No offense, but your take on this seems more "deduced" and less "informed" by technical background in operating MMOG datacenters. I do respect your opinion but it doesn't seem as "definitive" as Sinth's —which was less discussing an opinion than a fact, at least in the way he worded it. Seems the man is quite positive on his analysis. That being said, I can't really comment on its validity, so I'll let others do that.
However I have a few questions that don't seem addressed by your explanation.
1) How do you explain that people can cast while running, to the extent of mounting or completing Esuna (1s cast)?
I'm asking this because I suppose that, should the client have authority, it just wouldn't let you do that at all. Not for .1s or even .01, it just wouldn't cast at all. Which is what I've observed in pretty much all other MMO's on the market.
2) How is database hacking related to live-state?
I'm wondering because, as far as I know, the database of ARR was accepting SQL requests without any check whatsoever, which was the (rather rookie) security flaw about it. To rephrase that: it wouldn't check within its own data that a request was possible, it would just process it —no need to "justify" the likeliness of an event for it to be validated (no check, no validation), requests would simply be processed. Pretty much as if we were living in a world where cheaters wouldn't exist and SQL requests were so impossible to write that SE thought no one would try (and evidently succeed). Likewise, teleport hacks are just that from what I gathered: a form of database hacking, where you don't ask the server to process a movement (which I assume would not result in a teleport but instead in very fast movement), but simply update your position in the database which doesn't check at all if it's even possible based on your previous position. Also from what little I know about these early gil generation hacks (and instant-leveling, item generation, etc.), it seems the SQL requests were in plain, not encrypted at all (like your session ID was written in the .exe parameters, without any obfuscation or encryption whatsoever, in plain memory). Apparently this lack of protection, on top of a lack of checks, made the hacks ridiculously easy to perform for a tech-savvy individual.
3) Contrary to your AV example, how do you explain that against Titan, people sitting behind him at the time of a Landslide release would indeed be ejected in the opposite direction of their relative position? (you are behind but you get ejected in front; this rarely happens but I've seen it first-hand)
To me this rather shows that the server saw the player still in front of Titan, regardless of what the client displayed to said player. I would suppose that if the live-state were on the client, you'd always be thrown away "logically" on your screen; however what often happens is that what goes on the server just isn't what we see, or more precisely we see it with a delay.
4) Finally this is a less technical question pertaining to your answer based on Occam's Razor (I love this logic too). Considering that:Don't you think that Occam's Razor rather points us towards thinking that, once again, they over-thought this whole thing, they went for the complicated answers, they just didn't do what most other developers would do, making the result much more complicated (and lacking in efficiency, in the real world) that it had to be? :roll eyes:
- SE is known to be using cutting-edge technology in their development processes. They were the first game studio in the world to buy Silicon Graphics workstations back in the late 90's, they produced one of the most advanced CGI movie in the early 2000's, and to this day few, if any, can rival their mastery of 3D artistry.
- SE is also known to produce some of the most complicated, heavy coding in games, way too much so for the sake of (coding) elegance and efficiency, making me often call them Rube Goldberg machine-makers. This can also be seen with their web design and overall lacking knack for simplicity in UI's (just look at ARR's overcomplicated menus, absence of three-clic rules —which is often dubbed down to 2 in games— and so on). I think this post explains my feeling well.
___
EDIT: daily post limit reached (DOH!) — I'm so sorry APilgrim, I can't reply below![]()
Alright. Thanks for taking the time to answerI can't solve either way.
I'm still not really convinced by the casting-while-running bit though, since I really never saw that happening. I mean, if you issue a command and the client has authority, it would simply refuse that command if it's forbidden, without even needing to check with the server (that's the whole point of client authority on live-state, as I understand it, much less server-checks required, thus much less stress on said server). I suppose. Unlike you, I don't have work experience in computing besides some very basic web dev (html/css with a bit of php/ajax occasionally) and a keen interest for all things technical, so I'm really not an authority on the matter.
About these database checks…… what I read (unreliable source, but the guy seemed to know first-hand), ARR's database wasn't protected at all, and you could directly send SQL requests. No hacking per se, just knowing the right syntax. Which made me laugh at SE, since even a basic website is more secure than that.
As for Occam… haha yeah, doesn't take much knowledge in ergonomics and web design to see that SE's just bad at it. However that's not just them, many designers I know repeatedly commented that the Japanese scene was often subpar to most UI / ergonomics standards out there (good graphics, bad ergonomics) (the US being notably better than most, since they focused so much on communication and efficiency for decades). I see what you mean about SE being a huge corp., but I think we agree it's an explanation, not an excuse ^^; I mean, Apple and Google are huge too…
Yeah, a good food for thought is always nice.![]()