KLISHDFSDF

They already do this, so this doesn't solve the problem.

Because it doesn’t have to.

But according to that article it's still trusting the client. It's just validating that the action was within the realm of possibilities, not that it wasn't faked.

From the article (highlighting from me):

Here’s how it works:

• When you shoot, client sends this event to the server with full information: the exact timestamp of your shot, and the exact aim of the weapon.

The article continues to state:

The enemy may be the only one not entirely happy. If they were standing still when he got shot, it’s their fault, right? If they were moving… wow, you’re a really awesome sniper.

But what if they were in an open position, got behind a wall, and then got shot, a fraction of a second later, when they thought they were safe?

Well, that can happen. That’s the tradeoff you make. Because you shoot at him in the past, they may still be shot up to a few milliseconds after they took cover.

What's stated above already happens in Apex, telling us that they already do everything this article is talking about. This article mentions nothing new and doesn't solve the problem of clients sending fake data that is within the realm of possibilities - e.g. a headshot when you were actually off by a bit.

And when one client sends actuons that are weird and doesn’t line up with it’s internal game state

What if my hacked client sends actions that are not weird, completely plausible, but didn't happen and instead were faked? E.g. I take a headshot and would have missed, but my client sends data that I actually shot them dead center, because I wasn't completely off? How would the server know it wasn't me?

Check the data on the server

I believe this already happens to some degree.

Don’t give any data to the client it doesn’t need, like enemies around the corner

Enemies around the corner still make noise/peek/shoot/etc. You can't just hide data of nearby enemies from the client because their actions still have in-game consequences that need to be reproduced across all active/nearby players.

Now the server doesn’t need to care. There’s input? Validate and use it.

How do you validate data that is within the realm of possibilities? if my head shot would have been 1 pixel too far to the left to hit and my hacked client sends it 1 pixel to the right so it makes a hit, how does the server know this isn't fake?

Server decides if it’s a headshot.

If my fake data doesn't look out of the ordinary i'm still hacking the system and tricking the server-side validation.

Client only sends coordinates of origin and target. Lag? Sucks to be you, with or without cheat.

The math to send the perfect headshot isn't difficult if you know where you are, where the enemy is and you can only send origin & target coords, I'm not sure this solves anything.

That would only create more work for the developers, all for the defacto expulsion of Linux users (Way less players at all times). The best course of action here would be the actual expulsion of Linux users. Also, EA is at most 25% correct. (Not a rational argument, I just very much dislike them)

Agree with you 100%.

Damn, sorry to hear that. It’s always bad to leave something one knows because something’s become unbearable. I wish you best of luck on your journey! (I’m assuming a lot, but why else would you switch despite your choice of use of free time?)

Thanks! I'm a huge open source supporter and only ever installed Windows on my desktop to play games, still using Linux on my laptops. Thanks to Valve, Proton, and Wine, I'll be able to go back to Linux and maybe discover some new games.

On the other hand: I quite like it. It forces them to keep their grubby little hands from my kernel.

I do not like anything anti cheat. But I also don’t really like cheaters, especially in online games, so anti cheat could be tolerated. The only thing is: nothing trumps my systems integrity. Definitely not online player satisfaction.

Kinda agree with you on this. Although I have my desktop as a strict "gaming" machine, I wouldn't mine an EA rootkit on my Desktop Linux system if all I did on it was game. But yes, they can keep their hands off my kernel on my "work" devices.

I've been praying for an Open source Apex clone that can be self-hosted. A man can dream.

Genuinely curious, because this isn't my area of expertise, but how do you design a server to be "better" if it has to trust data from a remote client?

Example, if the client is compromised - because as they've said, they have no way to "attest" that the kernel is not compromised - how would the server know any better?

If my Apex client tells the server I got a perfect headshot, how would the server know I didn't fake the data? Is there a real answer to this problem or are we just wishing they come up with an impossible solution?

My general understanding is that EA is 100% correct. Now, on the other hand, maybe the should just limit plays between Linux <-> Linux so people can at least still enjoy the game (I'm moving to Linux soon so I'll basically no longer be able to play the game, which is, as my primary gaming addiction, a huge loss I'm willing to take).

There's compromises EA could take, but I think the Linux market share is just too small for them to care to spend any resources - even though they're raking in billions (~$3.4 Billion) and could spare a few resources to find a good middle ground. Capitalism at it's finest.

It allows Linux developers to package their app once and it will install across more than 40+ Linux distros without any additional effort: https://flathub.org/setup

when did you last try it and what clients? I've got friends/family accessing my library and I see them playing back stuff constantly and never seen or heard of any issues. This is across web, AndroidTV, Chromecast, Roku and mobile devices.

Check out Proton Pass. I migrated my Bitwarden to it and its not just fast compared to Bitwarden but the UX is really nice. That said, I'm still sticking with Bitwarden, but will happily move away and give my money to Proton if they ever actually stop making their client open source.

Linus Torvalds has been sold out to big tech companies like Google and Microsoft. He himself is a billionaire and no longer writes any code.

I can't take that seriously

Proton pass client doesn't currently use a proprietary SDK, but they also haven't made the same blunder as Bitwarden, which they've since fixed, but still not a good look.

On another note - I did export/import all my passwords into proton pass and WOW the speed and UX feels so much better. I'm still sticking with Bitwarden as they've been really good so far, but there's a real good alternative should they ever "turn evil".

Same here. I have to trust/use an extension and third party desktop application (Progressive Web Apps for Firefox) to get this feature to work and not have to rely on Chrome/Edge/etc.

I can easily see less patient or understanding users dropping Firefox if they find out it doesn't work with Progressive Web Apps.