The Hacker's Guide to the Kingdom - The Book of HotStuff

Author: HotStuff

################################################ The Drunk Tank

################################################ 668 Scrolls

Date: Thursday, July 01, 02:12PM
From: HotStuff (#59035)

So! Here's my analysis of the 668 scroll + stat day madness.

The theory is this: Because on a stat day, only *increases* in stats are multiplied by 1.5, then things like 668 scrolls should be able to net you significant stat gain over the long haul. Here's some math:

For every 700 scrolls used on a stat day, you can assume that your average outcome will be:

"Drunkenness": +1000 drunkenness (actually capped at 255)
"Pain": 500x your HP max in damage to you (once at 0 though, it doesn't seem to matter)
"Wealth/Poverty": 0 net gain/loss of meat
"Papayas": 1200 papayas gained
"Power/Weakness": 0 net change in non-stat day stats, and a significant gain in the stat-day stat. Here's the formula:
25*(# sub-stat points in your current prime stat level)

Thus for you, at a Moxie of 1845 (which has 3691 sub-points in it), you could expect a gain of 92275 sub-points per 700 scrolls read. Today for example, a Myst day, 700 scrolls should net you a gain from 1611 to 1639 Myst points.

There is a big caveat, though -- for some reason, the 668 scrolls did not have the nice even distribution that the drunk tank had. In my tests today my Muscle and Moxie both were up and down by about 20 points at various times. In the end, after 2100 scrolls tested, I gained 41 Myst points, but lost 8 Muscle and 10 Moxie. So this method is not without its widely varying statistical pitfalls.

I think though, that especially at your level, this is a decent way to gain in your primary stat. With your remaining several-thousand scrolls, you could probably gain 3-4 levels come next moxie day, at a cost of only 1 server hit per scroll.

######################################################## the DataMiner Bot


Date: Thursday, June 17, 03:16AM
From: HotStuff (#59035)

First a bit of backstory -- the primary way I've found to buy Mr. As is to go through the "who's online" list and check them ALL. Everyone who has a Mr. A equipped that I don't recognize from chat (ie, doesn't know that they sell for 4mil+), I send a message offering to buy.

Not much new there (lots of people try it), except that I am persuasive (social engineering). This netted me about 20 in 3 days or so, but I was limited by who was online at any given time, and my patience for clicking and server lag.

I realized that I could save myself trouble by just pinging the server with a script that checks every user number in a given range, and then parse the output and build a database of everyone in the game, a "snapshot" of equipment and statistics at the time I pinged them.

Here's where the speculation comes in -- I have no idea how many folks have Mr. As, and how many of *them* are willing to sell. But let's say that I ping the 60,000 most likely usernumbers (Say 40,000 to 100,000). If 0.1% of them have Mr As and sell to me for 2 million and I turn around and sell to you (4 mill) or in chat (4.5-5 mil now), then that would be 120-180mil profit (2k-3k MPSH).

One cool sidenote of this exercise is that the database could also be used for other things -- finding ideal PvP targets, people with crimbo gear who might want to sell low, and so on. I'm sure I could find other interesting tidbits after mining the data a bit.

I didn't end up running my script to verify that it would work, since I wasn't sure about the "politeness" of it (not to mention the recent lag surrounding the SPF appearance and disappearance...) SO -- what do you think? Is this interesting, lame, obvious, "already-been-done"?

Also -- has anyone told you about the "infinite" advertising budget exploit? I reported it to Jick tonight. Basically you can arbitrarily increase the advertising budget of your store by passing lots of meat back and forth between two shop owners. Obvious and trivial, but a loophole nonetheless. (Check my store's rank in the mall for clear evidence...)

Also also -- I kinda screwed up by posting the comma bug in the forums. I've caught one person trying to scam with it already, and suspect others are too (I've seen a lot more offers for "will buy Mr. A for 5,000,000" now instead of the usual "will buy for 5 mil"). Augh. I'm glad that jacka18l was smarter than me!

