347
this post was submitted on 14 Jun 2026
347 points (98.1% liked)
Linux Gaming
26252 readers
63 users here now
Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.
This page can be subscribed to via RSS.
Original /r/linux_gaming pengwing by uoou.
No memes/shitposts/low-effort posts, please.
Resources
Help:
- ProtonDB
- Are We Anticheat Yet?
- r/linux_gaming FAQ
- Fork of an earlier version of the above
- PCGamingWiki
- LibreGameWiki
Launchers/Game Library Managers:
General:
Discord:
IRC:
Matrix:
Telegram:
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The server should be the authority. Never trust the clients. For fucks sake it isn't this hard for game developers to build their shit right.
It is actually hard. For example, if you'd only send enemy data for visible enemies, you'd have pop-in when they come out of the corner. And how do you determine if they're visible? Do you take into account shadows, transparent objects, tiny gaps? Even if you somehow solve that, you'd still have to fight stuff like aimbots, which can work on just the information that the player should have. Do you add maximum aim velocity? Check for movement that is "too good"? If you never trust the clients, then people with higher latency would be at an even bigger disadvantage and have even worse experience.
The real answer is you either make the game only playable between friends or you have to hire moderators and generate report logs. None of this kernel shit is necessary people just dont want to pay people to work anymore. This is supposed to be entertainment, its not worth the spy network they're building inside of it to "stop cheaters".
Part of that is perfectly possible. In counterstrike some 3rd party matchmaking services do the visibility check already on the server side. iirc it's literally a variable that can be changed. But Valve has no intersest in wasting those extra CPU cycles on their servers. Same goes for all other BS anticheats. It's much cheaper to have the clients do all the work.
Do they really? Doesn't that really mess up client side prediction?
I figured this out as an 18 yo fucking around with GMod, making gamemodes that were designed to thwart exploits and hacks.
If a professional gamedev can't figure this out, that's a skill issue, or a manager who won't listen to the devs that do not have skill issues.
Every problem you have listed has a solution in proper game architecture and optimization, and latency compensation.
There are of course no 100% perfect solutions, but there are very, very good ones. You can't stop somebody that's gonna go to all the effort to set up a seperate box that does the aimbotting and hwid spoofs itself as not being there... oh well actually you can, overtime, with serverside analysis of games and gameplay.
Literally everything you've listed is a solved problem... its just that most devs don't think these will be problems untill they're halfway through making the game, and then its too late to make low level changes without fucking up the dev cycle set by management.
Basically, the answer to most of your questions is 'yes' or 'cleverly'.
There are publically available papers on all of this.
World of Tanks has had this since 2011.
People hate the spotting system. We always have, but one issue Wargaming does NOT have an issue with is most forms of cheating. Most standard forms of "knowing" where the enemy is do not work - to the stage that as the game dies due to other reasons, the organized botting problem to get rewards has become more and more apparent. People run dozens of clients and then have to drive to specific places and then also be the player scoring the hits on their own "unspotted" account.
There are less dumb ways to do this than the WoT spotting system.
WoT spotting system is an attempt to gamify the entire concept of spotting/situational awareness.
Does your client actually know that the enemy tank is there, but just does not let you the player see it, untill certain conditions are satisfied?
Presumably, the server knows where all players are at all times.
Does the server send other player locations out to other players... at all times? When they're in the view frustrum and view distance range of the player? That, but also only when the spotting system stats for your player tank/crew/profile says you are allowed to see them?
To what extent is it the client or server that is making decisions realtime as to if you player X can see player Y? What do the stages of decisions look like?
Like I am genuiely asking those questions. We can't really know for sure without the source code, so... ?
You can tweak a lot of how those kinds of systems work, and, you can make an enemy player view culling system work without an entire situstional awareness game mechanic.
You can just make it part of how networking and rendering work, and have that be the same for everyone... and if you do that well, people will not even realize you are doing it.
Clients are given only what the server says to tell it, it's part of why I think the system has not been implemented elsewhere. As soon as you add this type of spotting system to anything with faster movement it would create issues. No client has all the information and every action is getting server-checked as the game plays out. It creates a bit of a funny with this because a tree will fall over, and you know a player did it, but the client is not told anything other than "put this tree in XYZ orientation now"
There are no mods to force it to show enemy positions or change the maps. No injection cheats. No wallhacks. No invincible god-mode, flight, or becoming unspottable or flying into/out of the map. No turning a single shot into a laser of damage, or unlimited magazine. No recoil cancel. No getting kicked from session like GTA or mod-menus.
