Yet another Skulltag source thread

[Quasar]

Skulltag ought to release the non-sensitive portions of the code, at least, if their reason for closing the code really is the illusory sensation of security it provides, anyway. I'm not so keen on looking at their net protocol anyway; it's more the gameplay kinds of things I would be interested in.

But that's off-topic ;)

[Aabra]

Being an administrator of a popular multiplayer game is quite different from that of a single player one. Ask any of the ZDaemon admins and they'll tell you the same thing. You don't have to worry about harassment, impersonations, cheating, hacking, attacks, or drama. These are all new things that come about once a multiplayer game gets popular and it adds a significant amount of stress. Odamex will hopefully have these problems too one day. (RE: I'm hoping it becomes popular in time.) ZD and ST have them already.

I'm a huge proponent of open source software... and so is the rest of the ST team. You have to realize that there isn't a single person on the team who doesn't *want* to release the ST code. That being said there sadly isn't a single person on the team who believes that people wouldn't abuse the code to help hack and/or attack the game.

This belief isn't because of raw negativity or bad blood. Sadly, it's what you truly start to believe after administrating a popular multiplayer game for several years. Every time you give people a little power, there are jerks who are looking to exploit it. It's a fact when it comes to games of this sort. Heck just a few weeks ago Torr was forced to limit all kinds of different things for wads you put in your skins folder because people were abusing it. It's something we didn't want to do... we wanted to give people power and flexibility.... and it got abused.... again.

Things like this happen time and time again so it's pretty hard to have a positive attitude towards it. It's harder for people who deal mostly in single player to understand.... if somebody develops some way to hack or cheat a game in single player... well... good for them.

We don't kid ourselves into thinking that by keeping the source closed we create an impenetrable wall of security. There are always ways... what we do try to do by having it closed source is to just make things harder for the jerks who are out to ruin everybody's good time.... and again my experience after several years of administrating is that this *does* make it significantly harder. Far from impossible mind you, but it is harder. Until you've spent several years administering a popular multiplayer game and dealing with its problems it's a very difficult concept to understand.

What this means at the end of the day is that hacks come out with less frequency when the source is closed and since our playerbase is slightly smaller than say World of Warcraft this means that we can keep up with them and squash each hack or exploit the moment it comes out. Problems start arising of course when your playerbase reaches critical mass and the total time spent by people creating those hacks > amount of time spent by people coding the game.

If we went through a long stretch of time where nobody attempted to exploit or attack the game then a lot of the devs would be seriously pushing to release the source. That being said - I don't see this happening in the near future.

So there you have it folks. If you want the source you have to earn the trust of the admins and devs. It's as simple as that. Stop harassing other players. Stop impersonating others. Stop trying to exploit every new feature. Stop wasting the Devs time by forcing them to constantly block hacks and attacks when they could be developing new features or fixing bugs. When this happens, I'll happily jump on the release the source code band wagon.

P.S. I still don't understand why Skulltag seems to be the poster boy for closed source. Seriously people - why are you always on our case and never on ZDaemon's? (Not that they deserve it either.) I also find it strange that it's always the people who don't even play Skulltag who want us to open the source. :-(

P.P.S. The non-sensitive portions of the code are *already* open source. Just download the latest version of GZDoom. If you want to add a feature to Skulltag simply submit it to GZDoom and odds are it'll filter its way into ST. Just look at Blzut's SBARINFO for a good example. Heck it's also a good way to join the ST team and gain access to the full source - it's not exactly under lock and key... we just limit it to people who we know want to help and not hinder.

[Graf Zahl]

Aabra said:

P.S. I still don't understand why Skulltag seems to be the poster boy for closed source. Seriously people - why are you always on our case and never on ZDaemon's? (Not that they deserve it either.) I also find it strange that it's always the people who don't even play Skulltag who want us to open the source. :-(

The simple reason for this is that ZDaemon is based on a very old ZDoom version (5-6 years if I am not mistaken) so there's very little of interest in there for most of us.

