Lexinonymous's recent activity
-
Comment on Valorant is winning the war against PC gaming cheaters in ~games
-
Comment on Apex Legends dev team update: Linux and anti-cheat in ~games
Lexinonymous (edited )Link ParentAs someone who was around for the good old days, old-school servers have many, many blind spots. Public servers that allow for hop-in, hop-out play are a good fit for game modes that scale...As someone who was around for the good old days, old-school servers have many, many blind spots.
- Public servers that allow for hop-in, hop-out play are a good fit for game modes that scale gracefully to ridiculous playercounts. They're not so great for modes designed for limited playercounts, or modes where the length of time between staying dead and round finish is long.
- Most servers only ran a very limited subset of levels and game modes. If you actually wanted to play most of the content you paid for, you were usually out of luck.
- The longer a game was out, the more the game tended to be taken over by serverside mods. There were doubtless many examples that added to the experience, but more often than not these mods would add janky game features and progression systems that made the game totally unbalanced, annoying sound effects you couldn't turn off, and poorly thought out voting systems that contributed to the lack of map and game mode variety as you'd see people vote for the same 3-4 maps over and over again.
- If your favorite servers are full, you either have to brave the server list and find another server running what you want to play or sit at the server screen waiting for a free slot.
- If your favorite servers are empty, you either have to brave the server list and try another server, or you jump into the empty server, hoping against hope that you are soon joined by another player. Given that most players sorted the server list by number of players, you could be waiting a very, very long time.
- Public servers could be good...or they could be run by the worst people imaginable. Offering perks like cosmetics or administrative access for payment wasn't uncommon, and that was assuming the admin wasn't cheating, oblivious to cheating players on their server, unilaterally kicking you for performing too well, or unilaterally kicking you because they were being powertripping jerks.
- Playing on a server with a buddy was incredibly difficult. Aside from the above issues with full and empty servers, if you were playing a team game you almost certainly didn't get put on the same team, so you had to wait until the teams were unbalanced and then teamswap.
- Want to play a private match with a group of friends using your own preferred settings? Hope you know the arcana involved with setting up a dedicated server.
Granted, there were positives to the model, and I do believe that server browsers are good for games with low populations, but matchmaking didn't become the default multiplayer approach for no reason.
-
Comment on Valorant is winning the war against PC gaming cheaters in ~games
Lexinonymous Link ParentIt's my understanding that although you can enroll your own keys, said environment won't be able to respond properly to any sort of attestation that only finds a specific set of whitelisted keys...It's my understanding that although you can enroll your own keys, said environment won't be able to respond properly to any sort of attestation that only finds a specific set of whitelisted keys agreeable. That's...rather the point of using PKI, no?
-
Comment on Valorant is winning the war against PC gaming cheaters in ~games
Lexinonymous Link ParentApple has been using a form of Secure Boot on macOS for years now. It extends a chain of trust from EFI, through the bootloader, the kernel, all loaded modules, and even certain critical system...Apple has been using a form of Secure Boot on macOS for years now. It extends a chain of trust from EFI, through the bootloader, the kernel, all loaded modules, and even certain critical system files. Nevertheless, you can turn this protection off by rebooting into Recovery mode. If you do so, certain applications that depend on a trusted environment like FaceTime and Messages won't work - which, to be clear, is a good thing from a security standpoint.
What if they remove the shutoff valve? They had the perfect opportunity during the switchover to Apple Silicon, but they didn't. And that's because, realistically, they can't. How else could you do driver development?
Won't this allow vendors to create locked down devices like the iPhone? Sure...but that's not a technological problem, that's a social problem. Just like you can't solve social problems with technology, you can't solve them by trying to stonewall a technology either.
-
Comment on Valorant is winning the war against PC gaming cheaters in ~games
Lexinonymous (edited )Link ParentActually, you've twigged on the exact reason why Vanguard depends on Secure Boot & the requisite TPM chip and tries to load as early as possible - because it can't always trust the Windows kernel....Actually, you've twigged on the exact reason why Vanguard depends on Secure Boot & the requisite TPM chip and tries to load as early as possible - because it can't always trust the Windows kernel.
