* Yes, I clearly know what tcpdump is / how to capture network traffic
* It has been several years since I have looked at a pcap
* I don't have wireshark installed on this computer
* I've done the thing where you decrypt TLS with wireshark exactly once, years ago, and I found it frustrating for reasons I can't remember[1]. Wasn't sure if I could do this with ssh
* When I started investigating this, I didn't remotely think that ssh was the root cause. I thought it was a quirk of my game
* I *did* make a client that printed out all the data it was receiving, but it was useless because it was operating at the wrong layer (e.g. it connected over SSH and logged the bytes SSH handed it)
* I'm experimenting with Claude Code a lot because it has a lot of hype and I would like to form an opinion
* Looking up flags is annoying
* Being able to tell an agent "look at this pcap and tell me what you see" is *cool*
So idk. I'm sure that you would have solved this much more quickly than I did! I'm not sure that (for me) opening up the packet in Wireshark would have solved this faster. Maybe reading the SSH spec would have, but debugging also just didn't take that long. 1. What are the odds that both players lie? (4%)
2. Given that both players say tails, what are the odds that the coin is heads (~6%)
Trivially, the answer for question (1) is 0.2 * 0.2 = 4% * we can compute this as (P(coin is heads | both say tails) * P(coin is heads)) / P(both say tails)
* P(coin is heads | both say tails) = 0.04 (both must lie)
* P(coin is heads) = 0.5
* P(both say tails) = 0.04 * 0.5 + 0.64 * 0.5 = 0.34
This gives us (0.04 * 0.5) / 0.34 = 0.02 / 0.34 ~= 6% * of those 2000 flips, 1000 are tails
* 640 times both players tell the truth
* 40 times both players lie
* 680 times (640 + 40) both players *agree*
* 320 times the players disagree
We're talking about "the number of times they lie divided by the number of times that they agree"
https://www.newyorker.com/culture/culture-desk/the-curse-of-...