Register
Events
Popular
More
Post #1
Way to many Hackers on servers.
-
-
Well.... it's an alpha. What did you expect? A complete, balanced, fair, secure, perfect game? No. That's not what you're going to get. There are vulnerabilities. The only real way to find them is to have people test them. Well, they've been found. Now the developers can fix them.
-
I expect basic FPS functionality to be server side validated. I expect managed .dll files to be obfuscated and I expect Alpha to not be thrown around like an excuse for everything.
This game has huge security flaws that are gonna take a little more then a RELEASE stamp on the cover to clean up.
Yes the game is Alpha.. but the ease with which hacks are happening is a result of design decisions that are at the core of your game engine..
There will always be aimbots and ESP.. its unavoidable.. But Client side collision? Client side environment damage? giving hackers the source code on a silver platter... what?
-
Expectations, meet reality:
-
I'm not sure you really understand how early of an "early release alpha" this actually is. I mean.. incredibly early. Things are being hammered out. These things are being worked on.
-
there are way too many threads bitching
very obvious that everyone knows
-
Also, right now, the devs care about building the game. If current conditions that are not related to game design or technical stability are inconvenient to you, boo fucking hoo. MaxOfS2D, who is one of the artists on the Rust team, stated that it's currently not validated server-side as you'd expect and everything is figured out on the client side for easy development and simplicity. This will change. Adding validation and interference-checking introduces large holes for bugs to shit in. More bugs means garry drinks more.
I remember in Hawken's alpha the entire weapon and mech statistic database was clientside, and if you edited your INI to say that your sniper rifle did 9999999999999 damage, it did that much, and the server probably crashed every time you fired it.
In the transition to Hawken beta, server-side validation was enforced.
Not every dev acts like the The War Z devs.
-
I understand it's alpha.. and as an alpha game it is amazing. My issue is.. as a software developer myself.. there are certain design decisions you make at the beginning and for a online model like this game... You have to decide.
What is my server going to do to maximize efficiency vs security. This is like.. foundational question.. It decides your packet structure.. it decides your game logic.. To save this for last.. I'm not a Game Developer by profession but it seems insane.
I would have expected there to be exploits but the core mechanics such as player location and collision to be server side.. like it is.. for every FPS.. ever..
And again.. I don't care how Alpha a game is.. You have served players your source code.. Even if you obfuscate those unity .dll's later.. hackers have a full code to reference when they reverse engineer it the hard way..
This was a huge blunder. Security had 0 thought when planning your agile stories.
EDIT
I am not "Boo Fucking Hooing".. I want to see this game succeed.
-
Okay, I get it. You've now given a bit of backstory, and I totally see where you're coming from. I'm a computer science student. I understand development process, software engineering, the whole bit. Maybe the way the team is doing things doesn't make a whole lot of sense. There are things that maybe should have been done first, totally.
So the development process at Facepunch isn't exactly what you would want to see, it doesn't really align with your methodologies. I get that. The development of this game seems to be taking on a code-and-fix approach, which is far from ideal (US Health Care, anyone?). But that's also a methodology that is seen very commonly in the software development industry currently.
Facepunch is a young company. They're going to make mistakes. But the bottom line is this: They're doing it.
The reason I hammer so hard at the whole alpha, early release thing is because this is their first large-scale game. They're building it from the ground up, and they've released this alpha to help them to know what people want, and how to develop the game. By doing this, they're undoubtedly learning what to do and what not to do in approaching the development of a video game. And that's great!
I want so much for this game to succeed, because it is an absolutely brilliant concept. And when it does, Facepunch will be a much more mature and wise studio, and their next game will be so much better for it.
-
I will concede to the points you make. Agile does have a very fix the issues as they come methodology. I agree.
However I hope you agree with me that no matter what design or approach you take. Sending C# source code of your video game to your user base is not something that should ever be done.
If you want to use managed .dll's that get run ala JIT you must obfuscate them.. I am seeing Rust Source code posted on websites I don't want to see it posted.
EDIT:
Unless the project was open source of course.. but then people like us would be pushing bug fixes weeks ago.
-
To be completely honest, I didn't even know the source code was out there.
-
I think they're more worried about rapid prototyping; which is why it's a hacker's paradise with increasing chances of VAC.
This will change. Calm your tits.
-
I won't get into it.. because I don't want to enable another user base to go looking for things where they shouldn't.. Suffice to say in about 2 minutes I can Decompile the entire game's source back into C# and change things at will and recompile.
If I can do it.. people much smarter can do it much more effectively.
