This is one of my concerns with HTML 5
-
Everything is always about budget. And you can't do this without taking something out of the budget. Whatever these "almost without number ways" are, none of them can involve storing (obfuscated) data locally because it is impossible (not through lack of imagination, but provably impossible) to make that unhackable.
As I said, it's always impossible until someone does it. I suggest to you that we should simply disagree and let this go. Obviously I have higher standards for what constitutes good game design than you do and there's the end of it.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
David1987 wrote:
So what is "right" in your opinion in this case?
In preliminary design mode: insuring that the game is easier to play through to a win, than to hack. Beyond that., I'd need to spend more time than I have available determine what would be the best way to accomplish the goal. Perhaps, as a learning experience, you might wish to see if you could come up with a way of fulfilling that parameter.
David1987 wrote:
And why does something so trivially unimportant bother you so much?
I made a simple, relatively offhand statement which for some unknown reason you not only took exception to, but have been yammering on and on about. I have no idea why you defend mediocrity so passionately but am will to respond out of politeness as long as you feel the need to bother me about it.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
If your only goal is to make it "harder" to hack.. that's easy. Well the problem is, I am a game developer. So I take issue with such a blanket statement that doesn't appear to be have much following the industry. The toughest obfuscation I've encountered so far was "xor with 0xEF on every byte of the file" - in that case the original file was ASCII text, as "commands", not structured data. In that particular game though, deleting the games files of a level would make the game skip the level and go on with the next, so I'm not sure why anyone bothered to obfuscate anything. Usually it's just a binary dump of (part of) the game state with no trouble being taken to make it harder to edit. The general consensus, as far as I know, is that that is hard enough to meaningfully edit anyway, and besides we don't really care what players do. Of course all of that is only true for offline single player games such as Age of Empires, Minesweeper and, well, Angry Birds.
-
If your only goal is to make it "harder" to hack.. that's easy. Well the problem is, I am a game developer. So I take issue with such a blanket statement that doesn't appear to be have much following the industry. The toughest obfuscation I've encountered so far was "xor with 0xEF on every byte of the file" - in that case the original file was ASCII text, as "commands", not structured data. In that particular game though, deleting the games files of a level would make the game skip the level and go on with the next, so I'm not sure why anyone bothered to obfuscate anything. Usually it's just a binary dump of (part of) the game state with no trouble being taken to make it harder to edit. The general consensus, as far as I know, is that that is hard enough to meaningfully edit anyway, and besides we don't really care what players do. Of course all of that is only true for offline single player games such as Age of Empires, Minesweeper and, well, Angry Birds.
David1987 wrote:
If your only goal is to make it "harder" to hack.. that's easy.
When and why did you assume otherwise?
David1987 wrote:
Well the problem is, I am a game developer.
And I am a GAMA award-winning game designer who ran my own company for ten years. But neither statement makes either of us right, per se. Ultimately there is only one reason for doing the best job you can possibly do - so you can look at yourself when you shave in the morning. One either believes that, or one embraces mediocrity, and will do well as a mid-level manager.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
David1987 wrote:
If your only goal is to make it "harder" to hack.. that's easy.
When and why did you assume otherwise?
David1987 wrote:
Well the problem is, I am a game developer.
And I am a GAMA award-winning game designer who ran my own company for ten years. But neither statement makes either of us right, per se. Ultimately there is only one reason for doing the best job you can possibly do - so you can look at yourself when you shave in the morning. One either believes that, or one embraces mediocrity, and will do well as a mid-level manager.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
Yea well I guess I am of the opinion that mediocre generally means "good enough". We try to make our games fun to play, and that's really all we care about, it doesn't have to be perfect.
David1987 wrote:
it doesn't have to be perfect.
You seem to have a tendency to attribute statements to me I never made and then argue against them. Did I at some point suggest that perfection was the goal? The problem with "good enough" is that lazy people tend to define it as having as low a bar as possible. It's a lot harder to redefine "good" to mean mediocre.
David1987 wrote:
We try to make our games fun
Then why don't you simply allow the players to edit their score so that if they didn't do well enough to get to the "fun" of the next level, they can just type into a text box what they wish their score had been? I once designed a game, back at the dawning of time, that I never ever could beat (though a couple of testers did). Obviously I needed back doors to make sure that the end game worked, but somehow, I never thought of using them as "fun." Maybe I wouldn't do well at your company.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
David1987 wrote:
it doesn't have to be perfect.
You seem to have a tendency to attribute statements to me I never made and then argue against them. Did I at some point suggest that perfection was the goal? The problem with "good enough" is that lazy people tend to define it as having as low a bar as possible. It's a lot harder to redefine "good" to mean mediocre.
