dgdft

League ran fine for many years on Linux. The problem is Tencent, not Linux.

Per Riot's own stats, the rates of scripting in competitive league went way up AFTER they rolled out Vanguard, so it's not about anti-cheat either.

Yeah, I totally agree with that framing.

Overwatch definitely has its high-level cheaters, but the reason for that article is their ban wave model that Blizzard carried over from WoW: they often wait a few days/weeks before nuking an account. This approach means it's possible for trolls to hack their way to high levels of the ranked ladder for a brief window, but those accounts are effectively canned in the long run. The upside is that cheaters have a much harder time figuring out why they're getting flagged.

I quit playing after Blitzchung (2019), so OW2 may have a totally different scene going on due to switching from P2P -> F2P, but I only ran into a single aimbotter in the span of several hundred games. I still have friends who play though, and haven't heard many complaints. A more recent reddit thread seems to agree too, e.g.:

Been playing for many years, and my roommate can agree with me. Probably the FPS game with the least amount of cheaters I've come across.

Blizzard did something right with the anti cheat.

https://old.reddit.com/r/Overwatch/comments/xwk02o/how_is_the_anti_cheat_in_this_game/ir6x5k7/

According to Riot's own stats, the number of detected cheaters in ranked matches doubled after they rolled out their root-level AC for League (1/400 matches -> 1/200 matches):

https://www.leagueoflegends.com/en-us/news/dev/dev-removing-cheaters-from-lol/

https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-x-lol-retrospective/

The article you cited does not support what you claim. League had a bot problem, not a cheating problem. The bots played against each other, and not against humans. This is because they were extraordinarily bad; they ran out of base and died, just to claim credit for having “played” games so the account could unlock new characters.

I spoke of Riot Games because I was comparing Leauge with their other game, Valorant.

Not the case in my experience. Nobody is backing out from server-side checks and nobody is spending a ton of money either developing or purchasing anticheat to appease “non-technical stakeholders”, such as they are.

Riot Games is a perfect case study where this exact thing happened, IMO.

League of Legends had millions of MAU and a near zero incidence of cheating, for a ~13-14 year span. They implemented root-level AC for their next game, Valorant, and they ran into aimbot problems within weeks. Root-level AC was rolled out for League a few years later, despite vocal objections from their developers, several of whom were vocally against the move on r/leagueoflinux.

Overwatch is another example of a super-popular game that manages to stay cheater-free using only heuristics and player reports. They’re doing dramatically better at stamping out cheaters than Valorant, CoD, and other comparable games that include root-level AC.

Are there any counterexamples where you've seen a game struggling with cheaters fix the issue with root-level AC? I can't think of any, but maybe my gaming pool is just too narrow.

Rendering on client means you can still do all sorts of crap in terms of wallhacks, spoofing inputs and so on.

The solution for this that's now in vogue is server-side occlusion checking. Basically, map what objects/characters that player has line-of-sight on server-side, and send the client only data for those which are visible.

Could you do effective autoaim with just a rendered frame fast enough? I bet somebody would try.

This exists - it's usually done with a microcontroller that intercepts the monitor feed, scans nearby the player's cursor or center-of-screen for probable targets, and softly fuzzes mouse movements towards that target.

Hell, in some cases the cheating isn’t even on software these days. CS had a big argument about some keyboard behaviors recently, as did fighting games about leverless sticks enabling certain shortcuts.

Yep, 100%. That's why root-level AC is a bad option: cheaters are just switching over to these out-of-band techniques.

Companies prefer root-level AC because it gives non-technical stakeholders the impression that a game is "cheat-proof", and therefore, that they don't need to fund customer support to monitor and review reports of cheating. They're not using root-level, client-side AC because it's more effective than alternative options.

at least with running nothing but the renderer and the controller input client-side

Nearly all competitive multiplayer games run this way. The client is an untrusted rendering service, while the overall state of the game world is tracked server side.

I agree with your overall point.

However, as a professional codemonkey, I promise you that root-level AC is in fact less secure than server-side heuristic AC + user reporting, and tends to be user-hostile due to false-flagging of modified systems. Root-level AC can be bypassed rather easily these days with DMA and other out-of-band tooling.

As a case-study, League of Legends lacked any root-level AC for well over a decade, and was arguably the most popular game in the world at points. Cheaters were extraordinarily rare; the average player would typically encounter well under a dozen cheaters per thousand games.

Riot Games then released Valorant with full root-level AC, and had an aimbot explosion within a few months - mostly because they devalued player feedback & reporting in favor of their “robust” automated AC solution. Their overall anticheat strategy became less reliable on the whole, but they stuck to it because root-level AC is cheaper and easier to execute from the corporate-profit POV.

For anyone who missed it, the Windows Terminal team is infamous for claiming that it would require PhD level expertise to implement some basic optimizations suggested in a Github thread. Within a few hours, another developer countered that claim by submitting a functioning PR with said improvements implemented.

Windows Terminal team lead Dustin Howett then went on to double down on the original claim that said optimizations were unfeasable, and publicly attacked the author of the original suggestion thread on Hacker News. He issued an extremely half-assed apology and is still a Micro$haft employee to this day.

https://blog.royalsloth.eu/posts/it-takes-a-phd-to-develop-that/

Synology runs a proprietary OS OOTB that's had multiple sloppy vulns exposing full remote access to users' files. Putting your data in the hands of fuckups who have and will continue to leak it is the opposite of total control.

It's completely trivial to store any data you want to in a cloud provider 100% securely just by piping it through openssl before uploading.

See also: atuin - a shell history tool that records your shell history to sqlite.

Seamless sync across shell sessions & machines, E2EE + trivially self-hostable sync server, compatible with all major shells, interactive search, etc.