EDIT:
On the plus side.. a few Checksums and integrity checks can be done to validate these files.. although that can countered with fake checksums.. the circle goes on..
but the more important thing.. is the code is out there to look as a reference. You don't need to be an x86 guru anymore.. I just feel this is damaging and could have been easily avoided..
VAC doesn't catch everything guys.. its not a silver bullet..
My Tits Will not Be Silenced.. (Yes they will)
-
If the game can be decompiled and the code actually makes sense, that's not good at all. I mean, I've decompiled games before. But usually after decompile it's been converted to generic variable/function names, which makes it difficult to make any sense of anything.
-
That would be a Java decompile where you see these weird pseudo goto's everywhere.. its ugly but manageble. (Get it? lol)
Unfortunately (or maybe its good?) C# decompiles much more gracefully. Everything is preserved including Enum names and "Data Structures".. Which means I don't have to jump through the stack to see how memory is being allocated..
Its the same as them providing the source code with the game..
EDIT:
This is now completely derailed.. Iv made my point somewhere in this thread and we can't do anything about it now..
[/rant]
-
Derailed, but educational. My school uses pretty much only Java, and I haven't explored too much outside of that yet. But it's good to talk to someone in the field and learn about other languages.
Anyway, yes. This thread has been derailed. We should probably allow it to get back on topic now...
-
I couldn't get past the first 10 seconds of the video.
Because the real aimbot in rust instakills you.
-
Wow!Ok post this video in hacker report thread,get em all banned yo
-
You know just because someone shoots you in the head does not mean a hacker. Ragers man seriously. In that video I found 1 to be suspicious (oh and that speeder is a ovious hacker).
Getting annoying whenever anyone shoots someone in the head they post a vid saying hacker! Yea great proof mr I got killed I am angry.
-
lol i don't know what video you were watching but all of them were hackers, aimbot doesn't always take one shot to the head when you are wearing full Kevlar, but to get multiple shots to the head in quick succession like that and at some of the distances is retarded. the recoil alone on that does not allow for 2 head shots that fast... the guys walking through doors (no-clip) hacks, and the obvious speed hacks.
-
You can honestly stop yourself right there, you can't really expect anything from a game that's barely been started.
-
It is a bad time to play most games in the Early Access program. Unless you have a high tolerance for bugs.
The good news is that many of the issues that plague Rust today can be solved by throwing money at the problem and hiring people with experience dealing with such; but now is not the time to do so.
Now is the time for rough markups to test gameplay concepts. That's what this stage of development is all about. Testing ideas, not security.
I think the real problem here is the Early Access program itself. Steam needs to do a better job of educating customers that this is the kind of thing they're paying for. The personal benefits of supporting an Early Access title may not be seen for years.
-
Completely agree with this, it's painful to see masses of people skip over the massive "EARLY ACCESS STUFF DOESN'T WORK AND WILL CHANGE" warning.
-
Your video shows some hacks yes, but most of them arent. Is just you complaining about "hacks", sorry
-
Please explain which one because all of them are hackers
-
maybe Garry owns stock in ArtificalAiming.whatever and is raking in money hand over fist.
that would be friggin hilarious if this whole game is just a giant troll to make money from it then from hacks.
-
Ok then explain what happened in the first 10 seconds, His 9 mil was out of range and the aimbot is controlled by your mouse when u click thats why the bullets were shooting slowly. And i got double Headshotted
-
@raif21 sums mine more better up and it is possible to get headshots in the distance moron and some of them there were more then one person shooting at him. Far out people cannot handle games these days which is really sad.
-
And this is why Developers should not release Alpha's to the public.
Majority have no understanding of what they are playing.
So sad....
-
You missed the mark kiddo.. Try again later.
-
Look at it this way. Either A they come up in the alpha and get fixed before gameplay gets serious or B they come up at launch day and the devs release a "shitty incomplete game"
-
I understand what an alpha is and what to expect, I was just showing that its pretty much unplayable with all the noclips and aimbots.
-
Money > Peoples' understanding
-
"I understand what an alpha is and what to expect, I was just showing you what an alpha is and what to expect."
Still depressing though, I'm with you on that.
It'll get better.
-
Exactly! It amazes me how few people actually know what they're getting into by playing a game in its alpha or beta. But then, it really shouldn't.
-
I understand alphas have bugs and hackers.
I don't understand why admins are so quiet, either on the forums or in their blog. They don't even seem to kick/ban people for offensive language in game.
Agree x 4
Optimistic x 1
Dumb x 1
Useful x 1
Informative x 1
Artistic x 1
Winner x 1
Disagree x 2
Funny x 1