I recently had the chance to sit down with Sean Gubelman to discuss his hacking-themed sandbox MMO, hackmud. We discussed the extent of what's possible in-game, why he opted to create a three-hour long, single-player tutorial, and more.

Me: So I’ve played hackmud for seven hours over the past two days and I still feel like I have no idea what I’m doing.

Gubelman: It’s a big game. [laughs] It’s weird because, in a lot of ways, it was a very simple game, and small, but it’s very much of an exponential growth thing. If you had played the game seven months ago, you would have known exactly what to do and where to go, which I think is part of the goal, to blur the lines between player content and what I’ve created, basically.

Yeah, other than the tutorial, I mostly just hacked abandoned accounts for money.

In a sense, that is all of the multiplayer that I provide. I provide the systems that let you interact with other players and I provide the “mining experience,” we’ll call it, to kind of create a connection to other MMOs. The mining experience is a lot like a hacking sudoku, where all these areas are randomly generated every day and it’s limited, so you’ll be playing with other players. If there are a whole bunch of other players playing, you might be hacking something and then it just goes away. There are no loops for currency, or inflation to currency either, which creates more of a multiplayer experience. The focus is on the interaction between humans, not between you as a single player and the world. That does come into play, but what I wanted to focus on was trust issues between players.

So you wanted to work on making it a game where you can work cooperatively with people, but you also have to worry all the time about if they’re being competitive with you.

Yes, because, just like in the real world, if you’re doing something that’s high risk, everyone takes that risk on and the reward for advancement might mean taking on risk from other players who you were cooperating with previously.

Now, if you do manage to be 100% egalitarian, like prisoner’s dilemma, and no one rats anyone else out, then you’re going to be the most successful players in the game. [laughs]

But the benefit, individually, at that moment in time, for screwing everyone else over in your party, is just insanely high. So it’s hard to ignore that and if you are that much better of a player, you can take advantage of that, having all of the experience of being able to protect yourself from their retribution.

Now, that’s not to say that they won’t find someone who’s smarter than them or in a group or a team that is going to be more effective at taking you down than you could be because you just don’t have that brain capacity. If you screw over like 100 people or 1000 people, likely, you’re not going to be able to survive that unless you form an alliance with another set of 1000 people who may or may not trust you anymore. [laughs]

But that’s the core of the game, right? I wanted to take EVE and I wanted to mix it with Uplink and I wanted to capture the nostalgia of my experiences playing MUDs as a kid.

If you look at the interface for the game, it is probably the most expressive and fastest interface that you could have to a game. You don’t walk places. There’s no transport time. The only hindrance you have is how fast you can actually type and how fast you send commands. But even how fast you type is taken out of the equation because of the autocomplete and scripting.

So if you write very targeted code, or, likely, you’re borrowing it from someone else. In the ideal scenario, you have people who write code on your team and you have people who understand puzzle systems and other player systems and you have people who know how to organize people and you have people who understand the world at large. Those are actually the four classes of the game: Architect (programmer), Infiltrator (PvPer), Scavenger (PvEer), and Executive (corporate executive/raid leader).

On your team, you might utilize your architect’s code just to reduce your friction in activity or you’ll utilize your research that your infiltrator has gathered before going into battle against other people. Or you’re trying to break into the heist here—the Gibson, for example, which has the highest difficulty puzzles and the highest payout, but there’s very little loot available. It’s complicated. There’s a lot of loot packed into a couple of users that you’re breaking into. What that does is it puts you much more into that situation where you have to trust your teammates and you have to execute really quickly before other players can get the loot.

So how many people are working on the game?

It’s just me. Full-time, it’s just me. I do like everything. I have a contract marketer to help me with this launch. I have a contract musician; she makes all the music and sound effects. I have a contract artist, who helped me out a while ago, but now she’s working full-time with IndieMegaBooth. And I have an old friend from the last game I worked on and co-worker, who writes some of the content from the game—the bots and how they they talk and interact—and has helped me create the world and the universe.

But overall, their contribution has probably not gone past 150 hours in total, or probably less than that, between all of them.

How long has hackmud been in development?

Two years.

Was there anything that inspired the interface other than classic computer systems? Most MUDs have telnet clients and some have extensions for telnet clients, but generally, you don’t see a lot of custom clients.

So I have a lot of experience making games in general. I started in seventh grade, but professional experience, I started at Microsoft about ten years ago. This client is in Unity because I wanted to have something that was straightforward and simple to implement in, but I wanted all of the power of a full 3D game. I’m using a lot of shaders. I’m using a lot of techniques from actual AAA whatever development.

