Security needs to be a major priority with this game (Full Version)

All Forums >> [New Releases from Matrix Games] >> Empires in Arms the Napoleonic Wars of 1805 - 1815



Message


NeverMan -> Security needs to be a major priority with this game (11/3/2008 9:33:01 PM)

Right now it's way too easy to cheat. Before the editor, PBEM skipping, PBEM simul, blah blah blah, the major holes in security really need to be fixed. I'm surprised there aren't more threads regarding this subject.





Dancing Bear -> RE: Security needs to be a major priority with this game (11/4/2008 3:03:09 AM)

This has come up before, and if I recall, correctly was said to be technically too difficult to change, or possibly requiring a fundamental change to the game set up.

It should, however, be pretty straight forward. Revising the existing process with the following should work, and maybe not need any database changes. Basically it is the same as the existing system, but the die rolls and chits are revealed at the beginning of the next round, rather than at the end of the current round. This way the chits and die rolls are revealed after a file exchange, and therefore can not be changed/re-rolled. Would this only add one file exchange?

Let’s see if I can get this right.

Step 1: Attacker (A) chooses a chit, the game makes the attackers dice roll, but does not show the attacker (yet). Attacker sends file to defender.

Step 2: Defender (D) receives file, selects chit. The game makes the defenders die roll, but does not reveal either the attacker’s chit or the die rolls to the defender (yet). (if D selects withdraw, game rules withdraw, but does not show D). D sends file to A.

Step 3: A receives file, and is the first player to see both chit choices and both dice rolls (and withdraw role). Assuming D did not withdraw, A takes first round losses, sees the number, but not the type of losses taken by D, and then decides to reinforce/commit guard. (If D successfully withdraws, file goes back to D and there is no further action). Assuming no withdraw, game rolls for outflank (if any), but does not show A die roll result. Game rolls round 2 die roll for A, but also does not show A die roll result. A sends file to D.

Step 4: D receives file and see the chits and first round die rolls for first time (including the number, but not the type of A losses). D takes first round losses, then is shown the type of A’s losses, and then decides to reinforce/commit guard. Game rolls round 2 die rolls for D, but does not show D. D sends file to A.

Step 5: repeat 3. A takes second round losses, sees number of D’s losses, game rolls third round die roll but game does not show A his die roll. A sends files to D.

Step 6: report 4. D takes second round losses, sees A’s second round losses, and game rolls third round die roll but does not show D his die roll. D sends file to A.

Step 7: Attacker takes third round losses, sees D losses, and if unbroken, decides if there will be an extra day. A sends files to D.

Step 8: D takes third round losses, sees A losses, and if unbroken, decides if there will an extra day. D sends file to A.

Step 9: A takes final losses, selects chit for second day if any (go to step 1).

When one side breaks or both sides break, the battle is over, as per normal. If A breaks, he is the first to find out, but file needs to go back to D, who decides on pursuit (A can plead for mercy during this file exchange). If D breaks, he is the first to find out, but file needs to go to A, who decides on pursuit (D can plead for mercy at this stage). If no pursuit is possible (i.e. victor has no cavalry or has taken too much morale loss), then maybe this last exchange becomes simply for the winners information, and the game moves on once the loser has taken the losses.

If both sides break, then A will find out first.

As long as the attacker can live with seeing only the number of defender losses, instead of the type of loss, before deciding reinforcement/guard/third day, then there is no real change in the process.

I think this only adds one extra file exchange, which seems worth it to me, if it makes cheating much harder.




NeverMan -> RE: Security needs to be a major priority with this game (11/4/2008 4:20:22 AM)

If there are no other arguments as to why this game is unplayable this should be the one:

IT'S WAY TOO EASY TO CHEAT!!!

That's the one solid argument every who cares to know should know. Bottom line.




obsidiandrag -> RE: Security needs to be a major priority with this game (11/4/2008 9:08:26 PM)

That is one of my reasons for being a proponent of IP with loging in and out for play to continue as long as the players are there - So if its France's turn and they are kicking it with Austria and Prussia, Turkey can take a nap...  Or put it on auto with the new skip screens...  Not that there wasn't cheating with Face to Face, just not as easy...  that is why when we used to play we always announced builds and tracked total manpower so forces did not just show up from not being erased after a battle etc..  In that respect, the conputer keeps alot more honesty than most...  I still like the player vs AI but it is true, the computer still cheats there every once in a while too.




bresh -> RE: Security needs to be a major priority with this game (11/5/2008 9:57:32 AM)

About security issuses.
I dont see why you need to know corps names etc, for forage rolls. This in general drops the security, since with a little math skill you can locate different special corps, by checking forage values.


