1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

A case study in handling an exploit

Discussion in 'UHall' started by Maplestone, Feb 11, 2009.

  1. Maplestone

    Maplestone Crazed Zealot
    Stratics Veteran

    Joined:
    Jul 26, 2008
    Messages:
    3,657
    Likes Received:
    9
    I wanted to draw attention to how a different game out there recently handled an exploit that essentially granted free resources, as a case study of what can be done:

    http://myeve.eve-online.com/devblog.asp?a=blog&bid=626

    Things about this that catch my eye:

    - the exploit is explained publicly (everything else that follows may or may not already happen internally with EAMythic - we just don't know)
    - identifies the details of what system broke ( which by the way, is a cool system of building infrastructure to upgrade raw materials into better tiers of materials, which should probably be ripped off :) )
    - confirmed the fix to the community
    - breaks down the impact of the exploit to the game's economy: it's great to be able to dig into data on how resources are gathered, sold and consumed. Obviously, this is not as easy in UO because of all the different ways goods can be exchanged, but it's very cool to have some basic market data available publicly.
    - some nice ingame explosions when the exploiters were caught (burning houses in Luna are one of my favorite landmarks by the way - I wouldn't mind if they stayed permanently)
    -gradients of ingame fines and warnings for those who profited from the exploit but may or may not have been aware (wrap a little fiction around the cleanup and set expectations that there will be some small or large repercussions of contact with exploiters and I think players would go along with minor penalties as one of the risks of play).
    - a nice breakdown of when the exploit was first reported and what went wrong in not spotting it sooner.

    Now I realize from past publish notes, that there are far too many exploits being hunted down and closed to do this sort of report for each one. Nor am I particularly unhappy with how things are done now ... well other than insatiable curiosity and a desire to see a faster turnaround time next time a we have a major exploit - the quick pounce on the accidental daily rares was a nice sign (by the way, is the warning on the patch screen still relevant?). However, I just wanted to draw some attention to this alternative way of handling the recovery from an exploit.

    Anyway, food for thought for U.Hall to chew on.
     
  2. Noobish Noob

    Noobish Noob Guest

    Wow. I have never had the urge to play that game but it looks like the staff there is spot on, at least in terms of accepting there is a problem (eventually) and dealing with it publicly. Someone on the boards keeps talking about setting up stocks for cheaters/dupers in Luna and throwing veggies. I would set up a vendor right next to the stocks and make a killing. Eggplants would be my weapon of choice.
     
  3. Vyal

    Vyal Guest

    ROFL Maplestone your soooo lucky you didn't get banned from this site for even saying that..

    You ever tried to publicly explain a UO bug and how exactly its done on these forums?

    I have tried to explain duping before that didn't turn out so well. Thread got deleted and I was banned for about a month and the mod called me a idiot and all sorta messed up stuff.
     
  4. Maplestone

    Maplestone Crazed Zealot
    Stratics Veteran

    Joined:
    Jul 26, 2008
    Messages:
    3,657
    Likes Received:
    9
    um ... by public explanation, I mean by the devs, after the fix and followup investigation.

    As for players revealing bugs publicly when they feel no action is being taken, well, that's obviously a touchy subject. I think civil disobedience has its place as a check on inertia, but only as a last resort and it does come with consequences.
     
  5. Harlequin

    Harlequin Babbling Loonie
    Stratics Veteran

    Joined:
    Jun 11, 2008
    Messages:
    2,716
    Likes Received:
    32
    I'm impressed, very well done.

    Regarding the handling of exploits, there are 2 schools of thoughts:
    1) tell customers as much as possible on what the exploit is and educate them that similar scenarios will also be labeled as exploits/punishable
    2) tell customers as little as possible in case they start getting funny ideas

    Both have their own pros and cons. But I prefer the former more for the simple fact that I am trusted with the knowledge and expected to be responsible for my actions.

    Btw, what's a POS mentioned in the article? Very unfortunate acronyms...
     
  6. Harlequin

    Harlequin Babbling Loonie
    Stratics Veteran

    Joined:
    Jun 11, 2008
    Messages:
    2,716
    Likes Received:
    32
    Vyal, actually, what Maplestone has done is different in 2 ways

    1) It's not UO :D
    2) He did not detail the exact steps so that other people can reproduce it and possibly get their own accounts banned. You know how some kids can be,
    they are curious, but most often are too young to consider the consequences of their actions. This exploit was fixed and the steps were posted by the devs.

    If you search my older posts, you will see that I have described the mechanics behind how dupes work as well, but never detailed to such a level that innocent and curious kids (and adults too) can replicate.
     
  7. Maplestone

    Maplestone Crazed Zealot
    Stratics Veteran

    Joined:
    Jul 26, 2008
    Messages:
    3,657
    Likes Received:
    9
    Not a clue - never played that game (just caught wind of the article because of a general interest in understanding how different games are designed and run)