I won't complain about Skulltag too much, considering I negotiated access to its source. ;) But it's still an awkward situation for me. Imagine Randy or I negotiate use of GPL'd code for ZDoom/GZDoom under the condition that full source disclosure is mandatory (like FraggleScript.) If I did that you'd be screwed and some people might accuse us of intentionally blocking Skulltag's development.

That said, I would prefer to make GZDoom fully GPL but due to some of the code in there it's simply not possible.

[Aabra]

Graf Zahl said:

The simple reason for this is that ZDaemon is based on a very old ZDoom version (5-6 years if I am not mistaken) so there's very little of interest in there for most of us.

I'm not entirely convinced by this. I mean Odamex is based off an even earlier version than ZDaemon and there's considerable interest in that. Also it's not like the code hasn't been worked on in 5-6 years... lots of new stuff in there. *shrugs* It's not a big deal though - more curiosity than anything else.

[Graf Zahl]

It's the impression it makes on the public. It is perceived to be based on old code and therefore the interest is low.

Yeah, I'd like to see it - if only to see how it does its networking implementation. I doubt the rest will contain anything useful considering how old the base is.

[myk]

Aabra said:
I still don't understand why Skulltag seems to be the poster boy for closed source.

It isn't. It's just that the ZDaemon developers don't post here at all. Besides, there has been more news about Skull tag here than ZDaemon. Not to mention that in the last ZDaemon related news thread the source code matter was indeed brought up, and it wasn't even news about coding or a release (where talk of the source is more likely).

Graf Zahl said:
It's the impression it makes on the public. It is perceived to be based on old code and therefore the interest is low.

That may be a factor, but mainly affects coders and some mod makers. Lots of people seem to use ZDaemon, and not only people who prefer a closed source.

[LexiMax]

Aabra said:

P.S. I still don't understand why Skulltag seems to be the poster boy for closed source. Seriously people - why are you always on our case and never on ZDaemon's? (Not that they deserve it either.) I also find it strange that it's always the people who don't even play Skulltag who want us to open the source. :-(

With the new Skulltag development team, I assume altruistic, though misguided, reasons for Skulltag's source remaining closed. On the other hand, I'm convinced that ZDaemon's source is closed because Raider and co. have small penises and didn't want their former disenfranchised playerbase to maintain a fork free from their control and is using "hacks" as a convenient excuse.

And by the way: Hi there, I'm a popular open source first person shooter. Somehow, I manage to do okay, even though I have almost no forms of anti-cheat.

[Aabra]

AlexMax said:

And by the way: Hi there, I'm a popular open source first person shooter. Somehow, I manage to do okay, even though I have almost no forms of anti-cheat.

http://www.warsow.net/forum/viewtopic.php?id=9714

Are you sure?

[LexiMax]

Aabra said:

http://www.warsow.net/forum/viewtopic.php?id=9714

Are you sure?

Sure that there is no cheating going on? Absolutely not. Thankfully, that is not what I said. Sure that the community continues to exist, thrive and not dissolve into a cesspit of cheating accusations and idiocy despite the existance of hacks? Absolutely.

And it's worth mentioning that this isn't just a mindless Warsow namedrop. There are countless games open source games out there that have thriving communities and somehow have not succumb to the will of the evil hacker. And if piece of mind is what you are after, games such as ezQuake and R1Q2 have anti-cheat modules that are seperated from the source itself, and I believe there is a second one in the works for even Warsow (work on the first one stopped after the programmer was hired to create anti-cheat for commercial games).

In my opinion, votekick and vote15minban for public games and demo analysis for tournament/serious games is a better way of catching cheaters than any form of anti-cheat.

Keep in mind that I don't particularly have any stake in the source being open or closed. I personally wouldn't know what to do with it even if it was open, Odamex is playable anyway, and I highly doubt that you guys are going to pull a ZDaemon. I simply think your reasoning for keeping it closed (cheating) is totally off base.