Regards
Bresh




Marshall Ellis -> RE: Security needs to be a major priority with this game (11/5/2008 1:14:54 PM)

FYI...I will be looking to install some extra PBEM secutiry in 1.05-1.06




NeverMan -> RE: Security needs to be a major priority with this game (11/5/2008 2:45:18 PM)


quote:

ORIGINAL: bresh

About security issuses.
I dont see why you need to know corps names etc, for forage rolls. This in general drops the security, since with a little math skill you can locate different special corps, by checking forage values.


Regards
Bresh


You should be able to look at what kinds (not actual corps) of corps are in any area at any time regardless. This limited FOW is just dumb and annoying.




Marshall Ellis -> RE: Security needs to be a major priority with this game (11/5/2008 4:02:03 PM)


quote:

ORIGINAL: NeverMan


quote:

ORIGINAL: bresh

About security issuses.
I dont see why you need to know corps names etc, for forage rolls. This in general drops the security, since with a little math skill you can locate different special corps, by checking forage values.


Regards
Bresh


You should be able to look at what kinds (not actual corps) of corps are in any area at any time regardless. This limited FOW is just dumb and annoying.


I thought you could?





NeverMan -> RE: Security needs to be a major priority with this game (11/5/2008 5:32:01 PM)

quote:

ORIGINAL: Marshall Ellis


quote:

ORIGINAL: NeverMan


quote:

ORIGINAL: bresh

About security issuses.
I dont see why you need to know corps names etc, for forage rolls. This in general drops the security, since with a little math skill you can locate different special corps, by checking forage values.


Regards
Bresh


You should be able to look at what kinds (not actual corps) of corps are in any area at any time regardless. This limited FOW is just dumb and annoying.


I thought you could?




Often times I am unable to simply click in an area and have a list of the corps appear. Am I the only one with this problem?




ndrose -> RE: Security needs to be a major priority with this game (11/5/2008 5:39:05 PM)


quote:

ORIGINAL: NeverMan

Often times I am unable to simply click in an area and have a list of the corps appear. Am I the only one with this problem?


They should be there. Make sure you have the right view selected; remember, you can choose whether you're looking at AR/ER/AC/EC. Check the slider also (if you've most recently been looking at another area with a long list of corps, and then click on a new area, those corps may be hiding off the left end....




bresh -> RE: Security needs to be a major priority with this game (11/6/2008 9:32:57 AM)

quote:

ORIGINAL: NeverMan


quote:

ORIGINAL: bresh

About security issuses.
I dont see why you need to know corps names etc, for forage rolls. This in general drops the security, since with a little math skill you can locate different special corps, by checking forage values.


Regards
Bresh


You should be able to look at what kinds (not actual corps) of corps are in any area at any time regardless. This limited FOW is just dumb and annoying.


Inf corps, yes, but say 1 Guard corps, janisary Light Cav, Artillery corps. Forage in a area 2(with modifiers) while the rest of the corps forage in value 3 or 4.
Then all know Ahh the Guard corps etc, is the one in that area..

It should say XX-corps, or XX-cav-corps. not named corps-names on forage rolls.
Also no point in posting autoforages.

Where XX is the MP, GB,FR,TU etc.

Regards
Bresh




Marshall Ellis -> RE: Security needs to be a major priority with this game (11/6/2008 12:13:19 PM)

You should be able to see the type of corps (Inf or Cav) but that is it! You should not be able to see Artillery, Guard types. I apologize for being redundant Bresh but you are right and this is the expected behavior.




Jimmer -> RE: Security needs to be a major priority with this game (11/7/2008 12:11:07 AM)


quote:

ORIGINAL: NeverMan
Often times I am unable to simply click in an area and have a list of the corps appear. Am I the only one with this problem?

Try right-clicking some other map area (any area except the one you are trying to get to or the one that currently has focus). Then click on it.

If this works, then there is already a bug report. But, I made it "tweak" level and in interface change, so it's on a back burner.




NeverMan -> RE: Security needs to be a major priority with this game (11/7/2008 12:53:45 AM)


quote:

ORIGINAL: Jimmer


quote:

ORIGINAL: NeverMan
Often times I am unable to simply click in an area and have a list of the corps appear. Am I the only one with this problem?

