One faction known as the Knights of the Button created a Chrome extension called Squire to coordinate button presses in order to keep the timer running for as long as possible.
The craziest thing I've seen so far is that another group known as the Assassins created a fork of that extension that would claim they would press the button, but in fact wouldn't so that the timer would run out.
There are groups sabotaging other groups' code based on their goals for the button.
> username = r.config.logged; // stealing reddit username and sending them to your own server
That seems like a pretty good unique identifier, but I think it could be hashed for privacy.
> socket.on('alert_autoclick', thebutton.click() ); // click the button automatically when your server tells it to
Isn't that the whole point of this extension, to click the button when the server tells your browser to? It seems like you're implying that's a bad thing.
> socket.on('reload', location.reload() ); // reload page when your server asks to inject new code from it
This seems to be the most common JavaScript live updating technique (reload when websocket says so is what grunt watch uses). Again, it seems like you're implying that's not normal.
I spend a few minutes watching the /r/thebutton (non presser) every now and then. My SO said WTF are you doing. I replied that watching the timer was just a valid form of entertainment as watching TV or playing the sims. She gaffawed. Boredom plays a big part in lots of interesting online 'games'? Art thingies? Social experiments? April fools?
The one I go back to over and over is Cookie Clicker (orteil.dashnet.org/cookieclicker/) any time I feel like getting a watch that counts my steps or a Tesco Club Card or any other gamification device -- I play the master of gamification. Or I watch the button, 13 days in and 55, 54, 53, click! Idiot, 59, 58, 57, 56, 55, click! Idiot, 59, 58, 57....
Agree that Cookie Clicker is absolutely fascinating. Two of us in the office, busy and capable people, became competitive bandits for Cookie Clicker. It makes for an almost perfect study in drip-feeding content/upgrades no matter how pointless and mundane.
Hints to me that the Great Filter could well be addictive and selfish behaviour transfixing the instinctive and basic aspects of our minds.
Also Cookie Clicker raises an interesting mathematical problem. I wonder if there is a closed form solution to it, or even a polynomial-time algorithm, or if it's NP-hard.
I posed this question once when I was copying and pasting a pixel to fill a line. Given a time cost of selecting & copying vs pasting, what is the optimal number of pastes before I should select and copy? What if the cost of selecting & copying is a function of the current size of the line? That is what Cookie Clicker raises, but with more kinds of "boosts" and whose costs also increase based on how many you've purchased.
Or perhaps you can also pose it in higher dimensions later (copying and pasting to make 2d squares, or even more complicated shapes).
I wonder if algorithms can be written to compete in Cookie Clicker-type games.
Cookie Clicker really shows how game mechanics by themselves (and boredom or need to take your mind off something) can motivate people to play.
But also, it can be even more addictive if the game would go back to zero after a period of inactivity (like a tamagachi pet "dying" without attention, or a Flappy Bird). Maybe not going back to zero but to some lower "saved" level like Mario.
This is the kind of stuff that makes people see how high a score they can get, for no reason other than the score!
Cookie Clicker has a heavenly chips mechanic, where you essentially reset all progress (except achievements maybe?) in exchange for heavenly chips that give a minor % boost.
What made Cookie Clicker fun for me was automating the whole game. There were little bookmarklets out there that could purchase upgrades at the optimal time, and I had some fun making one for myself. I'd just sit in class and watch my little cookie empire grow.
Didn't finish reading the article, opened up the subreddit and then clicked the button. Wondered why I couldn't click it again and seen the side bar. So impatient. Forever purple.
"You only get one click" or something right next to the button would have been awesome.
That was the point I think. Just a button with no instructions. Do people blindly click a button for no other reason it is in front of them? Without knowing what it does?
It proves my personal theory of trust. If you create something so large and peaceful(ish) that people instinctively trust it, you can get away with anything. What if the button ran something malicious on your machine? What if it permanently deleted your account and banned that username from ever being used again? What if that button permanently banned you from reddit?
These are things no one considered, because reddit is just a big, friendly Lenny.
Wasn't there something posted on HN like 1-2 years ago which basically did the same thing ... it was counting down to zero and someone had to press it to keep it going?
No, it was something else. Someone posted something where people would donate a dollar to keep the counter from going to zero, or just clicking it. I forgot, but someone already did it.