[Aabra]

AlexMax said:

In my opinion, votekick and vote15minban for public games and demo analysis for tournament/serious games is a better way of catching cheaters than any form of anti-cheat.

We're going to have to agree to disagree here. The problem is that once there's a known hack.... everybody is a suspect. Everybody starts accusing everybody else and things get out of hand. Imagine if you're *not* cheating yet you keep getting banned from servers just because you're good. That's what happens in a lot of other games. Demos don't work either.... they just don't. If you firmly believe that somebody is just a really good player then you'll just see them playing really well... while if you think they're a cheater - then you'll see things that aren't there. I quit Counterstrike many years ago because after playing with somebody for a full year as a clanmate I discovered that he was a cheater. I had watched countless demos of his and spectated him all the time - I simply thought he was good.

Wouldn't it be better if there simply weren't any hacks so you don't even have to worry about it? This is the type of environment that the Skulltag team strives to create. It's like getting rid of cockroaches in that they always come back but I think it's a fight that's worthwhile.

Anyways, this thread has strayed *way* away from its original topic and it's my fault. I apologize and I won't post in this thread anymore in the hope that it will get back to scripting. If you wish to continue this conversation feel free to pm me.

[fraggle]

Aabra said:

Being an administrator of a popular multiplayer game is quite different from that of a single player one. Ask any of the ZDaemon admins and they'll tell you the same thing. You don't have to worry about harassment, impersonations, cheating, hacking, attacks,...

Thank you very much for taking the time to explain your point of view. Although I still don't agree with the conclusions you reach (that it is necessary to make the source secret in order to prevent abuse), there's a lot of mud slinging and bad blood over this kind of issue (with ZDaemon especially) and it's nice to see a clear and level-headed explanation for why the Skulltag team has taken these measures.

[myk]

Aabra said:
The problem is that once there's a known hack.... everybody is a suspect. Everybody starts accusing everybody else and things get out of hand.

I don't see that happening in the IDL, where they are using the demo method AlexMax mentioned. It's not perfect, but neither are doping tests in sports.

Everybody is suspect anyway, since an unknown hack could be used (possibly becoming known in the end). The example given, Counter Strike, is not an open source environment, anyway.

A better explanation of why both ZDaemon and Counter Strike had known cheating controversies is because they both became relatively popular, attracting a good deal attention, competitiveness, and disputes (in ZDaemon's case there were, or still are, to a point, some notorious management and ego conflicts).

[Aabra]

myk said:

I don't see that happening in the IDL, where they are using the demo method AlexMax mentioned. It's not perfect, but neither are doping tests in sports.

While I'm not entirely sure I agree with you regarding the IDL and demo watching. I was actually referring more to public servers in regards to wild accusations. Let's face it, most of our games are on public servers. I'm not even in a Doom clan... and never have been so private games for me are a rarity. Of course I suck so it wouldn't really matter too much to me but say somebody like Thor or whoever decided to change his name and play a port where cheats were rampant. People would scream hacks and ban him from the server.

How many of you have played Counterstrike and been banned simply because you played well? This is what I want to avoid.... especially since we're a small community and it's not like there are an infinite number of servers you can play on. I'd like people to say.... 'That guy must be cheating.... but wait there aren't any cheats for Skulltag.'

Anyways, good idea splitting this thread whoever did it. As is quite evident I'm happy to answer any and all concerns regarding Skulltag and its source. I would much rather talk about it here in a calm and level-headed fashion than have yet another news item torn apart over this issue. In the future I'll most likely just refer any questions regarding the source to this thread.

[Manc]

As a side note Odamex supports whitehat hacking and we encourage people to take the source and make it do stuff.

[LexiMax]

Aabra said:

How many of you have played Counterstrike and been banned simply because you played well? This is what I want to avoid.... especially since we're a small community and it's not like there are an infinite number of servers you can play on.

Which is why I proposed a votable 10-15 ban as a compromise.

