefine-state-every-time".
I agree that imposing some convoluted (and utltimately impotent) form of security might just stub development. Keep it open and keep it simple. People will always cheat and it won't be possible to stop them, even with proprietary code. It should be pretty easy to spot cheaters, and if it is not then is it really a problem? So let some guy see through walls as long as he's not disrupting gameplay. The moment he does something shady to disrupt gameplay, off he goes.
"Such as, say you wan't to fire your shotgun at AC_QuakeWeenee but you don't have any shells left, server doesn't know you have a hacked client which gives you unlimited ammo however, but it doesn't matter, the server would keep track of the clients ammo, and would disallow it from firing (maybe not on the clients machine, but to everyone else, the cheater never fired)."
I still think this would work in real life because of latency issues. Remember, clients like Quakeworld do all sorts of predicting. To make the game seem smoother, they automatically respond to your actions on your screen before syncing with the server. Imagine if you had to wait to see your shotgun fire until a round trip was made from your Ctrl keypress to the server and back so it could determine if that was a valid thing to do. Of course you could let clients go ahead and display actions regardless of the server's decision to honor them...that may work.
Also, as you mention, if the user is in control of the client, and the client "knows" everything about the game, there is absolutely nothing stopping somebody from hacking a client to help themselves without touching the protocol at all. Making enemies glow red, automatically dodging rockets...client bots are designed around this very thing...they are allowed to "know everything". There is going to be no stopping that even if things are offloaded to the server.
There really is no way at all to prevent hacked clients as long as the server trusts the clients. The only way for the server not to trust the clients would be to offload everything to the server except inputs, which makes the client effectively just a remote viewer. Of course this is obviously impossible because it would render the game absolutely unplayable. Everything is "cheatable" basically, except the inputs. Making a closed source proxy won't work either, since the proxy can just be hacked. It is a stop-gap measure, but I think it won't really work. If the closed source proxy relies simply on a digest, it is trivial for any cracker, not to mention most pedestrian programmers, to hack the proxy to return one of a list of known valid digests, or simply use mechanisms of the os to fool the proxy (point it to a valid copy, but make it run the hacked one). There really isn't any way to stop it at all, except to just rely on the honesty of the Quake gaming community, and give a big fat walloping kick and ban to assholes found cheating.
"Censors seem to feel the same way, in a sense. Children don't know what they're seeing is "bad", so we must "protect" them." This seems to be a central argument of pro-censorshipism. We need to protect our children by keeping them ignorant? We need to protect our children by limiting their exposure? While there may be some things that would detrimentally affect a child by simple passive viewing, any good child psychologist will tell you that it is much better for an adult to discuss and explain issues to their children instead of simply keeping their eyes closes. "If the child is old enough to ask the child is old enough to know" Have we really become such mental handicaps that very ideas themselves (however repugnant) are inherently damaging? It is a parent's responsibility to/parent/. Parenting can't be substituted by censorware. Funny how we have to protect a child from things because they do not know yet that they are "bad". We must/teach/ them that they are "bad" because they are naive. These are "impressions" we put on children. It is not bad until we say it is bad. How many traditional tribal Africans are arrested for public indecency? And how many of their children are scarred for life because they have seen members of their tribe naked (which of course is "bad")?
We usually lambaste patents here. But isn't this the situation a patent was designed for? We want to/encourage/ and/enable/ Jim to make cool stuff...which obviously hasn't happened. I don't think it would be fair now, after the fact, for a Big Corporation to take the idea and make megabucks from it. Whether it is a patent's place to stop/this/ I don't know. But Jim should at least have some incentive to think up this stuff. If he is not allowed to patent it, and Big Corporations are allowed to steal it X years after the fact, what incentive does he have to continue inventing?
Not an avid MTV fan myself, I did watch it a bit during the 93-95. I think the last "real" Real World was the second season (1993?), the one with that obnoxious Puck guy, and Pedro (I had to look that up on the web to actually remember). Pedro died and they started an AIDs fund in his name. It hasn't been as "real" as that since...for the last more than half-decade MTV seems to have been just increasing pop drivel...