Try right-clicking some other map area (any area except the one you are trying to get to or the one that currently has focus). Then click on it.

If this works, then there is already a bug report. But, I made it "tweak" level and in interface change, so it's on a back burner.


Yeah, I have tried this and it doesn't work. This "technique, aka workaround" seems to work for most things so this was one of the first things I tried.




bOrIuM -> RE: Security needs to be a major priority with this game (11/8/2008 3:36:43 PM)

According to me, Id like to have a autosave option added in the game for PBEM games. And good Cancel option to comes with.
It is way too easy to reload the save file to do your turn again if its not as you liked it. If you wanted to break a city and doesnt breach, you just need to load the save game again an retry to breach it ! way too easy to always have what you want.




NeverMan -> RE: Security needs to be a major priority with this game (11/8/2008 7:51:54 PM)


quote:

ORIGINAL: bOrIuM

According to me, Id like to have a autosave option added in the game for PBEM games. And good Cancel option to comes with.
It is way too easy to reload the save file to do your turn again if its not as you liked it. If you wanted to break a city and doesnt breach, you just need to load the save game again an retry to breach it ! way too easy to always have what you want.



Yes, this is one of the few security issues.




borner -> RE: Security needs to be a major priority with this game (11/8/2008 10:37:19 PM)

good point. I have never thought of this, but I tried it and that is exactly how it works. Plus, thanks to the thread, anyone like me that had not thought of this, now knows how to cheat. So PLEASE push this up the priority list. We all know 95% of us are honest, but..........




NeverMan -> RE: Security needs to be a major priority with this game (11/9/2008 3:27:16 AM)

To me (a bit of a paranoid) it just sucks knowing it's this easy to cheat. I'd like to trust people but at the end of the day it's not worth it to play a game that takes so much time when you know the other guy can decide his own fate simply by reloading his turn.




Dancing Bear -> RE: Security needs to be a major priority with this game (11/9/2008 8:08:04 PM)


quote:

ORIGINAL: NeverMan

To me (a bit of a paranoid) it just sucks knowing it's this easy to cheat. I'd like to trust people but at the end of the day it's not worth it to play a game that takes so much time when you know the other guy can decide his own fate simply by reloading his turn.


This type of problem should be very easy to fix. Why not have the game role a list of 100 rolls at the end of the previous players turn (say 100 roles for foraging, 100 for besieging, naval interception, naval combat, etc), then during the current players turn, the game just picks from that the top of that list for whatever type of roll? Basically this would mean all the die rolls happened during the previous player's turn, which neither the previous player can see, nor the current player change. If a player reloaded his turn, he would get the same rolls for foraging as the first time he tried to load it. The best the active player could then do is possibly change the order in which his/her corps foraged/besiged etc (even this could be almost eliminated with some more effort by assigning the die rolls to corps numbers and leaders). This greatly reduces the benefit of the reload cheat.

If you were afraid that a player might hack the code to get the rolls before opening his turn, then there are ways to deal with that too.

The game could still generate random numbers if it ever ran out, or for those strange events that don't come up very often, so only a few items would need a the couple of extra lines of code it would take.

The same thing can be done for battle files. Have all the die rolls for battle files generated in the previous players turn, so re-loading the file would do nothing, as you would always get the same result (have different lists for combat, reinforce, withdraw, outflank, etc.).

Now, if you also hid the opponents chit selection until after active player (whether Attacker of deffender) has emailed his turn off, then the system is secure from such simple cheats.

The reload cheat is so easy to elminate, I can't see it taking more than a day's worth of programming effort (of course, I'm not a programmer, so I have no idea).




Thresh -> RE: Security needs to be a major priority with this game (11/10/2008 3:06:17 AM)

So it's just easier for you to assume that anyone else you're playing with it cheating, but you're a paragon of virtue?

That's High class there...

Todd



quote:

ORIGINAL: NeverMan

To me (a bit of a paranoid) it just sucks knowing it's this easy to cheat. I'd like to trust people but at the end of the day it's not worth it to play a game that takes so much time when you know the other guy can decide his own fate simply by reloading his turn.





NeverMan -> RE: Security needs to be a major priority with this game (11/10/2008 2:12:35 PM)


quote:

ORIGINAL: Thresh

So it's just easier for you to assume that anyone else you're playing with it cheating, but you're a paragon of virtue?

That's High class there...

