[MUD-Dev] TECH: Trusting Network Clients

[Crosbie Fitch]

brian hook wrote:

> The client isn't definitely in the hands of the enemy, but you
> have to ASSUME that it is in the hands of the enemy.  The vast
> majority of Everquest players are not cheaters, but that very
> minor percentage of cheaters can really ruin the enjoyment for
> other players by simply existing.

But it's so easy to turn that subtle difference into the actual
assumption, i.e. from "knowing that most players aren't the enemy,
but assuming they are just as a precaution" to "assuming all players
are the enemy".

I'd say it's better to assume that a few players are cheaters.

> If it is an achievement oriented game, then this is doubtful.  But
> more relevantly, even if achievement oriented players won't cheat,
> it belittles their own advancement if other cheaters manage to
> accomplish achievements faster and more gloriously than the legit
> players.

Ah yes, but if we have measures to detect and remove those few
cheaters, that solves the problem. But, you can't begin to approach
this kind of solution UNLESS you first remove the mental block
caused by the idea that the client is in the hands of the enemy. In
other words, how can we countenance allowing the client to perform
useful work if we've already prohibited it by creating an a priori
ban?

> I think it's a bit of a reach to correlate "desire for fairness"
> with "desire to exploit players for profit".

Sorry, I got a bit tangential there. I think it's important to
question some of the assumptions that impinge on the system
design. If you assume that the system is provided by a commercial
provider, then obviously you would expect it to be heavily guarded
because it represents the key revenue generation mechanism. However,
to some extent this is guarding it not necessarily for the
community's benefit, but for the provider's. If the community
provides the infrastructure by hosting the system on the client,
their PCs, then the community has a much better motive for ensuring
fair play. Otherwise it's just something to bitch about on
discussion forums.

Remove the need for security as a means of protecting the provider,
and its clear that it's really for the players' benefit.

> You're mistaking "play" for "work".  These games are
> entertainment, the players aren't "working" to build things for
> the people that run these MUDs or MMOGs, they are paying for a
> service that _allows_ them to do these things, presumably because
> they enjoy it.

The best work is stuff you'd do for fun even if you weren't paid to
do it.

Play on MMOG's is work if it's a commodity (whether or not the
players realise it). If a key selling point to a game is not
necessarily the content produced by the developer, but the
consequential content produced by players, the social interaction,
etc. then to some extent players' efforts (resulting from play) are
being sold. This is work.

It's a classic scam, I mean, business model. Create a forum. Sell
access to the forum. Create a professional organisation. Invite
members/subscribers.  Sell access. Create a MMORPG. Sell access.

> Assuming that your premise is that "healthy" 90% won't cheat, that
> still leaves the other 10% that will.

Yes.

However, once we can establish what this ratio tends to be, then we
can see if it's feasible to host a game on the client. Because, if
it's 50% then there's no hope, but if it's 90% or higher then it
makes things look much brighter.

If we just hide our heads in the sand and just say that it's
irrelevent, that any level of cheating is equivalent to all players
cheating, then we've blinded ourselves to a possible solution.

> What percentage of people are career criminals?  Not very many, of
> course, yet we have laws and procedures specifically designed to
> keep criminals from ruining the days of law abiding citizens.

And in a free society, you allow the individual the freedom to
commit crime.  (entrust data to the client)

In a non-free society, you restrict the individual from access to
crime.  (keep data on the server)

> One criminal in a crowd of 100 can still piss off 99 other people.
> If you are put in a position of authority such that the other 99
> people EXPECT and DEMAND that you root out and punish/ostracize
> those criminals, then you need to have policies and technology in
> place to allow that.

Absolutely. We entrust data to the client, but have a police force
to root out and punish/ostracize cheats.

> Telling the other players "ignore the cheaters, it doesn't affect
> you" isn't a solution.

In a free society, we say "tolerate crime as the expense of freedom,
but prosecute/rehabilitate criminals".

>> The player is not the enemy!

> No, but _a_ player can be the enemy, and that is what a MUD/MMOG
> operator has to be prepared to deal with.  Because it only takes
> one enemy to ruin a game for everyone else.

I'm happy if we can move from 10,000 players being the enemy to 1
player being the enemy. Now there's hope.


_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev