Edit: the random-reversing bot was "Nostradamus" by Tim Dierks, which was declared the winner of the "supermodified" class of programs in the First International RoShamBo Programming Competition. [2]
[1] https://web.archive.org/web/20180719050311/http://webdocs.cs...
> "With his obvious technical skill, and his "cheat early and often" attitude, Tim could have a promising career as an AI programmer in the computer games industry. :)"
Instead took a path of security, authoring the TLS RFC and principal engineer in Google security. Thanks for the flashback.
I had a cool vision for “tag play” … I visualize mini RFID records on a turn table that tell Roku what to play.
I’m actually a bit relieved they have you on the team. Considering what they (Google) know about us all.
https://web.archive.org/web/20180719050236/http://webdocs.cs...
> Nostradamus was written by Tim Dierks, a VP of Engineering at Certicom, who has a lot of expertise in cryptography. The program defeats the optimal player by reverse-engineering the internal state of the random() generator, which he states "was both easier and harder than I thought it would be". To be sporting, it then plays optimally against all other opponents.
> Fork Bot was based on an idea that Dan Egnor came up with a few minutes after hearing about the contest. Since "library routines are allowed", his elegant solution was to spawn three processes with fork(), have each one make a different move, and then kill off the two that did not win. This was implemented by Andreas Junghanns in about 10 lines of code. Unfortunately, since all three moves lost to the Psychic Friends Network after the first turn, the program exited and the remainder of that match was declared forfeited.
> The Psychic Friends Network is a truly hilarious piece of obfuscated C, written by Michael Schatz and company at RST Corporation. Among other things, it uses an auxiliary function to find good karma, consults horoscopes, cooks spaghetti and (mystic) pizza to go with various kinds of fruit, #defines democrats as communists, and undefines god. We're still trying to figure out exactly what it is doing with the stack frame, but we do know that it never scores less than +998 in a match, unless it is playing against a meta-meta-cheater.
> The Matrix was written by Darse Billings, who holds the prestigious title of "Student for Life", and recently started the PhD programme at the University of Alberta. The RoShamBo program defeated every opponent with a perfect score, based on the simple principle "There is no spoon".
> Since The Matrix is also the tournament program, it has complete access to all other algorithms, data structures, and output routines, and is therefore unlikely to ever be overtaken. As a result, this category is hereby declared to be solved, and thus retired from future competitions.
I believe it works as follows: - It plays randomly for the first 998 turns (https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...): this line is "if (*turn < trials - 2) return libra ? callback() : random() % 3;", and "libra" is initalized to (int) NULL, i.e. zero, on every invocation.
- In the last 2 turns, it uses `find_goodkarma` to comb through the stack to find where the variables that match its history and the opponents' history are stored. These the stack arrays p1hist and p2hist (https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...)
They're easy to find because they contain 998 known values each in a ~random sequence of (0, 1, 2), and they're just upwards of the stack from the current invocation of the Psychic Friends Network.
`find_goodkarma` simply increments a pointer until the whole sequence of 998 values matches the known history.
- Then, it rewrites the history to make itself win. These lines (https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...) never get executed, then these lines (https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...) tally up draws so far (libra), wins (cancer) and losses (scorpio).
This line makes sure its move is the opponents' move +1 mod 3, which is the winning move: https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...
Then, these lines repeat the same trick for the number of wins and losses. It checks whether it's p1 or p2 by comparing the addresses of the win/loss arrays, and then overwrites the wins/losses appropriately using `pizza` https://github.com/MrValdez/Roshambo/blob/master/rsb-iocaine...
in the end it returns an arbitrary value (the address of `good_hand` mod 3).
It was fun to follow but the result is kind of boring :)
There's something beautiful here and you honestly couldn't make it up.
(And the transparency got them an improvement in their security in the end.)
https://en.wikipedia.org/wiki/Hardware_random_number_generat...
In a similar vein, the SciCraft minecraft server had a creeper farm which used some sort of black magic setup in order to deterministically manipulate an RNG state to trigger a "random" lightning strike at a specific block every frame in order to get better creeper drops. https://youtu.be/TM7SutJyDCk
I really don't have words for how great this post is. It made my week.
Later
A really concise explanation of the same process you can step through in Python:
https://crypto.stackexchange.com/questions/37836/problem-wit...
> which I can almost pretend to understand if I squint
This is me and all cryptography :D
This is not little payout, it sounds to me like one of the most significant exploits in anarchy minecraft history, possibly even more than nocom.
The idea of a free for all bug abusing server is pretty neat, a whole ‘nother level of the game.
I guess this is what “actually fighting” (rather than just using in-game battling mechanics) would look like if the metaverse really happened ever.
because of a long history of duped high value items, PvP is just simply spamming ender crystals which deals massive damage when broken, and the defense is just how many "totems of undying" you have which absorbs lethal damage.
of course all the hacked clients automate placing ender crystals, reloading totems and identifying weak/strong locations so you're following those guidance to spam damage.
a little before that there were hacked +32,767 damage swords that will insta kill you that was patched out by the server.
What’s the difference between a weak and strong location?
I could imagine funny evolutions over time, just a random thought, if everyone is running a “glass cannon with lots of 1-hit protection” build, then I guess if players had to pick between fast/little attacks and big/slow ones, they’d favor the former. If everyone is walking around with little attacks just intended to trigger the 1-hit protections on their fellow glass cannons, then actually using the in-game armor system might turn those one hits into two-hits, making it relevant again. If the systems were properly tuned, (it could be exponentially difficult to gather 1-hit protections and extra lives, so turning those 1-hits into 2-hits could be really valuable), mechanics could be saved from obsolescence in interesting ways.
I’m not describing Minecraft at this point, just spitballing. It would be interesting to see a game designed with this evolution of “things being broken” taken into account, though. I guess that’s what Magic the Gathering is, hahaha.
Balance converging around bugs and exploits is pretty typical for all PvP sandbox games with cutthroat gameplay, even if not allowed by the server. ARK: Survival Evolved and Eve Online are infamous for having huge clans (thousands of players) willing to go extreme lengths at metagaming and bug exploitation. It isn't always that rosy, ARK had certain mechanisms to dox players and their multiple Steam accounts, which I believe led to a few spillovers of the ingame relations to the real life during the Great War. Sometimes it's very basic stuff though, like building a huge tower and breaking it upon being raided, DoSing the server and crashing it, after which it rolls back to a previous backup made 10-20 min ago, making your base very hard to raid if you have active players. (an ancient thing that was fixed many years ago)
Rust (the PvP game, not the language) also had the policy of encouraging players to spread and publish bugs and exploits on YouTube, but with the different aim - so that the devs would notice and patch those faster. This resulted in a pretty robust game that is extremely hard to exploit without resorting to actual external hacks.
Sometimes you got funny situations like top guilds cheesing new raid content in their race to finish it first, leading the devs to go "cmon bro, you only played yourself" and then patching it immediately after, but almost never taking any loot away or banning anyone.
Also funny is the common situation where you don't want to _admit_ to everyone in your guild that you have at least one person running it, but you can kind of figure it out and it becomes an open secret.
1 - These are the days where you might have to clear down a dungeon 4 hours to see if a mob is up, or, even worse, to see if it's camped or not. Alternatively (or as a cover) people just parked alts but you get the idea. Also, come to think of it, Diablo had this too with maphacks and grabit and such
But I agree that there are far better anarchy servers than 2b around.
Isn't this basically any non-VAC CS 1.6 server?
I often find myself sharing the rng in my code for performance reasons, but stories like this definitely make me pause.
If you found this amazing, take a look at this, it'll blow your mind.
https://www.youtube.com/watch?v=ea6py9q46QU and https://www.youtube.com/watch?v=GaRurhiK-Lk
At this point it feels like having PRNGs be defaults is just not that safe of a thing to offer in libraries. Like defaulting to allow TLSv1.0 or blowfish in 2024.
2b2t (an anarchy servers in genral) are Minecraft the way it is meant to be played.
My girlfriend and I watch all the fitmc videos even though neither of us play minecraft, and love the ones detailing your insane tooling the most.
Ever since we watched the nocom one I’ve wondered what you do professionally - are you in the infosec space?
With the amount of math and computer science knowledge you put into your work I would guess more in algorithmic trading or something like that. No worries if you don’t want to answer, just curious!
Naming Baritone after Fit is actually a coincidence / joke, the repo github.com/cabaletta/baritone was the result of random brainstorming for something untaken. We only later realized it described Fit and thus added that to the readme :)