FAQ: http://www.personalrobots.com/technicaldirt/faq/fa q.cgi?FAQ Linux ?: http://www.personalrobots.com/technicaldirt/faq/fa q.cgi?SHOW_ANSWER=01-general.txt+24 "Linux Linux Linux.. Need I say more? Open up your libraries to the Linux community and you will find your product improving daily at no cost to you fromthe efforts of the Linux development community. I couldn't agree more. Our libraries are open any time. We have yet to refuse anyone who wanted a copy of our source code. Please, take the bull by the horns and start writing the Linux rev for us. We are swamped with new features and bug fixes just sticking with one operating system (let alone 2, 3, or 4 (Linux, Mac, Unix))." ---- cool
Am I having deja vu...does the plot of Geeks sound amazingly like a Dateline episode I watched once...or maybe Katz ran an article on Slashdot about these guys. Somehow I've heard this story before.
What a relief...I was so worried about whether the moon would be the brightest in 133 this December 22nd...I mean the anxiousness, and nervousness was gnawing at me, I could hardly sleep. I'm glad Slashdot has finally put this nagging enigma to sleep.
"The government can most certainly tax the citizens for anythign they want. The founding fathers abhorred the ideas of taxation without representation, not just taxation." I remember hearing or reading somewhere that they were against/arbitrary/ taxation too. The government shouldn't tax you without a reason. Taxes only exist to fund resources that the population actually uses. "Besides the fact that the US government basically created the internet, and the Feds or the states have been taxing interstate commerce for decades..." Well, after a certain point it was mostly education (non-profit usually) institutions and then private companies which developed the internet (BSD? SCO? CISCO?) For interstate commerce, the federal government has to repave and build new highways, etc. I don't see what the US government does to sustain the internet. It's not like they are out there putting in wire or running routers or something.
"Well.. Streets for the Stuff you *can't* just transfer over the 'net (ever tried to get a sixpack trough a telephone line?), then there is the police, that at last *tries* to prevent bad boys to just take the nice goods you bought over the 'net." We've had streets and police since our country was founded. I don't see how the net changes that. We don't need any more streets (well,/perhaps/ the heavier post office trucks weighted with ecommorce packages would wear out the streets more) or police (actually, I'd guess we'd need less police because there would be less stores to steal from). Anyway, the USPS is having a field day because they are getting so much more new business. That's at least one place where the government is already getting compensated.
"I can easily imagine a machine pretending to be human wanting to become fully human. Such a machine would likely have emotional states, since we are unlikely to be able to separate these genuinely human conditions from an abstract intelligence. We don't even have a good definition of intelligence, and even if we fully understood the biology and functioning of the brain, we are unlikely to be able to discuss intelligence apart from it's structural framework." Well, if a machine didn't have emotion, it couldn't/want/ to have emotion. Organic systems have a goal - survive. That goal gives them will, which translates into wants, desires. An artificially-maintained intelligence, having no will to survive, may have to reason to care about anything. The various emotional nuances may simply not have a place. This behavior wouldn't be emergent. Artificially implant a "goal" or survival in the intelligence and these things may emerge. I like ice cream because it is sweet, it is sweet because it has sugar, sugar is sustainence, and sustainence keeps me alive, which has been hardcoded as GOOD in my brain.
I agree with you to a large extent. Intelligence is emergent behavior. We percieve it as something unique and special, (well, because it is rather unique and special). However, there is nothing preventing non-organic systems from becoming intelligent. It is possible, if not probable, that non-organic intelligence would be based on a neural-network (like its biological counterpart). Neural networks are just humongous pattern matchers, with fuzzy logic. Given that, it may be possible for machines to "feel" certain things, or have quasi-emotions, or intuition. However, as a followup poster noted, humans themselves are not purely behavioristic. Therefore expecting machines to be entirely capable of becoming like humans, simply because both systems are behavioristic might not exactly follow. Humans have all sorts of weird non-logical biological influences on our "behavioristic" nature. We do stupid irrational things. We also make unaccountable stupendous and original leaps of innovation and thought. We have state which effects our outputs, starting before we were born. I am not saying that machines/robots/computer/non-organic systems/can't/ ever be human, I'm just saying that using a behavioral argument, it might not exactly follow. On a pure empirical basis, of course there is nothing stopping it, after all, we're all atoms. Humans are special. That's not to say they are more or less good or bad than anything else, but they are unique.
I'm not crying for Barnes and Noble just yet. Of the two, at least Amazon is a bit more morally responsible (providing business to small-time local resellers/bookstores, etc.).
Amazon is still the David to the Barnes and Nobles print publisher-cum-distributor Goliath.
"It's impossible to stop cheating in an environment with untrusted clients."
