
The Starfighter Low-Level Tech Tree - Cogito
http://sockpuppet.org/issue-79-file-0xb-foxport-hht-hacking.txt.html
======
Cogito
I'm really excited for this to come out. The release email had the following
before the text you can see in the submission:

 _Helu,

This is Thomas. Here is a thing somebody wrote about Stockfighter, our
project, which we're sending you because you asked us for updates from
starfighters.io.

We hope you enjoy reading it. (If you want to read it in a browser, try here.
Works best in a fixed-width font.)

Assuming there are no other Carpathian trickster-gods we've somehow managed to
anger, you should be able to play both tech trees of Stockfighter by the end
of the week. Patrick wants me to say the day, but I'm pretty sure speaking the
names of actual days of the week in sentences about this project is one of the
things that angers the Carpathian trickster-gods, so let's just say "a day
that rhymes with Shplyday".

furtive glances over shoulder_

If it does come out this week, my holidays are not going to be very productive
- or perhaps very productive, depending on your perspective!

I think this is the first real look at the low level tech tree and what kind
of things it will contain. I'm excited by both of the tech trees so far, I
think it will be interesting working through both of them.

I really enjoyed the style of this information release, quite a lot of
information but the writing almost seemed tongue-in-cheek the whole time and
was fun to read.

~~~
TorKlingberg
I do not understand what you are talking about. The article describes reverse
engineering of a stock trading device, covers the basics of assembly, and
shows the poor security of trading systems.

But what do you mean by "low level tech tree"? None of those words are in the
article.

Edit: Apparently this is all part of a fictional game.

~~~
rmccue
> But what do you mean by "low level tech tree"? None of those words are in
> the article.

The title of the submission is taken directly from the email subject.

[http://starfighters.io/](http://starfighters.io/) has a great intro to what
this is, made by community members 'patio11 and 'tptacek.

------
noselfrighteous
I feel like I've fallen into a hole. There's jargon everywhere, I'm not sure
if I'm in the middle of some sort of satirical art experiment.

Can anyone explain what is going on?

~~~
meshko
Apparently it is a fake reverse engineering report to support a programming
game which, i'm guessing, is about to go live? see
[http://www.kalzumeus.com/2015/08/20/designing-and-
building-s...](http://www.kalzumeus.com/2015/08/20/designing-and-building-
stockfighter-our-programming-game/)

~~~
lucaspiller
This reminds me of when 0x10c was announced :)

[https://news.ycombinator.com/item?id=4649031](https://news.ycombinator.com/item?id=4649031)

~~~
w00kie
That was such a let down in the end...

~~~
baby
Good thing this is made by people who have already proved what they were
worth. I love Notch but he never seemed like a "worker" type. He was just
having fun until it was no longer fun.

~~~
tptacek
Setting the bar a little high for us, aren't you?

~~~
baby
Well this is just the image I have of Notch. He was just goofing around with
mini-games. One became ultra famous. Lots of people got involved and it
exploded from there, not really in his control.

Doesn't mean the game is not great, doesn't mean he's not skilled. Maybe I'm
just sour about all his talk on 0x1c before giving up.

~~~
meshko
0x10c was a classic 2nd system effect.

------
patio11
P.S., since it isn't in that post anywhere due to in-game voice: Stockfighter
launches publicly on Friday.

~~~
wyldfire
I signed up but I don't honestly recall what it is. Is it called "Starfighter"
because it's like the excalibur game from "The Last Starfighter"?

~~~
sitkack
No it is from
[http://www.imdb.com/title/tt0083943/](http://www.imdb.com/title/tt0083943/)
with Clint Eastwood and web browser that can be controlled with your mind.

~~~
wyldfire
Unfortunately the browser only accepts mind control commands in Russian, no
i18n for you.

------
jzwinck
> The better exchanges do have passwords on their FIX gateways. But the
> performance of a FIX login is especially important (there's often a race to
> start trading at the beginning of a session)

Better exchanges enable their FIX gateways long before they accept orders.
They can signal their willingness to accept orders by sending everyone a
message which says "we are open." Consider also that some exchanges trade
products with disparate opening times. All the same applies at the close but
in reverse. Better exchanges will tell you each of your orders is closed
before they disconnect. Worse ones suggest you infer the same.

~~~
lmorris84
Yep most of the FIX connections I've seen are connected for most of the day,
long outside trading hours. Tag 103 has specific error codes for the exchange
being closed.

~~~
listic
And I here thought FIX is a fictional protocol devised specifically for this
game...

~~~
wolfgke
I didn't believe from beginning on that FIX was fictional, since if it's a
real protocol (or at least very near to a real protocol) it makes programmers
that are good at Stockfighter a lot more placeable in the market - and this is
what Starfighter wants to make money with.

------
raphman_
What a beautiful intro to assembly programming and reverse engineering. Very
minor issues that bother me more than they should:

\- Could it be that there is a whitespace missing after the " ◐ " or is the
gap in the border intentional?

\- X/Z are used in the 'program structure' example without introducing them
beforehand (or mentioning 'we will look at these later').

\- A real RE report would certainly have mentioned all visible part numbers
and the type of I/O controller. Although it is certainly not relevant to the
game, it somehow bothers me that the author decided to omit this information.
(hmm, maybe this was described in Section 3?)

~~~
maikhoepfel
For your #2, quoting from the link:

Loads and stores are relative to the X, Y, and Z registers, which are aliases
for the 16 bit register pairs starting at r26, r28, and r30 respectively (r30
is an alias for Z)

~~~
raphman_
Indeed. However, this explanation is only given _after_ the example has
already made use of these registers. As I stated, just a very minor issue...
:)

------
umanwizard
I'm super stoked for Stockfighter to come out, but I'm confused about
something...

If you intend for performance in Stockfighter to be used as a proxy for talent
by recruiters, how do you intend to prevent cheating? Seems like it should be
very easy for people to work in groups, or look up walkthroughs online.

~~~
patio11
Stockfighter generates signals about players. Those signals get fed to the
Starfighter founders. We might choose to get in touch with particular players
and, if they want to have a geek-to-geek chat, have a brief phone call with
them. We then, if appropriate, introduce them to people who can hire them at
our clients. We get paid if that introduction results in an accepted job
offer.

People have asked us about a variety of ways to cheat on the games. Some of
them don't strike us as even a little bit problematic, e.g. using an OSS
library to access our API. (Some folks are already working on these and we're
thrilled about that development.)

Some of the ways people could cheat on Stockfighter are, from the perspective
of someone wanting to hire engineers, pretty awesome. If you get arbitrary
code execution which busts out of an emulator written by the Ptaceks _I
urgently want to make your acquaintance_.

Some of the other, more boring ways that one could cheat do not particularly
strike me as bothersome to our business model. We're not selling certs; we're
brokering introductions of candidates to businesses that want to hire them.
Scamming a row out of our database doesn't meaningfully negatively affect the
world, Starfighter, or our clients. I've got _lots_ of rows.

~~~
MichaelGG
Basically, IIRC, you're saying if someone does cheat (as in buys a good
account or hires someone to kick ass for them), you human filter them anyways
and it'll be pretty obvious they don't know what they're doing.

Though I was a bit confused by a statement you made. You said you'd need to
beat the Turing test to automatically pass the last level of Stockfighter. But
if that's true, how are you generating and validating the levels - that seems
an equivalent challenge. (Unless you've made tons by hand.)

------
lpage
"Legal at 35=G Inc will allow me to publish this article only if this section
is not present."

I love the FIX meta humor. Order Cancel Replace Request: tag 35=G.

~~~
tptacek
I can't take credit for this; an ex-HFT friend gave the name to me. :)

------
dcw303
Awesome.

Having recently done a large chunk of Microcorruption, I think I get what they
are going for here. Super excited.

But also a little nervous as to the timing. Like others have said, if this
releases before xmas, my level of interaction with the real world may have a
real impact on the most wonderful time of the year, family togetherness, etc,
etc.

I'd love it if one of the founders could tell me if there's any PVP element to
the low-level tech tree? What I'm really asking is if I put off playing this
until some time in January, have I put myself at a disadvantage?

~~~
tptacek
No. We're releasing something for people to play with before we release the
actual CTF levels, to try to level the playing field a bit.

~~~
dvanduzer
Is it too early to ask for a writeup of the connection between Real and Game
economies?

If there isn't a strong tether to "real data" than this question is moot, but
if that's a key part of this experiment, then I and many others will start
drooling at y'alls feet pretty soon here.

~~~
patio11
I'm not going to write about our economic simulation at all, but it _may_ be
reverse-engineerable. Mad props, and infinite amounts of fake Interney money,
to anyone who figures it out.

~~~
grayclhn
"Fake Internety money" of course actually translates into real job
opportunities in this case.