I went back and I played some of those MUDs, like one of the highest concurrency MUDs these days, Aardwolf, and I realized that it’s too limiting to have a telnet client. Like it’s cool from a nostalgic perspective to go and play a MUD, but it really doesn’t inspire a quality experience. I was running into the problem where I wanted something like autocomplete for in-game stuff and you just can’t do that. I wanted to have a consistent and broad command and keyboard entry system where you can tab between characters with the option key, you can go to the end of the line and the beginning of the line, and that’s something that is consistent on all platforms. If I play it on Linux or Mac or whatever, it’s not based on the shell that I’m using. I wanted to be able to make the experience easy and feel good and awesome for a brand new player and there were just a lot of parts of the telnet experience that just don’t work for that.

I saw that the scripting language is basically just JavaScript with some restrictions. What are those restrictions?

Anything that lets you jump out of the sandbox. JavaScript is an awful language to have done this in. It is literally the worst language to sandbox, and I’m sure I’ll get some detractors there, but it is one of the worst languages that you could possibly imagine for doing this. You can literally change any of the system level stuff, so, for example, if you do Math.random() or Math.isInteger()—like “is this an integer?”—you can literally just replace those functions with whatever you want it to do and it propagates down to anyone else who’s running a script.

So let’s say I use your code in my code. You figure out what parameters there are to break a lock. I call your code to find out what these lock parameters are and then I run those lock parameters. Seems all good and fine. Except that, in JavaScript, you can change the way that math works such that integral values aren’t integers anymore, but they’re still saying they’re integers...god, it goes so far. But what this ends up doing is deleting your account and giving me all of your money.

Invariably, that is a problem that can happen. The worst thing is that JavaScript can execute arbitrary code through strings. So you could just write some code in a string and then you could execute that. Just run it. Now, what that does is, anything that I have protected, like other people’s bank account balances, literally everything in the game, account information—all available to you.

Anyways, Javascript was chosen because, when I initially prototyped the game, I needed a way to get it up and running as quickly as possible and my database that I was using was MongoDB and I was just running eval straight. So I was just taking your code, as a player, throwing it at the database, and the database would run it in the database’s context under JavaScript. That’s why I use JavaScript. It was the fastest way to get the game concept up and running.

After that, I had basically written a game in JavaScript. I have my game, the game that you play, but the game that I write is also in the same scripting engine. It’s just got a few protections in it.

So yeah, basically, as a player, you can implement the entire game that I’ve made in the game. I wanted to do it that way because, really, what that’s doing is it’s creating this strong foundation for players to create content. There’s really no limitation on the players as far as their ability to extend or change or modify the way that players play the game, much like real life where you’re hacking and you have to keep up with the changing environment where people increase security and increase obfuscation and then, now you have to write different code or better code or somebody breaks in and sees your code and exposes an issue.

We’re talking about very Architect-centric play. In the global sense, you would have Infiltrators breaking into other people’s systems, taking the right code, and then handing that off to another player, who’s the Architect, hand you new code or instructions to go and reintegrate into the system. You, as an Infiltrator, will be really good at hiding your steps or protecting yourself from retribution or not showing your impact to this other player that you’re trying to break into.

But on the other end, everybody’s trying to protect against this stuff, so they’re going to be really good at it.



Can players create bots? I had seen a number of them in the 0000 chat.

That place is called “Port Epoch” and it’s kind of like the cyberpunk town square or Times Square. It’s just going to be noisy because every player that gets out of the vLAN, like you, gets dumped into that place, so it’s going to be filled with advertisements for recruiting players and using these systems or those systems and existing players are incentivized and disincentivized to be in that place. It’s another one of those risk/reward things. It’s super noisy, but, if you’re there when a new player comes up, you can...do stuff with them, we’ll call it. You can recruit them to your corporation. You can trick them.

There’s a lot of incentive to get new players to understand the game well because they literally have nothing, so there’s nothing to take from them and there’s actually a tiering system that prevents your from doing heinous things to them. You’re incentivized to grow them up before you knock them down, but, in doing so, you’ve also made them better at protecting themselves.

It’s kind of this weird, we’ll call it the “zero day of human interaction.” You’re building up this player, which, if you never knock them down, might be a super useful asset for your cause, but, if you build them up and they end up turning on you or you build them up and you are turning on them, you know, intrigue.

It’s all in the spirit of the game, I guess we’ll say.

Do you consider eventually learning to create scripts to be an essential skill in hackmud?

No, I don’t, and I’ll tell you exactly why. First off, the early adopters have all been white hat programming cracking types. They do this for their jobs as a living. They’re JavaScript developers. They have broken so much of the game just from their work knowledge—not even knowing how to play the game. They just go in with their knowledge of JavaScript and break things.

They have created so much content and so much code for sale and available that, if you’re a good infiltrator, specifically, you just break into their systems, take their code, and run it or sell it to someone else. There is a whole world where you don’t have to know how to program to be successful. You just have to know how to hack. Exploit. Take advantage. Organize.

The other part is that these players, who are in the game right now, are dying for people who are good at puzzles because the level of difficulty of puzzle at the highest tier, they can’t figure it out and what they need is people who are really good at args and really good at super high level meta puzzles and looking at a chunk of data, recognizing patterns, and creating something meaningful out of it and exploring that path. But it’s a team thing. In order to see that data, you had to break through and you have to be able to automate the process of grabbing that data, which means that you’re reliant on someone as a programmer, but the thing is that these players, they’ll just write a bounty board in-game, post the thing as a bounty—“We will pay X for understanding this data.”—and then any player can come in and give them the answer.

If there’s like a new lock or something like that that comes into the game that no one knows how to break into, the programmer types—the architects—aren’t going to know necessarily how to break into that lock. They’re not going to understand how to break the puzzle or figure it out. Someone else comes along and gives them the answer. They may not know how to program the answer, but they can just hand it off and now we have a lock cracker. Then someone else can come along and steal that lock cracker, change the code slightly, and modify and sell it to people. Then the person who’s selling the code, someone else breaks into their system and now they can’t sell the code because the market’s saturated with code crackers that all do the same thing. [laughs]

Is there any significance to the two-minute time limit in hardline mode?

No and yes. The plan there is to escalate. There’s a lot of balance stuff that really depends on the exploits that players find, so that two-minute timer just felt nice for me when I was putting it together, but one of the directions it could have gone—or could go—is to have additional hardline levels for additional time, but requires you more time and more interesting difficulty of puzzles to get into. So there would be hardline, secureline, etc, etc and you would have to go through each step to acquire a higher level of connectivity, basically.

So yeah, the significance is that I chose it.

Is there anything guaranteeing that you will to be able to solve the puzzles that you need to in hardline mode within the time limit? I assume that, with everything you can create, you can create your own locks and such, and, for example, I’ve already had issues with getting the prime number lock done within the time limit.

So the prime one is an interesting case, right, you are forced here to find the code, the script, that would break that. Not that you would write it yourself, necessarily, but, for an architect—this is forced cooperative, right—that is the easiest code to write. You just go “here’s the thing you’re trying to break” and throw one, three, five, blah, blah, blah. You throw a bunch of primes at it, under 100, and now you’re done, right? That’s very easy for an architect to write.

At Tier 1, it’s also easy for you to figure out as a player. As you go up in difficulty in puzzles, it gets harder for both sides, if that makes sense. The puzzles require time for people to figure them out and an architect might not be good at figuring out those puzzles, but, if the solution is presented to the architect, they’ll be able to write the code that solves it—if they’re good at it. [laughs] So it just kind of escalates on both sides.

This isn’t implemented yet, but, for these new portions, as a player, you will be provided drops that are like a material system and code crafting. So you would get a chunk of code that, when combined with these other two chunks of code—like literally combined—would create an actual, running script that gives you the answer to one of these low-tier puzzles.

At a certain point, that drops off. Those drops don’t happen, but the drops happen based on an actual puzzle instance that you find in the wild. I’m going into details about something that’s not implemented, but yeah, there are plans to make that transition smoother, if that makes sense. Then architects can also leverage these existing chunks of code.

If you think about it, these are like weapons against a defended enemy. If you have all of the components to make this kind of blaster cannon or whatever, and you can now retrofit those blaster cannons to your capital-class ship—now think about this all as code—you have a custom, hand-crafted, not hand-plug-and-played, but hand-crafted, weaponized capital class ship of code that is used by potentially thousands of people that are in the same corporation and now you have crazy, weird stuff going on. You have this capital-class ship of code that can be infiltrated. Literally, someone can break into it and unscrew a couple portions of the hull and now you have a place that someone else can shoot at—we’re just taking this analogy all the way here.

You’ve got the vent in the Death Star.

The vent! It’s the vent in the Death Star, right, but the Death Star is made entirely of lines of code that, you know, just like an actual Death Star, there were architects that built the Death Star and forgot about this hole in the Death Star. Now, there were counter-architects that looked at the whole of the Death Star, found this hole, and told their infiltrators to go and fire some torpedoes down this hole. That is the game at the highest level.

So in other words, there’s always something that allows it to be solved. There’s never a piece of code that you can’t counter somehow.

So there’s a whole bunch of code that players can make—it’s basically infinite—but you cannot write code to protect your own system. So the locks that are protecting your system—that you’re breaking into the world and mining stuff from, that you’re finding loot drops of and you’re protecting your own system with—all of the code in there is written by me and it is necessarily balanced and breakable. It may be really, really hard—and you can interact it with other things in the world that make it even harder—but it is always necessarily breakable.

The idea here is that, at the highest tier of play, when a balance patch comes out and I produce a new lock, no one knows how it works and so everybody buys it. They buy it. They try and find it in the world. If they get one, they equip it because, until somebody figures out how to break into it, it’s the unbreakable lock. But, as soon as somebody figures out how to break into the lock, a crazy tree of intrigue begins and that is, if I know how to break the lock, I could sell the lock. I could hand it off to an architect to have them code up against the lock, but, every time I introduce another person into the equation, now somebody knows that I have the information to break into the lock. If I utilize that information to break into someone else’s system to get profit from it, now they know that I know the information and they will try to break into my system to get my script that breaks into it or whatnot. If I sell the information to other players on other teams, then I have a lot of money or a lot of enemies or both.

It just kind of expands into a rabbit hole of human interaction. That will happen regularly because that’s what’s interesting, right? And as the complexity of the game grows, it behaves a lot more like just a regular MMO or a regular MOBA, where there’s a metagame, which is what is good right now, and the metagame on the metagame, which is figuring out what is good right now, and then that last until the next balance patch, basically.

What made you opt to use a full, three-hour introductory story as a tutorial?

Early on in development, players didn’t know what the hell they were doing or what the hell to do, even after they knew what they were doing, and these are like super-experienced programmer devs who understand hacking and all this stuff. They didn’t know what to do. They didn’t know how to do it, right?

The thing is that you really have to be taken through a single story out of the infinite stories that you have in multiplayer. The single-player is really just kind of like one hand-crafted moment from the real game that takes you through what you would be doing with other players and the stories you would create there. Those stories are much more interesting than the tutorial I made, but the point is that, in order to understand, you have to be kind of socialized into the game. You have to understand that “okay, scripts can take all of your money so don’t run them...maybe.” But you have to to get the information to continue on. Are you sure you can trust your teammates? How does that play into the world at large?

It was kind of built out of necessity to spark the multiplayer experience and to teach you about these systems at a very basic level. The game is just really complicated, but it’s not unapproachable. You can sit down and you can make progress on it—especially when there are other people around to work with you and to encourage you to contribute to the world and play a game. It’s just that it goes on forever. It gets more complicated and there’s not a limit to that. Other players create that complexity just via their level of skill and their level of play. Making better defenses makes better offenses, etc.

So the reason why I built the experience that I did was that I started making a tutorial and it was kind of effective, it wasn’t really effective, and what I realized was that you really need to understand the full game experience in order to be successful in the multiplayer environment—just on a basic level—and then I wanted to make a good single-player experience after that. It was like “oh, well, I’m already in. I better make a really engaging, fun single-player experience with hand-crafted puzzle things.

It’s kind of like the single-player’s a preview of the multiplayer experience and the level of depth that it goes into. Hopefully, you made it through. The numbers are showing that people are making it through and are engaged and excited about it.

Are you planning to monetize in any way other than the initial fee?

Absolutely. The thing is how the hell am I going to support this if I don’t re-monetize, right? I would really like to not do a subscription, but it might work out better to have a subscription. At this point, I don’t know. Ideally, the subscription would be if I can get the server costs under control and I can offer it at a very reasonable price.

The point is that I want to be able to have a sustainable development environment. I’m looking to deliver this experience to players and continue delivering this experience to players. I’m not looking to be rich or make a lot of money or whatever. That may happen, and that would be amazing and awesome, but anyways, back on track.

Subscription? No. No plans at the moment. Monetizing backpack size, which, in this case, is the number of users that you can have, that’s the first planned monetization and that will be in-app purchases, basically, through Steam. Merch booth. Physical goods stuff that I have planned, which is really, really cool stuff that you will probably want because it’s really cool. Then, after that, it’s cosmetic items, things that make you look really cool and let other players know that you support the game and you think it’s really cool and you’re paying for them to play the game, basically, and they’re paying for you to play the game.

I mostly just want to create value for players and have them support because they love the experience and they want to continue to have the experience.

--

hackmud is available now on Steam for $13.37.