ACE issue long ago fixed (some time b4 patch 1.29) - huzzah! May the Reforging be mighty! :)

General Discussion
1

Update: this issue of Arbitrary Code Execution from within a Warcraft 3 Custom Map file is no longer possible. Fixed at some point b4 patch 1.29. :+1: Read on for some of the original discussion, but the main concern/reason I started this thread had been long since resolved. :sunglasses: May the Reforging be mighty! :hammer_and_wrench:

I didnā€™t feel up to cleaning up my rambling in some of this thread right now. Sorry about that. Been a bit hectic irl. Did my best to provide data, but went on tangents too much. https://en.wikipedia.org/wiki/Temple_Grandin may have some info for those interested in understanding some of the reasoning for my tangents or providing too much data. Specifically, " She has noted in her autobiographical works that autism affects every aspect of her life. She has to wear comfortable clothes to counteract her [sensory processing disorder] and has structured her lifestyle to avoid [sensory overload]. She regularly takes [antidepressants], but no longer uses a squeeze-box ([hug machine]), a device which she invented at the age of 18 as a form of stress relief therapy, stating in February 2010 that: ā€œIt broke two years ago, and I never got around to fixing it. Iā€™m into hugging people now.ā€" and https://www.imdb.com/title/tt1278469/.

Regarding the Hug Machine, https://en.wikipedia.org/wiki/Hug_machine. To quote, "As a young child, Grandin realized she would seek out deep pressure stimulation, but she felt over-stimulated when someone hugged or held her. The idea for the hug machine came to her during a visit to her auntā€™s [Arizona] ranch, where she noted the way cattle were confined in a [squeeze chute] for inoculation, and how some of the cattle immediately calmed down after pressure was administered. She realized that the deep pressure from the chute had a calming effect on the cattle, and she decided that something similar might well settle down her own hypersensitivity.

Initially, Grandinā€™s device met with disapproval as psychologists at her college sought to confiscate her prototype hug machine. Her science teacher, however, encouraged her to determine the reason it helped resolve the anxiety and sensory issues." Explored more in the film, she used the scientific process to gather data to justify why the hug machine worked for her. She gathered a TON of data. But only with her high school science teacherā€™s help was she able to keep it concise and use it to make an argument for her beliefs by putting the data into an organized, effective conclusion. I think I need to work on that, myself. Maybe a rough draft - raw data - of my thoughts in wordpad. Then split it into Concise and Tangents. Then post both separately with links to the other? Hmm.

1 Like
2

Can you just spit it out in a single sentence

1 Like
3

Was the exploit that allowed specific lines of code in a Wc3 Map to download something to your PC without your knowledge that could possibly be harmful ever fixed? (see OP for specifics - term is ACE and yes it was).

4

This is why you need anti-virus, and anti-malware software installed on your computer. Thousand maps are on the battle.net if we stop downloading these maps will be just as bad as the virus

5

Solution: Donā€™t join games with random unknown custom map downloads. Most players know which custom maps are popular and which ones are safe to play. How many people are playing untested maps without doing a quick google of the map first? If you are specifically searching for a new fresh map, then use official legit sources with well known map makers. Problem solved.

Iā€™ve been playing wc3 since day it released and only ever had one bad map appear on my gamelist (i didnt even join or download the map) yet somehow a porno image appeared in place of the map previewā€¦ it was kind of disturbing but Blizzard patched that issue out a long time ago lol

Also, why are you posting instructions for people to learn about this stuff? You should erase all the actual coding you posted and just briefly explain your question without detailing the actual jass scripts

2 Likes
6

In replay to Lucioā€¦

Oh, absolutely, those are all useful.

I run Malwarebytes (free/no real time protection - by choice due to cost) to cover me on malware and Windows Defender that is bundled with W10 on the AV/Firewall front.

Forgive me for not having personally tested this functionality.

Itā€™sā€¦ a bit over my headā€¦ I just want to know if it has been patched.

Perhaps AV/Firewall/etc would catch it? But again, a bit over my head and I didnā€™t want to assume.

My perceptionā€¦ which may be 5% of the information pie overall, for all I knowā€¦ is that since the activity would be triggered from a legit source - Wc3 - it mightā€¦ fly under the radar of Firewall/AV?

Again, thatā€™s just my worry - if you can provide some sources and convince me otherwise, please do so.

I am not an unreasonable individual, imo.

PC security is justā€¦ā€¦ something that worries meā€¦ā€¦

In replay to wc3tutorā€¦

Oh, aye.

