For several months now, Bob has been attempting to run his weekly D&D (Dungeons and Dragons) game partially online—that is, former members who now live in other states are now “attending” the weekly gaming session online. To help facility this, Bob bought enough licences so we all can use kLoOge.Werks [1], a program that allows a DM (Dungeon Master) to run his campaing online. And being written in Java [2], it does indeed run on multiple platforms (which is why I can run the thing under Linux; everybody else in the game uses Windows).
It's not perfect, but since the introduction of kLoOge.Werks (for several months we were trying other technologies) the gaming sessions have gotten a bit smoother and aren't quite as annoying as when Bob first started this little experiment. But the one thing I really dislike about this online gaming thang is the dice rolling.
You see, you use the kLoOge.Werks program to do your dice rolling.
As a programmer, I know that computerized dice rolling is anything but random. Pseudorandom, yes. But as random as real dice? Not by a long shot. It's actually difficult to get decent random numbers out of a computer; Knuth [3] spent about 300 pages of rigorous material covering the generation of random numbers in his Art of Computer Programming [4]. And I've told Bob as much.
But he is insistent on using kLoOge.Werks.
Durring a protracted combat session where the fighters are slugging it out, “rolling” the dice, I decided to poke around the kLoOge.Werks program. The Knoppix [5] live-CD (Compact Disc) I'm using on my laptop not only has Java, but quite a few Java development tools, including a Java disassembler. So I start poking around the .class files that comprise kLoOge.Werks, telling Bob that it wouldn't be that much effort to replace a few of the classes dealing with dice rolling with a special version where I can “roll” what I want, including the DM-eyes-only rolls.
Muhahahahahahahaha.
Which brings up another point about running a game online—trust. Forget the random number generators for a second, how can the master program (which the DM runs) trust that the “dice rolls” of the players are legit? Now you are getting into cryptography, digital signatures and verification, which aren't easy to do right and all too easy to get wrong. Bruce Schneier [6] took over 700 pages to cover computerized cryptographic systems (Applied Cryptography) [7] and even then, it's just an overview.
In the end though, I think this actually comes down to trust—that Bob will hae to trust his players not to muck around with kLoOge.Werks, and be suspicious if we all start rolling critical hits each time we attack.
[1] http://www.kloogeinc.com/werks/
[3] http://www-cs-faculty.stanford.edu/~knuth/
[4] http://www-cs-faculty.stanford.edu/~knuth/taocp.html
[6] http://www.counterpane.com/schneier.html