On the photo you see a violation of rules listed as one of the reasons this commit is made. Because it’s at the top the meme creator is presuming that’s their main priority.
And they disagree with that, so they’re calling them a “park ranger”. I’m guessing they’re alluding to an old but common media presentation of park rangers being childish about rules.
I get the joke with that it looks a bit odd to put that reason at the top of the list, but their response I find more unkind than funny
It’s a scene from The Big Lebowski, right after The Dude got tortured with a marmot by German nihilists. Walter focuses on the legality of keeping a marmot as a pet, which is obviously not the main issue.
As the image transcript in the post body explains, the image at the bottom is a scene from a well-known 1998 film (which, according to Wikipedia, was in 2014 selected for preservation in the United States National Film Registry by the Library of Congress as being “culturally, historically, or aesthetically significant”).
This meme will not make as much sense to people who have not seen the film. You can watch the referenced scene here. The context is that the main character, The Dude (played by Jeff Bridges) has recently had his private residence invaded by a group of nihilists with a pet marmot (actually portrayed by a ferret) and they have threatened to “cut off his Johnson”. In an attempt to express sympathy, The Dude’s friend Walter (played by John Goodman) points out that, in addition to the home invasion and threats, the nihilists’ exotic pet is also illegal. The Dude’s retort “what, are you a fucking park ranger now” is expressing irritation with that observation, because it is insignificant compared with the threat of the removal of his penis.
This meme attempts to draw a parallel between this humorous scene and XZ developer Lasse Collin’s observation that the XZ backdoor was also a violation of Debian’s software licensing policies.
I can excuse attempting to compromise millions of computer systems worldwide for nefarious purposes but I draw the line at violating the contributor guidelines of an opensource project.
And Vanguard is already being bypassed by using external tools. IIRC I saw a video about it where the cheater had the hack running on a completely separate computer.
The number would be higher too, I doubt I was the only one who stopped playing months ago when Vanguard was supposedly going to be implemented imminently.
Fun fact: you could get an account locked in under an hour if you used a command line to close the league client. Not powershell - just good ol cmd. No reports needed. Reproduced it 4 times in 2 days… Lots of fun emails with initially the support teams and then the devs. Apparently “taskkill” is the most nefarious cheat known to the gaming industry.
A grade schooler with a “learn programming in 24 hours” book could probably produce better cheat detection.
What makes you think they are referring to Wine in that particular case, and not the emulation of the kernel level anticheat on userland? It’s also arguably not an entirely correct use of the word there either, but it’s fine.
What makes you think they are referring to Wine in that particular case.
Them talking about Lutris and Wine in that same paragraph and using the phrasing “even allowing” implying it’s what they’re currently doing. But looking again, you’re right. They were referring to VMs.
their "hello fellow kids" energy works better for their goofy insignificant patch notes than it does for combating bad PR.
i was very on the fence about keeping it installed on a potato windows laptop i don't use for much else. this article absolutely convinced me fully not to. they could not have written a worse case for themselves if they had tried.
they have stated they even intend to try getting anticheat on macs as soon as possible. even if it is not possible, (which seems likely to me, considering the ecosystem?) their argument for axing linux could easily be used to just ditch macs. "we don't know how to secure it, and there were only 800 players [on a random, cherry picked day.]"
having a section in which they claim there are zero false positives is delusional. that's not how technology works. there will literally always be bugs, glitches, edge cases.
they claim they can currently read stuff in user mode, so it'll be essentially analogous in invasiveness, and it's straight bullshit.
this is several degrees of trust beyond "can read stuff in user mode when running"
this is "can read anything in user mode, in admin mode, on all other users on your computer, can restrict your bios and hardware, and has full potential to have permanent root access to any user or system you install in the future"
either they do not understand what they are implementing, which is a really bad sign for trusting them with it,
or they know exactly what they are doing and lying about it, which is another really bad sign for trusting them with it.
i'm gonna be honest, if they had taken the hardline "we know it's more invasive, but we need this" and kept it straight, i might have kept playing. it's the only multiplayer competitive game i have anymore.
but the ad hominem attacks in here, the calls to the "angry twitter mobs," the disingenuous and extremely loose way they play with the truth, (it's not running all the time! well, it is, but we don't really think it should count)that in just a few paragraphs has burned any goodwill i had towards them. they are weaponizing their own playerbase to cannibalize themselves and attack their friends for having legitimate concerns about degrees of personal invasion and that's unconscionable. that disgusts me more than the crappy implementation and the cavalier attitude ever could.
props to them, i guess, for making the only choice to be to quit a game i played happily for about a decade.
I’ve never actually noticed cheaters during the time I played the game. If they cheat and matchmaking puts me against them, it just means that me without cheats and them with cheats are equivalent in skill level, so it’s a fair and fun game. So I don’t see the point in preventing cheats in the first place unless you’re at the very top of the ladder, and there’s so few people up there that it should be easy to just manually ban the cheaters.
I think a part of it is the difference to losing to something “reasonable” vs “unreasonable.”
If you’re clearly really bad at the game when we are in a fight with line of sight but somehow you keep picking off my teammates through walls… That’s the kind of thing where cheating really starts to get annoying.
You may still be on the same skill level overall, but for specific parts of the game they have super powers, and it just feels ridiculous.
Smurfing is also a real issue because cheaters seem to overlap with trolls that just want everyone else to have a bad time, so they’ll spend a bunch of time down ranking, so they can spend a little time giving a lot of players a bad day.
I think a part of it is the difference to losing to something “reasonable” vs “unreasonable.”
Yeah, that’s understandable. I just don’t think there’s an equivalent in LoL that would feel particularly unfair. At worst, someone just knows where you are at all times. What do you do with that information? That requires good game knowledge. You can only influence a small portion of the map yourself and teammates tend to like acting independently even if you provide them with extra info.
Smurfing is a bigger problem, but I’ve found that Riot tends to be very good at gauging your skill level even if you intentionally sandbag. LoL is just one of those game where it’s really hard to convincingly pretend to be bad at it.
Or gets promoted, and keeps moving on to new and bigger projects, leaving a trail of destruction, because all management sees is they close tickets faster than the people who are busy picking up the pieces behind them.
In addition, the company doesn’t invest in growing and retaining the rest of the development team for 20 years until said developer is near retirement, then finds that they need to hire 10 developers because 2 need to replace said person and 8 need to redo everything they did.
How far is the company willing to go to prevent cheating? Cameras in people’s homes to make sure they’re not using another computer that your anti-cheat has no access to?
If players tolerate that then competitive gaming is going in a deeper dark pit of proprietary spyware in the name of fighting cheating, an arms race with no end.
I’m guessing you’re not a programmer yourself? Because it’s really really not that east to /just/ detect in the server side, hacks can be super sofisticsted these days and there are often many client side exploits that you simply cannot detect serverside.
Using rootkit anti-cheat is a shortcut that reduces cost for both dev time and hosting time at the expense of your customers' security and CPU. You also have to lay your cards on the table for those who are attacking you. It is not the right solution for this problem.
Authoritative servers.
Never trust the client, especially with information the player shouldn't have right now.
Look at behaviors and group players based on if you think they cheat or not - let the cheaters play together, no need to spoil their fun and let them realize you know they cheat.
People do some or all of this on the server now, but root kitting all machines to try to solve this problem to play video games is one of the dumbest approaches ever and we will realize it one day when a state level actor pops their zero day against a big install base.
This. Having worked on some in-house anti-cheat solutions myself, it absolutely is just offsetting the processing and security cost to the players. The attack vector of having such a rootkit running on so many devices is just not even close to be worth the trade off of catching marginally (if really measurably at all?) more cheaters.
Never trust the client, especially with information the player shouldn’t have right now.
This is a big part of the problem, but it’s not the only problem. If you do all of that stuff right, you can’t build a responsive first person shooter. There’s some level of trust you need to put in the client.
Disclaimer: This is based on my experience playing shooters and as a programmer. I have not worked on anticheat systems hands on.
We see less and less of the “god mode” hacks where players can send the packet for a carpet bomb and the server just blindly trusts it. Or the ludicrous spinbots that spin at an extreme speed and headshot anyone that comes into line of sight.