I mean, yes, but that's either very obvious or near tautalogical.
I'm asking what, specifically, does the server relay to the client, under what conditions, in what kind of process flow chain? The design of that chain is, largely, the netcode.
Generally this is true.
But, there are many fps games that do this, as I was saying, on the backend level. The ones where you notice it exists are the ones that are not doing it well.
Its why the vast majority of online multiplayer games are 16 total players or less, why Battlefield type games rarely ever actually get beyond 64 players on one map at a time.
This kind of thing, in particular, is often due to physics being substantially or in some cases fully being handled client side, and then pushed to the server, where the server then basically either averages together what clients are saying about physics, or sometimes picks the first/fastest client physics first, etc.
This can create nonsense desync issues where two people near the same say, exploding vehicle or building, see a totally different trajectory for crashing parts, where you can get smacked by something that didn't render for you, because the server retroactively decided it did hit you, because your client's rendering of the physics was ultimately rejected, after a lag.
This is the main real reason why full destructibilty of environments basically does not exist in large multiplayer games... its usually a canned set of potentially destroyable objects... think of every potential physics object as almost another player, in terms of netcode load, and shit gets unmanageable fast, unless you have extremely clever game and netcode design.
A quick websearch reveals this to be completely false, there are tons of hacks and cheat engines for WoT.
You know who is at disadvantage when higher latency kicks in? The one who abuse the latency compensation mechanisms worse.
Ask Elden Ring players what they think about fighting in high latency and those who induce high latency on purpose running the builds that fare better in it.
That is technically feasible, and only really needed for a specific genre of game, in which you are already set up to do the sort of ray tracing needed to make that happen.
The answer to this is again ray tracing for the most part.
Not really. An ELO tracking method works just fine for a good chunk of that. If a 600 ELO player suddenly starts having stats of a 1400 ELO player overnight, they're almost certainly cheating.
How? This is for the server to handle, not the client. And for niche problems where it somehow would have a difference, artificial latency can be applied such as how the game Forts handles it.
Pretty much everything you've listed is from a FPS shooter perspective, which is not the only competitive game out there. These problems are solvable without kernel level anti-cheat that all these companies love to go for.
Looks like it's easy after all. All these engine developers must be idiots, not thinking of such easy solutions
But seriously, it's not that simple as you make it out to be. You can't just raytrace your way into a reliable visibility check. Especially server side. and then also compensate for network lag
Doesn't matter which genre you want to apply it to
Its less so that it is or isn't simple.
A lot of this stuff actually is fairly straightforward.
It is moreso that a lot of people are sophomoric idiots, wise fools, people who don't realize that they are just around the peak of Mt Dunning Kruger, people who do not realize the extent of what they do not know, what can go wrong.
Either that, or their boss/manager is there.
A lot of these things are obvious and well known to people with moderate levels of actual technical experience... where they actually pop up and become relevant.
Buuuuttttt... not everybody actually experiences, in significant detail, that kind of problem actually popping up, depending on exactly what that prior experience is. Also, the nature of many many game studios is that those people with moderate or more experience are basically treated as contractors and shuffled around, and as a result of this, they just do malicious compliance, they do exactly what they are told.
Because either the managers are egomaniacs, unwilling or unable to actually listen to good advice... and/or the entire team generally develops a toxic positive hugbox culture, that hand waves away valid and legit problems, and calls you an asshole for being persistent about bringing them up.
You can infact raytrace your way into reliable and robust and efficient visibility culling that even works with servers/multiplayer environment. Many succesful games and engines do exactly that.
Its just that you have to be quite clever and nail this down pretty early on in the dev cycle, otherwise, technical debt and timeline problems compound geometrically.
And, what make line on stock market go up != what make line fly around smart and clever in video game.
I've been doing game development for over a decade. Game development isn't easy, but doing server side control of the game isn't any more hard than any other part of game development. If you have the skills to make a game, you have the skills to make cheating a non-issue.
