That's the only major roadblock left, rip out the anti-cheat stuff and the games generally work. I'm not sure how Valve could address this without people getting angry. They could eventually leverage their immutable rootfs setup to enable attestation of the system stack and run the games in security hardened containers?
My feeling is that Valve's approach via using wine/proton is pragmatic in terms of getting something that works for them and reduces how much they're held hostage to windows, but it's a missed opportunity to go further and decouple PC gaming from windows. As it stands they are downstream of whatever MS does to the 'reference' platform and how developers use it (because that's where the majority of users are).
I'd love to see what would happen if a consortium was formed to take responsibility for gaming on the PC platform, and I wouldn't be surprised if MS wouldn't mind abdicating maintenance especially if their xbox fortunes have waned and there's less mutual benefit for them.
Valve basically tried the later approach with the initial Steam for linux push which included steam machines and the steam controller. It did have some level of initial success but clearly had lost momentum and the developer support it had seemed to fade after a few years. There were quite a few direct ports during that time though. I think they would have preferred that approach but ultimately decided it was a bridge to far.
If linux gaming requires you use a blessed immutable OS where everything you run is either unprivileged or signed by a central entity, it's not much better than just using Windows at that point.
Kernel level anti cheat is a failure. You need to control the hardware to do it properly. The only hope is to wait for less locally intrusive and more robust anti cheat solutions.
Basically the only possible solutions at this point lie in the AI space.
> If linux gaming requires you use a blessed immutable OS where everything you run is either unprivileged or signed by a central entity, it's not much better than just using Windows at that point.
Yes it is, given that unlike Windows you still ultimately know what code being executed on your computer and have some degree of control over it.
Should add, this isn't necessarily something I want, lucky for me I don't really play the games that require anti-cheat. But it is something that Valve could conceivably do.
You have as much control over it as you do over windows in this state: i.e. uninstalling the OS.
Just because you know what the base is doing, doesn't mean you get to see what the proprietary kernel level drivers, loaded at runtime, are doing.
Really it's effectively as good as having windows and running an open source web browser, or an open source kernel driver. It doesn't change the fact that your computer is being fundamentally controlled by components you can't change, some/many of which are also proprietary.
This isn't a problem unique to what we're talking about, virtually every desktop PC on the planet has proprietary blobs running regardless of the OS used. I agree it sucks, but they're also not strictly necessary to run the containerized setup I proposed (any more than they're necessary to run the computer itself). It's possible to have attestation without anything proprietary/closed source.
While it's possible to have attestation without anything proprietary/closed source. If you look at widevine you will quickly notice how that's very unlikely to happen. While it's possible to do this in containers, if you look at how DRM is built into the HDMI protocol, you will notice that it's unlikely you'll ever get to control a base while running the proprietary stuff in a container.
Your idea is somewhat possible, but it's never going to happen in reality. I can already run windows in a VM for the exact same result.
I think there are three fundamental categories of cheating threat models that actually matter: State poisoning, Information leakage, and Input automation
State poisoning means your game was poorly written, period. Either that's a vuln within the code itself or badly implemented netcode. A 2-player game can have total asynchronous client separation and still be peer-to-peer. A more-than-two-player game is almost always run on a server that serves as the single source of truth. In either case, a game that doesn't make the fundamental guarantee that the inputs available to a player and maybe some initial random seeds are the sole determinant of the gamestate have no hope, and rootkitting your computer because they wrote their game's statemachine or interfaces like shit is not the correct solution. If your answer to this is that big game studios shouldn't have to learn how to write more solid code, this means that the sanctity of their game isn't that important to them, not that they should get to root your computer
Information leakage may be somewhat harder. Often you want the simulation to be running client-side, so a naive model of netplay would have the full state available to all clients from a technical perspective... but this doesn't have to be true. In most cases, you can do partial state with rollbacks to make it much harder to cheat from a technical perspective, even making no guarantees about the clients themselves. I think even when this is hard, the correct path here isn't rootkits, it's approaches that start to approximate zero-knowledge proofs. This also means there's a rich literature of zero-knowledge proofs to draw on
Input automation, to be honest, is basically hopeless to prevent upfront regardless of what you do. If you can plug external hardware into your device at all, you can rig up something that automates your inputs. This can be hard to even verify in person, let alone through even a rootkit. I don't personally think it's worth worrying about that much, but if you care about macros and the like, it's really difficult to prevent. However, if there's money on the line or something, there are good analytic forensic techniques to detect this kind of cheating after the fact. Maybe this is where "AI" could actually help, as some kind of sequence-based anomaly detection that can run in real time might be able to detect unusual input clusters, but I worry that the false positive rate is going to be super high. Honestly seems like a lost cause. But crucially, not a lost cause that you get around via compromising the OS at a kernel level
Anti-cheat that "needs to own your kernel" is more user-hostile corporate bullshit. Most games work fine on linux, but frankly no game is worth a rootkit, and no game needs one. The fact that some companies demand it should be viewed as those companies trying to scam you. That's not how the security of anything on the internet works. It's only how security of a bunch of mobile stuff works because Microsoft has trained generations of otherwise smart people to believe their total lies about security, and Google and Apple have taken advantage of this to secure a massive amount of control and surveillance over everyone who owns a smartphone (Which is increasingly required because they've also convinced people that fake 2FA that's just your phone as a single source of identity that can in fact often effectively be 1FA because it can override other authentication methods in most cases is somehow secure. The fact that everyone has a device with a bunch of proprietary backdoors that they don't have root on and that serves as a single lynchpin through which their life can be ruined is the most fundamental destruction of personal computer and identity security that's ever been realized - to say nothing of privacy, and that's a huge accomplishment given all that Microsoft, Facebook, and Amazon have done and still do to compete for the title)
Giving a corp a backdoor to your computer doesn't secure anything except that corp's ability to fuck with you. Don't believe Microsoft, Apple, Epic Games, The NSA, or anyone else who tells you that the best way to secure something is to give them a backdoor. Fuck all those people. They have not only gotten their slimy tendrils in a ton of people's stuff through these lies, but have propagated bad information about how to do security to a ton of organizations. If someone who works at one of these scummy companies or agencies responds to this with some condescending corp-speak at me, I've got a bunch of work to do so I'll probably not get to you immediately, but I pre-emptively say that making this argument at all fundamentally undermines your credibility, and also I hate you on a personal level. You've been a spook too long and it's rotted your brain, hypothetical internet stranger who might not even exist, quit your job and fix your heart
Basically, don't believe any of this "We have to own your computer for your own good" nonsense. That's a scam. Every time. Also, proprietary software should be assumed inherently insecure by default, not the other way around. A better world is possible
The reason companies seem to bother at this point is that, by implementing increasingly intrusive anti-cheat, they force cheaters to be increasingly subtle. With sufficiently intrusive anti-cheat you end up with gamers believing that the game they're playing has no cheaters.
This currently happens in at least some of the games which utilise kernel level anti cheat, as demonstrated by numerous videos on the topic which also shed light on massive communities of cheaters who just end up buying or making their own hardware based cheats.
Gamers will believe anything a company they like tells them. The fact that these companies can attract arguably the most insufferably delusional audience of frothing bootlickers to ever walk the earth to defend them doesn't justify their decisions on a technical or an ethical level
If the explanation for why a company needs a rootkit is "they don't want to spend effort on a better solution" that means that solving cheating isn't a priority for them, and if we care about that we shouldn't buy their game. It especially doesn't mean you should accept a rootkit to buy their game
I bit of anger or at least disappointment in your post. However, "The fact that everyone has a device with a bunch of proprietary backdoors that they don't have root on and that serves as a single lynchpin through which their life can be ruined is the most fundamental destruction of personal computer and identity security that's ever been realized" is completely true.
You should be angry at people who try to hack your computer with the express intent of spying on you or controlling your behavior. I am angry that people will waste my time trying to defend this behavior to me, whether it's about phones, smarthomes, or video games
Also, the thing where people think being angry makes you automatically wrong has gotta be a holdover from lead paint. I truly can't believe people are that stupid naturally
I just gave an in-depth breakdown of why that's not true. Your reply amounts to saying "nuh uh!" with no justification. There is nothing to engage with in this reply. It doesn't even attempt to have any substance
Your in depth breakdown doesn't address the substance of the argument at all, it's mostly a distraction.
Servers can not bear the entire weight of guarding against cheat, it's impossible. If you don't understand that then you are not in a position to be writing any sort of breakdown.
