this post was submitted on 31 Oct 2024
220 points (99.5% liked)

Linux Gaming

15177 readers
625 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 7 hours ago* (last edited 7 hours ago) (2 children)

Your core premise is broken. Relying on trusting anything from a remote client cannot possibly result in a fair game.

[–] [email protected] 5 points 4 hours ago (1 children)

It's not that simple. Especially not for real time shooters, latency is a killer.

[–] [email protected] 2 points 4 hours ago* (last edited 4 hours ago)

It is that simple. You already have to account for latency because everyone but one player (who you also can't trust no matter how many rootkits you install) is not the server.

Client side validation cannot possibly provide any actual security, but even if that wasn't the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.

[–] [email protected] 3 points 7 hours ago (1 children)

Too bad the server at least needs the player input data.

[–] [email protected] 9 points 7 hours ago (1 children)

Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.

But that's entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.

[–] [email protected] 0 points 6 hours ago (1 children)

There are ways to detect and stop that, but they can and should happen on the server, not on the client.

[–] [email protected] 2 points 5 hours ago (1 children)

Only if you're OK banning real people.

[–] [email protected] 1 points 4 hours ago (1 children)

There are lots of options such that you can tune your false positive/negative rate. 🤷‍♂️ Tons of ways you can structure this depending on your game's tech.

[–] [email protected] 1 points 4 hours ago (1 children)

No options that resemble legitimate or evidence based in any way.

If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it's unconditionally not acceptable to do so.

[–] [email protected] 2 points 4 hours ago (1 children)

Client side anti-cheat faces similar issues, and there unlike your server you don't control the hardware.

[–] [email protected] 1 points 4 hours ago

I'm not sure why you think I'm saying client side is better when I called it malware.

There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It's simply a reality of online gaming.