Hacker News new | past | comments | ask | show | jobs | submit | burnished's comments login

Maybe try reposting at a different hour of the day? This was interesting, a little surprised it received no substantive commentary.

Yes, this seems possible. I only wonder if it is too fragile to be self perpetuating. But we're here after all, and this place used to be just a wet rock.

Huh. Never thought about it that way; replacing hypothetical MITM attacks with genuine middlemen.


I suspect its more about how much national information you're exposed to today than any sort of time based moral failing.


I cannot be convinced that swatting is something that used to happen. Is there a history of this?

I legit do not remember seeing anything on the evening national news about that in the past, like from before 2000.


9/11 policy panic, the wars in Iraq and Afghanistan producing surplus equipment, 400 million privately owned firearms in the US, US history of police standoffs, DoD investment in military PR including Navy Seals worship, and much more have ALL contributed to the Swatting phenomenon.

I don’t think we could have intentionally created an incentive structure for swatting more if we had tried.

And it’s going to continue because guess what was one of the major issues in this election? Domestic security!


There's also the super weird (to people outside the US) insistence that the only possible response to gun violence (by gangsters, school kids, or cops) is "thoughts and prayers".


The solution is obvious, but we unfortunately continue to choose not to do it.


Constitutional amendments are basically impossible in the US. A congress member shot at a congressional event won't even vote change the second amendment (Scalise).

Even conservatives know the only hope is stacking the supreme court.


None of what you mentioned backs up the idea that swatting used to exist in the past as it does now.


I didn't do a great job segueing from the parent. I agree with the parent, and my comment expands on why its happening now when it wasn't happening, at least to the same degree, in the past.


Maybe not swatting, but bomb threats were probably the equivalent. My junior high had at least 2 that I can remember where we were all cleared out for hours as the school was searched. Swatting had the internet to fuel it's rise, local news programs didn't use things like reporting on every fake bomb threat to generate views or "engagement" and in turn did not spread the idea to a massive amount of people. But they still happened, quite a bit. Like many things fueled from the internet it rewards the more extremes, bomb threats are childs play now--but at one time they weren't


The earliest it could have started is when SS7 links and the internet were bridged by dodgy / nefarious owners of said SS7 links. That started to take off around the mid 90's to spam phones with spoofed numbers. I wanted to get the SS7 links terminated but my boss in the wireless industry, tied heavily to SS7 would not let me because they were paying their bill. It would have been one phone call to terminate many of them.

I suspect you are probably right about the timeline for swatting as shady VoIP providers started getting popular in the early 2000's and started being used for more than just spoofing text advertisements.


Swatting is something new (popularized by the Internet, made possible by military surpluss gear sold police wanting to larp in tacticool shit) but stupid pranks with deadly consequences are not.


It became really easy and cheap to use a VPN and VOIP number.


Oh, that could be quite likely, copy cat crimes are a thing after all. I simply mean that people weren't harmlessly interacting before that is all, swatting didn't supplant relatively harmless pranks.


Not in the way you're trying to imply, ie broadly recognized as a concern


eh. Back in 2017, Gorillaz released "Hallelujah Money" via youtube. A week later, the song was altered because it had used a clip from Spongebob at the end of the song. The physical album was released a few months later, and contained the new version without the spongebob clip.

I pirated the song the day it was released, so I still have the artist's original version. Ever since then, I've always wondered how we can trust that streaming platforms with a monopoly on a service, will provide unaltered versions of an artist's work.


They've been changing album covers and songs since at least the 70s. This isn't anything new or recent, except streaming makes it a lot more convenient while also getting artists out of hot legal water like the Gorillaz change. I'm not here to defend streaming services (vampires), but changes are coming from the artist and not the service. Youtube didn't take out the spongebob sample in the Gorillaz song.

Obligatory billy woods + kenny segal's Spongebob: https://www.youtube.com/watch?v=83F4JpVu61k


Sure, but I think the point is that if you aren't in possession of a copy of the recording, then you will be affected by these changes whether you like it or not. If you are in possession of a copy, that copy will never be so affected.


Agreed, I was just making a comment that the changes can be from the artists and not the services.

I've been streaming music since Yahoo music, but have started to change my ways by buying vinyl or digital through the artists own site or bandcamp. It's less about my music changing and more about supporting the artists instead of the corporations taking a big cut.


This is nothing new. Back in 1992, Beastie Boys wanted to use a Jimi Hendrix sample but couldn’t get it cleared for the album Check Your Head. They later secured the rights and were able to use the Hendrix riff on the single and music video version.

https://www.beastiemania.com/songspotlight/show.php?s=jimmyj...

I’m sure someone could find an even older example.


Not only can't you trust them not to alter the works, you can't even trust them to keep the work available in perpetuity. Video is especially bad with this, with shows and movies randomly getting pulled and/or switching streaming platforms.


It's the artist who altered the song, not the streaming service.