/decent/, non-cheating players.
/everything/ but inputs are pushed to the server, at which point the game becomes secure (except for the behavioral cheats), but entirely unplayable). For the game to be completely cheat-proof the whole architecture has to change, and I don't think there is one that could live up to and support the fast and furious online play.
I completely agree. This has nothing to do with open source or closed source. It is just simply impossible to stop cheating in an environment with untrusted clients. If you force clients to be trusted somehow (which won't work anyway) by only releasing "blessed" clients, then you have just lost the benefit of open source, and made a humongous pain in the ass for
All sorts of solutions and fervent discussion is flying around about how to make it secure. It always resolves down to security through obscurity. In the end any "security" system in place will just make it harder on decent players. Because of the simple fact that any system that trusts the client is unsafe, it will never be a absolutely safe game (unless
Jazilla.org - the Java Mozilla
"i disagree, this seems like one of those instances it wont work. jc is right, with the source open and me being able to enter as a server op "if name == mine, scale damage by 75%","
(don't know who actually posted this)
But who the hell is going to play on your server once they realize you/your server is cheating? Do all you want to your server. Nobody will want to play with you. This is besides the issue of open source or closed source (a non-issue), or client security (a not-completely-solvable issue).
Jazilla.org - the Java Mozilla
I think the going price on the net is $99/$100. I haven't seen it lower than that, and I wouldn't buy it for more than that.
Jazilla.org - the Java Mozilla
"... to your scheme would be to only audit the "n" top players, because who cares if someone is cheating if they have a crappy score right ?"
How about a cheat that allowed people to kill teammates? I mean, it really is of no use to someone unless they're an asshole spammer, but there are plenty of those. Score shouldn't be the [only] criteria. Disruption of gameplay is the big one. I mean, if someone had a cheat that exited a level, that wouldn't raise their score but it would really disrupt the game and suck, and have to be fixed.
Jazilla.org - the Java Mozilla
The problem, though, is not invalid behavior. Invalid behavior can be shoved to the server and verified. What is a bigger problem is valid, but highly improbable behavior. For instance, since my client knows everthing about the state of the world, I can program valid, but highly improbably inputs, that allow me to dodge most anything, simply because I /know/ the trajectories of everything. Now is this legal? Of course...it is /possible/ that I could really have the skill to do this...but very improbably.
/not/ to know the state of the world, but only the portion it can percieve. But since the permutations of changes of one state to another is smaller than the permutations of all possible states, I think it has been easier to do the "push-state-and-sync" method rather than "redefine-state-every-time".
As long as the client knows everything about the world, these sort of exploits will be possible. I think the current protocals maintain a state in the client and then sync that state frequently. The client "knows" the state though. The only option is for the client
Jazilla.org - the Java Mozilla
I agree that imposing some convoluted (and utltimately impotent) form of security might just stub development. Keep it open and keep it simple. People will always cheat and it won't be possible to stop them, even with proprietary code. It should be pretty easy to spot cheaters, and if it is not then is it really a problem? So let some guy see through walls as long as he's not disrupting gameplay. The moment he does something shady to disrupt gameplay, off he goes.
Jazilla.org - the Java Mozilla
"Such as, say you wan't to fire your shotgun at AC_QuakeWeenee but you don't have any shells left, server doesn't know you have a hacked client which gives you unlimited ammo however, but it doesn't matter, the server would keep track of the clients ammo, and would disallow it from firing (maybe not on the clients machine, but to everyone else, the cheater never fired)."
I still think this would work in real life because of latency issues. Remember, clients like Quakeworld do all sorts of predicting. To make the game seem smoother, they automatically respond to your actions on your screen before syncing with the server. Imagine if you had to wait to see your shotgun fire until a round trip was made from your Ctrl keypress to the server and back so it could determine if that was a valid thing to do. Of course you could let clients go ahead and display actions regardless of the server's decision to honor them...that may work.
Also, as you mention, if the user is in control of the client, and the client "knows" everything about the game, there is absolutely nothing stopping somebody from hacking a client to help themselves without touching the protocol at all. Making enemies glow red, automatically dodging rockets...client bots are designed around this very thing...they are allowed to "know everything". There is going to be no stopping that even if things are offloaded to the server.
