T=Machine

Or so this blog on security says.

“Some experts claim that two-factor authentication won’t work. They are wrong, of course.”

The expert linked to is Bruce Schneier, and the main attack he points out that isn’t affected by TFS is … fake website asking for your credentials.

Funny. That was one of the main ways of stealing people’s MMO player accounts when I first got into MMO dev around ten years ago. And it’s still one of the main ways now (although there are plenty of other good ones, as noted in the linked post). It’s just … so easy!

Which would suggest that yes, actually, Bruce is right: TFS is going to do little to combat the *actual problems* being faced here.

Personally, I’ve always been on the side of security is pretty simple really: prevention is impossible, and anything that claims to provide great prevention is snake oil, and the reason security in practice is hard is because you have to find ways to deal with detection and response, and *that’s* where all the interesting stuff is.

On the other hand, I’ve now heard a couple of people suggest that the one-time-passwords thing from Blizzard isn’t about the passwords anyway: it’s about reducing credit-card chargebacks by shipping goods to the actual address first. In a way, it’s a basic form of TFS on the act of issuing a CC charge: you have to know the CC details and be able to intercept snailmail post, and until you succeed at both, the company doesn’t need to issue the CC charge.

Again … prevention? Nah, I can still intercept post, even on a large scale. But … detecting that interception is going to be somewhat easier, and responding to it (getting people fired from FedEx, or whichever company has been infiltrated and/or has a dodgy employee that’s been fired) is probably a lot easier than dealing with an unknown anonymous person from “somewhere” on the planet who bought 10,000 CC’s on the black market.

So, props to Blizzard. But not for making “a better form of password”. And a thumbs-down to Errata Security: sorry, but I’m not convinced by your analysis. I see what you’re saying, but I suspect you’re barking up the wrong tree. And I’m afraid I’m always suspicious of people who defend any preventative measure too closely - security doesn’t seem to work like that, sadly.

Filed under : computer games, games industry, massively multiplayer, networking, security

1 Comment »

Based on my unscientific quick straw poll, the majority of computer-literate people have no idea how WLAN / wifi / wireless LAN security works and - worse - are actively exposing all their data and passwords to all services, having convinced themselves that they are “mostly” safe or secure.

I’m posting this in the (possibly vain) hope that it might persuade some more people to stop being foolish and/or lazy and perpetrating embarassingly poor security with their own and other people’s systems. I’m going to (hopefully) blow apart a popular myth. And hopefully get a decent Google ranking for it, which I’ll explain in a moment.
(more…)

Filed under : conferences, networking, security

3 Comments »

With some Wordpress-Fu, I’ve added a page that’s a category and auto-includes links with custom meta-information.

Or, in other words, there’s now a page where I can effortlessly post all my various bookmarked links to do with MMO development - and add my own commentary to each link - which you can’t ordinarily do. Which is why it’s taken me some time to get around to it (previous efforts to do this without customizing WordPress, or using plugins only, failed).

The (practically empty) page in all it’s (non-)glory can be found here:

http://t-machine.org/index.php/category/mmog-dev/

Over the coming weeks, I’ll be posting much more stuff to it. I hope.

Filed under : computer games, massively multiplayer, mmog links, networking, programming, system architecture

0 Comment »

I’ve made a small simple but complete java NIO server (with full source included) that is free for anyone to use for anything. At the moment, it only deals with sending and receiving strings, and isn’t optimized, but if anyone wants to improve it and send me the changes then I’ll post up an improved version here.

Download, documentation, license details, tutorial etc after the jump…

(more…)

Filed under : NIO Server, java tutorials, networking, programming

26 Comments »

Also known as: Nobody expects the Spanish Inquisition!

(because I’m now deviating from the original schedule I outlined in Part 1; what the heck, it was only a rough agenda anyway…)

Questions, questions…

First of all, there’s a bunch of good questions that have been raised in response to the first two posts:

• what data and methods are stored in the OOP implementation of an entity?
• where does the data “live”?
• how do you do object initialization?
• what does the ES bring that cannot be accomplished with an AOP framework?
• what’s the link between entity systems and SQL/Relational Databases? (OK, so that one’s my own question from last time)
• what, exactly, is an entity?

Let’s start with that last one first.

