Hello! I'd be really interested in seeing your alternatives for uint64_t scramble(uint64_t nInput) as used in the context of the video! KZbin Comment Coding FTW!

I honestly don't know how i discovered this channel now ? How could i miss it this whole time ? This is pure gem. Thank you sir.

Reminder that he has a Patreon

I think it would have been awesome if you mentioned that this handshake is also a good way to prevent against DDoS attacks. A lot of server apps now take advantage of cryptographic functions to prevent against DDoS attacks, by having the client do a fairly process intensive task (Like sit in a tight loop, processing hashes), that is extremely simple for the server to validate (Essentially what crypto-chains use). ie. Provide the client with an initial seed # (serverSeed) randomly generated, and a complexity #. Next, the client takes the initial seed #, and begins to process thousands of hashes (Which entirely depends on the complexity #): The client starts a loop: for (var i = 0; i < int32.MaxValue; i++) { var result = sha256(initialSeed + "|" + clientInt) // Next we look at the number of zeros that the seed starts with if (result.substring(0, complexityNumber) == "00000...complexityNumber") { //We found a sha seed that starts with the number of 0's required in order to authenticate completeHandshake(clientInt); // Pass this clientInt back to the server } } The server then can really simply calculate one SHA256 hash: sha256(initialSeed + "|" + clientInt) // If the hash generated here, meets the complexity, allow the connection, otherwise simply discard it/block the connection. The client then does a tremendous amount of work to connect, thus stopping the server from wasting a ton of resources on processing connections. A quite ingenious way: If the client takes 200ms to generate this seed, for someone to DDoS, 200ms is an absolute nightmare, which will overwhelm their systems before they can do any damage to yours.

I think the scambling function as a stub for a connection handhake is fine for a tutorial series. But nothing that should be used in production. You never ever should rely on security by obscurity ("secret code" that is in the client application). Better would be an open protocol with good cryptographic authentication (like per user unique username/password over tls), but this would be too advanced for a tutorial like this. So make a remark, leave it in and go on ;)

5:47 It's worth mentioning that if you're developing for Windows there is a Windows Kernel specific Condition Variable type and Memory Barrier type which in combination both prevent spontaneous wake up and dead lock (in this scenario). std::condition_variable is not 100% guaranteed and std::memory_barrier [in C++ 20] are both generalizations and don't have real kernel-based implantations (Windows and IBM's Zos are the only OSs which have memory barriers in the kernel at the moment) so they will not prevent spontaneous wake up or dead lock 100% of the time but like 90% of the time) An adaptor pattern with Windows specific code would make this a super stable server.

Although each video is less than an hour, it makes me half a day to consume it. I'm sure the time you spend on each video must be more than several days. Thank you very much javid!

You can't imagine how anxious I was waiting for this part 3 😂. Waiting for the MMO implementation and furthur tweaks

Epoch caught me off guard 🤘

Go ahead javidx9. You are the single best ever person I have seen at explaining non-trivial programming topics.

The Legend strikes again ♥️♥️♥️

I almost suggested using an asymmetric public key algorithm to exchange keys and become immune to man in the middle attacks - then I realised, the attacker has complete control over the client, they can do their hacks before the encryption and defeat that as cheat prevention. Anti-cheat must be done primarily on the server, where attackers have no control over it.

best video on the internet so far this epoch.

My go-to for C++ ♥️

@javidx9 25:30 forward declaration is unable here according to used method OnClientValidated of server_interface at 23:27 of video. Yes, one of project can use only forward declaration but second required including of header with server_interface class.

Thanks sir Javid! Cool videolesson!

Guys you've got to realize that this is a simple approach to client validation and isn't by any means what you should use. He's, like always giving you something you can work with. If you're looking for actual approaches to doing proper client validation, you want to look at implementing a login process using some sort of key system with a database like any other authentication process in application development does. Keep in mind that there isn't a single mmo out there that you don't type in some sort of authentication credential into before logging in to the game. His process is just a good starter for you to look at expanding upon. I assume so that he doesn't have to host the infrastructure to do proper authentication etc, which I feel because who wants to host more than they have to.

"Bonjour" "Yo" Very nice

I had been waiting so long

I am into creating operating systems. Everyone has their own favorite thing.

From the EPOCH till the break of dawn and so on ...∞

Hi Javid, In the git repository of this project, you were mentionning that there is a memory leak. I can not figure where it is, any ideas ? Thanks

Hello, great video! Here is my thought => when some thread calls tsqueue::wait, it might be locked forever(rare case, but what if there is empty queue and we want to close our program), so, is it a good idea to add some bool flag to 'wait' loop + one "wakeup" function to tsqueue(which just sets 'stop' bool flag and calls cvar.notify_all to notify and unblock all threads when we don't want to wait anymore)? This approach seems to be "ill-formed", but how can we finish our app properly while some thread is blocked at tsqueue::wait? Also, in my code instead of using 'update' mechanism, I use default callback for every incoming message, provided by io_context::strand to execute these callbacks consistently.

Your videos are awesome!!!can u make a series on writing Joystick emulators?

Thank you

Love your videos keep it up!

I don't know what your saying but I like your words magic man.

Amazing as always.

@javidx9 just a thought: it may be worth to allow the user to provide his own implementation of scramble, don't you think ?

Nice to see how validation could be implemented, but honestly I think for this kind of project a simple header validation (check for valid id and a max message size) would be good enough, since the current validation logic can be easily "hacked" anways. These simple pre filters (id and size) would already disconnect many random connects and the ones who sent a corret header, but "invalid" data (by accident or purpose) must be filtered out later anyways, because the server has to validate everything the client sends to it. For example if the client sends a "UseItemRequest" message with invalid data (for example an item id that doesn't exist), then the server has to detect the invalid message anyways, no matter if it was sent by a client, random connect or hacker.

your condition variable use is wrong, no need for the second mutex and the in the wait() the unique_lock (of the original mutex) should be moved to outside the while loop. Otherwise if you get preempted right after the empty call and before locking the blocking mutex and another thread does a push you can still be stuck in the wait without getting woken. You can also pass a lambda to make the while loop proper: cvBlocking.wait(muxQueue, [&](){return !empty();}); this will handle the loop for you and will wait until the predicate returns true.

Hey, Do you have an idea about how long this series will be? How many parts exactly. coincidentally, I am trying to learn client-server communication (using cpr framework and I feel comfortable with it), but your videos keep coming out and they're really interesting, making me ambitious about learning ASIO.

6:36 Can someone please explain to me why we are locking using muxBlocking here? Isn't this already locked by the wait() function resulting in a deadlock?

I've been having an issue. For some reason, the code in part 2 doesn't work properly. It only lets me send 1 ping message, and it takes a few tries to get it to send anything but garbage data, and the resulting time is something like 2 centuries. I even resorted to copy/pasting code, just to see if I missed something, but no, it still doesn't work properly. (The other message types don't work either, it's the same with the ping)

Why not check the size of data before allocating memory? If sent a data size in the header that is bigger than expected, close the connection instead of allocating the memory.

Would it be fairly easy to convert this to UDP? Will there be UDP tutorials in the future? Thanks for making these.

What about have a user/pass system that connects to a DB. Let's you in if authorized, else kicks you out. But I do believe most games usually have a token generated by the lobby/client that is used for the socket to identify the player. By no means do I know what I'm talking about. Just a few guesses here and there.

Hello javidx9 I have a question: On Silicon Valley tv show they make an app where they are able to convert large files into smaller files so that way they have access to accumulate more data. Can we make something like that and if so how would we call it so I could find a course that does that?

omg you scared the crap out of me with that EPOCH.................. :)

Hello, there's a way to contact you about the convex polygon collision code or for some other informations? Maybe you don't receive comment notifications on old video.

Ill you talk about linked-list more in derth ? I just love the way you explain code

Hi! Thanks a lot! Please tell me can I enter the number of port by myself from a simple string(cin>>port;)?

