[scheeseman486]

That's the only major roadblock left, rip out the anti-cheat stuff and the games generally work. I'm not sure how Valve could address this without people getting angry. They could eventually leverage their immutable rootfs setup to enable attestation of the system stack and run the games in security hardened containers?

[keyringlight]

My feeling is that Valve's approach via using wine/proton is pragmatic in terms of getting something that works for them and reduces how much they're held hostage to windows, but it's a missed opportunity to go further and decouple PC gaming from windows. As it stands they are downstream of whatever MS does to the 'reference' platform and how developers use it (because that's where the majority of users are).

I'd love to see what would happen if a consortium was formed to take responsibility for gaming on the PC platform, and I wouldn't be surprised if MS wouldn't mind abdicating maintenance especially if their xbox fortunes have waned and there's less mutual benefit for them.

[bonton89]

Valve basically tried the later approach with the initial Steam for linux push which included steam machines and the steam controller. It did have some level of initial success but clearly had lost momentum and the developer support it had seemed to fade after a few years. There were quite a few direct ports during that time though. I think they would have preferred that approach but ultimately decided it was a bridge to far.

[account42]

They didn't put a fraction of the effort into Steam Machines that they have put in the Linux ecosystem since then.

[doubled112]

Wouldn’t this hypothetical consortium need to be made up of fairly large players?

As in Microsoft, Nvidia, Intel, and friends?

I’d imagine they’re pretty happy with the status quo.

[Arch-TK]

If linux gaming requires you use a blessed immutable OS where everything you run is either unprivileged or signed by a central entity, it's not much better than just using Windows at that point.

Kernel level anti cheat is a failure. You need to control the hardware to do it properly. The only hope is to wait for less locally intrusive and more robust anti cheat solutions.

Basically the only possible solutions at this point lie in the AI space.

[scheeseman486]

> If linux gaming requires you use a blessed immutable OS where everything you run is either unprivileged or signed by a central entity, it's not much better than just using Windows at that point.

Yes it is, given that unlike Windows you still ultimately know what code being executed on your computer and have some degree of control over it.

Should add, this isn't necessarily something I want, lucky for me I don't really play the games that require anti-cheat. But it is something that Valve could conceivably do.

[Arch-TK]

You have as much control over it as you do over windows in this state: i.e. uninstalling the OS.

Just because you know what the base is doing, doesn't mean you get to see what the proprietary kernel level drivers, loaded at runtime, are doing.

Really it's effectively as good as having windows and running an open source web browser, or an open source kernel driver. It doesn't change the fact that your computer is being fundamentally controlled by components you can't change, some/many of which are also proprietary.

[scheeseman486]

This isn't a problem unique to what we're talking about, virtually every desktop PC on the planet has proprietary blobs running regardless of the OS used. I agree it sucks, but they're also not strictly necessary to run the containerized setup I proposed (any more than they're necessary to run the computer itself). It's possible to have attestation without anything proprietary/closed source.

[Arch-TK]

While it's possible to have attestation without anything proprietary/closed source. If you look at widevine you will quickly notice how that's very unlikely to happen. While it's possible to do this in containers, if you look at how DRM is built into the HDMI protocol, you will notice that it's unlikely you'll ever get to control a base while running the proprietary stuff in a container.

Your idea is somewhat possible, but it's never going to happen in reality. I can already run windows in a VM for the exact same result.

[scheeseman486]

It's unlikely sure, but I look at the alternatives and they seem even less likely. I really doubt consumers would be happy with normalizing rootkits on Linux, even those at Valve wouldn't want that. So what other choices are there? That question left me with the answer I gave.

Running Windows in a VM would be less efficient than running a stripped down Linux stack inside of a container. Going the Linux+Wine route requires less proprietary code and would be free to license. Hardly an exact same result.

[advael]

Jokes

I think there are three fundamental categories of cheating threat models that actually matter: State poisoning, Information leakage, and Input automation

State poisoning means your game was poorly written, period. Either that's a vuln within the code itself or badly implemented netcode. A 2-player game can have total asynchronous client separation and still be peer-to-peer. A more-than-two-player game is almost always run on a server that serves as the single source of truth. In either case, a game that doesn't make the fundamental guarantee that the inputs available to a player and maybe some initial random seeds are the sole determinant of the gamestate have no hope, and rootkitting your computer because they wrote their game's statemachine or interfaces like shit is not the correct solution. If your answer to this is that big game studios shouldn't have to learn how to write more solid code, this means that the sanctity of their game isn't that important to them, not that they should get to root your computer

Information leakage may be somewhat harder. Often you want the simulation to be running client-side, so a naive model of netplay would have the full state available to all clients from a technical perspective... but this doesn't have to be true. In most cases, you can do partial state with rollbacks to make it much harder to cheat from a technical perspective, even making no guarantees about the clients themselves. I think even when this is hard, the correct path here isn't rootkits, it's approaches that start to approximate zero-knowledge proofs. This also means there's a rich literature of zero-knowledge proofs to draw on

Input automation, to be honest, is basically hopeless to prevent upfront regardless of what you do. If you can plug external hardware into your device at all, you can rig up something that automates your inputs. This can be hard to even verify in person, let alone through even a rootkit. I don't personally think it's worth worrying about that much, but if you care about macros and the like, it's really difficult to prevent. However, if there's money on the line or something, there are good analytic forensic techniques to detect this kind of cheating after the fact. Maybe this is where "AI" could actually help, as some kind of sequence-based anomaly detection that can run in real time might be able to detect unusual input clusters, but I worry that the false positive rate is going to be super high. Honestly seems like a lost cause. But crucially, not a lost cause that you get around via compromising the OS at a kernel level

Anti-cheat that "needs to own your kernel" is more user-hostile corporate bullshit. Most games work fine on linux, but frankly no game is worth a rootkit, and no game needs one. The fact that some companies demand it should be viewed as those companies trying to scam you. That's not how the security of anything on the internet works. It's only how security of a bunch of mobile stuff works because Microsoft has trained generations of otherwise smart people to believe their total lies about security, and Google and Apple have taken advantage of this to secure a massive amount of control and surveillance over everyone who owns a smartphone (Which is increasingly required because they've also convinced people that fake 2FA that's just your phone as a single source of identity that can in fact often effectively be 1FA because it can override other authentication methods in most cases is somehow secure. The fact that everyone has a device with a bunch of proprietary backdoors that they don't have root on and that serves as a single lynchpin through which their life can be ruined is the most fundamental destruction of personal computer and identity security that's ever been realized - to say nothing of privacy, and that's a huge accomplishment given all that Microsoft, Facebook, and Amazon have done and still do to compete for the title)

Giving a corp a backdoor to your computer doesn't secure anything except that corp's ability to fuck with you. Don't believe Microsoft, Apple, Epic Games, The NSA, or anyone else who tells you that the best way to secure something is to give them a backdoor. Fuck all those people. They have not only gotten their slimy tendrils in a ton of people's stuff through these lies, but have propagated bad information about how to do security to a ton of organizations. If someone who works at one of these scummy companies or agencies responds to this with some condescending corp-speak at me, I've got a bunch of work to do so I'll probably not get to you immediately, but I pre-emptively say that making this argument at all fundamentally undermines your credibility, and also I hate you on a personal level. You've been a spook too long and it's rotted your brain, hypothetical internet stranger who might not even exist, quit your job and fix your heart

Basically, don't believe any of this "We have to own your computer for your own good" nonsense. That's a scam. Every time. Also, proprietary software should be assumed inherently insecure by default, not the other way around. A better world is possible

[Arch-TK]

The reason companies seem to bother at this point is that, by implementing increasingly intrusive anti-cheat, they force cheaters to be increasingly subtle. With sufficiently intrusive anti-cheat you end up with gamers believing that the game they're playing has no cheaters.

This currently happens in at least some of the games which utilise kernel level anti cheat, as demonstrated by numerous videos on the topic which also shed light on massive communities of cheaters who just end up buying or making their own hardware based cheats.

[advael]

Gamers will believe anything a company they like tells them. The fact that these companies can attract arguably the most insufferably delusional audience of frothing bootlickers to ever walk the earth to defend them doesn't justify their decisions on a technical or an ethical level

If the explanation for why a company needs a rootkit is "they don't want to spend effort on a better solution" that means that solving cheating isn't a priority for them, and if we care about that we shouldn't buy their game. It especially doesn't mean you should accept a rootkit to buy their game

[Arch-TK]

I agree, but I am not the kind of person you need to persuade not to buy spyware.

I am just explaining the kinds of reasoning I've heard first hand coming from "gamers".

[advael]

I view self-identified "gamers" as a cult at this point. If my goal were to persuade them of anything, I'd probably fail. I'm not in marketing for a reason. But the fact that a bunch of fools believe in something doesn't make it true

[RandomGuy45678]

I bit of anger or at least disappointment in your post. However, "The fact that everyone has a device with a bunch of proprietary backdoors that they don't have root on and that serves as a single lynchpin through which their life can be ruined is the most fundamental destruction of personal computer and identity security that's ever been realized" is completely true.

Biggest scam ever!!!

[advael]

You should be angry at people who try to hack your computer with the express intent of spying on you or controlling your behavior. I am angry that people will waste my time trying to defend this behavior to me, whether it's about phones, smarthomes, or video games

Also, the thing where people think being angry makes you automatically wrong has gotta be a holdover from lead paint. I truly can't believe people are that stupid naturally

[DEADMINCE]

> Basically, don't believe any of this "We have to own your computer for your own good" nonsense. That's a scam. Every time.

Not really. It's all they can do to stop PC gamers cheating without having control of the hardware.

[advael]

I just gave an in-depth breakdown of why that's not true. Your reply amounts to saying "nuh uh!" with no justification. There is nothing to engage with in this reply. It doesn't even attempt to have any substance

[DEADMINCE]

Your in depth breakdown doesn't address the substance of the argument at all, it's mostly a distraction.

Servers can not bear the entire weight of guarding against cheat, it's impossible. If you don't understand that then you are not in a position to be writing any sort of breakdown.

Several games and game protocols require security on the client side to be able to stop cheats. You can't have security on the client side if the client has full access to the hardware and OS.

It's not more complicated than that, and your 'breakdown' doesn't adequately address that. You can dismiss this point if you like as you did when I made it in my previous reply, but it doesn't make it any less a fact.

[advael]

That's ridiculous. A server only needs to be capable of running a single authoritative copy of the game and handling dead simple network requests to prevent every kind of cheating that matters except input automations, which you can't prevent reliably with a rootkit anyway. If you have a case where this isn't true, feel free to expand on it instead of just blindly believing it must exist. You don't need client-side control to make very powerful guarantees of systemic security in much more serious contexts than a game. You're not only doing special pleading, but you're doing it for a scenario that, as far as I can tell, has no theoretical reasoning and no examples, because you haven't provided any. I have to conclude it's imaginary. I gave you a good breakdown of what threat models I think exist and some sketches of technical solutions, like client separation and authoritative servers. I speak from both sound theory and experience implementing netcode here. Maybe you are too, but I can't tell from what you're saying, because again all I'm hearing is "nuh uh, sometimes you need it!" I see no why, how, or when in that argument. Is the problem you can only fix by having total control over the whole platform of every client in the room with us right now?

[yownie]

what a nonce.

[gryn]

my problem with them is that they open room to a lot of risk when the dev fuckup and they don't even work. plenty of motivated cheaters bypass them you can even find tutorial on youtube for that. that mean they only make the experience worse for linux user.

They shouldn't exist, yet here we are.

[Am4TIfIsER0ppos]

The solution to that is dedicated/community servers not stronger cheat prevention.

[HeckFeck]

The Anti cheat stuff along with some graphical glitches on some games (namely the original Deus Ex, ancient I know but I love it) meant I couldn't fully commit to Steam on Linux. But booting up the Master Chief Collection and signing into Xbox live to play Halo 3 on Linux at better framerates than Windows really tickled my sense of irony, what a feat they've managed!

And I also miss community maintained dedicated servers, with some opinionated admin who boots off cheaters. I don't like installing the kernel-level anti cheat stuff even on Windows, it is no better than that Sony BMG rootkit that kicked up a storm years ago, now we just accept it in the rear for some reason. Centralisation ruins everything.