Todd



quote:

ORIGINAL: NeverMan

To me (a bit of a paranoid) it just sucks knowing it's this easy to cheat. I'd like to trust people but at the end of the day it's not worth it to play a game that takes so much time when you know the other guy can decide his own fate simply by reloading his turn.




Thanks for putting words in my mouth!

Nice personal insult too.

If getting this thread shut down was your goal you probably succeeded. Erik certainly looks for any excuse to shut down a thread with anything negative about this game.




Archiduque -> RE: Security needs to be a major priority with this game (11/10/2008 6:13:53 PM)

The question is not about trust or not trust. The question is that if i have assaulted three cities and had luck enough to breache them all, my fellow will be thinking "uh, too many luck, isn't it?". Obviously, he will forget the two forage 6 i had with a forage value of 5, or the two assaults i couldn't breach turns before. Only that i had too many luck this turn. I would prefer cheating to be impossible.

A possible solution: what about a register of loaded phases with dice rolls made?. I think Steel Panthers had it: when you loaded your game, it stated how many times your opponent loaded his. It would be very strange if anybodoy loads two or more times.




Marshall Ellis -> RE: Security needs to be a major priority with this game (11/11/2008 12:23:13 PM)

Look to have something like this in 1.05-1.06




pzgndr -> RE: Security needs to be a major priority with this game (11/11/2008 7:41:32 PM)

quote:

Erik certainly looks for any excuse to shut down a thread with anything negative about this game.


Erik has an issue?? It seems pretty obvious that Neverman looks for any excuse to jump into every thread here and say something negative and/or insulting about the game and its developers. That's bashing, with an agenda. It is becoming very tiresome to see every EiANW thread infected with such unhealthy negativism. No game for entertainment purposes warrants this kind of deliberate and repetitive harassment. It is just a game! If it's not for you, suck it up and go away. The majority of players here seem genuinely interested in moving the game forward towards resolving known issues and should not have to put up with this nonsense.

quote:

6 Difficult Types of People and How to Deal With Them
by Clay Tucker-Ladd, Ph.D.
April 15, 2008

2. The Chronic Complainer
What about the chronic complainers? They are fault-finding, blaming, and certain about what should be done but they never seem able to correct the situation by themselves. Often they have a point — there are real problems — but their complaining is not effective (except it is designed to prove someone else is responsible).

Coping with complainers involves, first, listening and asking clarifying questions, even if you feel guilty or falsely accused. There are several don’ts: don’t agree with the complaints, don’t apologize (not immediately), and don’t become overly defensive or counter-attack because this only causes them to restate their complaints more heatedly. Secondly, as you gather facts, create a problem-solving attitude. Be serious and supportive. Acknowledge the facts. Get the complaints in writing and in precise detail; get others, including the complainer, involved in collecting more data that might lead to a solution. In addition to what is wrong, ask “What should happen?” If the complainer is unhappy with someone else, not you, you may want to ask, “Have you told (the complainee) yet?” or “Can I tell __________?” or “Can I set up a meeting with them?” Thirdly, plan a specific time to make decisions cooperatively that will help the situation…and do it.


It also seems pretty obvious that Marshall and Matrix have been very forthcoming in acknowledging complaints and resolving issues, slowly but surely. What more can be expected at this point? But none of that matters to a chronic complainer. [8|]





bresh -> RE: Security needs to be a major priority with this game (11/11/2008 9:25:53 PM)

I do think games should have the option to not allow the quick field combats that involve 1 solo corps. 
So a game can has it on or off. But  you loose more than gaining in my view game.wise, you loose intell, you might choose different chit depending if you fight 1 or 2+ corps etc.

Another reason is Insurrection corps are bit of a joke, since you can not give them orders while in force-pool.  Nor can you place them yourself if enemy forces within Austria home-border.

But its also to help vs the doubts, about "odd" attacker chits.

Regards
Bresh




Jimmer -> RE: Security needs to be a major priority with this game (11/11/2008 10:07:08 PM)


quote:

ORIGINAL: Marshall Ellis

Look to have something like this in 1.05-1.06


DancingBear's fix seems logical, but there is a big hole in it. We've discussed this before, and should again as you are getting ready to implement any changes.

The problem is that it doesn't matter to the person reloading the file whether the rolls are in order or not. He can just choose a different order for the battles, and see if the results are better. It's a step in the right direction, but not a complete fix. At least, with predetermined rolls, he can't just reload; he has to actually reload and make battles, to see what happens.

