search

jeromeetienne / TasksBeloola

1 stars 0 forks source link

policy about cheating and serverside #23

Open jeromeetienne opened 12 years ago

jeromeetienne commented 12 years ago

Good discussion on the subject. it gots the bases to know how to handle this 

[5:50pm] KillerJim: The fun part is simulating 3D environments inside both the client (JS) and server (C++) - albiet the server just needs to know any 'static' objects (landscape / buildings / trees)
[5:50pm] jetienne: KillerJim: now thinks about having js on the server too ?
[5:51pm] jetienne: KillerJim: and the ability to share codes.
[5:51pm] jetienne: KillerJim: on the other hand i admit, all isn't ready
[5:51pm] jetienne: KillerJim: just running three.js server side isn't something which is done every day. we don't even know if it works
[5:51pm] jetienne: but it is a nice dream 
[5:52pm] KillerJim: Yeah
[5:52pm] KillerJim: I can't really run it server side, because the performance would be horrible
[5:52pm] jetienne: surely easier that recoding it twice
[5:52pm] jetienne: KillerJim: well i think a  little about it, and i think that the only requirement on server is the cheating
[5:53pm] jetienne: it is possible to design a system in which the rest is done client side
[5:53pm] KillerJim: Yeah, which is very important to me - given the multi player nature
[5:53pm] jetienne: the point i try to make is that, anti cheat isnt too hard to do
[5:53pm] KillerJim: Not really, because clients could be spread out over the 400Km - so you can't do seperate client validation
[5:53pm] jetienne: and especially much easier than a full physic server side
[5:53pm] KillerJim: really the server just had to do 3D maths (i.e. collision detection, etc.)
[5:54pm] jetienne: KillerJim: yeah but you can check 'once in a while'
[5:54pm] jetienne: so need to be in sync here
[5:54pm] jetienne: people are logged, you can disable cheater
[5:54pm] jetienne: so need = no need
[5:55pm] KillerJim: Hmm.. the client's only send keyboard inputs, the server sends back authoritative position information
[5:55pm] jetienne: houla
[5:55pm] jetienne: man latency would be thru the rood
[5:55pm] jetienne: roof
[5:55pm] KillerJim: really? Its how all modern FPS do it
[5:55pm] jetienne: no way 
[5:56pm] jetienne: or they publish complex papers to fool us 
[5:56pm] KillerJim: Client's do prediction, but always check against the server - regardless of lag
[5:56pm] KillerJim: Valve do it that way 
[5:56pm] jetienne: yeah but this is super far from "client send keyboard input, server sends back auth position" 
[5:56pm] KillerJim: does mean way more messages per second (~ 30 for me)
[5:57pm] KillerJim: True.. there's a little more to it than that  I was being simplistic 
[5:57pm] jetienne: well to come back on topic
[5:57pm] KillerJim:
[5:57pm] jetienne: the server only have anticheat
[5:57pm] jetienne: and you can do that easily
[5:57pm] jetienne: apply 3 tricks rules "if got 3 suspicious activity, temporary disable" etc..
[5:58pm] jetienne: so it will become hard to cheat, and you can tune the system as you go
[5:58pm] jetienne: little people will design cheat system
[5:58pm] jetienne: so you cut them out early
[5:58pm] jetienne: well this is how i see it 
[5:59pm] KillerJim: People always do, but if the server is the authority then all I got to worry about is someone hacking the browser and disabling Z buffers and the like (to see through walls)
[5:59pm] jetienne: KillerJim: man 
[6:00pm] jetienne: KillerJim: audience of webgl games aren't desktop fps audience
[6:00pm] jetienne: KillerJim: do you imagine people doing that now ? web game people
[6:00pm] jetienne: have you ever seen such a cheat code for any web game ?
[6:01pm] jetienne: i don't think this attack scenario is realistic
[6:01pm] KillerJim: I dunno, it would be fairy easy - I built up a version of FireFox without cross origin turned off - took about an hour :S
[6:01pm] jetienne: yeah
[6:01pm] jetienne: so you, an experienced code
[6:02pm] KillerJim: All cheaters are fairly experienced too 
[6:02pm] jetienne: can do it, if it want to in a hour
[6:02pm] jetienne: well the point is that people playing game on the web are SUPER FAR from this level 
[6:02pm] KillerJim: I hear that I`ll have to add some anti-cheat system that will randomly take a picture of their screen for cheat detection - like VAC
[6:02pm] jetienne: like super super mega far 
[6:02pm] jetienne: there is no threat
[6:03pm] KillerJim: True, but if the game is popular (hopefully!) it attracts the cheats
[6:03pm] jetienne: IF the game is popular, it will take time
[6:03pm] jetienne: and then you will have the time to handle with cheaters 
[6:03pm] KillerJim: True 
[6:04pm] KillerJim: but its good to design some limiting factors now (i.e. auth server)
[6:04pm] jetienne: and don't forget that the threat is minimal, much smaller that the one on 3d fps on desktop
[6:04pm] jetienne: true 
[6:04pm] jetienne: another thing is that you do a web game, so people are always uptodate
[6:04pm] jetienne: no issue in releasing new versions (with better anticheat)
[6:05pm] KillerJim: I don't have any problems with the source code aspects of cheating, I mean.. a random unifyer will easily change the code each release
[6:05pm] KillerJim: or even the HTTP server could do it on the fly per user
[6:06pm] KillerJim: Its the browser hacking thats my concern, given its easily modified as its the 'shell' in which the game runs
[6:07pm] jetienne: hehe
[6:07pm] KillerJim: There's also sending random command messages to the server too
[6:07pm] jetienne: so you imagine a *web* game player, deploying a proxy, just to cheat the game ?
[6:07pm] KillerJim: tbh, yes..
[6:08pm] KillerJim: I mean people cheat at everything :S
[6:08pm] jetienne: well i think you need to know more about your target
[6:08pm] KillerJim: My target are FPS players..
[6:08pm] jetienne: web game player are people playing at lo tech game
[6:09pm] KillerJim: I dunno, give it a few years - web based gaming will be at the forefront, assuming JS becomes as 'fast' as C/C++ (if compiled with JIT) then why won't it look good?
[6:09pm] jetienne: no hi tech player
[6:09pm] jetienne: more the casual game type
[6:09pm] jetienne: not the last AAA FPS with super groovy 3d on its 36in tv screen
[6:10pm] jetienne: KillerJim: in a few year you will have the time to recode your game twice 
[6:10pm] KillerJim: True, I mean its unlikely that Valve or Infinity Ward will release their next shooter as a WebGL Game 
[6:10pm] jetienne: but they will release stuff and sooner than later
[6:11pm] KillerJim: but I wanted a game that would run anywhere - any operating system, any device.. HTML5 + WebGL seems the best choice to make that happen 
[6:12pm] jetienne: but about the topic, current web player are so low-tech that i don't think we need to spent much time on very smart anticheat. lets do something flexible first, then we will always have time to improve it later
[6:13pm] jetienne: (log gin this discussion)
jeromeetienne commented 12 years ago

and we can use the processus of flagging people. crowdsource the problem