[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Use of PyScheme for game projects

To: pygame-users@xxxxxxxx
Subject: Re: [pygame] Use of PyScheme for game projects
From: "Brian Fisher" <brian@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 16 Jul 2006 20:38:15 -0700
Delivered-to: archiver@seul.org
Delivered-to: pygame-users-outgoing@seul.org
Delivered-to: pygame-users@seul.org
Delivery-date: Sun, 16 Jul 2006 23:38:23 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=epq+1smduty7C9GEbVGYdxEDtl1YXiinCZAMhXQurOl+2g8fAg975yJUdNIoJnas8pGXa1b0PwZofFRrM51J5QAh49WzIpl2WHVBk2H1+DD6cNsh/H0mP8cLFD+xS13v1eP5rbqEBvr0FFkbJ4Gb5413n/n6KQswTPzFYWB1VCc=
In-reply-to: <20060717024400.37079.qmail@web37904.mail.mud.yahoo.com>
References: <64ddb72c0607161730m3f3f694eubab8dc918f6c2a65@mail.gmail.com> <20060717024400.37079.qmail@web37904.mail.mud.yahoo.com>
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx

On 7/16/06, James Hofmann <jwhinfinity@xxxxxxxxx> wrote:

For games I've implicitly decided to favor simplicity
of implementation over absolute security, for reasons
that are more ideological than technical.

I agree with this sentiment, but I think in the context of the
original question, it's kind of missing the point...

2. This is the exact same security issue the user
faces when running any downloaded executable currently
- without thoroughly scanning the code beforehand,
there's no telling what the program will do. So while
this solution is no *better* than running a downloaded
game, you can't construe it as being *worse*. The only
"trust" one can put in downloaded games is that of
branding and communal relationships.

I think the reason people would like to have game engines with a
sand-boxed environment is that user made content encourages
"spoofing", where the submitter of malicious content gets to look like
they are someone who the end-user is more willing to trust (thereby
messing with the trust model). If "Safe to Download Games, LLC"
distributes user made levels, but "Shysty McShysterson" submits a
level pack that turns computers into a zombie box when they beat it,
then if the level testers post that level (which they might cause they
don't beat every level) then a bunch of people who trust "Safe to
Download Games, LLC" may get slammed. Thereby Shysty gets a chance to
infect users who would never ever trust him... and many users stop
trusting Safe to Download.

... but again, I agree that chasing perfect security is a bad approach
ideologically (because there is nothing inherently & universally
different from actions that are malicious and those that are intended
for good)

Follow-Ups:
- Re: [pygame] Use of PyScheme for game projects
  - From: andrew baker

References:
- Re: [pygame] Use of PyScheme for game projects
  - From: René Dudfield
- Re: [pygame] Use of PyScheme for game projects
  - From: James Hofmann

Prev by Author: Re: [pygame] Best way to access data
Next by Author: Re: [pygame] Frantic memory usage
Previous by thread: Re: [pygame] Use of PyScheme for game projects
Next by thread: Re: [pygame] Use of PyScheme for game projects
Index(es):
- Author
- Thread