I've never heard of a (legal) streaming service that edits the songs submitted to its platform outside of YouTube (which can mute sections of videos that contain copyrighted audio)


I think that is one of the steps towards tacitly admitting the project is no longer maintained/maintainable


My bad, I was tired and somehow thought of linting as "make that code pretty", not bug reporting.


Harry Potter isnt typically considered scifi because it doesn't critically examine its own premise and because the rules of the universe are yoked to the needs of the plot.


> the rules of the universe are yoked to the needs of the plot

It’s common for the rules of the universe to be adapted to fit the plot of random Star Trek episodes.

HP is not considered science fiction because of the trappings of the story. People use spells and enchanted objects for telekinesis, teleportation, and time travel not psychic abilities and technology to do the same things.

> critically examine its own premise

A great deal of science fiction doesn’t do that while plenty of fantasy does.


A common refrain in american homes and schools is about american superiority over all other countries, especially their rivals like china.


Is that perception why everyone online constantly shits on America and proclaims that every other country is superior? For as much as people like to accuse Americans of being "'Merica, fuck yeah!" the truth sure looks like it is mostly other countries with the arrogant attitude.


Capacity for self criticism is part of what lets America reïnvent itself.


yes and it's deeply ironic that you just quoted an American film which was satirizing that attitude twenty years ago!

if anything I feel like Americans have become extremely self loathing in the passing generation since the release of Team America: World Police


Interesting that the self-loathing seems to be associated with waging unpopular and losing wars. I didn't live through it but the Vietnam War seemed to have some similar impact that persists to this day with the utter loathing of conscription. It seems to be the same underlying cause: that bad leadership essentially permanently burned credibility for their country for no gain for their country.


Lots of gain for those in charge, and their cronies.


Americans may feel that way, but "Team America: World Police" still applies to US foreign policy in 2024.


You gotta think about surface area and risk when comparing apples to oranges here.


Not an expert but I've done a little reading and basically the combination of real time actions and a network makes it intractable, you end up just having to trust the client on some things (or having to make trade offs like a client potentially not having the information needed to display the game state to the player, or choppy/unresponsive gameplay as a function of latency).


>some things

Any specific examples? I hear this said all the time and it's almost never true.

Movement, for example: many decide to just let clients be fully authoritative over their positions and then act shocked when teleport hacks drop. Just keep track of the player's max move speed server-side, continually validate, and flag if they consistently move faster than is possible according to the server. No one is ever saying you have to validate inputs server-side in lock step with zero client-side prediction whatsoever and enforce 200ms of input lag for all players.


It's not teleporting that's hard to deal with, it's aimbots and wall hacks. You have to trust the client with enemy position information that it shouldn't be able to see yet, and trust their shot position inputs.

Also, constantly flying around and teleporting is easy to catch, but using it in small bursts is very powerful and harder to catch.


>You have to trust the client with enemy position information that it shouldn't be able to see yet

That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

>constantly flying around and teleporting is easy to catch, but using it in small bursts is very powerful and harder to catch

Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.


> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

Has already been done in COD: Warzone. Varying levels of success, cheat developers end up heuristically eliminating fake players.

> Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.

This issue usually is game/game-engine dependent and is achieved either by exploiting bugs or manipulating lag compensation. Not exactly a very common thing.


> Even small violations of continuity seem like they'd be observable server-side, no? I've not studied this, but presumably clients must be constantly phoning home with their position.

Jumps in position are not always illegal: network issues, quirks from physics-based forces, glitches in the game, are all very common and can all cause unexpected positions. Differentiating from bannable offenses is not easy. Yes, there's always heuristics you can use to narrow down possible issues, but you have a limited CPU budget: You need to be running multiple instances per machine, each updating 60 times a second, serving dozens of players, sending and receiving constant updates to and from all players 30-60 times a second, while simulating physics, large worlds, complex player states, and synchronizing the states of thousands of objects. It's tricky to get everything right and performant. And people will get extremely mad if you make a false positive.

> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large enough to prevent being able to auto-aim or wall hack. Run some bots or actual player movements recorded from other matches, originating from roughly the same point where you last saw the real opponent.

But what is the client suppose to do when actually seeing the real position? At someone the waveform needs to collapse and reveal the real location. The only way to make the fake locations indistinguishable from the real ones is to make them a real enemy player from the client's point of view. But then you stumble across all these fake enemies that don't do anything? You could place them in unreachable positions so normal players wouldn't ever find them. But then the heuristics for checking if a client "knows" about the position is still quite fuzzy. Also, visuals aren't the only giveaway of an enemy location. Audio is also location based. Playing fake audio would be detrimental to normal players' experiences.

Having said that, the unreachable-fake-player technique is not bad, it can cut out some low hanging fruit. But it's only part of the equation of a robust anti-cheat solution. It's complex to implement and only gets you some cheaters.


A simple example is clock timing in chess, you have to trust the client about when it received and when it sent if you want to avoid treating everyone as a cheater and penalizing genuine latency.

If I remember right an anecdote from someone in the trenches was along these lines for a more complicated real time game, though I think the peer comments have the more typical types of problems. I looked for the thread I was reading this in but came up dry, sorry!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: