Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> one could say it's critical to stop hackers.

It's never critical to stop hackers in a videogame IMO. We need to stop being so damn serious about gaming.




I think you're framing this the wrong way.

Is it fun to be a non-cheater, and join a multi-player game where there are other players using software cheats that let them easily beat you every single time?

I'm pretty sure I would quickly stop playing that game, and demand the publisher refund my money. That's just not fun.

And that's just as a casual gamer. For people who compete and win prizes, endorsements, etc., the stakes are a bit higher.

I'm not saying kernel-level rootkits installed on everyone's machine is the answer, but letting people cheat isn't going to work either.


Community-run and moderated servers easily fixed this issue decades ago. Maybe video games should be fun centers of community again instead of maximally isolating and atomizing skinner boxes designed to make children addicted to endlessly practicing and competing at worthless skills so the sunk cost keeps them buying loot boxes


Rampant cheating will wreck competitive multiplayer games fast, so there are perspectives from which this critical.

(I’d still lean towards expecting game houses to find another way, kernel drivers are still client side trust mechanisms).


Well, the problem is eventual consistency and these games have a hell to consolidate properly.

One user is on a connection with 10ms latency, the other user is on 50 ms latency. Now, if first user does something, and second user can either do something to evade or can do something that actually prevents the first user from acting, how do you consolidate that?

The actual timestamp of when exactly what happened helps immensely, but you have to trust the timestamp. And how can you know that is not manipulated?

But... that's just the surface. Consider: one client uses a rendering that takes 25ms longer to show up and another client does not render textures/shadows etc. That client is faster and the sender can even send "official" response times, but would still give an advantage.

So, I am not sure this can be solved serverside. But... I don't play these games anymore and would never opt for a rootkit to be installed just so I can play. I can imagine plenty of people, though, who would.


Remember that you don't need perfection: you need people to believe that they're likely enough to get caught that they don't want to use a pre-canned cheat, and you need just enough cheat detection mechanisms to make it hard for people to make new cheats. Not all of that has to be technological: you can spread rumours that your cheater ban waves are bigger than they actually are, for example, and that'll keep more people from even trying in the first place.

You don't have to trust the timestamp - and you shouldn't. You can use a bunch of methods to go from untrusted to grudgingly accepted: requiring monotonicity means cheating clients have to be permanently slower rather than selectively slower. Having tolerances for out of order packet rates or accepted deltas before discarding player actions will have some false positives for players on terrible networks, but will also reduce the impact of any possible timestamp-related cheats.

It can't be fully solved server side, not without sacrificing acceptable performance. I reckon it can probably be dealt with enough on server side to keep cheating to a tolerably low level. It's probably cheaper to just license a windows rootkit though.


You might be able to match-make between clients with similar latency and then "enforce" that latency server side by delaying things that "happen faster" then the previously measured latency


No, this implies that actions are in response to something. This is not true. I can shoot my gun at any time, and even randomly. It does not depend on an opponent starting to move.


> (I’d still lean towards expecting game houses to find another way, kernel drivers are still client side trust mechanisms).

Well, this problem simply can't be solved server-side only. Client-side can't be validated without rootkit (and even then it's not enough, but enough to deter majority of cheaters).


If not having hackes is critical for a competitive videogame CS and Dota 2 will be dead.


Keeping cheating to a low enough level that players don't quit in frustration (or never start playing due to bad press) is critical. Eliminating it entirely is not.

Valve added vote kicks to CS to help keep cheating (and other antisocial behaviours) under control - it seems pretty important to them.


I think the point is that competitive multiplayer games are not critical. Scripting in e.g. league of legends probably doesn't register on 99% of humanities "top 100 most critical things in my life" radar.


The LoL game development studio probably rates their game being a commercial success as a significantly critical thing.


For some people it's no. 1 priority in life. What's your point?


That was my point. We forgot we were gaming, probably due to all the money being thrown around.


No-one likes playing with a cheat in Uno, either, and the table stakes for Uno are pretty low.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: