Epic says the cheater in question has "pocketed thousands" as a result of cheating in tournaments.
Riskable
link
fedilink
English
4325d

Excellent defense: “You sent me the packets revealing where all the other players were. If you didn’t want me to know they were behind walls why did you tell me precisely where they were?”

Yeah, doing such checks on the server side of things is more computationally intensive but it would solve that problem entirely and you wouldn’t need client-side anti-cheat bullshit anymore.

The first rule of network programming is never trust the client. How does anti-cheat software work? By trusting the client.

@[email protected]
link
fedilink
English
2425d

It is impossible to do these types of checks on serverside. Your PC needs to know where to render the enemy character ahead of time, otherwise they’ll pop into existence after you are dead. Bonus points for packet loss. Programming games isn’t the same as validating input from some rando trying to log in on a site, it’s an unsolved problem that all games have an issue with - from FPS like CS, RTS like Starcraft 2, to mobas like League.

Communist
link
fedilink
English
2
edit-2
24d

Immortal gates of pyre does it, and it’s just sc2 but better.

Riskable
link
fedilink
English
-224d

It is impossible to do these types of checks on serverside.

If the client can make a determination as to whether or not to draw a player the server can too (and refuse to send those packets). It’s not impossible, just more computationally intensive and thus, more expensive (on the server side of things).

Naive way: Render exactly what the player will see on the server. Do this for every client and only send the data to the client if the another player enters the view.

More intelligent way: Keep track of the position and field of view of each player and do a single calculation to determine if that player can see another. If not, don’t send the packets. It will require some predictions but that’s no different than regular, modern game-specific network programming which already has to do that.

Servers these days have zillions of cores. It really isn’t too much to ask to dedicate a thread per player to do this kind of thing. It just means that instead of one server being able to handle say, 500 simultaneous players you can only handle say, 100-250 (depending on the demands of your game).

If your players host their own servers then it’s really no big deal at all! Plenty of cores for their personal matches with their friends or randos from the Internet. If you’re a big company with a game like Fortnite then it’s a huge burden compared to the low-effort system currently in place.

@[email protected]
link
fedilink
English
025d

Why impossible? Server-authoritative programming is common in PVP gaming, even high-performance recent games. I don’t think anyone is suggesting lazily loading chunks of player data like wandering into a new chunk in Minecraft. Just write efficient, clean code that anonymizes or encrypts player data so it can’t be read client-side.

@[email protected]
link
fedilink
English
9
edit-2
24d

Okay, now the player data is encrypted and unreadable by clients.

How will the client display where the players are without data…

Why are you bothering to spend cycles sending this useless, encrypted data…

If you mean to decrypt the player data once it reaches the client, then you have solved no issues…

@[email protected]
link
fedilink
English
224d

Show me one multiplayer fps that does not trust the client with anything.

@[email protected]
link
fedilink
English
224d

The issue here was that fortnite broadcasts locations of enemy players in packet data, not that it trusts clients “with anything”… where did you get that from?

@[email protected]
link
fedilink
English
124d

how else should it inform the client of enemy players

@[email protected]
link
fedilink
English
222d

Work arounds are for devs to solve, not schmucks on lemmy. CS:GO used to use something similar to occlusion culling to prevent this exact problem. Don’t send the client all of the enemy locations/data unless the client is within roughly the right distance/sight to see that enemy. This is not a full fix, but dramatically nerfs wall hacking.

I’ve seen community plugins for TF2 and other source engine games that will add “ghost” players. Generate ai characters, turn them invisible, and send their data to clients. If someone keeps shooting at the ghosts, they can easily get caught and banned.

There are entire industries dedicated to finding solutions to this problem, check out this research paper about this exact subject if you want.

@[email protected]
link
fedilink
English
-4
edit-2
24d

That’s an excellent issue for you to research on your own time! If you know anyone on the OverWatch development team you could ask for their input as well. Please report back to this thread with your findings, we’re all very interested in the results.

@[email protected]
link
fedilink
English
124d

awful

MentalEdge
link
fedilink
English
13
edit-2
25d

“Oh no, we don’t need to worry about any sanity checks in the database, that’s all taken care of in the javascript frontend”

I didn’t come up with that, but it’s the same logic. Actually expressing something like it in a professional setting could get you fired.

Not in the games industry, though.

@[email protected]
link
fedilink
English
925d

Because there is a reason nobody does that serverside. Programming games and programming a service are two different beasts.

@[email protected]
link
fedilink
English
124d

Most other industries don’t expect millisecond response times.

You take longer than that in an action FPS game, your game is fundamentally broken and unplayable.

Create a post

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let’s Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)
  • 1 user online
  • 74 users / day
  • 313 users / week
  • 855 users / month
  • 3.13K users / 6 months
  • 1 subscriber
  • 4.48K Posts
  • 28.8K Comments
  • Modlog