Excels

True. Disabling the garbage collection is a gutsy move, especially when java isn't very well known for manual memory management. Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++. On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet. It's far, far, FAR less efficient than C++'s manual garbage collection. Jagex basically needs to keep track of objects and release them manually. Essentially, think of its this way: before, a garbage collector went around picking up garbage. Now, we have two parallel universes. The moment one garbage collector - Jagex's - picks up a piece of garbage, it is magically transferred to the parallel universe. Then, Java's garbage collector picks it up and releases memory (recycles it). Ignore double finalization. This is obviously highly inefficient. I've thought of another thing. Mountains of data have shown that most objects are "dead" moments after creation. Modern GC is tuned for this; they segment objects into generations. Basically, you have new - aka eden - mid, and old generations. Normal behavior involves the garbage collector prioritizing checking eden first - because that's where all the garbage is! Now, I don't know how good Jagex's garbage collection scheme is. I don't expect it to exactly be optimal; which would involve immediate release moments after the object is no longer used. In any case, they've probably flipped the paradigm around which GC is designed upside down. It's almost as if people suddenly decided to move all their garbage cans into 50 foot sequoia trees. The garbage collector will scratch his head, wonder where all the garbage is; and when the heap grows too large, will eventually invoke "stop the world" - a full stop to execution and a full graphing of references. Pause times for this often run into thousands of milliseconds... An array of Object[][] is actually very hard to get around. The botter has to figure out the PRECISE object layout, since the type is (hopefully) hidden on the server. Also, properly encyrpting and randomizing the layout of the object array would make it difficult. The thing is, yes, you can crack the object array. But how difficult is it? Can jagex just shift things again and make you have to do the same amount of work on your end for little work on theirs... Being able to typecast out the object array is a very useful feature for explicitly hiding the contents of the object from the calling code. Well, you could always instanceof the objects in question through a ton of known types. Or, you could try reflection on the object itself. Jagex broke reflection using obfuscation, and not, if the info we have is correct, by actually prohibiting reflection. Here's how you get type: Object o = Main.ClusterFlutterer[234][567]; Class c = o.getClass(); Can you explain how you would typecast out the object array? Don't you eventually have to dereference the object to do anything to it? And how would you have type stored on the server? EDIT: I just got it, Object[] are a subclass of Object, and Object[][] are a subclass of Object[] and Object, etc. But I still need some help seeing how that helps. And does anyone think it wouldn't be a bad idea to split off all the technical discussion?

Theory: Due to clusterflutterer's approach of holding a reference to every single object, it torpedoes effective memory management by Java. RS now must explicitly nullify object references. This confuses the garbage collection algorithms Java uses, forcing it to resort to the old graph-tracing Stop the World garbage collections. I really hate the fact I can't get on rs reliably atm. Not only can't I invest in the market, but I can't do some self-learning by having my JVM print out advanced GC info :(

The idea that "getting rid of bots doesn't hurt the game" ignores the fact that the continued grind, along with bots, was decimating legitimate player activity. Bots served to mask this.

