Cheating & open source, revisited |
by Aardappel_
on 04/27/2005 07:54, 218 messages, last message: 06/16/2006 17:23, 188172 views, last view: 11/01/2024 03:23 |
|
As you all know, cheating is a problem for Cube being Open Source. Noone likes the current solution of the incompatible binaries, and I am getting to the point where I see the usefulness of having other people continue to work on Cube whenever I don't have the time.. currently that is problematic and would be much easier if the source to the official game could be truely open.
Multiplayer continues to be an important aspect of Cube, so we can't ignore cheating and simply hope that people won't change 1 line of code to enable god mode or permanent octa-damage, because they will (tell me something about human nature and the people on the interweb).
The solution can't come in the form of "cheat protection", this simply isn't possible with the current cube, and even if the entire gameplay code was moved serverside, is still fragile. Don't even suggest it... make sure you understand the nature of the client/server gameplay code before commenting.
The solution for Cube I feel has to be a social one. As you may remember, I designed a solution before:
http://wouter.fov120.com/rants/trusted_communities.html
The problem with this particular design is that it is too complex to set up, and too centralized. I would like to come up with a solution that is simpler, less implementation work, and can work with any group of people, centralized or not.
This is the idea I came up with sofar:
Every player that wants to play in a cheat free environment, can use a command in Cube to generate a set of key files. A key file is simply a file of, say, 10000 random bytes. The player then hands out these files to players he trusts... or rather, players he wants to trust him. (why there are multiple files will become clear later).
A server can either be in untrusted mode (default, works as before), or trusted mode. It can be set to trusted mode by the server admin, or voted by the players until the server empties. It will show up in the server browser as trusted.
If a player A & B connect to a trusted server, A looks up B's nickname in his folder of key files. If he finds a corresponding key file, he chooses a few random file offsets and reads the bytes there. It now sends a packet to B asking it for the bytes at those offsets. If B really is B, it can simply read its own keyfile and return the values. A now compares the values, and if they match, it sends a "I trust B" packet to the server. The hud shows which clients you trust, and for each client how many clients trust him in total. You are now sure that B really is who he says he is.
On a trusted server, people that after exchange of trust packets have gained no trust, can be booted from the server automatically. This allows you to play games with trusted people in your community, and have external people unable to be join the game.
asking for random offsets guarantees that untrustworthy clients or even servers never get to sniff keys. "Trust" is evaluated locally and for you only, so can't be spoofed.
The one problem would be handing your key file to someone who later turns out to be untrustworthy. This person could now impersonate you and appear to be you to all your trusted friends. Hence the multiple key files, so you can give a different key file to different people (or groups of people). That way, if the person "goes bad", he can't impersonate you towards your friends, as he doesn't have the keyfile your friends have.
The system is not perfect of course. You can still have 2 cheaters join together and trust eachother. Luckily cheaters hardly ever come in groups, and there are more complicated ways to protect even against this.
The biggest issue is the inconvenience of having to exchange key files, and especially to require new players to find existing players on forums/irc before they can sensibly play. I think it is bearable though, as you only need to do it once, and Cube multiplayer is a fairly closed community. And if servers are by default untrusted, you can give newcomers the benefit of the doubt until they behave suspicious.
What do you all think? Please think it through thoroughly before commenting (I am talking to you, Jean Pierre! :). I am especially interested in "holes" in this system, i.e. ways that cheaters could abuse it if they really wanted to.
|
|
Board Index
|
|
#118: Re: Alternatives |
by Gilt
on 06/18/2005 01:41, refers to #112
|
|
re: ignore-world
godamn I really like this idea! I mean... it's just so... deadpaned crazy! A true five-bagger!
the more I think about it, the more I can't help but applaud with awe. The complete lateral thinking used here is incredibly inspired. I mean, it's essentially taking what attempts to be an objective reality and totally turning into a subjective experience. it'd be like playing in a completely disassociated-ostrich version of a world. I cannot even begin to fathom the inter-connected dark matter effects that would occur at the nexus of the storm of collapsing dimensionality that is this multi-verse. imagine a game where you can be intensely playing one-on-one with an opponent who is SIMULTANEOUSLY playing in a free for all with 3 other people who are each playing a game of CTF, 3v3 and lastman-standing respectively!!!!
