Investigation Into Security Director Who Hacked the Lottery Expands

An anonymous reader sends the latest update on Eddie Tipton, the man who worked for the Multi-State Lottery Association who was convicted of rigging a lottery game so he could win a $14 million jackpot. BGR reports: "Not too long ago, Eddie Tipton was convicted of hacking into the Multi-State Lottery Association's computer system in order to rig a nearly $17 million jackpot in Iowa. Now comes word that an investigation into Tipton's hacking activities is expanding to include a number of other states. Thus far, lottery officials from Colorado, Wisconsin and Oklahoma have indicated that Tipton may have also gamed lottery jackpots in their respective states. What makes this saga all the more interesting is that Tipton actually used to work at the Multi-State Lottery Association as a security director. In that capacity, Tipton allegedly installed a rootkit onto his company's computer system that influenced the manner in which 'random' numbers were generated. As a result, Tipton was able to calculate and gain access to winning lotto numbers before their public unveiling. With the numbers in tow, authorities claim that Tipton would reveal the winning numbers to friends who would then buy 'winning' lotto tickets and then collect on big paydays."

Serious question..

[Wovel]

There are states that use a computer to pick their numbers and not balls pushed out by a machine?

Re:Serious question..

The balls are often for show and actually filled up with a known number based on one picked by a computer or are tagged with keys where the door only opens when the appropriate number is going to go through.

Re:Serious question..

[Ecuador]

Not only that, but they seem to license a specific random number generator from a 3rd party, with, apparently no oversight, security etc in place.
I wonder if they pay good money for the generator to be "really" random, not like the pseudo-random crap you usually get with one-liners...

Re:Serious question..

Where did you get that bullshit from?

Re:Serious question..

I wrote my own lottery number picker back in the early 1980s on a TRS80 with 4K ram. It was a pita trimming the code to fit available memory. IIRC it had a RNG with a dataset of numbers 1-52, and an exclusion not to reuse a number if it was already called. It worked well, but never won me the lottery.

Re:Serious question..

[Anonymice]

I call balls on that!

The analogue method with balls shown on live TV isn't done "for show", it's done specifically to prevent the risk of tampering - the exact same reason why we all still vote with pieces of paper & 100s/1000s of people counting them out by hand.
Drawing the numbers beforehand has zero to gain, other than a ton of controversy if something happened to backfire.

Re:Serious question..

What?

How?

Sorry.

Re:Serious question..

[arth1]

Many random routines boil down to trusting the OS, like /dev/random, and just running entropy tests against the data.
This is relatively secure, unless someone has root access to the machine, and can replace /dev/random or the kernel.

It's easy enough to mod the kernel to feed numbers from a list that passes any entropy test, but which is already available.

Re:Serious question..

"not balls pushed out by a machine"

Those have been rigged in the past as well, by weighting certain balls to increase the likelihood that a certain mix of numbers would occur. What I wonder is what idiots are running this stuff on a PC. Just contract out some random number generator circuit boards with identical displays/enclosures to a half dozen or so contractors, get a dozen from each contractor most of which would be locked in a vault somewhere. Set up a secured room/box with a window and place several of the circuit board/displays in a row (or several rows if multiple number combinations are necessary) with a switch outside the window that commands the circuit boards to randomly pick a number. Once a year under the eyes of several officials randomly swap out a few of them in case some of the contractors were less than capable.

Re:Serious question..

[sinij]

Many random routines boil down to trusting the OS, like /dev/random, and just running entropy tests against the data. This is relatively secure, unless someone has root access to the machine, and can replace /dev/random or the kernel.

Alternatively, they can just predict /dev/random output if it contains sufficiently low entropy. You don't need root access for that.

See Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

Re:Serious question..

[plover]

How do you test the circuits? How do you know that Joe's Random Generator is truly random? Tests for random number generators can only ensure they don't hit any known distribution patterns; but as the Dual EC DBRG fiasco showed, even a high quality random number generator can have an invisible back door.

And the number space isn't large enough to take a lot of chances. If Joe and Frank both get their corrupt RNGs in the vault, the number of tickets they have to buy to have a good chance of winning drops dramatically; they could sell their secrets to a gang who uses smurfs to buy the thousands of lottery tickets needed to guarantee a win of tens of millions of dollars.

Re:Serious question..

Dude, No you didn't. That's like 5-10 lines of basic max. Not sure what you had to trim except maybe 3.5K of rem statements you threw in there. Pick a random number, put it in an array, pick another and compare to the values in the array. Hell, you could have even through in an extra 2 lines that picked random numbers in the background until you pressed a key for each number to actually get better "random" numbers from the TRS80. I had to do the same thing with the C64. Random numbers did not seem to be random at all so picking many in a loop waiting for random input from the user at normal times when input was needed was a good time to let the RND generate some.

That being said... random numbers on those machines were not really random at all, at least not comparable to dropping balls in a machine with air blowing them around. For the purposes of things I wrote that needed "random", I could get a little more random by multiplying by the value of time the computer was running which for the C64 was TIME$ I believe.

Re:Serious question..

[eth1]

I wonder if they pay good money for the generator to be "really" random, not like the pseudo-random crap you usually get with one-liners...

They're paying someone to run a lava lamp and webcam in their closet 24/7.

Re:Serious question..

[TWX]

I already run a lava lamp. Where can I sign up to provide this service for a fee?

Re:Serious question..

[sunderland56]

the exact same reason why we all still vote with pieces of paper

I'm afraid I have some bad news for you.

Re:Serious question..

That's the reason multiple companies and multiple units are used with random swaps witnessed/chosen by officials, even if some of the contractors rigged their units they would have no way to know which ones were providing the corrupted numbers (at least for a while, reason for random swaps). Ensuring limited access to the room and the vault would be the trick, and making sure that no one knows which circuit boards are in which of the identical enclosures. But it should be a much easier system to ensure a significant measure of difficulty to corrupt as you would have to swap out significant amounts of hardware instead of hiding a few lines of code among millions.

Re:Serious question..

Okay, you young kids....

Back in the TRS-80 days, arrays weren't invented yet. So everything had to be
done by the (as we olde timers like to say) "long division" technique - go on,
go look it up on your fancy Google thingie.

Plus the fact the we had to go through horrendous QA and UAT before we could
deploy that TRS-80 code in the wild! So, yeah, it wasn't a couple lines of code,
you smart-@ss!

CAP === 'sorted'

Re:Serious question..

TRS-80 level 1 basic supported 1 dimensional static arrays and featured the 3 most informative error messages in computing history (What?, How?, Sorry)

Level 2 was 'full featured' basic.

It would have been 3 lines of code.

I shouldn't remember this crap.

Re:Serious question..

[Ol+Olsoc]

the exact same reason why we all still vote with pieces of paper

I'm afraid I have some bad news for you.

Right States run by Republicans use electroniv voting. Much more reliable results that way.

Re:Serious question..

[AmiMoJo]

You can buy off the shelf hardware random number generators that are certified to meet a high standard of randomness and unpredictability. They are mostly used for generating secure crypto keys but would work for a lottery too.

Considering the large amount of money involved you would think that getting the system as a whole designed properly and audited wouldn't be too much to ask. It's not like it's a unique or even uncommon problem - many countries have lotteries with legally mandated protections and standards in place.

Re:Serious question..

[nickweller]

DOH!!!!!

Re:Serious question..

