A few weeks ago when the HR lady called me and told me that I too was now among a number of people who had been laid off as a result of “business decisions”, I could scarcely contain my enthusiasm. “That’s great!”, I replied giddily. There was a moment of silence before I caught myself. “I mean, that sucks … terrible .. but it’s great that I know about it sooner rather than later”, I sputtered. Good save.

I clumsily explained that, having spoken to colleagues and being aware of the changes, I could now live without the uncertainty, then swung the conversation back around to me getting fired.

“Yeah, no, that’s bad news,” I assured her but added that the severance would be helpful.

I was lying – I was elated.

Thing is, I’d been working on a project in my spare time that it was probably best to keep hush-hush. So it was. The main complication was the fact that the project is an online poker game and I was – until recently – working for a company that had bought PokerStars. It wasn’t that I was “borrowing” code or secrets or clients or anything like that, and I genuinely liked working for them, it’s just that the whole situation felt complicated.

Besides I just thought that the idea was too damn good to risk any potential roadblocks, especially early on. So I assumed an alias and toned down my writing style.

I was asked why I included a cryptographic identity when I first announced the project on Reddit, and this is why. I was probably being a little too paranoid but so far everyone I’ve discussed it with thinks it’s a pretty darned good idea. I’ve even seen it suggested that if such a thing could be built it would be “super revolutionary“, “so obviously disruptive“, “a killer app“, and other encouraging adjectives, so protecting the work by keeping my identity hidden seemed wise.

I hope you can see how one might foresake blogging for a bit in order to concentrate on such a project, but I did at least hint at it when I was starting to see some solid first results. I wasn’t just talking out of my ass there.

So since we’re at the part of the story where I’m unveiled as the guy behind the project I might as well call it by its real name: CypherPoker.

Okay, so it’s an online poker game, right? So what?

Well, for starters, it really is quite unique, disruptive, and revolutionary – it’s almost entirely bass-ackwards to the way that online poker currently works.

I’m sure that I’m not giving anything away when I say that most online gaming sites operate under a “client-server” model. This means that they own and operate computers with big internet connections that “serve” game information to the players’  computers or “clients”. In effect, games take place almost entirely on the operators’ computers; clients are used mostly to display the results of the games in a nice way.

This makes sense. You can see how it’d be problematic if the clients (players/peers) were to decide how cards should be dealt – someone would just need to hack the software to enable all sorts of cheating. In the client-server approach hackers would have to get at the servers which is much more difficult (but not impossible).

Players must also trust that operators are being fair and honest, and when they are, that they are able to properly monitor their systems for cheating. This has not always been the case.

With CypherPoker this approach is turned almost entirely on its head and in a way that seems paradoxical. For example, players play directly with each other (a.k.a. peer-to-peer) – no servers are needed.

But didn’t I just finish talking about how problematic it’d be if players were allowed to “deal” each other cards over the internet?

Yeah. In fact, the problem was described much more succinctly in a somewhat obscure MIT paper entitled “Mental Poker“:

Can two potentially dishonest players play a fair game of poker without using any cards … over the phone?

Even though this question seems like a real mind fuck, there’s actually a viable solution to the problem and the authors go on to show you how it’s done.

Because the answer uses math (cryptography), and since we’re no longer living in the Dark Ages, substituting “phone” with “networked computing device” is a simple but necessary step; I ain’t doing the calculations on paper!

Back when “Mental Poker” was still a fresh and new idea, computers just weren’t capable of handling the kinds of computations needed to play a decent game. I remember reading that a card “shuffle” operation in an early Mental Poker implementation required hours of calculation. Can you imagine how long a single game would last? Yikes! Well, it’s 2015 and modern hardware is finally capable of crunching the numbers in a reasonable amount of time.

Paradoxically, visualizing how the game works requires no math skills whatsoever.

First we need to get our hands on 52 identical, peek-proof lock boxes with a miraculous ability to repel any markings (scratches, dents, paints, decals, etc.) In addition we’ll need 52 identical locks with the same miraculous abilities and one master key to open them all. My opponent, you, also has 52 miracle locks and a key to go with them.

Now I start by distributing the cards in my card deck into the boxes – one per – and lock them all. I mix up the boxes for good measure and call Larry’s Super Courier service to deliver them to you. You soon get the boxes and apply your own locks so that now all of the boxes are double-locked. With the way that each box is secured, either lock can come off first. Even though this is easy to achieve using physical lock boxes (just use a big latch), it’s a very important property – we need to be able to add or remove locks in any order for this process to work.

After being mixed up again the 52 double-locked boxes are returned to me.

Since we’re playing Texas Hold’em, I need to select two private (hole) cards for myself so I simply pick two boxes and send them to you. You remove your locks from them so that only my locks remain. When the boxes are returned to me I remove my locks and extract my cards – simple. Notice that even though I locked all the boxes first, I had to unlock these two boxes last – after you removed your locks. Without the ability to add or remove locks in any order this all wouldn’t work.

Of course you need to repeat this process in order to “unlock” other cards, and there are other types of exchanges that are required for a full card game, but that’s the gist of it.

If we use numbers to represent physical cards – 1=Ace of Spades, 2=Two of Spades, etc. – we can use cryptography to “lock” and “unlock” them. As long as the cryptography is “commutative”, or can be applied and removed in any order, we can effectively play a fair game of poker over a telephone. Or maybe over the internet with a computer to do the calculations and display the results.

The “Mental Poker” idea is plenty cool all by itself but if you throw the serendipitous rise of Bitcoin into the mix, the whole thing starts to take on new dimensions. When you add anonymity via something like Tor or I2P to the game and the associated services (for example, introducing random internet players to each other), the possibilities absolutely blossom.

CypherPoker is well beyond the idea stage; the game exists and is available to play today. I spent the time writing versatile and solid code so the game is functional but the user interface sucks. However, now that I can drop the alias I can also drop the hammer so we’ll see about getting that and other shortcomings rectified forthwith.

In addition, I’m going to spend more quality time with TCL and my other blog again, partially to prevent any future fears regarding my freedom and well-being, partially to put my new camera to good use (other one disappeared a while back), but also to document and discuss the project’s progress more closely and regularly now that I don’t have to censor my output. I haven’t found any “Mental Poker” implementations that are as far along as mine so it’s hard to say exactly what lies ahead but that tingly feeling in my gut tells me that it’s probably going to be awesome.

The Toronto Star article opens with this:

The cash-strapped provincial government is banking on a bidding war between Canada’s largest telecommunications companies for its lucrative lottery business.

The lucrative business (why the OLG is selling access to it, obviously), is in the exclusive right to sell the OLG’s products and services through a network of the telecom’s own “specialists”; in other words, to run lottery and gaming operations in Ontario. The two companies currently involved in a bidding war for this are Rogers and Bell. Does this maybe have something to do with the OLG’s unquestioned power to violate privacy laws? Of course the process is fair and open to everyone (with lots and lots of money), so no problems there.

Even better, the government will enforce this private, for-profit monopoly for, obviously, everyone’s benefit.

“The service provider will be responsible for recommending strategies to maximize the growth and success of the lottery business, developing products and marketing plans, operations, and process and cost optimization,” the Crown agency announced in December.

“”It will also serve as a single point of contact for OLG by being responsible for everything subcontractors do and ensuring they deliver on OLG’s modernization requirements,” the corporation said.

“In the future, OLG will continue its role in the conduct, management and oversight of lottery. This includes setting the overall strategy for lottery, managing the market by approving channel strategies and approving products.”

Isn’t that wonderful?

And, because Bell and Rogers are such poor, poor corporations (and because the OLG is itself “cash-strapped”), the Commission will be handing out roughly $750,000 to the winning bidder for the harsh inconvenience of plunking a golden monopoly into their private, for-profit laps (paid for by taxpayers, of course).

Potential new operators will now see up to $650,000 of their costs in making a bid covered by the provincial agency.

OLG will also pay $100,000 of fees that bidders must pay to the Alcohol and Gaming Commission of Ontario to investigate them and ensure they are above board.

You may have heard the term “paywall” — it’s when a web site limits the amount of content that you can see unless you sign up with them for a fee. This typically happens after you’ve viewed a predetermined number of articles, and that number is reset on a daily, weekly, or monthly basis (depending on their setup).

All of Toronto’s major daily newspapers have put up paywalls, including the Toronto Star, Toronto Sun, Globe and Mail, and National Post.

And they’re all just awful.

Much hooplah was made about a developer that bypassed the New York Times paywall a couple of years ago, yet little (if anything), has changed since. David Hayes, the developer who cracked the NYT paywall, claims it took him a lunch hour to write the bookmarklet that bypasses the newspaper’s paywall.

A couple of days ago when Sarah was hitting the Star’s paywall I decided to take a quick look at what would be involved in getting around it. Twenty minuted later I had bypassed the paywalls of all of the above papers, including the New York Times (before I’d read anything on the topic, I should add). It took another 30 minutes to produce a small, generic site script that makes the dewalling process just a little easier and faster.

I’m not blowing my own horn here. I’m no super genius and this “hack” could be accomplished by anyone with rudimentary web development experience. In fact, both Hayes’ code and my own are almost unnecessary; with a few extra steps, you can bypass these paywalls with no extra software or crazy hacking skills. Chances are good that you already know how to do it.

I can see some extra benefit to a utility that would assist in automatically navigating the paywall beyond the first article — so that you could click on the web page links instead of having to load article by article — but this was more of a proof-of-concept thing, and the proven concept is that paywalls are unfortunately simple to defeat.

I’m not currently posting my dewalling code publicly. However, I will detail why this problem exists, and what the papers can do to fix it (if you’re from any of the aforementioned newspapers, feel free to give me a shout).

So Why Are Developers So Dumb?

I don’t think they are :) And to be honest, I totally get why things were done this way.

When a typical web browser grabs the web page you request, it sends out some limited information for the listening web server on the other end. This includes listing the browser’s capabilities (what kinds of content it can handle), specifying what it’s looking for (usually the URL of the web page), and cookies.

The receiving web server has that, plus an IP address, to identify an individual reader over the internet.

The IP isn’t unique to you, it’s unique to your internet connection which may be shared by many devices (like the the internet box thing, a.k.a. residential router, in your home). Browser capabilities can’t be assumed to be unique, again, because of that shared internet connection thing. And cookies can be cleared with the click of a button.

Given these limitations, how are web developers supposed to identify unique readers while ensuring that other legitimate readers can still access the site?

Better to err on the side of caution and just use cookies, sometimes along with IP, rather than accidentally block readers. Paywalls are necessarily leaky.

So What Should They Do?

This is a tough one.

It’s tough because it puts the limitations of technology up against corporate culture and profits.

What this does is really call up the need for reflection on how the papers profit from their content, and to me it’s an all-or-nothing proposition.

One option is for the papers go all-in and make certain articles, sections, features, etc. fully pay-only. That means having to log in to access them, otherwise it’s an excerpt, or some sort of teaser, to the general hoi poloi.

Another, more Zuckerbergian option is to offer access in exchange for personal information. I’m not necessarily averse to this, but it also requires a content lock-down of some sort.

The current paywall solution is somewhere just above both of these, being easily circumventable but still acting as a deterrent to the average web user.

I would gravitate towards the nothing end of the scale with a nag solution where on every X views of an article, the non-subscribed reader receives a temporary pop-over message suggesting that they subscribe. IP address on the server could be used to determine how often to do this — it seems unlikely that shared connections would all be connecting to the same content source, and even so, all it would produce is a nagging reminder that people really do like the content. It’d be sort of like a local rating system with an option to subscribe.

Beyond that, there could be a mild nag every time, for non-subscribed users. This starts to get close to being just plain old fashioned inline advertising, which would be the next solution before nothing at all (full, free access to everything).

Of course, since the papers have full control over their sites, there’s theoretically no limit on how inline advertising could be accomplished. There’s the always classy Toronto Sun wall-to-wall background…

…but if that’s not the newspaper’s style, I’m sure there are other and more elegant approaches.

Ultimately, the decision is whether or not to lock away content. Logins are reliable, which is why they’re so popular. Identifying users without them is inherently unreliable. Either content can be locked away completely, or it should be assumed to be open to everyone. The seemingly in-between paywall solution is actually in the second family by reasons which I’ve explained earlier.

Astute web developers will point out that other mechanisms are available to bypass some of these limitations: Flash shared objects, or persistent browser databases. While these are a step beyond simple cookies, both are easily deleted as part of most modern browers’ cache management. In other words, they’re not much better than anything mentioned so far.

Browsers impose these limits to provide a level of privacy protection, and without requiring readers to manually enter additional information like a username and password, it’s tough if not impossible to pinpoint an individual human being. Without this exactness, any paywall or content blocking system is bound to be flimsy. The solution, at least at the present time, won’t involve technology; it’ll require high-level decisions about what will be locked away from the general public and what won’t.

Well hey there, it’s me again. Listen, I’m just absolutely beat. The project went live but I have one more day before I can throw in the towel. R&R :D Can’t wait.

Unfortunately, TCL is as much a victim of circumstance as I, but at least things seem to be coming to an end. One more day. :D

Oh, and this is what I’ve been working on:

http://www.rolluptherimtowin.com/en/fun.php?showcontest=en

Or, if you speak the other tongue:

http://www.rolluptherimtowin.com/en/fun.php?showcontest=fr

Roll Up The Rim; finally went live on Sunday night. From what I can see, my piece is the only way to enter the contest. A no-pressure kind of first assignment; relaxed in every way.

There’s also a companion site at http://www.everycup.ca/, but luckily I wasn’t involved in that.

You can enter the game after completing the registration form – the information isn’t validated (to the best of my knowledge), so go forth accordingly. But heck, if you want to enter the contest for realsies, be my guest!  And yes, you can get better at the game. I almost got to 5,000; currently 200th on the high score board, though some of those high scores look somewhat dubious. Gonna have a talk with the team about that tomorrow. And then I’ll be back to posting in no time flat! (I promise … I miss it so!)