So we were deluding ourselves thinking Diablo 3 would be secure and (mostly) "hack"-free.
We're getting the same deal as any other Blizzard game: it's exploitable, but they will ban exploiters every now and then, after letting them run amok for a month or two.
Clarification: its the same deal as most any game. Due to the constraints of client hardware, server hardware and latency/bandwidth, multiplayer games have to decide what to "trust" clients with, what must be kept server side, validating data from clients, and updating clients.
Off the top of my head, the one of the only ways to avoid this problem is to exclusively go the OnLive route (remote game rendering/streaming), provided their servers were never compromised. At this point, something like that is not a realistic solution for a customer base like Blizzard's. Blizzard's approach will will be to actively counter and prevent new exploits as they happen.
I imagine Blizzard's renewed comments about less hacks and exploits in D3 are because they've been able to take what they've learned from WoW and SC2, and make the game easier for them to monitor, detect, and either fix the security holes or ban the exploiters. At this point, given all of their experience and wealth, I sincerely doubt there's another game company more competent in this area than Blizzard.
Quote:
Instead of designing it to be secure from the outset, such as by not sending data about unrevealed parts of the map to the client in Starcraft 2, which would make maphacking impossible.
As far as my understanding goes, SC2 clients aren't being sent data about unrevealed parts of the map, they actively contain all the unit position data and calculate pathing clientside. RTS games are typically written with synchronous engines, where all clients and the server contain the whole dataset of activity and are kept in lockstep. This alleviates crazy bandwidth and latency issues.
EDIT: (removed dumb comment that suggested clients have "all the data" and clarified it to unit position/behavior stuff)
More info here for the curious: http://gamasutra.com/view/news/35929...of_Desyncs.php
Quote:
Edit: Actually, that could still work. The server would need to keep it's own idea of where every enemy should be and the client would have to use the same logic. That way if someone modified memory or whatever to move an enemy on the client-side, the server would pick up on it.
Yes! I imagine the guts of the logic is more complex than I can guess at, but this is a good top-level description of how they probably do it.|||Quote:
This. Good lord.
Unless you have an actual working knowledge of software and how client-server communications work on even a basic level, please don't post wild conclusions.
I operate servers and write code as my day job, and have written a fair few programs with client/server architecture in the past. I'm certainly not an expert but I would say I definitely understand the basics.
I never said the presence of item affixes (among other things) in the client makes the game more exploitable. My problem there is it makes it possible to datamine every possible affix in advance, so there is no mystery about what items can drop.
From what I read they were making it sound like the entire game was going to be dynamic because they weren't limited by what data the client had -- and this was part of why it was going to be online-only -- so I wasn't expecting for entire lists to be datamined out of it before beta even began (we already know enough to take very good guesses at who the act bosses are...)
Reality turned out different from the hype. I shouldn't really be surprised.|||If you don't want to be spoiled, don't read spoilers. Some of us like knowing everything up front. Arreat Summit was one of my favorite things to read in Diablo 2, even though it gave away a lot of information.|||Quote:
Did blizzard not say the same thing about not having lan in starcraft2 , that its to protect us from hacks. Its called throwing excuses to see which ones stick in order to hide the drm truth.
I can see how someone not familiar with software can come to this conclusion. I mean, there really is no reason for you to sit down and ponder the guts of the problem, so hey, no major fault on your part.
But, you're wrong. Just as with Diablo 3, keeping SC2's server-side code out of hacker's hands goes a long way to slow the rate hacks are discovered, if not outright prevent certain types of hacks.
It's not going to magically make all hacks impossible, but it makes the hacking process somewhat more like trying to beat Diablo 2 in hardcore mode with a blank monitor, only using the sounds made as your guide. Except instead of making a new character every time you screw up, your account gets perma-banned and you have to buy a new copy of the game.|||Quote:
It's not going to magically make all hacks impossible, but it makes the hacking process somewhat more like trying to beat Diablo 2 in hardcore mode with a blank monitor, only using the sounds made as your guide. Except instead of making a new character every time you screw up, your account gets perma-banned and you have to buy a new copy of the game.
Best description of hacking I've ever read.
|||Quote:I operate servers and write code as my day job, and have written a fair few programs with client/server architecture in the past. I'm certainly not an expert but I would say I definitely understand the basics.
I never said the presence of item affixes (among other things) in the client makes the game more exploitable.
You're right, you didn't, and I'm stupid for misreading your posts! My apologies! I just deleted my post on that topic.
Quote:
My problem there is it makes it possible to datamine every possible affix in advance, so there is no mystery about what items can drop.
From what I read they were making it sound like the entire game was going to be dynamic because they weren't limited by what data the client had -- and this was part of why it was going to be online-only -- so I wasn't expecting for entire lists to be datamined out of it before beta even began (we already know enough to take very good guesses at who the act bosses are...)
Reality turned out different from the hype. I shouldn't really be surprised.
Hold up! As I explained in a previous post, just because this data exists in the client does not mean what you think it does. =)
- The client doesn't necessarily have all the data on items, bosses, etc.
- The server could send new data for items, bosses, etc. at any point.
- The server could tell the client to behave differently for anything in game, in real time.
- The client could cache or uncache any data without the need for a separate, pre-launch patch process
Of course, the above list is just possibilities. It depends entirely on whether Blizzard coded it to support this behavior. Blizzard has said things suggest it does, at least in some ways.
You can't really draw any conclusions about what it doesn't do based on what people found in the client. Just pretend whats there is just cached data--potentially expired!|||Awesome posting and explanations by yAak, truly. Commendations to you for explaining all of this so well. I am learning a lot from this.|||Quote:
Awesome posting and explanations by yAak, truly. Commendations to you for explaining all of this so well. I am learning a lot from this.
Yes indeed, damn fine posts. Great to see someone who writes so well _and_ can admit fault when it's called for. Bravo.
I also wouldn't be surprised if yAak has actually written some code, which tends to help when discussing technical topics
|||Not sure how lists of items, abilities and monsters would make the game more exploitable. It's not like people can use that information to modify scripts and item files; that's all still handled server-side. I guess this possibility makes the eventual creation of item and monster lists after release a little less magical, but I don't see how this compromises the actual game at all.
No comments:
Post a Comment