• Riskable@programming.dev
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    8
    ·
    4 days ago

    Excellent defense: “You sent me the packets revealing where all the other players were. If you didn’t want me to know they were behind walls why did you tell me precisely where they were?”

    Yeah, doing such checks on the server side of things is more computationally intensive but it would solve that problem entirely and you wouldn’t need client-side anti-cheat bullshit anymore.

    The first rule of network programming is never trust the client. How does anti-cheat software work? By trusting the client.

    • Maalus@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      ·
      3 days ago

      It is impossible to do these types of checks on serverside. Your PC needs to know where to render the enemy character ahead of time, otherwise they’ll pop into existence after you are dead. Bonus points for packet loss. Programming games isn’t the same as validating input from some rando trying to log in on a site, it’s an unsolved problem that all games have an issue with - from FPS like CS, RTS like Starcraft 2, to mobas like League.

      • Riskable@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        5
        ·
        3 days ago

        It is impossible to do these types of checks on serverside.

        If the client can make a determination as to whether or not to draw a player the server can too (and refuse to send those packets). It’s not impossible, just more computationally intensive and thus, more expensive (on the server side of things).

        Naive way: Render exactly what the player will see on the server. Do this for every client and only send the data to the client if the another player enters the view.

        More intelligent way: Keep track of the position and field of view of each player and do a single calculation to determine if that player can see another. If not, don’t send the packets. It will require some predictions but that’s no different than regular, modern game-specific network programming which already has to do that.

        Servers these days have zillions of cores. It really isn’t too much to ask to dedicate a thread per player to do this kind of thing. It just means that instead of one server being able to handle say, 500 simultaneous players you can only handle say, 100-250 (depending on the demands of your game).

        If your players host their own servers then it’s really no big deal at all! Plenty of cores for their personal matches with their friends or randos from the Internet. If you’re a big company with a game like Fortnite then it’s a huge burden compared to the low-effort system currently in place.

      • stinky@redlemmy.com
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        6
        ·
        3 days ago

        Why impossible? Server-authoritative programming is common in PVP gaming, even high-performance recent games. I don’t think anyone is suggesting lazily loading chunks of player data like wandering into a new chunk in Minecraft. Just write efficient, clean code that anonymizes or encrypts player data so it can’t be read client-side.

        • Mojave@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          edit-2
          3 days ago

          Okay, now the player data is encrypted and unreadable by clients.

          How will the client display where the players are without data…

          Why are you bothering to spend cycles sending this useless, encrypted data…

          If you mean to decrypt the player data once it reaches the client, then you have solved no issues…

          • stinky@redlemmy.com
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            3 days ago

            The issue here was that fortnite broadcasts locations of enemy players in packet data, not that it trusts clients “with anything”… where did you get that from?

              • Mojave@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                13 hours ago

                Work arounds are for devs to solve, not schmucks on lemmy. CS:GO used to use something similar to occlusion culling to prevent this exact problem. Don’t send the client all of the enemy locations/data unless the client is within roughly the right distance/sight to see that enemy. This is not a full fix, but dramatically nerfs wall hacking.

                I’ve seen community plugins for TF2 and other source engine games that will add “ghost” players. Generate ai characters, turn them invisible, and send their data to clients. If someone keeps shooting at the ghosts, they can easily get caught and banned.

                There are entire industries dedicated to finding solutions to this problem, check out this research paper about this exact subject if you want.

              • stinky@redlemmy.com
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                5
                ·
                edit-2
                3 days ago

                That’s an excellent issue for you to research on your own time! If you know anyone on the OverWatch development team you could ask for their input as well. Please report back to this thread with your findings, we’re all very interested in the results.

    • MentalEdge@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      edit-2
      3 days ago

      “Oh no, we don’t need to worry about any sanity checks in the database, that’s all taken care of in the javascript frontend”

      I didn’t come up with that, but it’s the same logic. Actually expressing something like it in a professional setting could get you fired.

      Not in the games industry, though.

      • Maalus@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        3 days ago

        Because there is a reason nobody does that serverside. Programming games and programming a service are two different beasts.

      • weew@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 days ago

        Most other industries don’t expect millisecond response times.

        You take longer than that in an action FPS game, your game is fundamentally broken and unplayable.