..on or around Tue, Dec 25, 2007 at 11:46:03AM +0100, Jan Ciger said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Oliver wrote: > > > > i doubt it is at all possible to entirely defeat cheating, with > > free-software especially. you can however make it harder by ensuring > > that one key cannot be used by multiple clients. > > > > How exactly does this make cheating harder? I close the official client > and start my hacked one. Both are using the same key and you cannot > detect the swap. What exactly did you solve? This wouldn't even slow the > cheater down.
as i say, it doesn't solve the problem of cheating it just makes it harder by ensuring many people can't connect simultaneously with the same cheated client using the same key, as they have with various other games in the past (this was a big problem for Counter Strike). instead, each user would need to be a registered player. of course, the cheated client could still be distributed and local public key automatically re-loaded before authentication. there is probably no way around this problem. > > > yes of course, but just for one connecting client if the server only > > recognises one simultaneous connection from a client with the > > appropriate key. > > Yes, but again - this is not relevant to cheating. You do not need two > clients connected at the same time using the same key to cheat! > yes, this is obvious. > > i don't think it breaks the GPL at all. 'Tivoisation' apples to the > > problem of there being a trigger in hardware that breaks > > hardware/software functionality if the client is modified, regardless > > of the fact that the source itself is open. > > It does - GPL v3 does not make any distinction whether it is hardware or > software implementation (from http://www.gnu.org/licenses/gpl-faq.html): > > > I use public key cryptography to sign my code to assure its > > authenticity. Is it true that GPLv3 forces me to release my private > > signing keys? > > > > No. The only time you would be required to release signing keys is if > > you conveyed GPLed software inside a User Product, and its hardware > > checked the software for a valid cryptographic signature before it > > would function. In that specific case, you would be required to > > provide anyone who owned the device, on demand, with the key to sign > > and install modified software on his device so that it will run. If > > each instance of the device uses a different key, then you need only > > give each purchaser the key for his instance. > > > And: > > > ???Installation Information??? for a User Product means any methods, > > procedures, authorization keys, or other information required to > > install > > and execute modified versions of a covered work in that User Product > > from a modified version of its Corresponding Source. The information > > must suffice to ensure that the continued functioning of the modified > > object code is in no case prevented or interfered with solely because > > modification has been made. > ok. the method of signing clearly does breach the GPLv3, in the sense that client functionality with a specific server is "interfered with". this was not a problem with the GPLv2. i'll need to read more about this to understand the full scope of that change. i wonder how this implicates upon Linus and IBM's favoured TPM module? http://en.wikipedia.org/wiki/Trusted_Platform_Module > There is no mention whatsoever about a specifically hardware trigger > (signature check being done in HW). well, in the quote two-above they do specifically mention a hardware trigger. > Even pure software implementation > where you withhold the relevant keys (and thus prevent the "unofficial" > version to run) would break GPL v3. > it seems so. at the end-of-the-day, the problem of cheating is created by the game-designer, i think, not the players: when game-play is built around surviving in a world where resources are scarce, competition between people increases. factor in subscription costs and an opportunity for people to exert social and/or physical power over others and 'cheating' will seem like an increasingly desireable solution for many. cheers, julian -- http://julianoliver.com http://selectparks.net emails containing HTML will not be read. _______________________________________________ Soya-user mailing list [email protected] https://mail.gna.org/listinfo/soya-user
