Friday, January 17, 2025

Proposal: Less Security

If the text “directly amend or modify the ruleset or dynastic gamestate through means other than defining or successfully performing a Heist Action” appears in the Ruleset, then replace it with:

directly amend or modify the ruleset or dynastic gamestate through means other than defining or successfully performing a Heist Action or Free Action

If the text “A Participant may set their Guess to any EFF Word at any time” appears in the Ruleset, then replace it with:

A Participant may set their Guess to any EFF Word at any time as a Free Action

If the text “revert the effect of one Heist Action performed by a Participant” appears in the Ruleset, then replace it with:

revert the effect of one Heist Action or any number of Free Actions performed by a Participant

posted by Brendan at 17 Jan 2025 19:44:00 UTC Comments (7)

Warning This post is still within the four-hour edit window, which will close early if any votes are cast. Consider delaying your vote until after that time.

Comments

ais523: Mastermind

17-01-2025 19:47:11 UTC

Just noting that this would be a huge hole that would make any “conventional” win of the dynasty almost impossible to guard from ruletext injection scams.

I guess maybe we need to have mutable and immutable tracked variables in addition to mutable and immutable rules.

Brendan: he/him

17-01-2025 20:11:39 UTC

Why would such a hole not exist for Heist Actions already?

ais523: Mastermind

17-01-2025 20:28:00 UTC

It does to some extent, but it at least slows down the rate at which someone might be able to exploit such an injection scam (especially as with Heist Actions you’d have to somehow make one massive action that accomplished everything you wanted, but with Free Actions you’d be able to make one small action and spam it repeatedly).

Like, say you inject a Heist Action that gives you +1 Triumph; that’s somewhat powerful but unlikely to be an instant win and other players would be able to intervene to stop it, so you’d need to make the action more complex in order to get a massive benefit from it. If you inject a Free Action that gives you +1 Triumph, then depending on how the victory condition ends up working, it might well be an instant win.

Brendan: he/him

17-01-2025 20:45:29 UTC

I guess I don’t understand why, if I could freely inject anything into a Heist Action to begin with, I wouldn’t just make it “achieve victory” instead of “+1 Triumph.”

ais523: Mastermind

17-01-2025 20:49:56 UTC

It’s to handle situations where you can’t freely inject just anything – some sentences are going to be closer to the existing rule text than others, and the more distant ones are going to take longer to set up.

JonathanDark: he/him

17-01-2025 21:18:03 UTC

I’d support the idea of Immutable and Mutable tracked variables, but we’d really need an easy-to-find indication of which those are.  Maybe make all variables Immutable by default and require Mutable ones to be designated as such, or vice-versa.

Brendan: he/him

17-01-2025 21:18:24 UTC

I think the scenario ais is trying to sketch out is not nearly as concerning as the first comment implied, or at least no more concerning than what the existing rules already allow. I’ve added a clause that includes Free Actions in the Oversight rule, but otherwise I’m going to leave this proposal intact unless someone else has a more concrete example.

You must be registered and logged in to post comments.