So how 'bout those Mets?

[Esben Mose Hansen]

Quote:

...One thing Im worrie about is that now that Illwinter has shown they can dismantle a turn file to get answers Im afraid they will be swamped by requests every time any player feels another player did something shady. As often as we see Posts to that affect here which get answered as possibilitys that the player hadnt considered, you can see how busy that might be.

This also worries me. I'm thinking of having my server make a a complete .tar.bz2 image of the game directory every turn.Then a master password, and independent part (NOT ME!!!) and the backup history could determine any cheating for sure.

What do you think?

[archaeolept]

yah that would work wonders even if only to scare off certain potential cheaters. all that really happened here was that IIRC was that the existence of a master password allowed norfleets lies and the extend of his cheating to be exposed. a turn by turn history would might also, however, have provided valuable clues as to what precisely he was manipulating.

[Gandalf Parker]

Quote:

This also worries me. I'm thinking of having my server make a a complete .tar.bz2 image of the game directory every turn.Then a master password, and independent part (NOT ME!!!) and the backup history could determine any cheating for sure.

What do you think?

If for no other reason, it would be simple enough to implement and would at least make everyone feel better. If you need a "neutral server" we can setup an auto-ftp between your server and mine. Or you could put the tar's in a directory and just schedule a remote sync using some sort of mirror software.

[Esben Mose Hansen]

Quote:

If for no other reason, it would be simple enough to implement and would at least make everyone feel better. If you need a "neutral server" we can setup an auto-ftp between your server and mine. Or you could put the tar's in a directory and just schedule a remote sync using some sort of mirror software.

Yeah, my feelings, too. Hunting for an actual cheat (on a subtle scale, not norfleetscale) would be like searching for a straw in a haystack...

No need for the neutral server. If my server is comprismised, or if I'm dishonest, nothing will change that. I'll try to make an implementation tomorrow or Sunday, but no promises... but now I really have to sleep

[Stormbinder]

Quote:

What was apparently done was that the turn file was edited to have extra gems. Those gems had to be converted to something else or used in forge commands or turned into gold and used to make troops in that same turn before turning in a 2h. The game does have checks for such things but the variations make for alot of "thinking" needed by the game. The game sent him a turn with XX gems in each Category, and received back a 2h file of commands to do things. To take into account the original amounts, plus new gem income, plus all of the things that can be done with it in order to decide "oops too much" is pretty hairy. Especially when you try to reverse logic the troop queue to the gold to the fire gems made from the astral gems which were made from the death gems just as one example. NOT IMPOSSIBLE before someone jumps my case about it, just hairy and time consuming to get it put in.

Hmmm, frankly I still want to jump you case about it Gandalf, since I don't see the server-side gem tracking to be such a huge problem to implement, but I'll let it pass. Otherwise we would become involved into discussions what constitutes to be "hairy" and what doesn't. And most likely end up agreeing on sciencific terms such as "hairy but with big bald patches", or "balding but still retaining some hair".

[Gandalf Parker]

Quote:

Hmmm, frankly I still want to jump you case about it Gandalf, since I don't see the server-side gem tracking to be such a huge problem to implement, but I'll let it pass.

My answers are not Johans. He is already looking at it.

Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)

[Stormbinder]

Quote:

Quote:

My answers are not Johans. He is already looking at it.

Good to hear this.

Quote:

Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)

Heh. Between hackers and programers, all interested at the same goal, some good security ideas could be developed...

[Heironeous]

Quote:

Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)

Absolute security may not be possible, but, as described above, client hacks can be eliminated by simply passing the client a partial copy of the game state, with the client only returning a list of orders to the server. Then it doesn't matter what you do to the client, the server processes the orders against the true game state. If you screw around with the client or the information passed to the client, then you'll only be hurting yourself as your orders won't map properly to the true game state.

[Leif_-]

Quote:

And Im more hacker to whom no absolute security is considered possible.

Oh, it's quite possible to make a computer program without any security flaws - the tricky thing is <i>knowing</i> that there aren't any security flaws in it. :-p