Re: Online poker RNG...

[Gerry]
Just for the sake of argument (I'm unskilled in math, not in logic.),
let's assume hypothetically that it's possible, through (a) creative
coding and (b) distributed processing, a real-time way to "crack" the
code of the deck. Yes, the author would likely use it to make money.
And...then what? The author decides to not use other avenues to make
money as well, such as *selling* the product? Seems to me that, just as
with any business which cross-promotes or sells bundled customer info
to ad agencies or whatever, the author of the software would seek to
maximize his gain on his great product. Now, if we take those two
assumptions (The first assumption -- i.e. that it can be done -- is my
original question, right? The second assumption -- that the author
would seek to make money through sales -- is certainly debatable, but
can't be dismissed as ridiculous.) as true, for the moment, then the
question is: HOW does the author sell it? First of all, while a working
system like that could make unlimited money, and therefore might be
"worth" say, $1M to a customer, that doesn't mean there are customers
able to afford the original $1M investment, right? So perhaps the
author hires McKinsey to find out what people would pay for software,
gets the answer as $475, and offers for sale a VERSION of his "perfect"
system which is substantiall less than perfect but still worth the
$475. Remember that pokerrng purports to give only three of the five
community cards (not all five), that it doesn't give the suits of those
cards, that it gives only two opponent hands (not all 9 at a full
table) and that it doesn't even identify which players hold those two
hands! The information it gives provides an extraordinay advantage, but
there's still a substantial element of chance. So, that might be one
reason that the version would sell for $475.

Another reason for selling a stripped-down version (at a stripped-down
price) might be the fact that, if the full system relies on distributed
processing, the author might recognize that only a much less
sophisticated system can be run on the standard computers folks have at
their homes!

How about another explanation, if the two above aren't enough? How
about if (Think, here, of a bookstore which legally sells "The
Anarchist's Cookbook") it is illegal to ACT in a certain way, but not
illegal to provide the INFORMATION necessary to act in that way! After
all, I can legally teach martial arts, including maneuvers designed to
produce lethal results, and, while I'd be held responsible if I
performed such maneuvers on, say, my mother-in-law, I'd be within the
bounds of the law in teaching you said maneuvers, even if you
subsequently used them on YOUR mother-in-law. (PLEASE NOTE: Before
deconstructing the previous sentence and telling me all of the ways
that the law holds certain people responsible for the actions of
others, recognize (a) that I'm a lawyer and that your lawyerly argument
will get a lawyerly response, and (b) that the example was simply for
illustrative purposes of the larger point.)

I guess you're responding to my message. If so, take care you don't end up
a case study in how someone who thinks they're too smart to be scammed talks
themself into it ;-)

So, while I take your sarcasm in the good-natured spirit in which it
was intended, I hope that you see that it's not really well-founded.
There are plenty of reasons why a working product would be sold.

Just noting that such pitches (and whether aimed at gambling, stocks, or
real estate) usually come with an entertaining "explanation" of how the
system actually works _better_ when more people use it. I missed that bit
here. It's usually included because "too good to be true" rings warning
bells.

Sure, I could spend $500 and a few hundred hours of data entry to test
the theory, but the money isn't refundable

You didn't see the "100% Satisfaction Guaranteed" logo on the website, or
you did but didn't believe it, or you did believe it but noted that the
absence of a contact address might make it hard to _ask_ for a refund, or
....? The made-up "Verified Merchant" graphic on the site should erase all
doubt :-) Pretend you're a judge? There's all kinds of "evidence" on that
site.

and neither is my time.

I don't know what value you place on your time, but, seriously, if I had
spent as much time typing about this as you have so far on sci.math and
sci.crypt, I'd consider a few thousand dollars a bargain to cut it short.

I could also test whether a ladder conducts electricity by standing on
it while grabbing live wires, but I'd rather ask the expert in the store
what material comprises the ladder; similarly, I had a question about
math, and I came to a math forum to ask it.

As far as I can tell, you've been answered here, and on sci.crypt,
consistently wrt your technical questions: if a site uses good practice for
their RNG generation, then no, the RNG can't be cracked. _Best_ practice
would be to use a physically random source, which can't be predicted
regardless of processing power (unless modern physics is fundamentally
wrong). It's quite feasible to do that -- you can buy special HW to
generate truly random bits, and you can even grab some for free (albeit in
small quantities) from web services; e.g.,

http://www.fourmilab.ch/hotbits/generate.html

A reaonable way to use truly random bits (like those) is for seeding a
crytographically secure software RNG, where "crytographically secure" means
it's computationally intractable (but not theoretically impossible, as for
truly random bits) to predict future bits (Google on the phrase for more
about that, but forewarned that it's a highly technical topic -- analogies
with household repair break badly against this rock).

And as for your statement that "[the question of] whether the owners of
the sites [I] like to frequent took [the lesson of the 1999 study] to
heart isn't really a technical question," you've made an entirely
straw-man argument. I did NOT come here and ask: Can someone on
PlanetPoker take their published algorithm, synch to their system clock
and derive a good prediction of the cards to come (which is EXACTLY
what happened in the 1999 case. Rather, what I asked, in essence, is:
"In 1999, as reported in a published study, there were vulnerabilities
in some online poker sites, and cheats could have exploited them. Are
there similar ways to do that now, which is what is touted by the
authors of pokerrng (for example), and is the possibility significant
enough to be a point of concern?"

I believe these have answered. The answers remain "no" and "no" _provided
that_ a site uses good RNG practice. The answers remain "yes" and "yes" if
a site does not use good RNG practice. Since I believe these answers have
been given repeatedly, I assumed you were asking some other question(s) too,
and took a guess at what they might be.

Is my question REALLY not a question of mathematics??? I mean, sure, it
also comprises issues of programming and cryptography, but isn't the
methodology behind PRNGs a branch of your science? And are you REALLY
suggesting that, just because online poker rooms might have "fixed"
their methodology so as to not be crackable by that 1999 process, I
should assume that there's been no progression in programming, in
statistical analysis, in cryptography or in the validation of
mathematical proofs such that even the "better" systems can STILL be
cracked???

Yes, you should assume that a crytographically secure PRNG cannot be
cracked, unless people know things about it you've said you don't want to
consider (e.g., that they've somehow tapped into the system and are able to
read the random bits with which it was seeded). The definition of
"cryptographically secure" comes from computational complexity theory, and
_means_ "nope, there's no computationally tractable way to predict the next
bit at better than chance level".

It's dimly possible that a pokerrng programmer made a theoretical
breakthough that the best minds in the field don't expect, like it's also
dimly possible that all sites still use the RNG described in the 1999
article.

I'm astounded -- even confounded -- by the reaction that my question
has received. For one thing, I, personally, find it admirable when a
person admits to a level of ignorance and seeks tutelage so as to shore
up his base of knowledge, and that's all I did by coming to your forum!
For another thing, I, personally, find it gratifying to be able to
impart some of my knowledge (in the areas in which I have it) to those
who seek it, and find it hard to grasp why my request for help should
receive ANY level of sarcasm or derision.

If you review the answers to my question, you see all kinds of
irrelevancy, ranging from variations on: "You shouldn't gamble" to
"THAT isn't your biggest concern; your biggest concern is collusion {or
whatever}."

If it's any consolation, the last time I asked a lawyer "a simple question",
I was subjected to several thousand dollars' worth of hypothetical
worst-case scenarios :-) She thought they were things I needed to know, and
I was happy to pay her for not giving a literal response.

But if I'd come to this math forum and posed the following question:
"Say, my neighbor is about to reshingle his roof, and wants to know
whether there's an easy way to figure out how long of a ladder he needs
in order to reach the edge of his roof, given that he'll be placing the
base of the ladder exactly 12 feet, on a level surface, from the base
of the house, and given that the roof's edge begins exactly 13 feet up
the perfectly plumb exterior wall of his house?", my supposition is
that someone would've given me a quick answer, possibly with a basic
lesson on the Pythagorean Theorem. I *highly* doubt that I would have
gotten answers like "People shouldn't reshingle their own roofs" or
"Why worry about his roof? It's far less likely that he'll have a leaky
roof than that he'll lose energy through inefficient windows, so I'd
have him focus on that."

I'm sure you can figure out the difference.

I just don't understand why some of this forum's members behave as they
do. By definition, my question is either answerable or not. If it is,
then, by definition, there are either members on here who know and can
explain the answer, or there aren't. If it IS answerable, and if people
CAN answer it, then the only two action which are acceptable, I think,
within the framework of human interaction are (1) Answer the question
while treating me with basic respect and (b) Don't answer the question.
Anything else is just...rude.

Do you believe that your question is still unanswered?


.

Relevant Pages

  • Re: Convention Hall Seating Plan
    ... You responded to my post saying $100 is a lot of money by posting "Don't ... That was a nasty response, ... nasty reply post to my original comment. ... My intent was ...
    (rec.music.artists.springsteen)
  • Re: I have a scammer on the line
    ... your funds while the balance will be sent to the shipping Agent ... I will also be responsible for the Western Money Transfer ... Duties fee to send the balance to my shipper where ever he might be ... Subject: response to your ads... ...
    (rec.games.pinball)
  • Lots of profitable runnings are frequent and other sudden combinations are uncertain, but will Lakhd
    ... Jbilou and Aneyd acknowledged the silly norths ... with respect to normal courtesy. ... Some purple republic or roof, ... If you will weave Ignatius's television in response to crosss, ...
    (sci.crypt)
  • Re: Best Craigslist Ad Yet
    ... Google Groups. ... Oddly enough I have gotten more positive response to this ad than the ... and the positive responses have had NO interest in the money! ... 'using your network' to get gigs is purely to the advantage of the job ...
    (alt.guitar.bass)
  • Re: Best Craigslist Ad Yet
    ... Google Groups. ... Oddly enough I have gotten more positive response to this ad than the ... and the positive responses have had NO interest in the money! ... about 'using your network' to get gigs is purely to the advantage of the ...
    (alt.guitar.bass)