------
rboyd
Any predictions on how all this is going to go? Loving the throwback phrack
vibe. I wonder though how much time I'm going to be able to dedicate to
smashing the stack for fun and rankings. Oh, to be 13 again.

~~~
kasey_junk
As interesting as the game is, even more interesting to me is their business
model. Contingent recruiters are uniformly terrible.

To be honest, even if I didn't know them, based on their online reputations
I'd expect them to be the best contingent recruiters in the country within
weeks. That I completely & totally agree with their underlying philosophy on
hiring makes me even more bullish.

Of course, all of that is contingent on them delivering on the game experience
and delivery software products is...hard.

------
knughit
I am curious if hirers will use stockfighter to hire folks low-level embedded
work, or if this will be an arbitrary shibboleth for general jobs, biased
toward people interested in this sort of game. I hope starfighter expands into
more diverse areas of interest.

~~~
Cogito
One theory bandied about is that the initial partner companies that
Starfighter is working with (ie the ones looking to hire) includes a
disproportionate number of financish companies such as might be found on the
east coast.

I wouldn't be surprised if lots of companies in that domain would be very
interested in the candidates coming out of Stockfighter, however there are so
many subsystems involved in the problem environments disclosed so far that
many valuable skill sets have the potential to be exercised. Part of the
(general) success of both Stockfighter and Starfighter will be how well they
manage to _actually_ exercise those different skill sets.

I'm cautiously optimistic so far :)

~~~
tptacek
Not so much. We chose markets because we think they're fun.

~~~
Cogito
That was my impression as well.

There have been a number of comments from people who find the idea of the
markets 'unfun', or just not relevant to the roles and tasks they want to be
doing. My impression from what has been released so far is that there is
actually a plethora of tasks/technologies/etc involved, and as such 'useful'
skills will be used regardless of if you're in the finance industry.

~~~
saturdayplace
I've heard Patrick make that very assertion.

------
brational
I guess you could consider this a noob question. I'd like to get into this and
more low level stuff in general.

Background:

I'm an applied math guy that works in cv, image processing, and anywhere that
stats & optimization can be used. Work has recently led to learning more
distributed stuff, albeit simply wiring up zeroMQ with c++ or python and
getting the concurrent dances right.

Is it safe to say that Microcorruption is sort of a pre-req to this? Should I
muck around in there first for a bit or sign right up for starfighter? Thanks.

~~~
tptacek
No, you don't need to get through Microcorruption. This is Microcorruption on
a different architecture, with a more complex environment.

But I like Microcorruption too (I'm biased) and would definitely not try to
talk anyone out of playing with it as well.

------
wyldfire
Interesting that their json variant uses trailing commas. Too bad that's not
more common.

~~~
TorKlingberg
I was surprised to see JSON in the low level messaging of a device that is
supposedly (c) 1993-2015.

~~~
tptacek
Not as surprised as I was to actually work with JSON in AVR C.

------
J-dawg
I don't think I have the skills to get very far in Stockfighter (although I'll
give it a try). I wonder if there are any plans to produce an "entry-level"
version? It strikes me that this would work brilliantly as a teaching tool,
and could open it up to a whole new market.

------
tux3
I'm really hyped for this. If this is as much fun as the microcorruption CTF
I'm going to be glued to my computer until I solve all of it!

I like what I'm seeing so far, AVR sounds like a fun new challenge.

------
umanwizard
Another question - if you haven't bene able to dump the code running on the
Network and Mystery chips, how do you know they're AVR ?

~~~
teraflop
In case you haven't seen previous discussion around Starfighters: this
document is fiction, describing a scenario that was invented for a game based
on software reverse engineering, to be launched shortly. But one possible in-
universe explanation would simply be that the three chips had the same part
number.

~~~
umanwizard
I do understand that -- I was asking for the in-universe explanation :)

~~~
fabulist
One images they observed the part number while attaching the bus sniffer.

------
pjc50
_lurking inside the 1995 handheld UI is a more sophisticated 1997-grade
trading engine_

I do like the sense of humour here.

------
har777
Excited. But also really intimidated :)

------
plank
I guess the link no longer works, the correct seems to be:
[http://sockpuppet.org/blog/2015/07/13/starfighter/](http://sockpuppet.org/blog/2015/07/13/starfighter/)

------
eb0la
Is it me or this looks like an article taken from Phrack magazine or SET
journal or any hacking related magazine from late 80s/early 90s?

------
tmuir
I've been wondering what I should do to keep busy in the next month between
jobs. Looks like I've found it.

