• 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle




  • Personally I would rather they had to make phones a little thicker again to include a properly sealed battery compartment, the new ones look very nice but it’s too hard to get a decent grip without accidentally bumping the edge of the screen.

    Maybe the whole back side of the phone is the battery, and the two sides are independently watertight? The charger port and usb controller could be on the battery too, that way you can replace it if it breaks or you want to be compatible with a new fast charging specification, and you could charge it independently if you have more than one.










  • Some games use a “trust” system based on human reviews of your gameplay that affects how you are matched with other players, but there isn’t a respectful way to force people to use just one account so that the trust score can follow the person. The best way I can think is to tie the purchase of the game to that account, which many services do, but that breaks the used games market…


  • There’s a concept I call “rule zero of cybersecurity”: “the user can and will exploit trust you place in them or anything they can touch.”

    You can make it more difficult to exploit the trust you put in the user by hiding it behind obfuscation, but ultimately the user can desolder your secure enclave, reverse engineer your anti-tampering measures, and falsify any check your program wants to do, if it happens on their computer.

    Client-side anticheat on Windows doesn’t “work” in the pure sense either, it’s just enough of a pain to bypass that most people don’t because you can’t recompile the kernel to change how it behaves. On Linux, it’s easier to take advantage of the fact that perfect client-side anticheat is fundamentally impossible.

    Same with device attestation, DRM, and other client-side verification measures: they’re doomed to be in an endless back-and-forth because what they’re trying to do is fundamentally incompatible with reality.

    The correct choice for anti-cheat is to detect cheaters like humans do: watch a player’s actions as they are received by the server, and use your knowledge of typical player patterns to detect if the player is cheating. Your server’s knowledge of the network messages coming from the user’s computer is the only thing you can trust (because it exists on hardware you control), so you should make your decision by analyzing that.