Slashdot Mirror
Server Based Slots of the Future
prostoalex writes "The slot machines of the future won't be dumb one-armed bandits anymore, CNet reports. New generation of slot machines, to be deployed in major Vegas casinos, will feature server-based gaming with games, new features and, most important, the odds being downloaded from a central server location, not determined by internal machine algorithm any more."
Boy, when's the last time TFA's reporter has been to Las Vegas? My girlfriend and I had real trouble to find a machine that even took quarters, let alone being mechanical.
Ah, there we go! Just quickly change the odds behind the backs of the players so you can reek in more... and market it as "personalized" playing experience. There is no step two...
I won't comment on the moronic reference to DoD encryption "to make it safe"...
I'm not nervous. Casinos make your average government mint look insecure by comparison.
TODO: Something witty here...
I have implemented one of these systems. Many of the newer slot machines have been getting results from a central database for at least a decade. The results typically are generated from a few days to a few weeks in advance, which lets the casino confirm the payout percentages before making the gameset go live.
The way to look at it though is that the Casino does not care if you win big. In fact, the casino likes big jackpots, the bigger the better, because they more than make up for in the the extra attention they get. More attention = More players = More dollars played
They win a certain percent of every dollar played. The more dollars that get played the more they win.
Ah, there we go! Just quickly change the odds behind the backs of the players so you can reek in more... and market it as "personalized" playing experience. There is no step two...
You can't do that, it is illegal, at least in Nevada.
If you would rad up on the subject a bit more, you would see the point of this change is that the casino can compute far in advance the results for every pull of the slot, so that they can know the payout percentages in advance. This way, they can schedule the big jackpots, for instance.
Main point is, they cannot change the odds of machines on the fly - the odds need to be posted.
Well, for one thing, it's a single point for security updates and monitoring. If the slots are basically dumb terminals, the software load can be re-installed regularly to help minimize the window of opportunity for injected code. If it's a normal client/server deal, then there can still be scans for software tampering. Given this is /. and that SuperSAS is an open gaming protocol, I think that the "many eyes" security concept they're using is very practical. We know the casinos will be more than willing to pay for expert programmers to review the code, and that more than one casino would want to have the code checked out (get your resumes ready!).
As for the monitoring the communications, the casinos could use the strongest proven encryption possible and change the keys weekly, daily, or even hourly because they own the entire system. Each machine could even have it's own key, separate of the others (assuming PKI like implementation, the server could reply with a unique key to each node as well). Most people forget that the point of encryption is that the information assumed have been intercepted by a third party, but won't be useful by the time it's cracked. If crackers get to the point they can crack the casino's keys in 1 day, it wouldn't matter if the keys are changed hourly. Before that happened, though, they'd have long been investigating a new algorithm
As for being vulnerable to an inside job, you're right. The hard shell always has a soft, squishy center. Thing is, that's something that will never change. The only thing for them to do is have audits in place to limit the ability for people to aquire the information or access to set up a job like that by themselves. If nothing else, they should be able to do an audit and figure out who was involved after the fact.
"Common sense will be the death of us all"
I think that the casinos are making a big mistake because people go to the casinos to gamble on INDIVIDUAL machines that play one game..(ask yourself, why people all don't drive the same styled cars?).if you look at each machine, they are made to play that game and people like to try to figure out the odds of each type of machine (the odds vary for even the same type of machines by time of day, use etc), the machine manufacturers go to great expense to make a game machine a work of art and something pleasing to use, generic machines are something from a totalitarian state wet dream.
If you replace these machines with a crop of generic mcgambling slot machines, then you take away a big part of casino gambling, if you can't identify each machine (you have 10000 identical "terminals" sitting there, then you might as well play one machine and leave because you have lost a big part of the casino experience.
Why go to a casino if its just a terminal you are playing, the current crop of machines have a personality to them on their payouts, otherwise, go gamble on a lottery ticket or your home computer/cell phone. If people get used to the idea of a generic terminal, then they will see no advantage in trying to figure out the odds.
I bet that this is orchastrated by one big machine manufacturer who wants to replace all the different machines by one "generic terminal" experience...it may make money for the machine manufacturer and the casino can save some small amout of money buying one type of machine, but if people don't find the experience exciting and it boecomes some generic "big brother" downloaded game experience, then the casinos should just close now and soave their money buying the "new, less exciting, generic game machines".
I think that this will actually be more insecure. With a regular "dumb" machine, it's pretty hard to hack it, let alone alter it in any way or report its statistics to some other computer, because casino security is watching the floor. With a main server, even if the code is reviewed, there's got to be some holes. And once there's holes, there's hackers. Imagine a hacker connecting to the free broadband in the hotel room of the casino, hacking into the server, and changing the algorithim slightly and the code to make it so that one machine (and one machine only) spits out full jackpot at a certain amount of time. The hacker walks out of the room, plays the machine, and *bam* he's won.
Plus, the reviewing brings up another interesting scenario - code reviewed by the Nevada gov't will be catalouged somewhere - what if a hacker got into the gov't system and stole the code that way?