I want to watch the movie based on this idea, written by philip k dick.
this is honestly one of the only truely innovative ideas I've read here. this is what life is all about. sometimes you've just got to bust out with a giant mutant rainbow ostrich and see what happens. Ofcourse, aard being the ruthless mother nature that he is ( :p ), would never let it live too long... but at least you get to see it strut it's stuff for a little while...
reply to this message
|
|
#119: Re: Alternatives |
by Aardappel_
on 06/18/2005 10:56, refers to #118
|
|
I thought about it for a second, as it has many good properties. It is of course dead simple, no central administration, for one. The fact that people are playing potentially different games to me is not problematic, and would fit nicely with cube's thick client model.
One problem with it is that this costs the players more effort to combat cheaters than for the cheater to keep on annoying people. Cheater cheats, people recognise it, and slowly everyone on the server puts him on "ignore". He sees this, quits, reconnects with his isp, and rejoins the game with a different nick and ip. Players would have to give someone joining the game benefit of the doubt before they can ignore hims again. Repeat.
The problem is worse because of the kinds of cheat someone with full sourcecode can make. First of all you can make really annoying cheats, for example instantly kill everyone on a keypress. Second, you can make cheats that give you a huge advantage, but is almost indistinguishable from just a good player (such as radar, see through walls, stats showing enemy health, second countdown till next quad/armour, minor ammo/health cheat etc).
One way to make it harder to rejoin after being detected is to move to a "round" based system, where you have to spectate until the next round if you join a server. That way the penalty for being ignored maybe offset its cost.
reply to this message
|
|
#120: .. |
by remouk=
on 06/18/2005 12:13
|
|
/ignore ? What a pretty good idea ! Imagine, if you think a player is cheating, you just have to /ignore him ! Then you won't see him, and he won't see you anymore. In another case, it could be a way to cheat, so let's think about it. :)
reply to this message
|
|
#121: .. |
by hungerburg
on 06/18/2005 13:29
|
|
cheaters are just a nuisance - why are they so special? because everyone agrees on that they annoy! now how to kick all the cheaters?
if the goal was instead, to only play a select number of friends, whom I trust, a password on joining the server was just as useful as a trust scoring system! this of course depends on another channel to share the password - while the trust meter depends on a third party, to tabulate the score. there is always a third party to any game of cube - its the server. in my post 132 I tried to improve upon aards suggestion how to reliably tell who's who.
the "ignore" idea is indeed totally different: it works like in a chat - its one step before the "kick", ie. no consensus/vote needed. in a chat, there are no cheaters - though there may be nuisances. this is no longer about a closed group with external ties or a referee.
what remains: 1. also a very good player may annoy other players, 2. how to trust strangers (if not per default?)
reply to this message
|
|
#122: Re: General long-term strategy |
by jean pierre
on 06/18/2005 14:47, refers to #122
|
|
I am better skilled then mostly anyone in playing Cube mutliplayer and most say i have a hack that the aiming target automatically on the person thats not true im just Advanced in Cube/Sauer.
reply to this message
|
|
#123: Re: General long-term strategy |
by makkE
on 06/18/2005 14:57, refers to #122
|
|
Lol
reply to this message
|
|
#124: Re: Alternatives |
by Gilt
on 06/18/2005 15:22, refers to #119
|
|
Each client can have their own ban lists. Better yet, each client can assume that they don't want to play with most people, and have buddy/trust lists that function exactly like most IM services do.
Hell at this point, pretty much EVERYTHING can be client side... the only thing that the clients need to agree upon is which map they are playing... and even that is debatable! That means you don't even need servers... you could totally set this up as a kind of peer-to-peer deal. Clients simply send out their actions/position to anyone who wants to listen, and recieving clients can use that info however they want. This opens up the selection of players you can play with to the full network instead of being limited to individual servers, which makes it easier to collect all the people you trust into your game. it also implies an upfront passive ignore, since you choose who you want to listen to, as you can't very well connect to everybody.
reply to this message
|
|
#125: Honestly |
by enigma_0Z
on 06/18/2005 15:39
|
|
Honestly, I don't really think that there's any way that we can _really_ trust anyone online...
It would probably be better to have a scheme like Cube where the netcode is known to a specific few, and the opensource version has a different network module...
Then Aard could have people work on the game engine without revealing the netcode to them...
Basically, make the netcode a super-secret black box that only aard and his circle of coders knows about.
reply to this message
|
|
#126: Re: p2p |
by hungerburg
on 06/18/2005 16:30, refers to #124
|
|
original doom's network mode had no servers, but instead ports for multiple games.
reply to this message
|
|
#127: Re: p2p |
by jean pierre
on 06/18/2005 16:38, refers to #126
|
|
Nah i love server lists better and dont compare Doom with this
Look at Doom 3 it is said it has server lists(well my bro told me)
But i never and probably never wants to play Doom 3*scissor fingers/changes mind when see it*
reply to this message
|
|
#128: Re: Alternatives |
by Gilt
on 06/18/2005 19:11, refers to #125
|
|
yes, this is basically what I meant when I wrote:
> it's essentially taking what attempts to be an objective reality and totally turning it into a subjective experience.
The major conceptual point here is the empowerment of the clients to ultimately control their own reality. Ignoring the exisitence of unwanted players is just a manifistation of this.
anyway, p2p is just one off-hand implementation I mentioned, and isn't really important. you could have servers where clients send their current actions/gamemode/map/etc, and then other clients can pick and choose which client-streams to download and how it will be used. This is not too far from the current model... the important difference being that in this "subjective" model there is no objective authority on what the current game situation or score is.
So while clients could support various degraded modes of play like perhaps not acknowledging suspicious actions from players you only half-trust, or temporarily ignoring players you believe to be dead but who refuse to respawn, fully-open-and-shared play would again come down to playing with those you trust.
Iris Murdoch once said, "Love is the extremely difficult realization that something other than oneself is real." Unlike other models that are based on the hate and fear of cheaters, this model is focused on playing in a shared reality with those you love! It's so beautiful... I think I'm going to cry....
reply to this message
|
|
#129: Re: General long-term strategy |
by kernowyon
on 06/18/2005 23:50, refers to #122
|
|
Whats your nick on the games jean pierre? - so I can keep an eye out for you?
reply to this message
|
|
#130: Re: Alternatives |
by Aardappel_
on 06/19/2005 05:03, refers to #124
|
|
ban lists can't work without identity. it takes a simple reconnect for a cheater to show up with a new ip and nickname, and bypass your ban list.
buddy lists work because it requires central registration. without, people could impersonate your buddies. If we required registration and/or some other form of identity, and we rely on "trust" as opposed to "banning", then we are getting very close to my orginal idea again. One problem with that which the ignore idea fixes is that its a lot more work to make sure new players get trusted and are able to play.
reply to this message
|
|
#131: Re: General long-term strategy |
by jean pierre
on 06/19/2005 09:29, refers to #129
|
|
And what would you do Curse me and offend!
I removed Cube due to its old and boring so i no longer am in there.
reply to this message
|
|
#132: jp |
by >driAn<.
on 06/19/2005 11:46
|
|
> I removed Cube due to its old and boring so i no longer am in there.
Great
reply to this message
|
|
#133: Re: jp |
by jean pierre
on 06/19/2005 12:11, refers to #132
|
|
Cool isnt it cause i hell dont like participating in competitions with Morons and N00B'S!
reply to this message
|
|
#134: .. |
by makkE
on 06/19/2005 13:21
|
|
Yes! Thank you very much, Jean Pierre !!:D
We donĀ“t like it either...
reply to this message
|
|
#135: Re: .. |
by jean pierre
on 06/19/2005 13:36, refers to #134
|
|
Bah end this we're getting off-topic!
reply to this message
|
|
#136: Re: Alternatives |
by hungerburg
on 06/19/2005 13:42, refers to #130
|
|
again, public key cryptography would make grounds for buddy lists without central registration - remember (ok, chances are) no two public keys are the same, only one person has the corresponding (possibly even pass phrase protected) private key.
thats like real life: my friends dont register with the government, they register with me ;)
still no idea though, how a client may "ping" all the peers in a game (necessary to check if yesterdays Alice is the same as todays). let alone how to trust unknowns (maybe just reborn cheaters/nuisances).
distraction: to raise the price for a new identity, accept only keys that ares signed by a central authority (aka government) (could be machine with 1h delayed email). (this might also eliminate the need to ping peers, if server can be trusted.)
-- I dont know myself for such bureaucatic suggestions...
reply to this message
|
|
#137: Re: Alternatives |
by Gilt
on 06/19/2005 15:53, refers to #130
|
|
hmm... ok, then let's talk about this "round" based system.
I don't think it needs to be a part of the game... instead we can build off ignoring to do basically the same thing, since it is much more flexible. Clients can ignore new players for a set amount of time after they connect to the server, like the round system. Or maybe they can accept new connections right away, but enter into a "lock down" mode after a player has been ignored and leaves the server, where they won't accept new clients for a period of time afterwards. Or some other scheme that can be developed individually.
reply to this message
|
|
|
Board Index
|
|