Technically, there is no reason why Linux couldn't offer something where it carries forward a "chain of trust" of signed kernels and modules, started at boot. And from what I understand, part of this already exists - certain distros like RHEL already allow for a signed and trusted environment.
That said, I'm not familiar enough with Secure Boot support in Linux to know how trustworthy a setup this for the purposes of anti-cheat, and I'm also willing to bet that properly working Secure Boot setups in Linux are the exception rather than the rule. It's likely not feasible for the vast majority of hobbyist Linux setups out there - but could be possible for a known quantity like the Steam Deck.
-
Comment on Apex Legends dev team update: Linux and anti-cheat in ~games
Lexinonymous Link ParentBeing able to reliably verify that you're running a Steam Deck, as well as being able to reliably ban a particular Steam Deck, would still be a good thing, at least from the anti-cheat's perspective.Being able to reliably verify that you're running a Steam Deck, as well as being able to reliably ban a particular Steam Deck, would still be a good thing, at least from the anti-cheat's perspective.
-
Comment on Steam games will now need to fully disclose kernel-level anti-cheat on store pages in ~games
Lexinonymous Link ParentThis very much seems like a "Linux needs to be a platform where implementing an anti-cheat is feasible" problem. I wish I knew if the problem was more on the side of "It's possible, but most Linux...This very much seems like a "Linux needs to be a platform where implementing an anti-cheat is feasible" problem.
I wish I knew if the problem was more on the side of "It's possible, but most Linux distros aren't set up like that" or "It's not possible because Linux just exposes too many knobs that a clever hacker can twiddle." But it's not an impossible task on a general purpose computing device. From what I understand, macOS is pretty good at detecting an untrustworthy environment through Secure Boot, and disables software like FaceTime and Messages if you turn off SIP.
-
Comment on Steam games will now need to fully disclose kernel-level anti-cheat on store pages in ~games
Lexinonymous Link ParentTo be clear, I don't necessarily disagree with your underlying position regarding kernel access. However, I don't think it's wise to say something prescriptive, like "Anti-cheat should be...To be clear, I don't necessarily disagree with your underlying position regarding kernel access. However, I don't think it's wise to say something prescriptive, like "Anti-cheat should be conducted via behavioural monitoring systems to detect in-game actions that breach the bounds of human interaction/interfacing" without an understanding of the problem space that anti-cheat is trying to solve.
-
Comment on Steam games will now need to fully disclose kernel-level anti-cheat on store pages in ~games
Lexinonymous Link ParentThe creators of the Vanguard anti-cheat used by Valorant and League of Legends already use AI to determine cheating likelihood. However, comparing notes with their kernel scanner, they discovered...It's not as impossible as you might expect.
The creators of the Vanguard anti-cheat used by Valorant and League of Legends already use AI to determine cheating likelihood. However, comparing notes with their kernel scanner, they discovered that informational hacks that did not modify player inputs (such as radars) were undetectable, and even for aimbots only had a detection rate of around 40%. There was also the stated worry that cheats would soon begin using AI to make their assisted aim appear more human.
Meanwhile, Valve seemed to hitch their wagon to AI cheat detection for Counter-Strike 2. Last I checked, cheating is considered pervasive in that game, with a very embarrassing VAC wave a few months ago when people were banned for spinning their mouse too quickly. There are actually multiple, quite popular third-party services available for CS2 that allow competitive play with a kernel anti-cheat.
However I think we're at odds of priorities here - I'm approaching this from a technological perspective since I don't play multiplayer games
That's fair, but without relevant domain knowledge or experience in game networking and anti-cheat, I would caution you about making sweeping generalizations about how anti-cheat should or shouldn't work.
-
Comment on Steam games will now need to fully disclose kernel-level anti-cheat on store pages in ~games
Lexinonymous Link ParentI apologize, but I think that this sort of view comes from a very naive point of view. Optimizing your game for behaviors that are difficult to cheat considerably limits the design space of what...Anti-cheat should be conducted via behavioral monitoring systems to detect in-game actions that breach the bounds of human interaction/interfacing
I apologize, but I think that this sort of view comes from a very naive point of view.
