You all know R1CH, one of our great TL wizards. Among his peers (Sonuvbob, MasterOfChaos, Zatic, etc) he is well understood. But among the "mortals" who do not know much "magic," he constantly confuses and awes us, like a solar eclipse we cannot understand.
Here are some R1CH quotes that help explain how we see him. Famousness Test
[18:59] HotBid: is this company famous? [19:00] R1CH: never heard of them [19:00] HotBid: but they have their own wiki page... [19:00] R1CH: so does every pokemon
[09:15] HotBid: microsoft security essentials is failing to update, did you update it yet [09:15] R1CH: i don't use it [09:15] HotBid: what anti virus do you use [09:15] R1CH: none [09:15] HotBid: how do you stop viruses and stuff [09:16] R1CH: i don't get viruses [09:16] Heyoka: he clearly goes into the computer and fights them himself [09:16] HotBid: lol he shoots it with a gun [09:16] R1CH: it's funny you say that [09:16] R1CH: i actually made a quake 2 mod
[R1CH loads a Quake 2 map. HotBid plays.]
[09:16] R1CH: come on, you're dying to notepad [09:17] HotBid: that's notepad? wtf is that flying thing behind it [09:17] R1CH: firefox [09:17] Heyoka: why is it so large [09:17] R1CH: it uses more memory [09:17] Heyoka: this is what's running right now? what happens when you kill one [09:18] R1CH: the program closes [09:18] R1CH: oh look, msn killed google update [09:18] R1CH: one of the monsters is quake 2 so if you kill it the game just ends
The troll apprentice is becoming the troll master
[03:00] HotBid: what's anti-aliasing? [03:00] R1CH: you use photoshop and you don't know what anti-aliasing is? [03:00] HotBid: no [03:00] R1CH: imagine aliasing -- its the opposite of that
Yes, we actually check the support email.
[12:47] R1CH: got fed up with this fucking india spam in the support box [12:47] R1CH: from now on everyone from india will have to answer a captcha before submitting contact form [12:47] R1CH: http://www.teamliquid.net/staff/R1CH/CAPTCHA.png
Don't mess with R1CH's image formats
[03:34] R1CH: make it a PNG scrub [03:34] HotBid: what's a PNG scrub [03:35] R1CH: no i am calling you a scrub for using jpeg [03:35] R1CH: man im gonna slap you if you make any more jpegs
Speaking in R1CH
Recently, every time R1CH says something technical, my response has been to immediately Google the subject and ask a highly technical question about it, usually one I completely do not understand.
[17:26] R1CH: the performance is kind of shitty so try to use it sparingly [17:26] R1CH: mysql refuses to do an index merge [17:26] R1CH: and i don't feel like adding a whole new index just for this feature [17:26] R1CH: if we open it up to users though i will [17:27] HotBid: well maybe the binary or one of the libraries linked was misconfigured or corrupt? [17:27] HotBid: do a backtrace [17:28] R1CH: you just googled some random mysql bug didn't you [17:29] HotBid: ?
[22:40] R1CH: man [22:40] R1CH: this SSD is ridiculously fast [22:40] R1CH: it installed all the win7 updates in like 10 seconds [22:41] Kennigit: sick, how big is it [22:41] R1CH: 160 [22:42] HotBid: r1ch have you tried modding your SSD by replacing it with a pata hd using the same ZIF connector [22:42] R1CH: im gonna slap you if you keep trying that [22:42] HotBid: ?
[12:15] @R1CH: i optimized the shit out of TL over the last few months [12:15] @R1CH: without it im sure the flood of beta shit would be like how TL was during TSL 1 casts [12:15] @R1CH: i almost want to undo it [12:15] @R1CH: just so people stop flooding stupid shit [12:16] @R1CH: we really need to implement that posts per day for new users thing [12:16] @The-Winner: or a bot which bans shitty posters [12:17] @R1CH: i tried that [12:17] @R1CH: it classified everyone as a shitty poster [12:17] @R1CH: its like santa from futurama
HotBid: r1ch HotBid: any thoughts about the antihack program? R1CH: not yet HotBid: its not a rush yet HotBid: but itd be nice to have some info about it for when we launch R1CH: when do we need it by HotBid: we need it by qualifiers, which is april 22 R1CH: oh just say we'll have it R1CH: you know i'll wizard that shit up HotBid: HAHAHA
The Wizard Who Cried Wolf
R1CH: fuck this is horrible R1CH: im dripping sweat SonuvBob: ? HotBid: why? Daigomi: what happened? R1CH: no R1CH: its fucking 90 degrees today R1CH: and im busy with the stream and irc and shit HotBid: oh wtf Daigomi: R1CH you gave us all a heart attack SonuvBob: =/ HotBid: i thought you meant something with the stream HotBid: omfg
The Universe Shoots You
R1CH: well until the stream is posted, connections don't flood in R1CH: and its not so much an issue of volume MasterOfChaos: the current cause of crash was somebody disconnecting the wrong way MasterOfChaos: we could have the stream go live at 10 min before scheduled time showing the waiting screen R1CH: as MoC said it was my forgetting to handle sigpipe that crashed it intrigue: somebody disconnecting the wrong way can crash it? intrigue: haha R1CH: intrigue, thanks to the wonders of posix, yes R1CH: i wonder what idiot came up with that idea HotBid: how can they "disconect" wrong HotBid: that makes no sense R1CH: its a posix thing HotBid: ok you speak of posix like i know what it means R1CH: when you try to write to a disconnected socket, your program receives a pipe signal R1CH: which if you don't handle, causes it to exit HotBid: ok im just going to pretend i know HotBid: what htat means MasterOfChaos: never really got the reason why signals work that way intrigue: can you make a real life analogy intrigue: so like if u go through a drivethrough intrigue: and you take your food intrigue: and don't pay intrigue: and drive away intrigue: the restaurant explodes? MasterOfChaos: somebody you are talking to disappears mid sentence, and the universe shoots you MasterOfChaos: because you talked to somebody who wasn't there MasterOfChaos: and R1CH forgot the bullet proof helmet R1CH: thats surprisingly accurate
R1CH Made Bad
[5:04] R1CH: oh fuck i screwed up the code [5:04] HotBid: ? [5:04] R1CH: it only records half the key on the server [5:04] HotBid: i dont get what that means [5:04] R1CH: i can fix its just a bit bad [5:05] R1CH: the key is 40 letters long [5:05] R1CH: but only 20 got saved in the db [5:05] HotBid: again, no idea what that means lol [5:05] R1CH: r1ch made bad r1ch fix now [5:05] HotBid: nice ok [5:05] R1CH: k fixed
Heyoka: r1ch had auto ops in the sa bw channel for a year and a half before someone realized he hadn't HotBid: r1ch’s program for checking Ips and rankings HotBid: was running for 1.5 years since TSL1, he forgot to turn it off R1CH: it only ran once an hour R1CH: for 400 days
So what the hell is the difference between these two connections .
Not too bad
Not too bad, mainly just look through the input for any illegal ascii, then filter out any symbols or other characters that pokenum never uses and finally verify that its starting in one of the holdem/omaha/etc/modes and make sure the limit on monte carlo won't kill the server
the final shell command is escaped so there is zero chance of them using it to run other programs the only thing its vulnerable to now would be bugs in the pokenum program
R1CH's First Day at Work
Nazgul: rich first day at work Nazgul: im in a convo with him + meat Nazgul: its like reading a detective book where half of the words are gibberish
Nazgul: im on teamviewer looking at what rich is doing haha Nazgul: and its supercool Nazgul: he has 1 monitor and his taskbar has 40 things open me: haha me: yeah he posted this screenshot with like 80 irc windows open me: i was like WTF Nazgul: rofl me: the task bar was insane i couldnt even read any of the things on it Nazgul: i told him i thought he should get 2-3 monitors atleast Nazgul: but apparently he is “good with one”'
Sent a copy of this to hacks@blizzard, but if you catch anyone in person, direct them to this thread as this seems serious enough to warrant attention:
There appears to be a hack circulating in SC:BW where an oversized game name is passed to bnet upon game creation. Bnet does not perform input sanitization on this value before storing it. Bnet then sends this information back to the client when the client is at the join game screen, at which point the oversized game name is added to the join game list box. When the user clicks the entry, the list box text is copied into an unchecked 128 byte buffer and a stack-based buffer overflow occurs.
On a quick glance, the return address looks possibly controllable, meaning with the right length and combination of characters, this could be exploited to execute arbitrary code on the StarCraft client.
Vulnerable code resides in battle.snp @ base + 0x237D0:
As shown here, LB_GETTEXT is used to pull the string out of the listbox into edx. edx points to a stack buffer of 128 bytes. Since the string in the listbox is controlled by the attacker as no bounds checking is done on either the client or the server, a stack-based buffer overflow occurs.
My suggested immediate fix would be to limit the maximum game name / mapname and other user-controlled parameters that the battle.net server will accept as this would not require a client patch. If the user submits to bnet values of greater length than the BW client would normally allow, they can be flagged as malicious and handled accordingly. An additional suggested client-side update in the next patch would validate the game name and other parameters received from battle.net before working with them, to protect the player from 3rd party servers.
I would appreciate being informed of any updates to this issue, as if no action is taken I will make my own unofficial patch to address this bug. Thanks!
Blizzard Fix Your Lag
On December 16 2008 19:18 R1CH wrote: So I finally got around to taking a look at the lag issues in 1.16. Seems someone at Blizzard thought it would be a good idea to throw a 10ms delay into the game loop AND a 5ms delay after processing the Windows message queue. 15ms of delays in a game that previously has 0ms of delays can mess up quite a few things, as evidenced by the problems the early versions of CPU Savior had. For a game with a pro scene like Starcraft, this really should never have made it past QA, if there even was any.
Why 15ms? Who knows. The most you need is 1ms to stop 100% CPU usage, which is what CPU Savior uses. They also added some delays onto the bnet screens (the game loop isn't run on the bnet screen, so the 15ms delays wouldn't work), very similar to the comments I made in the CPU Savior source code - except instead of delaying on infrequently-used parts of the code, there is a 5ms delay on code that is run very often - hence why the bnet screens feel so sluggish.
So what happens now? I could make a patch to fix the lag issues in 1.16, but what would that achieve? Iccup already is remaining on 1.15.3, KeSPA has shunned 1.16 and I would hope Blizzard already realizes what a disaster of a patch 1.16 is. Why are they taking so long to fix what I could do in a few hours? And who is responsible for this mess in the first place?
I will update this as more R1CH quotes come out.
Last edit: 2011-05-05 08:00:09
@Hot_Bid on Twitter - ESPORTS life since 2010 - http://i.imgur.com/U2psw.png
b3h47pte United States. February 06 2010 08:31. Posts 1306
Last one isn't lag, it's a way of abusing the game name to inject malicious code. Like if you send a close query character to a database, so that the code handling it would think the query is over, and then you used to code to email you everyones usernames and passwords.