Jump to content
SubSpace Forum Network

SubSpace Java Client

jabjabjab

By jabjabjab
in General Discussion

 Share

Recommended Posts

  • Replies 391
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Dr Brain Newbie

Dr Brain

Posted
Posted
You'll note I didn't say it's the only way or even the best way (though I personally do believe it is both). I simply pointed out (in response to kylratix's assertion that it's proven to fail) that it has worked in the past.
kylratix Newbie

kylratix

Posted
Posted

I totally agree that 'security by obscurity' has been working and is working now.

 

I think that, maybe, I have a different opinion on why it's working and, most importantly, what "obscurity" means within the context of ASSS's success. It's successful here because:

  1. ASSS moved code/logic out of the client side and on to the server, limiting what could be cracked.
  2. Sadly, nobody cares about subspace, limiting who is cracking. Most of the people playing it are people who knew about it from back in the day. We have less people playing than we did at Subspace's height and certainly far less attention than any "current" multiplayer game.

In regard to #2, I assume that cracking, crime, or any activity, is a somewhat predictable ratio of the regular community. For example, if 1% of players attempt to crack SS, with 1000 regulars or so, you might have to deal with 10 crackers at any given time. Of that number, maybe 1 of them at any given time is successful. That's not that bad. You have enough programmers easily. However, if the project is successful, Subspace is re-invented, and new crowds are attracted, that pool of potential exploits is going to increase and the code, never being perfect, will need to be maintained for security with far more programming hours involved.

 

In the end, I think that it comes down to each gaming community policing itself, which is why I think it's currently successful here. I see people actively report all the time. That's what's really stopping crackers. You know the people that you're playing with and when someone is cracking or cheating or spamming, it's obvious, you notice them immediately, and they're booted. Other humans are your real asset in security, not software, in my opinion. I'd focus on harnessing that.

 

Closing your source code off won't prevent people from using tcpdump and that's all they need. What it will do, though, is limit the number of programmers available to your team that can respond to cracking attempts or, more likely, identify potential security flaws ahead of time and prevent an exploit before it's used.

Marioman Newbie

Marioman

Posted
Posted (edited)

I'm all for sharing the codebase with reputable and trusted coders. The thing about github is that it only allows public repositories.

 

Also, i've been trying to get the fullscreen mode of continuum windowed the last week or so, and i've come across a few forum posts at hacking continuum. What primarily halted them was being unable to attach a debugger to the continuum binary (due to the custom way the executable is packed and i'm sure other antidebugging measures). Without Priitk keeping the source hidden away (to the extent that even a wine dev trying to fix ss on linux couldn't obtain any information) i'm sure that hackers would have a much easier time circumventing any anti-cheating measures in place.

 

I think SS mainly died because of the twister cheat program... and this was a principle reason why continuum (and BanG) was created. I'm not sure if community policing could have worked, but regardless it can only occur when the hacks are blatant enough to be detected.

Edited by Marioman
Dr Brain Newbie

Dr Brain

Posted
Posted
I agree that security through obscurity isn't a wonderful solution. However, it is my opinion that none of the other methods for security will work for a true SS replacement. Server side checking works fine for quake and others because it has a much lower player limit than any SS zone, so the burden isn't excessive. Perhaps Moore's law has brought us to the point where server side checking is feasible, but somehow I doubt we're there yet.
PoLiX Newbie

PoLiX

Posted
Posted

It is inevitable that any game will eventually die. We have far outlived any expectations, even the expectations of the community itself.

 

I can still recall many of the early people who helped push this game back up leaving thinking we wouldn't last another 2 or 3 years. Well 10 years later we are still here.

 

 

Priit made Continuum closed source for many other good reasons beyond Security and Obscurity. But in reality it has worked very well. Granted he does have many other security checks that hinder your average script kiddie harmless in their attempts.

 

It also helped limit the features put into the game, and kept it going on a straight track. If you saw some of the ideas that were thrown out at the time for Continuum by various other sysops and programmers alike, you'd realize why controlling what was built into it was a good idea. Otherwise the shmorgishborg of features would make creating a zone or even navigating the client a total headache.

JoWie Newbie

JoWie

Posted
Posted

Client-side and network-level game-rule cheating is preventable (as far as i know, twister was mostly this kind of hack). Fully preventing this comes might come at a cost though (network/input latency, complexity). A lot of first person shooters protect against this.

