[rjvbk]

>We don’t share the state of other players if it doesn’t need to be shared, so we can avoid common cheats like “map hacks” (revealing all players on the map). >We let the server’s game simulation make the authoritative game decisions and generally don’t trust the information received from the client, which helps prevent common cheats like “god mode” and “disconnect hacks,” barring any overlooked exploits. >Our network protocol has been obfuscated, and we change this obfuscation regularly so that making a network-level bot is much more difficult.

I hope they are proud of doing the obvious. That's like having a webpage and bragging about escaping strings that you insert into a SQL table...

[keerthiko]

The first is not all obvious. Oftentimes, it's simpler to share entire game state to all clients, and let the client obfuscate information based on the player's context. Especially for building a better player experience for interpolation/network lag correction when the server connection may fail to keep up.

Additionally, it's non-trivial logic to determine what "needs" to be shared: eg, what do you do with a champ that's outside vision but using an ability that enters your vision? There are important and difficult design, architectural and logic decisions to be made at every level from the game data models to the server-side simulations to the clients handling of it.

[seanalltogether]

It might seem obvious, but a lot of current PvP game engines still maintain global state of all players on the map and trust position info sent from the game client to all other clients. This has been the status quo going all the way back to the beginning of online gaming.

[noxToken]

Riot's engineering blog is typically aimed at developers and engineers of all skill levels. They try to make all of their topics approachable. If you're a seasoned veteran, you probably won't get a lot of technical insight from these posts.

[sjburt]

These things seem obvious but are often not feasible for certain types of games (eg FPS) due to either latency or just the rate of events the server would have to resolve. This is why you're often stuck having to trust the client and implement complex checks for tampering.

[BanazirGalbasi]

A lot of this information is written so that it's easier for laypeople to read and understand. Stuff like that may be obvious to developers and sysadmins like many of us, but to the common League player it might not be. Also, I doubt that they want to give away something more specific that would give a clue on how to beat their systems.

[mopierotti]

The first point is actually something that game developers have failed to do in many cases. For example if they want client syncing to require transferring very little data, they may only send player inputs across the wire, meaning that each client needs to know everything, even if the final decision about game state is made by a server.

[rjvbk]

Yeah, the same many developers haven't escaped strings they inserted into SQL tables, leading to SQL injections. Does this mean if I don't do that I have a right to brag about it? If I wrote a post saying "look at me, I escape strings" the response here would be "cool story bro". This isn't any different.

[chupasaurus]

Back in the day (2010) there was a cheat for LoL to make instant short-range teleports without cooldown, so they went a long path...

[nodja]

You'd be surprised by the amount of AAA games that do not do what was listed in the blog post.