Author Topic: Response to Odinswill suggestion regarding mods notarization/restriction  (Read 341 times)

ai_enabled

  • AtomicTorch Founder
  • Hero Member
  • *****
  • Posts: 1670
    • View Profile
In response to message https://discordapp.com/channels/344332261510086658/344332261510086658/738846466356936754 from @Odinswill. Copy of the message:
Quote
@ai_enabled implement transparency with mods is something hard to implement?

Instead of shooting down completely the idea, why not work with the community and try to understand people enjoy transparency?

Just implement all mods available on public forums to the game, letting us choose to have it on/off, not as mods, but as options, those which are not on public CANNOT be loaded in the pvp part of game on pvp servers.

If people have new mods that could affect pvp server, they simply have to pass through you guys, or/and put it public on forums and next wipe, patch it in

+Done problem solved.
+Gained in transparency
+Gained in dev time as you no longer need to do emergency updates to rectify balance.
+Getting community feedback on forums for all mods
+Getting community evolved
+People assured they playing on equal playing level
+No need to moderate reported suspicious complaints or activity and lose more time for devs

Seem's like a huge win win for everyone involved.

Don't think this will be hard technically to implement surely?

I'm not simply shooting down your idea...there are actual technical obstacles that make the whole approach futile, and many other concerns that we cannot neglect. Alas, you're likely not a modder and likely don't have technical background regarding the game development/programming in general, so it makes things complicated to explain. Anyway!

First, let's name your idea. "Mods notarization" sounds good, I think. The idea as I understood it: any mods should be first checked and approved by the community (through voting), then signed/notarized by developers and included with the game patches/updates or simply whitelisted in some way so the (updated) game client will allow their installation. Any following mod patches/updates by their creators should also go through this process to ensure that nobody abuses the system by smuggling unexpected features through the mod updates.

"Mods notarization" is a general idea, right? Let's try a more specific one to this idea—restrict the usage of mods altogether. Now it sounds much easier! However, everything regarding this topic is already addressed in great detail in our message on the forums https://forums.atomictorch.com/index.php?topic=1147.0 In particular, please re-read sections 1. Approach to modding, 3. Client-side changes, and (especially important) section 6. "But, but... cheats are bad! You should not allow this!". They explain why we believe that putting any client-side restrictions or completely removing modding capabilities from the game will not change anything besides just hurting modding and giving an advantage to those that could afford to hack the game client.

If a more specific version of the idea is not possible, a more general one is also not possible for the very same reasons, as something specific is a subset of something more general. So the mods notarization idea is not possible the same as preventing players from modifying the game is impossible, one requires another.

You may ask "I wish you to elaborate why exactly it's not possible to put such a restriction in the game client".
The problem is that the client can do anything. It's just a binary code that could be reverse-engineered (with tools such as debuggers, disassemblers, and packet sniffers it's just a matter of time and skill). Look for Artmoney and other software that is an easy way to modify memory. Look for billion of cracks, trainers, NoCDs, and other software written to hack software allowing to do anything with programs running on your PC. And not only this. You've probably heard about the console multiplayer game hacks—while the console is usually not hacked, the network protocol is deconstructed and cheats are injected right into the network traffic (if you want a good longread on the topic, I recommend this article https://www.wired.com/story/xbox-underground-videogame-hackers/ ). Not mentioning the simplest hacks like keyboard+mouse macro with Autohotkey. Bottom line, there is a whole black market industry built around writing hacks/cracks/etc. And it's not expensive to hire an experienced hacker that will research a game client and find ways to inject a bootloader to load any kind of modifications.

By understanding that the client protection is not possible and the network protocol is likely to get deconstructed, we've made sure the server has an authoritative model to prevent all kinds of cheats and hacks as explained in the section `1. Approach to modding` in the topic that I've linked above.

(1/2)
« Last Edit: July 31, 2020, 07:32:17 pm by ai_enabled »

ai_enabled

  • AtomicTorch Founder
  • Hero Member
  • *****
  • Posts: 1670
    • View Profile
You've listed a lot of pros for implementing your idea:
Quote
+Done problem solved.
-Problem swiped under the carpet and still present...

Quote
+Gained in transparency
-Gained a false sense of transparency and security.

Quote
+Gained in dev time as you no longer need to do emergency updates to rectify balance.
-No improvements in this regard.
-Lost time by introducing the overhead to deal with every mod personally, notarizing the mods, making new builds of the game just to allow new/updated mods, etc.

Quote
+Getting community feedback on forums for all mods
+Getting community evolved
-Or likely, getting PvP part of the community to block most of the mods just because they don't wish anyone to have any theoretical advantage.

Quote
+People assured they playing on equal playing level
-A false sense of security...nobody will get assured in anything except the most naive people. It's not our way to deal with this problem, we never swipe things under the carpet.

Quote
+No need to moderate reported suspicious complaints or activity and lose more time for devs
-People still reporting that they smell somebody is cheating as this protection cannot be perfect...


Now, there are following cons: (the idea is definitely impossible but this list will provide another perspective as there are some aspects that you just cannot be aware of but we cannot neglect them)
  • It's doesn't solve anything as I've explained above and in our topic on the forums. I see this just as a facade to make a house look like a stronghold, but any decent hacker would be able to pick the lock as they have full freedom to the client.
  • It will make modding impossible. Modding assumes the freedom to modify and enjoy the fruit of your effort. Now, you have created a mod and need it to test on the actual server. How would you do this? "Hey devs and community, here is my mod, I have no idea whether it works but please bless it and integrate it into the game mods whitelist with the next patch"? It doesn't work this way...You may suggest "provide modders a different version of the game client and server that allows booting mods for development"—but it's the best way to destroy all security efforts as hackers are looking exactly for such opportunity—to have two very similar programs and compare their differences, and figure out what they need to adjust in one program to make it work like the second program. A lot of cracks made this way easily—like when by a mistake the game developer providing both protected and unprotected executables, and quickly all other games using the same protection method are getting cracked too.
  • The whole idea of notarizing the mods by developers and community is extra overhead for us and the community as well. I can imagine that the community is not interested to spend their time verifying every mod. A majority of our PvP players will probably just always vote "keep this mod away, we want to play the vanilla game anyway". And the majority of PvE players will be frustrated due to this (the possible suggestion "make any mods available only for PvE but require notarization for PvP" will not work for the very same reason I've listed in the previous list item—easy to spot the difference). Furthermore, there should be a process to also verify every mod update as no unexpected changes (that might be known only to modder and his friends) should be smuggled...
  • Plus, the notarization approach doesn't scale. If we get many more players and so many more mods being made, nobody would be able to handle this as overhead effort is raising linearly.
  • When releasing a game patch or update we cannot guarantee all the whitelisted mods compatibility with it. It's up to the mods creator to ensure compatibility. But we also don't intend to include anything that is straightaway broken. The game is separate, the mods are separate—the same principle is applied to all modded games.
  • The game is advertised as moddable everywhere including Steam. There are over 100k owners of CryoFall in Steam right now (many came from two Humble bundles), would be they happy if the developers changed the product specification by removing/restricting a major feature of the game? Especially as there is not even a single moddable game that has mods notarization or something similar, while there are plenty of moddable games including multiplayer once. If we add notarization it will pretty much kill the modding scene due to 2). If we keep calling it moddable after such change, I can imagine a lot of rightful hate from the modding community e.g. "How is the game considered moddable if you cannot join your own server to play alone or with friends with your own client or client+server mod because the community declined to approve its inclusion or because I cannot even simply properly write and test it?" A suggestion "let them play in that case but only on their own server" has the same issue as the list entry 1) — it makes it super easy for hackers to find the checks and hack them.
  • We're planning to add Steam Workshop support so mods will be easy to share and install. It will be definitely another bonus to the game as we see it, and it will help gain the game a much larger modding community with people creating truly great projects including total conversions (as the game has a unique engine and allows client+server mods of unprecedented scale—when you install a single mod file and play a totally different game, without actually executing any installers, etc—the whole game code is made as a mod to the engine). And the feature is basically 90% ready...Steam Workshop is definitely not compatible with the mods by their EULA as every Steam user should be able to submit user-generated content. Players expect this too.
    And, for further perspective: the Steam Workshop will allow players to effortlessly connect to the modded servers (the missing mods or mod updates will be automatically pulled from Steam Workshop), finally allowing them to thrive. Currently, it's one of the reasons that there are not many public modded servers and only a few players trying them.
  • Lastly, considering everything above, we will just waste time that we could spend implementing more useful features the community has requested and that we have planned in the roadmap. A lot of features are considered and we have to choose priorities carefully to provide the community the best value from our time...You may blame us for not implementing your wishes but as we know it's a futile idea that only creates a false sense of security, it will not actually provide any benefit to the game and community and eventually will result in only more time lost (as your idea creates an overhead by introducing mods notarization). Other features will definitely provide benefits.

On a separate note, I and Lurler would always defend modding (in its most unrestricted form) as it's modding that gives players maximum value in the long run from the game they purchased. It's modding that gives the games eternal life after their eventual death. It's modding that gives young people a way to peek into the game logic and learn stuff, become modders, become creators, and follow over our steps to become game developers and make completely their own games. There are many, many game developers that started as modders driven by curiosity and creativity—now they are people that are working in studios like Valve or Epic Games, often creating new genres (e.g. Dota was just a map (a scenario) for Warcraft 3, Counter-Strike was a mod to Half-Life, Team Fortress was a mod to Quake, DayZ was a mod to Arma 2, PlayerUnknown's Battle Royale was a mod to Arma 2 DayZ, etc). Not mentioning thousands of mods for games like Minecraft that inspired many new games.

And as an example, I'm a modder too. I was very young but I've spent way more time hacking Doom and creating maps with Warcraft editor than playing these games! Same goes for StarCraft (who else did a map staging a Starship Troopers (the movie) scenario when "zergs" assaulting a base from every side and the brave soldiers shooting the wave after wave and it looked epic? I believe there will be few among the readers! It was simple and fun), Age of Empires, Operation Flashpoint (that one used HTML for its map format and it was tough for me back then, still causing me nightmares), programming AI bot waypoints for Counter-Strike (PKBot anyone?), and dozens of others that I've dissected and researched, and learned something that eventually made me choose the career of a programmer and then working as an indie game developer.

Regards!

(2/2)
« Last Edit: July 31, 2020, 07:29:26 pm by ai_enabled »