- Optimizing your game for behaviors that are difficult to cheat considerably limits the design space of what you can put into your game.
- Most games have at least a few behaviors that would either not be caught by this kind of monitoring at all, or would result in false positives for people spinning their mouse rapidly or looking at the wrong patch of concrete wall for too long.
- Hiding information from the client can be error prone, performance-intensive, and is incompatible with modern netcode techniques that rely on determinism - which implies predictability and as much information as pertinent - to reduce visible sources of lag.
-
Comment on Steam games will now need to fully disclose kernel-level anti-cheat on store pages in ~games
Lexinonymous (edited )Link ParentTo be honest, I'm a little mystified over why there seems to be so much anger directed at kernel-level anti-cheat specifically. First off, most of the things that an attacker would be interested...To be honest, I'm a little mystified over why there seems to be so much anger directed at kernel-level anti-cheat specifically.
First off, most of the things that an attacker would be interested in are accessible from userland. That "Free Discord Nitro" scam you see doesn't ask for admin access, it can log your keystrokes and upload your passwords and credit cards without having to show a UAC prompt.
Secondly, every device someone plugs in has an associated driver, and I doubt most users are regarding the computer accessories they purchase with the requisite amount of suspicion. There are the obvious problems with counterfeits off of Amazon, but these days buying peripherals from fly-by-night dropshippers on their fourth company name in five years is more common than you think.
The real downside to kernel-level access is stability. It is a legitimate concern, and in the case of CloudStrike can have serious consequences. Having said that, in the past decade of my computer use, nearly all of my BSOD's have either been caused by faulty hardware or GPU drivers. I can't recall a single instance of a BSOD pointing at EAC or a Vanguard DLL as the culprit.
Personally, I can't help but feel like the anger directed at anti-cheat is being stoked by:
- Well-meaning security professionals whose threat model includes state-level actors.
- Cheaters.
- The cheatmakers themselves.
- Well-meaning individuals whose opinion is shaped by the prior three.
EDIT: To be clear, I wouldn't mind Microsoft tightening the screws on kernel-level access, but until they introduce something that allows anti-cheat developers to have reliable insight into the machine's Secure Boot state and hardware ID's, as well as insight into what else is running on the machine, kernel anti-cheat is not going anywhere.
-
Comment on Sony closes Concord studio and permanently shuts down the game in ~games
Lexinonymous Link ParentI think this is a bit of a red herring. I can think of many popular games with great gameplay and inessential or bad art direction, but I can't think of any where the opposite is true.But, in the end, that does seem to be a bit of an impediment to sales, to intentionally make characters explicitly non-attractive to the average person…
I think this is a bit of a red herring. I can think of many popular games with great gameplay and inessential or bad art direction, but I can't think of any where the opposite is true.
-
Comment on Reflections on Palantir in ~tech
Lexinonymous (edited )Link ParentI brought up my own experiences not to debate the morality of my own actions, but as a rebuttle to language policing. I would have no problem referring to my own past actions as "a cowards way of...I brought up my own experiences not to debate the morality of my own actions, but as a rebuttle to language policing.
I would have no problem referring to my own past actions as "a cowards way of thinking" and I wouldn't bat an eyelash if /u/delphi echoed that sentiment.
-
Comment on Reflections on Palantir in ~tech
Lexinonymous (edited )Link ParentAt one point I worked on software directly used by the prison industry complex. Not a piece of software that just so happened to be used by prisons, but a purpose-built system to accommodate a...At one point I worked on software directly used by the prison industry complex. Not a piece of software that just so happened to be used by prisons, but a purpose-built system to accommodate a very specific need. I am still haunted by the fact that I was naive at first, and didn't have the courage to quit the company that was contracted for the work once I realized how awful it was.
I can understand needing to make money. But knowing what I know now, I would never have considered the work I did to be a moral grey area, nor used the word "bullish" to describe the unjust system I contributed to.
-
Comment on Asmongold's Twitch channel temporarily banned following racist rant about Palestinians in ~games
Lexinonymous (edited )Link ParentHe can hold views that are multi-faceted, but if all that adds up to is an alt-right audience, I think there are useful inferences to be drawn from that. EDIT: An audience that - to be clear, he...He can hold views that are multi-faceted, but if all that adds up to is an alt-right audience, I think there are useful inferences to be drawn from that.
