[MUD-Dev] Quake II has gone GPL

Valerio Santinelli tanis at mediacom.it
Fri Jan 25 09:30:30 CET 2002 

From: <Daniel.Harman at barclayscapital.com>
> Travis Nixon [mailto:tnixon at avalanchesoftware.com]
>> From: "Vincent Archer" <archer at frmug.org>

>>> Those two examples show why "the character is on the server,
>>> there's not much players can do" isn't exactly right. There's a
>>> lot of cheating that can go in the client.

>> Yes, but both these examples of client side cheating (trading
>> items that weren't meant to be traded and moving faster than was
>> intended) were because they violated the prime law of online
>> games.

>> Never trust the client.

> Well I disagree on this. The trading of no drops was inadequate
> thinking on their part, but it was more involved than Vincent
> described (and thus its easier to see why it slipped through the
> net). For those who care the way it worked was as follows:

>   a) Droppable bags become nodrop when they have a nodrop item in
>   them. So put your no drop item in one.

>   b) Hack the client memory to mark the bag as droppable (even
>   though currently it isn't).

>   c) Trade the bag with the no drop item in it.

> I don't know about you, but this is exactly the kind of error that
> I imagine can slip through the net however careful you are. Even
> if they did server side checking, the naive approach would be to
> check whether the bag itself was natively no drop (which I believe
> they did).

The problem is still the same. They trusted the client for what
concerns the bag itself.  They should have checked all the stuff
contained in the bag and validate the "nodrop" attribute
server-side.

> As to the movement issue, there is no way that you can keep a game
> responsive, whilst authenticating every client movement with the
> current state of the Internet. AO had a go at it and it was like
> ice skating attached to a bungie.

AO network system designer made a big mistake by using TCP. That was
the problem. Using an adapted implementation of UDP can save you
from this problem, as it's been already discussed on this list some
time ago.  At the current state of the 'net, movement validation
isn't even an option.  We've got to stick to current pre-emptive
algorithms to let the client do some calculation on the various
characters positions. We can't avoid this for now.

--
Valerio Santinelli
HateSeed.com Founder (http://www.hateseed.com)
In Flames Italia Webmaster (http://www.inflames.it)
My Lab (http://tanis.hateseed.com)



_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list