I was just now watching this graph instead of the reddit page (its a little more intriguing for some reason) and I just about flipped out of my chair when out of the corner of my eye I started noticing an orange, then red, then blue bar .. did your backend server lose the websocket, or something, just now? Because frankly that was one of the most exciting things that has happened to me on the Internet in the last 24 hours .. ;)
It connects directly to the reddit's websocket... What you saw was the app not handling onclose/onerror... Which I'll get around to implementing one day.
But even with setInterval set to 1, this won't get called every millisecond, so you can't get accuracy to the second decimal point, not that there's really any need to. (It turns out setInterval has a minimum delay. setTimeout's minimum delay is 4ms and likely setInterval's minimum delay is the same.) Just set this up and leave your computer running for the next few months and you ought to get it eventually.
You can also just listen to the websocket that they are using to update the button (this is without being logged in):
var buttonSocket = new WebSocket("wss://wss.redditmedia.com/thebutton?h=3b85664277e270cfd024faee2cc021a359a8af73&e=1429012932");
buttonSocket.onmessage = function (event) {
console.log(event.data);
}
data is just plain json in the form {"type": "ticking", "payload": {"participants_text": "715,197", "tick_mac": "e2dc885fe4836cad86f9cd7670645871e11401f4", "seconds_left": 50.0, "now_str": "2015-04-13-12-33-44"}}
That lets you know what the seconds are on the server and you can calculate your own ms (it looks like they do it client side too), just remember that timeouts are not guaranteed to fire exactly at the time you set since it's a single thread. Maybe a webworker could come in handy here but the event triggerd by a message would still be subject to delay if something else wanted to run. requestAnimationFrame is another place you could look or if you can scrape together the details you need to send the button press you could run something in node with more accurate timing.
Okay, now if you really want to impress me, pretend you work for reddit and write some code that would catch this kind of script and give it "cheater" flair.
People I think all these "cheater traps" are unimportant, because there's actually no "significant advantage" to using a robot. It isn't going to make you more likely to beat human players, only allow you to stay on there longer at lower cost to you.
This is because two things: 1) the userbase size, and 2) the userbase behaviour.
Because the userbase is so large, there's always going to be some people on there, meaning even with a robot you always have some competition.
So the only thing a robot will allow you to do is potentially have better reaction times than a human, however, this is also invalid when you consider that it's likely people are not trying "hit" a particular countdown number they're "aiming for" but rather simply pressing the button when their "threshold" for waiting any longer is exceeded.
Wit enough people this is probably well modelled by a random process, with clicks coming essentially randomly over time with some weighting to increase the closer you get to zero. So even a "reflex reaction" is not going to outbeat a horde of random clickers. The robot is really only competing with itself, how fast can it check and how fast can it click after determining the person it's working for's risk/reward utility threshold has been crossed?
So having a robot to play for you is not going to allow you to cheat, only to spend your time dong something more constructive for humanity than clicking a button :)
Maybe I'm missing something here, and I still don't see a way to cheat that actually has significant chance of beating others ! :)
> So having a robot to play for you is not going to allow you to cheat, only to spend your time dong something more constructive for humanity than clicking a button
In other words cheating since "normal" players need to spend their time doing that while you can have it on 24/7. I don't understand how you can say it doesn't make you more likely to beat human players. You increase your chances of getting the orange flair by magnitudes.
Consider this, if there's 10 human players you're competing against and they take turns occupying 2.4 hour spots, will those players essentially cover the entire space 24/7?
As far as you are concerned the rest of reddit may be either 10million human players, or 1 million robots, can you tell me who you are playing against? I'd say to you, it's the same.
Now, in a two player tournament, yes, using a robot gives you an advantage because the opponent probably has less stamina than your robot.
But in a competition involving thousands of people, there's really no advantage over any one person because the greatest force on any individual player is the sum of all other players against them, not one player with a robot. Do you think that sounds reasonable?
So the way I see it using a robot is really only a way to make things more comfortable for yourself, just like driving coast to coast is probably more comfortable and likely less time consuming than walking. It's not unfair to walkers, you're not stopping them from walking coast to coast. The only thing that might stop walkers is their stamina.
