Random news on game play and security
37 views
Skip to first unread message
Abstrct
Oct 20, 2011, 12:46:58 PM10/20/11
to Schemaverse
The Schemaverse has had a pretty exciting autumn so far despite my
inability to find time to actually continue developing it. I had the
pleasure of speaking at pgWest 2011 about the game to a crowd of
PostgreSQL users, consultants and developers. The game was subject to
some friendly teasing but by the end of the conference I think it had
actually gained the respect of quite a few of the attendees.
Between pgWest, DEFCON, the mailing list, and our IRC channel, the
number of new ideas flowing in has been awesome. Due to skill and time
limitations I know it is impossible for me to incorporate them all
into the game but I think it shows that with enough time I will be
able to fulfill my goal of The Schemaverse not simply being a cool
database game but instead being a cool game in a database.
As far as the new ideas go, I want to take a bit of time detailing
some of them to help people understand what my route for development
looks like. I also hope that by discussing them we can either generate
new ideas or find ways to tweak the plan for better game play,
performance and security.
1. Changing the map
I have had a goal for the last couple months to try to find game play
tweaks that will force more Player vs. Player combat.
I have noticed other players talking fixes to try and resolve this
exact issue. Namely, there was a great discussion recently regarding
implementing a way for ships to enter a warp speed. This would help
ships cover more ground, in theory making it easier for players to
form attacks. This idea is great and some hard work was put into
thinking up the logic behind how it would work.
The only issue I have with the idea is that it was too complicated for
the game in its current incarnation. The main roadblock for new
players (at least what I keep hearing about) is that The Schemaverse
is simply too complicated to actually learn to play. So, while adding
a way for ships to enter warp would be pretty damn cool, it will add
yet another layer of complexity on what is already the most convoluted
part of the game: MOVE().
Since it doesn't make sense to implement this now, my goal was to find
a different solution that would resolve the same fundamental issues
warp set out to fix: everything is too far. The solution ended up
being pretty simple; build a smaller map. The new map details are as
follows:
-A new map will be generated during the round reset procedure.
-This new map will only have ~%5 more planets than there are players
in the game.
This may not seem like a lot but we have 1000 players registered and
about 20 who play so it should be a large enough universe.
-Every planet can now be reached.
More specifically, you should be able to get anywhere in the map in
about 3 days
-The arbitrary center box where you could create ships anywhere has
been removed
Everybody can still build on Torono at 0,0 but otherwise you can only
build on your own planets
2. Trophies
The second way of forcing players to interact more is to alter the way
players actually win The Schemaverse. As it stands currently, if you
have the most conquered planets at the end of the round then you win.
This has proven to be a slightly boring goal.
Tweaking this to be more interesting is actually pretty easy as well.
Rather than having one goal, the trophy system will be altered to make
winning require more varied play. This will be implemented with a new
'weight' column in the trophies table. The key to this new weight is
that negative weightings will also be possible. So you may gain points
for conquering planets, but you will also lose points for all your
destroyed ships. At the end of a round, the person with the highest
trophy score will win the Schema Supremacy trophy.
Here are some ideas for trophies that will need to be implemented:
-Least/Most Resources Used
-Least/Most Ships Lost
-Least/Most Planets Lost
-Least/Most Distance Traveled
-Unbalanced Fleets (based on ship stats)
Of course, actually choosing the weight of each trophy will take some
tweaking but it will be easy to tweak and test different settings to
see how it alters the final standings.
This has yet to be implemented at all but I would like to get started
on it next. I expect this to be mostly implemented by early November
unless something else comes up.
So those are my two main ideas for changing game play. I think they
will help but I would love to hear everyone’s input on them. Do you
have other trophies you would add? Any suggestions on how weighting
should look for a balanced game? Have you tried the new map system
that started today?
Other than game play features, there is also some security issues that
have come up. First I would like to again congratulate Derpfish for
obtaining the first SQL Injection trophy. I spoke with him about his
hack and he was nice enough to explain his method. It stems from a
known issue in postgres that allows for any user to set the seed of
RANDOM(). Using this knowledge, he was able to set the seed before
running the fleet update trigger and break out of the fleet function
declaration.
This was a pretty technical hack that required knowledge of The
Schemaverse and the inner workings of PostgreSQL which makes that
trophy very well deserved. Since then, I have gone through the code
and made the necessary alterations within the fleet update code, as
well as other portions of code that use RANDOM(). There should no
longer be any portion of the system that can be compromised/
manipulated with a user set seed value.
There are some other (similar) security issues which I am trying to
resolve but they require the PostgreSQL community to agree to their
importance. So far things are looking good as far as community support
for the fixes go, but you can only expect the changes required to
happen so fast. It may come down to me trying to find funding for the
fixes. This will require somebody first giving an estimate on the
development time though. If you want to learn more about the issues,
you can follow the thread on the mailing list here:
http://archives.postgresql.org/pgsql-hackers/2011-10/msg00416.php
I debated mentioning this at all for a long time but hiding something
like this doesn't help in the long run. I would rather the issue be
known and something be done about it. With that being said, if you
feel the need to test these issues on the Schemaverse db and I catch
you doing it, you will no longer be my friend.
I do have a couple tricks down my sleeve should a constant denial of
service become an issue but hopefully I will not need to go down that
route (at least until DEFCON 20).
That pretty much sums up most of what I had to talk about. Again,
development has been slow this past month or two but once my Masters
thesis is complete, I should have a huge chunk of time and energy to
put back into the game.