And that especially applies for the AAA game studies putting out the majority of the FPS games which are most hard to do server side authority.
You can't just expect that a visibility check/complicated visibility check is needed in every game. Not every game is an FPS.
Almost all RTS games for instance would not need complicated visibility checks, as they tend to be played on a 2D plane, which makes it easy to figure out if something is in sight of another thing.
I've played Speed Runners quite a bit. Zero visibility checking is needed for that game despite it being highly competitive. All the server needs is your inputs, and it handles all the movement, hits, speed ups, etc all on it's own. Or at leas they could if they programmed it right.
Another example, Zomboid, an indie game, already has visibility built into the core of the game. It does everything I am talking about doing. They have zero need for any kind of anticheat.
Rocket league: No need for any visibility checks. Everyone already can see everyone.
League of legends: All visibility logic is already built into the core of the game.
Super Smash Brothers: No visibility mechanics at all
/u/Mika is talking about Elden Ring, and I'd guess that visibility is not a big part of that game if at all, given it's all medieval combat. The server can consume player input and tell the clients what's going on, no need for any complicated logic.
Not all games are FPS
Also server side raytracing is not that computationally expensive considering all you're doing is comparing positions of players and maybe simulating a bounce or two in 2D space.the only time it'd be that bad would be in games like fortnite/pubg where they want the massive sightlines. So instead just do the rt check in a radius from the player that coincides with fog/draw distance
I agree with you, I think game dev isn't easy but these solutions aren't difficult either. It's just, Why try and fix what ain't broke and your company already likely has a contract with anti cheat providers like Denuvo.
Server side anti cheat is a viable and smarter solution, we have more than enough computational power to run it. So lets stop making artificial walls between platforms and enjoy playing the game
I think there may be some general confusion between 'ray tracing' and 'raycasting'.
Thanks to Nvidia, 'raytracing' now means 'doing an utterly absurd amount of raytraces all the time in order to have slightly more accurate relfections and light physics'.
Whereas, at least the lingo I'm familiar with, 'raycasting' is just like... a single ray, maybe a couple to form a frustrum, or maybe one that follows some bouncing vector math rules, to do a fast simulation of a bullet trajectory, or maybe its just attached to the player to tell the rest of them game something like... the player is on the floor, the player is standing infront of a wall or a short stairstep or climable ledge, etc.
THANK YOU, I knew it wasnt raytracing but I couldn't remember it.
May your raycasts be compute-inexpensive and functional, and may the dark spirits of vector algebra vex you only minorly, lol.
That doesn’t stop a client from rotating walls so they get culled and don’t appear, or modifying shaders to outline enemies, or using coordinate data to run a map/radar and auto aim bot.
Most of the time I think you can let the community self police, but for competitive play you probably can’t stop all forms of cheating. That chess guy used a remote controlled butt plug to cheat, people will always find a way.
I guess this isn't really the point, but I just have to express my frustration as a single-player person that so many games I could play are packaged with bullshit invasive anti-cheat for the small segment of genuinely competitive players. Like sure if the game is a competitive shooter like Fortnite or whatever (I assume; haven't played it), then fine I guess. But like, fucking Sid Meier's Civilization 7 has Denuvo. There is no fucking way on earth I believe even 10% of the player base in that game is playing competition-level pvp matches. I just feel like the number of players who would be actually effected by cheating in that game has to be tiny, so why the fuck do all the rest of us have to deal with that shit for the sake of that tiny segment?
You're talking about FPS games, a subset of competitive games. This, and the other things you've brought up aren't a problem for other types of games.
Most types of RTS and 2D fighting games will not have any of the problems you've listed.
But for FPS games specifically, the server should not report player location unless the player is visible. If people elsewhere in this thread are right, the server already does this with ray tracing. Not the fancy lighting stuff, just the basic "draw a line and see if X is hit" stuff.
And most FPS games will already have that logic built in, as they tend to use ray tracing for bullet hit detection, often referred to as 'hitscan'.
IMO the game should give all players the ability to turn on outlines for enemies/teammates anyways. People who have difficulties parsing colors should have that as an accessibility option.
Marvel Rivals already does this, and allows the player to choose the color that most stands out to them.