So while it's true that the reddit case does exhibit scarcity and competition for that (there's only so many click spots per reset), whether people are playing with robots or flesh doesn't make any difference to you, because wherever you are, at whatever time, there's always someone else there with you. It's somewhat ludicrous to think that you will have an advantage if it's all people because say at 2:14 am August 29th, 2015, all 2927 other people are all dozing off just at the same moment that the counter gets to 19 seconds and you push it. I mean, does that sound likely?
Not really, right, because there's always going to be people just alert as you. And robots don't really give you any more grief than people.
It's an interesting argument, and there's probably more to it. I'm sure I'm missing something, and thanks for giving me something to bounce off.
Hey, maybe you can try out a Chrome Ext robot yourself :)
Right, but also you can't try again, and only old accounts can do it. So once your bot fires the button, you're done, the bot isn't ruining it for anyone any more
Another way to think of it is this : there's no orange flair so far, because the pressers haven't let it get below 21. Getting orange is dependent on what the collective does, a robot isn't going to help you beat that, only let you be there when it finally goes down without having to neglect your life in the meantime.
Inside the click handler for the button use `new Error().stack`. You should be able to determine if it's a legitimate event from the stack trace.
Ultimately, though, someone could just use HTTP instead of monkeying about with scripting in the browser. You could only deter this by serving up a new JS file every day that has a new way to e.g. calculate a checksum on the button click. Ultimately people are going to find a way to cheat no matter what you do. If this is a social experiment that is a result, too.
What I'd probably do would be to have the JS in the button capture some user driven events such as mouse positions and click characteristics. If they had great foresight, they could have already been doing this for the previous 700k clicks.
With a reasonably sized observation pool, they could compare subsequent clicks and detect outliers.
I think it would be hard to circumvent since people attempting to reverse engineer wouldn't have the observation pool to know what signals Reddit admins were modeling. The biggest downside I can think of is that there would be some delay before calling out a cheater depending on the reliability of the model.
The client side JS could detect the lack of an event capture payload and warn legitimate users after they unlock but before they click so they wouldn't be flagged due to browser incompatibility or JS restrictions from a security policy or privacy extension.
Monkeypatch setInterval/setTimeout to mark people as cheaters. The more dedicated cheaters will hit the button API outside of the browser, which is pretty hard to stop.
The button presses are communicated over a websocket. You could make your own websocket client and communicate however you want to, such as listening to time updates and sending a click when it reaches a certain treshold.
Monkey patching setTimeout / setInterval would allow you to detect when people were running timers on the page. Use of timers could generally be considered "cheating."
It doesn't do anything to intercept people pushing the button.
window.setTimeout = function setTimeout(fn, ms) {
alert("No you don't, cheater!");
assign_button_color_of_shame();
original_setTimeout(fn, ms);
}
Which is very, very easily worked around by including another version of the original setTimeout in your console code.
The only real way to detect this is through usage pattern analysis and detection on the web socket side, because if you can write something in JS that catches people, someone can make minor modifications to their code to make it work again.
Just to be clear - this wasn't my original idea and nobody should ever put any security code into a client. Even if you could make this work someone could recompile Chrome to work around it.
I've found a way to get access to the original setTimeout again by embedding an iframe into the page and extracting it from there.
Would be interested in hearing other methods of getting a handle to the original setTimeout again.
I guess you could simulate it by using some other mechanism, say firing off an async request to a server that returns after a certain time and running a callback.
var cheaterFunc = function () {
console.error('cheater!');
// report cheater to server somehow...
};
$('*').each(function (i, el) {
if (el instanceof Object) {
Object.defineProperties(el, {
innerHTML: {get: cheaterFunc},
innerText: {get: cheaterFunc}
});
}
});
...and of course to defeat this, you could simply use a tampering proxy to prevent this javascript from making it to the browser.
(There are probably other ways to get the value of each digit with javascript, but you should be able to just add cheaterFunc to each of those. .childNode, change the style to use a custom font where each number has a different, predictable width and test .offsetWidth, etc.)
There isn't much you can do if the "cheating" happens client side, because the cheater has complete control there. At most you can obfuscate it by e.g. rendering the button in a canvas element and/or including a checksum and change the js files frequently like people here mention, but again, that will be just obfuscation, not real security.
