1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
Russell Ballestrini
@russellballestrini
Jul 06 15:47
Hey all. Thinking about maybe incorporating gun in a web game. My biggest question is around preventing cheating. It is my understanding most multiplayer games that care to prevent cheating the game, do so by using server side game logic. Seems like gun doesn't make any guarantees about how a client generated data and thus could be exploited. Gun might be useful for a realtime chat but maybe not game logic / mechanic validation, etc.
Do I have this mental model correct or is there a way to "verify" that the Javascript client code that produces the data was not tampered with?

Mark Nadal
@amark
Jul 06 15:50
@russellballestrini WELCOME!!!!! :) :) :) :)
@russellballestrini yes, IDK if you have tried out the 200LOC sample game...

Russell Ballestrini
@russellballestrini
Jul 06 15:51
Crazy idea, but would it be possible to prove that a Javascript library didn't change and verify that it produced the data output? Like creating a hash of a javascript library, the function calls, and the output of the result to prove it wasn't tampered with?

Mark Nadal
@amark
Jul 06 15:51
https://github.com/amark/gun/blob/master/examples/game/space.html
@russellballestrini actually yes! That would be fairly trivial, however cheating that is also easy ;)
for instance, a hacker might /later/ change the code after it has been verified
so then you'd need to send the hash with every game call
@russellballestrini nods

Mark Nadal
@amark
Jul 06 15:52
but if you send the hash with every game call
what stops the cheater from just taking the old/correct hash
and having outbound requests use that old one?
so the example game is fully P2P logic which is cool, it doesn't have any cheating prevention in it though

Russell Ballestrini
@russellballestrini
Jul 06 15:52
Yeah, this is a fundemental issue with Javascript, yes?

Mark Nadal
@amark
Jul 06 15:52
but the way you can prevent cheating is to actually use the game rules itself
and have other peers enforce incoming events
so for instance
if you are not allowed to travel faster than 100MPH
receiving peers can check if the sending peer somehow went from x: 10, y: 10, t: 1 to x: 200, y: 200, t: 2
if the diff on that (which has to be calculated anyways for deadreckoning purposes, to handle networking latency...) is larger than the game rule allows
you know they are cheating.
etc.

Russell Ballestrini
@russellballestrini
Jul 06 15:54
and as a consensus they could reject the data update?

Mark Nadal
@amark
Jul 06 15:54
obviously this is kinda advanced for just any developer... it would be better as a framework, but realistically every game has different rules, etc. and game devs are just forced to think at much more detailed layer than average web devs.
@russellballestrini yupe, each legit peer rejecting the update
if there are 5 legit peers (untampered)
and 1 not legit peer
then... the 5 legit peers are just gonna be playing amongst htemselves :)
even if 4/6 peers were faking/lying

Russell Ballestrini
@russellballestrini
Jul 06 15:56
Could actually be fun to have two versions of the game, one for the hackers (modders) and one for the legit players

Mark Nadal
@amark
Jul 06 15:56
the 2 legit peers would still be playing with each other.
yes
I've talked about that before :) and even GTA 5 almost started doing that.

Russell Ballestrini
@russellballestrini
Jul 06 15:57
It's like "congratulations, you upgraded 'cheat mode', good luck with that"

Mark Nadal
@amark
Jul 06 15:57
yupe :P

Russell Ballestrini
@russellballestrini
Jul 06 16:10
I put space.html on localhost and ran with firefox and chrome and it loads but it doesn't let me move.
Mark Nadal

@amark
Jul 06 16:11

@russellballestrini controls are arrow keys
doesn't work on mobile (easily could, just not in 200LOC)
@russellballestrini also you need to be running the relay server npm start in gun repo

Russell Ballestrini
@russellballestrini
Jul 06 16:12
I see.

Mark Nadal
@amark
Jul 06 16:13
or you could play against me here, for like 2 minutes:
http://gunjs.herokuapp.com/game/space.html
(when you die you have to refresh page to restart)
but then I have to get back to my tech presentation
spacebar is "blast wave" (which is.... a box...)
HA
sudden death lol
refresh

Russell Ballestrini
@russellballestrini
Jul 06 16:15
gg

Mark Nadal
@amark
Jul 06 16:15
(the game mechanic isn't that good :P but 200LOC!)

