Ok, I have played with AlphaMAC and have a bit of feedback to share FWIW....
1) Again, it is really fantastic to see this being worked on. It's probably one of the things that will really bring some folks back to mohaa. Kudos to Ryback! Please keep at it!
2) The AC checks for both file name *AND* it's hash. I simply cannot use that. Almost every player has taken a common file/mod and renamed it. At the very least, by convention they put some random number of Z's on the front to change load order for their particular mix of mods, skins, etc. In other cases, they may change the name for a variety of reasons. As a server owner, I'm really glad I can whitelist or blacklist mods I want players to be allowed to use or not use (obviously, at the least my server skin packs and custom map packs). Good thought Ryback, I didn't envision that option originally (assumed that would all be set by master server). BUT... there's no way in heck I am going to take the time to whitelist 100 different files that are all the same except for the filename. And how many Z's are required will be different for each user likely. That will yield false positives, and after a number of those the AC would fall into disuse as 'not accurate'. Simply put... the easier and IMHO more straightforward and reliable thing is to ignore filenames, just generate the md5 for the current file (whatever it's named), and then check that hash against the list of hashes. You also can't assume it's Z's and just allow for that single case... as I for example renamed all my custom pk3 add-ons TPxx-whatever.pk3 where xx is a two digit number so I can ensure (and quickly/easily change) load order WITHOUT having to squint or put my finger on the screen and try to count Z's, or discern upper case Z's from lower case ones.... so... why bother with the file name at all? And that's just for whitelists.... if you consider blacklisting.... that's useless if all they have to do is change the file name (but yeah, it would probably be caught by md5 in that case?).
3) The 'pure' classification from the AC assumes that the files match the hash of ryback's 'pure mohaa distribution'. I don't think that is realistic on two levels. First, there are perfectly valid game-supplied pk3 files that were different based on localization. One retail package has a pak6EnEU.pk3 for example. Others have slightly different md5's based on region sold or later versions or EA-supplied patches. All I can say is that if you install straight from a bonafide 1999/2000 US CD, and run the AC, it will say you are Dirty. That's not gonna fly. There were a handful of media releases, all should be added to 'ok'. Second, few users are going to be willing to mess with their current working install - you can't tell them "toss out your whole directory and use mine". Too many users are ingrained with weapon skins, pk3 loading order dependencies, etc. etc. At the very least, you should have multiple checksums considered pure, to account for these stock files that are really pure - just not YOUR single version of pure.
4) As said above, I do appreciate the ability for a server owner to have a log in on the master server where they can whitelist/blacklist their own set of hashes for their server. Great idea. But I'm not at all happy that there isn't an overriding repository of 'we know these hashes are ok' and 'we know these hashes are bad' on the master server overall... for all servers. Because without that.... an unscrupulous server owner will whitelist known hack files so that they and their admins can hack. Sure, users could hack too... IF they knew the hack was whitelisted and which version (md5) to use. You can say 'oh, that's the server owners choice'. But if you have that.... you will not have people coming back to mohaa with confidence, which I believe is a primary goal. And I can think of at least 2 server owners that I am beyond positive that they will do just that. So I think there should be an additional level.... they could be called different things... but perhaps a level for 'pure according to the master server', then one for 'pure according to the local server'. They ARE different things and unfortunately need to be, and it should be highly visible for new players what each player is. Perhaps take the open source mentality, and make each servers allow/deny rules publicly visible. But there still should be a central authority if you want to bring players back....
5) <soapbox>Ok, pet peeve of mine. DNS has been around a long time. It's a thing. What is this obsession in the gaming world with keeping track of servers by IP only?? That's just... odd to an IT guy
For example, we set up our main server at mohaa.todesplace.org, the website is at
www.todesplace.org, the teamspeak server is at teamspeak.todesplace.org, the development/test server is at dev.todesplace.org.... once my users know the todesplace.org domain, they can remember everything MUCH more easily than xxx.xxx.xxx.xxx. Please for the love of ${dietyOfChoice} let us put in host names instead of only IP addresses in the anticheat
IP addresses do change, and there is absolutely no reason to make that process difficult by only using IP's as 'host names'. </soapbox>
I'd love to hear different views on any of the above. Quite possibly I'm not seeing everything that should be considered. Just tossing out the above to get conversation going and get some thoughts out there... so we can always improve!
Best,
T