Skip to content

Instantly share code, notes, and snippets.

@asofold

asofold/ncp-further.md

Last active April 28, 2017 11:28
Show Gist options
  • Save asofold/3c1fb425767ca7c56e87d2e3a1a0bded to your computer and use it in GitHub Desktop.
Save asofold/3c1fb425767ca7c56e87d2e3a1a0bded to your computer and use it in GitHub Desktop.
Download ZIP
ncp-further.md
Raw
ncp-further.md

In general we have way too few manpower, still i'm not going to cut down the concepts i set for NCP, just because no one is joining in, unless i'll drop this entirely. The slight problem is, that "developers" are sucked in by paid resources and private jobs, and especially with anti cheating it looks like most fall for the 'easy edge' with fast reacting fast-to-bypass measures - strategically it gives them money, because people pay for the ban count, but it makes the open source part less attractive. This problem gets more severe if people are allowed to advertise in malicious ways, e.g. relating to NCP in overly generalized fashion or even with outright false claims, while avoiding any discussion/arguments - that's a problem because spigotmc forums is closely tied to the spigot server mod, and can't really be seen as separated. I don't really intend to provide the punch bag plugin, while people build up their idiot-narratives - opposition and strategy could be applied, but all this is making things more complicated and not really helping the project. This isn't entirely about idiology, it just doesn't pay for me to do open source under such conditions (it's rather not about money).

Honestly i haven't seen much cooperation throughout the years (6+), concerning open source anti cheating, disregarding the plugin, about the best what happened was some hackforum people distributing a backdoored BOMB after idk 3 updates (i think not open source). That's not entirely honest, because there has been more discussion in the past, and at least one server/network owner who happened to have digged into ncp including survivalfly as is/was, which resulted in valuable input, alas they were on past versions of NCP and Minecraft even back then, so code-wise and reproducing issues-wise and false-positive-wise it also didn't really ease up things. There has been decent people trying stuff, e.g. command block based anti cheat, but the major part of people went obfuscated and often paid, so there is not much hope to have people work together even just conceptually. The last cooperation got blown up by the skype account of the other guy being seized via a telephone call by a random troll (thanks Microsoft...).

Support by opening issues is now good, we have issues flowing in fast when latest builds introduce new issues, and in general feedback by server owners and people hooking into NCP with their plugins/infrastructure is present. So this direction can also be extended, but it also means taking more time to implement stuff that doesn't directly fix issues.

So the kind of support a project like NCP needs, would be people to join in on actual development, issues/tickets are largely secondary - i could just close all and call it 'cleanup day, pls reopen :) xdxd'. Concerning 'development' there are various stages/levels of involvement which could suit different abilities/accomodation/preference, e.g.:

  1. Conceptual discussion (checks, infrastructure, ...).
  2. Reproducing issues, analysing debug logs also with ProtocolLib, identify issues - this does need some introduction how to interpret things. Try to narrow down side conditions (e.g. 'seems to happen jumping out of the water near ground, acceleration from first move into air is so and so, idk stone pickaxe in left hand :p').
  3. Attempt to fix reproduced issues (if you can do it yourself or not), identify involved checks and sub checks... down to code level, and have some idea about where to insert potential fixes. This needn't be especially difficult, e.g. once you can read moving debug logs, you might get an idea, what the side conditions of a false positive are and you could formulate how a workaround could be made (not code yet) - if all the necessary data/abstraction is there, there are certain points in the code, where such workarounds can be inserted (coop or independently).
  4. Write proof of concept checks independently.
  5. Work together on infrastructure (data handling, latency estimation, block change tracking, on the fly check registration, auto registration of data sources and checks).
  6. Systematically and safely (minimum vm, best entire resettable system :p) test cheat clients - money can be found, extra accounts too, some care necessary not to leak via debug logs. This could speed up finding stuff, but testing clients is dangerous, simply. I'd not want anyone to use their online-banking device for testing cheat clients, no matter if open source or not.
  7. Another approach is of course to enable server owners to contribute in even more significant ways, e.g. (...)

The basic conception is:

  • Provide a level of protection of rather deterministic non-bypassable checks.
  • Make use of infrastructure to both reduce false positives and be able to run stricter checks (e.g. past location trace, latency estimate/window, block change tracking).
  • Imlement powerful concepts for easy integration and extension (one class check registration, on the fly adding/removing checks, counter frameworks, state machines).
  • (Reorganize for an easy to understand api layer - for external plugins, but also for check creation, simplify the build process.)
  • Later implement specific cheat detection as an extra thing.
  • (Of course millions of things could be built in, but for open source we need to increase the surface towards contribution.)

For current topics check out the road map document (and other in the development section of the wiki, some are outdated): https://github.com/NoCheatPlus/Docs/wiki/Roadmap

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment