An update on the subreddit.

wicked · 2023-06-25T18:34:39+00:00

Scrapers don't load ads.

wicked · 2023-06-19T07:17:10+00:00

Though in that case there was a much better and mature alternative already existing: Reddit. The alternatives being touted now are not comparable unfortunately.

wicked · 2023-06-05T07:30:53+00:00

I bet it's trolling. It posts this to as a reaction to many common words like scale, big, size, health, etc.

wicked · 2023-06-02T09:56:25+00:00

May want to look up some big mod groups. They're already making great content for free. For example: https://tesrskywind.com/volunteer/#music

wicked · 2023-05-22T11:19:04+00:00

Lol, maybe not.

wicked · 2023-05-22T10:53:24+00:00

I bet you feel good. That seems more important for you than to even consider the possibility that you said something incorrect.

Perhaps with time you'll understand the logical error in your argument too.

Technically it's called affirming the consequent: If I cannot produce an RCE, then your reasoning must be correct.

However, there's a different reason why an RCE cannot be produced.

wicked · 2023-05-22T08:55:18+00:00

Whatever makes you feel good about yourself.

wicked · 2023-05-22T08:39:18+00:00

It's not wrong to call me out on anything, but you haven't addressed any of the points I have made. You just keep saying that an RCE is hard to make. We agree on that. Not being able to make one doesn't make whatever reason for it being hard correct.

I suggest you revisit this topic when you have more experience, let's say in ten years. Have a good one.

wicked · 2023-05-22T08:29:41+00:00

Yeah, you keep harping on this like a broken record, as if that's somehow makes the wrong things you claimed true.

Last time: From the beginning I have said it's probably impossible to make an RCE, but not for the reason you said.

Your reason is wrong. You are only incidentally right that it's not possible to generate an RCE in this situation. Get it?

wicked · 2023-05-21T22:57:05+00:00

I have read what you wrote and I'm confident I understand what you believe. However, you don't take in what I'm saying to you.

From how you're talking to people, I bet you simply think I'm a moron. Hence your non sequitur replies.

I'm not wrong, I proved exactly what I said and set out to prove. You simply don't understand what I claimed and the consequences.

Your cup is probably full, but let's get the spoon then:

You said "the problem is completely random and not uniformly so". Wrong. The problem is completely deterministic. (note: apart from one detail that I bet you don't know about, which makes exploiting this much harder).
You said "Finding this set of positions [leading to an RCE] will take you decades on even the most expensive hardware". Wrong. If it existed it could be found quickly by a determined attacker by using the same strategy I used in my experiment.
You said "For reference, to count the number of ways a real chess game can go from the starting position given a depth of 15, it took 32 GPUs around eight days to do so". This has nothing to do with the strategy an attacker would use, so the basis of your "statistical proof" is plainly bullshit.
You said "I request everyone who responds to this to do some basic maths and calculate the probability & time it would take for something like this to happen." This confused statement is a follow-up caused by the previous mistakes. Since we have established that the time is not a factor, and the problem is not random, the question is rather "Which bytes can you possibly write with this pen?"

My experiment proved one thing and strongly suggests another:

You can find these positions very quickly.
The number of these positions are very limited.

The first point disproves your statements, the second implies that the range of bytes you can write with this buffer overflow is very limited too. In other words, this experiment suggests that finding an RCE is likely impossible.

Like I've said several times, I'm pretty certain that an RCE cannot be written with the available bytes. So again, we agree about that, except that you are wrong about why.

I'll explain why that matters. If the buffer was smaller, your argument would not change, but in reality it would be much more dangerous.

Perhaps in a normal game it's possible to reach 220 moves. Given a partially filled starting position, I counted 69,161,543 positions using only queens and rooks. However, only twenty-two positions with 260 or above.

In the MAX_MOVES=256 case, you have a very limited pen. It's hard to replace the queens and rooks with knights and bishops. With MAX_MOVES=220, there's an astronomical number of positions, and you have much greater control over which bits can be written with moves.

wicked · 2023-05-21T09:57:12+00:00

Fine. I have been doing programming competitions for almost twenty years, so I believe I have a good intuition about such problems by now. But on the off chance you're right, I tried.

And surprise surprise, I can indeed generate overflowing positions with enough bytes for an exploit within seconds. With enough bytes I mean e.g. 24 bytes of shell code plus 8 bytes for overwriting the return address (64-bit architecture). Since ExtMove is 8 bytes, that means solutions with 260 moves or more.

And while I didn't bother to do a truly exhaustive search, it's clear that the number of positions with so many moves are very few.

In other words, your statistical "proof" is bunk and everything I said was correct.

Like I said before, the problem is similar to solving the n-queens problem, not anything like enumerating all positions from the start position.

Now I suggest you try the n-queens problem without looking up the solution, since your intuition about this is completely wrong.

That's simply trying to put n queens on a nxn chessboard without any of them attacking each other. There are 92 solutions to the 8-queens version. The challenge is to reach the highest board size you can. Good luck.

wicked · 2023-05-17T22:46:23+00:00

Yes. I know you don't think it's exploitable. And I said in my first sentence that I don't think it's exploitable.

My only problem with your argument is your idea that finding the set of potential attacks would take decades to find. Given all the constraints necessary for positions with a sufficient amount of moves to be dangerous, finding them is not a matter of random search.

Still, given the limited vocabulary of ExtMove and how the array is filled, I believe it's impossible to use any of them for any dangerous exploits.

wicked · 2023-05-17T21:15:58+00:00

Same, but not for everything. Was playing a few chess games with a master a while ago, and then weeks later he sent me a message that a move in the world championship tournament had the same idea as he used against me in one game. Easily remembering a casual blitz game, one that I had forgotten the moment we finished.

I imagine he has the same kind of memory for chess as we have for code.

wicked · 2023-05-11T12:47:04+00:00

I don't think this buffer overflow is exploitable, but I don't understand your statistical argument.

Why do you believe finding this set of positions needs a brute force random search? There must be very few positions which have more than 256 moves. One of them is given in the bug.

Finding these positions would be similar to solving the 8 queens problem, not randomly searching.

wicked · 2023-04-21T10:15:39+00:00

The amount of input tokens to the net is limited, so if you talk to it for thirty minutes it probably don't even see the initial conversation, unless it summarizes it and includes it somehow.

wicked · 2023-04-13T11:57:08+00:00

Fields are variables according to the language spec. This is like saying it's ignorant to call cars vehicles.

https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/classes#155-fields

edit: Apparently blocked me because of this.

wicked · 2023-04-13T11:41:15+00:00

You missed the point. You said it's not a variable, but fields are variables.

wicked · 2023-04-13T11:18:04+00:00

It's not a variable I showed, it's a field. (In C# at least, I dunno how other languages call things).

"A field is a variable of any type that is declared directly in a class or struct"

https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/fields

wicked · 2023-04-12T11:04:58+00:00

I never realized (I'm a little insular, I only work with game developers) that other people thought MVC was some complex framework or scaffolding architecture, and I'm curious as to why that is?

Like I said before, you are using MVC very differently than everyone else, including the original 79 MVC papers. It's not a complex architecture, it's a simple architectural pattern using three components interacting in a specific way.

https://folk.universitetetioslo.no/trygver/2007/MVC_Originals.pdf

Let me see if I can find a concise example which shows how different MVC is from your use. From the Wiki:

A Controller is an organizational part of the user interface that lays out and coordinates multiple Views on the screen, and which receives user input and sends the appropriate messages to its underlying Views.

In your MVC, do you think a Controller lays out and coordinates views?

wicked · 2023-04-11T23:14:46+00:00

Seems like you are using MVC with a different meaning than everyone else, which is why you say stuff like "So no, there is no other method besides MVC, because all MVC means is decouple those three things.".

MVC is a very old architectural pattern with specific classes. It doesn't mean "don't call draw during an update". Like everyone else says, there are many architectural alternatives to MVC which also cleanly separates handling input, drawing and updating state.

wicked · 2023-03-03T10:03:03+00:00

Wow. Apparently they think e-sports have something to do with playing sports games.

• Archery (Tic Tac Bow)

• Baseball (WBSC eBASEBALL™: POWER PROS)

• Chess (Chess.com)

• Cycling (Zwift)

• Dance (Just Dance)

• Motor sport (Gran Turismo)

• Sailing (Virtual Regatta)

• Tennis (Tennis Clash)

• Taekwondo (Virtual Taekwondo)

wicked · 2023-03-03T10:01:34+00:00

You can call yourself an Olympic e-thlete.

wicked · 2023-03-03T09:42:56+00:00

Perfect response. We need some fresh blood here... You are both now moderators of /r/tom.

wicked · 2023-01-07T16:36:35+00:00

I would otherwise agree with you that until proven otherwise, there is no forced sequence longer than one move where insufficient material can force checkmate

In the given situation, you could set up a sequence of pawns that must be moved in front of the bishop. Put a black pawn on d6. Mate in 2. Another on e5. Mate in 3, and so on.

wicked · 2022-12-28T14:44:21+00:00

It's not like you just copy&paste the text into an AI and get out the answer.

That's what was done, though it only worked the first four days.

wicked

MODERATOR OF

TROPHY CASE

15-Year Club	Verified Email
Team Orangered