atomicstorm
Slayer
- Joined
- Aug 21, 2013
- Posts
- 9,006
- Location
- Blockchain
- Avatar Name
- MeLoveYou LongTime FiveDolla
The recent illumination of the issues of exploitation of the Yog Horror has been a massive blow to the community's morale, trust in each other, in the event system, and most importantly our trust in Mindark.
The frequency and regularity of various bugs being exploited to produce an unfair advantage over other players makes it appear as if Mindark does not care. This is further exacerbated by support cases going ignored or at least the impression that they are.
There are 3 primary reasons I believe people intentionally exploit bugs for personal gain:
Reason 1: FOMO. When people discover a bug and identify how it could be used to gain an unfair advantage, they likely presume that someone else has also discovered it and has been using it for a long time. These people feel that, unless they exploit the bug themselves, they do not stand a chance at competing with those who do.
Reason 2: Complacency. This is one of the consequences of the long history of bugs being exploited with minimal punishment to the offenders, and minimal (if any) reward to the whistle blowers. This causes people to think - well if Mindark hasn't done anything about it by now, I guess they approve it.
Reason 3: Scorched Earth. Personal gain no matter what the expense to others. This is unfortunately the mentality of a significant amount of people.
Whether people exploit bugs for one or a combination of reasons above, they have somehow weighed the risk vs. reward and decided that the reward outweighs the risk. In most cases, at least at an individual level, they are right. People who intentionally exploit bugs for a personal advantage at the expense of others are rarely punished. When they are, it is viewed as very light handed. Why have it in the EULA/TOS when you do not enforce it?
What can be done about it?
I propose a two-pronged approach to attach this problem.
First: sanctions needed to be placed against offenders of exploits. I am not saying permanently ban everyone who exploits for personal gain. The punishment should fit the crime AND be consistent. DannyO's punishment was a good start. Giving temporary locks and punitive skill reductions, especially when they are attributes, will likely result in a much higher weight being given to the risk side of the equation.
Second: Reward the reporters. The Yog Horror exploit is a prime example of the meticulous attention to details by some of the players. That is not one that most people would have figured out on their own. The people who figured out how to identify that bug clearly have a unique skill set. If those skills were applied in a positive context, then a positive change can occur. I also propose that a generous reward system be implemented for people who report bugs that could potentially be exploited for personal advantage. I also propose a reward system for reporting general bugs. A sliding scale between a few hundred PED to perhaps 25000 PED worth of Universal Ammo (or strongbox keys), awarded based on the potential severity of the bug, should be developed. (Take: If Mindark needs help on developing such a system, contact me.) This would create a race to report bugs. The people with the skills to identify these bugs would be highly incentivized to provide an in-depth, wide-spread, and multi-perspective QA service to Mindark and the community.
I believe these two simple measures are very reasonable. The punitive actions would provide a deterrence from exploiting bugs and the sliding scale reward system would provide a much needed high quality QA system, which obviously does not exist today, at a comparatively low cost.
If Mindark is not willing to invest in a QA system internally, they need to crowd source it.
The net effect of this system would be a substantial reduction in bug exploitation scandals, a significant and much needed improvement of the quality of the Entropia Universe platform, and an exponentially higher level of confidence in the integrity of Mindark, the event systems, the community, and Entropia Universe as a whole.
$5 out.
The frequency and regularity of various bugs being exploited to produce an unfair advantage over other players makes it appear as if Mindark does not care. This is further exacerbated by support cases going ignored or at least the impression that they are.
There are 3 primary reasons I believe people intentionally exploit bugs for personal gain:
Reason 1: FOMO. When people discover a bug and identify how it could be used to gain an unfair advantage, they likely presume that someone else has also discovered it and has been using it for a long time. These people feel that, unless they exploit the bug themselves, they do not stand a chance at competing with those who do.
Reason 2: Complacency. This is one of the consequences of the long history of bugs being exploited with minimal punishment to the offenders, and minimal (if any) reward to the whistle blowers. This causes people to think - well if Mindark hasn't done anything about it by now, I guess they approve it.
Reason 3: Scorched Earth. Personal gain no matter what the expense to others. This is unfortunately the mentality of a significant amount of people.
Whether people exploit bugs for one or a combination of reasons above, they have somehow weighed the risk vs. reward and decided that the reward outweighs the risk. In most cases, at least at an individual level, they are right. People who intentionally exploit bugs for a personal advantage at the expense of others are rarely punished. When they are, it is viewed as very light handed. Why have it in the EULA/TOS when you do not enforce it?
What can be done about it?
I propose a two-pronged approach to attach this problem.
First: sanctions needed to be placed against offenders of exploits. I am not saying permanently ban everyone who exploits for personal gain. The punishment should fit the crime AND be consistent. DannyO's punishment was a good start. Giving temporary locks and punitive skill reductions, especially when they are attributes, will likely result in a much higher weight being given to the risk side of the equation.
Second: Reward the reporters. The Yog Horror exploit is a prime example of the meticulous attention to details by some of the players. That is not one that most people would have figured out on their own. The people who figured out how to identify that bug clearly have a unique skill set. If those skills were applied in a positive context, then a positive change can occur. I also propose that a generous reward system be implemented for people who report bugs that could potentially be exploited for personal advantage. I also propose a reward system for reporting general bugs. A sliding scale between a few hundred PED to perhaps 25000 PED worth of Universal Ammo (or strongbox keys), awarded based on the potential severity of the bug, should be developed. (Take: If Mindark needs help on developing such a system, contact me.) This would create a race to report bugs. The people with the skills to identify these bugs would be highly incentivized to provide an in-depth, wide-spread, and multi-perspective QA service to Mindark and the community.
I believe these two simple measures are very reasonable. The punitive actions would provide a deterrence from exploiting bugs and the sliding scale reward system would provide a much needed high quality QA system, which obviously does not exist today, at a comparatively low cost.
If Mindark is not willing to invest in a QA system internally, they need to crowd source it.
The net effect of this system would be a substantial reduction in bug exploitation scandals, a significant and much needed improvement of the quality of the Entropia Universe platform, and an exponentially higher level of confidence in the integrity of Mindark, the event systems, the community, and Entropia Universe as a whole.
$5 out.