PC Always Online Single Player Game

Syphon583 said:
That's exactly how it works. As a UX designer myself, you can try and account for every possible use case and scenario, but at some point, the end user has to be the one to make a decision. It's up to the designer and the devs to create an experience that allows the user to make informed decisions, but that's where it stops.
Click to expand...
Former security engineer/auditor/hacker here.

Imagine a world where firewalls were default allow. Or Windows logged you in automatically. And file shares were created with "everyone/full control".

These are all legitimate if not common use cases, but they are not the default because of the security implications. (Okay, in consumer grade firewalls default allow out is most common, but that's because there aren't a huge number of ways to exploit that directly, and it is balanced off with ease of use for mostly non-technical consumers). 

If you look through any penetration report, I bet you will find almost as many "insecure default" type findings as you do "vulnerable version in use" findings. "It's up to the user to set up security" is a cop out, and industry attitudes are changing fast: Amazon S3 buckets used to be default world readable. You should see the steps you need to jump through and the warnings you need to dismiss to make it world readable now. 

Of course it's different when designing games (or other consumer use devices like home firewalls). No developer would want to create an excess of support tickets or a bad reputation by disabling key functionality to make it secure by default, and honestly the impact of a troll coming in to ruin your game isn't exactly going to make it to "catastrophic" on the risk assessment matrix. On the other hand, it would be trivial to set up a new "New single player game" menu function that does nothing more than create a new multiplayer game set to not listed, max players 1, and a hidden long random password. 

Tongue in cheek, I can say "Thanks for keeping me in a job", but really, the industry needs to do better than "It's up to the user".

 
meganoth said:
Human nature. People often do not decide at all (aka decide to do nothing) when they have to make a decision. And therefore that should be the safe case.

They do nothing when they are overwhelmed by choices, do not understand, get distracted, don't care, are 9 years old or 99 years old, are in a hurry. In other words most of the time.

Do you really expect a typical kid with a steam account to already make the right informed decisions about its games when you practically know that most kids have just enough sense to klick on any button that says "start"? And even half of all grown ups operate the same way?

(Disclaimer: There are actually very old people who would understand, but they are in the minority)
Click to expand...


Pernicious said:
Former security engineer/auditor/hacker here.

Imagine a world where firewalls were default allow. Or Windows logged you in automatically. And file shares were created with "everyone/full control".

These are all legitimate if not common use cases, but they are not the default because of the security implications. (Okay, in consumer grade firewalls default allow out is most common, but that's because there aren't a huge number of ways to exploit that directly, and it is balanced off with ease of use for mostly non-technical consumers). 

If you look through any penetration report, I bet you will find almost as many "insecure default" type findings as you do "vulnerable version in use" findings. "It's up to the user to set up security" is a cop out, and industry attitudes are changing fast: Amazon S3 buckets used to be default world readable. You should see the steps you need to jump through and the warnings you need to dismiss to make it world readable now. 

Of course it's different when designing games (or other consumer use devices like home firewalls). No developer would want to create an excess of support tickets or a bad reputation by disabling key functionality to make it secure by default, and honestly the impact of a troll coming in to ruin your game isn't exactly going to make it to "catastrophic" on the risk assessment matrix. On the other hand, it would be trivial to set up a new "New single player game" menu function that does nothing more than create a new multiplayer game set to not listed, max players 1, and a hidden long random password. 

Tongue in cheek, I can say "Thanks for keeping me in a job", but really, the industry needs to do better than "It's up to the user".
Click to expand...
You're all taking what I said way too literally.

I'm not trying to turn this into an argument, but I'll simply reiterate and clarify. Obviously development and security teams can and should do all they can to make systems secure. It's also up to them to make sure users are not put into a position where the user can make critical mistakes. However, at some point, users need to make sound, educated decisions (again, by being presented with options that are clear). There is absolutely no way around it. Sure there are some things you can do to prevent them from performing certain devastating actions, but you can't coddle the user for every single decision.

Can improvements be made to 7DTD UX and user settings? Obviously. But IMO the current implementation isn't broken. Just needs a little love.

 
Syphon583 said:
But IMO the current implementation isn't broken. Just needs a little love.
Click to expand...
I'd say it's actually pretty bad to have "let anyone in" as the defaults. But being a game, and thus not really that significant for anyone, it gets a lowered standard. Actual risks would require additional breaks, but I wouldn't really be surprised if someone would find a way for arbitrary code execution for any server they've successfully joined.

I'd suggest having a "New Single Player game" as an additional option, even when all it does is set safe choices. The current one renamed to "New Multiplayer game". A little more clutter, but rather understandable.

 
Syphon583 said:
You're all taking what I said way too literally.

I'm not trying to turn this into an argument, but I'll simply reiterate and clarify. Obviously development and security teams can and should do all they can to make systems secure. It's also up to them to make sure users are not put into a position where the user can make critical mistakes. However, at some point, users need to make sound, educated decisions (again, by being presented with options that are clear). There is absolutely no way around it. Sure there are some things you can do to prevent them from performing certain devastating actions, but you can't coddle the user for every single decision.
Click to expand...


I don't think anybody will contest this. You buy anything that could be dangerous and it is the responsibility of the user to not endanger himself or anyone else through his actions. 

Syphon583 said:
Can improvements be made to 7DTD UX and user settings? Obviously. But IMO the current implementation isn't broken. Just needs a little love.
Click to expand...


"Broken" may be too strong in this case, and mostly means something different than "Unsafe". And I would call 7days unsafe by design aka having a design flaw in the UI. 

If you roll out something that could "endanger" parts of your customers simply by them not taking any actions except turning it on, then part of the blame is on you.

You should not sell guns with the ammunition already in the chamber and the safety off.

You should not sell home routers with a preset WLAN password everyone knows. 

You should not sell routers that open a management interface into the internet that the user has to turn off if he doesn't want it.

You should not sell machines with movable parts with the power switch on so they would immediately start if you plugged them in.

 
Last edited by a moderator:
SylenThunder said:
Truly though, the responsibility lies on the end user. The game is likely played by the majority in a co-op setting with people who pay attention to the settings they are configuring. As such, the default settings are just fine for most people. Which is very likely why they are the defaults.
Click to expand...


But why not let us set the defaults for our own style of play?  That was an option until very recently.

 
I asked about this and was told that the following will be the default setting for the upcoming release.

image.png


 
Not sure why the image stopped working. The answer is that by default player servers will be offline. You will have to enable it to be seen on the server lists. 

 
You must log in or register to reply here.
Back
Top