Jazilla.org - the Java Mozilla
There really is no way at all to prevent hacked clients as long as the server trusts the clients. The only way for the server not to trust the clients would be to offload everything to the server except inputs, which makes the client effectively just a remote viewer. Of course this is obviously impossible because it would render the game absolutely unplayable. Everything is "cheatable" basically, except the inputs. Making a closed source proxy won't work either, since the proxy can just be hacked. It is a stop-gap measure, but I think it won't really work. If the closed source proxy relies simply on a digest, it is trivial for any cracker, not to mention most pedestrian programmers, to hack the proxy to return one of a list of known valid digests, or simply use mechanisms of the os to fool the proxy (point it to a valid copy, but make it run the hacked one). There really isn't any way to stop it at all, except to just rely on the honesty of the Quake gaming community, and give a big fat walloping kick and ban to assholes found cheating.
Jazilla.org - the Java Mozilla
"Censors seem to feel the same way, in a sense. Children don't know what they're seeing is "bad", so we must "protect" them." This seems to be a central argument of pro-censorshipism. We need to protect our children by keeping them ignorant? We need to protect our children by limiting their exposure? While there may be some things that would detrimentally affect a child by simple passive viewing, any good child psychologist will tell you that it is much better for an adult to discuss and explain issues to their children instead of simply keeping their eyes closes. "If the child is old enough to ask the child is old enough to know" Have we really become such mental handicaps that very ideas themselves (however repugnant) are inherently damaging? It is a parent's responsibility to /parent/. Parenting can't be substituted by censorware. Funny how we have to protect a child from things because they do not know yet that they are "bad". We must /teach/ them that they are "bad" because they are naive. These are "impressions" we put on children. It is not bad until we say it is bad. How many traditional tribal Africans are arrested for public indecency? And how many of their children are scarred for life because they have seen members of their tribe naked (which of course is "bad")?
Jazilla.org - the Java Mozilla
We usually lambaste patents here. But isn't this the situation a patent was designed for? We want to /encourage/ and /enable/ Jim to make cool stuff...which obviously hasn't happened. I don't think it would be fair now, after the fact, for a Big Corporation to take the idea and make megabucks from it. Whether it is a patent's place to stop /this/ I don't know. But Jim should at least have some incentive to think up this stuff. If he is not allowed to patent it, and Big Corporations are allowed to steal it X years after the fact, what incentive does he have to continue inventing?
Jazilla.org - the Java Mozilla
Not an avid MTV fan myself, I did watch it a bit during the 93-95. I think the last "real" Real World was the second season (1993?), the one with that obnoxious Puck guy, and Pedro (I had to look that up on the web to actually remember). Pedro died and they started an AIDs fund in his name. It hasn't been as "real" as that since...for the last more than half-decade MTV seems to have been just increasing pop drivel...
Jazilla.org - the Java Mozilla
FAQ: http://www.personalrobots.com/technicaldirt/faq/fa q.cgi?FAQ Linux ?: http://www.personalrobots.com/technicaldirt/faq/fa q.cgi?SHOW_ANSWER=01-general.txt+24 "Linux Linux Linux.. Need I say more? Open up your libraries to the Linux community and you will find your product improving daily at no cost to you fromthe efforts of the Linux development community. I couldn't agree more. Our libraries are open any time. We have yet to refuse anyone who wanted a copy of our source code. Please, take the bull by the horns and start writing the Linux rev for us. We are swamped with new features and bug fixes just sticking with one operating system (let alone 2, 3, or 4 (Linux, Mac, Unix))." ---- cool
Jazilla.org - the Java Mozilla
And by the way...what the heck happened to the sigs? Did Rob remove the HTMLability out of them? My links are all gone.
Jazilla.org - the Java Mozilla
Am I having deja vu...does the plot of Geeks sound amazingly like a Dateline episode I watched once...or maybe Katz ran an article on Slashdot about these guys. Somehow I've heard this story before.
Jazilla.org - the Java Mozilla
Well, they released wolf3d and doom. In another 2 or three years, maybe it will be quake 2 89
Jazilla.org - the Java Mozilla
What a relief...I was so worried about whether the moon would be the brightest in 133 this December 22nd...I mean the anxiousness, and nervousness was gnawing at me, I could hardly sleep. I'm glad Slashdot has finally put this nagging enigma to sleep.
