[MUD-Dev] Re: You think users won't number crunch and statistise your MUD?
Travis S. Casey
efindel at io.com
Thu Jul 2 15:39:46 CEST 1998
On Wed, 1 Jul 1998, J C Lawrence wrote:
> Travis S Casey<efindel at io.com> wrote:
> > I think you're making an unwarranted conclusion here. I must admit
> > that I haven't actually played UO, so I don't know how "numberless"
> > they've tried to make the environment.
>
> I'm not asserting that UOL is numberless, just that the attempt to go
> numberless as an attempt to dissuade GoP playing (by the numbers) is
> inherently doomed when as much effort can and will be invested as is
> shown at the URL's above.
>
> It is, as it were, a proof case.
I'm still not sure how good a proof it is, though. As I pointed out, from
what I've seen, it doesn't look like a great deal of effort was needed to
derive those numbers (Well, depending on what you consider a great deal of
effort. I'd guess that someone familiar with the techniques and with
paper RPG systems could derive those numbers with a few days to a couple
of weeks of effort. With multiple people contributing, of course, it
could be done faster).
Further, I think that there are two factors present at UO that most muds
won't have:
1. The sheer number of players. At a guess, I'd say that UO's player
base is a couple of orders of magnitude greater than that of even
a popular "regular" mud. This greater population is more likely to
have people who want such statistics badly enough to spend a large
amount of time working them out.
2. UO's playerbase is drawn more from players of "regular" computer
games (e.g., the non-multiple-player, non-online kind). I'd expect
that such players are more likely to be GoPers, and thus, more
interested in ways to "cheat" or "inside information" about the game.
These are the kinds of people who are used to playing games like
Mortal Kombat, where part of the game is to figure out the secret
combo moves and other hidden portions of the game.
I think that both of these factors make UO more likely to be quickly
"broken" than a typical mud's systems would be. When you factor in the
fact that UO only hides some numbers, that increases the chance that
someone will "break" it quickly even more.
> > Obviously, no matter what you do, someone sufficiently determined
> > can eventually figure out your mechanics...
>
> Precisely. This has come up here before (security thru obscurity),
> but only apocryphal evidence.
I think we're approaching the whole idea of hiding numbers from different
viewpoints. My goal is not "security" -- if someone really wants to know
how the game works underneath, that's fine with me. Rather, my goal in
hiding numbers would be to help preserve the illusion that you're playing
a real character in a real world, and to encourage players to make
decisions on the basis of "what would make sense in that situation" rather
than on the basis of "how do the numbers look." In short, to encourage
roleplaying over GoP.
In doing that, hiding numbers isn't the only thing that I'd need to do.
To take a typical, D&D-derived game system and hide the numbers wouldn't
help in the suspension of disbelief; indeed, it would quite likely hurt
it, or make the game nearly impossible to play. I'd need to try to set
things up so that the game works as much as possible like the way you'd
expect a real world to work -- so that you don't *need* the numbers as
much as you do in a D&D-style world.
Doing so would also tend to make the numbers harder to figure out, but
that's not the goal -- it's a side effect.
On the topic of "security through obscurity" -- you most often see that
line brought up when considering one of two things:
- A situation where the *only* added security is obscurity (e.g., "I'll
just run my telnet daemon on another port, and then no one will be
able to break in!") or
- Where a company simply states that their code/method is secure, but
refuses to subject it to independent verification.
I'd like to point out that most forms of computer security assume at least
*something* being "obscure" -- e.g., public-key encryption systems assume
that an attacker doesn't know the secret key. The key (if you'll pardon
the pun) is to make sure that what you're trying to hide really can be
hidden well. In the case of public-key encryption, breaking the key
requires either unbelievably lucky guessing or having a solution to a
mathematical problem that is known to be unsolvable or difficult to solve.
(What problem depends on which public-key encryption algorithm you're
using, _Sneakers_ aside.)
Thus, obscurity can be a *help* to security -- but you should remember
that "secrets" are only probabilistically secure, and that what you
think is a hard problem may turn out to be an easy one.
> > Thus, the simple statement that "even if you try to hide numbers,
> > people can figure them out" isn't of much use. Of more interest
> > would be ideas on how to make the numbers harder to figure out, or
> > on how people reverse engineer such numbers in practice.
>
> True, the problem being (without a constantly evolving number system)
> that once a reasonably accurate approximation has been derived and
> published by a user, that game is up.
That depends on what your game is. For me, nothing would be up -- the
GoPers who "broke" the system would know the internal rules and numbers,
but, since I'm trying to make an accurate simulation, this won't help them
much, if at all, and I don't really care if it does help them (as long as
it doesn't give them a huge advantage). The real point of hiding the
numbers was to help those who want to roleplay to do so, by eliminating
the distraction of numbers. Short of forcing all the roleplayers to
memorize the rules and numbers, the people who have "broken" the system
can't prevent it from doing that... and thus, from my point of view, they
haven't "broken" the system at all.
Heck, if I were to set up such a system, I'd probably put the details of
how it "really works" on the web myself, for those interested in it.
There's nothing that stops hackers from trying to "crack" something better
than the fact that the info's free for anyone to download.
--
|\ _,,,---,,_ Travis S. Casey <efindel at io.com>
ZZzz /,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)
More information about the mud-dev-archive
mailing list