[DEADMINCE]

Community servers can't offer strong cheat protection. If you can modify the client then you can cheat most of the time, and the server can't necessarily do anything.

[DEADMINCE]

> rip out the anti-cheat stuff and the games generally work

Yeah, that's called piracy. The ant-cheat stuff isn't going anywhere, and even without it plenty of games require DirectX which has no Linux equivalent.

[scheeseman486]

It isn't piracy, anti-cheat technically isn't DRM. Many games let you disable it for the purpose of running mods. Even Halo: Master Chief Collection, a Microsoft game, has concessions made by the developer so that it works properly on Linux given anti-cheat is disabled (they've mentioned it in patch updates).

Judging by the second bit in your post there I guess you haven't been paying much attention to gaming in the Linux space in the last 6 years or so, lol.

[DEADMINCE]

Ripping out the DRM absolutely is piracy, and it's the only way to do it since the companies themselves are not doing it.

Anti-cheat absolutely is DRM, a lot of the time. It explicitly uses DRM tech from companies that make DRM technologies. At the very least I guess if we want to be precise we could say DRM is often a component of anti-cheat technologies even if anti-cheat isn't explicitly DRM.

I've been paying attention to the gaming space, and I know it still sucks unless you use Steam and Proton (which can't be used without Steam). Valve even pretty much gave up on their console because the developer support just isn't there.

And like I said, DirectX is still a big deal.

[scheeseman486]

Lmao, c'mon dude. Many companies are, in a literal sense, doing it, I gave you an example of one. Splitting hairs about the definition of DRM misses the point that it's treated as a separate thing. I was also only making the point that it's the anti-cheat that stops the games from working rather than issues stemming from compatibility layers, getting your panties in a bunch because of the mere theoretical possibility of removing anti-cheat from a game is ridiculous.

Proton can be used for software outside of Steam (though isn't designed for it) but is made up of open source components that definitely can be used separately from Steam. Proton is a Codeweavers-led project and the vast majority of the improvements Valve and it's contractors have made to Wine and it's supporting projects that Proton rely on have made it upstream. Steam Deck is selling extremely well and major publishers are testing their games and making changes specifically for the platform. Steam Machines was a decade ago, the state of play has changed.

You didn't say DirectX was a big deal, you said 'DirectX has no Linux equivalent'. It does, it's provided by Wine and it's supporting libraries wrapping DX and D3D API calls to SDL and Vulkan. Feature parity is strong and performance is in the same ballpark, as it would need to be given the software is being developed in mind for an anemic mobile AMD SoC. Though in spite of that even DLSS and ray tracing works on hardware that supports it.

I call bullshit on you paying attention, you're saying too many things that are provably incorrect.

[DEADMINCE]

> I call bullshit on you paying attention, you're saying too many things that are provably incorrect.

I'm not incorrect. I don't think you have experience with what you say. Have you actually tried to use Proton without steam? Yes, the changes eventually make their way back into WINE but Proton is basically unusable without Steam unless you want to do a lot of work.

Saying Linux has a DirectX equivalent via WINE is preposterous. WINE is offering compatibility with the WINDOWS solution because Linux DOESN'T have an equivalent. WINE might forward some to SDL and Vulkan, but neither of those are anywhere near to being a complete replacement for DirectX.

And I'm not 'getting my panties in a bunch', I was just pointing out a fact. If you want to turn it into semantics and throw insults, that's your choice.

[scheeseman486]

SDL and Vulkan are equivalents to DirectX, to state otherwise is itself preposterous. Is it a complete implementation with perfect compatibility? No, but that's not a realistic goal or expectation even on Windows. One of the first steps I take to get older D3D9 games to work on Windows is to use DXVK, Microsoft's own implementation of their APIs isn't perfect either, having atrophied over the years.

Outside of Steam I use Lutris, which works fine. Though it's rare that I actually need to use it, given I have Steam and the vast majority of my games library is on that platform (as is just about everyone elses). Saying that the reliance on Valve's store is a problem is I guess a valid one in a ideological sense, but practically? Steam dominates PC gaming, it's what matters, even more so than Microsoft's own store.

You're the one who tried to spin up a semantic argument over your overly broad application of the term DRM, I had no interest in getting into that.