Warscale 65 - Devil meet Guimo, Guimo meet details
by Guimo · 06/10/2010 (8:44 pm) · 2 comments
Hello everybody reading this series!
Two weeks have passed since my last blog. At least for Warscale this las 14 days have been most productive... or too little depending on the point of view.
Indeed, I really was thinking on starting my closed beta last week and here I an still fixing small things. I have worked on different games but Warscale has become quite complex on its own.
Indeed, last week I managed to get a full installer which was something great. So I aunched the thing and started playing myself and writing down any problem I found. You know, I think it is a sign of disrespect to ask any beta testers to check your game if you still have the most obvious bugs.
So, from the small things like cursors, to fixing some buttons here and there, updating the servers, removing code which was meant for testing only, making some windows display in the center of the screen, moving some thing a couple of pixels off, etc etc. I have been killing lots of small things and I'm still working on them.
Anyway the most important fixes this week:
A poor mans SSL
You know, last week Brian Wilson really shaked my bubble. I mean he is obviously way experienced in networking things so I tried to follow all his recomendations and improve the things he pointed out.
One of the most obvious problems with Torque is that the communications are unencrypted and I really was unable to integrate SSL into the code (maybe with some more time but I had not much patience at this time). So I started thinking on weird things like create an SSL tunnel but after a discussion with the networking guy here in the company he suggested me the obvious thing (and as usual the obvious things are often understated). In Warscale all the events are validated in the server so any attempt to hack the messages are easilly handled and detected. No biggie there. The problem is just to encrypt the login/password.
Then the solution is really simple, when client connects, the server will send a 32 bit key in the form of the server milliseconds. The client will use that key in order to generate a 128 bit key. This new key is then shaken on the bit level against the login mesage. After a lot of bit swapping, shifting, etc the information is most unrecognizable but the important thing is that the server can replicate the process in an inverse way and is able to retrieve the information back.
The most important class I was forced to implement for this was a bit array data type which is able to convert a string bit by bit into an array and implements functions to switch bytes or bits, invert the arrays, shift left or right, etc. Quite useful.
So, I got my login/password encrypted and other than that all the connections into the server are protected by SSL. Granted it is not the most secure server in the world but will do for the testing stages. I will improve it bit by bit.
User manual
This is still work in progress. In my experience, I have found that the best way to catch bugs is to write a user manual. While doing so you will really find things which are not easy to explain. If this happens then it is possible you really need to improve something in your UI. Right now I'm in the process of writing. I will post a message when ready to download.
The plan for this week
The plan is to finish the basic client for the beta test and finally beta test it. This is taking longer than a giraffe burp.
Luck with your projects!
Guimo
#2
About the manuals, I will need to go through the web. When I migrated to Australia I just left any superfluous things in Peru and that included games and manuals. Warscale is quite complex to explain so I really hope players easilly catch the interface.
The server handles all the logical game and its completely synchronized with the client. So basically this means that any message from the client to the server will be validated in the server for the right paramaters. If anything is wrong with the message then KAPUT. Cleint is removed from the current game and a strike is logged. three strikes and the player is out of the game and his account banned. So I really don't care about the communication being unencrypted on this level.
This being a hobby for me, I have no real timeframe. Being a completely self funded indie I will risk it to be the best I can do with the resources I have on hand. I try not leaving anything on the air if possible. I'm impatient of course but will hold until I feel everything is polished enough. I know it will be buggy on release anyway.
The idea of the forum is great. Thank you. I had overlooked it and my wife almost slapped me for dismissing something so useful. A crude website is now next thing on my list. Even before manuals.
When appropriate I will send you all the info so you can play hacking the server :). Just don't do your best... it will be a test server only.
Thanks again for all your good advice.
06/12/2010 (5:32 am)
Hi Brian,About the manuals, I will need to go through the web. When I migrated to Australia I just left any superfluous things in Peru and that included games and manuals. Warscale is quite complex to explain so I really hope players easilly catch the interface.
The server handles all the logical game and its completely synchronized with the client. So basically this means that any message from the client to the server will be validated in the server for the right paramaters. If anything is wrong with the message then KAPUT. Cleint is removed from the current game and a strike is logged. three strikes and the player is out of the game and his account banned. So I really don't care about the communication being unencrypted on this level.
This being a hobby for me, I have no real timeframe. Being a completely self funded indie I will risk it to be the best I can do with the resources I have on hand. I try not leaving anything on the air if possible. I'm impatient of course but will hold until I feel everything is polished enough. I know it will be buggy on release anyway.
The idea of the forum is great. Thank you. I had overlooked it and my wife almost slapped me for dismissing something so useful. A crude website is now next thing on my list. Even before manuals.
When appropriate I will send you all the info so you can play hacking the server :). Just don't do your best... it will be a test server only.
Thanks again for all your good advice.
Torque Owner Brian Wilson
http://www.ehow.com/how_5763597_write-video-game-manual.html
Also, you can never have enough reference material to go through. This is at least the excuse I give to my wife for holding on to manuals as far back as 1983's Ultima 2 And 1980's original Zork. I'm sure with a bit of searching, you may be able to find some .pdf's out in the wild of long-gone-games, or perhaps check your local used book store to see if they have a stash in the back that they don't know what to do with.
Re: another note on securty - when writing server-client applications, never trust the client. All data and calculations should be server-side and the client only maintaining a copy of the data for presentation to the user. This is the concept your guy at work was trying to get accross. Of course when it comes to online games, performance can take a major hit when everything is server-side. So certainly farm out what you can to the client to handle, but keep critical stuff like combat results, authentication, and master time tables for events server-side.
Re: Beta testing and bugs - certainly squash the bugs that you can in your timeframe allowed, but users should be able to tollerate minor bugs, especially if you inform them about the issues ahead of time. If you can work it in, having a beta forum comes in handy if you want collaborative feedback.
Re: your SSL implementation, when you get ready for beta and want someone to take a look at your client-server communcation, I'll be happy to help out. Just let me know.