Whatever your interval duration is you'll get a "reflex speed" of average double that: Shannon-Nyquist sampling theorem. So if you want to play at a 100ms reaction speed sample every 50ms or less.
How do you know what they really want? Take a closer look at the subreddit and things like an entire class system has developed over which number you get (if you've pressed at all.) Plus, who says the goal is to be the last person who clicks? Maybe the goal is to not click at all!
That's not the correct strategy for keeping the timer alive as long as possible. If everyone did that, then everyone would simultaneously press it the first time it almost-expires, and nobody would remain for the next time it nearly expires.
A better strategy is to pick a random time number that you wait until, biased towards the lower part of the range.
In Ludum Dare 27 (I think), someone made exactly this game. A game with a collective effort to keep "the patient" alive. One player had to press space every 10 seconds or the patient dies. Although every player was allowed to press multiple times.
I think the patient survived for 24 hours or so, which is quite remarkable for the smaller audience. If I remember correctly, this little game even made it into some German online newspaper (probably Spiegel Online).
Unfortunately, I couldn't find the game for reference.
A few months ago I was trying to remember the name of this game. It took me over an hour of searching, but I eventually found it. It's called IMPETUS. Here is a post-portem on the author's site [1], and the original Ludum Dare post [2].
The two games are a little different, but they're similar. In Impetus, everybody cooperates to continue pressing the button, but you can press it as often as you like. There's no per-user tracking or anything like that. Also the timer was 10 seconds instead of 60. It lasted under 12 hours.
If I remember correctly, the patient "died" after the game got too much press, and the server crashed. Instead of rerunning the game, they called it a success. Couldn't find it either, but I did not look too long.
How long until we find out what happens when it reaches 0? Let's be pessimistic and assume that everyone wants to click it. There were 3.4 active accounts on Reddit last month. 700000 have clicked it so far, so there are 2.7 remaining. Assuming an upper bound of clicking it at 1 second remaining, we get ((2700000 users) * (59 seconds/user))/((60 s/min) (60 min/h) (24 h/day)) = 1843 days, or a little more than 5 years. Of course, it will be less than this. I'm not sure what the distribution of click times is, and it will definitely change as more people have clicked.
and doesn't include accounts that were registered before April 1st, but did not log on yesterday. This potentially could be a lot since it is relatively common to have more than one account on reddit.
Yeah, I had a little JS bookmarklet watching it for me for a few days, tracking the lowest number, ready to click when it got to 1 second. Of course, the websocket encountered an error at somepoint mistakenly registering an incorrect timer value and causing my script to click at 50-something seconds :(
It only resets when someone pushes it. It's been getting closer and closer to 0 as the days go by since it started. There are also bots waiting for it to get low so they can snag a low number.
Only that you can track the timer reaching record low values and then the rapid appearance of people with that flair. Multiple people can get the flair from one reset if they're all close enough together so the first yellow button press had about 30 people. It is possible that they're adding false clicks while still allowing it to reach lower values over time, but I guess, why, when watching people do this themselves is so interesting?
I must be old. I don't get it. I mean, I understand what is going on. I don't get why people care. I don't get why people care so much that they are screaming at each other on the internet about it.
I already posted this on /r/button a while ago, but:
"In [the The Robbers Cave Experiment], the experimental subjects—excuse me, 'campers'—were 22 boys between 5th and 6th grade, selected from 22 different schools in Oklahoma City, of stable middle-class Protestant families, doing well in school, median IQ 112. They were as well-adjusted and as similar to each other as the researchers could manage.
"The experiment, conducted in the bewildered aftermath of World War II, was meant to investigate the causes—and possible remedies—of intergroup conflict. How would they spark an intergroup conflict to investigate? Well, the 22 boys were divided into two groups of 11 campers, and—
"—and that turned out to be quite sufficient.
"The researchers' original plans called for the experiment to be conducted in three stages. In Stage 1, each group of campers would settle in, unaware of the other group's existence. Toward the end of Stage 1, the groups would gradually be made aware of each other. In Stage 2, a set of contests and prize competitions would set the two groups at odds.
"They needn't have bothered with Stage 2. There was hostility almost from the moment each group became aware of the other group's existence: They were using our campground, our baseball diamond. On their first meeting, the two groups began hurling insults...."
