PBEM security

[toddtreadway]

I've been giving some thought to PBEM security.

It seems there are two current features: 1) a count on the number of times the save-game file is loaded (minus one if you save in mid-turn), and 2) pre-rolling the combat rolls for every unit at the beginning of each turn.

I have some questions and a suggestion.

Questions
1) The pre-rolling thing--is it done when the save-game file is loaded by the player, or at the beginning of the German player's turn, or at some other time? It seems like a good idea, but unless it is done at the end of the prior player's turn it might be abused.

2) Can this pre-rolling be defeated by simply waiting some amount of time before loading a PBEM game? Some random number generators will use the system clock as part of the algorythm.

Anyway, on to the suggestions.

I know TCP/IP play is in the works, and I guess that is fine, but it seems like I will be playing more PBEM than TCP/IP due to time constraints. Might there be a combination of the two that would yield better security for PBEM?

For example, for a PBEM turn, it would work as follows:
1) A server would maintain the save game files, and notify the players via email when it is their turn
2) The player would launch the game and start the file on the server as the saved game
3) As the player played, the server would be notified of the progress, just like a TCP/IP game. In essence, the server would be acting like the non-active player.
4) Once the turn was complete, the next player would be notified.

Just an idea, but it seems like it might be able to make use of the hard work done on the TCP/IP and make PBEM more suitable for tournament play.

[JanSorensen]

The problem as I see it is that you would need a very dedicated server running around the clock to do that. I dont see anyone wanting to pay for such a server and making sure its up around the clock. It would likely also generate more traffic than would be desired.

As for the pre-rolling part. You could try testing that yourself. Maybe make a PBEM game where you play both sides as two seperate players and see if you can defeat the "pre-rolling" part somehow. As I recall the dice to determine how many naval units are included arent pre-rolled. Maybe other things too. I will be looking forward to seeing your results out of curiosity rather than practical applicational value.

[toddtreadway]

"Practical application value."

[:)]

I'll try to check out how this works in a test, unless someone already knows. The main reason I'm curious is so that we can improve the current system. It seems that one of the factors people are taking into account is the current PBEM system's lack of security. We should try to help Matrix fix it, if it does in fact need to be fixed.

Once the ladder you're starting up gets going it seems like PBEM security might become more important. Right now, I think I'm with a lot of people when I say that it's fun running into totally new strategies by being able to play against people all around the world! My current PBEM game is with a friend of mine who I used to play board wargames with and we're playing against a guy from New Zealand and another guy from Norway. Very cool, indeed!

[JanSorensen]

I look at it this way. If people really want to cheat they will find a way nomatter what. That aside - if security can be improved by some simply change then I am all for it. I did infact toy around with testing this a bit ago - but got inconsistent results. I seemed to rarely be able to make the pre-rolling do something else but then it did the same over and over and over in the follow up tests so I just decided not to bother further and instead focus on bugs that affect gameplay outside reloading games.

[larizona55]

Because WaW resolves combat mid-turn, and this is integral to the game play, a security measure is not easy.

I can conceive of a security measure that would involve token passing, and not need a third party,but it would be too cumbersome, and look alot like TCP/IP play.

Maybe the easiest way to deal with it from the developer's point of view, would be to create a special tournament mode. This would be where all random factors are removed from the combat resolution calculation. So if the attacker can get 70% lets say, they automatically win; less than that, they could not win, but still cause damage. Damage and destruction would be based on the attackers point ratio. So, a player could reload all they want, and it would not change results. The only thing that would matter, to paraphrase that famous Confederate cavalryman would be "getting there the fastest with the mostest..."

This would make the game more like chess or Risk, but maybe that is OK for serious tournament games.

[JanSorensen]

If you truly want a no cheating tournament then you simply allow reloading. That way its not cheating anymore and both sides can do it as much as they care to.

The perfect solution would involve a dedicates server that you report each attack/move to which then returns the dice rolls.

[WanderingHead]

ORIGINAL: JanSorensen
The perfect solution would involve a dedicates server that you report each attack/move to which then returns the dice rolls.

Yes I mentioned this some time ago and got no response. The open source TripleA does exactly this, using the dice server at http://www.irony.com/mailroll.html.

The server provides the rolls to the requester, and sends an email report to whomever is specified as recipient, i.e. the opponent. Said opponent can then cross check the saved file he receives against the server report.

Relying on an outside server may be kind of awkward, and probably it couldn't be player specified because the protocols for different servers (assuming there are more) may be different, so it seems useful to me for Matrix to establish a dice server for their own games.

What do most PBEM games do? The only other one I've seen is TripleA, I just assumed that their approach was standard and it would have been applied to GGWAW.

[lkendter]

ORIGINAL: WanderingHead
What do most PBEM games do? The only other one I've seen is TripleA, I just assumed that their approach was standard and it would have been applied to GGWAW.

All of my PBEM A&A gaming uses some type of dedicated dice roll. Results are then e-mailed to both players. My Was / VitP games send requests to a dice roller that e-mails results back.

[JanSorensen]

Emailing dice roll for GGWaW would seem dreadfully slow to me though. It would need to be something more sophisticated than just requesting a number of dice and then getting an email.

[aletoledo]

I can be competative in many games, but W@W doesn't seem like its possible to get ones panties in a knot about.

at least prior to the creation of the ladder, games I've played have been simply for the enjoyment and challenge of the game. when I've played people I've enjoyed, we usually play a number of games afterward. its not necessarily a thing about who wins or loses, but more of an issue of who played something out nicely or coordinated something well.

if a game comes down to whether a dice roll was a 5 or a 6, I think I'd rather just lose the game than go to all the trouble of using an additional layer of security to verify dice rolls. you can usually tell when you've been outmaneuvered and that you're going to win or lose a battle.

of course now with the ladder, there is more incentive to win games I suppose. at least there is nothing saying you have to play someone, so if you think he's cheated you're never required to start a game up.

[WanderingHead]

ORIGINAL: JanSorensen
Emailing dice roll for GGWaW would seem dreadfully slow to me though. It would need to be something more sophisticated than just requesting a number of dice and then getting an email.

For TripleA, as I recall it happens in the background. The game connects to the server directly (no email), passes the information describing where the die rolls will be applied, and receives the die results. All in the background, no human interraction (other than setting it up at the beginning of the game).

The server then sends an email to the specified recipients, who may ignore it or cross check it with the game save they receive later, as they wish.

[JanSorensen]

I see - that is indeed also how it would need to be.

I assume there is some logic going on so it does not send one email per dice request - but rather waits till the end. For GGWaW the sheer number of dice is quite large too.

Still, it takes a server doing this 24/7 - even though that server can probably also do something else. It takes a coding change in the main game - and it takes the coding for the server program. Its definitely doable and probably neither complicated nor terribly time consuming but it would still cost some money.

[JanSorensen]

Could you post a link to a page that explains how the dice server works for TripleA?

I did find the TripleA page - but the documentation pages seem to be missing.

[MrQuiet]

Here is a link to the dice server they use:
http://www.irony.com/mailroll.html

When I use to play A&A via tripple A it did work out pretty well but..

In GGWAW I do not worry about my opponent cheating. If they really need to reload the game and play there turn again knowing full well they are cheating, then they probably do not play very well to begin with and will lose in the end. Also what do you really gain by winning a WAW game??

-MrQuiet

[JanSorensen]

ORIGINAL: MrQuiet

Here is a link to the dice server they use:
http://www.irony.com/mailroll.html

When I use to play A&A via tripple A it did work out pretty well but..

-MrQuiet

Thanks for the link. It does not explain what the flow is for a game where the dice are built into the game so to speak. Or maybe I just didnt dig deal enough thats also possible.

If a dice server is to have any use for GGWaW it would need to be done mostly automatically from the point of the players imho. The moving player should simply indicated the dice server when he loaded/started a turn and then every move he made should be reported to the server and every dice roll he had returned from it obviously also. Then at the end of the turn the dice server should email a "log" file to each of the other players in the game. Obviously, a game started where dice servers are used should not be able to be run further without the use of the dice server or options could be explored offline so to speak. Finally, when the next player loads the save file he should also load the "log" file from the dice server and it should automatically compare the two files for validity.

Taken to the full extreme the "dice" server should be running the game fully and the local player PC only used as a dumb client.

and then sending an email to the other player(s) in the game upon completion of the turn. This email should then be possible to load into WaW and be compared against the loaded file with the turn in question.

Anything less than that would just seem like a hassle to me.

[WanderingHead]

ORIGINAL: JanSorensen

Could you post a link to a page that explains how the dice server works for TripleA?

I did find the TripleA page - but the documentation pages seem to be missing.

Sorry. I just figured out what it did by going through the process and playing the game. I don't recall any documentation of the specific feature.

But the point isn't necessarily exactly how TA does it anyway. You've already summarized a good implementation, better than TA really.

I agree that it should be hassle free, except that a small hassle to double check the rolls only if you want to (no hassle if you ignore it) would be OK by me. Personally, when I used it I ignored the emails anyway, and eventually stopped using it and went by trust because my firewall was causing problems.

Following the TA model, a set of rolls, analogous to one combat in the GGWAW case, was dispatched at once and generated one email log from the server.