Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Alphanos

Members
  • Joined

  • Last visited

Everything posted by Alphanos

  1. In the near future, I will be doing more mining in the LRC. I will be banking ore at the deposit box, not for the money, but mainly because I prefer to train mining with only partial attention, and this is not possible using various drop/superheat/etc methods. I will also be using a penance horn, and of course Varrock armour. Under these conditions, will I receive more experience per hour by bringing Lava Titans, or a Yak filled with Juju Mining potions? Assume that either is equally accessible. Thanks very much for any data on this :).
  2. The KBD and KQ have lost a lot of their luster over the years - it might be neat if they moved into a combined lair and you could take them both on at once :D.
  3. Just bought a Divine for 920M on world 2... hope I don't regret it ;).
  4. Wow, seems like everything big is crashing... just at world 2, and here are a few sellers' prices I saw advertised repeatedly: Divine: 917M (this one sold) Elysian: 545M Purple: 835M Crazy! Can anyone explain this? Is it really just regular deflation or a cyclical crash, or did something relevant leak from Jagex?
  5. This has probably been addressed further back in the thread, but could anyone please link to a page/guide describing this method of 250k+/hr hunter training? The Herblore Habitat guide I've used listed 150k/hr as nearing the max, so I'm assuming there must be a particular spot, etc, which is much better.
  6. This sounds like a brilliant idea! You remove the main detriments of the concept of remote video viewing, but get the core benefits such as removing details of the random events from the Runescape client code. If Jagex had a full set of 10-20 random events using this method, preferably new and as yet unsolved, it would be extraordinarily challenging for bot-writers to recover. Most likely they would be stuck confined to no-random areas, and other changes could eliminate even that safe haven for them. This would take a lot of engine work on Jagex's part, but I think it has the potential to permanently strike the death knell for bots. Everyone, please try to find flaws in the above idea. I think this is the most promising idea suggested so far on this thread.
  7. No. For stabbing weapons, the order's something like Chaotic Rapier > Korasi's Sword > Zamorakian Spear > Brackish Blade (unless I've left out anything important). All of them are the same speed. Assuming each of the one-handed weapons is used with a Dragon Defender, you get the following stats: Chaotic Rapier: +119 Stab, +107 Strength Korasi's Sword: +85 Stab, +76 Strength Zamorakian Spear: +85 Stab, +75 Strength Brackish Blade: +92 Stab, +72 Strength Very close match there between Korasi and the spear. The only reason I could even possibly see for using the Brackish Blade is if you need a stab weapon, you don't have a rapier, and it's super-important to you not to train on a controlled setting.
  8. This is due to Jagex's bizarre philosophy that players should have to "pay" in experience, coins, or both for gameplay that is more interesting. I'm not sure who in Jagex is responsible for this view, or if they're merely adopting the view of their most vocal players. This needs to be turned around before any serious update can take place which would reduce the incentive some players feel to bot.
  9. This is an interesting idea. The trouble is, with all of the players whining about things like "My $6 only bought me 28 days of membership this month instead of 30, Jagex is scamming me !!1one", I suspect that they'd have a lot of trouble convincing people it's a good idea to fork over $50. Sees_all1, n64jive, really, this has gone on long enough. Sees_all1, you believe that successfully detecting bots would have the same or a similiar order of complexity to efforts such as the development of military-grade data encryption technologies. N64jive, you think it is a simpler problem. I think we should brainstorm for possible ideas to solve this problem in a simple way. I think we can all agree that if we don't come up with anything, Jagex will not spend millions/billions over the course of decades to eliminate bots. However, our brainstorming costs them nothing, and if we succeed in coming up with feasible, cheap ideas then so much the better. I believe that an ultimately perfect bot detection system would have to be an AI smarter than humans, which is obviously out of the question. However, I also believe that there must exist simpler, cheaper methods which will provide a strong degree of improvement over the status quo, some of which we've touched on in this thread.
  10. Everyone talking about extra server restarts has gotten me to thinking. The foremost reason why bots have to log out after an update is that in the event of game changes, they might not run correctly and end up getting people banned - as with the wilderness ditch -> wall change. So all semi-intelligent bot-writers have their bots stay logged out after a client version bump. Therefore, yes additional server restarts should be performed, but in addition the client version number should be bumped, or maybe even randomized. Each server should restart at minimum once per day, and if certain checks pass (I.E. nobody currently in the fight caves or fighting Nex, a couple things like that) then the server could even restart every 4-6 hours. The client version will change each time. Then bot-writers will be faced with a tough choice: they can either have their bots regularly getting kicked and locked out of the game, or they can ignore the version numbers and risk mass bans when Jagex really *does* release bot-breaking game changes. As it stands right now, bot-breaking changes have their effect limited because the bots stay away until the bot-writers have checked out the update, but with a change like this to the version numbering, each bot-breaking update could actually catch a few thousand botters.
  11. Construction? Hasn't really changed since the day it came out tbh :P Zombie implings are definitely faster for the average player, though I've never looked into whether traditional methods might be equivalent or faster for super-players like the top 15 ;).
  12. New tradable item on the GE: Brackish Blade, 200k.
  13. Caring about stats =/= caring about ranks. I know ranks are a big focus of the 200m thread, but most botters just want the stats; they don't have their 99s yet.
  14. You emphasize banning the account as though there is some other option. In the majority of cases, IP bans only work so long as you're willing to ban not just a single user, but a decently large geographical area. When you're dealing with i.e. a forum that has a few hundred, or a few thousand users globally, that will probably work ok without collateral damage. However, in a game as large as Runescape, IP bans really aren't an option. I do agree, however, that it seems Jagex has gotten far too lenient regarding botting. I'm not sure I can support instant perma-bans simply due to false reports, system errors, and various other factors, but there's also going too far the other way....
  15. I warned you not to give them ideas. Please remove those links from your post-quote. He's trolling. Nothing we've discussed here will be either news, or much help to any bot-writer. Jagex knows full well that security through obscurity is a failed model; our best hope against bots is for Jagex to implement traps which the bot-writers can know everything about, yet be unable to solve.
  16. Really the goal is for something that humans can always complete, but which computers can complete only some of the time, with limits on possible accuracy improvements. Thing like captchas, or as was suggested above, something similar to jeopardy questions.
  17. I've seen an awful lot of arguments in favour of bots... "everybody bots", "the majority bots", "50% bot", "25% bot", "all PKers have to bot", "oh and they keep prices low".... ad nauseum. None of this is sensible in the slightest. The majority of Runescape players don't even go to *any* fansites, let alone RSC. If you're reading this and you think botting's okay because everyone does it: they don't, and it's not. If you don't want to grind, of course that's your choice. It would be hard to find another game with as much grinding as Runescape ;), so go play something else. As for resource prices: I bet without bots, the Runescape economy would go crazy for a while. Then, eventually, prices would stabilize to the point where we'd get to see the actual value players place on time spent i.e. woodcutting, mining, fishing, etc. It would be kind of nice if resource gathering skills could actually be decently profitable again. Sure, some buyables would cost more. But that increase in price would also drive many to train their "buyables" by actually collecting resources; something which, right now, is almost foolishly inefficient. Prices would reach a new balance point. Maybe if fewer people botted past the grinding, those whom it frustrates so much could spend their time convincing Jagex to release less-grindy content, which then we could *all* enjoy.
  18. If you kindly reread my post, you'll notice the cost I mentioned is the time it took to develop the algorithm, not the time it takes for the algorithm to execute. The time it took IBM and the NSA to develop current standards is on the order of decades. Many of the encryption algorithms in use today were not developed by IBM and the NSA, and they certainly did not take decades to develop. For example, the AES algorithm was developed by a huge number of two Belgians. You can read their paper about it here. While true, this gives you a faulty impression of the difficulty in succeeding in such research. Out of all the various researchers in the field of encryption, only rarely do substantial breakthroughs arise. If you have a specific problem that you need solved in a limited amount of time, you may very well need a lot more than two researchers to work on it.
  19. Regarding the danger posting: basically what has happened is that Jagex has realized there are few player groups who want actual danger in their Runescape. PKing and boss-hunting retain their danger, but most other players merely want the illusion of danger, without having to deal with the potential consequences.
  20. I can agree with what you're saying. It wouldn't stop the existence of bots, but it would help a lot to reduce their motivation. However, Jagex has clearly shown that they disapprove of content which is both fun and efficient. Why this is I can't be sure; maybe they do have some good reason (?). But there is a clear pattern showing that any content which is fun must also penalize the player with higher costs, slower experience gain, or both. Witness updates such as charm sprites and the new smithing update. If Jagex won't move in the direction you're suggesting, then we should at least consider ideas that they could potentially use, such as revised randoms and the like. Regarding time limits: no-lifers would flip, but besides that it would introduce an artificial seniority system, where newer players can never catch up to the experience and wealth of their elders.
