JoWie

It is possible to workaround that issue. It would not even be that hard. It could introduce some latency though.

That example I posted is detectable, yes. But the part that detects it would also have to run in the browser. So i could switch to a method that is not yet detected or I could remove the detection code. You could also do these kinds of things from within a firefox extension, that would even be harder to combat because an extension has more privileges than a web application (runescape). HTTPS would not help much. Oversimplifying it a bit: it protects the endpoints (client and server) from anything in between (like a malicious router recording passwords), but it does not protect the endpoints from each other. Note that variants of this can be done to any client. If you only have an executable, you could still modify the executable. It is just a whole lot easier in javascript. Runescape already protects against a lot of cheats by making the server authoritative, even if the entire game was open source you could still not just give yourself a billion gold points. The hard part is preventing cheaters from gaining information they should not have (like an enemy behind a wall in shooters), cheaters improving their input (aimbot) and automation (bots). There is no real solution to aimbots and bots, if you can do it, a program can also do it. Detection software is not a solution either, you can always do your cheating at a higher level (like running the game in a virtual machine and doing the cheating in the host OS; or by controlling your keyboard with lego mindstorms ;p ). All you can do is make it really really hard, like by changing your code very often, settings traps or by making it so hard bots have to solve hard AI problems.

With javascript you do not even need reflection, you can do almost whatever you want. You can even redefine almost every function of the standard API's such as DOM, WebSocket, etc. Suppose I want to modify data a webapplication sends using WebSocket, I could inject this script using the firefox / chrome console: // try this on http://www.websocket.org/echo.html var _send = WebSocket.prototype.send; WebSocket.prototype.send = function(data) { console.log('hi! ', data); data = data.replace(/rock/ig, 'Slap'); _send.call(this, data); }; This even works for WebSockets that have been created before you inject your script.

Seems to me cheating would only be made easier when using HTML5 and JavaScript instead of Java (all other things being equal)

The client (webapplication) will probably be very thin. Most of the interesting stuff happens on the servers. Relatively to other games (like first person) latency does not mater that much in RuneScape, a server round trip is OK. Anything under 500ms is usually fine for these types of game. First person plays well under 100ms. I have not read anything about RuneScript before but I am guessing it will not end up at the clients. If they are pushing for snappier control (less input lag) of your avatar (like with WASD) they will have to make clients a lot smarter by having them run (part of) the same simulation as the servers. As for WebGL, what I remember from experimenting with it a while back is that video drivers are the big issue. I had a laptop with nvidia optimus (lets you switch between 2 gpu's to conserve power) and WebGL did not work properly. Firefox even has a blacklist (or a whitelist, i forgot) with supported hardware and drivers. EDIT: I just crashed on a webgl demo with my desktop Radeon HD 7970 haha

While I also have second thoughs about the performance it is not as bad as you think. Modern javascript engines (such as V8 and SpiderMonkey) compile (and optimize!) to bytecode or native machine code internally, they might even cache this. This includes things like type interference. For example "var bla = 5;" might get converted to an actual integer internally. There is also the asm.js project which was on news sites a week ago. They define a backwards compatible subset of the javascript language which lets you work with integers and floating points very efficiently. They showed a few benchmarks which were less than 2x as slow as equivalent C code (instead of 80x in one case). What I am more worried about is the performance and support of WebGL

Are they going to use javascript, websocket, webgl canvas, et cetera to completely replace the java applet? Or will it merely be UI elements done by the webbrowser which interact with the java plugin using liveconnect? If they are going to completely replace the java applet I wonder if they are writing everything in javascript now or if they are compiling java to javascript. I actually kind of doubt they are going to completely replace the applet. I am not sure the performance of webbrowsers are good enough yet.

If you have php 5.3 you could do the following: add_action('wp_enqueue_scripts', function() { wp_register_script( 'scriptname', plugins_url( '/javascript.css', __FILE__ ) ); wp_enqueue_script( 'scriptname' ); });

DMCA is a US law though. For example in my country circumventing DRM is not illegal. (Selling products to help people circumvent DRM can be illegal however.)

Sad to see Jon Lord go (deep purple): http://www.youtube.com/watch?v=OorZcOzNcgE I am excited about the upcoming new album of Withcraft. Old song: http://www.youtube.com/watch?v=gp8S41zSGWU

Yes, but not right away. I finished my current goal first of 80 slayer and then I became more and more disinterested mostly because of the SoF. I actually liked the SoF at first (I even won 10M and a lame tattoo), but not when they added buyable spins. I would have perhaps tolerated other buy-ables like loyalty points or whatever. Maybe I will return in a year (again, haha)

haha ;p (30 euro a month)

A boolean is not 1 bit in memory. If i recall correctly, java uses 8 bits for booleans. If you really want to work with 1 bit variables, you would have to use bit shifting. Easiest is 64 bit int if supported everywhere (not supported in some languages, like javascript). Or a 64 bit double (which javascript has), which is precise for integers up to 2^53

Allowing users to post external images on a forum like this one is enough to find out your ip. The image does not even have to be noticeable. Oh and there are hardware solutions which help against denial of service attacks, but it never gives complete protection.

odd, I won 10M today from free spins without any issues. (haha)