Ian Dundore discusses five clichés of online game development that often prove true. The first is that the client is in the hands of the enemy, so input from players must be validated and anything sent to clients could be seen. Second, premature optimization should be avoided as proper order is fun, good, then fast. Third, there are known and unknown unknowns, so plan for injected work. Fourth, any tool can be misused so log creations carefully. Finally, the presentation title should come after the content is made.
This presentation aims to help developers become more efficient at understanding the causes of bugs and the benefits of zeroing in on bugs in a quick manner. Tony Brown, Technical Director at Space 48, will discuss general techniques, a specific debugging strategy, and walk through practical examples of how these techniques save time.
Not a DBA but your work thinks you are? This is the session for you. We will give you a crash course into the most valuable variables, places to look, and gotcha's. This is not designed to replace traditional training but rather to ensure you at least have the most basic skills to ensure your foray into the world of MySQL DBA's gets off on a good foot.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
This presentation aims to help developers become more efficient at understanding the causes of bugs and the benefits of zeroing in on bugs in a quick manner. Tony Brown, Technical Director at Space 48, will discuss general techniques, a specific debugging strategy, and walk through practical examples of how these techniques save time.
Not a DBA but your work thinks you are? This is the session for you. We will give you a crash course into the most valuable variables, places to look, and gotcha's. This is not designed to replace traditional training but rather to ensure you at least have the most basic skills to ensure your foray into the world of MySQL DBA's gets off on a good foot.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Patterns, Code Smells, and The Pragmattic ProgrammerJason McCreary
Writing code is a craft. The journey from apprentice to master travels beyond experience. Over the past few years I've worked my way through The Reading List - a series of books considered required reading by most Silicon Valley startups.
In this talk we'll take a look at The Reading List and review the more popular titles such as Implementation Patterns, Refactoring, Design Patterns, and The Pragmatic Programmer. I'll share how each helped me go from a developer to a software engineer.
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.
Adaptacao Ágil para Times de DesenvolvimentoFábio Câmara
Ministrei este workshop para uma turma de pós-graduação da FAI em Santa Rita do Sapucaí – MG na data de 14/09/2013.
A proposta do workshop foi explicar minhas adaptações derivadas do manifesto ágil e de propostas metodológicas ágeis para uma abordagem mais brasileira e voltada ao ser humano participante do projeto.
Maximize Your Production Effort (English)slantsixgames
Efficient Content Authoring Tools and Pipeline for Inter-Studio Asset Development
With the complexity of today's video games and their associated tight timelines, it is paramount for video game studios to have a highly efficient content authoring process and production workflow. With a trend towards outsourced development of game assets, there are additional considerations that are important for achieving optimal workflow between studios that are co-developing or sharing assets. This lecture gives valuable insight into how to create new content authoring tools and data transformation pipelines that promote efficient work flow for both internal and remote production teams. Specific considerations for outsourcing and worldwide development are made along the way.
An Introduction To Software Development - Testing, Continuous integrationBlue Elephant Consulting
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at:
http://youtu.be/4_PoQseQUaY
Patterns, Code Smells, and The Pragmattic ProgrammerJason McCreary
Writing code is a craft. The journey from apprentice to master travels beyond experience. Over the past few years I've worked my way through The Reading List - a series of books considered required reading by most Silicon Valley startups.
In this talk we'll take a look at The Reading List and review the more popular titles such as Implementation Patterns, Refactoring, Design Patterns, and The Pragmatic Programmer. I'll share how each helped me go from a developer to a software engineer.
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.
Adaptacao Ágil para Times de DesenvolvimentoFábio Câmara
Ministrei este workshop para uma turma de pós-graduação da FAI em Santa Rita do Sapucaí – MG na data de 14/09/2013.
A proposta do workshop foi explicar minhas adaptações derivadas do manifesto ágil e de propostas metodológicas ágeis para uma abordagem mais brasileira e voltada ao ser humano participante do projeto.
Maximize Your Production Effort (English)slantsixgames
Efficient Content Authoring Tools and Pipeline for Inter-Studio Asset Development
With the complexity of today's video games and their associated tight timelines, it is paramount for video game studios to have a highly efficient content authoring process and production workflow. With a trend towards outsourced development of game assets, there are additional considerations that are important for achieving optimal workflow between studios that are co-developing or sharing assets. This lecture gives valuable insight into how to create new content authoring tools and data transformation pipelines that promote efficient work flow for both internal and remote production teams. Specific considerations for outsourcing and worldwide development are made along the way.
An Introduction To Software Development - Testing, Continuous integrationBlue Elephant Consulting
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at:
http://youtu.be/4_PoQseQUaY
Lecture 8 - What is Game AI? Final ThoughtsLuke Dicken
This is the last lecture in the series series that I presented at University of Strathclyde in 2011/2012 as part of the final year AI course.