(more…)

Filed under : games design, massively multiplayer, networking, system architecture

9 Comments »

Years ago, I found the spritesheets + source code from the author of SFE, who was offering them up if anyone wanted to improve it, make it 4 player multiplayer again (like on RISC OS) etc (or something like that).

Last Sunday afternoon I was very bored, and found just the spritesheets lying around on an old disk, so I wrote the gamecode from scratch. Didn’t quite finish it that day, but I think one more boring Sunday and I’ll have over-the-internet multiplayer and highscores server working, which would rock.

Kevglass asked for a screenshot, so…

(more…)

Filed under : computer games, games design, networking

1 Comment »

Networked games use the internet, and the difficulties of making these games evolve on Internet Time, which means that the articles people wrote as recently as a year ago on how to make a networked or multiplayer game are already out of date. Most of the literature is more than 5 years old, and some as much as 10 years old - hopelessly out of date in the modern world of internet and online gaming.

Anyway, to get you thinking (I’m not providing definite answers here, but just some stuff to make you think about more carefully about how you’re doing your networking), here are some common rules that perhaps no longer apply the way they used to:

(more…)

Filed under : computer games, massively multiplayer, networking, programming, system architecture

0 Comment »

A few years ago, I wrote an article for Develop magazine - “10 MMOs you don’t want to do”.

Here’s 8 things you really shouldn’t do but that might seem like a good idea if you’ve never made an MMOG before.

All these are examples of things that have been done on real MMO projects, usually MMORPGs.

1. use off-the-shelf middleware from the enterprise industry. It’s designed for completely different usage-patterns and cannot cope with MMO style usage. Equally, initially distrust anything from traditional Big Iron companies.
2. think that Grid Computing will somehow magically solve the problems. It won’t (c.f. previous point).
3. aim to code the server in a scripting language. You *can* run some scripts embedded in the server, but not the server itself - but even that can screw you when you’re trying to run thousands of scripts at once
4. assume that front-end load-balancing will solve any problems. It won’t, all it does is increase the efficiency of your cluster by a small amount. And it usually won’t provide you with failover, because most game designs will end up kicking you from your server if it dies, so the failover never gets used at that level.
5. ignore performance testing until mid-way through the project. If performance tests at 10% of the way through production say it’s slow, that means you’re in deep trouble - it does NOT mean that “we’ll come back and optimize it later”. Optimizing netcode and server code is NOT like traditional single-threaded local-only optimization: many of the things you’re dealing with (like LANs, and TCP/IP stacks) run orders of magnitude too slowly, so your optimization comes from imaginative system-architecture, not from optimizing small chunks of code at a time.
6. ignore billing concerns in your core game design. Non-free MMOG’s are entirely about billing, which means that you have to design it in, and build it in to the tech design from an early stage. Retrospectively adding billing hooks and billing information to existing server codebases is often about as easy and effective as retrospectively making your code secure. Just don’t go there.
7. hire an academic who specializes in networking, especially a PhD student (this gets done quite often). All this means is that they’ve obsessed with a very narrow slice of the many many problems, and generally they won’t know WTF to do about the rest of the problems. That’s no better than just promoting a general programmer to become “the new Server specialist”
8. innovate on both technology AND game design at the same time. Either do a traditional MMO so you can re-use all the existing common wisdom for design, and get to market (or at least a stable GDD) fast, and use the slack that buys you to focus on better tech, or use the most boring tech you can think of (instance lots; do lowest-hanging-fruit in your tech design) and innovate on the gameplay

I reserve the right to come back and edit this to make it ten once I’ve had more sleep and can remember two more :)…

Filed under : games design, massively multiplayer, networking, programming

8 Comments »

…was my section in the fourth GPG book from Charles River Media. And, sadly, although I tried to put some resources up on the web, a series of unfortunate events led to that all disappearing.

But now … they’re back! (and I’ll be adding more followup stuff in the coming weeks/months)
(more…)

Filed under : computer games, mmog links, networking, system architecture

0 Comment »

UPDATE: short, complete, 42-slide version now available from the CMP website - https://www.cmpevents.com/sessions/GD/S5762i1.ppt

…but if you want the 144-slide version (!), see below. No extra content.

(more…)

Filed under : conferences, games design, networking, system architecture, web 2.0

0 Comment »