I guess that would mitigate the potential threat?

Idk how exact it checks for every line of codeā€¦ againā€¦ over my headā€¦ maybe it would be possible to edit a custom map ONLY adding this stuff and it would still look official?..ā€¦ again, idkā€¦

In regards to the exact coding, itā€™s been posted online for Y E A R S. Check the datesā€¦ā€¦. I see no reason to squirm about something that has been there, at those links, forā€¦ 9 years?

1 Like
8

In reply to wc3tutorā€™s reply that they later deleted asking me not to post the direct JASS code from 9 years ago or share the direct links they were originally posted at that areā€¦ still the same 9 years laterā€¦

Very well.

I am in a heightened/intense state irl from diving this again and I apologize if my approach was not optimal.

As I said, however, I specifically e-mailed the hacks at blizzard about this around the time. I posted it in the old WC3 Forums.

For example, if you search me on Hive Workshop, youā€™ll see I was active on the thread I previously linked there - I will not provide a direct link as per your request, but quote myself and provide the dateā€¦

"Will it be fixed in 1.25, or not?

Look. Quite frankly, i do not presume myself to be sufficiently knowledgeable to pass Great Judgement on exactly what the exploit can or cannot do.

Thusly, iā€™m not going to debate it - i will leave that to those who are more versed in such things, should they have the desire to do so.

Elfian, i see you have passed your own personal judgement on the exploitā€™s capabilities, and i will respect that.

However, regardless of the precise nature of this threat, iā€™m not keen to expose myself to it.

My only interest in the matter at this point is whether or not the exploit will be removed with 1.25.

En_Fuego indicated it would be, and i was just hoping for some details/confirmation.

Togra_blah, Feb 16, 2011"

1 Like
9

Seems like a legitimate query

3 Likes
10

Oh boy. I sorta dropped Wc3 after that point due to my worries in relation to thisā€¦ it appears as though there may have been new information I was unaware ofā€¦

Again, I will not provide a direct link.

This data is new to me, despite the 3 year tag since it was posted - I will review it and edit out what is needed - but I thought Iā€™d post it copied directly (without a link or anything) since I didnā€™t see any exact JASS codeā€¦

"The exploit is CONFIRMED! Patch 1.27 is vulnerable to arbitrary code execution!!!

So, I just found a way to typecast values again in the Patch 1.26. With this trick I can perform a I2C and execute raw JASS bytecode, which in turn allows me to read and write memory from the game process, allowing me to execute arbitrary machine code from inside a map!

I thought the release of patch 1.27 only about 3 weeks after I discovered the exploit, was an indication that they were going to fix it. But they didnā€™t, they didnā€™t modify anything in the JASS VM from patch 1.26. I didnā€™t have to change anything in my code, I just ran it in the new patch, and it worked.

This thread discusses not only the exploit, but also the possibility of developing an unofficial community-driven custom patch for Warcraft. This patch would not only fix the security issue, but could also introduce many new features into the game. With time, we could even implement everything in the [thread=257163]1.27 wish list[/thread] by ourselves.

Now, before saying that such a thing would be impossible, impractical, or would not work, please read all posts under this thread, especially my [post=2792981]latest post[/post]. Here follows my original post, before I had finished the exploit:

A brief history of Warcraft

In the pre-historic days of pre-1.20 Warcraft, some unknown guy found the marvelous ā€œReturn Bugā€ thing - the ability to typecast values from one type into another with no restrictions.

Quickly everyone learned about it, and started using it to store things at gamecache. This gave origin to a whole new generation of map making - modders were able to do things that were never thought to be possible.

By that time, everything was wonderful. Every big map started using this thing, everyone was happy, and so was Blizzard - after all, itā€™s not every day that a major bug in your product becomes itā€™s most valuable feature.

Then around the time of 1.23 patch, the Warcraft community was stunned by some (russian?) guy, that found a very dangerous exploit: through the use of I2C, that guy managed to execute arbitrary machine code from inside a map.

Suddenly the world came down in an instant. This thing violates every known principle of computer security. By that time the Warcraft community was much bigger than it is now. People were used to join and play custom maps they never seen before. So, hackers started to make maps that infect the playerā€™s computers with viruses as soon as they join the game. Adding to the fact that most users run Warcraft as Administrator, this allowed them to easily take control of their machines.

So, things couldnā€™t stay as they were. Blizzard was forced to do something as quick as possible. But this exploit was based on the famous ā€œReturn Bugā€, the most valuable thing they have. Every popular map was using it, DotA was using it, so how could they solve this security problem without breaking every map?