Jazilla.org - the Java Mozilla
"The government can most certainly tax the citizens for anythign they want. The founding fathers abhorred the ideas of taxation without representation, not just taxation." I remember hearing or reading somewhere that they were against /arbitrary/ taxation too. The government shouldn't tax you without a reason. Taxes only exist to fund resources that the population actually uses. "Besides the fact that the US government basically created the internet, and the Feds or the states have been taxing interstate commerce for decades..." Well, after a certain point it was mostly education (non-profit usually) institutions and then private companies which developed the internet (BSD? SCO? CISCO?) For interstate commerce, the federal government has to repave and build new highways, etc. I don't see what the US government does to sustain the internet. It's not like they are out there putting in wire or running routers or something.
Jazilla.org - the Java Mozilla
"Well .. Streets for the Stuff you *can't* just transfer over the 'net (ever tried to get a sixpack trough a telephone line?), then there is the police, that at last *tries* to prevent bad boys to just take the nice goods you bought over the 'net." We've had streets and police since our country was founded. I don't see how the net changes that. We don't need any more streets (well, /perhaps/ the heavier post office trucks weighted with ecommorce packages would wear out the streets more) or police (actually, I'd guess we'd need less police because there would be less stores to steal from). Anyway, the USPS is having a field day because they are getting so much more new business. That's at least one place where the government is already getting compensated.
Jazilla.org - the Java Mozilla
Yes, but in this case it was a grammar (I guess that would be logic in programming terms) error. awk s/foo/bar/g is not a typo and doesn't make sense.
Jazilla.org - the Java Mozilla
"I can easily imagine a machine pretending to be human wanting to become fully human. Such a machine would likely have emotional states, since we are unlikely to be able to separate these genuinely human conditions from an abstract intelligence. We don't even have a good definition of intelligence, and even if we fully understood the biology and functioning of the brain, we are unlikely to be able to discuss intelligence apart from it's structural framework." Well, if a machine didn't have emotion, it couldn't /want/ to have emotion. Organic systems have a goal - survive. That goal gives them will, which translates into wants, desires. An artificially-maintained intelligence, having no will to survive, may have to reason to care about anything. The various emotional nuances may simply not have a place. This behavior wouldn't be emergent. Artificially implant a "goal" or survival in the intelligence and these things may emerge. I like ice cream because it is sweet, it is sweet because it has sugar, sugar is sustainence, and sustainence keeps me alive, which has been hardcoded as GOOD in my brain.
Jazilla.org - the Java Mozilla
I agree with you to a large extent. Intelligence is emergent behavior. We percieve it as something unique and special, (well, because it is rather unique and special). However, there is nothing preventing non-organic systems from becoming intelligent. It is possible, if not probable, that non-organic intelligence would be based on a neural-network (like its biological counterpart). Neural networks are just humongous pattern matchers, with fuzzy logic. Given that, it may be possible for machines to "feel" certain things, or have quasi-emotions, or intuition. However, as a followup poster noted, humans themselves are not purely behavioristic. Therefore expecting machines to be entirely capable of becoming like humans, simply because both systems are behavioristic might not exactly follow. Humans have all sorts of weird non-logical biological influences on our "behavioristic" nature. We do stupid irrational things. We also make unaccountable stupendous and original leaps of innovation and thought. We have state which effects our outputs, starting before we were born. I am not saying that machines/robots/computer/non-organic systems /can't/ ever be human, I'm just saying that using a behavioral argument, it might not exactly follow. On a pure empirical basis, of course there is nothing stopping it, after all, we're all atoms. Humans are special. That's not to say they are more or less good or bad than anything else, but they are unique.
Jazilla.org - the Java Mozilla
Yeah, if he made a grammar/syntax error in PERL code, everybody would be all over him.
Jazilla.org - the Java Mozilla
| Don't mean to be a nit-pick, but it's probably
| "Boy, I sure am *adverb* about *object*"
Huh...like,
"Boy, I sure am 'slowly' about 'books'"
or
"Boy, I sure am 'quietly' about 'trees'"
?
Jazilla.org - the Java Mozilla
I'm not crying for Barnes and Noble just yet.
Of the two, at least Amazon is a bit more morally responsible (providing business to small-time local resellers/bookstores, etc.).
Amazon is still the David to the Barnes and Nobles print publisher-cum-distributor Goliath.
Jazilla.org - the Java Mozilla
"Boy, I sure am *verb* about *subject*"
As in, "Boy, I sure am 'jump' about 'Hemos'"?
Perhaps you mean "Boy, I sure am *adjective* about *object*"
Jazilla.org - the Java Mozilla