this post was submitted on 31 Oct 2024
414 points (99.8% liked)

Linux Gaming

15374 readers
391 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 34 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Your core premise is broken. Relying on trusting anything from a remote client cannot possibly result in a fair game.

[–] [email protected] 6 points 3 weeks ago (1 children)

It's not that simple. Especially not for real time shooters, latency is a killer.

[–] [email protected] 9 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It is exactly that simple. You already have to account for latency because everyone but one player (who you also can't trust no matter how many rootkits you install) is not the server. Having a proper server doesn't change that in any way.

Client side validation cannot possibly provide any actual security, but even if that wasn't the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.

[–] [email protected] -1 points 3 weeks ago (1 children)

Client side validation cannot possibly provide any actual security

Except it already does.

but even if that wasn’t the case and it was actually flawless

Nobody is claiming its flawless. This is the same anti-seat belt, anti-air bag, anti-mask, anti-vax argument. It "DoEsn'T WoRk iN eVeRy CaSe!" - that was never the intent. It's about harm reduction.

it would still be unconditionally unacceptable for a game to ever have kernel level access.

Anyone with a technical background would agree with you, as do I, but the reality is anti-cheat software with kernel level access already exists and it works specifically because it has kernel level access.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

No, it doesn't. Cheating is still incredibly common on games that install malware. If people care enough to cheat, they will cheat whether you have kernel access or not. It doesn't make a dent. They use it for the exact same reason they use DRM. Because they can.

It also can't possibly theoretically "reduce harm" when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.

[–] [email protected] 0 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

No, it doesn’t. Cheating is still incredibly common on games that install malware

I never claimed it's flawless or that it works in all cases. Think of it like antivirus software. Does it catch every and any malware that has and will ever exist? No. Does it still work to minimize all kinds of "bad shit" for normal end users? Yes.

If people care enough to cheat, they will cheat whether you have kernel access or not.

Lets rephrase that: If people care enough to commit crimes, they will commit crimes whether you have cops in your city or not - Your statements logical conclusion would be to get rid of police and crime investigators. Does that sound reasonable? It shouldn't, and it doesn't make sense against anti-cheat software for the exact same reason.

They use it for the exact same reason they use DRM. Because they can.

They use it because it solves a real-world problem that's unsolvable by other means. There's no real alternative because you have to trust the end-user, who, although may not be very likely to cheat, makes it extremely easy for a bad person to spoil the fun for everyone else.

I would love to live in a fantasy world where we don't need cops, a government, rules, regulations, and anti-cheat software, but there are bad apples that will spoil the fun for everyone.

It also can’t possibly theoretically “reduce harm” when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.

I mean "reduce harm" in the strict sense of spoiling the fun in gaming. vulnerabilities happen with all software, this isn't unique to anti-cheat.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It doesn't meaningfully impact the rate of cheating at all. You're making the deluded assumption that it does something despite a complete absence of evidence to support it. It's a complete fabrication with no connection in any way to the real world.

It is not security. It does not in any way resemble security. It's pure theater that catastrophically compromises the actual security of everything it touches.

[–] [email protected] 0 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It doesn’t meaningfully impact the rate of cheating at all

So EA and every other anti-cheat software is paying developers to make software that does nothing? I don't follow.

[–] [email protected] 1 points 3 weeks ago (1 children)

Yes. Exactly identically to them spending money on DRM despite an obscenely strong body of work showing that DRM doesn't serve any purpose in any context. It's pure theater.

[–] [email protected] 0 points 3 weeks ago

if it was pure theater my friends and family who pay for all their streaming services would be able to share the content without permission from Netflix, Hulu, etc. That this is not the case disproves your claim that it's pure theater. It does exactly what it aims to do and that's raising the barrier to entry for piracy.

[–] [email protected] 4 points 3 weeks ago (1 children)

Too bad the server at least needs the player input data.

[–] [email protected] 14 points 3 weeks ago (1 children)

Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.

But that's entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.

[–] [email protected] 2 points 3 weeks ago (1 children)

There are ways to detect and stop that, but they can and should happen on the server, not on the client.

[–] [email protected] 1 points 3 weeks ago (1 children)

Only if you're OK banning real people.

[–] [email protected] 2 points 3 weeks ago (1 children)

There are lots of options such that you can tune your false positive/negative rate. 🤷‍♂️ Tons of ways you can structure this depending on your game's tech.

[–] [email protected] 2 points 3 weeks ago (1 children)

No options that resemble legitimate or evidence based in any way.

If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it's unconditionally not acceptable to do so.

[–] [email protected] 1 points 3 weeks ago (1 children)

Client side anti-cheat faces similar issues, and there unlike your server you don't control the hardware.

[–] [email protected] 2 points 3 weeks ago

I'm not sure why you think I'm saying client side is better when I called it malware.

There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It's simply a reality of online gaming.