As we all know, they came out with a very clever solution. They removed the ability to typecast values, and gave us Hashtables in exchange. Map makers quickly adapted, and everything was good again.

Until nowā€¦

The present state of Warcraft III

Warcraft III is now an ancient game. People donā€™t play it anymore - the size of its community now is exponentially smaller than it has been some day.
Blizzard doesnā€™t seem to support the game anymore. The last patch was released 5 years ago. Blizzardā€™s main source of profit is Starcraft II - they donā€™t make money from Warcraft anymore.
There are rumors that they could release a new patch. To be honest, Iā€™m very skeptical about this. Some guy pointed that their site is anouncing job positions for development of ā€œclassic gamesā€, where WC3 is included. One can assume that no development is being made on WC3 while those job positions are still vacant.

As you can see, things have changed. They are not as they used to be in the times of 1.23. By that time they were able to quickly fix the major security issue. But will they do it now?

What if I told you that I just found a way to do I2C in the 1.26 patch?

The future, and the possibilities

Ok, so what happens if people with intentions not as good as mine become aware of this thing? Either Blizzard will release a quick fix. Or they will simply not care! And what happens if they choose to do that? Will the game definitely die?

Iā€™ve been thinking, why do we need Blizzard to do everything for us? Just look at the amount of things that people are requesting in the [thread=257163]1.27 wish list[/thread]. Iā€™m pretty sure many people in the community are capable of implementing some of those things by themselves, so what do we need Blizzard for?

We could easiliy create a community-driven unofficial patch for warcraft. To add all the features we have always dreamed about. It could be made open-source, so that everyone could contribute. And look, we already have Sharpcraft as a start point.

But no one uses Sharpcraft natives in map making. Why? I know, itā€™s because it requires the end user to install custom stuff in their computer, as opposed to just join a map and have it automatically downloaded.

But what if every Warcraft player in the world had Sharpcraft installed? What if it was so popular, that nobody would install one without the other? Think about Firefox and Greasemonkey. Browser scripts have become so popular, that itā€™s no crime if they require Greasemonkey to be installed.

Of course, Sharpcraft doesnā€™t have that much popularity. The average Warcraft player doesnā€™t even know that it exists. But I see a way that this could change: if the game is now unsafe, and hackers start to put viruses on maps, people will start looking for a solution.

And if Blizzard doesnā€™t provide that solution, we can. I could easily fix that bug myself, and then Sharpcraft (or w/e the community custom patch would be called) will become very popular. Every ā€œnewbie tutorialā€ you find in the internet, teaching noobs how to ā€œdownload and install Warcraftā€, will also teach them how to install the custom patch, to ā€œmake the game saferā€.

Obviously this patch will do much more than just a security fix. With time, we could implement everything in the 1.27 wish list, without waiting for Blizzardā€™s good will. We will end up with a very powerful game engine, that will have complete support for all the existent resources, but will be also completely free from the current Warcraft III limitations.

What I will be doing now is research a bit more on the I2C thing. I will examine the old 1.23 exploit, try to figure how it works, and if it can be reproduced in 1.26. If I fail to do that, I will conclude that I2C is safe to use, and I will make it public.

If I succeed in executing arbirary code,I have succeeded, the exploit is REAL!!! Iā€™d like to hear your opinion on what should I do with this knowledge. If this was in another time, I would simply report the vulnerability to Blizzard. But I donā€™t have faith that they will do anything about it.

What do you think? A custom community-driven patch for Warcraft is viable?

Last edited: Mar 15, 2016
leandrotp, Feb 28, 2016"

1 Like
11

I donā€™t get why posting about old patches. We have 1.30.4 not 1.27. One thing Blizzard is certain they will not allow chunk of bugs ruin the security of their player base, because people will not buy their game.

You shouldnā€™t worry about that. Your heart beeps way too fast when you worrying. It might leads to a heart disease, so careful with this one and remember Blizzard have advanced security programming team to deal with security issues. They are not gathered from some forest.

Everyone who works for company as big as Blizzard is have meet their requirements. You can just see their job list and see how much requirements they put before they hire people.

1 Like
12

In replay to Lucioā€¦

Well, again this is from my perception/data - which as I said b4 may be very limited - but some of those exploits wereā€¦ afaikā€¦ present for a significant period of time b4 being fixedā€¦ if they ever wereā€¦

Please correct me if I am wrong in that respect, but eh, I only have what I know to go onā€¦ and what I have so farā€¦ doesnā€™t look terribly goodā€¦

To be clear, I know WoW has excellent stuff in the security department.

They have to combat any number of illegitimate venues to impact playersā€™ experience and I think they do an OUTSTANDING job of it!

However, Wc3ā€¦ seems like it was somewhat neglectedā€¦ I really hope these issues have been addressed and resolved, at least on Reforgedā€¦ but not everyone has Reforged and old Wc3 is, afaik, still on 1.27 or something?..

As far as worrying, you make an excellent point.

Heh Iā€™m still young enough and my heart in the physical sense is tough enough for the additional beats per minuteā€¦ but I respect what you are saying in regards to worrying in generalā€¦ whatā€™s the old sayingā€¦ ā€œWorry is the interest you pay on a debt you may not owe.ā€

I cannot post links, but I offer credit to Keith Caserta who was cited on the website I copied the quote from.

All that said, I still have concerns. Whether they are well founded isā€¦ to a point subjectiveā€¦ but they are there.

I will try to dial back the intensity though.

I do relatively well in terms of regulating that in respect to how I directly handle itā€¦ but with text online or whatnotā€¦ I donā€™t always catch the cues that it might be starting to cause a problem for other ppl.

13

Like I said current warcraft 3 is patched to 1.30.4 and if you havenā€™t paid attention the developers said that those who own Reforged will be able to play with their friends who doesnā€™t purchase Reforged.

Its similar to the Starcraft Remastered. You can still play with people even if you didnā€™t purchase Remastered version. The only different things will be the visual art at least they told us that.

I was curious and I visit classic jobs. Look what I have found in the jobs listed:

  • Diagnose networking, database and OS related problems.

This is sign that battle.net 2.0 is coming as soon as this job disappears from the jobs opening. Which proves they are working on the reconnect feature.

Something that weā€™ve asked for years. Whatever these virus from maps might come they are outdated and probably made by not so good programming thugs that wants to ruin the game. Meanwhile Blizzard coders are a lot better and Iā€™m sure there wonā€™t be issues

1 Like
14

In reply to Lucioā€¦

Aha!

Thank you, Lucio!

I was unaware that old Wc3 was patched as well - I should have researched better.

My piece of the information pie is now a larger portion of the whole - I appreciate your guidance.

I will start reading over patch notes!

Perhaps it was directly mentioned and I simply was unaware since I assumed Wc3 and Wc3 Remastered were effectively two different entities.

I will keep you posted on my findings.

15

Well I found you full with energy and passion and I understand your concerns. How about you put that energy to use instead of worrying? Iā€™d love to have conversation with you. Then my future campaign AoS brawler project might become interesting.

1 Like
16

In response to Lucioā€¦

Thanks, Lucio.

Eh, Iā€™d like to put that energy to use in getting a direct answer as to whether these 3 issues were specifically addressed.

Aeon of Strife Brawler project, eh?

Itā€™sā€¦ been a whileā€¦ AoS is like Angel Arena?

Iā€™ll give it some thought.

Iā€™m mostly on SWTOR lately, but weā€™ll see.

Iā€™m not touching Wc3 with a que the song from How the Grinch Stole Christmas 39 and a half foot pole until I know for a fact that those security holes have been plugged.

I got off on a few other tangents and was struggling to find a concise list of patch notes for Wc3.

Hive Workshop had someā€¦ scattered amongst their News Articlesā€¦ but all the links to the ā€œofficialā€ versions on Blizzard urls failed to load.

Possibly taken down?

While I donā€™t mind a long list to readā€¦ā€¦. if I have to find where I left off and where to begin again 10 times in the processā€¦ā€¦ and itā€™s not ā€œofficialā€ infoā€¦

Perhaps if someone with better google search skills can find me official links to Wc3 Patch Notes starting from about 1.6 and I can catch up, Iā€™ll consider doing so. :slight_smile:

1 Like
17

Well its not but when I have something I will post some images.

1 Like
18

This thread needs more informed people! NEEDS more informed people!
I will tell you everything that I know about this, although I am user and my knowledge is also limited.

The problem you are describing here has been like a nail through my heart since 2009 when I had to port my return bug-based Warcraft 3 mod to use hashtables instead, and then I found that the hashtables could not do certain handle to handle casting that was previously possible, so there are certain lines of code that I cannot update to the modern patch without re-inventing their behavior. Thatā€™s a lot of mumbo jumbo. But it is the perspective from which I began to see this problem, as a user who was hit by a 2009 patch wall that broke everything I had been working on.

When leandrotp and those other guys found the exploit again in 2016 or so ā€“ on Patch 1.26 ā€“ what they did is that they found a new way to do typecasting. So the return bug that was removed was still available, but required 30 extra lines of setup code to break the game where you create a C union effectively by creating a conflict between a global and local variable with the same name. That is only the tip of the iceberg of what they were doing. It allows you to convert a function to a number, then do math on the number, then turn it back to a function and now execute a function from a different place in the computer that you create with your own stuff in it.

Leandrotp was apparently somewhat of a good person. I read a report later that he wrote up. He said he emailed this issue to Blizzard and their security, and said that by Patch 1.28 it was removed. He told Blizzard that the underlying problem was not type casting. He said that ā€œwe would always find a wayā€ to do type casting, and there was a worse problem that the binary code inside the language would allow people to redirect the pointer representing an array. Then you could use the array variable like ā€œMemory[426362]ā€ and access any memory address in the computer, by assigning the array to start at 0 at the start of the computerā€™s memory chip basically.

So Blizzard followed what he said and they changed the language so that array assignments (which do not exist syntactically in the code, and were only available when executing binary that you created with typecasting) were disallowed. That is what he said. It should have meant that the issue was fixed in Patch 1.28.

For me, this was really cool when I found it. It meant that the typecasting was still available in Patch 1.28, and possibly going forward. Even though the game was safe! So as an experiment, I went to an old mod from before the 2009 Patch 1.24 killed all of the maps and mods. I was not the author of the project that I tested on, so I never published my work on it. But, I resurrected a copy of The Tales of Raviganion (TToR) mod locally and was able to play the mod on Patch 1.28, which was significant because this mod had never worked since Patch 1.22. It was created in 2005 and in order to store data, they had to use gamecache with return bug. But you could not fix it with the hashtables. It was written before the vJASS and hacked World Editor. Because the developers of TToR had many authors working together, they coded in a way that is strange to us now. For each author who needed a gamecache in his GUI trigger, a new gamecache was created. Each author could not make a good global variable because there was no syntax for it, so he would typecast his triggerā€™s pointer to a gamecache and store the gamecache in there. Nothing like this exists in any recent modding. The only way to port it forward without a huge effort is to get typecasting back.

But, after Leandrotp posted about the issue and how Blizzard fixed what he asked them to in Patch 1.28 ā€“ he said it was some kind of assignment instruction on type number 9 that allows that assignment to an array problem ā€“ he had published how to do the type casting in that post, and Patch 1.28 still allowed the type casting, but didnā€™t allow the array assignments problem to create memory viruses.

So that was how I got the TToR mod to run on Patch 1.28. I did the C-style union glitch between global and local variables and lo and behold the old mod ran again and I was able to play as the custom races in any melee map. Its AI systems were immensely complicated and refused to work with my limited replacement for typecasting, because they required a typecasting that was more performant and when I tried to fix them the game lagged atrociously and crashed. But the game itself played the mod fine without AI.

I thought this was really cool, because it meant that we could undo the damage to legitimate modding efforts. It meant that all maps from before 2009 ā€“ all Warcraft 3 maps created for all time ā€“ would now be viable and playable in the modern game patch.

But then Patch 1.29 came out. They removed the local variable/global variable glitch and so my modified local build of the TToR mod did not work any longer. I have almost never seen any reporting on this change. I believe I was first notified of it in a private circle on discord.

I do not know exactly the rationale behind Blizzard removing it, but there is only one possibility that I can think of. They removed it, Tograblah, because they know how you feel and they do not want even the slightest chance for those old viruses to resurface. There is a community of people who use something they called ā€œmemhackā€ that you can find online, who are trying to fight the system and remain on Patch 1.26 using the exploit that leandrotp found, because it allows them to be in control. By the time that I was using Patch 1.29 and Patch 1.30, they told me that they were also able to do it on Patch 1.28 using the type casting. They are a community of people who are actively trying to work against you and play a game where viruses can exist ā€“ and no, your virus protection is probably not going to save you from the Warcraft III game application, because you intentionally installed it. They developed many insane things, and claim that they can ā€œdo anythingā€ and that it is a powerful modding tool. But it was doomed to die from the moment they began to treat the virus problem in that way. There is a reason that they are confined to play Patch 1.26 (and possibly 1.28).

Knowing that Blizzard is doing undocumented changes like the removal of typecasting in Patch 1.29 ā€“ regardless of how much of a thorn in my side it is if I want to play the old TToR mod ā€“ causes me to sincerely believe that they know about this problem and have actively tried to remove it as much as possible in the current Patch 1.30.4. I have not heard of anyone who was able to perform the virus inducing exploit in Patch 1.30.4, nor anything close to it. Patch 1.29 also broke a huge number of custom assets, because the fundamental parsing of the BLP image format was changed. Shortly before this changed, a user posted online that they were able to make an image that would read arbitrary memory and render it as rainbow colors. Coincidence? I think not. In all cases, Blizzard has prioritized security even when it would destroy thousands and thousands of hours of legitimate modding efforts and creativity. (Watch out when using BLP Labā€™s mipmap optimization. I believe that it still creates BLP textures only usable in Patch 1.28 and prior)

But it is possible that the people in the social circles who look for this kind of bug would not tell me, because some of those social circles wish desperately that they had more control over their game. They want to naively believe that no one will make a virus in the Warcraft III game application even if they make it possible, or that it is your fault if you donā€™t only play popular, tested maps.

I want to live in a world where we can all make maps, regardless of how stupid they are, and share them safely, knowing that they are sandboxed. I like to make maps. And so I am on your side in this conflict, Tograblah, and on the side of Blizzard. And in the game of Warcraft, Blizzard always wins.

Edit: The rumors say that in China and some other countries, where people want to sell skins inside their maps, they have to use these hacks to load additional DLLs into the maps so that they can encrypt their custom models and textures for their custom skins in a way that only their own hack code can parse. This creates monetary incentive for people to learn how to make this kind of virus hack, and not tell you. So it is definitely a danger, but I believe from everything I have ever seen that Blizzard Entertainment takes it very seriously, and knows that there are people who are able to get paid to find ways to make viruses in Warcraft 3, basically. And Blizzard works against it.

2 Likes
19

In reply to Lucioā€¦

Eh, I canā€™t remember all the terminology from back then very well.

I had aā€¦ significant injury irl back thenā€¦ that took me out of commission for a while.

At this time, I cannot commit to expending energy on helping you playtest or offer suggestions for your map in progress.

I can be a cheer leader and offer light-hearted moral support, but thatā€™s all I can do right now.

In response to Retera,

You give yourself insufficient credit.

Goodness graciousā€¦ that is a lot of important informationā€¦ I think you should label yourself as at least an educated or advanced userā€¦ā€¦ at the very leastā€¦

Most of itā€¦ honestly went over my headā€¦ but I sincerely appreciate you sharing that.

I will comment on the few points that I feel qualified to do so:

  1. You give yourself too little credit.

  2. Security in relation to Wc3 Custom maps has always been a struggle - more so than I was aware, especially in relation to those ā€œcertain groupsā€ā€¦

  3. Blizzard is at least aware there are issues and are trying to combat them.

Thank you for your candor. :+1:

Oh, also, I want to express my regret over the fact that this focus on security isā€¦ as you saidā€¦ destroying thousands and thousands of hours of legitimate modding effortsā€¦

I truly feel terrible about that and could about weep right now irl for the lossā€¦ when your work on something you care about is rendered obsolete by no fault of your ownā€¦ but life is shades of grayā€¦ not black and whiteā€¦

Balance is important. I really resonate with your desire to live in a world where everyone can make maps, regardless of how stupid they are, and shere them in safety, knowing they are sandboxed!

That would be the perfect balance, imo, but as we all know, life is an imperfect thing.

We do what we can.

When we encounter a problem, we hopefully are well enough prepared as an individual to have effective problem solving skills.

We use them to deal with issues that come up.

Aā€¦ little tangentialā€¦ but I just want to share a 4 step method to solving problems that I gave far too little credence to when I first heard it and am now using regularly.

  1. Identify problem.

  2. Brainstorm solutions.

  3. Use trial and error to test solutions until you find on that works - remember, a failure is not, ā€œOh feis upon it all. This is an insurmountable obstacle. I give up.ā€ - rather, it is like, I believe Thomas Edison saidā€¦ he learned 99 or however many ways not to make a lightbulb, adjusted, and tried again untilā€¦ā€¦

  4. You find the solution that works! Success!

I know thatā€™s a little off topic, but I feel like some ppl miss out on learning these basic, generally-applicable problem solving skills.

I know I did growing up.

2 Likes
20

Wow, this thread is incredibly high IQ. Iā€™m saving the posts to a txt file, pls, donā€™t hack me.

1 Like
21

If you worry about sh1t like this, you should probably burn your computer, and go live a secluded life in a cave lol. donā€™t be a pussy.