What we’re seeing is increasingly sophisticated cheats that provide “buffs” to a player’s ability. An AI enhanced aimbot that when you click gently nudges your hand to “auto correct” the shot and then clicks is borderline impossible to detect server side. It looks just like a player moved the mouse and fired.
The “best” method to prevent these folks from cheating seems to be to detect the system or the game has been tampered with.
Maybe the way to deal with that is to just let it happen and deal with smurfs down ranking… So these “soft” cheaters just exist in the “pro tier” where the pros can possibly stand a chance.
One strategy I have seen that I wish more developers would do is sending “honeypot” information to the game client (like a player on the other side of the wall that isn’t really there but an aimbot or a wall hack might incorrectly expose).
Maybe the increasing presence of hardware cheats will result in new strategies that make these things unnecessary. I keep wondering if a TPM could be used to solve this problem someday… But I’m not sure exactly how/we may need faster TPMs.
You don't necessarily need to detect the cheat itself, you can look at things like players having suddenly higher kill rates and put them into a queue for observation by either more advanced (more expensive) automation to look for cheating or eventually involve a human in the loop.
Even on consoles after a while it becomes obvious that you cannot control the hardware, let alone the software on the client side. Those are the very best argument for this kind of approach and they get cracked eventually.
You don’t necessarily need to detect the cheat itself, you can look at things like players having suddenly higher kill rates and put them into a queue for observation by either more advanced (more expensive) automation to look for cheating or eventually involve a human in the loop.
That’s true, if the player suddenly has higher kill rates. However, that doesn’t work if they’ve been using the cheat from the start on that account. A sufficiently advanced AI powered aim bot would also be nearly indistinguishable from a professional player. Kind of similar to how Google created the CAPTCHA that uses mouse movement … but had to go back to (at least in some cases) the additional old school captcha.
I think by the end of your message you were starting to arc around a little bit to the right way you need to think about clients: as outside your security envelope. (TPM is a joke in my mind, just like client side anti-cheat.)
There are many ways to try to identify and stop cheating on the server side that have not been explored because executives have directed use of off-the-shelf anti-cheat because they do not understand why it is snake oil.
I thought this at first as well, but they have an interesting property.
They have a manufacturer signed private key. If you get the public key from the manufacturer of the TPM, you can actually verify that the TPM as it was designed by the manufacturer performed the work.
That’s a really interesting property because for the first time there’s a way to verify what hardware is doing over the network via cryptography.
Hmmm… I was going to say no because it’s asymmetric crypto, but you’re right if you are somehow able to extract the signed private key, you can still lie… Good point
But… have you considered having control of 0-ring software that runs on hundreds of millions of computers, that can perform targetted updates to change behaviour on just a select few computers, even interact with the network adapters unbeknownst to the OS.
I’m not talking about zero days popping up for this. But rather, this being part of the design?
A less nefarious application: The root kit anti cheats already continuously monitor processes. Say it finds a crypto mining one. It can request the instructions needed to search for a wallet and snatch that off.
A more nefarious one: RK is known to be in the device owned by the kid of a military contractor. Etc.
Trusting the client is a fools errand. So we are in complete agreement. I never understood why the effort isn’t placed on server side. People are very good at knowing when others have cheated. They know this from information that exists on the server side, so with the correct classifier, the server should also be able to know this.
It’s not easy, but it’s really not worth the massive gaping security vulnerability you are giving your users. One disgruntled employee giving out the keys to the castle or one programmer plugging in an infected USB, and every user now has a persistent malicious rootkit. The only way to fix an issue that deep after it gets exploited is to literally throw away your hard drive.
The only way to fix an issue that deep after it gets exploited is to literally throw away your hard drive.
This can’t be right.
Don’t throw your hard drive in the trash. Quarantine the infected computer, and then wipe that hoe and slap your choice of OS back on it and scan/monitor to see if any issues arise.
Edit: since folks may or may not read though the rest of the conversation: I am wrong, throw that SSD/HDD in the garbage like barbarian said.
I’m sorry to disappoint, but with rootkits, that is very real. With that level of permissions, it can rewrite HDD/SSD drivers to install malware on boot.
There’s even malware that can rewrite BIOS/UEFI, in which case the whole motherboard has to go in the bin. That’s much less likely due to the complexity though, but it does exist.