So they haven't really done anything that inventive. They just dumped everything into a giant Object[][]. They probably have some code generation tool for it. But really, it doesn't really prevent the botmakers from doing anything; they'll just need to be really aggressive now. I can totally see some smart person using bytecode instrumentation - almost like a profiler - to intercept any constructor calls and maintaining private references to everything. And it doesn't prevent reverse engineering of the network protocol. Moreover, there are definitely performance issues. If they dumped every single object into an Object[][], how will garbage collection function? Maybe they're using something from java.lang.ref instead. Otherwise, they need to explicitly release every single object reference, to prevent unholy memory leakage. This is practically like explicit memory management, in a language that has memory management built in. Even in compiled high-level languages, the heap taken care of by the compiler. It's a very interesting, albeit limiting, approach they've taken. Also, I think they just made it impossible for them to use generics. It's not exactly a mark of a bot if you don't talk. This has been discussed to death. It's a mark of not being a bot if you talk. Not talking is not the mark of a bot. It's not, though. Like I said, it's been discussed to death. Many of the more popular scripts have 'human-like' actions programmed into it, like bankstanding for a small amount of time, periodically examining people and objects, turning the camera, and talking. Well, if I'm talking in HYT chat constantly, and I make sense, either I'm a person or the best chatting AI ever invented; and I should be working for google designing their next advance in search algorithms, having passed the Turing test... I'm not talking about Siri like intelligence - responding to queries about my levels and what not - but actual intelligence. Of course, there could be bots that allow chatting while botting :s Ok -- I LOL'd IRL ... :lol: But, here's a question for you (or anyone else who wants to answer it) -- at what level will you accept Clusterflutterer to be a "success"? Only if it manages to eliminate 98% of all bots AND these accounts and all correlated accounts are permanently banned? Are you willing to accept less and just appreciate the effort? :unsure: Right now, Jagex says that the changes will stop 98% of the current bots. Now, assuming they're honest after the fact, that should mean around 100,000 bots active at any one time. Again, I assume that's the number of bots messed up after each update only this time they stay messed up. If it's not near 100k, then I'd consider it a failure. Now, how they treat those that they've identified is another tale. I don't mind rollbacks cause it does the same as banning and starting a new character for most. That's assuming they're just botting for levels and not gold farming for RWT. If 98% of bots are stopped and you expect 100k bots active at any one time, then you're saying that 50 x 100k = 5m bots are active at any one time. That makes no sense. Bots don't need to log off after long hours. That 100k could represent just the computers set up for botting with accounts rotating through them. There's no telling how many throw away accounts are on that. However, if the average number of active players at any one time is now about 50% of the average over the last year, I think it'd be safe to say that Jagex did its intended change. Right now 93k players are online, so what was that like over the last week at this time? Of course, I'm more interested in what happens in four weeks when what Jagex actually did is better understood. There'll still be bots, but new methods will need to be found to circumvent both Jagex auto detection and basic player tricks to mess up the bots. You still haven't explained things in a way that makes sense to me. If there are 100k computers set up for botting, each with multiple accounts, then the number of bots shoots up to an even higher and more ludicrous number. Fact is, on the rs front page we see how many players are online at one point. I don't ever remember seeing anything over 1m, much less 5m. It doesn't matter how many throwaway accounts they have or mules; 100k botting accounts active at any time after a 98% reduction implies an original steady bot population of 5 million.

The 2% that survive will be auto clickers and pascal based bots. However they're hugely unreliable and high ban rates, reflection and injection actually deal with the java code. Well, not for things like alching. Can you explain how pascal based bots work? Why pascal? Why not C? Ok -- I LOL'd IRL ... :lol: But, here's a question for you (or anyone else who wants to answer it) -- at what level will you accept Clusterflutterer to be a "success"? Only if it manages to eliminate 98% of all bots AND these accounts and all correlated accounts are permanently banned? Are you willing to accept less and just appreciate the effort? :unsure: Right now, Jagex says that the changes will stop 98% of the current bots. Now, assuming they're honest after the fact, that should mean around 100,000 bots active at any one time. Again, I assume that's the number of bots messed up after each update only this time they stay messed up. If it's not near 100k, then I'd consider it a failure. Now, how they treat those that they've identified is another tale. I don't mind rollbacks cause it does the same as banning and starting a new character for most. That's assuming they're just botting for levels and not gold farming for RWT. If 98% of bots are stopped and you expect 100k bots active at any one time, then you're saying that 50 x 100k = 5m bots are active at any one time. That makes no sense. It's not exactly a mark of a bot if you don't talk. This has been discussed to death. It's a mark of not being a bot if you talk. Not talking is not the mark of a bot.

Yes, there are ramifications. All anti-cheat software has them. It's would be a very high impediment to bots. And yes, in the end the computer has to make sense of it; but other processes don't have to. The rs process must make sense of it, but neighboring processes don't have to make sense of it. Rs could store its keys in a hard to find memory location, and continually zerioize and change it. It could hook into available cryptographic APIs intended to hide the keys from every process but the source process. (encrypting the packets is my idea as to a countermeasure against a reverse engineered client that basically is a drop-in replacement botting client; not something I think jagex is using or needs to use). I assume that they will have to port code to each device separately. It may not be necessary with Android and iOS, given the strong separations between apps. Of course, you can modify the OSes themselves...

This is complete bullocks. Any idea how incredibly WRONG it would be to install spyware software on user's pc's and scan them without our permission? That would mean every company out there could insert spyware to check for passwords, sensitive information or other personal things. Think twice before posting this stuff, makes no sense at all :D This is exactly what almost every anti-cheat mechanism does.

I believe CAPTCHAs were defeated in RSC not via machine vision, but via a distributed system. The idea was that a small proportion of botters would be solving captchas at any given moment. It would be interesting to see how effective that would be today.

Given that Jagex is now requiring the usage of signed Java, does anyone else find it probable that Jagex - given the ability to run arbitrary code on your system through JNI - has implemented something like Warden, Punkbuster, or VAC? They could scan the memory space and your hard drive for botting programs. Also, they may have rewritten key parts of their client in native code and used something like http://en.wikipedia.org/wiki/ASLR to hide their locations, preventing reflection. A further method of defence would be to somehow encrypt their network packets...

I'm going to be brutally honest; Sonikku; the two times I entered your chat; no one really responded. The majority of people there are people who sell fast larges, and they are generally not interested in dungeoneering with people other than their team.

It would be interesting if someone could test this; this guaranteed healing is a huge change if I understand it right.

Thank goodness.

Depends on what you do really. If you're a hardcore magic PvPer, definitely go with the blastbox. If you're just a regular training dude or simply skilling, tome of frost is the better choice. Sonikku, have you noticed anything funky with fire blast in dungeons recently? See http://forum.tip.it/topic/302323-magic-accuracy-nerf/. Also, why do you recommend tome of frost over blastbox? I realize there's increased accuracy, but when would you ever use its water providing abilities except for say, water blast? The magic blastbox has an effective 5% extra damage. Also, you should mention that sighted longbows are 1 rank faster, so sighted longs on rapid are equivalent to shorts on accurate with a lot higher accuracy. Shortbows may still be higher xp, though... Finally, how long are your average large c6s and how much xp do you get? I was just wondering how my best dungeon with world 7 randoms - 29k xp in 27 minutes stacks up. One more tip - the ferret catching room can be done in f2p if you have someone with the requisite hunter skill, by catching the ferret.

In response to the person who was talking about my 5 hits under 30 - it was 5 hits in a row. I would consistently hit under 30. I've run through 2 more c6 larges, and I estimate around 30% of my hits are under 20 and 70% are under 100.

I am not imagining things, at all. I do not store chaos runes in my blastbox. I use a normal fire staff. I recorded a max hit splat of 77 with fire blast in a dungeon. A teammate in my dg team with much higher mage than me was also reporting a lowered max of 146. I'm going on a c1 right now. Maybe that's a glitch with dungeoneering or fire blast specifically, but all my spells have been functioning normally. You should probably submit a bug report. Or something f2p related...

I am not imagining things, at all. I do not store chaos runes in my blastbox. I use a normal fire staff. I recorded a max hit splat of 77 with fire blast in a dungeon. A teammate in my dg team with much higher mage than me was also reporting a lowered max of 146. I'm going on a c1 right now. EDIT: Something strange is going on; I'm positive I had a max hit splat of 7, but now I just hit an 80 non max hit. Maybe Jagex put in some damage soaking thing? After all, this is a c1, fighting level 20s, not level 130 skeletons... However, I just hit a series of 5 under 20 hits. There's been some damage nerf, that much is clear.

In f2p dungeoneering, I was hitting a lot less; but I may be imagining things. However, the max hit of fire blast became 77. I am not imagining this at all. My dps is now half of what it was previously, and I trained my magic for nothing. If requested, I'll go on a c1 and find a screenie.

@Hamtaro, Big Stingman, and Nomrombom, by your logic, it would be perfectly fine to have passwords that are in binary, because 111101001010101010101011110101000001010101010111111101010100000010101010101010101111111110101010101010111111110000110001010010101110100110101110101110101011010100101011110101101101011001010101110 is just as secure as any good password. Face it, it's a lot easier to add in symbols and numbers. Nomrombom, my password that is 50% shorter is apparently 4456% more secure, because as a windows password, I can use symbols and numbers. Also, and what is up with that "[consider elaborating]"? If the writers so rushed they can't even remove editorial comments, they should get 2 weeks to write articles. Personally, I found the Pro-Melee bias article a good start, but lacking focus and elaboration, as the bracketes showed.

"Shyla" often works; she switches her name around often and I can't spell. Once I got in a channel called "Lrn2Spell" after typing "lady heinuous".

I remember doing Dragon Slayer at level 40ish. I got a full invent of lobsters, made sure my run energy was at the max, got a teleport... quadruple checked my armor... I ended up eating 2 lobsters. :huh: Quite recently, at level 68 combat, I still packed a rc guild teletab to go fight lessers. :lol:

I really shouldn't be telling you this, but soft clay. Buy 90 sell 95. Good thing I have huge offers on now, so you can't get any atm... i have 161, and i believe higher is possible, since with some hidden tasks. waka waka waka, i even sure how i get it. but later on, got one person saying maybe by cutting waka in all different places, or just cut waka 3 times. I got it by cutting wakas in all places, I think. It's definitely not cut waka more than 3 times. Urns from scratch are cheap and easy, but slow xp. I've been making them at the Crafting Guild; Cabbage tele, run west, make 25 urns, Daemonheim tele, bank and repeat Average time to make each urn comes out to about 20 seconds (7-8 minutes a trip); this nets 11K to 14K per hour crafting xp... How do you make 25 urns a trip? Each urn takes 2 soft clays... Iron 1 is definitely the best. Yes, that's right, it's longer. Well, you don't get any cash back in return, so you pretty much HAVE to listen to Suak to get the most out of it. Also, bone yard rocks. Just sayin'. The noob dungeon in lumb could be better, I'm not sure. So many bots that you can never take a step and still get a normal bone every time. Also, no pkers - I've gotten killed thrice trying to find the boneyard. Paying attention is worth it imo, because of the ceremonial swords. I've gotten 100% before, and it was a free 15k smithing xp. Not to mention with free diamonds for every sword you make over 90% (not too hard), and around 4 swords an hour, it's like 30k an hour. Best way is to simply take some risks, not huge obviously. Hard only gets 5 rarely, and medium only gets 3 rarely, at my level 60ish smithing. Never use careful unless you're sure you can get perfect.

Where has Evaluate been? http://services.runescape.com/m=devblog/view_post.ws?post_id=113 I've heard from clan leaders that the other features mentioned above are in the works too. About the scam thing with the whip - can't you just teleport? And with gem cutting - it only became a scam with assist, before there were very many nonscammers, me included. And yes, I've gone through the situation mentioned in the beginning of the article on scamming. Free 100k ftw!

Erm, it doesn't really give any indication about who it is, but you'll have to trust me on this one. Or, if you really are nervous, it's the 5th photo on Jobs at Jagex's Wall. This is the actual photo, but I have to admit it looks fishy. Were it not on Jagex Recruitment's facebook, I would call it a bad fake.

Train dungeoneering? I mean, to me it's one of the funner skills. I try to grind as little as possible, and that includes ignoring wc, fishing, fming, and cooking as much as possible, even those are "easy". Besides, what does the level 4 ring provide over the level 3 ring? Extra food (I fight maybe once every 3 sessions), extra magic spells (I don't always go to a bank to use up my existing ones)... Now that I think about what I said, I'm not sure why I said it. You did mention already having the requirements, and I know I read that...

I use that for banking urns, but it isn't that much quicker. Saves run energy, though. I'll have to check out the deposit box; it isn't on any world map I know of (ingame or tipits) It's rumoured to be coming soon.