Hacking jinteki.net is pretty meta
5 Likes
Iām aware of the security issue and the potential cheating. All the clients have the full game state so by fiddling with the javascript itās possible to reveal cards.
Sending the full game state simplify the code tremendously. It also ensure all the players and spectators are always in sync, even in case of bugs or network issue. Having access to the whole game states also helps debugging.
In Starcraft and Quake all the clients also have the full game state. Hence the infamous map hack in Starcraft revealing the whole map or the Quake hack allowing to see through walls. Since Blizzard and ID Software, two legendary game companies, do that, i guess it will be too much of a challenge for a few hobbyists to create new super secure code. So unfortunately we have to rely on opponents being honest for now.
But thanks for the security audit. Iām glad the other parts are somewhat safe and the whole site is not a total security disaster. 
31 Likes
And given that weāve made the tradeoff of giving players flexibility to fix actions, manually carry out cards that arenāt implemented, etc. over a super secure game server that handles everything, I donāt think this should come as a surprise to anyone. Clearly the focus of jinteki.net from the beginning has been to get things up and running quickly and let people enjoy and practice the game.
4 Likes
Why donāt you join the dev team? Then youād be able to contribute in a meaningful way as it sounds like you potentially have a lot to offer. Itās an Open Source project and there are a ton of great people who contribute in the ways that they can (I have 2 kids, a working wife and a full time job but I manage to squeeze in features here and there). Just a thought.
6 Likes
Yeah it definitely simplifies the code when you can do everything on the client. And like I mentioned in the post, the fact this thing is free is pretty amazing and Iām very thankful for all of the developers working on this project. As long as the community is aware that cheaters can and will show up (as they do with ALL games), Iām happy.
1 Like
I know nothing about web development, but I can certainly do player rating/segmentation and related data aggregations if the team is willing to give me access to the database!
Started playing the Friday before last by buying the core set. Spend an evening with my girlfriend trying (and failing) to learn the rules. A few days later discover jinteki.net and get the hang of it. Another few days and Iām being hacked!
12 Likes
The life of those who live in the shadows and run the netsā¦
Well that explains the high number of āundefinedā I see probably. Iāve had many games were Iām waiting for an opponent and it seemed like a bug occurred where an invisible opponent joined, but didāt and the lobby was confused. Could be someone fannying about I guess? I tend to just restart the lobby.
Anyhoo, there are always going to be people who want the lonely fun of stalking someone on the internet who is pretending to be someone hacking someone on the internet in a card game. Takes all sorts.
If youāre a B- player, then Iām a C.
If youāre a D+, Iām aā¦
Nah, you canāt be D+ 
I think today in online gaming, clients are concurently changing a common gamestate, server side.
They would have different rights & timestamp tickets to acces information on the server.
Iām not sure that would be harder to program or debug, but code structure would have to be redone entirely, which is not an option at this point I guess.
Quake / Starcraft might be made by legendary devs, but the problem of those legends is they are almost pre-internet-20-year-old
I work in e-shopping, you canāt allow clients to manage quantities, item reference or price in the client sessions. You concurrntly asks for stock levels with timestamp tickets. Clients asks them to server, since at least 5-10 years, because thereās real scammers out there. (Iād k this is just online niche cardgame).
I think the day you would release a ranking system or exports, youāll start to have hackers, just for the āprideā to be āthe name on topā, you know.
Or players āwho plays against themselves and always winā.
A little like āfirstā trolls all over the internet.
Yeah, people are that stupid.
Unless people change, we should stick to 3rd party manual rankings, like how SH or R4G does today.
1 Like
Iāve actually managed to pull off Jinteki on a school iPad. I hate apple.
And Biotech is the highest win-rate Jinteki ID.
Yeah isnāt that odd? What are people playing out of Biotech these days? I love Greenhouse Rush as a deck but I havenāt had great success with it.
Murder. Like, murder in the vein of that PE deck that got that guest article. You pack a similar (if not identical) agenda suite and carry the threat of double neural EMP all the time.
It would be good to see a list, I tried a mushin Vanity build with punitive at a tournament yesterday that was completely useless (at least it was when everyone played film critic and ran my mushins).
I think the reason itās so high is because many people run very aggressively on Jinteki.net, especially against net damage murder. No one specifically techs against it and one has to play carefully / tediously around it. Iāve found that eh whatever gg find another is a common attitude with it.
not quite sure why you are surprised.
Is there any way for players to view their own win rates? In general and with various decks, ids, factions, etc? Since all this data is recorded.
No, there is no access to the data at this time. More fully-featured user profiles are a work in progress.
2 Likes