Hi, Could you please help me, How to construct a TCP Protocol with 3 arguements? I have the "IP Address", "Port", & "An integer" as third arguement for indentification of the cconnection.

You are a Top Notch programmer

Thanks handsome bearded C++ wizard!

Its cool! 😎

In the same way you fixed the Server CPU consumption, can we apply that same method to the clients so they don't use a full CPU core?

what's wrong with basic http authentification or public/private key pair for your use-case ?

Can you provide the source code? It's been two months since this video. Thanks. Amazing serie! Please, continue doing this amazing job.

If the library that implements connection class and all logic is shared between server and client that means client will have this library on his hard drive after he download the client, in this case this library can be decompiled and all handshake logic can be easily analysed and used to hack our server, Am I right or no?

Soooo we are using TCP sockets, but the goal is to make a game with this. From what I know (I don't know very much) TCP sockets are good for sending chat messages or other messages that you need to get there in the same order, but if I need to send the players position to the server every frame then I don't care if some of them don't get there, the server just needs the current players position. That's what you would use UDP sockets for. So I'm just wondering if we are going to add UDP sockets to the framework, or if we are just going to make a game that doesn't need to send a lot of data to the server every frame.

Hej, what about adding encryption SSL/TLS?

So hyped ^.^

Nice.

"Erroneous WakeUp" also known as the NSA checking in on you.

I don't see how the scramble is more useful then just sending some data and letting the client add some secret to it and then hash it. I mean if the "attacker" actually has a client he can just edit packet sizes after validation. If its just about blocking random attacks anything that isn't just a static response (that then could be part of a list for bruteforcing) should be equal, or am I missing something? I think there is no way to make anything than can be used in public with client packet sizes, but if I understood you correctly you intend not to do that with the mmo :)

What if client sends garbage after being successfully validated?

I'm probably not contributing much, but according to the cryptography class I took in college, a good cryptographic function can be known. Things like RSA are public knowledge, but they're still secure because as long as you don't know what the key is, you can't get in, even if you know how the lock is built. Assuming nobody will reverse engineer your code is security through obscurity, or not secure at all. It's probably fine for a game, but with things like passwords and sensitive information, trusting nobody to reverse engineer your stuff isn't smart.

What do you think of Go programming language?

You scared me with THE EPOCH dude

Arguably, another computer from across the world can call malloc() on your computer allocating gigabytes of space, I just find that absolutely fascinating.

Some DTLS encryption would be good

your scramble could simply be AES encrypt with a hardcoded key. AES has hardware implementations for 128bit keys on most architectures, so it should be fairly fast, too. and you can be sure that people are not going to find out your key by looking at the traffic in the near future. of course they would find out your key if you post it on github :P of course the initial message from the server could very well include the version number, too, even in clear text. Of course you could just encrypt the whole session, but if you go that route you might as well do the whole key exchange thing and use tls1.3. www.cryptopp.com/wiki/Advanced_Encryption_Standard

Wait, I thought mutexes (mutices?) guard the whole data structure? Like muxQueue would guard not just deqQueue, but also cvBlocking. I've never seen any mutex assigned an association to a variable. I thought it just guarded the whole scope. This validation reminds me of the now-very insecure Hotline Connect protocol. It had a header/body system all the same, but upon connecting, the client sends "TRTPHOTL\0\1\0\2" to which the server replies with "TRTP" and a 4 byte error code, usually 0.

Could this be the basis for a real online MMO of thousands (10-25k) of players each making thousands of requests? I guess I'm asking if it is scalable or is it best to start elsewhere!

I'd be really interested in more videos on proceduraly generated content and especially on how to "save" the users interactions with the proceduraly generated content. And to go even further it would be very interesting to know if one could proceduraly generate agents, besides the user, who interact with each other and the rest of the content independently of the user, as well as with the user.

