Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I worry about the griefing potential here.

I can imagine nothing pissing off a noob more than getting a virus within 10 minutes of play and having no idea how to stop his ship from self destructing.

Perhaps this will need some sort of firewall system built in where ships cannot communicate unless ports have been explicitly opened. Perhaps some sort of communications proxy that can serve for safe communications.

It could have a system similar to EVE where high security systems have infrastructural to mitigate risk whereas low sec systems lack this but contain the best rewards.



I expect that inter-computer communication will be more like it was in the 80s, with swapping floppies and dial-up BBSs being the norm. It's still possible to get viruses that way, but there won't be worms spreading autonomously through the entire system.

I can imagine how an economy of reputation could arise where some people are trusted to distribute malware-free code.


I was thinking they could treat software and components like we do when granting third-parties permission to access our Twitter/Facebook accounts:

Plasma Shield Generator requests the following permissions:

  * Read/write to the ship's log
  * Draw power from the core
  * Use the red alert system
Plasma Shield Generator will not:

  * Access communication protocols


It doesn't even indicate protected memory segments. You should be able to implement traditional buffer overflows and self-modifying assembly on this processor (that is, you can write to your instructions as if they were any other type of memory).

Here is an analogy, what you are talking about is secure walls with a lockable door; what you have in this chip is some wood, a saw, some nails and a hammer.


It's 128KB of RAM, that's the same as the original Macintosh in 1984. I would be surprised if it ran at more than about 10MHz. And nevermind the constrained resources for implementing any of this hypothetical infrastructure, unless Notch adds an MMU, you can't enforce permissions

You can't think about this in modern terms. It's not a modern computer. It's a 1980s computer, and it's supposed to run a spaceship. Think microcontrollers, not smartphones or set-top boxes.


Couldn't the permission system exist outside of the constraints of the in-game computer (as just some game mechanism)? If each of the ship's discrete components were accessible at some address, couldn't the game enforce the permissions at a level above the simulated CPU?

A rough static analysis of the code might reveal where those components are accessed, and as long as you enforce permissions while the software runs then you should be able to catch anything that tries to slip past.


Someone could write an out-of-game emulator[1] which people could use to test software.

[1] I have no idea what the correct terminology is here.


Go back and look at the first post in this very thread. Notch explicitly intends nothing of the kind, and I certainly can't see why it would be done -- it runs counter to the vision thus far articulated.


I know he said that. I'm following the conversation. I'm just describing an idea for a permission system.


It should be possible to provide programs as "data" that is interpreted by the program "running" on Notch's CPU, thus allowing a fine-grained, whitelisted permissions even without MMU. No?


Depends on how it's structured, doesn't it? It's entirely possible that programs and data will share the same memory with no sandboxing between programs. In that case, then without some sort of MMU a virus could just inject code into an otherwise benign program.

Even with finer program access controls, it would still be hard to protect as long as untrusted code was allowed to alter trusted.


You don't understand what I'm proposing. If you want to put it in terms of sandboxing, what I am proposing is a sandbox.


You would have to abstract the CPU in some way and then write the permissions management in software as part of the interpreter. Bear in mind that this is already only a 16bit CPU with a restricted address space.


You would have to abstract the CPU in some way and then write the permissions management in software as part of the interpreter.

Yes, that's what I said. :)

Bear in mind that this is already only a 16bit CPU with a restricted address space.

I suspect the interpreter could be made to fit, with limited space left for the untrusted (to-be-interpreted) code. As has been pointed out elsewhere, though, if there is a backing store (i.e., simulated hard drive), it's probably possible to have effectively unlimited "RAM" in the game in practice, unless Notch implements a slowdown for accessing the backing store.


True, but your CPU is limited too so having to lex & parse sourcefiles and walk syntax trees to run programs could be a bottleneck there, if you remember old computers there was a significant performance gap between native and interpreted code.

In practice that might not matter for many applications if they do not have to use intensive algorithms etc.

I would still imagine that compilers would be used more than interpreters though which would mean that some security would need to be present at the "hardware" or "firmware" level.

Another interesting thing to think about regards backing stores:

I assume that the programs will be able to take input from the world around them, i.e other ships , objects in space etc.

So what's to stop you from using (perhaps) a tractor beam to re-organise the position of asteroids in space and then "read" that data back using ship instrumentation?

Potentially the entire universe becomes one big DB!


Wow, now that is a very cool idea! I'm really looking forward to the game.


Notch could write some very basic software that everybody can buy or upgrade to. So players will have basic firewalls to start with, and can upgrade to better (but standard) firewalls.

So not everybody needs to actually know how to program, they can just buy stuff from NPCs or from the market off other players. But obviously, the ones who do know the system inside out will have an advantage.


Unix permissions would be a simple layer to add on top. Create a user/group/root structure for read/write/execute (execute?).

A road location would be rwxr--r-- while a road texture could be rwxrwxrwx.

Your player's character look could be rwxr--rwx.

A signpost coudl be rwxrwxr--.


It could have a system similar to EVE

I hope this is the opposite of EVE in practically every way... except the high-level concept. Let's not give Notch any ideas.


There were a lot of things that were good about EVE (it's been about 4 years since I played).

Examples would be: The Economy. Ship Configuration System. The Artstyle. The security model. The unforgivingness (made you think carefully before you acted).

The problem was just that the combat always felt a bit bland and favored players with the biggest ISK supply and XP. So in reality you needed to be part of a huge corp and wait for months for skill training to be competitive.


Firewall? Ports? Communication proxy?

It has 64K 16-bit words. What exactly are you expecting the default software to do that opens it up to viruses?


Do not underestimate those old computers. When you remove audio, visual, and textual data from your programs, remove all the code for handling those and slinging them about and processing them, when you remove the textual file formats and replace them with hand-optimized binary, when you give up on any form of structured modern programming and just hand-compile custom assembler, when your opcodes aren't 64-bits wide, and so on and so on, you can get a lot done in 128KB of code.

Obligatory (but illustrative of my point): http://www.pbm.com/~lindahl/mel.html


Exactly. Remember the 64kb video demos from 2004?

http://www.theproduct.de/


Problem was most of the demos used many many megs of ram as they procedurally generated objects and stored them in memory. The 64k demos were disk size.

Assuming memory mapping is used for displays the (128k of ram (64k of words)) is also needed to hold your display buffer. Assuming a mere 320 x 200 x 8 screen will use 1/2 of your entire virtual memory space. Look for demos of what people do on C64 demos for a better idea. Yes you can run a UNIX, yes you can talk TCP... but its going to chew up a lot of the capacity for that infrastructure. I expect very light weight protocols, TCP/IP is likely too heavy weight.


Who knows. Assuming there is some way for players to transfer stuff between their computers and therefor address spaces all you need is one rogue jmp instruction.

Not to mention the usual social engineering stuff. "Hey install this great program, it'll make your guns 200% more powerful"


Someone should port http://en.wikipedia.org/wiki/Contiki for this :)


Wow, like if you are programming assembly, that is a pretty huge space. One example of what can be done in 128k bytes is http://www.ciexinc.com/telemed/index.html.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: