May 2007
« Apr   Jun »



Lumping it all on red

I haven’t followed football for a while now, but I know it’s cup final day because Sporting Index sent me a fifty quid free bet offer as long as I tried out their mobile phone software.

I’ll review it in one word.  Infuriating.

It needed to access the internet more often than I blink, and each time it did it popped up a security warning and I had to say that it’s OK to go online.  This is probably a phone feature rather than anything specifically in their software, but it’s still annoying as hell.  If it was OK last time, it’s fine this time if you wantr go and get the same stuff from the same site.  It isn’t just when you go to a new screen, if you stay watching the same screen for 10 seconds or more it tries to refresh.  So anything you have to type, you have to do quickly or it’s too late.  Scroll down the list of bets but do it fast, otherwise it’ll get hidden by the popup message before you have time to digest what’s on offer.  I would say that perhaps being able to digest the bets that are on offer is more useful than making sure the prices displayed are bang up to date.  They’ll always be sure to let you know if a market has moved before you get your money out, so this is a bit too clever for its own good.

My main gripe though is that apparently my phone’s keypad isn’t good enough.  You can’t enter numbers or letters using the phone, instead you have to use a crappy small and unresponsive touchscreen soft keyboard.  Once you’re logged in (and after the first time, you only need a numeric PIN), the only things you should need to type in are numbers for the bet amount.  What phone doesn’t have a numeric keypad?  Mine not only also has a full keyboard, it also has its own built in soft keyboard which works a hell of a lot better than the one in the Sporting Index software.  No input method works right except their own keyboard, and even that doesn’t work very well.

In fact, on the Sporting Index online games (I had another refund promo yesterday, lost as usual – I’m not saying it’s rigged or owt, but I’m 0 for 7 on those now) they only let you select bet amounts using the mouse by clicking up and down arrow keys.  Most computers have a keyboard, so I don’t know what their aversion to using them is.

I ended up buying Man Utd in the Win Index at £4/point at 13 points.  It’s 25 for a win, 10 for a draw and 0 if they lose, so I lose £2 of non-refundable real money if they lose.  No big deal considering I stand to win up to £48 on the free bet, but the reason I made it a nice round £4 and not £3.85 for a completely risk-free bet was only because I couldn’t get anything at all to enter into the pence part of the stake input.  Two separate boxes for pounds and pence isn’t a bad idea if most users will enter numbers on a phone keypad but (a) they’re not and (b) it doesn’t work anyway.

It’s not like I’m going to watch the match – It’s still double player points at PokerStars today and the ten billionth hand bonus is fast approaching.  But come on you reds, I guess.

EDIT: 0-0 after 90 minutes, so I lost £12 and had £38 still to play risk-free.  So I had to go through it all over again with an extra time bet.  That one lost.

Globalising the herbal, disestablished cymbalist

I don’t remember the last time I misspelled a word so badly it got the better of a spellchecker.  I mean really fooled it into not having the first clue what you’re on about.

This is quite impressive.  I was just one letter out on the British English spelling of "stabilise", and two letters away from the more computer-friendly "stabilize".  The suggestions all contain a "b" and an "l", but otherwise they’re strong candidates for the worst random spelling guesswork in the world ever.

Stat attack: 25,000 hand checkup (part 2)

Nope, nothing really interesting happened.  Still, it’s less than ten weeks before I’ll be in Vegas.. bear with me during the dark weeks 🙂

7. Pocket pairs

I play 93.6% of pocket pairs, and raise them preflop 43.3%.  I do have negative lines for 77, 66, 44 and 22 though.  I don’t see any major problems, just a few big pots I lost with a set against a rivered flush, or a full house against quads, etc.  I do still think I might need to dump small pairs in early position because I often struggle to get a big enough payoff when it gets raised ahead of me and I do flop a set.

8. Suited connectors

Profitable to the tune of 9BB/100.  I cold called with a suited connector only 12 times, mostly KQs and QJs.  Overall I lost, but it’s a pretty small sample size.  The hands I played were almost all only for a tiny raise and in position.  Doesn’t feel like there’s much wrong here.

9. Unsuited connectors

Leak.  Only a small one, but I’m losing 1BB/100 with unsuited connectors.  This includes AKo, which I’m nearly $90 down on.  That’s because of some big pots I lost with top pair vs a set or two pair.  I’m getting more confident playing AK now, and feel like I lose less when I’m beaten, so I expect this figure to improve.  I’ve cold-called unsuited connectors 11 times and won once.  Seven times it was with JTo and the one pot I did win was very small.  Mental note made.

10. Postflop aggression

Wow, I c-bet a lot.  After a preflop raise, I bet or raise the flop 77.8% of the time.  Is that too high, if the guide I’m referring to says "at least 40%"?  Well I don’t think so, because filtering my hands on just these situations, I’ve made 122BB/100 when I continuation bet and when they lead out and I get to raise, the win rate soars to a phenominal 191BB/100.  I can live with that.

My overall postflop aggression factor is 2.83.  Plenty.  However this is mostly from my flop play: 4.12 on the flop, 1.83 on the turn and 1.90 on the river.  It’s not exactly passive on the later streets, but I wonder if this shows that I slow down a little too quickly and could be betting and raising a little more.

11. Check-raising

I’ve check-raised 111 times, 1.11% in total.  Every one of them, naturally, felt great.  I’m not doing it excessively, and overall the hands where I’ve check-raised show my biggest win rate: 449BB/100.  Of course this figure is pretty meaningless, because I’m usually only check-raising with my strongest hands and by its nature a check-raise builds nice big pots.  Still, it looks good just to finish with such an impressive figure!

Stat attack: 25,000 hand checkup (part 1)

What better way to chill out at night when working away from home than to analyze your Poker Tracker stats?  I’d even set up GoToMyPc especially so I could get at PT and drill down whenever I felt it necessary to get into the nitty gritty of my play.

Well I thought it would be a good idea, but I crashed out after a heavy night of partying.  And by partying, I actually mean lugging server hardware from one floor of a datacenter to another.

Here’s the first part anyway.  I based the analysis on this guide, and answered each point in turn.  I’ll do the same thing after another 25k hands.

1. Do I have sufficient preflop aggression?

Apparantly not.  On the button and two seats behind I’m raising about half the hands I play, but everywhere else it’s lower.  I already think I play too many weak hands out of position so eliminating them would improve this figure – not by raising more, but by calling less.

2. Am I positionally aware?

Indeed I am.  My VP$IP figure on the button is 26.21, whereas under the gun it’s 13.13.  So I’m very close indeed to playing twice as many hands in the best position as in the worst.

3. How’s my stealing?

My attempts to steal the blinds figure is 33.55%.  When filtering my hands only for steal attempts, my win rate is $59 per 100 hands.  Not too shabby, and much more than double my overall win rate – in fact more than ten times bigger!  I think there are other areas I can look to improve ahead of this.

4. Defending the blinds

This is good and bad.  The magic number, so they say, is  a loss of 0.375BB/100.  Anything worse than this and you may as well just check/fold every blind.  My number is is virtually the same figure, but positive: 0.37BB/100.  It’s reassuring.  I don’t make money from the blinds overall (nobody does) but when I decide to pay to play from these positions, it’s been profitbale.  But it could be more profitable.  I’m at -0.46BB/100 when facing a blind steal.  Defend less, then.

5. Heads-up play

This was a pleasant surprise: I’ve won 7BB/100 when heads up going to the flop.  I certainly didn’t expect this figure to any higher than my overall win rate.  Continuation bets apparently do rock.  However, when I filter only the hands where I didn’t raise, it’s a loss of 6BB/100.  I’m not profitable when limping with weak hands.  Most likely it’s small pocket pairs and suited aces when I’m out of position (given that I already know I raise a wide range in late position) and I suspected this.

6. Multiway pots

I’m winning 5BB/100 in multiway pots overall, and 3BB/100 when limping.  Guess there’s nothing wrong with that.

This is already long enough, so I’ve split the analysis into two parts.  Two blog entries for the price of one – bargain!  Some may say it’s a cheap trick to make readers come back for more, but given the content is really all for my benefit and not at all interesting to anyone else, that’s hardly the case.  I’m just getting bogged down in all those lovely figures.

You never know, something interesting may happen that I just have to write about in the meantime.  Doubtful though.

eBay in letting people sell stuff for money shocker

I don’t very often, in fact almost never, watch or listen to the news.  I admit that I often don’t have much of an idea about what’s going on in the world.

Today’s "top story" on Radio 1’s news reminded me why I should take an interest.

It turns out that people have been attempting to use an online auction site to sell things.  The damn nerve.

This weekend, the radio station trundles off to Preston in the closest thing to what the kids of today have to the good old Radio 1 Roadshow.  No more trucks along the coast.  Now it’s two tents in a city. There’s urban, and then there’s Preston…

Like the roadshows, it’s all free.  But rather than just piling onto the beach to watch the Hairy Cornflake play some records or wait for Smiley Miley to appear and ask everyone to guess how far he drove today, these days you have to win a ticket lottery to enjoy the delights of Scissor Sisters, Razorlight, Natasha Bedingfield and Mark Ronson on a bizarrely diverse bill.

Tickets for Radio 1’s Big Weekend are selling on eBay for hundreds of quid.  The station asked them to pull the auctions and eBay said no.  They’ve even got an MP involved, and BBC News proper covered it in this article, which impressively managed to capitalize eBay in three different ways.

This is big news, apparently.

Never mind the impending leadership battle that will determine the country’s next Prime Minister, or all those people that are going crazy over a little girl that went missing in Portugal.

Or even that Chris Tarrant apparently threw a spoon at someone or something.

This is not my password

For obvious reasons, I decided to choose my own password when upgrading my Poker Tracker database.  Thank you though, PostgreSQL installer,  it’s the thought that counts.


Woah, we’re half way there.

I’ve already jinxed myself by doing something as results-oriented as actually having a win goal and writing about it here.  I’ve just further done myself damage by waiting until the very second I passed the half way mark to take a screenshot of my graph.

A few minutes ago, I passed $1000 in profit playing only $50 NL on PokerStars.  The magic number was $1000.10, in fact.  Out came Poker Grapher, and here’s the story so far.  All you graph lovers can click on it for the full size version.

As you’d expect, I’ve since dropped back under a grand.

My win rate is clearly lower than it was at the last checkpoint.  It took under 6,000 hands to win the first $500, but over twice as many to make it to $1000.  My  overall win rate just clears $5 per 100 hands.  I’m getting very close to 20,000 hands played now, which is starting to resemble a decent sample size.  I don’t know whether I should assume I ran hot to start, have just had worse than average cards for a while, or if overall 5BB/100 about right and it all evens out in the end.

The main thing though is that the line has kept on moving in the right direction. 🙂

Plenty of added value at Stars right now too.  Seeing as I only started playing $50 NL there to clear a bonus, I was pretty plesed to see another $150 reload bonus come along today.  This time it’s because of the impending momentous occasion of their 10 billionth dealt hand.  In addition, there’s a money aded tournament every hour, and FPPs clock up at twice their normal rate.

I’ll easily make it to Gold Star this month now.  Double rakeback too.  Given that I’ve paid just over $300 in rake this month for enough FPPs to buy about £20 in Amazon gift certificates, I figure it’s usually about 12% rakeback for a Silver Star player.  Should be about 16% for Gold Star.  Not the best by any means, but not a bad deal considering you don’t have to jump through any hoops to get rakeback.

New Order Split

It’s as close to official as it can get.  Sounds like nobody was meant to say anything but Peter Hook let it slip last week, and confirmed it on his MySpace page yesterday:

"so i went on and lo and behold mentioned the N>O> split so i suppose because it was me sayin it it was out at last. im relieved really hated carryin on as normal with an awful secret"

So how do I pick one song to post to mark the passing of my all time favourite group of all time?

If I had a recording of it, I’d post the dreadful version of State of the Nation that "my band" performed at Kirby Muxloe Church Hall circa 1991.  With a bonus added rap – I kid you not.  There’s many reasons I don’t have a career in music.  For this travesty, even though it was a one-off, I’m very very sorry indeed.

Thankfully, this will have to do.  Incidentally, this is also the song I want played at my funeral.

On that happy note…

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Biting the hand that feeds the fish

A month or so ago, I came across a security hole in an online poker network.

I’d thought about writing something about it after it had been fixed but time passed and I’d forgotten quite how major it was until I just mentioned it to someone who works for a network operator.  His reaction was similar to mine when it first came to light: holy shit.

Firstly I need to say that this has definitely been fixed now and it was, rightly, treated with some urgency by the developers.  However, even they didn’t know this was an issue.  Nor did any of the 40+ operators on the Microgaming network (formerly Prima Poker), which includes high profile UK names like Stan James, Ladbrokes and Bet365.

All of their players were at risk.

We can only hope that because so many different technical teams had failed to spot this, fraudsters hadn’t noticed it either.  After all, it’s such a fundamental security flaw, you probably wouldn’t even think to look.

OK that’s plenty of hype.  If you have the geek gene, this picture may frighten you immediately.  If not, read on and I’ll explain what it means:

This is the text view output from an HTTP traffic debugger.  It shows that player information was being sent over the network in the clear.  I’ve highlighted the key parts: if you read between the ampersands, you can see my username and password (obviously this isn’t my password, I just changed it for the screen grab) and my real money balance.

Yes, at the time I did have over $14,000 in my account.  I don’t any more.  It was never really mine, just a fallout from testing new deposit methods.  But I did sit down at a $1/$2 limit table with a five figure roll once. 🙂

From a crook’s point of view, being able to see the real money balance is a luxury that would not normally be afforded to them by using keyloggers or the less subtle approach of watching people as they key in their username and password.  They would not even need to attempt to access a stolen account to know whether there is enough money in there to make it worth their while trying to run off with it.

Although I ran this traffic sniffer on my own PC, software does exist to read such traffic over a network.  It’s the reason you have to look for the padlock in Internet Explorer when you’re entering credit card information.  Then you know the details are encrypted before they are sent in such a way that only the web server can understand them, and not anyone listening to the network along the way.

A point I failed to get across recently when I had to pay import duty when collecting from a Parcel Force depot and they took me into the back office to enter my credit card information in an insecure web page.  Seemingly, nobody had ever challenged this before.

There’s no padlock in a poker program, you just have to trust it.

The Microgaming client was in fact using SSL to send encrypted requests to the server.  However along the way, they were being redirected and ended up unencrypted in the process.  The redirector idea is great in theory, meaning that if an operator wants to change the location of a page or a script that’s used for their site, their players don’t need to download a whole new client for that simple change.

It’s the sheer number of requests that sent this information that was really worrying.  Simply logging in to the client was secure, no username or password was visible.  Accessing the banking pages was similarly secure.  Whew, you may think.

However, accessing "My Page" sent all this information in the clear.  This page typically shows players their loyalty point status, allows them to change their contact information and also allows access to banking anyway.  It could often be the button that players press to make a deposit or withdrawal instead of "Bank".

More worrying, as soon as you were logged in, a promotions page appeared in a popup.  This is just a web page designed to appear in a window inside the poker program.  So why would it even need to be passed information about the user?  Similarly, the promotions banner that is displayed in the lobby was being passed all this information.  There’s really no need.

These screenshots (click to enlarge) shows all the sensitive data being passed out and then back again.  At least on the way out (the bottom right pane shows an HTML form that submits these values to the actual location of the pages) it uses a secure connection.

My Page

Promotions pop up

Promotions banner

The operator’s news page was accessed in a similar way.  There’s no need at all to send a password to this page – is the latest news really only available to registered players?  The responsible gaming information and support pages also received way more information than they needed.  No password here, but all the other information is present.  Someone must have made the decision to omit the password but to still transmit username and balance to these pages.  I just can’t think what the reasoning would be for that decision.

News page

Responsible Gaming page

Support page

So that’s six different places that a user’s account information was being transmitted.  In case that’s not enough, there was one other instance that made sure anyone who was listening in for account information would not be disappointed.

In the program’s lobby – the screen where you search for which poker tables you want to play at – there is a scrolling message that is set by the operator.  Because this message is intended to be updated frequently – for instance, it might say "check out our money added tournament starting at 8pm" – it refreshes every three minutes.

As this process was also transmitting all the sensitive information in the clear, all a wannabe thief would have needed to do is set up a traffic sniffing program for a few minutes and wait to be furnished with the account details.  Minimum effort, maximum loot.

Marquee text

The screenshots I’ve posted are from Gutshot Poker.  I need to stress that this operator was not at risk from this flaw – it was spotted and fixed before the player base was migrated from their previous operator.  This hole would have been catastrophic to Gutshot, who operate an internet cafe where every PC is used to play online poker.  A scammers paradise.

So I’ll say it again: this has now been fixed.  There’s no need to kneejerk and cashout from whatever site you play at.  Don’t bother the site’s support asking whether your money is safe.  It finally actually is.

But if you’ve ever played on a Microgaming site in the past you really should change your password right away.

I’ll have a Wii please, Bob

We didn’t go to Newcastle at the weekend.  Decided that getting up at 5am to drive and then catch a train was actually a silly idea.  I don’t know why it took so long to realise something so obvious.  Will try to do it again soon, possibly the next bank holiday weekend.

Instead I bought a Nintendo Wii, which has been on the cards for a while but seeing an advert on the big screen before Spiderman 3 seemed to do the trick.  God knows why that was the final push, but it seems I’m a slave to advertising just like everyone else.  However, so far the console is as disappointing as the movie was.  Not just the silly sand monster and the black ooze from outer space, the story was all over the place and it was way too long.  Considering how good the sequel was, and how cool the dark suit story looked from the trailer and could have been, it was a real let down.

The Wii situation wasn’t helped by the fact the traded-in copy of Madden I got didn’t load.  It’s gone back and I’ve re-ordered it from HMV thanks to a combination of Quidco and discount coupons from McDonalds.  But I was very much up for doing the whole pretending-to-actually-throw-the ball using the Wii stick thing but I had to make do with some Wario thing instead.

I just didn’t get it.  You watch some cartoon graphics for a while then it says to do something, you wave the stick at the screen and if you waved it in the right place (which happened about half the time) you did whatever it asked you to do, even before you worked out what the thing was.  I think I must be too old now, but I couldn’t really see where the game was.

The whole stick waving shenanigans is hit and miss.  Whilst Wii Sports is great fun and I love that it makes a swooshing noise when you swipe your tennis racket, and other such novelties, anything that needs you to point at the screen was decidedly dodgy.  I tried the sensor bar in various positions and each was dodgy in its own separate way.

I’ll have to give another game a try before I decide if it was a complete waste of money and I should have got an Xbox 360 instead (at least then I could play Rainbow Six Vegas with high definition computer-generated neon in my living room). 

The Wii isn’t the only reason I have a sore elbow though today.  Believe it or not, Claire and I also started to play squash regularly.  We don’t know the rules and use extra-bouncy balls (noobs’ balls are bright blue, so the guys in the court next door know we’re crap when it goes flying over the dividing wall) but hey, it’s excercise – and that in itself is impressive.