Shall We Play A Game?

3/11/2020

David A. Windham

Shall We Play A Game?

After the movie War Games₁came out in 1983, I asked my parents for a computer. We got a Commodore 64₂ that year. It worked out well because my brother and I took over the living room television with it and in return we ended up getting our own little black and white televisions. Then we got another computer, an Apple IIc₃ with a monitor that we set up on a desk in the dining room. I spent some time glued to that little green on green screen trying to figuring out if I could really change my grades like Matthew Broderick did in the movie and solve the game Hitchhikers Guide to the Galaxy₄ .

The reason I thought of this today is because I recently spent a little time IRL playing ‘war games’. One of my servers became the target of a DDOS₅ attack. The IP₆ addresses making the requests were from all over the world and they were making random GET₇ requests all over the place. I noticed it after I discovered one of my web servers, Apache₈, was down. There are all kinds of high scalability ways to avoid this, but this is a personal server and has no real need for them. It took me a bit to get to it because the requests weren’t immediately evident in the logs and I kinda suspected that I had broke a configuration with a recent series of upgrades. This particular server has gone through four major versions of Ubuntu₉ and at least twenty versions of various languages and databases with all kinds of the old configurations and files stashed everywhere. When my wife asked me what I was doing up late on the computer, I used the expression “that this particular machine is like an indestructible 82 Toyota Tercel on steroids” while gathering some tactics to keep it running.

Most of these type of attacks are just automated crap designed to find holes to use your resources, plant malware, spam links, or part of a larger network attack. This is about the fifth time I’ve had to deal with one on a server I manage. The IPs are dynamic and tend to rotate around so good luck going the block route if you still want your software accessible. Whole country level blocks of IP ranges are against my ethos. Occasionally, if I find a bad bot, I’ll block em from the server, but in the case there was no use and the last thing you want to do is motivate a trouble maker. For example, we used a clever solution to stop bad commenters in newspaper websites by allowing them to continue commenting but only showing the comment to the IP they were connecting from. After cranking up some monitoring software to automatically restart the processes when they got overloaded, I rerouted the proxy through Nginx₁₀ to lessen the load and stopped the web server from running out of resources. I waited a day, and sure enough, they were still coming in at about 400-500 connections a minute. I installed mod_evasive and ngx_http_limit_req_module to limit the connections. On day three, the automated requests kept coming in so I decided to start redirecting all of the automated traffic to a page being served by Node.js₁₁ because the concurrency₁₂ is so high and the memory footprint₁₃ is so low. In combination with the other efforts, this drastically lessened the load on my server. It’s this page:

Shall We Play a Game of Chess? — http://chess.davidawindham.com

“How about a nice game of chess?” is a line read by the computer at the end of War Games. It’s when the computer decides that Thermal Nuclear War is a “Strange Game. The Only Winning Move is Not to Play”₁₄. I left my logs up and watched em bounce in and out of that page for fun. Not once did any of those bots decide it was time for nice game of chess. There are some bad bots out there, but these just seemed intent on making as many requests as possible which indicates the intent was just general chaos. I’ll try and speculate what their intent was though. I suspect that the intent is to win a game… although the game in this realm is real. It’s an information war where the victors take the resources. My server isn’t hosting any disagreeable content that I’m aware of, it’s more likely that it’s just been caught in the ‘line of fire’ of a larger bot army. It’s perfect timing with the wild market swings, the oil spat, the coronavirus, and the US election cycle. Most folks have figured out by now that the backlash of the information age is turning out to be and abundance of dis-information. It’s no different than the average search engine or social media bots driving a case for a price. Just like in War Games, the modern ability to out-bot, out-spam, automate, or otherwise disrupt information is being weaponized. I first really caught onto this trend when I published https://davidawindham.com/news-war/ back in 2007. It’s gotten much worse in the sense that it’s now much easier to automate while everyone is glued to their screens.

This type of information war has been going on for eons. Here in South Carolina, our largest newspaper was founded by Narciso Gonzales₁₅ who was shot dead over an information campaign in 1903. Our modern information war is a bit more akin to Matthew Broderick changing his grades in War Games. Many of the earliest prosecuted cases against spam and hacking were simple pump and dump₁₆ stock schemes operated by teenagers. Spam accounts for the vast majority of all email and is a negative externality₁₇, taxing resources just like a DDOS attack. These brute force types of disruption and manipulation are endemic of information technologies. The economic effect of the loss in productivity due to internet is well studied₁₈, but I don’t believe that, as much as we’ve tried to grapple with the disinformation campaigns as they relate to politics, the more lasting effects of a digital information game are not fully understood at this point.

Some political and business strategist take pride in their ability to game the system in one way or another, be it digital or otherwise. Part of me is pessimistic about the ability of people to genuinely seek the truth, knowing our predisposition for cognitive biases, while part of me sympathises with those adhering to the populist rhetoric. For the most part, my concerns center around the actual facts and data and how easy those are to bend. I think that the lack of understanding of information technology is making it easier. Other more serious examples, aside from your relatives forwarding spam, would include how many people are becoming skeptics of science or radical in their belief system based on algorithmic siloing₁₉. I learned at an early age how easy it is to fake data after winning a state science fair competition based on cooked results. The effects of an information war are more vague. Although I’m guilty of gaming the digital system for my own benefit, I’m genuinely concerned about how that is playing out on society as a whole. And while I’m sitting here enjoying winning my little game of bots vs. server, a real life game is playing out just like in War Games. In this case, I would argue that the epistemological₂₀ implications of the information age are upon us and a misguided information war may be hacking our brains into thinking there is a winning move.