Random Dice on the Zone, in Backgammon...(06/12/04)
Nope, this isn't about the randomness of dice rolls and how doubles appear more frequently
for some players.
Nor is it about the distribution of certain number dice on the zone.
It's about something much more fundamental that any of that.
Dice rolls are broken... Period.
Sometime ago, a player posted on Aunties that he had a debug version of the backgammon program that allowed him
to completely control the dice. The overwhelming reaction was that this was impossible.
(Despite the fact that anyone with a res editor/viewer could have easily found the hooks that could have been
the evidence of this assertion)
Recently, several testimonials have come to Aunties asserting that not only could this be done, but that someone had
discovered an exploit that dice, not only your own, but also your opponent's, could be completely controlled.
For you programmers out there, it's now time to sit back and go "hmmmmmmmm" and "Oh MY G%D!"
For the rest of you, let me explain the real implication, if what has been reported is true. Forget the fact that
someone found out and exploited a flaw (my apologies, but all programs are flawed - it just depends what you are
looking for to identify it).
Forget the fact that this means that what one person found, many others could have found as well (Yes - this means the
potential validity of any match should be questioned).
Forget even that the problem still exists even though it has been shown to the Zone staff for over a week now (Never
make the false assumption that programmers can respond overnight to any defect and fix it. Let alone whether management
will rush to address the problem).
Here's the bigger picture for all you auntites out there...
The only way to have a fair game in backgammon, is that the server must truly control all the variables (dice rolls, recording
moves, match score, etc). This is what makes server-based games so popular and preferred. Individual users have no
more control over the game than in real life.
Unfortunately, it has become quite apparent (see the last article - Tech awards, as well), that the Zone collection of
programs are architected in such a way as to either allow a client to override game information that is obstensively
controlled by the server, or directly control the server's behavior and response. THIS is the fundamental flaw in the
Zone backgammon server/client design, and until this particular problem is addressed - and trust me - not only is
this not trivial, but it is a significant re-architecture job - all players are at risk of being affected by similar
exploitations.
Now, don't go copping an attitude that nothing can be done. It can.
The zone needs to review their interface rules between the server and client and look for the areas where the server
information is compromised, as well as check for all the normal nasty bugs - input validation, data validation, and buffer
overflows.
Does the Zone have their work cut out for them? Absolutely. WILL the Zone address the issues? All I can say is that
it is one more nail in their coffin if they don't.
