Most active commenters
  • Sohcahtoa82(3)

←back to thread

Steam Machine

(store.steampowered.com)
1173 points davikr | 31 comments | 12 Nov 25 17:59 UTC | HN request time: 0.484s | source | bottom
Show context
hebejebelus ◴[12 Nov 25 18:42 UTC] No.45904087[source]
Very interesting! The one killer issue that jumps to mind is anti-cheat. I switched away from gaming on Linux via Proton to gaming on Windows because Battlefield 6's anti-cheat won't work under Proton. Many games are like this, particularly some of the most popular (Rainbow 6 Siege for instance). And BF6 made this decision only recently despite the growing number of Steam Deck players (and other players on linux - in fairness I don't think there would have been that many BF6 players on a handheld).

Edit: I specifically use a gaming-only PC. The hardware is used for nothing else. Hence, discussions of rootkits don't really bother me personally much and on balance I'd really rather see fewer cheaters in my games. I think it would be the same with any of these machines - anything Steam-branded is likely to be a 99% gaming machine and their users will only care that their games work, not about the mechanisms of the anti-cheat software.

replies(8): >>45904175 #>>45904207 #>>45904682 #>>45905512 #>>45905633 #>>45906276 #>>45908020 #>>45908039 #
1. hananova ◴[12 Nov 25 18:47 UTC] No.45904175[source]
All Valve has to do is say “Your software cannot deliberately exclude linux support including kernel anti-cheat to be listed on Steam.” And that would be that, the few devs big enough to make it on their own would leave, and everyone else would adapt.
replies(4): >>45904232 #>>45904245 #>>45904268 #>>45905926 #
2. pityJuke ◴[12 Nov 25 18:50 UTC] No.45904232[source]
Worth noting: Valve’s own first party tournaments for their own game require kernel level anti-cheat (from a third party vendor). Valve themselves have given up on allowing players in their own title play competitively in a Valve sponsored event with a kernel level anti-cheat. I can’t imagine they’d ever be this brash.

There is no adapting without a proper solution for securing game integrity.

replies(1): >>45908111 #
3. Goronmon ◴[12 Nov 25 18:51 UTC] No.45904245[source]
Is there an feasible alternative to "kernel anti-cheat" available on Linux?
replies(3): >>45905143 #>>45905901 #>>45908286 #
4. brian-armstrong ◴[12 Nov 25 18:52 UTC] No.45904268[source]
The games would just leave Steam. The big publishers want their own platforms and launchers anyway.
replies(2): >>45904545 #>>45905550 #
5. vkou ◴[12 Nov 25 19:05 UTC] No.45904545[source]
That's not the trend that we're observing. As much as publishers and developers want to control their sales channels, the current trend is for them to move towards Steam, not away from it.

The more likely outcome is that developers would segment matchmaking into people with kernel-level anti-cheat, and people without it. This seems fair to me.

replies(1): >>45905409 #
6. Sohcahtoa82 ◴[12 Nov 25 19:35 UTC] No.45905143[source]
There isn't.

When it comes to anti-cheat on Linux, it's basically an elephant in the room that nobody wants to address.

Anti-cheat on Linux would need root access to have any effectiveness. Alternatively, you'd need to be running a custom kernel with anti-cheat built into it.

This is the part of the conversation where someone says anti-cheat needs to be server-side, but that's an incredibly naive and poorly thought out idea. You can't prevent aim-bots server-side. You can't even detect aim-bots server-side. At best, you could come up with heuristics to determine if someone's possibly cheating, but you'd probably have a very hard time distinguishing between a cheater and a highly skilled player.

Something I think the anti-anti-cheat people fail to recognize is that cheaters don't care about their cheats requiring root/admin, which makes it trivial to evade anti-cheat that only runs with user-level permissions.

When it comes to cheating in games, there are two options:

1. Anti-cheat runs as admin/root/rootkit/SYSTEM/etc.

2. The games you play have tons of cheaters.

You can't have it both ways: No cheaters and anti-cheat runs with user-level permissions.

replies(9): >>45905344 #>>45905571 #>>45905637 #>>45905790 #>>45905907 #>>45906018 #>>45906344 #>>45906502 #>>45907039 #
7. likeclockwork ◴[12 Nov 25 19:46 UTC] No.45905344{3}[source]
I'm not letting a game company have root on my PC. How does that kind of exposure for something as frivolous as gaming even make sense?
replies(2): >>45905688 #>>45907186 #
8. jsheard ◴[12 Nov 25 19:50 UTC] No.45905409{3}[source]
Several big publishers did move away from Steam until Valve conceded some of their revenue, reducing their cut from 30% to 25/20% at certain revenue thresholds. That convinced the publishers to return to Steam, but it showed that Valve isn't immune to being flexed on by the bigger players.
9. conor- ◴[12 Nov 25 19:58 UTC] No.45905550[source]
The big publishers already have their own launcher and platforms and are increasingly moving back onto Steam because they see higher PC player counts and sales when their games are there
10. Brybry ◴[12 Nov 25 20:00 UTC] No.45905571{3}[source]
I don't fully agree with the 1 and 2 dichotomy. For example, before matchmaking-based games became so popular a lot of our competitive games were on dedicated servers.

