noxious
Posts: 177
Joined: 6/13/2008 From: Montreal, Qc, Canuckistan Status: offline
|
quote:
To discard those "cheat" messages may be a better choice,but not the best.I think a strong anti-cheating system is needed all the while, one who played TOAW is always try to achieve a better result,even the best,so if we give up this system,there will be no trust at all.I hope the coming patch will resolve this problem,though it seems Ralph did not have this plan. Wrong. On a limited budget of both time and financial means, it makes no sense to put any effort into anti-cheating measures, period. They're broken, chuck 'em out I say. Not to forget that they might be the single cause of thinking you're playing with a, or cheater(s) : the community is not that big, names would go around if there really was a cheating problem these days (not to say it might not have been the case in the past, but atm, I don't believe we have a problem at all). So I'll put forward that the notion that we badly need anti-cheat or lose all trust between players is totally fallacious, and simply the results of a broken anti-cheat systems giving you the impressions there might be a problem... If and when there is time and resources to re-implement them, maybe a budget for that can then be considered. Until then, I'd rather have Ralph work on stuff that truly interests him, and proves fun for him to work with (you realize TOAW is his second job, and mostly, if not completely a labour of love ?), on the kind of features he mentions on his blog :) As you should know, the most effective anti-cheating system for shooters has been punk buster so far, and it's a third party solution, designed and built by a dedicated team (plus it's in the context of non secure server/client architecture where the client executes some of the authoritative code on his machine and not just on the server, which makes it simpler than peer to peer, where every players has access to all the data, and runs the simulation on his machine) We'll call that "untrue" server/client since it's not just the server running simulation code, but it's still the authority on what's true or false in the simulation, thus why one's prediction of movement in Quake doesn't always match the servers, and thus one gets paradoxes. For true server/client architecture, look to MMOs (like in WoW, where you're only displaying graphics, and running your UI locally (roughly) and initiating actions that will affect the world, subject to server veto.) That's the only way to truly prevent cheating in most cases : not trust ANY player at all from a coding and data perspective, so run everything on the server, checksum the data/code/scripts and make sure it's valid or don't load/run/send it on the network... Pair that with encryption, and you'll still find numerous security holes throughout the project's development AND deployment, till it's retired in fact :) Why ? Because cheaters/crackers will find ways to use your network code or modding SDK to cheat/attack your product. Always. Without proper leverage of encryption, it's even worse. As long as you're not using encryption AND an authoritative server controlled by a third party (publisher or developer or provider), protection by obfuscation will only give you the illusion of anti-cheating measures (something Ralph is well aware of, I'd venture to say) and might even lull you into complacency : for this game (and most if not all PBEM games), unless a complete rewrite for server/client architecture comes along, our only anti-cheat measure is playing with people you trust, and when facing a new player, be very suspicious ;) And even then, it's not 100% anti-cheat proof : someone can still spoof things by abusing the data sent over the network, etc. This is NOT a trivial endeavour : if the military and scientific communities can't guarantee absolute code and data integrity, how do you want us to do it in games ? :) The style of PBEM play is inherently insecure, and obfuscation has been shown time and time again not to work, not just in games :) Incidentally, that's why I favor open, truly modable games : everyone then gets the opportunity to be educated enough about the game to know when someone is cheating. Whether they do that legwork or not, is up to them. That's basically how cheaters were caught in Quake 1, 2 and 3 : they devised cheats through modding, abusing config settings, and were found out by other knowledgeable players who spotted bizarre behaviour in game, and then researched how it could be done. Then, you can plug that hole (while hoping you don't create others) It's the philosophy behind some of the most secure OSes out there, which happen to be Open Source offerings in the Unix mould, including Linux, the various Open and Free BSDs, etc. Shining debunking of protection through obfuscation : nothing is hidden, and it's still way more secure (hint : go look at Apache's security report vs IIS. Another example of how obfuscation doesn't work ;)) And no, I'm not advocating TOAW should be open source, far from it. Just using the stellar record of some open source offerings security wise compared to the attitude of keeping if closed so it's obfuscated. I say Ralph chucks out all the anti-cheating messages AND mechanisms, unless he thinks one or more of those mechanisms really has a reason to exist. There is no way, even with time and a lot of budget and a huge team, to make the (any) game cheat or abuse proof, period. You think it's possible to ship software without any bugs ? (hint : it's not, since some bugs happen because of things you could not plan for, including bugs from third party libraries or software. Get the picture ? Sure, things can always be better, but you reach a point where the cost vs the return detracts from the main effort, in this case, quashing bugs and adding features to TOAW 3) As for storing the pseudo-random number generator seed in the files, it's both a step in the right and wrong direction, depending how you look at it : with the seed, you can actually predict the exact sequence of "random numbers" given by a specific generator. With sufficient knowledge of a certain sequence of events using said numbers, you then have 100% predictive powers on the outcome :) A pseudo random number generator is basically just a glorified calculation using modulo and prime numbers. The seed is the starting point of a sequence that will eventually repeat itself (usually takes a lot of time/instances of random number usage to cycle through the sequence, since every generator worth its salt uses big, prime numbers), and will always be identical when using the same seed and generator. Thus, the pseudo random nature of the generator. Now, storing it in the file also gives more determinism, if I understand Ralph's intent, for nifty (but boring) things like debugging ;) Not really an anti-cheat measure, but more a general bug fixing approach to make the whole game more deterministic so that it does the same thing when faced with the same constraints AND the same sequence of pseudo random numbers. Or helping prove someone a cheater :) (by showing he broke the sequence somewhat, maybe by changing the seed...) That will be possible because it will (help) guarantee the same sequence of random numbers. There is (a lot ) more to it than just storing the number to guarantee 100% reproducibility of events, involving proper journaling of the game, etc. e.g even if your generator always spouts off the same numbers (and any proper random number generator will when using a given seed) you still have to use them in the exact same sequence to get the same results. If for any reason, a combat roll happens slightly earlier or later and uses a different "step" of the generator, results with differ. Ditto with any TOAW code that uses that particular sequence of numbers. Again, at this point in time, under the present set of circumstances, I see it as a losing proposition to spend any time or budget on anti-cheating measures in TOAW : it would be put to better use taking them out without breaking the game, and more important, tweaking and improving the whole game :)
_____________________________
Be Kind. Everyone is fighting a hard battle.
|