PlaneShift
Gameplay => General Discussion => Topic started by: Drilixer on July 22, 2003, 12:25:58 am
-
I\'m just wondering but - what will stop people from cheating since this is an open source game?
-
their honor and truthful nature. hahaha.
-
that\'s heart warming
-
Originally posted by Drilixer
I\'m just wondering but - what will stop people from cheating since this is an open source game?
I\'m concerned about this too.
But right now, what would people want to be cheating for ? (playing devil\'s advocate here) The only advantage they could get is more crystals, which is only a temporary situation and doesn\'t really harm anybody.
The real problem of course is that if they don\'t realize this and think short-termed ( \"I wanna diamond now\" ) and make some exploit to achieve their goal, they will show it\'s possible. This could ruin the current experience and be worst in the future when RP is getting a more important part.
Being open-source means it is not possible to go fully against that. Of course more protections can be implemented server-side (e.g. movement check, behaviour pattern check, correlation, ...).
This reminds me of people using bots for DM and those using the Asus drivers that allowed texture (hence wall in that case) transparency. Problems like that are as old as multi-player games (or as games for that matter).
Maybe we will need internal security moderators in-game ? Like guards, or operatives ? NPCs that could be borrowed by GM (like in this thread (http://planeshift.oodlz.com/wbboard/thread.php?threadid=152&boardid=11&sid=8c7227322b51849dae49b9013b36c8f5), courtesy of Kada). It sounds like an attractive idea to me.
What about usual moderation, too ? I wonder how it will be handled and by who.
-
Open source does not mean unsecure. On the contrary. As long as most of the data is stored and manipulated on the server side I don\'t think cheating will be as much of a problem. Unless you are thinking of a Bot deal Like what happened on Ultima Online. But even that is harder on the kind of game PS is shaping up to be
-
I\'m unsure as to whether this should be known yet and if Venge was talking in mIRC I\'d ask him. But I figure it can\'t do any harm. Delete this post if you feel they/you arn\'t ready yet.
Near the time Crystal Blue is to be released, the devs will announce the need for suitable ingame GMs. We\'ll be given all the requirements needed and you will probably need to complete a test of sorts to make sure you\'re suitable for the job.
I assume GMs will have the necessary capabilities of dealing with abusive players, or some way of tracking odd behavour or people using exploits in the server and be able to kick them out.
-
wow, I don\'t know what to respond to that beyond the fact that I\'d do anything to be a gamemaster for once - been a dungeon master before - but not quite the same thing I guess
-
Originally posted by Drilixer
I\'m just wondering but - what will stop people from cheating since this is an open source game?
In every multiplayer game, client should not be trusted at all - data going to the client must be limited to what the player is allowed to know, and data going from the client must be checked or calculated directly on server. You should not count on that the software that runs on player\'s computer is the one you released.
This rule should be obeyed by both open-source and closed-source games, but in open-source games this is a necessity. Open-source makes it easy to create modified client. Closed-source doesn\'t make it easy but it also doesn\'t make it impossible. Because you can\'t rely on security-by-obscurity in open-source and you are forced to do things properly, the final security can be even greater that in closed-source projects.
-
I can assure you that being a GM won\'t have many \'perks\' as being a Dungeon Master does. Sure, you\'ll probably be able to spawn monsters and run quests, but that will be rare compared to the amount of actual \'moderation\' you will be required to do.
Also, GMs will be kicked out if the admins discover them to be buffing their own character for an unfair advantage over other players. This includes giving yourself items or money.
So really only dedicated people who are serious about wanting to spend more of their time ensuring the server runs smoothly than actually playing the game should apply for the position. If you\'re in it purely to spawn yourself two Galkards and a million diamonds, you can forget the idea before you even apply.
-
I\'d still like to be a GM - although to tell the truth primarily for the ability to run quests and spawn encounters
-
*is nervously waiting for Venge to delete her posts again* I feel like I\'ve said too much again, although, I don\'t see the harm in it... :(
-
I don\'t think it would make sense to keep something so obvious in secret
-
yeah we\'ve been expecting (and hoping for) GMs welll... forever
-
but i dont think GMs are suffecient anti-cheating defence
-
You could\'ve just edited your original post to add that one more sentence, Drilixer. Lazy boy! :P
I agree that it won\'t be enough in the future. But it will do for now. I think the devs will cross that bridge when they come to it.
-
The idea that tangerine brings up is correct. We basically have 0 trust in the clients to do any calcualtions that is why all data must be checked on the server to make sure it is in allowable tolerances.
We also limit what things are sent to the client. So for example you are only sent entities that are close to you. You can cheat here by writing a little script that can display this list. But you may only be sent some items where your very near them so cheating can be cut down that way.
Another theme on this is that if you know about a locked treasure chest then you will not also be sent the contents so you cannot cheat and know what is in before you open it.
Same can be said for things behind doors, etc.
There are some things that we cannot prevent cheating with though. Take for example the idea of nightvision. Since this is a client side type thing a player can \'turn it on by nefarious methods\" and there is not much we can do about that.
I\'m sure that people will cheat and we will try our best to close the holes as we discover them. We count on \'white hat\' people to report these exploits so they can be fixed in good time.
Also with \"CONSTANT VIGILANCE\" ( for you Harry Potter fans :) )
-
Originally posted by zaphar
Open source does not mean unsecure. On the contrary. As long as most of the data is stored and manipulated on the server side I don\'t think cheating will be as much of a problem. Unless you are thinking of a Bot deal Like what happened on Ultima Online. But even that is harder on the kind of game PS is shaping up to be
Open source meaning more secure algorithms or protocols is a well-accepted theory in security and cryptography. Because people will analyse the source and will point at weaknesses. It also means the malevolent people can take benefit of it. Who will be first ? It is an old debate, for those interested, here (http://www.counterpane.com/crypto-gram-0302.html) is an article about that.
In our case, it is not entirely true because, even if you can check the validity of the server code, you don\'t have the tools to protect the data and the way they are used on the user side. When you are using a transaction protocol, like in electronic payment systems, a device securely stores a set of keys, away from user tampering, that will be used for authenticating, signing and ciphering the data. Then this secured package can go outside the security perimeter.
Here, and without giving away hints, the user can tamper with the inputs and outputs on the client side, and this cannot always be detected on the server. Unless part of the code is in a black box, it will remain so. I am not saying part of the code should be concealed in such a drastic way of course. With sufficient code on the server side, most of the exploits could be discouraged. The additional CPU charge wouldn\'t be a real concern since this doesn\'t need to be checked all the time. With a little imagination, really powerful methods can be implemented, the only question is how far is it worth to go ? We are not talking about fund transfers.
And yes, a bot could be done for PS, although it would probably be easy to detect (especially if he answers you with a Huh? each time ;) ).
*pondering whether a bot could do the quest*
Mmmm .... definitely not :D
-
What acraig is pointing out is that only by managing the inputs and outputs to the client can compromised clients be prevented, detected and handled.
- Venge
-
Well what I wanna know is when are the abilities going to come into play. you know like stamina charisma etc. Cause i was talking to someone once and they said that they could manipulate the cost for there abilities and that it wasn\'t that hard to change a few other things around. Well if this is possible then i really need to kno when the abilities come in so i can ask how to do the same thing. no offense but man i wanna be good.
Thanx
CHRONOK
-
Well, the character creation will be redone for the next version and you will not be able to cheat this way.
-
you can edit posts! I didn\'t know that - how?
-
Originally posted by chronok
Well what I wanna know is when are the abilities going to come into play. you know like stamina charisma etc. Cause i was talking to someone once and they said that they could manipulate the cost for there abilities and that it wasn\'t that hard to change a few other things around. Well if this is possible then i really need to kno when the abilities come in so i can ask how to do the same thing. no offense but man i wanna be good.
dernit another good power gaming method down the drain... muahhaha
Thanks for responding ACraig and Venge
-
The Devs restated much more clearly what I was saying. Minimal Client data handling will do a lot to reduce cheating. The only other cheat hole I can conceive is automation scripts on the client side to automate practicing certain skills like mining or smithing and such like. I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.
-
Originally posted by zaphar
I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.
lol are you kidding that\'s how I play when it\'s too late - just keep going or you\'ll dose off
-
i think acraig already mentioned it, but it would be a gd idea to not send information about objects to clients that r behing a wall from it. also an idea is for admins to join the game in ghosting mode so they dont get a character, but can see from other players eye\'s so if some1 runs around looking thrue walls alot that can be easily spotted
-
Originally posted by Vengeance
What acraig is pointing out is that only by managing the inputs and outputs to the client can compromised clients be prevented, detected and handled.
- Venge
Hehe I know, he just replied 1\' more quickly than me, I wasn\'t referring to that . Even Tangerine\'s post wasn\'t already there, so now I sound like a distant echo :rolleyes:
*deleting all his ramblings*
Yes, minimal information is good, reducing CPU overload on the server, bandwidth and cheating opportunities at the same time. That way, a radar-like device would have a somewhat limited range (in the ideal case, everything in the range of eye vision).
Originally posted by zaphar
The Devs restated much more clearly what I was saying. Minimal Client data handling will do a lot to reduce cheating. The only other cheat hole I can conceive is automation scripts on the client side to automate practicing certain skills like mining or smithing and such like. I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.
That\'s the bot part I was talking about. I can only think of pattern analysis to detect that, satistics is a powerful tool though it can be hard to tune. But once you get it right, it can be amazing. It can be used to identify people only according to their movement, among other things. So maybe it\'s beyond the scope of our PS universe, it\'s not as if real money was involved like in *caugh* another game ;)
Originally posted by [RSA]Top-Dogg[UK2]*
think acraig already mentioned it, but it would be a gd idea to not send information about objects to clients that r behing a wall from it. also an idea is for admins to join the game in ghosting mode so they dont get a character, but can see from other players eye\'s so if some1 runs around looking thrue walls alot that can be easily spotted
No information when behind a wall ? It would be nice to be able to do that. In reality, it is probably too complex to compute on the server side. Though, isn\'t there in CS a kind of dynamic PVS feature ? But then wouldn\'t it produce artifacts like items appearing too late due to the ping time and server latency ?
Seeing from the player\'s eyes with data from the server side will not show what the player really sees on the client side. Simply because he could modify the code and use the information another way. Like the transparency feature : it is turned off in the original client code, but if someone change the code to turn it on (that was what Asus allowed to do in some of their former drivers - without code tweaking !), no one will know. Except once again, by looking at his behaviour (I\'m definitely just an echo, I think it\'s aging process :D).
*looking suspiciously around him before sending the post*
Hey, anyway, a game is made to be fun, let\'s not have nightmares about all that ;)
-
I\'m still concerned about cheating. I know you cannot make a modified client with a button \"kill all players in game\" and a button \"Get 10.000 tria\" but you can create modified clients that will automate jobs for you. Like automatic mining and when someones gets close say hello and when he goes away say bye etc.
This can ofcourse be done using macro programs aswell but using a modified client will only make it easier. Also it will make it harder to catch those cheaters.
-
We\'ve had a few scripting trolls before, they stand out to the trained eye, thats why GM\'s float about ;)