guess you guys are not too optimistic :/
am I over-simplifying things and not looking at the whole picture? is there really no creative way around the system?
Magicka is an example of the model I described. save for the fact that characters do not level up (and the only persistence in them is some spells you unlock along the way, and their weapon, the latter being something almost irrelevant for gameplay), players can host games and they automatically come up in the game's server browser. I remember playing co-op with a friend and having other unknown guys jump into the game.
another example is Torchlight 2. it can be played in online servers and LAN. though the torchlight wiki claims it is peer-to-peer, the description makes it sound more like server-client with seamless host migration (not an easy thing to code either). then again TL2 has no real limiting for cheaters. but it seems tolerable from what I've read.
Servers have to share some information, otherwise the clients won't know what to show on-screen. The key is to not share anything that the player shouldn't be knowing. Don't share information about enemy or ally players who aren't visible, for example. But calculating server-side who is and is not visible puts extra burden on the server.
So servers compromise and willingly share a bit more information than is needed, so the server can run faster, but also don't share other information, to reduce the power given to cheaters. There are still alot of cheaters, and a decent amount of cheats, but the cheats are less overpowered, and the cheaters have a higher percentage of being caught.
By letting users run servers, then you give cheaters 100% power, with absolutely zero way around it. Servers have to be the "authority" that says what is, or is not, the "truth" about the state of the game world. Handing that authority to cheaters makes games enjoyable to nobody except the cheaters, no matter how well designed it is. With FPSs, this is less of an issue, because persistence isn't a problem. Found a server with cheaters? Switch to another one.
With MMOs where your character progresses, nothing makes your progress seem more irrelevant than seeing cheaters max out in 15 minutes the same levels that took you 15 months.
As much as I dislike cloud computing and want software ownership for individuals, videogames streamed over the internet is the only guaranteed way to eliminate 99% of cheating and 99% of piracy, because it is the ultimate authoritarian server architecture - the server doesn't share anything except the video feed that the client displays onscreen. However, that's still a dozen years away from becoming a commonplace reality with MMOs, because it'll put way too much load on the servers.
yep I get it. the more remote and authoritative the server is and the less code it relies on clients to run, the less you can cheat. as it becomes more 'player accessible' whether in running code or even allowing a player to be the host, it gets easier to cheat.
but even if I enabled player-hosted games, what if most of the game routines still happen server-side? in terms of cheating it'd be mostly up to the host player to cheat (and the rest of non-cheater players would leave right away), and client cheats would be limited, like you said.
I also agree that cheaters are harder to catch in player-hosted servers as opposed to running it on rented servers where a developer can always admin and manage. some games give some power to the players in this regard, by allowing to vote kick others. often comes with bullying though, but most times it's better than forcing them to deal with a cheater wether they like it or not.
Using your players' PCs instead of game servers could make the network code even more complex. You still have to write all the code to host a game no matter what box does the work, but now you also have to transfer state from your server to the host PC, and you have to worry about things like NAT tunneling and how to choose the host. Your host is no longer just running on one platform you control, so you have to be more concerned about whatever your gamers might have on their PCs, and what Internet connections they have. A process written for your game servers can have simple, secure, fast access to your other gamer servers to call remote procedures and fetch whatever data it needs from your databases. A process written for the client needs to be isolated from game servers for security, and is also relatively isolated due to the latency and bandwidth restrictions.
The money spent on renting servers makes live easier for indie game developers. I'd rather pay for servers than deal with trying to make a peer-to-peer persistent world.
like I said the server-client model is still used (not real peer-to-peer). and it's aimed for engines that already support players acting like servers at the same time (a listen server, or non-dedicated server), which UE3, CryEngine and Unity support. it's like FPS's where you can go to Multiplayer and click Host Game, and start playing while you're also the server. so no extra netcode is needed, except for the part of saving/loading characters into a webserver (which I had assumed).
of course this way player-servers can cheat themselves, but so can anyone running their own UT3/BF/TF2 server can't they? it's just that like servant said, it's much more game-breaking to see someone cheat in their persistent RPG characters.
A half-gig RAM virtual server running Linux is $6/month at interserver.net. For RPG-style games, that should be enough.
A bare-metal server, capable of doing FPS-type gameplay, is about $99 at game server hosting companies like ServerBeach, and you can find cheaper options if you look around.
the $6 server won't be enough for a UDK/CryEngine/Unity game, which are the top indie/hobbyist third-party engines.
if an indie/hobbyist developer wants to put just 5 always-on servers that means almost $500 a month. sounds like a problem to me
even if you could find such a server for $50, it's still $250 per month. this whole thread is about thinking of an alternative to that, aimed for hobbyists or self-funded indies. $250 per month just doesn't cut it IMO.