On dedicated servers we had a self-policing community with a smaller pool of more regular players and cheaters were less of an issue. Sure, some innocents got banned and less blatant cheaters slipped through but the main issue of cheaters is when they destroy fun for everyone else.

So, for example, with the modern matchmaking systems they could do person verification instead of machine verification. Such as how some South Korean games require a resident registration number to play.

Then when people get banned (or probably better, shadowbanned/low priority queued) by player reports or weaker anti-cheat they can't easily ban evade. But of course then there is the issue of incentivizing identity theft.

And I don't think giving a gaming company my PII is any better than giving them root on my machine. But that seems more like an implementation issue.

replies(3): >>45905747 #>>45905808 #>>45907924 #
11. conor- ◴[12 Nov 25 20:03 UTC] No.45905637{3}[source]
Rootkit anti-cheats can still often be bypassed using DMA and external hardware cheats, which are becoming much cheaper and increasingly common. There's still cheaters in Valorant and in Cs2 on faceit, both of which have extremely intrusive ACs that only run on Windows.

At the level of privilege you're granting to play a video game, you'd need to have a dedicated gaming PC that is isolated from the rest of your home network, lest that another crowdstrike level issue takes place from a bad update to the ring 0 code these systems are running

12. 0x457 ◴[12 Nov 25 20:07 UTC] No.45905688{4}[source]
That's how gaming on windows work. You're a minority with that opinion.
13. ThatPlayer ◴[12 Nov 25 20:09 UTC] No.45905747{4}[source]
Except most anti-cheats started on dedicated servers because it turns out most people are not interested in policing other players.

Punkbuster was developed for Team Fortress Classic, even getting officially added to Quake 3 Arena. BattleEye for Battlefield games. EasyAntiCheat for Counter-Strike. I even remember Starcraft 1 ICCUP 3rd party servers having an anti-cheat they called 'anti-hack'.

You can still see this today with modern dedicated servers in CS2: Face-It and ESEA have additional anti-cheat, not less. Even modded 3rd party server FiveM for GTAV has their own anti-cheat called adhesive.

14. polski-g ◴[12 Nov 25 20:12 UTC] No.45905790{3}[source]
But isn't all client-side anti-cheat bypassable by doing image recognition on the rendered image? (either remote desktop or a hardware-based display cable proxy)
replies(2): >>45906123 #>>45906396 #
15. Sohcahtoa82 ◴[12 Nov 25 20:13 UTC] No.45905808{4}[source]
> So, for example, with the modern matchmaking systems they could do person verification instead of machine verification. Such as how some South Korean games require a resident registration number to play.

If you think the hate for anti-cheat is bad, just wait until you see the hate for identity verification.

I'm actually rather blown away that you would even suggest it.

16. aseipp ◴[12 Nov 25 20:18 UTC] No.45905901[source]
Today, no. Very simplified but the broad goal of those tools is to prevent manipulation and monitoring of the in-process state of the game. Consoles and PCs require this to varying degrees by requiring a signed boot chain at minimum. Consoles require a fully signed chain for every program, so you can't deploy a hacking tool anyway; no anti-cheat is needed. PCs can run unsigned and signed programs -- so instead they require the kernel at minimum to be signed & trusted, and then you put the anti-cheat system inside it so it cannot be interfered with. If you do not do this then there is basically no way to actually trust any claim the computer makes about its state. For PCs, the problem is you have to basically trust the anti-cheat isn't a piece of shit and thus have to trust both Microsoft and also random corporations. Also PCs are generally insecure anyway at the hardware level due to a number of factors, so it only does so much.

You could make a Linux distro with a signed boot chain and a kernel anti-cheat, then you'd mostly need to get developers on board with trusting that solution. Nobody is doing that today, even Valve.

Funny enough, macOS of all things is maybe "best" theoretical platform for all this because it does not require you to trust anyone beyond Apple. All major macOS programs are signed by their developers, so macOS as an OS knows exactly where each program came from. macOS can also attest that it is running in secure mode, and it can run a process at user-mode level such that it can't be interfered with by another process. So you could enforce a policy like this: if Battlefield6.app is launched, it cannot be examined by any other process, but likewise it may run in a full sandbox. Next, Battlefield6.app needs to login online, so it can ask macOS to provide an attestation saying it is running on genuine Apple hardware in secure mode, and then it could submit that attestation to EA which can validate it as genuine. Then the program launch is trusted. This setup requires you to only trust Apple security and that macOS is functioning correctly, not EA or whatever nor does it require actual anti-cheat mechanisms.

17. wnevets ◴[12 Nov 25 20:18 UTC] No.45905907{3}[source]
the third option is cloud gaming for everyone.
18. Yokolos ◴[12 Nov 25 20:20 UTC] No.45905926[source]
Yeah, I would hope not. Trying to impose your will on suppliers and b2b customers like this is how you get hit with an antitrust lawsuit.
19. suddenlybananas ◴[12 Nov 25 20:25 UTC] No.45906018{3}[source]
3. write your codebase in a way which is suspicious of client data and gives the server much more control (easier said than done however)
replies(1): >>45907156 #
20. Yokolos ◴[12 Nov 25 20:30 UTC] No.45906123{4}[source]
Modern cheats are far more advanced than this. Using a DMA cheat, you basically just read the game's memory from a different computer and there's no way for the game to know unless the PCI device ID is known: https://intl.anticheatexpert.com/resource-center/content-68....
replies(1): >>45906381 #
21. ◴[12 Nov 25 20:42 UTC] No.45906344{3}[source]
22. bangaladore ◴[12 Nov 25 20:44 UTC] No.45906381{5}[source]
DMA is "easy" to patch. No reason to allow a device to have arbitrary memory access. Just require use of IOMMU.

FaceIT essentially has countered most modern cheats including those using DMA. https://www.faceit.com/en/news/faceit-rollout-of-tpm-secure-...

Nowadays if memory access is needed, you are looking at having to find a way to load a custom BIOS or UEFI module in a way that doesn't mess with secure boot. Even then, certain anti-cheats use frequently firing interrupts to find any unknown code executing on any system threads.

23. bangaladore ◴[12 Nov 25 20:46 UTC] No.45906396{4}[source]
Yes. Using another machine, record the screen & programmatically move mouse.

At that point you have to look at heuristics (assuming the input device is not trivially detectable vs a legit one).

However, that can obviously only be used for certain types of cheating (e.g. aimbot, trigger bot (shoot when crosshair is on person)).

24. gf000 ◴[12 Nov 25 20:53 UTC] No.45906502{3}[source]
Even kernel anti-cheat can be defeated, this is a similar fight to what captchas have.

I can just have my screen recorded and have a fake input signal as my mouse/keyboard.. or just simply hire a pro player to play in my name, and it's absolutely impossible to detect any of these.

The point is to just make it more expensive to cheat, culling out the majority of people who would do so.

25. gausswho ◴[12 Nov 25 21:32 UTC] No.45907039{3}[source]
There's a third path:

3. No humans in your multiplayer

As someone who grew up amazed at Reaper bot for Quake, I'm surprised we don't see a rennaisance of making 'multiplayer' fun by more expressive, fallible, unpredictable bots. We're in an AI bubble and I don't hear of anyone chasing the holy grail of believable 'AI' opponents.

This also has the secondary benefit of having your multiplayer game remain enjoyable even when people's short attention spans move on to the next hot live service. Heck this could kill live service games.

Then again, what people get out of multiplayer is, on some unspoken and sad level, making some other person hurt.

replies(1): >>45908448 #
26. Sohcahtoa82 ◴[12 Nov 25 21:41 UTC] No.45907156{4}[source]
That's just server-side anti-cheat, which I've already addressed.

Cheating isn't always about manipulating game state, especially in FPSes. There, it's more about manipulating input, ie, auto-aim cheats.

27. paxys ◴[12 Nov 25 21:43 UTC] No.45907186{4}[source]
Something that is "frivolous" to you is a passion or even a profession for others. Competitive gaming is a massive market worldwide, and it wouldn't exist without the ability to enforce a level playing field. Not everything has to be a holy FOSS war.
replies(1): >>45908050 #
28. vel0city ◴[12 Nov 25 22:43 UTC] No.45907924{4}[source]
> For example, before matchmaking-based games became so popular a lot of our competitive games were on dedicated servers.

I still had a lot of problems with cheaters during this time. And when the admins aren't on you're still then at the whims of cheaters until you go find some other playground to play in.

And then on top of that you have the challenge of actually finding good servers to go join a game with similarly skilled players, especially when trying to play with a group of friends together. Trying to get all your friends on to the same team just for the server to auto-balance you again because the server has no concept of parties sucked. Finding a good server with the right mods or maps you're looking for, trying to join right when a round started, etc was always quite a mess.

Matchmaking services have a lot of extremely desirable features for a lot of gamers.

29. likeclockwork ◴[12 Nov 25 22:54 UTC] No.45908050{5}[source]
"holy FOSS war"?

Why not have a commissar sit behind every gamer to make sure they're not cheating?

That's a startling degree of access to give to these people for access to cosmetic micro-transactions.

But, I guess if all your friends are snorting coke in an alley, FOMO will have you right there with them.

30. osn9363739 ◴[12 Nov 25 23:18 UTC] No.45908286[source]
I wonder what ever happened to all those AI based anti-cheat solutions that I heard about. Was that last year maybe?
31. Synaesthesia ◴[12 Nov 25 23:33 UTC] No.45908448{4}[source]
There's just nothing like playing against other people. It's so dynamic and fun. Especially games like StarCraft. AI is just nowhere near as engaging.