HotStuff (private): I haven't heard anything from Jick, but I don't know if he's been on...
private to HotStuff: hmmn.. 60k hits.. if you timed it so you only did say 10 a minute and..
private to HotStuff: only during non-peak hours... (:
private to HotStuff: but do you really wanna be KOL's first spammer?
HotStuff (private): But it'd have to be faster than that to be useful sadly...
HotStuff (private): the thing is, I'm not the first (on a small scale)... And have you been in /newbie recently? LOL
private to HotStuff: well, you'd essentially be the first person to build an ad-spamming bot specifically
HotStuff (private): I figure you need to do the survey in under 24 hours for utility sake, so that's closer to 1/sec
HotStuff (private): which could probably be done if I split the script over 2-4 computers.
HotStuff (private): Now I feel like I'm not going to like my entry in the hacker's guide (if you include this)... Heh
private to HotStuff: I dunno if i'd classify this as a "bug"
private to HotStuff: and if you do it, I dunno if you'd exactly end up beloved, if you know what I mean
HotStuff (private): no, it isn't really... :(
private to HotStuff: (:
private to HotStuff: it is, however something that should be considered
private to HotStuff: as the fact that you can remotely gather that kind of info is a weakness.
HotStuff (private): well, I've already "spammed" about 40-50 people, and they didn't seem to mind
private to HotStuff: hmmn, I dunno - maybe try it on a smaller sample, say the newest 5000 users
HotStuff (private): I wish I knew SQL so I could muck around a bit...
private to HotStuff: I know SQL. what do you need?
HotStuff (private): I don't know enough to ask anything intelligent...
private to HotStuff: so you're just hitting the showplayer script and parsing the result?
HotStuff (private): looking at the #s of folks who sold Mr. As, 50-60k numbers had the highest rate of offer.
private to HotStuff: heh, targetted marketing. I can't fault the idea.
HotStuff (private): exactly... Pretty trival, then dumping the result to a database file
private to HotStuff: it's a good idea actually.
private to HotStuff: I'd say target #50k-60K at some lower rate and test it out.
HotStuff (private): Heh, thanks. It's not quite like a bughigh, but when I got my first offers for Mr. As, I was
HotStuff (private): I was pretty psyched... So you think I should give it a go?
private to HotStuff: i think you're onto a very interesting idea that needs to be tested.
HotStuff (private): Okay! Good to know. I'll have to wait for a low-lag period (if it ever comes!)
private to HotStuff: I actually asked jick if I could write a script that sampled mall prices and graphed
private to HotStuff: the items that were selling too low, but he nixed me
private to HotStuff: thus you're prolly skating thin ice
HotStuff (private): Yeah, I thought about that one too, but it seemed like much too low of a return
HotStuff (private): especially with 5000 stores
private to HotStuff: but asking forgiveness is easier than asking permission.. (:
HotStuff (private): If I could get the userdata without having to load the inv. images, that would help...
HotStuff (private): since it seems like most of the lag come from the Apache image requests...
private to You: aren't actually asking for the images if you filter out img tags
HotStuff (private): Jick said in the forums that database lag is nil... :) Heh -- till me, I guess.
private to HotStuff: filter out img tags
private to HotStuff: that's dead simple (:
HotStuff (private): But doesn't it still *request* them from the server? client side it's not a problem, I'm just
HotStuff (private): thinking in terms of adding to the heinous lag...
private to HotStuff: you writing this in php?
HotStuff (private): perl actually for the most part -- I donno PHP too well
private to HotStuff: using wget or sockets?
HotStuff (private): wget was my original plan, but i haven't tried it so I donno yet if that is ideal
private to HotStuff: actually dosen't matter, either way all that gets called is the html.
private to HotStuff: its' the browser that does the img requests when it interprets the html
HotStuff (private): so it won't ping the apache for the images at all? That'll save time for sure
private to HotStuff: yeah, wget dosen't interpret html (:
HotStuff (private): sweet.
private to HotStuff: it only fetches it for you to process.
HotStuff (private): the script is sorta at the limit of my knowledge as is, and I had to have a friend help
private to HotStuff: I may whip one up in php for fun (:
HotStuff (private): If you do a test run first, lemme know how it goes -- I don't really care who does the messaging.
HotStuff (private): or if you want me to do the messaging, I can just take your database
private to HotStuff: i'll prolly just send out a "happy meat day" message to a hundred or so n00bs (:
HotStuff (private): oh god, not the meat day thing again. :)
private to HotStuff: one thing: unlike regular spammers, you won't be able to hide your id
private to HotStuff: just something to ponder (:
HotStuff (private): well, I think I only pissed one person off, and that was cause
HotStuff (private): I accidentally sent my form message like 3 times. Oops.
HotStuff (private): having a database would solve *that* little problem! :)
private to HotStuff: indeed.
HotStuff (private): btw, had you heard about the mall ad exploit? I assume I'm not the first to figure that out
HotStuff (private): it is also pretty minor. I feel like I'm simply not in the BFB league. :(
HotStuff (private): I wish I didn't have such BFB lust...