Why? A cheater who cheats in a serious match would want to use subtle hacks, because there is pride at stake and they don't want to be detected. However, the mindset of someone who is cheating in a public match has an entirely different goal, and that is to disrupt the normal operation of the server to the point where everyone else leaves. That kind of person is someone who uses VERY obvious but VERY effective hacks to make it completely obvious that he is hacking and to thumb his nose at the other players. So if you give the players on that server the tools to vote him off and KEEP him off, that's a plus!

There is, of course, the possibility that someone might use a subtle cheat in a public game. But what's the point...unless he's doing it for consistency so he hopes not to arouse suspicion when he plays serious games. Fortunately, precisely because he plays those serious games he will eventually be caught. So the problem solves itself.

And so what if he gets caught using subtle hacks? Does that mean that all those times you played with him on the server, you retroactively take back the fun times you had with him, all the while being oblivious to the fact that he was using hacks? No, being ignorant of his hacks and assuming he was simply very good, you already had your fun times with him.

And from then on assuming every 'good' player on a public server uses hacks just because it happened to you makes about as much sense as assuming that every time you step on an airplane it's going to crash into the ocean. So if 99% of the playerbase is honest why be so paranoid about if players on a public server are cheating since nothing is at stake, just assume everyone is playing legit and if someone gets banned for hacking...oh well...keep playing.

This is why I think the 10-15 minute ban is a good solution for public servers. 10 minutes is not a long time to wait to get back into a public game, and it gives the player an opportunity to profess his innocence, but it's long enough to annoy the obvious ADD attention whore hackers who then have to go through the trouble of getting a new IP and going back...only to get banned again in another minute. After two or three times, he's going to get bored and aggravated to the point where he simply stops.

[Alter]

Well, there would be ONLY one way to prevent hacking/cheating on ST servers if it happened years later: Skulltag would need to check whole source code of CURRENT revision before hacker into the server (Best way as far as i know), if the code of current revision is changed EVEN by one byte, so either checking source code or byte size, Hacker must be kicked with Skulltag Authentication error. That's my suggestion

[exp(x)]

alterworldruler said:

Well, there would be ONLY one way to prevent hacking/cheating on ST servers if it happened years later: Skulltag would need to check whole source code of CURRENT revision before hacker into the server (Best way as far as i know), if the code of current revision is changed EVEN by one byte, so either checking source code or byte size, Hacker must be kicked with Skulltag Authentication error. That's my suggestion

For someone who knew what they were doing, it wouldn't be hard to bypass the client checksum and report the correct one.

I fully agree with AlexMax's last post.

[RTC_Marine]

Aabra said:

Odamex will hopefully have these problems too one day. (RE: I'm hoping it becomes popular in time.) ZD and ST have them already.

There is no doubt in my mind that we will not ever have these kind of problems, we encourage the community to join in and submit bug reports and patches to address such issues, people can even jump on the development bandwagon if they want to dedicate themselves. :)

As far as I can see it, you can have the infrastructure to prevent cheating/exploits/attacks and still be open source, OpenBSD does it (and does it very well), Nexuiz does it and alot of other projects do it too.

I still don't completely understand why source code should be closed off for something like this, I doubt there will be little financial gain out of it, I could be wrong though.
If people want to destroy something, they will try every angle approach.
Build a castle of stone and hide inside it, the guy on the otherside of the wall with the spoon will break through eventually. :P

Its good to see the ST devs are a bit more intelligent on this issue compared to the other crowd. :)

[Kira]

Mancubus II said:

As a side note Odamex supports whitehat hacking and we encourage people to take the source and make it do stuff.

Do you mean ppl can make hacks and send them to you that you know how to prevent them ?

[Hekksy]

In the past I strongly supported Skulltag being closed source, but since then I have changed my mind. I would love to see Skulltag open source and have a chance to turn into something amazing.

In fact a large amount of the ST devs want to go open source but just want to take some precautions before it happens if it happens. Of course, some devs are worried about open source and still support closed. Skulltag was recently attacked with UDP packet flooding and some devs think it was a result of releasing the launcher protocol and that worries them.

