For several months now, Bob has been attempting to run his weekly D&D game partially online—that is, former members who now live in other states are now “attending” the weekly gaming session online. To help facility this, Bob bought enough licences so we all can use kLoOge.Werks, a program that allows a DM to run his campaing online. And being written in Java, it does indeed run on multiple platforms (which is why I can run the thing under Linux; everybody else in the game uses Windows).
It's not perfect, but since the introduction of kLoOge.Werks (for several months we were trying other technologies) the gaming sessions have gotten a bit smoother and aren't quite as annoying as when Bob first started this little experiment. But the one thing I really dislike about this online gaming thang is the dice rolling.
You see, you use the kLoOge.Werks program to do your dice rolling.
As a programmer, I know that computerized dice rolling is anything but random. Pseudorandom, yes. But as random as real dice? Not by a long shot. It's actually difficult to get decent random numbers out of a computer; Knuth spent about 300 pages of rigorous material covering the generation of random numbers in his Art of Computer Programming. And I've told Bob as much.
But he is insistent on using kLoOge.Werks.
Durring a protracted combat session where the fighters are slugging it
out, “rolling” the dice, I decided to poke around the kLoOge.Werks
program. The Knoppix
live-CD I'm using on my laptop not
only has Java, but quite a few Java development tools, including a Java
disassembler. So I start poking around the
.class files that
comprise kLoOge.Werks, telling Bob that it wouldn't be that much effort to
replace a few of the classes dealing with dice rolling with a special
version where I can “roll” what I want, including the DM-eyes-only
Which brings up another point about running a game online—trust. Forget the random number generators for a second, how can the master program (which the DM runs) trust that the “dice rolls” of the players are legit? Now you are getting into cryptography, digital signatures and verification, which aren't easy to do right and all too easy to get wrong. Bruce Schneier took over 700 pages to cover computerized cryptographic systems and even then, it's just an overview.
In the end though, I think this actually comes down to trust—that Bob will hae to trust his players not to muck around with kLoOge.Werks, and be suspicious if we all start rolling critical hits each time we attack.