cheating?

[acraig]

The idea that tangerine brings up is correct.  We basically have 0 trust in the clients to do any calcualtions that is why all data must be checked on the server to make sure it is in allowable tolerances.  

We also limit what things are sent to the client. So for example you are only sent entities that are close to you.  You can cheat here by writing a little script that can display this list.  But you may only be sent some items where your very near them so cheating can be cut down that way.

Another theme on this is that if you know about a locked treasure chest then you will not also be sent the contents so you cannot cheat and know what is in before you open it.

Same can be said for things behind doors, etc.

There are some things that we cannot prevent cheating with though. Take for example the idea of nightvision.  Since this is a client side type thing a player can \'turn it on by nefarious methods\" and there is not much we can do about that.  

I\'m sure that people will cheat and we will try our best to close the holes as we discover them.  We count on \'white hat\' people to report these exploits so they can be fixed in good time.  

Also with \"CONSTANT VIGILANCE\" ( for you Harry Potter fans )

[CadRipper]

Originally posted by zaphar
Open source does not mean unsecure. On the contrary. As long as most of the data is stored and manipulated on the server side I don\'t think cheating will be as much of a problem. Unless you are thinking of a Bot deal Like what happened on Ultima Online. But even that is harder on the kind of game PS is shaping up to be

Open source meaning more secure algorithms or protocols is a well-accepted theory in security and cryptography. Because people will analyse the source and will point at weaknesses. It also means the malevolent people can take benefit of it. Who will be first ? It is an old debate, for those interested, here is an article about that.

In our case, it is not entirely true because, even if you can check the validity of the server code, you don\'t have the tools to protect the data and the way they are used on the user side. When you are using a transaction protocol, like in electronic payment systems, a device securely stores a set of keys, away from user tampering, that will be used for authenticating, signing and ciphering the data. Then this secured package can go outside the security perimeter.

Here, and without giving away hints, the user can tamper with the inputs and outputs on the client side, and this cannot always be detected on the server. Unless part of the code is in a black box, it will remain so. I am not saying part of the code should be concealed in such a drastic way of course. With sufficient code on the server side, most of the exploits could be discouraged. The additional CPU charge wouldn\'t be a real concern since this doesn\'t need to be checked all the time. With a little imagination, really powerful methods can be implemented, the only question is how far is it worth to go ? We are not talking about fund transfers.

And yes, a bot could be done for PS, although it would probably be easy to detect (especially if he answers you with a Huh? each time   ).

*pondering whether a bot could do the quest*

Mmmm .... definitely not  

[Vengeance]

What acraig is pointing out is that only by managing the inputs and outputs to the client can compromised clients be prevented, detected and handled.

- Venge

[chronok]

Well what I wanna know is when are the abilities going to come into play. you know like stamina charisma etc. Cause i was talking to someone once and they said that they could manipulate the cost for there abilities and that it wasn\'t that hard to change a few other things around. Well if this is possible then i really need to kno when the abilities come in so i can ask how to do the same thing. no offense but man i wanna be good.

Thanx
CHRONOK

[acraig]

Well, the character creation will be redone for the next version and you will not be able to cheat this way.

[Drilixer]

you can edit posts! I didn\'t know that - how?

[Drilixer]

Originally posted by chronok
Well what I wanna know is when are the abilities going to come into play. you know like stamina charisma etc. Cause i was talking to someone once and they said that they could manipulate the cost for there abilities and that it wasn\'t that hard to change a few other things around. Well if this is possible then i really need to kno when the abilities come in so i can ask how to do the same thing. no offense but man i wanna be good.

dernit another good power gaming method down the drain... muahhaha

Thanks for responding ACraig and Venge

[zaphar]

The Devs restated much more clearly what I was saying. Minimal Client data handling will do a lot to reduce cheating. The only other cheat hole I can conceive is automation scripts on the client side to automate practicing certain skills like mining or smithing and such like. I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.

[Drilixer]

Originally posted by zaphar
I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.

lol are you kidding that\'s how I play when it\'s too late - just keep going or you\'ll dose off

[[RSA]Top-Dogg[UK2]*]

i think acraig already mentioned it, but it would be a gd idea to not send information about objects to clients that r behing a wall from it. also an idea is for admins to join the game in ghosting mode so they dont get a character, but can see from other players eye\'s so if some1 runs around looking thrue walls alot that can be easily spotted

[CadRipper]

Originally posted by Vengeance
What acraig is pointing out is that only by managing the inputs and outputs to the client can compromised clients be prevented, detected and handled.

- Venge

Hehe I know, he just replied 1\' more quickly than me, I wasn\'t referring to that . Even Tangerine\'s post wasn\'t already there, so now I sound like a distant echo  :rolleyes:

*deleting all his ramblings*

Yes, minimal information is good, reducing CPU overload on the server, bandwidth and cheating opportunities at the same time. That way, a radar-like device would have a somewhat limited range (in the ideal case, everything in the range of eye vision).

Originally posted by zaphar
The Devs restated much more clearly what I was saying. Minimal Client data handling will do a lot to reduce cheating. The only other cheat hole I can conceive is automation scripts on the client side to automate practicing certain skills like mining or smithing and such like. I am not sure how you could fix that other than monitoring abnomal activity like allnight repetion of an act with no response to chats and so on.

That\'s the bot part I was talking about. I can only think of pattern analysis to detect that, satistics is a powerful tool though it can be hard to tune. But once you get it right, it can be amazing. It can be used to identify people only according to their movement, among other things. So maybe it\'s beyond the scope of our PS universe, it\'s not as if real money was involved like in *caugh* another game  

Originally posted by [RSA]Top-Dogg[UK2]*
 think acraig already mentioned it, but it would be a gd idea to not send information about objects to clients that r behing a wall from it. also an idea is for admins to join the game in ghosting mode so they dont get a character, but can see from other players eye\'s so if some1 runs around looking thrue walls alot that can be easily spotted

No information when behind a wall ? It would be nice to be able to do that. In reality, it is probably too complex to compute on the server side. Though, isn\'t there in CS a kind of dynamic PVS feature ? But then wouldn\'t it produce artifacts like items appearing too late due to the ping time and server latency ?

Seeing from the player\'s eyes with data from the server side will not show what the player really sees on the client side. Simply because he could modify the code and use the information another way. Like the transparency feature : it is turned off in the original client code, but if someone change the code to turn it on (that was what Asus allowed to do in some of their former drivers - without code tweaking !), no one will know. Except once again, by looking at his behaviour (I\'m definitely just an echo, I think it\'s aging process  ).

*looking suspiciously around him before sending the post*

Hey, anyway, a game is made to be fun, let\'s not have nightmares about all that  

[Toadhead]

I\'m still concerned about cheating. I know you cannot make a modified client with a button \"kill all players in game\" and a button \"Get 10.000 tria\" but you can create modified clients that will automate jobs for you. Like automatic mining and when someones gets close say hello and when he goes away say bye etc.

This can ofcourse be done using macro programs aswell but using a modified client will only make it easier. Also it will make it harder to catch those cheaters.

[Keyaz]

We\'ve had a few scripting trolls before, they stand out to the trained eye, thats why GM\'s float about