Sadly the Skulltag community isn't the best one. As soon as the source is released I can see several emo script kiddies (names of people that would do it are popping into my head)taking advantage of it and using it in any way to attack the port, community, and the servers just "so they can get lulz."

[DaniJ]

Vulture said:

Skulltag was recently attacked with UDP packet flooding and some devs think it was a result of releasing the launcher protocol and that worries them.

The other angle to consider is that some noob was writing their own launcher, not realizing that it is not acceptable to constantly query the master (flooding). There is always an innocent explanation for most types of "hack" that should be considered before assuming malicious intent. However, obviously making this protocol public does make it easier for anyone who gets a kick out of bringing down game servers but given that this is a network protocol; it should be pretty damn bulletproof and have been stressed to busting point before it was ever used in a public build, let alone before being documented publicly.

[Creaphis]

As someone who spent about two years actually playing Skulltag, instead of just discussing its development practices, I strongly agree with Aabra's already-listed reasons for keeping the source closed.

Let's see now... what are the benefits of releasing the source?
1) A port that's already very powerful, customizable, stable and fun may get new features developed more quickly, if the programmers in the Doom community actually decide to altruistically aid Skulltag's development with this new code access, instead of commandeering the code for their own use, making incompatible Skulltag-spinoff ports which dilute Skulltag's player-base thus shrinking the number of players you can find in one port and damaging everyone's play experience.

And the disadvantages:
1) Too many to list right now - gotta go mow the lawn.

In short, Skulltag is for players and not for port developers.

[Graf Zahl]

Open source benefits everyone. Just because you don't understand why makes it a bad idea.

[myk]

Creaphis said:
As someone who spent about two years actually playing Skulltag

Wow, two years! I bow to your experience, great master. It's clear you know what you are talking about and can really address those port developer nerds who don't know anything about actually playing Skull tag and the benefits (or lack of) of releasing source code.

[Csonicgo]

Once again we find that Aardappel's method - Separating the client code from the server code and make the client code open - is one of the better methods. However, Due to the way Skulltag is coded, this is damn near impossible.

EDIT: I seem to have forgotten how some members of the skulltag community think their clan/e-girlfriend is SERIOUS FUCKING BUSINESS and would actually take the time to study the doom source and disassembling techniques to hack/crash a server or public competition. If the source is closed, all they can do is exploit known problems and spam the official IRC channel with bullshit before Floodserv kickbans.

It's as bad as soccer fans.

[Creaphis]

I see that my argument has been cleverly defused by ignoring it and insulting me. Well, I could have written it more argumentatively and less confrontationally, but I honestly didn't have the time. I apologize. I'll try again, more moderately.

Just like Skulltag's current dev team, I understand the benefits of open source development, but I've considered the significant problems that approach could have. It seems to me that nobody in the release-the-source faction has adequately considered anything but the better- and best-case scenarios. Perhaps I deserve to be called pessimistic (I prefer realistic) but I believe that there is a certain danger in relying on the benevolence and rationality of others. I'm sure we can agree that there is a unfortunate percentage of every group which does not possess these traits in sufficient quantity. So, taking this attitude, several arguments develop. (Two arguments, to be specific - I thought of a new one since the last post.)

First, one thing assumed by all in favour of releasing the source is that this will aid Skulltag's development. Something that must be realized is that this is not guaranteed. Will third-party-programmers add features and fix bugs? I'm positive that some will. But, anyone with the dedication and desire to be a major contributor to Skulltag should be able to join the dev team without difficulty - because anyone who would really want to help in a major way would likely already be a well-respected member of the Skulltag community, and could earn the dev team's trust. So, no significant increase in development speed can be guaranteed. Also, if the source code is made free to use in other projects, it's possible that some programmers would take the code to create their own spinoff ports instead of helping the Skulltag devs. I realize that this is positive from a port developer's standpoint, but it hurts the players in a way that isn't immediately obvious. If part of Skulltag's community is drawn away by a spinoff port that isn't compatible with Skulltag servers, then this will split the player base. This isn't a massive new FPS where you can be guaranteed any kind of game you want, and splitting the players in this way will make it harder to find the game you want - even if you have both ports installed. Big matches and less typical gamemodes will be less common, because some people will only use one of the ports, so it's likely that there will be more redundant servers between both ports and less variety and smaller server populations overall.