EDIT: An audience that - to be clear, he does have some amount of control over, both in the stories he chooses to cover and the way his moderators moderate his chat.
-
Comment on The Stallman report in ~tech
Lexinonymous (edited )Link ParentI have a few counter concerns. First, even if you believe that RMS is the best man for the job, he is not going to be around forever. The long-term survival of the FSF depends on being it being...I have a few counter concerns.
First, even if you believe that RMS is the best man for the job, he is not going to be around forever. The long-term survival of the FSF depends on being it being bus-proof.
Secondly, the use of copyleft licenses has plummeted since the mid-2000's, and the FSF has not risen to the challenge of convincing projects to use GPL licenses. These days, developers either want to give away their source code (MIT, zlib) or want protection above and beyond what even the AGPL promises (SSPL, BSL). Either way, where has RMS been during this decline?
What's more, there doesn't appear to be any guidance on what copyleft licenses can be used in app stores like the Apple App store, and there's quite a bit of FUD that suggests that GPL-flavored copyleft is practically unusable in those environments due to the obligations it places on the distributor. The fact that there is no clear answer - or even better, a purpose-built copyleft license for these environments which places the sole obligation on the developers - also makes me wonder what exactly he's been doing for the past decade and a half.
Finally, I seriously question RMS's judgement in not closing the network hole in the mainline GPLv3 license, instead leaving it for the far less common AGPL. He doesn't seem particularly open to appeasement, but the only other explanation I can think of is myopia - not understanding how digital distribution takes much of the teeth out of the GPL in our modern internet-connected era.
-
Comment on Asmongold's Twitch channel temporarily banned following racist rant about Palestinians in ~games
Lexinonymous Link ParentOut of curiosity, what would be your criteria for labeling someone "alt-right?"Out of curiosity, what would be your criteria for labeling someone "alt-right?"
-
Comment on Why I don't play online anymore in ~games
Lexinonymous (edited )Link ParentI didn't interpret it as a value judgement, more like an inadvertent, yet needless, derail. The original two vents you were replying to were venting not necessarily at the assumption, but at the...turns my words into a value judgment where there was none
I didn't interpret it as a value judgement, more like an inadvertent, yet needless, derail. The original two vents you were replying to were venting not necessarily at the assumption, but at the side-effects of that assumption.
Replying with "Actually, that might be a reasonable assumption to make" is kind of missing the point, in my book.
-
Comment on Why I don't play online anymore in ~games
Lexinonymous Link ParentI think the push-back you might be observing is because the true ratio matters less than the underlying assumption resulting in an online gaming populace that acts in immature and toxic ways.Nevertheless, I can genuinely not see why it's divisive to say that it's understandable people assume you're male when playing WoW.
I think the push-back you might be observing is because the true ratio matters less than the underlying assumption resulting in an online gaming populace that acts in immature and toxic ways.
-
Comment on What we don't talk about in "Spec Ops The Line" in ~games
Lexinonymous Link ParentI watched Grave of the Fireflies as a teenager and it was an absolutely gut-wrenching experience that made me reflect on the morality on the use of the atom bomb to end WW2. I'm still glad I...If I'm just playing Walker's story, don't try to make me feel bad for playing it. Imagine if someone sat behind you while watching Scarface and told you about how drugs hurt communities and that you're bad for watching?
I watched Grave of the Fireflies as a teenager and it was an absolutely gut-wrenching experience that made me reflect on the morality on the use of the atom bomb to end WW2. I'm still glad I watched it.
I could probably make similar analogies for books, TV shows, all sorts of other media, but I hope you get the picture. I think that games should be allowed to make their players feel bad, and even possibly personally attacked for playing the game as intended.
Also for what it's worth I feel like the "don't play it" argument is a cop-out.
You're misusing that fallacy in a way that comes off very crass. Riot is not a government, it does not have a monopoly on violence, and if you don't trust Riot from a privacy perspective, I would find it incoherent to merely stump for removal of their kernel anti-cheat instead of not playing their game.