[arth1]

You can buy off the shelf hardware random number generators that are certified to meet a high standard of randomness and unpredictability. They are mostly used for generating secure crypto keys but would work for a lottery too.

Yes, but how do you know that the random numbers actually come from the random number generating device, and is not substituted on the fly by the device that connects to it?
And how do you know the random number generator doesn't have a built-in exploit, like e.g. if being pulled in a specific time sequence, it switches over to feeding a list of pre-generated random numbers that still pass entropy tests but are known to the programmer who made the device?

Only systems that are built from scratch under monitoring and then sealed are reasonably safe.

Even then, someone might have hacked the compiler, or the compiler used to build the compiler, so even if the source is clean, the resulting binary isn't.

Re:Serious question..

[arth1]

No array is needed, and yes, it's trivial. Here's one unnecesarily BIG example that prints 8 unique numbers between 1 and 52, and it's certainly not anywhere near 4K.

10 RANDOM
20 CLS
30 FOR I = 64 TO 92 STEP 4
40 R = RND(52)
50 S = POINT(R,0)
60 ON S GOTO 40
70 SET(R,S)
80 PRINT R @ I
90 NEXT I
99 END

Re:Serious question..

[AmiMoJo]

Keep reading my comment all the way to the end and you will find your questions were anticipated and answered.

Re:Serious question..

[Razed+By+TV]

Quick mention of the 1980 PA lottery scandal, in which balls were swapped with counterfeit balls.

https://en.wikipedia.org/wiki/...

Re:Serious question..

Dude no. It isn't. The analog method is just as prone to hacking.

http://www.dailymail.co.uk/news/article-3180480/Number-s-bungling-lottery-organisers-Viewers-uproar-winning-ball-Serbian-lottery-appears-screen-drawn-machine-sparking-accusations-fix.html

Re:Serious question..

[arth1]

Legally mandated protections and standards does not ensure that a lottery cannot be manipulated.

If that were the case, casinos around the world would scramble to implement those protections and standards. Instead, they have much higher standards and protections, because they unlike governments know of far more pitfalls, and they still get manipulated from time to time.

Short of a system where the random numbers can be replicated by anyone without any proprietary equipment, but not be predicted, any lottery system can potentially be exploited. No matter how good the safeguards are, there's always someone who can think one step further.

Re: Serious question..

[guruevi]

Balls picked by a machine have a calculatable bias. There are papers on the subject.

Re:Serious question..

[houghi]

They probably saven money and just bought a book in a second hand store that contains a series of random numbers.

Re:Serious question..

Wish I could downvote you, but being anonymous I can't.

You full of shit fuckwit.

Re:Serious question..

[BigZee]

I've bad news for you. Most western countries still use paper ballots. The US is unusual (although probably no unique) for going down the automation route.

Re: Serious question..

Fun read, thanks for that

Re:Serious question..

[Coren22]

Maryland has only this last election been taken over by a Republican governor. You should perhaps rethink your hatred of Republicans, the Democrats are just the same.

Maryland has had electronic voting for as long as I have been voting (late 90s).

Re:Serious question..

[Ol+Olsoc]

Maryland has only this last election been taken over by a Republican governor. You should perhaps rethink your hatred of Republicans, the Democrats are just the same.

Maryland has had electronic voting for as long as I have been voting (late 90s).

So Trump = Clinton?

Sorry, as the Republican Party teeters on the brink of insanity, with a modern day il Duce as the absolute front runner, I don't think your old "They are all the same" meme quite works any more.

Re:Serious question..

random.org background noise.

Re: Serious question..

Even the balls have been hacked. I recall reading about someone who weighted certain balls with paint in order to influence the outcome.

More importantly, why would anyone allow an employee of the Lotto ( in any regard ) to purchase Lotto tickets ? That's an ethics issue just waiting to happen.

Is the rule here to prevent such things, though I suppose you can always bring a 'friend' in to purchase them. Risky though.

Re:Serious question..

[Coren22]

Trump and Clinton both are horrible candidates. Clinton breaks federal law, and just doesn't seem to care. Trump speaks his mind and pisses people off.

Re: Serious question..

yeah, a criminal and someone who speaks his mind and hurts people feelings. Both despicable.

Re:Serious question..

[theArtificial]

666 is referred to as a "Nick Perry" hah.

Re:Serious question..

[OffTheWallSoccer]

How do you test the circuits? How do you know that Joe's Random Generator is truly random?

I work for an SSD manufacturer, and when you want to get your product FIPS (Federal Information Processing Standard) certified, the testing lab will pull several hundred megabytes from your RNG output pin* and conduct some type of analysis on the data. I believe they also asked us what the RNG algorithm was (i.e. something from NIST, etc).

*Our first SoC (system on a chip, ie an ASIC) did not have the RNG signal brought out to an external pin, so we had to have a few parts put through a FIB (Focused Ion Beam) process to expose the internal RNG signal, which the lab could then probe. What a pain in the ass.

Counterpoint

I don't need a lecture on ethics from the frog who rigged the lottery!

How can you rig a lottery?

I'm not sure about the USA but in the UK the lottery is drawn on live TV. This would make hacking it rather difficult. You do see that there are cameras around the machine. Are we saying that it's possible to make that machine pick only the balls that you want it to? Could a computer with imaging software be made to trigger the ball release? If so are all lotteries rigged anyway?

Re:How can you rig a lottery?

[bws111]

The numbers in this particular lottery are drawn by computer. Other games use balls drawn on live TV. Even with the live drawing method, fraud is possible.

Why would you think lotteries are rigged?

Re:How can you rig a lottery?

How are the numbers picked in the UK? Because here in the US there are cases where balls in ball machines have been rigged with weights to increase the chances of certain number combinations.

Re:How can you rig a lottery?

[mikael]

You could easily use post production effects to replace the surface of the balls with the white lettering of the numbers. hey could simply be unmarked balls, then when one gets selected, the number is added. They already use that technology to make adverts multi-lingual by replacing any posters or text in the scene.

Re:How can you rig a lottery?

[Ol+Olsoc]

Why would you think lotteries are rigged?

Why would you think they are not?

Re:How can you rig a lottery?

[dhaen]

This why, in the UK, we have an independent adjudicator. - Of course he could be bribed...

Lawsuit?

[hawguy]

Does this open the hacked lottery to class action lawsuits by people who played the rigged lottery but had no chance of winning?

Re:Lawsuit?

What do you mean? Their odds of winning were identical. Their expected payback, however, would be lower since it would be split with cheaters. So non-cheating winners might have a gripe.

Re:Lawsuit?

Does this open the hacked lottery to class action lawsuits by people who played the rigged lottery but had no chance of winning?

He didn't change the numbers so if they didn't win they wouldn't have won anyway. They still had a chance of winning but had they won they would have had to share the money.

Though if there were any winners that legitimately won, they should sue and get their fair share of the money.

Re:Lawsuit?

Its not like they would have had a better chance of winning with a different fixed random number generator.

Re:Lawsuit?

[Streetlight]

Exactly! Then again, how would you prove you played a lottery and lost? People won't keep a lottery ticket if it didn't win or the cash register receipt for the ticket purchase. The individual states might sue but that wouldn't help those who paid and lost.

Re:Lawsuit?

[AthanasiusKircher]

What do you mean? Their odds of winning were identical. Their expected payback, however, would be lower since it would be split with cheaters. So non-cheating winners might have a gripe.

Well, TFA implies that this guy may have changed the algorithm so he could predict the numbers, and it puts "random" in quotation marks. So it depends on exactly what he did, but if the numbers could be predicted in advance, it's possible he did something that might also alter the odds, which would potentially violate the published odds.

If certain patterns of numbers had a better or worse chance than the published odds due to his tinkering, I'd imagine there might be grounds for a case... but it'd likely be an uphill battle.

Re:Lawsuit?

[twotacocombo]

Their odds of winning were identical.

Wrong. He's accused of manipulating the "random" number generator. If he knew what the winning numbers were going to be, that implies that the pick is no longer random. If you put money on numbers 1 2 3 4 5 and 6, and he knew the winning numbers would be 7 8 9 10 and 11, that means you had a 0% chance of ever winning on that draw, by way of his actions. It's not as if he just played the numbers that were picked truly at random, he somehow steered the outcome of that game to a fixed result.

Re:Lawsuit?

[AmiMoJo]

They had the usual chance of winning, it's just that this guy was able to predict the next set of numbers. They would only have a case if they won the same week as him and got half as much as they otherwise would have.

Re:Lawsuit?

[bws111]

I didn't see what the actual manipulation was, did you? He could have manipulated the RNG so that instead of generating a new number every time it was called it just returned the next of a set of previously generated numbers. If he had access to that set of numbers, which could have been generated perfectly, he would know the winning numbers, and everyone else's chances would be exactly like they were before.

Criminals are stupid.

Smart enough to rig an RNG but dumb enough not to hide the money trail from the absolutely most basic of financial funny business sniff tests.

Giving winning numbers to friends. Fucking. Stupid.

All lottery winnings are directly reported to the IRS. - Who wants to bet one of his dumbshit friends tried to cheat on his/her taxes and triggered and audit investigation?

Can we just drop the lottery already?

[rsilvergun]

Every state that has one uses it to cut taxes on the rich instead of adding to Education budgets (seriously, there's a John Oliver video over on youtube that explains it). It's addictive gambling that often drains the last few dollars from the poor and worse it gives the lower class a false feeling of hope that discourages them from demanding better living conditions. It encourages the downtrodden to think of luck as a skill you work at and view their failure to win as a personal failure. Lotteries are one of the most vile tools for controlling the working class ever devised. How is it nobody but one guy on youtube ever points this out?

Re:Can we just drop the lottery already?

[HornWumpus]

No.

It's the best possible tax. One on people bad at math.

Re:Can we just drop the lottery already?

[onkelonkel]

When Italy first proposed a state run lottery, the Catholic Church pointed out that gambling was a sin. The government replied that lotteries aren't gambling, they are a tax on imbeciles.

Re:Can we just drop the lottery already?

[modi123]

How else are you to get that golden ticket to the upper side, utopia, The Island, or Elysium?

Re:Can we just drop the lottery already?

[HornWumpus]

Good joke. But gambling and drinking are sins that were added by the anti-fun brigade at a much later date. Catholics are fine with both.

Re:Can we just drop the lottery already?

How is it nobody but one guy on youtube ever points this out?

One guy is right, and the rest of the world is wrong. What are the odds of that happening?

Re:Can we just drop the lottery already?

At least they haven't gotten to the point of Orwell's 1984 where there wasn't even a prize.

Re:Can we just drop the lottery already?

[Quirkz]

I'd say people who are bad at music ought to be taxed more than those bad at math, but maybe that's just me.

Re:Can we just drop the lottery already?

Sounds like the bandwagon fallacy to me.

Most people are pretty stupid. "Everyone thinks it is so" is not a good argument for anything but marketing.

Re:Can we just drop the lottery already?

John Oliver ignores key pieces of evidence and spins facts so hard half the thinking viewership has vertigo by the first false-outrage gag.

Re:Can we just drop the lottery already?

No.

It's the best possible tax. One on people bad at math.

Assume The lottery odds are 1 in 292 million of winning the jackpot.
Bob buys 1 ticket.
Alice buys 0 tickets.
How much greater are Bob's chances of winning than Alice's?

Get the point? No? Probably because you suck at basic Math.

I spend approximately $100 a year for the chance that I will never have to work for someone else ever again, and be able to retire to a life of relative luxury. If I don't win, I've lost an amount of money so small as to be insignificant, and that's assuming I also do not ever win any prizes less than the jackpot amount.

For myself, and many others, it's a worthwhile risk to take. If you don't choose to, that's fine with me. But acting like you are somehow smarter or more superior doesn't make you correct, it just makes you an insufferable asshole.

Re:Can we just drop the lottery already?

[HornWumpus]

The people bad at math are being taxed when they try to do math. (see the dude upthread who thinks one lottery ticket is a good idea).

How do we tax people bad a music only when they try to play? Just tax disco, country and rap music acts?

Re:Can we just drop the lottery already?

[HornWumpus]

He's a comic.

I just hope he remains funny, unlike Bill Maher.

Re:Can we just drop the lottery already?

[HornWumpus]

We're all laughing at you, you math genius.

Re:Can we just drop the lottery already?

And why one should be taxed for being bad at math?

Re:Can we just drop the lottery already?

good point that too many "inteligent" and "math savy" people fail to see.

Re:Can we just drop the lottery already?

[HornWumpus]

He would have better odds putting the dollar on the roulette table and just letting it ride to riches.

It's not that gambling has poor returns, it's that there are much MUCH better bets to be made. Including entertainment value of gambling in the picture makes the lottery an even worse bet. No free drinks, no scantily clad waitresses etc

Re:Can we just drop the lottery already?

[HornWumpus]

It's a voluntary tax. If they don't want to pay, they can find a better game to play.

Re:Can we just drop the lottery already?

It's right there in the bible, commandment number 613, "Thou shalt not gamble."

What do you mean there are only ten commandments?

Re:Can we just drop the lottery already?

[AmiMoJo]

Actually, it's a great indicator of people who think they understand maths but in reality have a poor grasp of magnitudes and no appreciation of value.

A lottery ticket is cheap. Buying one doesn't affect my quality of life at all, but gives me some entertainment and excitement. Even if I don't win, it wasn't money wasted, and it's such a small amount that investing it wouldn't be beneficial enough to make me choose that option.

Sure, if I was really poor I'd stop playing. Then again, I'd also own a much cheaper car, cancel Netflix and a bunch of other frivolous stuff I don't really need but enjoy and place value in.

Re:Can we just drop the lottery already?

[penguinoid]

the Catholic Church pointed out that gambling was a sin.

Bingo!

Re:Can we just drop the lottery already?

[penguinoid]

The people bad at math are being taxed when they try to do math.
How do we tax people bad a music only when they try to play?

When they buy overpriced "professional" musical equipment thinking they'll strike it rich as a rock star? Or is that yet another tax on people who are bad at statistics?

Re:Can we just drop the lottery already?

[bws111]

Why would you spend $30 on a steak when $2 hamburgers are available? Why would you spend $1000 on a home entertainment system when you can watch videos on your cell phone? Why would you spend $75 going to a concert when the radio is free? None of these make sense from a purely financial point of view, but people do them because they enjoy it. Tell us what you spend your money on, and we will tell you why you are wrong.

Re:Can we just drop the lottery already?

I understand that playing the lottery is voluntary.
But why do yo refer to it as the "best possible tax"?
If it were because it's voluntary, then I imagine that you would have said so in
the original post.

But instead you says that targets people who is bad at math.
Then it followed my question: why a tax tax for being bad at math is good,
or desirable, or what ever?

Re:Can we just drop the lottery already?

Why would you spend $30 on a steak when $2 hamburgers are available? Why would you spend $1000 on a home entertainment system when you can watch videos on your cell phone? Why would you spend $75 going to a concert when the radio is free? None of these make sense from a purely financial point of view, but people do them because they enjoy it. Tell us what you spend your money on, and we will tell you why you are wrong.

So far, it mostly seems to be on raising children.

Re:Can we just drop the lottery already?

[houghi]

So by not giving money to the schools, they can create more imbeciles. I think we just found step 2.

Re:Can we just drop the lottery already?

Ditto.

Re:Can we just drop the lottery already?

You can save a LOT of money if you don't feed them.

Go look at power ball

[WindBourne]

The numbers are way off on the old system. Since they have switched to a European group running it, the power ball winnings is all over the nation. Prior to that, the winnings were mostly east coast. in fact, Ca with their massive number of citizen should have been one of the top 3 most winning states. Yet, they, like the rest of the western states, won very little. Now, the winnings are running all over the nation like it should of probabilities are correct.

Re:Go look at power ball

[bws111]

What are you talking about? Powerball is run by the Multi State Lottery Association, which is owned and operated by the member state lotteries. 'A European Group' has nothing to do with it, and never has. And CA, 'with its massive number of citizens', didn't even carry Power Ball until April 2013.

Re:Go look at power ball

You are a moron. Powerball uses flying ping pong balls to generate the winning numbers. That is the very definition of random.

Re:Go look at power ball

Exactly, see the problem? There were 0 (zero) CA winners from 1900 to 2013. Clearly, this isn't by a correct application of probabilities! How else can you explain it.....oh wait.....got it.

Re:Go look at power ball

[Amouth]

Not always,

https://news.google.com/newspa...

old but still very relevant.

Re:Go look at power ball

Yep, mod parent up. I remember this because I usually don't play the lottery, but Powerball had a mind-blowing jacckpot one night so I asked about it at a convenience store and found out CA didn't have it.

Obligatory

[s.petry]

The Lottery is a hidden Tax on the Poor.

Re:Obligatory

Its the dumb... not poor.

Re:Obligatory

I wish it was strictly a tax on stupid, gullible people. I love the idea that society can harness the power of stupidity, and divert some of their money from even stupider ideas, like 21" rims and churches. But lotteries mostly claim money from the uneducated and/or despondent; conditions that aren't always self-inflicted. However, since everyone playing the lottery is an adult (by law), it's not our place to be their surrogate parents and say "no lottery for you, you're being irresponsible with the limited money you have."

Re:Obligatory

[Penguinisto]

Actually, it's a tax on people who cannot do math.

I say this because, even though poor folk have more impending reasons to cast their dreams (and money) in that direction, we both know there are well-off people who buy tickets whenever the jackpot goes over a certain amount.

Re:Obligatory

Actually, it's a tax on people who cannot do math.

I see a lot of people (like you) who suck at math make that claim. Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero. I'm not sure what part of Math class you missed to not understand this.

I agree that purchasing more than 1 ticket for something like the Powerball is silly. Because the difference in odds between 1, 2, or even 100 tickets is insignificant. But 1 ticket is still infinitely greater odds than no ticket at all.

Re:Obligatory

[wonkey_monkey]

Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero.

No tickets cost $0. One ticket costs more than $0, and it usually costs more than (prize_money)*(probability of winning the jackpot).

Re:Obligatory

[EdwardFurlong]

I know it seems silly but sometimes I play the lottery. There is a game where sometimes the odds of winning are about one in half a million, if there are no winners a few days in a row, sometimes the jackpot gets to be over half a million. I know that in itself shows how little chance there is of ever winning, but I can at least sort of justify it though math.

Re:Obligatory

[s.petry]

I think it depends on which book you prefer. I happened to be referring to Milton Friedman, but I read the tax on the stupid not long ago in a fantasy book (Pattrick Rothfuss). I still weigh in the favor of what I stated because many people in poverty play the lottery because it's the only way they can see out of poverty. The further people go into poverty the more likely they are to play. It's very easy for the state to appear egalitarian by offering a lottery, but we all see where those education funds we were promised ended up right? I grew up when lotteries were illegal so there was plenty of active discussion. Today there is no such discussion, most places have legal lotteries and people don't think about them at all.

I fully agree that there are plenty of people who are not poor that play the lottery when the pot goes high, but that does not create steady tax for the State. It also does not harm the wealthy nearly as much as the people in poverty.

Obviously people with mod points are ignorant to any discussion on the topic... *sigh*

Re:Obligatory

[ewibble]

I don't think its math just simple logic. You take money in, pay all expenses, take profit, pay a few people out whats left. That is the way a lottery works, its clear that it is not a good deal even without doing the sums.

Those who disagree can send me money now, I promise to return 50% of what I collect to one of you.

Re:Obligatory

[s.petry]

To the person who marked this a "troll", it is not a troll because you can't comprehend content or context. Of course those benefiting from the lottery see this as an attack on their income stream.

Re:Obligatory

[LunaticTippy]

You might not be as good at math, well statistics really, as you think. Imagine a lottery with a $1 Billion jackpot, and chance of winning is 1:100 Million. Statistically each dollar you spend on a ticket would have an average return of $10.

It is more complicated than this. There is the possibility of multiple winning entries, the complicating factor of other prizes besides the entire jackpot, etc.

I haven't bothered doing the statistics on this, but I suspect somebody has. I have the impression that when certain lotteries reach certain prize levels the odds are in players favor.

Re:Obligatory

[TWX]

Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero.

No tickets cost $0. One ticket costs more than $0, and it usually costs more than (prize_money)*(probability of winning the jackpot).

On the other hand, if one ticket costs me the loose change that's been piling up for the last several months and gives me three or four days to daydream while I'm stuck doing an otherwise unpleasant job, so be it. That's $2.00 for three or four days of a greater degree of happiness, and no letdown because I know that I'm not actually going to win.

Re:Obligatory

[HornWumpus]

Generally no. The 'split winnings' factor kills it.

Re:Obligatory

The Lottery is a hidden Tax on the Poor.

So is every sports franchise. What's your point?

Re:Obligatory

Actually, it's a tax on people who cannot do math.

I say this because, even though poor folk have more impending reasons to cast their dreams (and money) in that direction, we both know there are well-off people who buy tickets whenever the jackpot goes over a certain amount.

I'm one of those. I'm well off, but I buy the mega millions tickets whenever I stop at the gas station.
Why? Because it is fun. It costs me almost nothing - a coca-cola a week costs more.

Plus there's a huge difference between having a few million (don't have to work, can live in a good neighborhood and have a second house) and having several tens of millions. As an example,you can have a partner at a top law firm handle all the little speed bumps life has to offer for him, wife and children, and you can call him anytime. And I would like to have a nicer apartment on Manhattan.
There is no possibility that I can get that kind of money other than playing the lottery, and it costs me ~ nothing win or lose.

Re:Obligatory

[Ol+Olsoc]

The Lottery is a hidden Tax on the Poor.

Wow - they called you a Troll? Should be modded +5 insightful. The poor buy a huge number of lottery tickets, and many others are bought by people who are trying to use it as a retirement plan.

Abut around Slashdot these days, the truth is often considered trolling.

Re:Obligatory

[Ol+Olsoc]

Actually, it's a tax on people who cannot do math.

I see a lot of people (like you) who suck at math make that claim. Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero. I'm not sure what part of Math class you missed to not understand this.

I agree that purchasing more than 1 ticket for something like the Powerball is silly. Because the difference in odds between 1, 2, or even 100 tickets is insignificant. But 1 ticket is still infinitely greater odds than no ticket at all.

From what I have seen personally, and the number of tickets some folks I know have purchased, I've done better by putting that money in the bank - even at today's crappy rates. Why? Because even when they do win, it's something small, and they do what with it? That's right, they buy more lottery tickets. So they might sink a couple hundred to maybe have a slim chance of winning 50, then buy 50 dollars worth more tickets, but don't win. So they are out that much, where I still have my original couple hundred dollars, and a half cent interest.

So yeah, I'm never going to win the lottery. Then again most people who play the lottery are never going to win the lottery, even with "infinitely" better chances than me.

The distinction is cute, but darn near meaningless.

Re:Obligatory

I don't understand why do you quote

Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero.

which is correct and then make the following stamentent

No tickets cost $0. One ticket costs more than $0, and it usually costs more than (prize_money)*(probability of winning the jackpot).

This last statement is also correct, but it refers to a different matter.

You CAN'T win the lottery without a ticket.
If you buy a ticket, your expected ROI is negative? YES (at least all the lottery cases that I heard of).

Does it mean that to play the lottery is silly? Well, it depends.
If you see the lottery as an inversion, then it's certainly silly, because, well, the ROI is negative.

But if you have an otherwise negligible amount on money in your budget, and you like the idea of fantasizing with winning
vast sums of money, I can see no harm in playing the lottery. And you may even win (people have won the lottery in the past).

Is that so difficult to understand to math prepared person?

But if you wan't to win the lottery

Re:Obligatory

[chmod+a+x+mojo]

MIT students did, for years as a matter of fact. And that was AFTER they both explained how and asked the lottery board ( who said it was legal ) if they could use the exploit they found. There was a TED talk on it, it was actually quite interesting. I don't remember who it was, but it was an easy to follow, yet informative talk.

Basically what it all boils down to is this: state run lottery gets pretty much the same amount of money if there is a winner or a not since tax / cost of entry on tickets goes to the state ( no matter what, it is taken pre-winnings pool calculations ), and then tax on winnings does as well, it doesn't matter too much if it is taxed on 1-2 big winners or across several smaller winners*.

* multiple smaller winners actually drive sales higher since people see more winners and think they have a higher chance of winning.

Re:Obligatory

[Ol+Olsoc]

On the other hand, if one ticket costs me the loose change that's been piling up for the last several months and gives me three or four days to daydream while I'm stuck doing an otherwise unpleasant job, so be it. That's $2.00 for three or four days of a greater degree of happiness, and no letdown because I know that I'm not actually going to win.

I was listening to a show on NPR recently about gambling.

Here's some excerpts from it. http://www.npr.org/2015/09/29/...

They spoke about different people, and why some go on ot become gambling addicts, while others do not.

It turns out that for some people such as myself, if we don't win, we get not enjoyment from it. This would seem correct to me, as in my one experience with gambling was tears ago on a return trip from the West coast, where my wife and I stayed a couple nights in Las Vegas. I tried out the slot machines, won a little then lost it. I figure I lost a total of 50 cents in the end.

But I lost it, and came out with a little less money. No happieness there for me, no real emotional content at all.

Sot some other folks would have been all excited about the initial winning, then disregarded the eventual loss. Seems different folks might be wired a little differently.

But in the studies done, they had people getting the happy reaction even if they almost won. Missing one number on the lottery ticket or one fruit on a slot machine actually makes them feel as good as if they had won.

Whereas for me, it just annoyed me a little.

Re:Obligatory

[Ol+Olsoc]

Obviously people with mod points are ignorant to any discussion on the topic... *sigh*

Probably people with gambling addictions, or pissed because Draft Kings and Fanduel was banned in New York.

Re:Obligatory

[l0n3s0m3phr34k]

The Lottery is a tax on people who don't understand statistics.

Re:Obligatory

[l0n3s0m3phr34k]

Or having billions, and dreaming of nuking Mars....

Re:Obligatory

Or having billions, and dreaming of nuking Mars....

Oh, wow. That's a great idea just for the fun factor if nothing else. I doubt he's interested in terraforming Mars - he's figured out a way to get some nukes and set them off. Who wouldn't go for that?
We don't need Elon, though. Kickstarter all the way!

Re:Obligatory

[fred911]

No, it's a tax on people that failed math.

Re:Obligatory

[clovis]

Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero.

No tickets cost $0. One ticket costs more than $0, and it usually costs more than (prize_money)*(probability of winning the jackpot).

There's more to it than just (prize_money)*(probability of winning the jackpot) is less than the cost of a ticket.

The costs of a weekly lottery ticket over your entire life is still a low number. $52 * 100 years = $5,200. That's peanuts. It may even be less than I have actually spent on peanuts so far in my life counting the wife and kids.

It is a game and there are TWO payouts.
The first is, you're playing a game and you have fun. That is a payout.
The second is the money you get if you win. The payoff is much much larger than you can get any other way - you cannot make that much money by investing $5200. Even Madoff didn't promise that large a return. So the usual rules of ROI don't apply here.

Re:Obligatory

[tlhIngan]

I know it seems silly but sometimes I play the lottery. There is a game where sometimes the odds of winning are about one in half a million, if there are no winners a few days in a row, sometimes the jackpot gets to be over half a million. I know that in itself shows how little chance there is of ever winning, but I can at least sort of justify it though math.

Well, you can justify buying ONE ticket. Just one. Because it's a sort of entertainment - you bought the ticket, then you spent hours dreaming what you would do with the money if you won it.

But that's only good for ONE ticket. Any more and the entertainment value's the same.

Same with the scratch and wins - I'd say they were the original "app" to be used when you had a few minutes to spare then you'd take them out and occupy yourself while you wait. Of course, this presumes you got the nicer ones where you do stuff and not merely one that you scratch off a box and try to find 3 matches.

That's it. Gambling is where you play with the expectation of winning. This is more of a game,

That said, I don't do the lottery by myself anymore - costs too much m oney. Instead, I play with a lottery pool - because now you have people to talk with about it.

Seems stupid, but you can kill a lot of time talking about your "winnings", so there's an entertainment factor.

Re:Obligatory

[KGIII]

I dunno... I started out with a $5000 grant, my last check for living costs from the GI Bill, a buddy's apartment, and a loaned computer.

Well, and a contract with most of the work already done but I'm gonna pretend that part didn't exist.

I am 58 and have been retired for just about 8 years now, slightly less.

Re:Obligatory

[tehcyder]

they had people getting the happy reaction even if they almost won. Missing one number on the lottery ticket or one fruit on a slot machine actually makes them feel as good as if they had won

That is certainly counter-intuitive. Personally, I would feel a lot happier winning $10 million than not. I guess I'm also not a proper gambler then.

Re:Obligatory

[Coren22]

This would seem correct to me, as in my one experience with gambling was tears ago

That was a funny typo. Gambling can lead to tears.

Re:Obligatory

[Penguinisto]

Actually, it's a tax on people who cannot do math.

I see a lot of people (like you) who suck at math make that claim. Your odds of winning with no ticket are exactly zero. Your odds with 1 ticket are greater than zero.

You forget ROI, which is why your assertion fails. No tickets and no winnings costs me $0.00 One ticket and no winnings costs me $2, with no ROI. Multiple tickets with no winnings is $2 * n, again with no ROI. Powerball's absolute best odds are at 1:55.41 , which means that one would need to purchase at least $112 in tickets to even halfway hope for (but obviously not guarantee) a return of any kind, and that's just for a $4.00 ROI at minimum - if you're sufficiently lucky.

Of course, you could defy all odds and win $$millions on just one $2 ticket, but the odds are stacked way too far against that happening on anything approaching a predictable basis.

Certainly there's entertainment value in it (one can always dream), but that's nothing to do with mathematics: the odds are still stacked against you, and the only consistent winner of the game is the government, hence a 'tax'.

Meanwhile, here's something else to consider: the typical ticket buyer is usually well below what one would call 'middle class' in income, which means that each dollar spent means a lot more to that person, and that income can ill-afford to be wasted on such an endeavor. As a younger man, I've lived under the poverty line, and I can attest to the fact that $2 (or back then, $1) was often the difference between, say, paying rent on time or not. Would that $1 have made me a multi-millionaire? Most likely not, so why the hell would I risk homelessness on such long-assed odds? Given the results of my frugality back then, I'm doing a whole hell of a lot better now when it comes to income - enough that my wife no longer has to work, we live comfortably, and my daughter currently goes to college w/o her or myself having to take on any debt in order to make that happen. This makes me a hell of a lot happier than any desperate dreaming of some Robin Leach inspired lifestyle ever could.

Re:Obligatory

[Penguinisto]

The second is the money you get if you win. The payoff is much much larger than you can get any other way - you cannot make that much money by investing $5200. Even Madoff didn't promise that large a return. So the usual rules of ROI don't apply here.

Dunno... I spent something like that amount on a few classes back in the early 90's to get more acquainted with the whole sysadmin thing, and 20+ years later, I'm making a far more comfortable salary than I would have made than if I had stuck with being an EE - I'm guessing at least twice the income.

Re:Obligatory

When the lottery is very big I buy 2 tickets with the same number. That way if someone else also wins I get 2/3 of the prize.

Re:Obligatory

[clovis]

I dunno... I started out with a $5000 grant, my last check for living costs from the GI Bill, a buddy's apartment, and a loaned computer.

Well, and a contract with most of the work already done but I'm gonna pretend that part didn't exist.

I am 58 and have been retired for just about 8 years now, slightly less.

Sigh.
I knew that someone would say something along the lines of "look at meeeee, I did it without the lottery".

Yes, most people who have done well did it without lottery winnings, but their wealth didn't come from an single investment such as college education or $5,000, it came from a few decades of hard work and being born with a very good brain. I suspect yours came the same way. I do not accept the implied assertion that your wealth came from the $5,000 investment.
Being born with a good brain isn't an option. It not something you can ask for or change later though hard work. It's luck just as much as winning the lottery.
And if you were born on the wrong side of the slope, you don't have that option. Those people may be dumb, but they do know what their limitations are.

Re:Obligatory

[KGIII]

LOL Mine was kind of luck. I didn't work any harder than anyone else really. Or, more accurately, people who are far less fortunate worked harder than I ever have.

Also, I knew what you meant which is why I added the caveat. Though I must emphasize, it was largely due to dumb luck. I was in the right place, at the right time, and able to take the risk.

Re:Obligatory

[almechist]

But in the studies done, they had people getting the happy reaction even if they almost won. Missing one number on the lottery ticket or one fruit on a slot machine actually makes them feel as good as if they had won.

Casinos know all this and they definitely use it. I used to go to the casino with a friend of mine who really liked playing the video slots. Some of these machines were billed as quarter slots, but certain combinations would only pay out if the player has put 2 or even 3 quarters into the machine for that play. I could never get my friend to understand that when those special multi-coin only combinations came up, invariably when my friend had only put in a single quarter, it did not necessarily mean that he would have won big if only, oh if only, he had played the full 75 cents. The machine knows exactly how many coins you put in it, and if you play a single quarter it will frequently pump out those multi-coin-only winning combinations precisely to get you to think that you would have won big if you had played for more. The casinos know a million tricks like this to help part the innumerate from their money. These places know all about the psychology and neurophysiology of gambling, they never miss a trick.

Re: Obligatory

easy to say "gambling sucks I only bet $20 in my weekend in vegas" until you put $2 in a slot machine and win $4,500.

then you're really in trouble because you know you can win big, it's not just a vague possibility. They got you, it's like crack cocaine.

Re: Obligatory

[TWX]

easy to say "gambling sucks I only bet $20 in my weekend in vegas" until you put $2 in a slot machine and win $4,500.

then you're really in trouble because you know you can win big, it's not just a vague possibility. They got you, it's like crack cocaine.

And that's why I'm willing to play the big lottery for $2.00 a couple of times a year, but why I don't play slot machines, video gambling machines, card games, or dice games. A couple of times a year I waste less money than the cost of a soft drink at a restaurant, and because the duration to reach the drawing from the buy-in is several days, I don't get to stimulate those parts of the brain with an instant response such that I do it again right away.

Re:Obligatory

[clovis]

LOL Mine was kind of luck. I didn't work any harder than anyone else really. Or, more accurately, people who are far less fortunate worked harder than I ever have.

Also, I knew what you meant which is why I added the caveat. Though I must emphasize, it was largely due to dumb luck. I was in the right place, at the right time, and able to take the risk.

Heh, you have the kind of luck that comes from having your eyes open.

I imagine some ancient greeks talking about it.
student: He is so lucky. He never gets tripped up by life. Why do the gods favor him so and not us?
teacher: Instead of complaining to the gods about KG, ask yourself why you walk around looking at the sky instead of the road.

Re:Obligatory

[KGIII]

That's an interesting view. I'd never pictured anything from Ancient Greece, it makes sense to me. I may borrow that. ;-) Meh, I'm bored - I'll type some more out for you.

But, yes... I've always been willing to take long odds if the payout is high enough and the chance of success was reasonable - relative to the risk. I was still working on my thesis when I got my first contract and the penalty for missing that contract would have meant that I was in debt forever and that I'd probably have missed my chance at remaining in academia.

My advisor put me in touch with someone in the Mass. Dept. of Transportation. I needed not just the data they had but permission to collect more. It turned out, they were quite interested in what I was doing up there in Cambridge. (Around 1990.) I'd showed them my preliminary results, while writing up the paper, and that I was able to accurately model the traffic and make predictions and that, with some changes, their throughput could be increased as well as safety improvements made.

By the time I was done, I had a contract ready in RI and then NY and pretty soon I was down in GA and headquartered in NC. I finalized the sale of my company in early 2008. Eventually, I added modeling pedestrian traffic which is actually quite lucrative. They really want you to walk a certain path in a department or grocery store, for example. (That and modeling traffic in emergencies for even some outdoor events, things like that.) But I did it, "on a computer."

And that's the rest of the story. That's really all there is to it. I don't even *like* mathematics, I'm just good at it so I figured I'd be a tenured professor, driving an old Saab, and working at an old university somewhere in New England. Yes, I worked hard. I lived in my office on four hours of sleep for years. But I didn't have employees in the traditional sense. I had people who worked *with* me. I sure as hell didn't do it on my own. In fact, I'd dare say that, irrespective of my bank account balance, I'm rather ordinary.

In the end we had five offices and a little over 200 people employed. I got a phone call asking if I'd be willing to consider a sales offer over lunch. I figured that I'd amuse myself and get a free lunch. The now-parent company is almost a household name. While it's public information and easy enough to find, they do almost nothing but provide government services really. They supply food, logistics, sometime manpower, and even have their hand in with some defense contracts. I knew that we'd accumulated some value and a lot of assets (compute cycles are expensive when you're modeling stuff) but I was a bit weirded out by the numbers they offered. Obviously, I took the offer with some caveats about keeping the people who worked with me or offering severance packages that equaled five years in wages.

They've now got one of those newfangled things called a "human resource department" and I guess they even have stuff like assigned parking. Heh... Most of them still work there including a few that, I'm pretty sure, don't actually need to work. I was able to give giant bonuses when I sold so the ones who had been with me since the start probably don't actually have to work. It seemed the right thing to do and I had it structured ahead of the sale so that I could avoid paying taxes on those bonuses 'cause, well, that was an insane tax bill.

Anyhow, that's quite a novella. Yes, yes I am bored. My kids are getting my girlfriend drunk and teasing me because she's younger than both of them. I'm hiding upstairs. Ho ho ho... *sighs* Ah well, that's the gist of the story if you're curious. There have been times in the past where I've eaten Ramen noodles or boxed macaroni and cheese. I'm not stupid enough to forget those days.

Re:Obligatory

Find money, then hand it over for a ticket, knowing it's a loser, then lose as expected. Sounds more like paying taxes that don't need to be paid and can't be refunded than something to somehow be happy over. Certainly not the sort of occasion for daydreaming I would ever care for...

Re:Obligatory

[clovis]

Bored, huh?
I've been reading this guy off and on over the last few months. It's from around AD 120, who knows for sure.
https://archive.org/stream/mor...
Elizabeth Carter did the translation in 1758; they had a fondness for long sentences with many commas back then.
The Rufus he often refers to was Epictetus's teacher.

In this one, I like #25 - it gave me a different (more tolerable) view of butt-kissers, and this is from Hadrian's time.
http://classics.mit.edu/Epicte...

Re:Obligatory

[KGIII]

Thanks! That's really neat. I'm a Secular Buddhist (not a damned monk!) and it's interesting to note the parallels. I've read some Socrates, Plato, etc... I'm unfamiliar with this one and will have to spend more time with it. I'll probably treat them as koans and meditate on them. (It needn't be a question to be a koan.) #25 makes me think of The Prisoner's Dilemma, albeit a slightly different aspect, as if viewing it from a third party view. I think, perhaps, I'll ponder that one first.

It took me a minute but I found the download link for that one and then I went to download the plain text file and didn't like it so I remember that I'd set my browser up to enable mhtml files (single file - whole page) and I saved that. Much thanks and I'm hoping I will learn something new. From a quick scan, there are some interesting parallels between what I'm reading there and similar to some of what I'd expect to hear on refuge or whatnot.

Again, much thanks! Hmm... While certainly not as valuable, and you may already be familiar with them, I can think of no more appropriate response than to offer this:
http://catb.org/esr/writings/u...

Navigation is the funny looking squiggles in the top right and left.

Shocked!!

Next you're going to tell us that elections have been decided by individuals involved with the implementation of electronic voting machines.
I assure you I will be totally shocked when that announcement is made. Shocked!!

Re:Go look at power ball: CA Super Lotto

[BoRegardless]

It has been seen by me that the CA Supper Lotto "Mega Number" on machine picked numbers at a given location are not random. The numbers I see are almost always from 1 - 15 when the machine picks them.

My personal best guess is that the CA system thus tweaks the majority of winners to geographic locations that they want to favor, because they get larger amounts of earnings from those geographic locations.

It is a racket just like anything the mob runs.

Nothing is Truely Random on a Computer

[sycodon]

If a computer picks the numbers, it can be rigged.

Better would be to come up with an equation that would take a dynamic natural phenomenon, such as so,e kind solar measurement.or some other naturally occurring and dynamic process in nature, and use that. Or, at the very least have the seed for the random number generator taken from a natural process

Re:Nothing is Truely Random on a Computer

such as some kind solar measurement.or some other naturally occurring and dynamic process in nature

Thus begins the search for entropy. Problem is that you have to measure natural phenomena, and the measuring can be manipulated.

Re:Nothing is Truely Random on a Computer

[Joe_Dragon]

there are ways around that like haveing 4-5 systems (Can just be basic desktops) and some kind of ball / wheel to pick the system to use.

Re:Nothing is Truely Random on a Computer

come up with an equation that would take a dynamic natural phenomenon, such as so,e kind solar measurement.or some other naturally occurring and dynamic process in nature

According to random.org, they offer "true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs."

Re:Nothing is Truely Random on a Computer

[Ol+Olsoc]

If a computer picks the numbers, it can be rigged.

Better would be to come up with an equation that would take a dynamic natural phenomenon, such as so,e kind solar measurement.or some other naturally occurring and dynamic process in nature, and use that. Or, at the very least have the seed for the random number generator taken from a natural process

Because that would be science.

You think many lottery players would believe in science?

Re:Nothing is Truely Random on a Computer

You're trying to sound smart but are conflating many things in different processes all in the same stream of thought that it's rather pathetic.

Learn to spell truly.

I wonder...

[NEDHead]

Is it too late to 'Friend' this guy on Facebook?

Re:Go look at power ball: CA Super Lotto

Wow, two conspiracy theories in one post! Good job!

Also, someone with your obviously high level of intelligence is probably confusing Mega Millions with the 'Supper' Lotto (WTF is that, a pile of leftovers?) The Mega Ball is ALWAYS from 1-15.

Catholics and gambling . . .

[Latent+Heat]

B32!

Re:Catholics and gambling . . .

[wonkey_monkey]

Uh... you sunk my battleship?

Re:Catholics and gambling . . .

[HornWumpus]

I think he's trying a bingo joke.

Which is unfortunate. The last funny bingo joke was in flying circus "howsy, howsy'.

Re:Catholics and gambling . . .

[Ol+Olsoc]

Uh... you sunk my battleship?

No - Bingo! The Catholic official sport!

Re:Catholics and gambling . . .

[KGIII]

Never, ever, play the house. You can gamble and you can win but you can't beat the house (easily and with your kneecaps intact). Play the table games vs. other players. I've got a spare small ranch in Henderson and I'm kind of thinking of heading there next if I don't go back home. I'll probably go take some money from the tourists who are exceedingly bad at math and don't understand odds at all.

Re:Catholics and gambling . . .

No - Bingo! The Catholic official sport!

Perhaps you're thinking of Vatican Roulette?

Implementation details...

[DrYak]

Alternatively, they can just predict /dev/random output if it contains sufficiently low entropy. You don't need root access for that.

No you can't, you're mixing things a bit up. /dev/random - in most implementation is of the *blocking* variety. I will never let the entropy go low enough. If there isn't enough entropy, the device will simply block until enough entropy has been gathered.
(Because of these pauses, it might be a performance bottleneck), that's why most implementations also offer... /dev/urandom - which is the *unblocked* one. It will always spits out random numbers, no matter what the current state of the entropy pool is. If gets too low, you're basically just having a CPRNG (a cryptographic *pseudo*-random number generator). It might look random, but if you collect enough data, you can guess the internal state of the generator and predict the next number.

The problem is that, for performance reason, lots of people tend to use the second one, even for situation where this is a bad idea. Like generating the random numbers needed for a cryptographic key.

See Mining Your Ps and Qs: Detection of

Widespread Weak Keys in Network Devices

Linux is one of the unix-like system that implements these kind of split random/urandom duality.
Linux is also incredibly popular on embed device.
Embed devices tend to have *not that much* sources of entropy (e.g.: no harddrive and input devices with chaotic timing)
Gathering enough entropy for the critical process would take time.

But several implementation use urandom (on the grounds that nobody wants to wait 30 minute after turning an appliance now. They want to push the button and the device imediatly tunring on and being operationnal).
Which is a BAD IDEA(tm) for cryptography.

The good idea would have been: defer the generation of keys as late as possible, e.g.: right before they are actually needed for the first time. By then some entropy (network timings, etc...) could have been generated.

Re:Implementation details...

[hawguy]

Alternatively, they can just predict /dev/random output if it contains sufficiently low entropy. You don't need root access for that.

No you can't, you're mixing things a bit up. /dev/random - in most implementation is of the *blocking* variety. I will never let the entropy go low enough. If there isn't enough entropy, the device will simply block until enough entropy has been gathered.

But only if /dev/random's judge of entropy is correct, if the machine is running in a VM, its environment could be manipulated to make it *think* it has sufficient entropy even if it's not "real" entropy.

Re:Implementation details...

[arth1]

Or /dev/random might be a link to another device that acts differently, or the kernel might be compromised and switch the output from /dev/random to a pregenerated list that passes entropy tests but is known, or the file system driver might interface your open() call with a different program if the calling process has one specific name and tries to open /dev/random, or the compiler you build your polling software with might be compromised and substitute parts of specific code, or any of hundreds of other possible exploits.

You have to trust the entire system you run it on, and that is not always an easy thing to do. Even a sealed system can be compromised before it was sealed in a way that is non-trivial to discover. Even if it runs on batteries and all it has is a single big button for triggering a new random number, that can be enough to trigger dormant exploits.

Independently verifiable random number generators are possible, but not easy to implement. Measuring unpredictable cosmic activity that give the same results for all observers on earth, and take non-significant digits from the measurements is one way. Then an independent observer using completely different hardware and software can verify the results.

But trusting systems that aren't built from scratch is never going to be secure, whether it's wooden balls or hardware-assisted software.

Re:Implementation details...

[sinij]

No you can't, you're mixing things a bit up. /dev/random - in most implementation is of the *blocking* variety. I will never let the entropy go low enough. If there isn't enough entropy, the device will simply block until enough entropy has been gathered.

While for most cases you are correct, Linux heuristic estimator function is dated and does not always work. For example, you can't rely on Disk I/O for entropy if you are using SSD. In such cases estimation function would fail by over-estimating entropy and system would not correctly block at low-entropy conditions. This is because when it was written disk drives with their variable seek time were the norm.

Another consideration, is that you might think you are using /dev/random, but in reality have system fall-back to /dev/urandom in low entropy conditions. Modern OpenSSL does this unless you explicitly configure it to not do this.

Confused

... calculate and gain access to winning lotto numbers ...

If he can calculate the winning numbers, it's not a random selection of numbers. If he can gain access: Why was physical access unlogged and unsupervised? Alternatively, why was this connected to a network? This sort of software should be running on a pocket calculator, or first generation e-tablet.

vote

[Smiddi]

Im sure glad nothing like this would ever happen to voting machines

From a lottery clerk...

[Dusthead+Jr.]

I work retail and operated a lottery machine. I've seen all types of people, some play for fun but most play with a seriousness that one would for working a job. A lot of folks have their "system" and they stick to it. Never mind that they lose 99 times that 100th time that they won means their system is flawless. And then there are the people who think the lotto is a scam, but play anyway. I liken these folk to people who go to a used car dealer who sells but somehow will slip up an sell a good car.

Re:From a lottery clerk...

[bws111]

That is a stupid likening. The lottery is random, used car sales are not. I play the lottery when the jackpot is getting up there, say $80M or so. Do I think I am going win? Certainly not. But I know for certain that I definitely won't win if I don't buy a ticket. The loss of a few dollars means nothing, but a win of $80M is a life changing event. So for a few bucks I get to spend a little time fantasizing about having that money. In other words, it is a couple bucks spent on entertainment. Why don't you tell us what you spend your entertainment dollar on, so we can say how stupid you are?

Re:From a lottery clerk...

[Dusthead+Jr.]

I never referred to playing the lottery in and of itself as stupid, nor the people who play it, in general (although there are people who to get a little carried away with it.) My likening was with the lottery players who themselves consider the game a scam, yet continue to play it. I've seen people convinced that "their" number was supposed to come out because their system said it would and the lottery tricked them somehow. Yet they keep playing, hoping that the lottery will trip up and produce their number. Normal folks just brush off a loss as a loss and move on.

Re:From a lottery clerk...

[bws111]

Ah, I thought you meant the people who thought it was a scam were the normal people who know they have no real chance of winning but keep playing. Sorry.

So is Stewart...

[denzacar]

Difference is Stewart knows what's getting laughs from pandering to the audience and what you need to do to get laughs from parodying.

He goes up against his own preconceptions when constructing a joke.
Oliver follows his own preconceptions.

It's not just people bad at math

[rsilvergun]

it's the poor and disadvantaged... We're taking advantage of people who are really vulnerable already. Hell, some of them might know the odds but can't help themselves. Gambling is addictive...

gonna be fun at trial

[superwiz]

So your friend worked for lottery security and he told you the numbers and that's how you won the lottery...

Ummm... what? I did win the lottery. And my friend did tell me the numbers. But he told me BEFORE the numbers were picked.

Yeah, that's what we are saying

So why am I on trial.

Because your friend worked for lottery security and he told you the numbers and that's how you won the lottery...

Oh, boy.

Tax?

[gloryhallelujah]

It's only a tax on the stupid if you don't know what a tax is. Taxes are imposed.

Eddie Tipton, Director of Information Security

His profile was already removed from their site in January of 2015, good we have the Wayback machine, don't forget to donate.

http://web.archive.org/web/20141218171155/http://www.musl.com/musl_staff.html

Eddie Tipton, Director of Information Security

As Director of Security, Eddie is responsible for evaluating and providing direction on the security infrastructures within current and future member lottery operations. He additionally provides application design and support services for MUSL-sponsored projects. Prior to joining MUSL, Eddie was the Executive Vice President and a Partner at Systems Evolution Incorporated where he was responsible for LAN Management Security and Outsourcing, Network Operations, and Hosting. He brings 20 years of design, development, security, and general IT experience with him. Mr. Tipton is a certified developer and instructor on multiple technologies, a Certified Information Systems Security Professional (CISSP), and received his bachelor's degree in Management Information Systems and Finance from the University of Houston.

--

In short, from respected SEI consultant to crook. MUSL should update their site including cleaning up their images http://musl.com/images/staff/ETipton.jpg it does leave an impression you can trust this organization to keep it fair and secure.

Should everyone get their money back from those lotteries? There was no chance on winning because of actions by the company organizing the lottery.

The Lottery Club

You Aint Init.

What's a Lottery Expands

... and how does one hack it?