-Abstrct
inability to find time to actually continue developing it. I had the
pleasure of speaking at pgWest 2011 about the game to a crowd of
PostgreSQL users, consultants and developers. The game was subject to
some friendly teasing but by the end of the conference I think it had
actually gained the respect of quite a few of the attendees.
Between pgWest, DEFCON, the mailing list, and our IRC channel, the
number of new ideas flowing in has been awesome. Due to skill and time
limitations I know it is impossible for me to incorporate them all
into the game but I think it shows that with enough time I will be
able to fulfill my goal of The Schemaverse not simply being a cool
database game but instead being a cool game in a database.
As far as the new ideas go, I want to take a bit of time detailing
some of them to help people understand what my route for development
looks like. I also hope that by discussing them we can either generate
new ideas or find ways to tweak the plan for better game play,
performance and security.
1. Changing the map
I have had a goal for the last couple months to try to find game play
tweaks that will force more Player vs. Player combat.
I have noticed other players talking fixes to try and resolve this
exact issue. Namely, there was a great discussion recently regarding
implementing a way for ships to enter a warp speed. This would help
ships cover more ground, in theory making it easier for players to
form attacks. This idea is great and some hard work was put into
thinking up the logic behind how it would work.
The only issue I have with the idea is that it was too complicated for
the game in its current incarnation. The main roadblock for new
players (at least what I keep hearing about) is that The Schemaverse
is simply too complicated to actually learn to play. So, while adding
a way for ships to enter warp would be pretty damn cool, it will add
yet another layer of complexity on what is already the most convoluted
part of the game: MOVE().
Since it doesn't make sense to implement this now, my goal was to find
a different solution that would resolve the same fundamental issues
warp set out to fix: everything is too far. The solution ended up
being pretty simple; build a smaller map. The new map details are as
follows:
-A new map will be generated during the round reset procedure.
-This new map will only have ~%5 more planets than there are players
in the game.
This may not seem like a lot but we have 1000 players registered and
about 20 who play so it should be a large enough universe.
-Every planet can now be reached.
More specifically, you should be able to get anywhere in the map in
about 3 days
-The arbitrary center box where you could create ships anywhere has
been removed
Everybody can still build on Torono at 0,0 but otherwise you can only
build on your own planets
2. Trophies
The second way of forcing players to interact more is to alter the way
players actually win The Schemaverse. As it stands currently, if you
have the most conquered planets at the end of the round then you win.
This has proven to be a slightly boring goal.
Tweaking this to be more interesting is actually pretty easy as well.
Rather than having one goal, the trophy system will be altered to make
winning require more varied play. This will be implemented with a new
'weight' column in the trophies table. The key to this new weight is
that negative weightings will also be possible. So you may gain points
for conquering planets, but you will also lose points for all your
destroyed ships. At the end of a round, the person with the highest
trophy score will win the Schema Supremacy trophy.
Here are some ideas for trophies that will need to be implemented:
-Least/Most Resources Used
-Least/Most Ships Lost
-Least/Most Planets Lost
-Least/Most Distance Traveled
-Unbalanced Fleets (based on ship stats)
Of course, actually choosing the weight of each trophy will take some
tweaking but it will be easy to tweak and test different settings to
see how it alters the final standings.
This has yet to be implemented at all but I would like to get started
on it next. I expect this to be mostly implemented by early November
unless something else comes up.
So those are my two main ideas for changing game play. I think they
will help but I would love to hear everyone’s input on them. Do you
have other trophies you would add? Any suggestions on how weighting
should look for a balanced game? Have you tried the new map system
that started today?
Other than game play features, there is also some security issues that
have come up. First I would like to again congratulate Derpfish for
obtaining the first SQL Injection trophy. I spoke with him about his
hack and he was nice enough to explain his method. It stems from a
known issue in postgres that allows for any user to set the seed of
RANDOM(). Using this knowledge, he was able to set the seed before
running the fleet update trigger and break out of the fleet function
declaration.
This was a pretty technical hack that required knowledge of The
Schemaverse and the inner workings of PostgreSQL which makes that
trophy very well deserved. Since then, I have gone through the code
and made the necessary alterations within the fleet update code, as
well as other portions of code that use RANDOM(). There should no
longer be any portion of the system that can be compromised/
manipulated with a user set seed value.
There are some other (similar) security issues which I am trying to
resolve but they require the PostgreSQL community to agree to their
importance. So far things are looking good as far as community support
for the fixes go, but you can only expect the changes required to
happen so fast. It may come down to me trying to find funding for the
fixes. This will require somebody first giving an estimate on the
development time though. If you want to learn more about the issues,
you can follow the thread on the mailing list here:
http://archives.postgresql.org/pgsql-hackers/2011-10/msg00416.php
I debated mentioning this at all for a long time but hiding something
like this doesn't help in the long run. I would rather the issue be
known and something be done about it. With that being said, if you
feel the need to test these issues on the Schemaverse db and I catch
you doing it, you will no longer be my friend.
I do have a couple tricks down my sleeve should a constant denial of
service become an issue but hopefully I will not need to go down that
route (at least until DEFCON 20).
That pretty much sums up most of what I had to talk about. Again,
development has been slow this past month or two but once my Masters
thesis is complete, I should have a huge chunk of time and energy to
put back into the game.
-Abstrct
Reply all
Reply to author
Forward
0 new messages