I wrote a snarky response because of the final insulting comment in yours but then thought better of it, going to try to address a couple of your points legitimately even after the unnecessary personal attack.
Sorry, It’s not meant as an attack. I am simply calling it as I see it because I get a lot of gamers who think they’ve arm-chaired thought far more about my job as a networked gameplay engineer than I have. I’ve been doing this for a very long time and I know where developers cut costs. Anti-cheat isn’t just a slap-it-on and call it a good solution. There are a lot of reasons you want to trust the client and it makes the gameplay feel far better.
It’s a lot cheaper to make your server dumb. It costs you less in programmers with deep multiplayer programming experience, it costs you less in ongoing hosting because of reduced CPU usage, and it makes the problem less “yours” as a developer.
Typically, the server, especially in counter-strike’s case, isn’t dumb. In all games, the server still handles the dealing of damage which typically includes validations of that damage. In counter-strike’s case, very little data is calculated on the client. Most of it is raw data sent from input to the server.
Your argument seems to be that a quake-style predictive algorithm is the only solution possible for online games. I doubt that is the case, but even if it were, using some raycasts on the server for some basic sanity checks on what data to send to players is an example of where lots of developers just can’t be bothered.
Lots of game engines including source include and utilize ways to ensure the player is reporting sane inputs. Also, interpolation is different than extrapolation. Lastly, you don’t need to do raycasts to double-check this data. A lot of the time the raycasts are done on the server itself. In counter-strike’s case this is also true. Raycasts are done on the client typically for cosmetics only. You can see this with 3kliksphilip’s videos on sub-tick.
If you want to dismiss machine learning as heuristics, I’m sorta ok with that, as I think they are just glorified heuristics, but even the most basic analysis isn’t done by most developers. Instead, they rely on the sales pitches of various anti-cheat software and don’t implement anything beyond it, even when there might be some low hanging fruit.
Heuristics haven’t been done by developers in a long time. A lot of that is actually done in Valve’s case by Overwatch. Also, Valve makes it’s own anti-cheat called VAC. They aren’t getting sales pitches.
I am not saying developers are lazy, there’s tons of stuff to work on. I am mad that this problem gets repeatedly pushed onto the users rather than the developers, though, and I think it’s reasonable for me to offer some pushback when both my CPU cycles and my privacy are being abused.
Frankly, I feel like it’s wrong for you to say that the problem is pushed onto users when you don’t understand the code and effort the developers are writing to solve this issue specifically with counter-strike. VAC is probably the anti-cheat with the least amount of client code. It rests almost entirely on the server. One thing VAC does do is lock down the client on Windows to prevent modifications. One thing you can easily do is replace assets for walls with transparent textures to see through walls. That’s why things like the code and assets can’t be tampered with. Most game engines only send updates to the positions of actors in a network bubble. Maybe Counter-Strike’s network bubble is too large at the time but that’s not an argument you made.