In this lecture I rehash the fundamental differences between Game AI and the traditional AI that has been taught in previous courses. It also includes a (frankly time-filling) section called the "Brain Dump" where I briefly touch on a bunch of things I was thinking about at the time.
In 2018 we've seen a huge uptick in applications using Kubernetes for their deployment method. Many times your persistent data layer is a difficult decision. What will you store data in, how long will you need to access this data and who will manage the lifecycle of this data? These are important questions many developers and ops teams have taken to heart. In this talk we'll review how the data layer is managed for high availability and reliability in modern application deployment. The attendee should leave having a better understanding of the options in front of them and their ability to build applications in any hosting environment.
An Introduction To Software Development - Software Development Midterm ReviewBlue Elephant Consulting
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at:
http://youtu.be/IgrPAlFVWbw
BSides CHARM 2015 Talk "InfoSec Hunters and Gatherers" - Learn how to go beyond automated tools to truly be the "Hunter" and find both bad guys and vulnerabilities.
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
Talk by Martin Buhr, Founder of Loadzen.com at Devtank on the 31st of January about the importance of load testing your site as a startup, how http://loadzen.com was built and the lessons learned.
This presentation is a part of the COP2271C college level course taught at the Florida Polytechnic University located in Lakeland Florida. The purpose of this course is to introduce Freshmen students to both the process of software development and to the Python language.
The course is one semester in length and meets for 2 hours twice a week. The Instructor is Dr. Jim Anderson.
A video of Dr. Anderson using these slides is available on YouTube at: https://www.youtube.com/watch?v=c2CTDm19Lpg
Similar to Five Cliches of Online Game Development (20)
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Pushing the limits of ePRTC: 100ns holdover for 100 days
Five Cliches of Online Game Development
1. Five Clichés
Of Online Game Development
That We Wish Weren’t True
(But Will Probably Ruin Your Life Some Day)
Ian Dundore – TRC Family Entertainment Ltd
3. True facts.
• Started making games as a pre-teen.
• Game journalist, 1999 - 2006
• B.Sc. Computer Science, 2004
• First game programming job in 2006
– Gods & Heroes: Rome Rising
• CCP Games, 2008 – 2012
– Several EVE Online expansions
– Dust 514
4. This slide is an excuse for me to make jokes in grey text that I will not
read out loud. For those of you who actually read this far along a
slide, bravo. I salute you, literati.
THIS IS THE SLIDE WHERE I TALK
ABOUT WHAT I’M GOING TO SAY.
5. That man has a chart. Look at him. He’s probably never worked a day in
his life. He’s not even wearing a suit. By the way, don’t Google Image
Search for “Getting Down to Business” with SafeSearch off.
LET’S GET DOWN TO BUSINESS.
7. Ah, Client, my old foe…
“Never trust the client. Never put
anything on the client. The client is
in the hands of the enemy.
Never, ever forget this.”
– Apocryphal, often misattributed to Raph Koster.
9. #1: Input
• Data from the client is raw input, period.
• Validate or escape everything you receive.
– Should be familiar to Web devs.
• Thought Exercise: What if the user could call
my function/class/code snippet?
10. Corollary: Don’t Melt Your Server
• Light/vital systems: Double-check everything.
– Speech, wallet
• Heavy/fuzzy systems: Calculate on
client, verify possibility on server.
– Physics, movement.
• How much error can you tolerate?
11. Case Study: Speedhacks
• Movement based on client-supplied position
updates.
• Server verifies for maximum possible speed.
• How to make a speedhack: figure out
maximum range, scale movement vector.
– This is how real speedhacks work: WoW, EQ, etc.
12. #2: Output
• Data to the client = data to the player.
• Anything you send to the client, the user will
see.
• Anything measurable via the client will be
decoded: game systems, etc.
13. Case Study: BACON
• EVE Online comes with debug output viewer.
• Identifying info logged each time a player
entered your vicinity.
• This was not displayed to the player in-game.
• Result: External program plays audible alerts
when enemy players enter the area.
– Logs introduced in 2002, BACON released 2008.
16. Nuance
• Logical extreme: Gaikai.
• Compare vulnerabilities of trust to advantages
in user experience.
– Offloading heavy work to the client = good!
– Lots of bling = happy players!
18. The Quote
“We should forget about small
efficiencies, say about 97% of
the time:
Premature optimization is
the root of all evil.”
- Donald Knuth, super genius
19. No “Two Meanings” Slide This Time
• The proper order:
– Find the fun
– Make it good
– Make it fast
• However, don’t cut corners for the sake of it.
– Avoid the most obvious blunders.
– Test, test, test.
20. The Case for Quick
• EVE - Planetary Interaction
• 4 month development cycle
– 10 weeks of “real” development
• Fluctuating requirements
• Major new features injected halfway through
21. The Case for Quick?
• Heavy overtime
• Shipped first-revision architecture
– ~10 major bugs discovered after release
– 1 item duplication bug discovered
– Two hotfixes
– Memory leaks relied on daily server reboots
22. The Case for Quick!
• Concurrency goals exceeded
– 30,000+ concurrent users after launch
– 25% peak CPU usage or less
– Memory not an issue, EVE already rebooted daily
• Post-launch rewrite: 2 + 1 weeks
– Eliminated memory issues
• 50% memory usage reduction by using Python Slots
– Eliminated duplication & high-priority issues
– ~4 new bugs filed after 2 years in the wild
23.
24. Case Study: The Five Bug
• Gods & Heroes – in production for > 4 years
• Fully home-grown, pure C++ engine
• Largest scale test: 30-50 users, ~2-3 hours uptime
• Target: ~5000 users, 72 hours uptime.
• No automated test tools
25. The Law of Five
• Server occasionally crashed
– Corrupted stacktrace, clear memory corruption
• Usually the value 0x5, hence the name
– Random code module
• But usually combat or special abilities
– Cause not clearly evident, debugger useless
– Deprioritized until beta
26. Beware the Fives of March
Highest beta concurrency: ~1000 users, 30
minutes uptime
Average concurrency: 300-500 users, 10-15
minutes uptime
27. The Fives Have It
• ~6 weeks spent debugging.
• Deep bug in 5-year-old inter-module
communication
• Very rare in the wild…
– As users rise, “very rare” approaches “certain”
• Bug fixed October 8, 2007
• Company closed October 9, 2007
28. Learn From These Mistakes
Too Big to Fail Rewriteable
• Networking code • Low-level code
• Scene layout • Individual box features
• Art style • User interface
• Genre • Lore & character details
Technical & creative direction Stuff built upon that stuff
30. Obligatory quote slide.
“There are known unknowns; …
things that we know we don’t
know.
But there are also unknown
unknowns … things that we don’t
know we don’t know.”
- Donald Rumsfeld, defense guru
31. The “engineer’s rule of thumb” holds
• Any given project will have work injected
– Technical requirements, design
changes, optimization, iteration, platform
upgrades…
• Account for this when planning
• Planning and tracking tools are invaluable
– But you will hate them every step of the way
32. How It Works
• Come up with some estimation benchmark
– Homework: Look up “Complexity Points”
• Estimate ALL THE THINGS
• Keep track of what you finish in a constant time
period (2 weeks, 1 month, etc.)
– Use these to calculate Ultra Nerdy Stats
• Averages, medians, standard deviations…
• BAM. You have a rough estimate of how long
your project will take.
33. More Importantly…
• Keep track of everything you add.
– Note when you added it.
• Everything you add must be estimated too.
– Use the same metric as before.
• BAM. Now you have a guideline of how much
unknown work to expect.
34. Examples
• Newly-formed team, new feature, established
tech framework & art style
– ~50% of work completed was injected during
development
• Gelled team, iteration on existing feature
– ~25% of work completed was injected
• Your numbers will vary!
36. Problem Users
• 1% of your playerbase will generate 90% of
your support load.
• Good logging, data retention plans are key
• Log everything involving money, real or
otherwise
37. Case Study: Zero-Day Exploit
• Item duplication exploit due to subtle bug in a
game feature’s code.
• Not readily apparent without hours/days of
observation.
• Easily disrupted through normal play.
• If manipulated, would generate perpetual
stream of items for free.
– Unattended!
38. Incidence
• 136 different abusers in prior 6 months
• ~200 bugged item generators
• Circa $30,000 worth of in-game currency
• 120 abusers were short-time offenders
– Likely unnoticed, small-scale
• 3 abusers generated over 90% of exploit-
driven in-game currency
39. The Value of Logs
• Excellent logs allowed us to:
– Pinpoint start of item duplication
– Trace duplicated items through “fence” accounts
– Measure likely scale of duping operations over
time
– Ban them all!
40. Creativity vs. Safety
• Any sufficiently advanced tool…
– FPS sprays, Minecraft…
• Carefully weigh support cost vs. user fun
– Family image? Intolerant audience?
• Have good support tools in place
– Habbo blockade
41. Cliché the fifth isn’t really a cliché at all.
NEVER WRITE YOUR PRESENTATION’S
TITLE BEFORE YOUR PRESENTATION