Announcement

Collapse
No announcement yet.

Rich Geldreich On The Concerns Of Open-Sourcing In The Game Industry

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by andrebrait View Post
    To be honest, I never know what to think when it comes to open sourcing games and whatnot, specially if they're competitive in some way.

    I mean, let's assume one open-sources Counter-Strike. I take the source code, modify it so it renders stuff transparent and compile it, and then I go to an online game. How would the server know in any way that I'm cheating? I can very well report that everything is fine if I change the source code of the anti-cheat system as well...
    You can't do this even with closed-source; there's no reliable way to determine if the binary's been modified.

    So the solution is just like any untrusted-network application - don't trust the client! Modern FPS's don't keep the whole game-state updated; the server's smarter than that and only sends the state for things you can see (plus a little extra to account for latency when the player or objects are moving, but not enough to give cheaters a huge advantage).

    Similarly, the client isn't authoritative about player actions; the server replays the inputs and maintains the canonical state. The client often simulates and renders things before they've been validated by the server, so you don't get network lag when you walk forward or whatever, but when the response arrives it'll align you with the server's view of the world. That's why you get that annoying effect when the network glitches and you suddenly teleport backwards.

    Competitive games have some increasingly smart cheat-detection - they'll do things like guess what you reacted to, and whether you're consistently responding to things you shouldn't have been aware of.

    Anyway...clients aren't trusted. They can't be trusted, ever, so opening the source doesn't make a difference.
    Last edited by FLHerne; 30 November 2017, 10:36 AM.

    Comment


    • #12
      Originally posted by andrebrait View Post
      Sometimes the solution is pretty obvious, yet I fail to see it. This is a no-brainer.
      Now I feel dumb.
      Don't, it doesn't work. There are tools that patch the binary in-memory after it's been loaded. There are tools that hook into the kernel and modify syscalls so the validator thinks it's examining the game binary but isn't. There are tools that modify network packets and don't touch the actual running game at all. You can't trust the client!

      Comment


      • #13
        Originally posted by FLHerne View Post
        Anyway...clients aren't trusted. They can't be trusted, ever, so opening the source doesn't make a difference.
        Gotcha. Thanks a lot!

        Comment


        • #14
          I can see both sides to this in that I have projects I've spent hours on and don't want to simply give away. However, parts of the code can be improved upon so releasing parts for others to use and provide code review can be useful.

          Taking credit for the work of other's is nothing new so if that bothers you consideration should be given to licensing.

          There was also tweets...
          Should be "There were also tweets."

          Comment


          • #15
            Geldreich seems like a moron. Yeah I get it - it sucks to put work into something where someone then claims it as their own, but aren't licenses like GPL supposed to protect him from this sort of issue? Also, he openly admitted that he didn't do 100% of the work, and that open sourcing Crunch is the main reason it became successful.

            I don't get what he was expecting was going to happen. Open sourcing something and complaining that people take advantage of it is kind of like a bakery that donates day-old bread to the poor and complains that nobody pays them for it.

            Comment


            • #16
              Originally posted by schmidtbag View Post
              Geldreich seems like a moron. Yeah I get it - it sucks to put work into something where someone then claims it as their own, but aren't licenses like GPL supposed to protect him from this sort of issue? Also, he openly admitted that he didn't do 100% of the work, and that open sourcing Crunch is the main reason it became successful.

              I don't get what he was expecting was going to happen. Open sourcing something and complaining that people take advantage of it is kind of like a bakery that donates day-old bread to the poor and complains that nobody pays them for it.
              And the notariety of Crunch got him a number of very well paying jobs. What did he think he should have gotten out of Crunch? Unless he started his own company and clained that Crunch was all his, he wasn't going to make anything from it. His employer would claim it or the other people who had contributed to it would have.

              I agree with those who say that he open sourced it for the wrong reasons. Don't blame open source because you made a decision you now regret. This isn't an open source problem, this is a "people do things they later regret" problem. And it's not very clear what he hopes would have happened differently if he hadn't.

              Comment


              • #17
                Originally posted by ResponseWriter View Post

                Should be "There were also tweets."
                He from Atlanta :P

                Comment


                • #18
                  Originally posted by andrebrait View Post
                  To be honest, I never know what to think when it comes to open sourcing games and whatnot, specially if they're competitive in some way.

                  I mean, let's assume one open-sources Counter-Strike. I take the source code, modify it so it renders stuff transparent and compile it, and then I go to an online game. How would the server know in any way that I'm cheating?
                  The exact same way it does with a closed-source game, by forcing you to install an anti-cheat system that will check file signatures ( https://en.wikipedia.org/wiki/Digital_signature ), among other things like checking your in-game behaviour.

                  Comment


                  • #19
                    Originally posted by andrebrait View Post

                    Gotcha. Thanks a lot!
                    Certainly no offense to yourself but this is actually a good example of why the games industry is so against open-source. It really is due to a lack of knowledge and experience in their trade.

                    I have heard a lot of games devs stating that closed source is better because hackers/crackers cannot see the code and find bugs. In reality a cracker can traverse and patch the disassembly just as easily. Also, peer review of code helps fix bugs so open-source software is often so much more secure.

                    They do not understand about platforms other than Windows and how open-source can increase the lifespan, they simply have no experience in this. To them open-source means giving the game away for free... Which is simply not true. I would pay up to 10x as much for a game that is open-source. Having access to the source is a benefit I (and many others) would pay more for. Same goes to tools such as Unreal/Unity. Though not under a free license, the source access to Unreal makes it an absolute 100% no brainer choice for the future.

                    Game developers are like craftsmen that make wooden toys... They are a far far shot away from an expert craftsman making beautiful wooden furniture and art. They are simply not skilled in that area.
                    Last edited by kpedersen; 30 November 2017, 01:08 PM.

                    Comment


                    • #20
                      Originally posted by FLHerne View Post

                      Don't, it doesn't work. There are tools that patch the binary in-memory after it's been loaded. There are tools that hook into the kernel and modify syscalls so the validator thinks it's examining the game binary but isn't. There are tools that modify network packets and don't touch the actual running game at all. You can't trust the client!
                      How should the server validate the client certificate? If you have control over the client you can send arbitrary data.
                      You could make a protocol which relies on some asymmetric keys or stuff, but you would have to keep the public key a secret as well, so this wouldn't work either.

                      Comment

                      Working...
                      X