Not a problem if the server doesn't report player locations unless they're visibly.
This one is admittedly a little harder, but again not impossible to deal with. Chess sites already do this with ELO tracking and matching moves against the best possible move.
If on Wednesday you're playing like an ELO 600, and Thursday you're suddenly playing like an ELO 3200, you're cheating. In an FPS that would look like going from an accuracy of 12% to an accuracy of 100%.
Sure, but instead of being passive and using kernel level spyware like most AAA studios like to do, doing the basic sever side authority checks are far more effective.
And he was caught. Do you think we should be checking every chess grandmasters butthole going forward?
He was accused (by his opponent Magnus Carlsen) of cheating, and it's the internet that made a meme of using a buttplug as a means of cheating. There was never any legitimate accusation of using a buttplug to cheat, and there was never any consequences for him. In fact, he sued Magnus for defamation and they settled out of court.
To be clear, uh… the butt plug chess thing is a meme.
Like, it was never substantiated, it comes from one high level player basically insisting that the other guy who he had just rage quit a match with must have been getting outside signals and when asked how he said “a vibrating butt plug.”
And thus it became a joke because it was such an absurd suggestion.
It does so for performance.
It's not a big performance hit.
It's not lighting/rendering raytracing, it's the same math that hitscan guns do. Draw a line between point A and point B, if the ray collides somewhere in-between, then that line is not a valid visibility line.
You can cut down on these checks considerably if the player's camera isn't even pointed at another player, or if they are out of range.
Most FPS games are typically run by big studios on big servers that have plenty of computational power for this.
It's not the computational power it's the lag.
No, I don’t think chess players need the butthole check. Just give them an MRI before a match (jk)
Those were just off the top of my head cheats. Even for non FPS games like civ they discovered a guy was using a bug to load the map seed and map out the goodie huts for an advantage while streaming.
People were able to figure out his play was suspicious with math and look closer.
Even if you remove non visible players, you still need to render footsteps and sounds through walls. I think it’s a fine idea, to quote the mathematician from Jurassic Park “life, uh, finds a way”
I actually do agree that cheat detection should be a mix of ML and algorithm based signals that result in review. For non competitive play the ratio of cheat votes or something probably works well enough.
I think kernel level anti cheat is too invasive, and it’s weak.
I don’t really know what the state of cheating in those types of games is, fighting games feel epically Wild West, with specialized controllers or grips and single frame hits. The creativity of fighting game players is amazing.
that occurence is actually a guy cheating in a tournament/league
here is a explanation and how they caught him
https://www.youtube.com/watch?v=CFjU4Yhpsso
The butt plug chess guy was some smart shit.
"We're gonna need root access to your asshole."
Not the worst pickup line I've heard.
Making the server the authority means the client don't really belong to you. Leave that shit to other OS with their ever growing abuse of their uses to the benefits of big tech.
In a multiplayer game, the client renders and accepts inputs.
Then, you can also just freely release the server hosting software, as was the norm in gaming, for decades.
Ever hosted a private server for anything? Batllefield 2? HL2DM? Quake 3? Minecraft? Conan Exiles? Arma 1 2 or 3? etc?
Shit, even the original Deus Ex has a mutiplayer component, that you can host a private server for.
There's no reason that a client being subservient to the server, in a multiplayer setting, means that nececassrily you don't control the game client.
What you are thinking of is a 'thin client', where the client is now not even doing rendering of the game, its just accepting player inputs, and your gameplay is actually you watching a livestream being rendered somewhere else.
Thats not the same thing as deisgning the client and server in a clever way such that the client cannot force things onto the server that it should not be able to.
Yes and no. This very much depends on how the game is implemented. In an open source game, the code is still yours to edit to your heart's content, it's just that if you're a client you'd be bound to what the server says happens.
In a closed source game, if the server executable is released, there is at least a degree of ownership there.
Or if its not, and its popular enough, and basically insane people spend half a decade+ reverse engineering the netcode... SWGEmu, or TitanFall2, or something like that can happen, lol.
Yup. Or somebody is brave enough to make an open source version from scratch.
They've managed this with Fallout 1 and 2, as far as I can tell. I think basically the same at this point with STALKER?
Same goes for Unciv
Oh fuck, yeah that's another great example!