[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World

Vadim Tkachenko vt at freehold.crocodile.org
Sat Oct 17 16:26:51 New Zealand Daylight Time 1998

Matthew R. Sheahan wrote:
> Vadim Tkachenko propagated a meme to the effect of:
> > Here's next flamebite:

I'd say, it turned out to be quite a flamebite ;-/ I should've put a
disclaimer down below.

> > okay, they cheat. So what? I remember a statement
> > like "the fun is the paramount", so no matter what they do, they're
> > having fun and as long as you don't lose your profits (presumed it's
> > about a commercial MUD), you're fine.
> cheaters have plenty of fun.  but as soon as there are cheaters, no one
> else has any.  and once everyone else has left, the rush is gone for
> cheaters, since there are no legit players to abuse.  (yes, there are
> enough idiots in the world that battle.net Diablo survived for awhile
> with nothing but twinks in "god-mode" running around trying to PK each
> other.  that's not a viable target market.)

OK, now let's get to basics. There are two definitions of cheats:

1. Backdoor installed by developers to debug the product and for some
reason not removed.
2. Code altered by someone not in the development team to gain unfair
advantage over other players.

I do not consider type 1 here. Do I guess right that this is exactly
what enables the "god-mode" in your quotation?

Type 2 is a different thing. If it works, it's usually a result of a bad
design - remember, "the best security is the one which source is
publicly available, but still unbreakable"? And it should be fixed as
soon as it's realized.

> what happens when you allow cheating

Did I ever say "allow cheating"? No. What I meant is to analyze the
cheating from purely business prospective, not the human perception
prospective (which looks like a PK religious war to me: people cheated,
cheat and will cheat if even the cheating will be punished by death

> (which is what you're doing when you treat the client as anything other
> than a display device)

Questionable, but you have a point here. Again, it's about good design
vs. bad.

> is that you're changing your game from the one you're advertising into a
> game of who can cheat better.

You're not doing it. People who cheat do.

Long ago I've heard a statement about the advertising: "It doesn't
matter whether you love or hate the ads for some product. It's the
strength of your emotions toward the ads which matters".

Just an example: I'm kinda new to US, and may have a different
viewpoint, you may not notice that at all, but - remember the "Clear,
clear eyes - WOW!" ad? I don't have any problems with my eyes, hate the
ads generally, didn't have any idea who the man in the ad was, but
anyway it's there. I remember it. His voice is SO annoying that I
remember it. The same with 1-800 psychics.

Getting back, if your product sucks, noone's gonna waste their valuable
time to cheat it - and you may be proud if you discover type 2 cheat.

> at this point, the consequences of trusting software that's in the hands
> of the enemy are so well-illustrated that any new cases of this should be
> prosecuted as wilful fraud.

Well, I totally agree, keeping in mind the RFC2119 definiton of 'should'
(btw, I guess that RFC was a beautiful, gorgeous idea which helped to
crystallise the definitions quite a lot. I tend to include "terms
SHOULD, MUST, ... are defined as in RFC2119" in my docs and
conversations ;-)).


Back again, which kind of cheat you mean? Type 1: your (developer's)
fault - must've disabled the cheats in the production or at least
networked mode, type 2: your (developer's) fault - mustn't have been so

And, who to sue for fraud - those who produce the faulty software with
"no liability" disclaimer or those who desperately try to use it? And
then, giving up, cheat it? I recall a beautiful quotation from
sys.admin.recovery (did I spell it right?) - "NT was the only software
which made me break and tear the hardware to pieces with my bare

> tacit approval of cheating is at least as disgusting as cheating itself.

Please refrain from the emotions in the technical discussion (well, at
least I intended it to be technical).

> > And, the crackers play a positive role as well - I doubt your losses
> > would be THAT bad if even you charge $20/hour, but they will definitely
> > spot the weak links in your system, and ultimately you will thank them.

Actually, I forgot to add that usually the most expensive part of the
production cycle is testing, and if someone tries to hack your system,
you get it for free.

> the people i'll thank for that are the people hired to do it.

Well, I'd stay neutral, just because (from the RL experience) if you get
hacked, it usually means that someone in your team was sloppy or not
qualified enough.

> little
> scumbags who'd take their opponent's chess pieces off the board while they
> weren't looking and then say "U SUK D00D I R00L!!!1!!11!!1!" can go play
> in traffic.

This is a real life, and you can't expect ALL your players to be honest,
moreover, if you do, that's your fault, not theirs.

"Fool me once, shame on you. Fool me twice, shame on me".

>                                                                 chiaroscuro

Still alive and smile stays on,
Vadim Tkachenko <vt at freehold.crocodile.org>
UNIX _is_ user friendly, he's just very picky about who his friends are

More information about the MUD-Dev mailing list