Russell Ballestrini
@russellballestrini
Jul 06 16:15
I'm in a car going down the highway. This is the Internet I dreamed of as a kid.

Mark Nadal
@amark
Jul 06 16:15
oooh
ummmm
you are playing a game while driving and chatting????
STOP TALKING :P

Russell Ballestrini
@russellballestrini
Jul 06 16:16
My wife is driving. : )

Mark Nadal
@amark
Jul 06 16:16
oh PHEW
are you on mobile? game not that good on mobile

Russell Ballestrini
@russellballestrini
Jul 06 16:16
Laptop (road tripping.)

Mark Nadal
@amark
Jul 06 16:16
yeah :D so I've played this live-action game with people from Australia and Netherlands and me in the USA
even though all hte logic is P2P
it works "good enough" in 200LOC
obviously a LOT more code would make it more polished and less janky
I just blew you up again
NOOOO
sudden death lol
lol
this is why I need bullets not "shock waves" :P

@russellballestrini nods

Russell Ballestrini
@russellballestrini
Jul 06 16:18
very cool though.

Mark Nadal
@amark
Jul 06 16:18
but bullets are so much harder to program :P :P :P

Russell Ballestrini
@russellballestrini
Jul 06 16:18
I was thinking less real time, maybe turn based.

Mark Nadal
@amark
Jul 06 16:18
okay 1 last game

Russell Ballestrini
@russellballestrini
Jul 06 16:18
(for my game)
I already closed.

Mark Nadal
@amark
Jul 06 16:18
so that way I can hopefully win and :P not sudden death
ah
NP that is fine
:) cheers!

Russell Ballestrini
@russellballestrini
Jul 06 16:18
Thanks for booting that heroku

Mark Nadal
@amark
Jul 06 16:19

@russellballestrini it is the exact same one on the README that is one-click deploy :)
super easy to get started :)
Russell Ballestrini

@russellballestrini
Jul 06 16:31
Do you have to host the javascript with npm, or could I use nginx to do that?
(examples are only working when I access via 8080)
Mark Nadal

@amark
Jul 06 16:32
@russellballestrini because WebRTC still sucks
for browsers, a relay peer is still needed.
but not with NodeJS / Electron / etc. apps

Russell Ballestrini
@russellballestrini
Jul 06 16:34
Is relay peer a gun term or an industry term?

Mark Nadal
@amark
Jul 06 16:35
IPFS calls them "gateway peers"
others call them by similar/but different names
some call them "cloud peers" etc.

Russell Ballestrini
@russellballestrini
Jul 06 16:35
It's basically an "always around" peer?

Mark Nadal
@amark
Jul 06 16:37
yeah

Russell Ballestrini
@russellballestrini
Jul 06 16:38
Cool, but what about running a "relay peer" and then serving the javascript with a different websever, like nginx?

Mark Nadal
@amark
Jul 06 16:45
@russellballestrini yes that works :)
just make sure version numbers match as best as possible.
I often do an static HTML page
that has all the assets included, then I just connect to relay peers (we're working on AXE, which will be a DHT-like network of peers to use, that will be super scalable... not quite there yet though).

Russell Ballestrini
@russellballestrini
Jul 06 18:18
I went AFK for a bit, I'm just trying to run the examples locally but only the index seems to load
http://127.0.0.1:8080/gun/examples/game/
Is that correct? (after running npm start)

Mark Nadal
@amark
Jul 06 18:20
no
same route as the heroku app (same server that is running)

Russell Ballestrini
@russellballestrini
Jul 06 18:20
looking

Mark Nadal
@amark
Jul 06 18:20
/gun is a CDN path
so go to /game/space.html
the heroku app / npm start deploys relative to the examples folder
and you need the .html etc.

Russell Ballestrini
@russellballestrini
Jul 06 18:21
Cool. It's working now.

Mark Nadal
@amark
Jul 06 18:22
now play the game with your wife :D
if you are good at ThreeJS or A-Frame
I'd love to see a game made with that :)

Russell Ballestrini
@russellballestrini
Jul 06 18:23
I'm not really a Javascript coder, I get by with a dash of jquery.

Mark Nadal
@amark
Jul 06 18:23
https://twitter.com/marknadal/status/962013903004684288 was a cool demo
@russellballestrini I'm <3 jquery <3 to much of other people's frustration.