In addition to this, two other things need to occur. The first is that a trusted authority (see below) must be contacted once a person starts up the combat phase (or, ends the movement phase). Once this happens, some kind of token must change hands that allows the person to continue into the battle. Unfortunately, the only truly secure way to do this is to involve another person, since any attempt to make the trusted authority be present on the cheater's system means that he can overcome it.

The second is that the person can only execute the combat phase once when he sends out the token. Now, because of the complexity of this (the player can choose to fight battles in any order), this effectively means that either the token must be updated each time a battle event occurs, or else a new token must be sent. I think the latter is better, but see below.

Finally, the random number cannot be pregenerated just "100 in advance". The person could overcome the token method by fighting one battle at a time over and over, and intercept all the tokens except the one he wants to use. I think instead, a combination of die rolling processes must be invoked. First, each area on the map should have a short list of predetermined die rolls attached to that location. So, now, changing the order does no good. Instead, he would have to abandon a battle if the rolls were determined to be bad for our friend the cheater. But, he can't do that if he's already passed a token.

Is this secure? No, nothing is. But, it's easily coded (except adding the pool of random rolls to each area on the map, possibly), and should be able to be added in stages. This would allow us to test out each piece of the security puzzle by itself, and make sure it doesn't damage other things inadvertently.

OK, I promised a discussion on tokens above. A token is simply a construct (file or database key in this case). A copy of the token is kept by the phasing player's copy of the game. This construct is created uniquely, in a similar fashion to how the PBM files are names. But, since the token is a lot more specific in its usage, that means that the uniqueness has to come down to something akin to the date and the system clock. This has the drawback of allowing people to change their time stamp as a way of hacking the code, but there are very few people who could pull something like that off ...

IF the token is encrypted. Even public-domain 40-bit encryption would be enough for all but the most determined hackers. And, testing out the theories would require many tokens, which means many months of playing. If they're THAT desperate, I'll just let them win. But, for the first pass, encryption should be left out for debugging purposes. It can be coded, but not turned on (should be coded to make sure it doesn't break something else).

Anyhow, a token can be sent either for the copy of the game, or it can be sent for each battle element (start of battle, chit pull #1, chit pull #1, etc). I think something between those two is more appropriate: A new token at the start of each battle, when the player first rolls a die.

Now, your next question should be "Hey, doesn't this mean even MORE emails?" Yes, it does. BUT, they can be one-way emails. Once the token has been sent, the battle can progress normally. The token does not need to be checked until AFTER the battle is all over (or, even, until the phasing players turn is completed). At that point, it is loaded as a separate PBM file into the main game. But, if the player cheated, his game's token will no longer match the one on the server.

There are still ways to cheat with this kind of setup, but it would be an order of magnitude harder. Plus, each piece of the picture adds a small amount to the security.




Jimmer -> RE: Security needs to be a major priority with this game (11/11/2008 10:12:25 PM)

By the way, the "random rolls" on each space on the map do NOT have to be a list of rolls. They can simply be the seed value from which the random function starts its list. Any unique seed value will always generate a unique series of random numbers, but each time the same seed is used, the same list will present itself. So, adding just a field for the seed value (which itself would be chosen randomly, and then saved).

NOTE: The map area seed values would have to be refreshed each time any player interacts with that space, but not take effect until the NEXT player interacts with that space. So, in essence, the random list the game generated when I entered London will not be actually used until some other player does something in London. Instead, the next player entering London (or reinforcing into it, etc) will grab the one my game created when they start THEIR battle. At the same time, their seed value would be placed into the holding area for the battle after that. And so forth.




Jimmer -> RE: Security needs to be a major priority with this game (11/11/2008 10:17:24 PM)

By the way, Marshall, this could be extended into zones inside of an area as well. You could have a seed holder for the city and for the rural area. But, if a corps enters an area with an empty city, then both zones would be updated at once.




Dancing Bear -> RE: Security needs to be a major priority with this game (11/11/2008 10:54:01 PM)

eh, yes, what Jimmer said. Marshall, is sounds easy enough to do something. Are you thinking along these lines?




Marshall Ellis -> RE: Security needs to be a major priority with this game (11/12/2008 12:29:46 AM)

Yes. My plan is to let the host know how many times a battle was loaded by EACH player. Maybe this should be public and not just the host?




Page: [1] 2   next >   >>

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
4.109375