Quite distressing. Especially considering we've now had several decades of these sorts of stories in the popsci press. You would think people would be more aware of these sorts of issues.
Like, don't people know freemium smartphone games are a scam? I see people who had the same education as me, people I know have read the same psychology textbooks, paying hundreds of dollars to play these games that have no compelling "fun" factor. These games have such shallow verniers over their slot-machine nature that I don't understand why supposedly intelligent, knowledgeable people can't see them for what they are.
I get needing entertainment and I get not spending 100% of your time single-mindedly focused on "business" or whatever. I watch movies, play games, read books, drink in bars, go to sportsball recitals. I'm here, posting on HN. At least with HN I, get practice writing, have my opinions challenged, learn about new and interesting things, and get a chance to share my own work for feedback and traffic. I don't get money out of HN, but I do get real things out of it.
"Fun" is subjective. To the people that play these games, they are fun and they are deriving enjoyment from them. I don't understand why the enjoy it either, but then again, they probably see some of my hobbies and wonder why the fuck I would spend time/money on them.
What is "fun"? It's some state of neurons firing in our brains, or some chemical state. Why do you suggest that watching movies is "real" fun, while pressing a button is not? Don't kid yourself, we are not robots. We are humans, ruled by our chemical states.
Mostly, just for fun, I think. In a way, it's sort of a role-play, with all the different 'factions' on /r/thebutton collectively assigning meaning (in the form of mock religions) to the button itself. I don't think "screaming" is really the vibe- it's playful, because in the absence of any real meaning, any meaning for what a "player" chooses to do (not click, click, click at a certain time) can be almost completely made up.
Look at it like a very simple role-playing game. When you play D&D, your roleplay has to fall within the constructs of the world and the story. In the 'game' of /r/thebutton, though, the only actual 'story elements' are the button, the timer, and the flairs.
How did the admin add interactive HTML to a subreddit? Is this possible for any subreddit, or was this something special organized by the company? The intro post doesn't seem to delve into those details.
Admins (with the red [a] tag beside their name) are Reddit Staffers, mods (with the [m] tag beside their name) are just random redditors that moderate a subreddit.
(* = only shows up if they choose to exercise admin/mod powers when posting)
This is the purest system invented for earning imaginary online social status so far.
Instead of having to make insightful comments to earn imaginary karma points in HN or provide helpful answers on Stack Overflow to earn imaginary badges, with this new system you only have to stare at your screen for a really long time and click a button at just the right time to earn higher status!
How does this work when reddit is down? I probably don't know a more unreliable site than reddit is, so this must have happened plenty of times since April 1st.
It was definitely an ad[0]. But the Reddit subreddit ads I think are excluded from Adblock Plus if you have it set to allow "unobtrusive" ads (which is the default)
Not the button I'm talking about[0]. There must have been ads too, but there was a generic non-ad "Did you press the button" button on the front page in the days following Apr 1[1].
it was announced in a blog post, and has featured many times on /r/all, but if you don't ever read /r/all, you wont have read it.
It was also most likely featured at some point on trending subs. And if you read a hell of a lot of reddit, you'll see it mentioned elsewhere on the site (like in memes, comments etc)
People had that running within an hour. The problem is temporary connectivity issues and so which makes you think its hit that low. There were efforts to track the lowest number seen so far but a common problem was getting artificially low just due to lag.
quick edit: Another top level reply to this post is saying something similar.
Careful, if you lose the connection to the websocket you'll click inadvertently! Also, there's a global variable called "r.thebutton" which has info about the timer already - no need to parse out html elements :)
Edited to take this into account. Now it will only click within an interval, from 15 to 20 seconds. In this way, if it was 0, undef, etc, it would not be clicked, thanks!
AFAIK "cheaters" are just people who used Javascript to defeat the client-side validation and try to click the button more than once. Those extra clicks get caught by additional server-side checks.
function validateClickEvent(e) {
var r = e.target.getBoundingClientRect();
if (e.x >= r.left && e.x <= r.right && e.y >= r.top && e.y <= r.bottom) {
console.log('looks legit');
} else {
console.log('faked click');
}
}
Set this as the click handler. The click method is browser specific, but on Chrome the x/y coordinates on the event will be incorrect. A smarter script could fool this, though.
