Valve Confirms Linux Steam Box Will Be Open Platform

[IanS]

Thought I would take a look to see what sort of stuff Valve Corporation hold patents for in hopes of finding out if they have registered a design for their Steam Box yet and came across this patent they hold for a controller design.

http://www.uspto.gov/web/patents/pat...-20120814.html

[GreatEmerald]

Steam being proprietary is actually a good thing. Yes, its coming from me
The reason is online gaming and hence cheating. If you ever played any online game free or not and seen them, you will understand.
Its hard to track and ban them, it costs time and money. If the whole game and communications are protected by warden/VAC, it is a good thing!
Again, because you can redeem the game outside of Steam, you can play offline or host own server with own responsibility in completely open manner.
But online,.. no,.. its much better to have no cheaters and closed game than even one of them and open game.

The single alternative to this is requirement to pay and register yourself with own personal credentials, so.. if one is caught cheating he is also damaged financially.
But spotting them manually is still time consuming. Its a difficult topic,.. similar to bank authorization,... some things are still better to be closed and obfuscated. Good thing is that they are very rare.

No. This is the same boring old "proprietary software is more secure" argument that is completely void. Notice how many proprietary systems get hacked, how many DRM schemes circumvented, how many anti-cheats are walked around. All while having no source released anywhere. At the same time, look at Linux servers - they are vulnerable, too, but due to the open-source nature of them, their security flaws are much more likely to be noticed by people without malicious intent and fixed properly and promptly. And especially this goes for longevity - your proprietary anti-cheat can be difficult to hack, but it will get hacked eventually. Once that happens, it becomes completely pointless, because more often than not the people who have access to the source of the code are not interested in updating it any more. With open-source code, everyone can patch the security holes on their own.

No, I did not. In fact, I didn't call anybody anything nor brand anyone with a term of opprobrium. However I can see where it might look as if I did. Mentioning that some people "sound like dictators without a sufficiently large fan club" is not calling them a dictator. It's saying they are making statements seemingly designed to impose their will on the majority. Nor is saying that such people are "often referred to as 'wackos and nutjobs'" isn't calling them crazy - it's saying that other people might.

Hah This argument between you and Hamish Wilson is quite humorous! I envision the two of you as 19-th century Englishmen wearing monocles and top hats and having canes, while discussing the current philosophical state of the world as well as the current and historical state of politics in the land. I had a really good laugh out of this image

Now let us be done with the "T" word and its derivatives.

Indeed, the discussion might have gone too abstract; going back to the bare-metal of the situation may prove to be a good idea.
Also, Tyrannosaurus Rex.

[crazycheese]

No. This is the same boring old "proprietary software is more secure" argument that is completely void. Notice how many proprietary systems get hacked, how many DRM schemes circumvented, how many anti-cheats are walked around. All while having no source released anywhere. At the same time, look at Linux servers - they are vulnerable, too, but due to the open-source nature of them, their security flaws are much more likely to be noticed by people without malicious intent and fixed properly and promptly. And especially this goes for longevity - your proprietary anti-cheat can be difficult to hack, but it will get hacked eventually. Once that happens, it becomes completely pointless, because more often than not the people who have access to the source of the code are not interested in updating it any more. With open-source code, everyone can patch the security holes on their own.

No, you don't get idea. You need to have actually fought cheaters to understand this.
The idea is not to close the software down. The idea is to have automated sentinel and client application encrypted when it comes to public online gaming.

The other variant is to make everyone give their personal credentials, so if they got caught by demoing and public decision, they get some high damage. Otherwise they change IP/GUID/Whatever and reconnect. The encrypted client+warden can gather enough information to identify them 1:1, detect changes in game variables and deliver auto-ban.

It is like doing bank over HTTPS vs HTTP. It is not about security by obscurity. The payload can be opensource(and anyone can do HTTP if he explicitly wants it by own risk/responsibility), only the protective wrapper is encrypted.

[Hamish Wilson]

Hah This argument between you and Hamish Wilson is quite humorous! I envision the two of you as 19-th century Englishmen wearing monocles and top hats and having canes, while discussing the current philosophical state of the world as well as the current and historical state of politics in the land. I had a really good laugh out of this image

Hey, I can dig it.

Also, Tyrannosaurus Rex.

Also, Typhus.

[GreatEmerald]

No, you don't get idea. You need to have actually fought cheaters to understand this.
The idea is not to close the software down. The idea is to have automated sentinel and client application encrypted when it comes to public online gaming.

The other variant is to make everyone give their personal credentials, so if they got caught by demoing and public decision, they get some high damage. Otherwise they change IP/GUID/Whatever and reconnect. The encrypted client+warden can gather enough information to identify them 1:1, detect changes in game variables and deliver auto-ban.

It is like doing bank over HTTPS vs HTTP. It is not about security by obscurity. The payload can be opensource(and anyone can do HTTP if he explicitly wants it by own risk/responsibility), only the protective wrapper is encrypted.

Yea, I don't get the idea. In the original post you said that it's good that Steam is proprietary. I still don't see how that is any good.

Most games require you to log in using your account credentials/CD key. If you get caught cheating, you get banned. And you can no longer cheat, because you can't play online any more. So your point is what, exactly?

[Calinou]

No, you don't get idea. You need to have actually fought cheaters to understand this.
The idea is not to close the software down. The idea is to have automated sentinel and client application encrypted when it comes to public online gaming.

I play FOSS games, I hardly see any cheaters in them. AssaultCube has a pretty good anticheat, and some Sauerbraten server mods have decent anticheats too.

The other variant is to make everyone give their personal credentials, so if they got caught by demoing and public decision, they get some high damage. Otherwise they change IP/GUID/Whatever and reconnect. The encrypted client+warden can gather enough information to identify them 1:1, detect changes in game variables and deliver auto-ban.

This is impossible and bad for privacy.

[Hamish Wilson]

I do not see it either - whether the source is available to an anti-cheat system is irrelevant to it's effectiveness. Just like how Linux's security system is viewable by all and yet is not more compromised (and it would be by now, since we the dominate the server market which is the most vulnerable).

[kwahoo]

Layoffs in Valve
http://www.gamasutra.com/view/news/1...p#.URzrS2fVjmc

[erendorn]

I do not see it either - whether the source is available to an anti-cheat system is irrelevant to it's effectiveness. Just like how Linux's security system is viewable by all and yet is not more compromised (and it would be by now, since we the dominate the server market which is the most vulnerable).

You can't compare linux security (user protected against external threats) with DRM and anti cheat systems (external content protected against the user).
When playing a game, you need to be able to trust your client (ok in closed and open source model), the server (ok in closed and open source model), but also all the other clients of the other users!
If, as a service provider, you want to certify the integrity of data sent by a client, you need to be able to certify that the client has not been modified. This is already very difficult to do in closed source form (not so many uncracked DRM schemes). This is much more complicated to do with an open source client (how many open source, DRM compliant softwares do you know?).
In fact, it is impossible without retaining at least some information from the users (at list a digital key hidden in the binaries, or use a dedicated hardware key not accessible to the user). You can publish the rest of the source, but it cannot be done without relying on some obfuscation (hiding keys in binaries or in hardware).

If you don't, you need to analyze client data and guess what is human and what's not. That means you have filters for specific behaviors, which can be circumvented easily (unless you don't tell users what your filters are... oh, obfuscation again).

So, you can open source up to one point, but the advantages are clearly not as high and obvious as from a security (from the outside) standpoint.