I had an opportunity once to sit down with Don Knuth and play Halo on the X-box. Don was doing really poorly and I said, "Don, what are you doing?" His answer was "Playing."
But for Don, playing wasn't kill the bad guys, get the best weapon upgrade, it was "What happens if I just sit here when this NPC wants me to follow him?", "Can I jump off this ledge in the back even though the game doesn't think I should?" He was playing not the game of Halo but the game of Halo Exploits! Once I realized what he was doing we started a variety of different tactics to see if we could break the game. We found several in a fairly short period of time. One where you could get 'behind' the geometry of the space ship you were on, run all the way to the other side where the big bad guy for the level was, and shoot him dead up through the floor without him being able to fight back. It was quite fun.
There is a story about a physics student given a word problem of finding the height of a building using a barometer. Since they couldn't remember the perfect gas law they instead drop the barometer from the roof and time how long it takes to smash into the ground below. Then compute the height that way. It that kind of thinking that people use to find exploits. That, time, and sometimes browsing the source code.
Doing security code reviews is also good training.
But for Don, playing wasn't kill the bad guys, get the best weapon upgrade, it was "What happens if I just sit here when this NPC wants me to follow him?", "Can I jump off this ledge in the back even though the game doesn't think I should?" He was playing not the game of Halo but the game of Halo Exploits! Once I realized what he was doing we started a variety of different tactics to see if we could break the game. We found several in a fairly short period of time. One where you could get 'behind' the geometry of the space ship you were on, run all the way to the other side where the big bad guy for the level was, and shoot him dead up through the floor without him being able to fight back. It was quite fun.
There is a story about a physics student given a word problem of finding the height of a building using a barometer. Since they couldn't remember the perfect gas law they instead drop the barometer from the roof and time how long it takes to smash into the ground below. Then compute the height that way. It that kind of thinking that people use to find exploits. That, time, and sometimes browsing the source code.
Doing security code reviews is also good training.