David1987 wrote:
We try to make our games fun
Then why don't you simply allow the players to edit their score so that if they didn't do well enough to get to the "fun" of the next level, they can just type into a text box what they wish their score had been? I once designed a game, back at the dawning of time, that I never ever could beat (though a couple of testers did). Obviously I needed back doors to make sure that the end game worked, but somehow, I never thought of using them as "fun." Maybe I wouldn't do well at your company.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
Obviously the player is not Supposed to edit the score, but sure if he wants to take his own fun away, that's not our problem but his. I'm not arguing in favour of making it as easy as possible to edit his score, I'm just saying that typically, here, no one cares enough to make it especially hard to do so. But, back doors are build-in and left in. We don't see it as fun to frustrate players with near-impossible levels that they may not be able to solve at their skill level. Views differ, I guess.
-
Obviously the player is not Supposed to edit the score, but sure if he wants to take his own fun away, that's not our problem but his. I'm not arguing in favour of making it as easy as possible to edit his score, I'm just saying that typically, here, no one cares enough to make it especially hard to do so. But, back doors are build-in and left in. We don't see it as fun to frustrate players with near-impossible levels that they may not be able to solve at their skill level. Views differ, I guess.
David1987 wrote:
We don't see it as fun to frustrate players with near-impossible levels that they may not be able to solve at their skill level
Then you build in skill levels, or you do as we did and use the concepts of the prototype and turn it into a real game that made us a lot of money. You don't use it as an excuse for sloppy work.
David1987 wrote:
I'm just saying that typically, here, no one cares enough
Yeah, I have gotten that. 'Nuff said. I've got to sort socks now.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
David1987 wrote:
We don't see it as fun to frustrate players with near-impossible levels that they may not be able to solve at their skill level
Then you build in skill levels, or you do as we did and use the concepts of the prototype and turn it into a real game that made us a lot of money. You don't use it as an excuse for sloppy work.
David1987 wrote:
I'm just saying that typically, here, no one cares enough
Yeah, I have gotten that. 'Nuff said. I've got to sort socks now.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
It's not "sloppy", it would be an unnecessary complication to "force" a player to "have fun". I'm also quite sure you know that Oblivion actually makes it very easy for people to cheat - you get the entire dev console. Surely they can't be complete idiots like I apparently am.
-
Yes but the way Microsoft is promoting HTML 5 is making clients make a shift from Silverlight to HTML5 even for LOB applications. Its not that Silverlight can't be hacked but its not this easy.
First of all, microsoft has NEVER said any such thing (that HTML5 will replace silverlight- or any other technology for that matter). Second of all, LOB applications have a back end on the server, which is not part of, but called from your HTML5 client. And last but not least, it's just another tool to make programs on top of the hundreds of ways available. What's the big deal? Any serious application is not running in a browser anyway.
-
It is not an issue with HTML5 at all. Any application is hackable if the user figures out the data format for "sensitive data". Had Angry birds saved the data on the server, it would have been more difficult to hack the application. The problem has nothing to do with HTML5.
Rama Krishna Vavilala wrote:
It is not an issue with HTML5 at all. Any application is hackable if the user figures out the data format for "sensitive data".
Exactly. You should never use HTML5 local storage for 'sensitive data'! Then again, it seems they changed it. If you look at the comments for the article, the ones posted 2 months ago say the hack 'worked great!', while the ones from 1 month ago say the hack 'doesn't work!'.
-
If you go full on javascript, local storage, and html5 for a full application then yes, you have failed, should be banned from keyboards and maybe even old yellered. Unless.... you sold 10 million copies of the application before someone caught on and the only downside is people get to unlock all levels. You do bring a valid point though while an average developer knows the dangers, as people look for cheaper, quicker ways to turn a buck HTML5 and javascript will start to replace tried and trued technologies. HTML5 opens a wondeful world of being able to do things in the browser much easier, but it has it's security and privacy issues. Not to mention as you point out steal ability. Had a friend write a wonderful web application, using html5, jquery, and jq-grid. When done I copied it down used find and replace and about 10 minutes later had "my version" up and running no problem. He was a little upset that I could steal his work so quickly. So no silverlight, WPF, and .net aren't going anywhere, they just getting some new tool sets to help them deliver a better final result with less "html hacking required" Not to mention they provide things html5 can't and won't provide for years to come. As far as your concern I worry mostly about bad programmers using a copy and paste method without understanding it and causing their customer's lots of grief doesn't take much to hack into local storage of html5, so it's use should really be eh a better replacement for cookies? To store things like site preferences, etc. It shouldn't be used for much else just too risky.
