Quoting: damarrinIs creating a good server-side anticheat solution even possible?

Story time, I used to run some private servers for fun. In case you don't know, private servers are emulators/leaked binaries which let you run servers for games which you are not meant to, WoW for example.

In one of the games I hosted, there were dungeons you had to go through to get your gear. In typical game code fashion, the server checked pretty much nothing. As a result, there was a popular cheat for this game which let you fly or go through walls. Of course using this cheat you could complete dungeons within minutes getting unfair advantages or even crashing the economy.

Sadly the code for this server was not fully available, hardening the server directly was not an option. However the server would log players' positions every few seconds. So I wrote a small program which would stream the log and constantly calculate the speed at which players were moving and check whether the coordinates were within normal values. When a player was producing suspicious data, I would check what they were actually doing. Within a few weeks of adding this system and refining it, cheaters would get banned within a couple minutes by the moderators.

Of course my small server was not a massively popular FPS, but I was a teenager with no access to the server code nor extensive programming knowledge. I believe companies likes EA or Valve would be perfectly capable of producing really good server-side anti-cheats.

View this comment - View article - View full comments

Quoting: udekmp69

Quoting: KimyrielleMaybe one day the developers of shooters will figure out how to design cheat-resilience into the game itself, instead of trying to take control over their customers systems, which won't ever work.

I think they need to stop focusing on client-side and develop a decent server-side solution.

Now that's something "AI" (aka neural networks) could be useful for, rather than spitting out humongous piles of somewhat believable texts or images.

View this comment - View article - View full comments

Quoting: pleasereadthemanual

If we do this, we are basically accepting these issues are unfixable for the next ten years (SDL4).

[...]

Shipping a broken default is the wrong thing to do. Unfortunately, that protocol is unlikely to be finished before SDL3's release (3+ months away).

Two bad options. There's suggestions of flipping the default later on in the lifecycle of SDL3 once this protocol is implemented, and that seems like what's going to happen. I'm not sure what the downsides of this are.

I'm not interested enough to go and read the whole debate. But is there really a 10 year life cycle for SDL? Or something preventing them from releasing SLD4 a year from now?

View this comment - View article - View full comments

Quoting: scaineGod I hate Microsoft products so much. My entire professional life has been cursed to limit their awfulness.

Quoting: tuubiI'm not going to debate this any further, simply because this is too close to stuff I have to worry about at work. Windows is bleak enough to think about even when I'm being paid for it.

Quite ironic how you guys seem to work with Windows way more than I do and loath it. Meanwhile I've been working exclusively with Linux for the past 8 years-ish and have a lot of beef to pick with its permission management. I guess the grass is always greener on the other side. I'll admit my initial statement is probably exaggerated in retrospect and should be read more along the line of "Windows also has had permission management comparable to what's found on Linux for a long time".

We are confident THERE IS NO RCE vulnerability within EAC being exploited.

But are there RCE vulnerabilities not being exploited? The "being exploited" might be PR speech but it is also really convenient. :whistle:

View this comment - View article - View full comments

Quoting: tuubiHow are these Windows permission management features much better than their Linux equivalents? Are there relevant studies, or maybe some solid metrics you used to rank them yourself? Or did you base your claim on something else entirely?

POSIX ACLs use the group permission as mask, this means non-ACL-aware programs can completely screw up permissions by changing what they believe to be something different. It is also impossible to set a default ACL that allows traversing directories but not executing files. There is also very little support for ACLs, you're pretty much stuck with "setfacl". Meanwhile, on Windows, you get a complete and robust tool by right clicking any file/folder.

It gets worse if you try to manage permissions over a large group of devices. Windows has Active Directory, on Linux you can sort of achieve something similar by slapping together LDAP and a bunch of other softwares but it's nowhere near as complete or easy to setup.

One point on which Linux is more advanced though is containerisation/sandboxing. Going back to the original topic, running steam through some sort of sandbox (flatpak, snap, appimage, firejail) could, in theory, limit the damage a RCE could do (disclaimer: as with all thing security, it's more complicated than just "use this and it's safe" so do your own research).

View this comment - View article - View full comments

Quoting: ShabbyXDon't know if you've noticed, but recently (as in past decade), a lot of windows-isms have crept into Linux, which provide "convenience" while compromising on what makes Linux actually good.

Like, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.

Now, however, a virus can much more easily spread on Linux through Steam game binaries (or flatpak etc) because they are readily writable. That's a security compromise to get the free-for-all windows-ism convenience.

And don't get me started on flatpak and the like.

For the record -and as much as it pains me to admit it- Windows has had much better permission management than Linux for decades now. ACLs are actually usable on NTFS and non-root account has been the default since at least windows XP (you can do "root" actions from your normal account but that requires validation, just like sudo on linux).

Ignorance, convenience (laziness) and widespread use are the reasons so many Windows devices are compromised, rather than the OS itself. There are plenty of valid reasons not to use Windows (privacy, lackluster terminal, drm, ties to online services, ...), so let's not make up fallacious ones which only make us look ignorant.

View this comment - View article - View full comments

Quoting: LoudTechieAlso they're way too optimistic with this roadmap.
38 features in a year for one game.
Yeah some overlap, but nah won't happen.

It really depends on how clean their code is, how competent their employees are, how easy the features are to implement, and so on. According to their website, Keen Games is a team of 58 people. It's not exactly a solo project.

View this comment - View article - View full comments

Quoting: x_wingUnpopular opinion here, but I think that for this online only type of games the best solution will end up being that they create a cloud solution that doesn't require any local client. That way they can reduce the number of cheaters plus make it independent of the user OS (and not to mention how much they will reduce QA cost).

There is no need to go online-only, just validate things on the server.

Imagine editing the account balance in your browser is enough for your bank to actually change it. And imagine your bank's solution is to enforce a "secure browser" that won't let you edit the pages. That is the level most game devs seem to be at...

View this comment - View article - View full comments

Have you picked up a copy? Or are you skipping it for whatever reason? Let me know in the comments.

Moderately interested, but I live in switzerland and swiss prices on steam are ridiculous. Might give it a go if it becomes available through other stores, by then they'll have fixed some stuff too.

View this comment - View article - View full comments

Quoting: Eike

Quoting: hell0[I've never replayed an old game and as such they do not really have value to me.

I'm on a similar boat, but got two problems with it: I just want to be able to revisit all my games even if I most probably never do it. And, lately, I started revisiting games with my little ones.

I still have the 4(!) original Baldur's Gate II CDs somewhere. Even so, I'd probably just "rent" the game on steam if I wanted to play again. It would probably be a hundred times easier than trying to get the game running from multiple old windows CDs (starting with the fact I don't even own a CD reader any more).

I agree that archiving old games is important, but I think that it's not mutually exclusive with a fair and well thought out subscription model.

View this comment - View article - View full comments