Javid, more of a philosophical question about dependencies At what point bringing a new one in can be justified? I try avoiding having more dependencies then absolutelly necessary In certain places I end up rewriting ton of code from scratch If you put it all together, I probably wrote half of Boost by myself I am not some fundamentalist who would write his own OS implementation only to have no external dependencies If complexity is not really worth it or I need really big chunk of library and it is just dumb to, basically, remake an existing lib, why would I do that? Also, for some dummy functionality where I need working it now and either don't really care about how or replace it soon enough What bugs the hell out of me Is people adding a new dependency only to use a couple of semi-trivial features that would take only a couple hours or a day to reimplement from scratch. Langs like Python are the biggest offenders as dependencies have their own dependancies and you might end up installing Anaconda to read excel data Not to mention that some libs (even widely accepted) are badly designed, poorly maintained, rely on some guy in a middle of Siberia not dying during bear hunt or all of the above and you just add a ticking time bomb to the project. What is your take on that? I know that you use a lot of external libs in your tutorials, but they are home projects that are not meant to take a lot of time, be simple and you don't really care about lib existing because your interest clearly won't outlast the lib. Even I don't write my own code for that, unless there are some bad offenders like string.h C library (I rewrote a lot of C standard library because it is clearly a product of it's time) or libPNG

'if (m_nOwnerType == owner::server)' code is linked into the client? Make it a template argument so it only gets linked with the server. Clients shouldn't see that code from a debugger.

Nobody: olc : DEADBEEFC0DECAFE

When do you think the series will be finished? Like what number in the series? Just curious.

EPOCH

Whats stopping me to just decompile the client and extract the function that does the scrumble? I don't need to understand the function I cant treat it an a blackbox

So, I can just wait for client to validate, then send junk and crash server..... You still should do checks on each requests. Simple things like capping body size to something reasonable. Also, server could send version, as well as challenge upon connection so client can notify user what version is needed.

19:41 you could also use std::radom_device to generate an arbitrarly-long random data for users that would like to rely on longer-sized validations

the E P O C H

Source?

Hi Javid, i love your videos bro they help me alot especially the ones about gaming. Its slightly off subject but i am trying to make a card game with an image array that holds the cards. I am stuck on this. Do you know how to create an image array in Java that iterates through images in a file? cheers

You know game Dwarf Fortress? Could you please explain how dwarvies AI works in game Dwarf Fortress? From proger view ofcourse.

Hey do you mind if I create a blog series based on your videos ( basically referencing it and then making my own ) ?

"Epoch" 19:39

For the scramble data function: Take the sent data and append some known string (possibly the version number) and compute a hash (such as MD5.) Even though MD5 isn't considered secure anymore, I suspect it good enough. If not, there's other hashing functions. For added fun scramble the string before hashing it.

👋

french be like - bonjour. - yo

You adressed one problem by solving a completely different problem... While authenticate the client is an important problem to solve, it does nothing to actually solve the problem that the consistency of the message header is not protected. The header should include some sort of redundancy field, like a checksum or a crc that guarantee that the header is consistant before trying to use any information from it. Also the read message function need to put a reasonable max size on the length, a full 32-bit length field implies you could be trying to read 4 GB from the client, wich doesn't seem necessary.

I really disagree with your plan to "accept something I'd expect" when you connect. It's quite easy to mimic that by looking at how the client connects, and then specify the max size for integer, to allocate a large amount of memory, and crash your program. It would have been lightyears simpler to limit the size that can be allocated to a reasonable size. Anything over that, simply reject and disconnect the client.

I wish you would take care about stuff like "hole punching"(STUN, etc.). Having a server, that handles every single player, might be very expensive for tiny projects. Having some server-independent communication between clients might be helpful, so you server only needs to tell the clients, where to send their packets. Also it might reduce the delay between actions.

nothing just wanna refresh the scrap book

Make c++ tutorials

:D

first

18:01 the client for a game is under complete control of the attacker, they will simply decompile your client with ghidra and see exactly what the algorithm does.

17:44 what is this new English word? is it xor?

Please sir make a full tutorial on c++

EPOCH