Outside of monitoring individual packets outside of your computer (as in, man in the middle yourself with a spare computer and hoping the malware phones home right when you’re looking) there’s no way of knowing.
Once ring 0 is compromised, nothing your computer says can be trusted. A compromised OS can lie to anti-malware scanners, hide things from the installed software list and process manager, and just generally not show you what it doesnt want to show you. “Just remediate” does not work with rootkits.
Dude… That’s fucked. They should really go a little more in depth on rootkits in the CompTIA A+ study material. I mean, I get that it’s supposed to be a foundational over view of most IT concepts, but it would have helped me not look dumb.
Please don’t walk away from this feeling dumb. Most IT professionals aren’t aware of the scale of the issue outside of sysadmin and cybersecurity. I’ve met programmers who shrug at the most egregious vulnerabilities, and vendors who want us to put dangerous stuff on our servers. Security just isn’t taken as seriously as it should be.
Unrelated, but I wish you the best of luck with your studies!
Good morning! If anything this was a great example of not being able to know everything when it comes to IT and especially cybersecurity. Thank you for your well wishes! I earned my A+ last month and I’m currently working on a Google cybersec certificate, since it’ll give me 30% off on the sec+ exam price. I really appreciate your insight on rootkits and it’s definitely going in my notes!
Just as another thing to add to your notes, in ordinary circumstances, it’s practically impossible for non-government actors to get rootkits on modern machines with the latest security patches (EDIT: I’m talking remotely. Physical access is a whole other thing). To work your way up from ring 3 (untrusted programs) all the way to ring 0 (kernel), you’d need to chain together multiple zero day vulnerabilities which take incredibly talented cybersec researchers years to discover, keep hidden and then exploit. And all that is basically one-use, because those vulnerabilities will be patched afterwards.
This is why anti-cheat rootkits are so dangerous. If you can exploit the anti-cheat software, you can skip all that incredibly difficult work and go straight to ring 0.
EDIT: Oh, and as an added note, generally speaking if you have physical access to the machine, you own the machine. There is no defence possible against somebody physically being able to plug a USB stick in and boot from whatever OS they want and bypass any defences they want.
Cheers to the note as to why the anti-cheat is basically satan in software form. This is the real reason that riot isn’t open to community discussion on this topic. It’s indefensible… and if the userbase understood more they wouldn’t have any users left.
It’s the same reason stuff like antivirus is a huge vector for attack. It runs at elevated permissions generally and scans untrusted inputs by default. So it makes for a great target to pivot into a system. These anti cheat kernel modules are no different in their attack profile. And if anything them being there is a good reason to target them you have a user that has a higher end gpu so the hardware is a known quantity to be targeted.
I’m a programmer, yes it is. It’s not easy in the sense of easy to implement, it’s easy in the sense that everything else is impossible. Client-side anti-cheat is impossible, and by that I don’t mean hard, I mean perpetual-motion level of impossibility. If someone tells you they implemented a foolproof client-side anti-cheat you should be just as skeptical as if someone tells you they created a perpetual motion. It’s impossible, never going to happen, want an example? Robot using a camera to watch the screen and directly moving the mouse and keyboard, completely undetectable from the client side.
From the server perspective the person is cheating or is behaving like a human. If they’re behaving like a human their behavior is completely indistinguishable from a human, so who cares if they’re cheating?, whatever they’re doing has them still at human level so if the game has skill based matchmaking (which most of these games do) he’ll rise up until his cheating puts him in the same level of more skilled humans and everyone has fun. If he keeps rising forever he’s not on a human level, therefore a cheater. More importantly this also penalizes people who buy bot leveled accounts, because their matches will be all against people they can’t hope to win and the game will not be fun.
Server side can also trick clients into giving up that they’re cheating, e.g. sending ghosts behind walls to check for wall hacks or other similar things to gauge player responses.
But what do I know? I’m just a senior programmer who’s been working on servers for some years. l never worked on the client side anti-cheat though, also never tried to build a perpetual motion machine.
Could they harden their clients somehow or maybe randomize memory locations for things? Seems like their should be a better solution than installing malware to prevent cheating.
You’re asking good questions but factor this in: a development team at a game company will only want to spend as little time as possible on this process: it doesn’t make them more money - it costs it. Conversely a hacker / cheater is being paid (or gaining) directly from breaking this code. Which is more motivated? Now remember that the protection has to be in place first. Who has the advantage? Client side code will always be breakable. A rootkit doesn’t change the game - it just adds a new vector to attack for other hackers to exploit.
It’s not easy. And league is free. So banning people won’t work well either. They can’t ban ip addresses either without banning college campuses, some apartment buildings, and Internet cafes.
There are solutions to this problem but they don’t want to permanently ban them. A ban = a new registration… maybe even two. Bonus! You get to pad your ban numbers and user registration numbers at the same time!
But that wastes their clockcycles to make sure you’re not cheating. So much easier to make everyone’s experience worse so they don’t have to upgrade and build out more servers.
I’ve long believed that the main point of client-side anti-cheat is to serve as security theater.
If the player sees “PROTECTED BY ACME ANTI-CHEAT” on the boot screen of a game, they’re less likely to cry wolf when they get their ass kicked. At least, until they see a blatant example of hacking and lose all faith in the ability of the platform to protect them from it; from that point on, everyone better than them must be cheating from their perspective (speaking from firsthand experience here).
Given how infamously toxic and high-strung the LoL community is, I can only imagine that Riot’s basically at the end of their rope here. If you read the original forum post, they sure make this sound like a Hail Mary. “Sorry, it’s just what we have to do to make sure the game is fair.”
Hilariously, they even undercut their own points in the FAQ:
Q: If Vanguard is so good, why do I still see cheats on VALORANT?
For starters, we do not action every cheat or account instantly. Every ban is like broadcasting a signal to the developer that their cheat has been detected and that they need to “update” it. In order to slow the progression of our “cheat arms race,” we delay bans based on the sophistication and visibility of the cheat and cheater, respectively.
But also, cheaters gonna cheat. [Emphasis mine.] We’ve really driven our preventative layer as far as we can feasibly go without colliding with existing setups and hurting legitimate players. [Linux players aren’t legitimate I guess?]
Also, they’re apparently not bothering enabling Vanguard on OS X because apparently few people have actually developed cheats on it yet. Really tells you what’s the more developer friendly platform, Linux or OS X, doesn’t it? Or maybe the OS X market share is too small to care.
They do also mention using machine learning to detect cheating server-side but lament that it’s not always enough information, and that cheat developers have added “humanization” elements that play more like humans.
My thought is… if a cheat doesn’t make someone obviously better than a human player of a certain skill level, then what does it really matter? Congratulations, you made a bot that’s indistinguishable from a human, thanks for padding our player numbers.
The real problem is that botters don’t pay for microtransactions. And players who buy bot-leveled accounts probably don’t spend a ton either. Why would they? They got everything unlocked for them, they didn’t have to grind for it. That’s all Riot really gives a shit about.
In practice, client side anti cheat is essentially DOA because hardware cheats that analyse the player’s screen on a 2nd computer and proxy inputs to your mouse USB have made it so cheat clients are never actually executing code on the host machine.
At that point, even players cant tell someone is cheating because the cheats aren’t modifying the game state in a noticeable way- they’re still weak to effects that obscure your vision and have inputs that are difficult to differentiate from a “real” player.
IMO cheating is a social problem and one that is totally impossible to beat with rootkits by design.
I sorta did this at my old factory job by setting up all the machines to run damn near perfectly then I peaced out before showing anyone how to actually run the set-ups.
I managed to do this on my very first job. I worked at a company where they needed to integrate data from multiple vendors into a unified schema. So, ended up building a library that could take xpath and a value and would navigate down the the path, creating missing entries along the way, then insert the value at the given location. It worked really nicely cause it let our business people just fill out a spreadsheet, and provide a csv that would get ingested. The internals of it were absolutely nightmarish though, cause I just kept kludging stuff in to accommodate for new use cases, and of course all of it was completely undocumented. After I left, I heard that at least three separate attempts were made at rewriting that nightmare, and everyone just gave up eventually. For all I know, it’s still in production to this day because it became a foundational piece that nobody has any hope of understanding. 😂
lemmy.ml
Newest