I don't know much javascript, but that looks extremely error prone to me. How would it behave in different monitor sizes? With zoomed in/out screens? On mobiles, tablets, etc?
And it would still be pretty easy for a cheating script to work cheat your validation!
It's just an example, but zoom should scale both the element coordinates and the mouse coordinates. This sort of validation can be made a lot more elaborate.
The last couple hours I hacked together a chrome ext that notifies you whenever anyone presses the button (oh god) and also can run a robot to press it for you. It works, tho I don't claim there's no bugs.
1. Open JS Console.
2. Copy and paste the following, but don't submit:
var n = {seconds: $("#thebutton-timer").val(),prev_seconds: r.thebutton._msgSecondsLeft,tick_time: r.thebutton._tickTime,tick_mac: r.thebutton._tickMac};
3. Wait for the timer to hit a time you like and hit ENTER to record the timer seconds and tic MAC.
4. Repeat until you're happy with the score.
5. Paste the following into your console and hit ENTER:
$.request("press_button", n, function(e) {
console.log(e)
});
It doesn't always increase by 1, it's just the traffic is quite low right now. In the beginning when it was launched the counter was increasing by around 10 every second, and when it was first entering the 40's, each time it hit 41 it went up by like 5-20 as groups of people were trying to snipe it.
I guess you could use the data from this to determine how the network functions. It's depth, breadth, how quickly messages propagate through the network, who the influencers are and so forth.
Edit: Watching /r/button is interesting... almost makes me wish I had a Reddit account, but there would seem to be no point now as I wouldn't be permitted to push the button.
There was a famous viral online game (OK web page) where visitors had to do this to keep a cute astronaut in a hibernation unit alive. You could hear her heart beat and breathing. She eventually became a skeleton. Felt more personable and engaging than just a button with no character, though.
Do you have anymore details on this game? I can't find anything on it, but it sounds interesting.
I agree that the game you describe is more personable, but /r/thebutton does have an air of mystery going for it. The simple premise has left room for a lot of interpretation. Is it better to press the button, or stay gray? Which colors are the most desirable? What will happen after the timer runs out? etc.
I think that by "community", the author meant the subreddit community of people interested in the button. There are many people with reddit accounts that are still unaware of the button.
Life is a nonsensical activity. 90% of startups are a nonsensical activity, that's why investors spread the money around, 1 in 10 make it? The people in those other 9 companies may as well be watching the button ;)
It highlights the difference between hackernews and reddit. People here are highly motivated and have a goal (fame and fortune). Reddit users are highly motivated, but don't have that goal (entertain me!)
It's a harmless social experiment, and is amusing?
Even disregarding the possible neat conclusions that could be drawn from the dataset regarding group behavior and psychology, what's wrong with doing something silly because it's fun?
You're not actually addressing the question. You talk about "harmless fun", which is a fine argument against "negative highlight", but is not an argument toward "positive highlight".
I'm very curious what Kiro thinks. I hope they clarify and weren't just being hyperbolic.
Harmless fun is one "positive highlight" of the internet which I enjoy. The more general "positive highlight" for me is that the internet allows us to mix work and play/fun together. Most evident every April Fool's as we see serious companies putting out great jokes. I'm confused how others could see this as negative without being against fun all together.
Maybe I'm wrong, but I read "this just highlights some of the negative things about the internet" as a very strong statement. "harmless fun" can disagree with it but is nowhere near the opposite.
I can easily see the position that pressing this button is a horrible skinner box action. It doesn't require being anti-fun. I don't happen to agree, but it's a valid opinion.
What I can't figure out is the true opposite to that position, where it's an amazing consequence of technology. What's the logic there, I'm highly curious! Like, mixing work and play is kind of neat but you can do that anywhere.
Yeah, so I created a reddit post --- to persuade Newbs to NOT press the button until < 25 to maybe give some of us a shot at a good number...and see what's out there! https://www.reddit.com/r/thebutton/comments/32eue3/hey_idiot... If you feel inclined vote it up, so it becomes #1 on the thread and first thing people read.
The craziest thing I've seen so far is that another group known as the Assassins created a fork of that extension that would claim they would press the button, but in fact wouldn't so that the timer would run out.
There are groups sabotaging other groups' code based on their goals for the button.
https://www.reddit.com/r/Knightsofthebutton/comments/31x3c0/...