Assuming a game that sold 3mio copies, 3 installations per copy and a unity enterprise subscription, the additional cost would be approximately $115000. Not chump change, but not sure it even compares to the added accounting costs incurred by factoring this crappy fee model in.

Also does unity aggregate the number of install themselves, then bill the devs based on it? Sounds convenient, can I also bill my company based on my 25h/day -self determined- work schedule?

Quoting: slembcke

Quoting: Smoke39What is the relevance of number of installs?

If I was to guess, it's because they are squarely targeting the mobile free-to-play market where installs are high. You gotta remember Riccitello (the CEO) insulted developers as "f*cking idiots" if they don't monetize right. From the context... he meant microtransactions. This was just last year, and that's where he thinks the money is. (https://www.pocketgamer.biz/interview/79190/unity-ironsource-john-riccitiello-marc-whitten-merger/ [External Link])

As pointed by slembcke, the only context in which this business model has a sliver of sense is mobile F2P games. But even then, it is probably about the worst and most convoluted solution anybody could think of.

View this comment - View article - View full comments

Quoting: GeamanduraThe name is just so idiotic. Imagine if Blender was called Open 3D Editor. Or Audacity was called Open Audio Player. No imagination, no energy to live, this comes straight from the desk of Toby from The Office. [...]

Counterpoint: I use openstack, every component has its own cool name unrelated to whatever it does: neutron, nova, cinder, glance, octavia, heat, magnum, designate, gnocchi, horizon and so on. Heck, even versions have names instead of numbers. Know what? It's effing annoying and serves no purpose whatsoever aside from confusing newcomers and making my life miserable.

View this comment - View article - View full comments

Quoting: F.UltraServer side checks however is a major performance pain, having it client side means perfect load balancing. So it's not only about being "lazy", it has a real impact on the number of simultaneous clients you can have per server.

There isn't really a need to run the checks in real time or on the same server as the game's logic. In fact it's probably a pretty poor idea to validate every action synchronously as it would lead to horrible game experience in most scenari due to network latency. It would also let cheaters know exactly what was detected or not.

The correct approach to server side anti-cheat is to analyse information statistically to find outliers and then determine whether these outliers are just good players or cheaters (using human validation if necessary).

Let's imagine a cheat letting you fire a weapon faster than intended and let's say the server records every hit. That's all we actually need. After each game the server can ship that game's record off to our anti-cheat analyser. The analyser looks at all hits recorded and find that player A has over 10 hits within 5 seconds with a 10 second reload weapon, player A gets banned.

Better yet, proceeding this way lets you detect cheats that may be invisible to normal players. If your 10s reload gun reloads in 9.75s that's an advantage but nobody will notice it with certainty. If it happens once, it could be chalked up to some weird lag compensation or chance. However if a player consistently reloads ever so slightly faster than possible, a machine will catch it over time.

In short: you should think of server-side anti-cheat as some sort of replay watcher/analyser bot, not a validation of every keypress in real time.

View this comment - View article - View full comments

Quoting: Corben

Quoting: GuestI'm curious though I doubt we can ever fully know, how bad is this Proton/WINE implementation of EAC security/privacy-wise? Yeah I know it'd be better to be safe and sandbox or still never play those games at all if concerned, but I'm just wondering if there's insight how it operates.

Same, I'm also wondering how effective EAC on Linux is, if it's not running on Kernel level as it does on Windows. I guess only time will tell. But this would also mean that more people will have to switch over to Linux (which is kinda good), if it would be easier to bypass EAC there than on Windows (which would be very bad though).
And I recently heard that even with EAC enabled there are still people successfully cheating in Fall Guys?

I used to provide servers for several popular games years ago. I've tried to keep cheaters at bay (which is a real pita when you only partially control the server), that's how I've acquired most of my knowledge on the topic.

Client-side anti-cheats are fundamentally flawed. They try to render the client trustful by wrapping it in some thin protection, whilst running in an untrusted environment. That's the same as putting a padlock on a cardboard and leaving it without surveillance in a park overnight, expecting it to be fine and unaltered next morning. It might happen, but it won't be because of the padlock.

The truth is that any somewhat popular game will have cheats available for it. Though almost all cheats that are reliably updated to bypass anti-cheats are paid for.

Quoting: GryxxAccording to developers of Robocraft it is worse. At some point they disabled EAC for anything other then Ubuntu family (on Linux Native), arguing that there were too many cheaters.

I've played robocraft. Whilst the game was fun and enjoyable to play, they're a prime example of trying to make up for jokingly bad cheat-proofing by using third party tools. Their servers trust everything the clients send: that weapon with a fixed unalterable 10 seconds reload is ready to fire again after 0.1s you say? Sure, go ahead! That speed you can't reach with your current setup is what you're cruising at? Seems alright!

They had cheaters before using EAC, they have cheaters after adding EAC, they will have cheaters from every OS until they implement server-side counter-measures (or the game loses enough players to no longer warrant cheat creators to bother any more).

View this comment - View article - View full comments