Several games and game protocols require security on the client side to be able to stop cheats. You can't have security on the client side if the client has full access to the hardware and OS.
It's not more complicated than that, and your 'breakdown' doesn't adequately address that. You can dismiss this point if you like as you did when I made it in my previous reply, but it doesn't make it any less a fact.
my problem with them is that they open room to a lot of risk when the dev fuckup and they don't even work. plenty of motivated cheaters bypass them you can even find tutorial on youtube for that. that mean they only make the experience worse for linux user.
The Anti cheat stuff along with some graphical glitches on some games (namely the original Deus Ex, ancient I know but I love it) meant I couldn't fully commit to Steam on Linux. But booting up the Master Chief Collection and signing into Xbox live to play Halo 3 on Linux at better framerates than Windows really tickled my sense of irony, what a feat they've managed!
And I also miss community maintained dedicated servers, with some opinionated admin who boots off cheaters. I don't like installing the kernel-level anti cheat stuff even on Windows, it is no better than that Sony BMG rootkit that kicked up a storm years ago, now we just accept it in the rear for some reason. Centralisation ruins everything.
Community servers can't offer strong cheat protection. If you can modify the client then you can cheat most of the time, and the server can't necessarily do anything.
> rip out the anti-cheat stuff and the games generally work
Yeah, that's called piracy. The ant-cheat stuff isn't going anywhere, and even without it plenty of games require DirectX which has no Linux equivalent.
It isn't piracy, anti-cheat technically isn't DRM. Many games let you disable it for the purpose of running mods. Even Halo: Master Chief Collection, a Microsoft game, has concessions made by the developer so that it works properly on Linux given anti-cheat is disabled (they've mentioned it in patch updates).
Judging by the second bit in your post there I guess you haven't been paying much attention to gaming in the Linux space in the last 6 years or so, lol.
Ripping out the DRM absolutely is piracy, and it's the only way to do it since the companies themselves are not doing it.
Anti-cheat absolutely is DRM, a lot of the time. It explicitly uses DRM tech from companies that make DRM technologies. At the very least I guess if we want to be precise we could say DRM is often a component of anti-cheat technologies even if anti-cheat isn't explicitly DRM.
I've been paying attention to the gaming space, and I know it still sucks unless you use Steam and Proton (which can't be used without Steam). Valve even pretty much gave up on their console because the developer support just isn't there.
Lmao, c'mon dude. Many companies are, in a literal sense, doing it, I gave you an example of one. Splitting hairs about the definition of DRM misses the point that it's treated as a separate thing. I was also only making the point that it's the anti-cheat that stops the games from working rather than issues stemming from compatibility layers, getting your panties in a bunch because of the mere theoretical possibility of removing anti-cheat from a game is ridiculous.
Proton can be used for software outside of Steam (though isn't designed for it) but is made up of open source components that definitely can be used separately from Steam. Proton is a Codeweavers-led project and the vast majority of the improvements Valve and it's contractors have made to Wine and it's supporting projects that Proton rely on have made it upstream. Steam Deck is selling extremely well and major publishers are testing their games and making changes specifically for the platform. Steam Machines was a decade ago, the state of play has changed.
You didn't say DirectX was a big deal, you said 'DirectX has no Linux equivalent'. It does, it's provided by Wine and it's supporting libraries wrapping DX and D3D API calls to SDL and Vulkan. Feature parity is strong and performance is in the same ballpark, as it would need to be given the software is being developed in mind for an anemic mobile AMD SoC. Though in spite of that even DLSS and ray tracing works on hardware that supports it.
I call bullshit on you paying attention, you're saying too many things that are provably incorrect.
> I call bullshit on you paying attention, you're saying too many things that are provably incorrect.
I'm not incorrect. I don't think you have experience with what you say. Have you actually tried to use Proton without steam? Yes, the changes eventually make their way back into WINE but Proton is basically unusable without Steam unless you want to do a lot of work.
Saying Linux has a DirectX equivalent via WINE is preposterous. WINE is offering compatibility with the WINDOWS solution because Linux DOESN'T have an equivalent. WINE might forward some to SDL and Vulkan, but neither of those are anywhere near to being a complete replacement for DirectX.
And I'm not 'getting my panties in a bunch', I was just pointing out a fact. If you want to turn it into semantics and throw insults, that's your choice.