[20:38] <Invisigoth> http://forums.megatokyo.com/index.php?showtopic=1733705&view=findpost&p=4917748     in reply to this I'd like to point out the story of Fansy the Fabulous Bard
[20:38] <Invisigoth> http://www.notacult.com/fansythefamous.htm
[20:38] <Invisigoth> someone can run an exploit for a long time
[20:39] <Invisigoth> it's a fascinating and funny story
[20:40] * c.ustream.tv sets mode: +v cirneth
[20:41] <TehJawkn1> bye all. I'm heading home.
[20:42] * chat2.ustream.tv sets mode: +v chemiclord
[20:46] * c.ustream.tv sets mode: +o Kalium
[20:46] <Invisigoth> http://www.notaddicted.com/fansy3.php   <-- that was an awesome exploit
[20:51] <07fredrin> ok, jack might sleep now.  we'll see
[20:52] <07fredrin> i knew there were examples out there of long running and hard to pin down exploits
[20:54] <Kalium> I hate to break it to you
[20:54] <Kalium> but that isn't exactly "hard to pin down"
[20:54] <Kalium> If you want seriously complex exploits, go looking at Windows or IOS.
[20:55] <Invisigoth> do you know why the nexus scion attacked when Fansy sicced the charmed lions on players?
[20:55] <Kalium> Do I care?
[20:55] <Invisigoth> we are talking games here
[20:55] <Kalium> The complexity of a game is limited.
[20:55] * c.ustream.tv sets mode: +o alpicola
[20:55] <Invisigoth> your imagination is limited
[20:55] <RayKr3mer> Contrary Kalium is contrary.
[20:56] <Invisigoth> you don't need to be a haxx0r to be able to work an exploit
[20:56] <Kalium> Please. There is "complex to a layman" and there is "actually complex".
[20:56] <Invisigoth> but you still don't know why the nexus scion attacked and I do
[20:56] <Kalium> Yes. Congratulations. Now you can feel superior.
[20:56] <Invisigoth> nope
[20:57] <Invisigoth> it's not just a feeling!
[20:57] * Invisigoth will behave now
[20:57] <Kalium> "complex" would be more like the NetBSD hole that had to do with the overflow behavior of an int datatype under specific conditions
[20:58] <RayKr3mer> Kalium: you don't have to look down on game exploits just because you know about OS exploits
[20:58] <Kalium> OSs are complex.
[20:58] <Kalium> The most complex things in games are the graphics.
[20:58] <RayKr3mer> so are MMOs
[20:58] <Kalium> That's been the case for upwards of a decade.
[20:59] <Invisigoth> my younger brother programmed automated landing programs for NASA in the space shuttle program...in assembly language
[20:59] <Invisigoth> don't try to impress me with jargon
[20:59] <RayKr3mer> Okay, you don't have to look down on game exploits just because you don't understand them



Session Start: Thu May 28 21:00:06 2009
Session Ident: Kalium
[21:00] Session Ident: Kalium (jwagnerk@7E9A0915.1B88C1C1.E97E5FF4.IP)
[21:00] <Kalium> You don't get it, do you?
[21:00] <Kalium> Games really are comparatively simple.
[21:00] <RayKr3mer> Please stop being an ass
[21:01] <Kalium> because... I know what "complex" is in a computer context?
[21:03] <Kalium> The amount of complexity in a game simply does not approach the amount behind the scenes in an operating system.
[21:05] <RayKr3mer> That doesn't matter. You're looking down upon something because you are knowlegdible in an unrelated field. That's not cool.
[21:06] <Kalium> ...unrelated?
[21:09] <Kalium> You really know nothing.
[21:09] <Kalium> Basic tenants of computer security are pretty consistent.
[21:10] <Kalium> Buffer overflows are common, and usually due to the same cause.
[21:10] <Kalium> Even in the context of different types of programs.
[21:11] <RayKr3mer> I'm not the person to argue that with. All I can see is you arguing MMOs from the perspective of things that aren't MMOs
[21:11] <Kalium> I'm arguing MMOs from the perspective of computer programming.
[21:11] <Kalium> The set to which MMOs belong.
[21:12] <RayKr3mer> You are arguing woodworking from the perspective of botany
[21:12] <Kalium> I can tell you why a buffer overflow causing a crash would cause duplication.
[21:12] <Kalium> Because it breaks synchronization of data between systems.
[21:13] <Kalium> A sufficiently clever overflow could be used to take control of a whole server.
[21:14] <Kalium> I am talking about programmimg.
[21:14] <Kalium> MMOs are computer programs.
[21:14] <Kalium> They are subject to the rules and flaws that come with being programs.
[21:14] <RayKr3mer> You're ignoring the forest for the trees here
[21:15] <Kalium> What, that you think I need to know MMOs to point out that they are dramatically less complex systems than other complex systems?
[21:15] <RayKr3mer> rather you're ingoring the forest for the leaves
[21:16] <Kalium> You're really going to have to explain this, 'cause all I see is you defending your asshole of a friend who doesn't know nearly as much as he thinks he doesn.
[21:17] <RayKr3mer> You don't know about MMOs, clearly. You just know about programming.
[21:18] <Kalium> I know the nature of complex systems.
[21:18] <RayKr3mer> but you know? Everything you don't know about seems simple until you really look into it, or try it.
[21:18] <Kalium> I know that most systems, games especially, aren't as complex as they seem to the users. They are a series of relatively simple parts interacting in relatively complex ways.
[21:19] <Kalium> Games can't *afford* to be complex.
[21:19] <Kalium> Real complexity doesn't perform well.
[21:19] <Kalium> Graphics and games tend to make a lot of simplifying assumptions.
[21:20] <RayKr3mer> You do know what missing the forest for the trees means, right?
[21:20] <Kalium> Sure.
[21:20] <Kalium> I also know I've done some game dev.
[21:21] <Kalium> I also know I've worked on distributed computing projects more complex than a game's server-client model.
[21:22] <Kalium> Your argument is that while I may know programming, I know little of MMOs in specific, and thus cannot speak to the subject and am getting lost in the details.
[21:22] <RayKr3mer> You know what I just remembered about complex systems? There are always surprises even for the people that know all about them.
[21:22] <Kalium> Was that supposed to be a potshot at me? You'll have to do better. You'll get no argument on that point.
[21:23] <RayKr3mer> If games are complex systems, how can you then disregard them as being simple?
[21:23] <RayKr3mer> Your argument is game exploits are trivial because games are stupid simple compared to your hot-shot OSes
[21:24] <Kalium> I never said trivial.
[21:24] <Kalium> But there is a sharply limited amount of complexity in a game.
[21:24] <RayKr3mer> you never used that word, no
[21:25] <Kalium> But I did imply it, yes.
[21:25] <RayKr3mer> So games aren't all that complex, so all those fancy exploits don't mean shit.
[21:25] <Kalium> Because with incredibly rare exception, games do not have the complexity required to have really complex exploits.
[21:26] <RayKr3mer> I think you're talking about a completely different level of complex than what it means to an MMO player
[21:26] <Kalium> I am/
[21:26] <Kalium> I mean "complex in a computational sense"
[21:26] <RayKr3mer> So then why be a pompus ass about it?
[21:26] <Kalium> which is dramatically different from "wow that's a complex game"
[21:27] <RayKr3mer> right, so comparing apples and oranges, missing the forest for the trees
[21:27] <Kalium> In a very meaningful way, Flash is more complex than most games.
[21:27] <RayKr3mer> You cop your attitude that MMO is shit stupid simple because you know that REAL complexity is
[21:27] <Kalium> Last year sometime, there was a Flash exploit. *THAT* was complicated as hell.
[21:27] <Kalium> I don't think it's simple, per se.
[21:28] <Kalium> But it's not nearly as complex as it looks.
[21:28] <RayKr3mer> You're talking about complex from the code perspective, not complex from the game rules perspective
[21:28] <Kalium> Game rules are code.
[21:29] <RayKr3mer> the rules are operated by the code, but they are not the same thing
[21:29] <Kalium> Game rules and game logic - just like business rules and business logic - are not really all that complex.
[21:30] <RayKr3mer> If I said computers were simple because all they are is electrons moving along conductive pathways, that physics is the real complexity
[21:31] <RayKr3mer> that's looking at it from a different level
[21:31] <Kalium> There's an appreciable amount of truth in that.
[21:31] <RayKr3mer> of course there is but it's not relevent to the conversation about computers
[21:31] <Kalium> Mm... yes and no.
[21:31] <Kalium> There's actually more truth to that analogy than I think you realize.
[21:32] <RayKr3mer> See, you're talking shit about MMOs because you could break down the code and explain every little bit about what goes on, without paying attention to what's going on in the MMO itself
[21:32] <Kalium> A chip is built from AND, OR, and NOT gates, which in turn are built from simpler components...
[21:32] <RayKr3mer> You can explain the physics of it and so trivialize the stuff that's happening at the macro level, if you will
[21:34] <Kalium> I see and understand your point.
[21:34] <RayKr3mer> good, thank you
[21:34] <Kalium> That does not invalidate my initial argument: as a point of fact, games and applications are not all that complex.
[21:35] <Kalium> Let's take the buffer overflow example
[21:35] <RayKr3mer> From the angle you are arguing from you are correct, but the initial conversation wasn't about that angle of it
[21:35] <Kalium> Using it to cause a crash is about the crudest use possible.
[21:35] <Kalium> Akin to taking a chisel and just using it to break things.
[21:36] <RayKr3mer> Sometimes the crudest method is the most effective
[21:36] <Kalium> Not really. A buffer overflow can be used to execute arbitrary code.
[21:36] <RayKr3mer> I don't think a lot of game hacks are meant to be elegant as long as they get the desired results
[21:36] <Kalium> That's a formal way to say "With a properly used buffer overflow, I can take over the whole system".
[21:37] <Kalium> (which is what happens in Windows a lot, for the record)
[21:38] <Kalium> A buffer overflow lets you execute from an arbitrary point in memory. Such as one you control and have written your instructions to.
[21:39] <Kalium> See the power?
[21:39] <RayKr3mer> See, the problem here is an article about a game exploit that happened was referenced, an exploit that went on for a long time, this is recorded fact
[21:40] <RayKr3mer> and you came in and said "that's impossible because exploits are simple"
[21:40] <Kalium> I think you misread me.
[21:40] <Kalium> Exploits are simple.
[21:40] <Kalium> Fixing them can be hellishly complex for non-technical reason.
[21:40] <RayKr3mer> and then you started showing off by talking about windows exploits
[21:41] <Kalium> ...you actually think I was showing off? I was attempting to illustrate.
[21:45] <RayKr3mer> You were immediately dismissive of games after declaring that an exploit that is recorded history as being difficult to stop actually wasn't, that you know better because you're a PROGRAMMER
[21:45] <Kalium> "difficult to stop" is different from "different to stop in an acceptable manner"
[21:46] <Kalium> see above about non-technical reasons
[21:46] <RayKr3mer> You're injecting some kind of new argument now?
[21:47] <Kalium> Hm? No, not really. Just that there are multiple solutions. In the problem presented, getting rid of the PvP invulnerability would have changed things a lot.
[21:47] <RayKr3mer> I'm talking about you thumping around with your big ass "I'm important" programmer boots and shitting all over MMOs and their mechanics and their exploits
[21:49] <Kalium> What, exactly, do you expect from me?
[21:49] <Kalium> "Gee, that game that isn't as complicated as you think is actually REALLY COMPLICATED!"
[21:53] <RayKr3mer> When it's recorded history that something was complicated, and you rush in and claim it's not, I would tend to think you don't actually know enough about the subject to comment and are just attempting to show off, yes.
[21:55] <Kalium> You rely too much on materials written for a general audience.
[21:56] <Kalium> MMOs - I know for a fact that this happened in WoW - are given to very hacky attempts to fix things.
[21:56] <Kalium> Attempting to slap a patch on a wound and one-off things instead of solving the real problem.
[21:57] <Kalium> WoW had a number of issues related to its in-game user-side scripting.
[21:58] <RayKr3mer> So you're smarter than everybody and the articles about Fansy are all fabrications
[21:58] <Kalium> At least one scripter spent months playing cat and mouse with the WoW devs.
[21:58] <Kalium> OK, now you're getting way out there.
[21:59] <RayKr3mer> If I'm relying too much on materials written for a general audience, and if the hard-to-stop exploit wasn't because game complexity isn't, then you are saying the article is inaccurate
[22:00] <RayKr3mer> It's all lies and you can tell because you're a big-ass programmer
[22:01] <Kalium> ...
[22:01] <Kalium> are we having the same conversation here?
[22:02] <RayKr3mer> Not really, because you're attempting to justify being a pompous ass by explaining technical things and I'm just saying you shouldn't be a pompous ass.
[22:07] <Kalium> You'll have to give me a moment to get over the sheer irony of that.
[22:12] <Kalium> Mostly it's this - having been a user in a domain, even over a long period, doesn't mean you know a damn thing about the domain.
[22:12] <Kalium> And yes, the odds are *very* good that the people trying to stop the exploit were doing it badly.
[22:17] <RayKr3mer> Okay, see what's happening now is you are backtracking and explaining your original point, and that's lovely. What happened an hour ago is you jumped topics to OS exploits and in reference to games would only say they are comparatively not complex, neither of which was constructive to the conversation that was occuring when you arrived.
[22:20] <Kalium> Looking back, there wasn't much of a conversation until I arrived.
[22:21] <Kalium> Next time I'll be explicit about why I'm bringing up a point of comparison.
[22:49] <RayKr3mer> BTW, you know what the real thing of it that we missed was? The exploit being pulled by Fansy the Bard wasn't an exploit attacking the code, it was an exploit attacking the rules. It wasn't difficult to stop or "complex" if you will for any technical reason, the issue was the legality of it all.
[22:50] <Kalium> See above about non-technical reasons.
[22:50] <RayKr3mer> I would have to search for it, it seems all you were interested in was technical issues
[22:51] <Kalium> For any problem having to do with in-game rules, there is generally a technical solution. In this case, ditching the restriction about PvP only occuring over level five would have done it.
[22:52] <RayKr3mer> That's not a technical solution, that's a legality matter. Yes you implelent it in the code but it's a rules change, not a patch for a coding oversight.
[22:53] <Kalium> That was a design oversight and poor engineering. Hardcoding is almost invariably a mistake.
[22:54] <RayKr3mer> Had nothing to do with engineering. Poor engineering is when a bridge falls down. this was a poor choice in rules, like when a card in a CCG is unbalanced and eventually outlawed
[22:54] <Kalium> "engineering" is a perfectly valid term in a software context :P
[22:54] <Kalium> It's a term in common use.
[22:55] <Kalium> "Software Engineer" is a common job title.
[22:55] <RayKr3mer> It's not a software issue though, it's a game rules issue.
[22:55] <RayKr3mer> the software is only the medium here
[22:55] <Kalium> Yes, and no.
[22:55] <RayKr3mer> oh, come on
[22:55] <Kalium> The engineering dictates the contours of the rules that can be laid down.
[22:56] <Kalium> A big chunk of why this worked to begin with has to do with the PvP restrictions.
[22:56] <RayKr3mer> Games aren't designed the way bridges are
[22:56] <RayKr3mer> not the rules end of it anyway
[22:56] <Kalium> Well, whiteboards instead of blueprints, but...
[22:56] <RayKr3mer> the technical stuff yeah, but that's just implentation of the stuff decided by the writers and such
[22:58] <RayKr3mer> the idea of a no-rules PvP server and the exemption of new players from PvP so they don't get chased off of the game were not engineering matters
[22:58] <Kalium> It's a logical inconsistency.
[22:59] <Kalium> One of the rules was hardcoded, which is an engineering issue.
[22:59] <Kalium> (means the rules engine is insufficiently flexible)
[22:59] <Kalium> It also means someone wasn't paying attention.
[23:00] <Kalium> A logical inconsistency like that virtually guarantees an exploit of some sort.
[23:00] <RayKr3mer> The fault was in the rule, not how it was implemented. Maybe that made changing the rule harder, but that's not the issue either, the issue is whether or not they decide to change the rule as a response to the exploit.