I'm currently working on a multiplayer game and I really really wanted to do this, but even if it works in principal, it fails in practice.
On step 3, this exchange does not happen exactly at the same time. If I'm playing with someone and we reach step 3, I could intentionaly hold myself from sending my data over, wait for the other player to send their data, and if their data wins against my (unsent) data, then I can simply choose not to send my data over (abort), forcing a tie.
This is easy enough to detect and you could just ban people that do this repetidly, but these people would just create new accounts whenever they get banned.
Hence, a cheater can either force a tie or win.
If you go down the rabbit whole on how you could theoricaly do this exchange fairly, you'll discover that this is provably impossible if you do not control the computational power of all parties (if you did, you could employ a time-locked puzzle with proof of work, for example).
This is known as a fair exchange with a fail-stop or secure-with-abort model.
Yeah blockchain could work as a trustable 3rd party impossible to manipulate. Although I'm not sure there's any blockchain out there capable of handling realtime games, but can work for other types of games for sure.
Maybe there are well known attacks against this scheme. Let's try a naive one.
Conditions first: it's a 6 sides die. I need 1 to win, you need 2. The final number will be the hash of step 4 modulo 6.
Let's try a naive implementation with 1 byte long numbers, no random bits to fill out the unused 5 bits of that byte.
When I receive your hash I compare it with the only 6 possible hashes (micro rainbow table.) I know your number is 4. The possible pairs will be 14, 24, 34, 44, 54, 64 (how we mix the bits of those pairs is deterministic so let's do a simple n*10+m.) If the hash of one pair modulo 6 is 1, I'll give you the hash of the first number of that pair otherwise maybe you cheated and sent me a hash that will at least ensure that I don't win now ;-)
We can add random bits, a lot of them, with the idea of making sure that the time I must spend is a very long one and exceed a timeout. However I must know where your number is in those bits.
Let's say the number is at position 5 and you sent me the hash for 9999499999. I can try to be lucky and find your number by hashing random ones, then try to find a number with a digit <= 6 in its fifth position so that I win and send you that hash.
Occasionally I will be able to generate a good number for me, not all the times.
As a side note, a friend working with inmates told me that when they play backgammon they share the same dice because they don't trust the other player not to have loaded dice. Those dice become a trusted third party. If they are loaded, the distribution is the same for everybody.
Finally, is the random distribution of your method still uniform? I didn't reason about it.
If the random numbers can be 1-6, then yes, it would be trivial to attack. If the numbers are 300 bytes long, then it's impossible to predict.
> "I can try to be lucky and find your number by hashing random ones,"
If we were using sha-256, then you would be very impossibly lucky. There are 2^256 possible hash values for sha-256. It's extremely unlikely, that you would find a collision in the lifetime of the universe.
Here are some things I do to be reliably productive. To be clear, I don't do everything written below everyday (except limiting phonetime). They are tools to stop the downward spiral. Pick what works for you.
- Get StayFree app to limit your fun unproductive screentime. Getting bored is good for you.
- Generally limit things that gives you easy dopamine. It messes with your reward system.
- Clean up your home.
- Get a cheap A4 notebook. Write down stuff you need to do into bubbles all around the page to get them out of your head. Break down complex tasks into simple short defined actions. Connect the bubbles according to the order you want to complete them. Don't overcommit. It should be easy to follow.
- Sport helps
- Sleep and eat well
- Monday is the day when I'm the most productive. It's crucial to get rested during the weekend.
- Drink enough water
- Frontend development is less stressful than backend
- Try Headspace app
I believe it's a good compromise on timezone (8-9 hours is manageable), political stability, safety and reasonable talent pool. You can still relocate people from cheaper countries yo richer ones. You can convince Romanian to move to Germany, but you can't convince German to move to Romania.
The funny thing is, from what I noticed living in both countries, there might be more US companies hiring talent in Romania because of the big local talent pool willing to grind, low corporate taxes, lax regulations and bureaucracy, than they're hiring in Germany
due to the high taxes, strict labor laws and complex bureaucracy. When US companies want to move to EU they usually go for a low-tax, low-bureocracy country, like Netherlands, Luxembourg, or Ireland. I could be wrong, but that's my anecdote.
Dev immigration from Romania to Germany was big 10-20 years ago, but now, most Romanian devs these days, unless they get offers that go above six figures, aren't rushing to move to Germany as most take home dev wages have almost caught up, but the CoL and housing is way cheaper than in Germany. I think the push to remote work since the pandemic really convinced more US companies to double down on hiring remotely in Romania pushing wages up. I think it's similar in Poland.
From what I saw, they open a small office in Germany when they either want to tap some university/research institution or open a big office when they want to bring in (and low-ball) a lot of Indian/Turkish/non-EU devs who's goal is moving to the EU, as Germany is a popular immigration destination for non-EU devs rather than Romania or Eastern Europe which are less desirable immigration destinations (although that does seem to be changing slowly).
> but you can't convince German to move to Romania.
I think nobody is trying, but with the right salary I'd love to. Some acquaintances did something like this: they moved from France to Poland and have a salary that's locally really good. There's more companies that hire like that on the basis that a certain salary gets you further somewhere east.
I was a Cobol developer for a year in 2016 in Prague. It's hard to make a proper market research because the Cobol market is small. My limited point of view is, that it's not worth the stress. There is nothing new to build with it and young developers are there just to replace the old ones and maintain what's left. Even that it's hard to find a Cobol developer, i couldn't find a Cobol position that would pay more than a React developer.
I don't see how government reading through personal messages is gonna protect children. From all the possible solutions, this is the most useless and the most unsecure.
> grooming: manipulative behaviors that the abuser uses to gain access to a potential victim, coerce them to agree to the abuse, and reduce the risk of being caught.
No, it's a retcon. Every kind adult in my life would have retroactively become groomers if they had later molested me. It makes being nice to kids a suspicious act, which is fine for me because kids annoy me, but is not good for kids.
That's why it's followed by specifics (...that the abuser uses to gain access to a potential victim, coerce them to agree to the abuse, and reduce the risk of being caught.)
Of course taking two words out of the statement without context makes it less specific.
I already solved this problem for me. I use graphql code generator (https://www.graphql-code-generator.com/) to generate graphql resolvers on BE and angular services on FE.
I use MongoDB and database models are written in typescript. I want to manage db models separately from the API. With this approach, I'm type-safe from end to end.
Edit: I forgot mobile. Apollo Android client generates schemas from schema and queries. I've never written iOS app, so I can't recommend anything yet.
Same. I paired that with https://typegraphql.com/ (which builds the graphql schema dynamically from the code using buildSchemaSync) and MikroORM (which you can overlap your entities with to remove duplication there) and it was a totally generated solution with full type safety.
A bit crazy complex to setup so many moving pieces, but once it is, it works great.
I had some issues with typegraphql years ago. I tried to split resolvers between modules and it behaved weirdly during unit tests. We also already used graphql-compose at job, so I wrote my own typescript decorator based solution on top of graphql-compose (https://github.com/captain-refactor/graphql-compose-typescri...)
My module worked as expected, and I tried it on my personal projects. Then I realized, how my projects code became confusing and result api was really bad. I abandoned development of the module, because it had flawed design from the start. The code-first approach doesn't really work well and result graphql schema is ugly, which makes it a bad solution. Generating typescript from schema gives better results. When you think about it, it makes sense, because your graphql schema is your applications api blueprint and it should be designed in advance, not generated from the result product. Also when I wrote idiomatic typescript code, it generated bad graphql schema structure. It's hard to create consistent api when it's scattered over many files filled with implementation details.