Secondly, cheating! I understand that open-source development will likely patch security holes about as quickly as their found. This sort of development would be very high priority for third-party Skulltag users, and those capable of coding will likely try to do so. But, whether cheating with hacked clients is actually viable or not is not the issue here. The issue is whether or not Skulltag's players think that cheating is possible. AlexMax has argued that, even if cheats are possible, all that is necessary is that players approach each other in games with a trusting attitude. This is true. This is all that is necessary - but this would require the Skulltag community to be universally rational, and unfortunately, it isn't. If players have the impression that cheating is possible, they may be skeptical of the honesty of someone capable of trouncing them. Instead of being impressed by someone's higher skill, players may denounce this person as a cheater - and worse yet, may instigate a 15 minute ban or some other fun-destroying nuisance. Ultimately, so that players could regain some trust for those they play with, many or most would join screened clans and play in private servers which they would then never leave, extenuating whatever divisions already exist, and leaving those not worthy of clan entrance to squabble amongst themselves. This could all occur, even if no cheat is ever made.

Of course, an argument that can be directed back at me is "Creaphis! You seem to be trying to protect Skulltag players from themselves. You worry about a split player base and smaller games when a good game can always be arranged in IRC. You want to prevent irrational players from being paranoid about cheating, while intelligent people playing for casual fun could always have a good time without worrying about it. Why do you care so much about those not blessed with resourcefulness and mental fortitude?"

Honestly, I'm not sure.

[Graf Zahl]

Creaphis said:

Just like Skulltag's current dev team, I understand the benefits of open source development, but I've considered the significant problems that approach could have. It seems to me that nobody in the release-the-source faction has adequately considered anything but the better- and best-case scenarios. Perhaps I deserve to be called pessimistic (I prefer realistic) but I believe that there is a certain danger in relying on the benevolence and rationality of others. I'm sure we can agree that there is a unfortunate percentage of every group which does not possess these traits in sufficient quantity. So, taking this attitude, several arguments develop. (Two arguments, to be specific - I thought of a new one since the last post.)

That reasoning is flawed - unless the netcode is so bad that making it public will expose all the design flaws in it.
Well written code can still be hacked of course but it's much easier to plug the holes once they are known.

Of course only the Skulltag team can tell if this applies in any way. My understanding of the code is too limited to make a judgment.

[Creaphis]

I'm not sure what part of my reasoning you're targeting. Even if the existing netcode is impenetrable, the Skulltag community could still suffer from divisions and paranoia without necessarily enjoying a speeded development. That's what I'm saying.

[fraggle]

Creaphis said:

In short, Skulltag is for players and not for port developers.

It's the players who will suffer when the developer has a hard drive crash and loses the source code, or when the developers choose to discontinue the port and don't want anyone to continue it, or when the developers are unable to fix a complicated bug because it requires technical skills that they don't have, or when the developers do anything that the users don't like and refuse to listen to their complaints.

The entire purpose of Free Software/Open Source is guaranteeing the rights of its users. You say that Skulltag is for the players, but in your next post, you talk about wanting to keep the source secret so that nobody will create a spinoff port. In essence, you want to force everyone to use your port and make sure that someone else doesn't create a better port and take your players away. Clearly, that's in your interests, but it's not in the interests of the players.

[Graf Zahl]

Creaphis said:

I'm not sure what part of my reasoning you're targeting. Even if the existing netcode is impenetrable, the Skulltag community could still suffer from divisions and paranoia without necessarily enjoying a speeded development. That's what I'm saying.

You don't even remotely understand what this is about. Fraggle has some good points. You haven't.