-
If you ask me, HTML should be used for what it was originally designed to do: format text and images on a web page.
See if you can crack this: b749f6c269a746243debc6488046e33f
So far, no one seems to have cracked this!The unofficial awesome history of Code Project's Bob! "People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
If you ask me, HTML should be used for what it was originally designed to do: format text and images on a web page.
Yep. :thumbsup:
XAlan Burkhart
-
The fact that they manipulated the code in HTML5's localStorage is not the issue at all. In fact, before online games, all software configs were stored on the local drive. That's how people have been hacking into games and unlocking password protection for years. HTML5 didn't make this type of "attack" something new, it's been around since the beginning of computers. HTML5 just gave a new publishing platform for developers to shoot themselves in the foot. It's the developers fault that they made this accessible on the local machine and didn't secure it in any fashion. It would be like as if Microsoft had a config file for Office on the local machine and you only had to change a few lines to unlock it for free. What they should have done is stored the sensitive data on the server or encrypted/protected the sensitive data in the local storage.
-
If I play solitaire with a physical deck of cards, I can easily cheat. I can turn over the stack anytime that I want. If I play solitaire with XP, I can't. Does it matter? If I do some simple bookkeeping with Excel, I can change old numbers with no audit trail. If the audit trail is important, then the requirements might dictate a full enterprise or at least secure accounting package. Do we really care if a game allows cheating? Of course many applications require security, but some applications are just tools and don't have much of a security requirement.
-
Keith Barrow wrote:
Might as well say a door lock is useless because you keep the key under a flowerpot next to your do
I would never do anything like that I put it on top of the door frame where no-one would think to look. Obviously with Angry Birds, someone went stupid and decided everything should happen on the client.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
Isn't this the free version anyway? Why bother paying for services to track scores and levels if it won't generate revenue?
Psychosis at 10 Film at 11
BrainiacV wrote:
Why bother paying for services to track scores and levels if it won't generate revenue?
Services?
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
As I said, it's always impossible until someone does it. I suggest to you that we should simply disagree and let this go. Obviously I have higher standards for what constitutes good game design than you do and there's the end of it.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
Just so you know, at least one more person sides with David in this disagreement. Judging by the votes you got, I'd say more than one. You may be right, someone maybe could obsfucate data locally that can't be hacked. I wouldn't pay anyone to try going down that path on my watch. (You are putting up a bulletin board saying it is impossible to hack "this". Someone is sure to put in the effort to prove you wrong.)
-
Isn't the point of HTML to publish data, not protect it? Is there something in 5 that promises more? Sometimes you get help from unexpected sources. I was charged with designing a secure source of data and looked into separating the sources into separate XML segment files and including only the files the user is authorized to see. I was concerned that the only protection to the sources was obsfucating the member names of the files because my inital view of straight XML parsed into HTML showed the XML needed to do it and I was afraid they could guess the other file names. Imagine my surprise when I ran the cgi that produced the same XML and viewed the source that it was HTML. That obviously didn't come from the secure portal which had no problem displaying XML source lines from the file. The cgi wasn't designed to know what you are doing and parse XML into HTML. I was left to conclude that IE determined the source was a cgi and provided the conversion. The project was dropped because the sources I had available weren't discrete enough to prevent someone authorized to view one thing from viewing everying from that source, my proposed solution wouldn't be used, and no other option was presented.
-
Just so you know, at least one more person sides with David in this disagreement. Judging by the votes you got, I'd say more than one. You may be right, someone maybe could obsfucate data locally that can't be hacked. I wouldn't pay anyone to try going down that path on my watch. (You are putting up a bulletin board saying it is impossible to hack "this". Someone is sure to put in the effort to prove you wrong.)
KP Lee wrote:
Judging by the votes you got, I'd say more than one.
If there's one thing I don't worry about, it's my popularity. If you don't like what I say, argue with me or KMA. If it gives someone a thrill up their leg to vote me a one - why the frack should I change what I have to say?
KP Lee wrote:
You are putting up a bulletin board saying it is impossible to hack "this"
You seem to have trouble reading. Even David finally got the fact that I wanted the game to be easier to win by playing than by hacking. One of the favorite excuses of the incompetent is to use the perfect to avoid trying for the good. Sure there are people who when told they can have it good, they can have it cheap and they can have it fast - as long as they pick two, choose fast and cheap. Me? I don't work with people who embrace mediocrity.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.