 

This leaves client-side augmentation (aimbots), server-side hacking and social cheating (players colluding, multiple clients, et cetera).

kylratix Newbie

kylratix

Posted
Posted

It also helped limit the features put into the game, and kept it going on a straight track. If you saw some of the ideas that were thrown out at the time for Continuum by various other sysops and programmers alike, you'd realize why controlling what was built into it was a good idea. Otherwise the shmorgishborg of features would make creating a zone or even navigating the client a total headache.

 

Hmmm ... You've attributed that success to the closed source model, when it sounds like it was really due to good project management skills and wise leadership on behalf of you, Priit, and the rest. I don't think it would have mattered what source control system you used there.

 

The centralized leadership system you're using still works and is a necessary element in an open source or even distributed open source workflow.

Dr Brain Newbie

Dr Brain

Posted
Posted
The centralized leadership system you're using still works and is a necessary element in an open source or even distributed open source workflow.

 

The only reason the game is still going is that there's limited centralized leadership.

Cheese Newbie

Cheese

Posted
Posted

the directory system is the only decentralized way to find servers

centralized control means complete failure when your server dies and goes down forever

decentralization is the only reason this game is still running

 

however, u should have it attempt to draw from a centralized server first, and if it fails use a list

 

yep

jabjabjab Newbie

»jabjabjab

Posted
  • Author
Posted

I'm starting to get into that phase right now where I feel like I cannot provide enough to satisfy my perspective on what I want this game to look like and reperesent. Even though this game IS indeed a replication of subspace, I still want to bring this further and craft / mold it into my own.

 

I need to get over the fact that I only have so much, and can only do so much, with the help of JoWie. I am considering letting another developer join in on the project, however i feel that opening the source too soon will result in stagnation of the project. I feel that that decision will reflect on the success of the development well, being that so many coders on one project would be come a catastrophe for the stability of the code. I really want a optimized engine in the end.

 

JoWie is a great networking coder, so I am sure that this portion of the client will be satisfied. The only true parts that I care about getting in good hands is physics accuracy.

 

 

Also, I feel that I need to either get better at modeling, or find someone to outsource, and may end up paying for modeling. I want to provide so much for the models, yet I am still a inferior modeler myself, but atleast it is something for now.

Marioman Newbie

Marioman

Posted
Posted

have you considered using a library for physics (like box2d or chipmunk)?

 

you can find lots on rigid body collisions on google. i'm not sure if your collisions take into account the shapes of the colliding objects or just treat everything as squares (which continuum does). i'd definitely recommend using a tried and true library for physics instead of rolling your own if it's the former (it may take a bit of work to integrate with whatever you had previously).

ZiGNoTZaG Newbie

»ZiGNoTZaG

Posted
Posted

Also, I feel that I need to either get better at modeling, or find someone to outsource, and may end up paying for modeling. I want to provide so much for the models, yet I am still a inferior modeler myself, but atleast it is something for now.

 

I dont think you really need to be concerned so much with what you have initially for graphics. When you have a stable setup that it seems like people are going to use, you can then flesh out the graphics over time. Besides, you are going to have two camps really. Exsisting players who pretty much are in love with the original stuff and will consistely reiterate that fact. New players, who came to see what all the fuss was about and as long as the gameplay is there with a promise of updates to come, will stay to see it. The exsiting players are a concern and would be your intial players. So as long as they can plugin the old graphics if they feel like it, not a concern.

  • 2 weeks later...
jabjabjab Newbie

»jabjabjab

Posted
  • Author
Posted

Okay so due to the overwhelming amount of people who want me to open source it now instead of later, yes.

 

Yes I will do this, but it cant be instantanious, because i will need help (jowie) to get our current repo to this state. sometime whenever he gets around.

kylratix Newbie

kylratix

Posted
Posted (edited)

Okay so due to the overwhelming amount of people who want me to open source it now instead of later, yes.

 

Yes I will do this, but it cant be instantanious, because i will need help (jowie) to get our current repo to this state. sometime whenever he gets around.

 

If you guys need an extra hand with that, hollaaaaa.

http://nerdsatthecooltable.com/wp-content/uploads/2009/12/holla.jpg

Edited by kylratix
Ceiu Newbie

»Ceiu

Posted
Posted

Can I do the reverse and request you keep it closed source? (At least, unless you're abandoning your project)

 

It's a Java-based client. There's really no such thing as "closed source." Java decompiles very nicely, even after being run through enterprise-level obfuscators. The best I've seen is one that purposefully generates class names that conflict on Windows and other such case-insensitive file systems (ie: aaa.class and Aaa.class), and even that is defeated by doing any modification in a linux vm (which are trivial to setup these days).

 

You're better off implementing actual security techniques.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...