It's great to see people still believe in this stuff. "Security" module == no cheating possible.

Does this mean that cheating is allowed as long as you pass the "security" check?

It means that cheating takes epsilon more time and efforts then it takes with not passing security check. Epsilon is positive number here.

It works like this in all other games and if you think that you are going to change it by writing our comments like this and cracking security modules, well, have fun.

You are not contributing anything useful.

agreed with johnny

personally i think security modules give a false sense of security because people think that if a suspect player has passed security checks in place, they are fine.

At least in the old days before security modules, if a player seemed to be possibly cheating he would get hounded regardless.

However security checks are fine as long as they can keep ahead of any possible hax that are made, which requires regular updates etc.

So I can agree partially with both arguments.

Can you safely say that the security we have in place in qw today can filter out all hax? I'm pretty sure you cant. If a player is using such a hax and passes the checks pre-game, are we to believe that player is genuine?

Noone said that passing security module check means that the person is not cheating.

^ what he said

Many of the easier and better cheats do not require modifying the client at all, so I'll have to disagree with you here.

You misunderstood what was written anyway. See my next reply.


Nah, cracking "security" modules is just so easy that it's hard not to. Especially when people for some reason think that they provide any security.


Why, thank you for your great contribution telling me that.

The NNQL rules do.

Read them again. They say that you have to do f_version before a game to make sure noone is cheating, and if you come whining after the game claiming that they're cheating, it's too bad. They won't do anything about it.

That's the problem of qw - No anti-cheats. Just security modules. Still, there is a bigger chance, that the enemy won't cheat, if he will be checked.

Yeah the formulation in rules is pretty much arrogant.

And to spot cheaters seems very easy..
AND MODIFIED MODELS AINT ONE OF THEM!

And while you [rule 6] that the [rule 6] modules are completely [rule 6], you still insist on the usage of them, thus limiting who can play in a tournament?

I find that rather silly and stupid. Sorry to say.

make it closed source and release it under another name and make it hidden or something

then no1 can fuck up with the source code, or not?

Bigfoot: They are not useless. You should also consider stop insulting people who are actually trying to do something usefull for QW on public forum.
Sassa: You've completely missed the point I guess.

What solution to the cheating problem would you suggest then, Bigfoot? Also, do you seriously not think that more people would use modified models and whatever the security models check, making the game totally fucked up to say the least?

Bigfoot do you have problems with perception? While behaviour such as yours is desired for profit companies, this case is different. A non profit organization as the ezquake development team, who admit that they lack sources or knowledge to implement better means of security, can only suffer from posts like yours.

They addressed you many times, and i will repeat once again. If you have better ideas and/or skills - please help implement them yourself and thus contribute in the project and the qw scene. If you dont, then just dont make it easier for random casual cheaters. Isn't that obvious?

the problem is that we dont have a good enough security guy and bigfoot is on the darkside right?
if so, the solution is to let big see the light (im sure we will forgive him, after he has had his 10minutes of camera time) i guess there is nothing else for me to do than to say; please lets make quake better bigfoot
sexytime!

And that would accomplish absolutely nothing


As wrong as it possibly can be. You don't need the source code for neither Quake nor the "security" module to be able to cheat.

bigfoot, just enter nnql using your ezquake compiled for the fictional cheatos. Just win the tournament. Its the tournament thats at fault.
(though personally I think ezquake's website is also at fault for not actually mentioning the whole not being reliable thing)

Faustov, if you knew assembly like bigfoot does then you'd realise that security through obscurity is fundamentally flawed. It can never be perfect. Putting in the extra effort to make it slightly stronger is time wasted when you could have been making XYZ better. Additionally, the security module's sourcecode is closed, which makes it hard to contribute to, other than demonstrating how easy it is to bypass a particular version. See, he is helping.

This isn't about ezquake, its about leagues using absurd rules. To date, I've heard of 3 separate occasions when fuhquake's security has been cracked. All you have to do is to get a friendly cracker to 'have some fun' with it. Many crackers do this sort of thing simply because they can. You can add in subtle cheats and if you pass the security module checks, you'll make most people think that you're just good.

But yeah, bigfoot's problem is that he's not allowed to play in leagues on his only computer that's any good, simply because it doesn't have an x86 cpu, for a flawed reason.


Agreed. Please add a disclaimer on the ezquake website, on the downloads page. An ignorant reader might believe what's currently there to be as secure as punkbuster (which has a team of people maintaining it).

Do you care to back up this opinion with just a little bit of evidence, please? Would make the quality of the discussion just a little bit higher.


I'm not trying to insult anyone. You, on the other hand, seem to keep going after me instead of after the thing being discussed. I'm OK with you not liking me, but at least either try to discuss the issue or simply don't join the discussion. Attacking persons helps absolutely nothing.

If you're referring to my comment about the requirement of a dummy module to be installed, then yes, I find the idea idiotic. I didn't say that the organisers are idiots. Unfortunately it has become the standard that to be able to play in a tournament, you basically have to use Windows (or Linux/x86 if you're a masochist. Fuhquake's Linux support is poor, Ezquake's Linux support is even worse). The requirement of that useless dummy module is basically giving everyone who doesn't use Windows a big fat middle finger. I do take offence at that. But I do realise it's just "the way things are" and "the thing noone questions", but I'd like that to change.

didnt know that, i know how it is to be on arch x and not be able to use program b (for e.x mplayer codecs or flash)
if if thats easy to crack it im sure you masterhacker can make on opensource arch independant module? or whatver that is better than the closed source one? it seems you are taking some time with this lets call it a flamewar?
use it to make quake better!

Please look at my three links earlier in this post. If anyone wants to cheat, they can easily do it. But do they? Nope, they don't. Seriously, go look, anyone can completely bypass the "security" module and it doesn't even take 5 minutes of effort.

Bigfoot, if I wanted to cheat, and please read the following line clearly:

I would not know how to cheat.

I would not know who to ask to crack the security module.

I would not know how to implement any code or get around any code.

I am your average gamer. The security code, as flawed as it may be, stops me because I don't understand it.

Do you see how it prevents me from cheating?

Granted, a hacker can make a cheat.exe and distribute it, but the more it's distributed the better the chances are that the public will find out (and finding out about cheats is all per chance).

Whether you admit it or not, IT STOPS ME and OTHERS from cheating. I will repeat: IF SOMEONE WANTED TO CHEAT THEY OBVIOUSLY CAN. But the security module is _MINIMIZING_ it.



"But I do realise it's just "the way things are" and "the thing noone questions", but I'd like that to change."

I guess what you meant by I'd like to change that is to make cheating easier instead of providing patches to ezquake so it works on more machines (and therefore more people can enjoy it). For those who don't know, bigfoot is a credited programmer who works for morphos.

Nope, I don't believe I do.


Aha, so it's OK to tell a company that their ideas suck for no good reason at all, but not to someone who doesn't make a profit from discriminating against people? OK, I'll try to remember that. Hope that changes your view of claimed lack of perception.


They can easily do better. Just remove it. That IS better. And don't tell me that they don't have the knowledge to remove it.


Well, there are several problems with this.

First of all, you're making the assumption that client side cheat prevention IS possible. It's about as possible as DRM is, and we all (well, at least those who are slightly interested) know that that doesn't work so well. And that's companies with billions and billions of <insert your favourite currency here>. And they can't do it. Someone should have taken the hint by now.

The second problem is that I don't like Ezquake. But that's 100% irrelevant to this discussion, so if you're more interested in that, open up a new thread. Thus I don't really have a desire to contribute anything, much less something which cannot work by definition, to Ezquake.

Thirdly, I don't think I'm making it easier for "random casual cheaters". If you by that mean someone who goes to google and types "Quakeworld cheat" and then downloads what he can find, then the "security" module doesn't stop that at all. It doesn't even attempt to. The best thing the "security" module has done is take away 30 minutes of a cheat developer's time IF he didn't choose to create his cheat in a way which the "security" module doesn't care about. The "security" module only covers one tiny, tiny bit of anything.

And let's not think that the "security" module is harmless, because it is not. It locks people in to using specific hardware and specific software. That's no good. Bye, bye choice.

No, the problem is that you're trying to do something impossible. If you like to think I'm on the dark side, then go ahead

I'm not.

If I was on the dark side, and incredibly bored, I'd just cheat and none of you would know any better, 'cause my client would say "authentic Ezquake client" and then that case was settled, right?


Ahh, I've seen the light already, but thanks for the offer


You could start by not excluding me from competitions because I'm not using Windows


I'm working on it, my dear, I'm working on it

im also using linux to, i see that as something generally good to the persona. and i would not think that you were using windows either. just didnt think abaut if you were using mac linux or windows, that has nothing to do with the point.
seing as this will help quake... i dont know maybe.. i just have a strong feeling it will not :/

Nah, I have no desire to cheat. But sure, I could just enter the tournament with a "non-authentic" "Ezquake" client. But I'd still be breaking the rules, even if noone knew. Oh well.


Agreed here. It tends to sound like a bad washing powder commercial.


Finally! Someone read the message instead of being busy shooting down the messenger.


Oh dear! But that's impossible!


No x86 CPU and no desire to use Windows to play Quake anyway.

OK, but then how would feel about not being able to use program b even though it was available and functioning perfectly? Just because someone said so?

That's basically the issue.


Because a "security" module _DOES NOT_ make Quake better. Does not! The best "security" module would be one which didn't do anything.

Then ppl can play with all kind of stuff that should be allowed in official tourneys!


we should try to prevent "cheat" the best we can so not the regular quaker goes and uses some nasty stuff?

No, I see two things which prevent you from cheating.

1) You have no Google skills
2) You have no coding skills.

Getting my fix for the "security" module does not fix any of these two things. The "security" module is still functioning 100% as before, so you still wouldn't be able to cheat even if you installed it. To be able to cheat, gasp, you have to MAKE a cheat! (or Google one).

OK, have we got that clear? I did not release any cheats, I did not make cheating easier for anyone (except maybe that guy who makes cheats and makes the publically available for people to find via Google. But then I only saved 30 minutes of his life. IF he didn't choose to cheat in a way which wouldn't required fixing the "security" module anyway. As I've said before, there are 3465345147617141 ways of cheating which the "security" module wouldn't prevent.)

OK, clear? Good.


Good, and with all the blind belief there is in "security" modules, noone would ever know anyone cheated.


I'm sorry, I call bullshit on that opinion. See above for reasons.


I don't know if you realise, but Ezquake is available for at least 2 platforms which don't have an "official" Ezquake "security" module. How would a port to XYZ help that problem? It wouldn't. Would it solve any problem? It wouldn't. And as I mentioned before, I don't have a desire to play with Ezquake. There's simply way, way, way, WAY too much fixing to be done to it at this point for me to want to use it as a client to play QW with.