  21. This definitely has potential. There are three key things necessary for this to work: 1) The questions have to be simple enough that players with strong language barriers, or who are simply stupid, can still answer them. 2) The list of questions/answers has to be stored on the server, not in the client code. 3) The list of questions would need to be regularly updated and/or randomized so that bot-writers cannot easily make a database of all questions/answers. If these three requirements are met, this idea has a lot of promise. Perhaps more importantly, the main difficulties of this method seem much more easily solved than the central difficulties to other proposed methods. Edit: This could potentially even be done as multiple choice without causing much trouble. That would eliminate problems due to spelling/capitalization/punctuation/etc. This would then be similar to some existing random events, but with a question set updated regularly enough it would be quite difficult for bots to defeat....
  22. Didn't you claim earlier to be a senior computer engineering student? Either you didn't grasp what was meant by changing IDs, or you don't know what you're talking about. Let me give an example in technical terms. The Runescape Java client comes with a list of IDs in constants, enumerations, etc. When the player's browser requests to download the client in order to run it, some sort of session hash could be generated as a one-time key to translate the real ID numbers into client/fake ID numbers. A copy of the Runescape client is dynamically modified on Jagex's end to replace all real ID references with these hashed, session-specific ID numbers, and then the client is sent to the user. During play, any client-server requests that use an ID number would include whatever hash/key was originally used, and the server would decode the fake ID numbers into the real ones it actually uses. All of this is feasible. The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs. Even if the dynamic ID changes included reordering the object lists, it would probably be easy to identify whichever objects the bot authors were seeking using other variables such as utilized graphical resources. I currently can't think of any way to obfuscate the local ID storage in such a way that it would foil bot authors. Also, please tone down the condescending uber-rage. [/hide] As far as I know, Jagex uses a cache system. The objects are requested from the Jagex server, and then the reference is stored on the users HDD. The objects are referenced in the cache first, and if not found, they are requested from Jagex's servers. What you suggest only changes the ID's per session. Also this would require more calculation on Jagex's part, which is more overhead, something Jagex surely doesn't want. You already stated the solution for bots in your problem, which would be to simply decode the IDs, so how would this solve the bot problem? I am a senior in computer engineering, and I did grasp what he was trying to say. He never mentioned using any sort of hashing algorithm or encoding/decoding in his changing IDs. All he mentioned was to change the ID's, which I assumed he meant as changing the ID's periodically throughout the a period of time, thus having to perform a new lookup every time the ID's changed. Jagex surely has a team working on this. But like this thread, every idea that they come up with is likely shot down. I see no way in Jagex winning this battle, and that is my final stance on the matter. They can either remove bots and lose money, or just accept that bots exist and enjoy the fact that at the end of the year, they are still profiting, which is what seems has happened. PS. Sorry for the rage, I'm just sick of people coming up with the same idea over and over again that wouldn't work. Upon further consideration I realize that almost none of my assumed understanding of "changing IDs" was said by the original poster . I'm very used to getting software requirements/goals from non-technical people, where only the most basic concept of what they ask for translates into software; at this point my brain just takes a vague concept and starts trying to translate into technical possibilities. I certainly agree that getting rid of IDs altogether, changing them repeatedly during play, or similar measures would do far more harm than good :). As to the dynamic IDs, yes, as far as I can currently see the end result would be the same, and it would not solve the problem. However, I wanted to throw the revised problem back out there in case someone was struck with brilliance, since the original idea of IDs changing with each login hadn't occurred to me either. This is an inherently hard problem, and as I've said earlier, maybe our final conclusion will be that there's no good solution, and we've been too hard on Jagex. However there are a few ideas that have come up which I think have good long-term potential. Primarily captcha-like randoms, and filtering the noise from abuse reports so that the real bot reports can get through and get addressed. [/hide] Breaking the rules is more fun than abiding by them, especially when you are that talented. The black hat hackers are usually always a step ahead of the white hats, because they are just more talented with scripting. That's why it's such a valuable asset to security companies/agencies when they can flip a black hat hacker. I'm sure that there are many talented black hats out there. However, I don't think it's correct to generalize that all/most black hats are more talented than all/most white hats. As we've seen with this particular Runescape case, the problem the white hats face seems to be inherently intractable - it's not just that Jagex's programmers are bad, but we've so far been unable to come up with a good solution even in theory. In the more general case, the white hat's job is to ensure that there are no security holes whatsoever, and even one that gets missed is counted as a failure. In the black hat's case, they can try as many possibilities as they like, failing all the while, with little consequence. Once they find even a single successful answer, that is what gets publicized. The job of a black hat is much easier.
  23. Didn't you claim earlier to be a senior computer engineering student? Either you didn't grasp what was meant by changing IDs, or you don't know what you're talking about. Let me give an example in technical terms. The Runescape Java client comes with a list of IDs in constants, enumerations, etc. When the player's browser requests to download the client in order to run it, some sort of session hash could be generated as a one-time key to translate the real ID numbers into client/fake ID numbers. A copy of the Runescape client is dynamically modified on Jagex's end to replace all real ID references with these hashed, session-specific ID numbers, and then the client is sent to the user. During play, any client-server requests that use an ID number would include whatever hash/key was originally used, and the server would decode the fake ID numbers into the real ones it actually uses. All of this is feasible. The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs. Even if the dynamic ID changes included reordering the object lists, it would probably be easy to identify whichever objects the bot authors were seeking using other variables such as utilized graphical resources. I currently can't think of any way to obfuscate the local ID storage in such a way that it would foil bot authors. Also, please tone down the condescending uber-rage.
  24. You're wrong. RuneScape also uses a client-server scheme. The bot detection is server-side and analyszes the data sent by your client. As a bot programmer you don't have a clue how the detection works and you focus on a human-like behavior. There are also bots which don't use IDs in the client and focuses on color schemes. I guess Jagex analyzes each bot around and trys to work on a script to detect each one. That script probably can then also detect other bots which work similiar to those they have access to. A good way to get rid of bots are updates. They could change small things (move a rock a little bit, change a color a little bit, switch IDs, change positionings of buttons and NPCs a little bit). A human-being can easily deal with these changes but a bot would have a problem at that point. So players who can't deal with them are obviously botting. Some of these changes might be possible without updating the game client. I mentioned this earlier, but any purely server-side bot detection is by its nature quite limited. Sure, you can detect click patterns, timing, etc this way, but bot writers can randomize this fairly easily. Anything that players actually interact with, such as random events, etc, must have at least some code on the client side where bot writers can sift through it. Some form of frequent, yet easy-to-develop update is sounding like one of our best bets. The trick here would be getting this to work in such a way that the Runescape client can easily adapt to the shifting ID numbers, but so that the bot cannot use the same technique as the client itself to shift and understand the new ID number pattern. If this hurdle could be overcome, this would strike a huge blow to bots. A lot of the past page or so seems to be focusing on doom-and-gloom, "we've already lost" attitudes. This is an inherently difficult problem, but I think there's at least potential to do better than what currently exists. Some of the most promising ideas so far: 1) New styles of random events, such as captchas, which are hard for computers to solve and which do not have the answer stored in client code. Pros: one of the most common ways to detect people vs. computers. Cons: Arguably more annoying, and any captcha that consistently beats a computer will also beat some real people as well. 2) Provide more player-usable tools which can break bots. Pros: Allows the playerbase to adapt to counter adapting bots. Cons: Limited effective scope/reach, also players as a whole make so many bad reports that few of the caught bots will get dealt with permanently due to the low signal to noise ratio. 3) Regular new random events. Every month or two, add a new random event to the mix, which bots will not yet have solved. Pros: More work for bot writers, may catch some bots with the update. Cons: If they haven't already, bot writers will quickly learn to make their bots only login if the client version matches what they were written to work with, thus preventing the botters from being caught until the bot is updated. 4) Regular ID/etc changes with each login. Pros: Potentially breaks a lot of bots out there. Cons: Would be very difficult to setup in a way that prevented bots from adapting and reading from the same "table" (or whatever system used) that the client itself adapts from. Unless the primary difficulty with #4 can be solved, I think the greatest potential lies with #1 and #2. For the first item, what types of problems, similar to captchas, exist which are inherently difficult for computers to solve, but easy for humans? Note that it must be a type of problem that can be displayed to the user, without the client needing to know the answer in advance. For the second item, what changes to the reporting system could be developed to distinguish legitimate botting reports from the countless over-eager false reports? One idea for the second item would be to revise the reporting system to record more data, so that Jagex employees can watch a few minutes of Runescape events surrounding the player in question, allow the reporting player to write some comments/description of what to look for, and developing a internal reporter-score for each player. This score would record the ratio of good to bad reports by that player (maybe just for things like botting?), and players who consistently correctly identify bots could have their reports looked at sooner and/or more closely in the future.

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.