About a week ago Todd sent out a PR (#226) that would allow new players to join the game without anyone needing to approve their join request. This opens up a way to win: add enough sockpuppets to get a supermajority and have them approve a PR that makes you win. Specifically:

• If there are N other players, create 2N-1 sockpuppet GitHub accounts.

• Locally, prepare branches to add these sockpuppets

• Find an old PR of yours that was not merged and locally prepare to force-push an "I win" branch over it, to avoid the "0.6-block-recent" rule on newly created PRs.

• Reject #226 for a minor issue so it doesn't get merged when you're not paying attention.

• Wait until #226 is approved by everyone else.

• Quickly, approve #226, make PRs for your sockpuppet branches, submit them, force-push up yourn "I win" branch, have your puppets approve, submit.

We did discuss sockpuppets in the PR thread, but Todd seemed to think the threat was that if sockpuppets joined with 10 points you could win on points, and so it was sufficient to start new players at zero points. Or he was playing dumb, knew what I had in mind, and was planning to win this way himself.

Anyway, it didn't work out. I created my sockpuppets, sockpupper1 through sockpupper6. Some of these were flagged by GitHub, and while I didn't realize the implications at the time this would be a problem.

The first time #226 was ready, though, it failed to merge because it didn't actually pass all our tests. Normally you'd use CI to give early warning of this, but since we're (ab)using CI to determine mergeability based on things like having enough approvals you expect a PR to stay red right up until it's ready to go in. The way to handle this is to test locally, with run.sh, but it turns out Todd hadn't done this (and I hadn't either). So I was all ready with my puppets, approved the PR, clicked merge, and then it failed for a silly bug that only Todd could fix. Luckily I had been patient with the rest of my planned activity and hadn't tipped my hand yet.

The second time, once Todd pushed his fix and we had quorum, the PR did merge. I created my add-puppet branches (#236 through #241), but I was surprised when the first one failed to merge. It turned out that the allow-joining PR didn't actually allow joining. It had a bug where it checked you weren't adding a player who was already in the game, and while this check passes on master it fails on the PR branch and we require it to pass on both in order to merge. (Gah, Todd, test your PRs!)

I could have fixed this, since I had control of the branch, but then my PR wouldn't have met the very strict "add a new player" criteria and would still have been blocked.

I quickly closed my sockpuppet PRs and made a new PR (#243) that was obviously testing. I think I wasn't fast enough, though, because before I managed that Todd created a PR (#242) to require users to exist on GitHub for checks to pass. I haven't asked him what he was thinking, but my guess is he saw my PRs and thought I was testing the system, as opposed to trying to win with sockpuppets.

He extended #242 to fix the "can't actually join" bug and to require join PRs to be authored by the person trying to join, but then I ran into another problem. I made another puppet, nomic-user, and had them create #244. If you click on that, though, you'll get a 404. It turns out that PRs created by flagged users aren't visible to anyone else. Which means I would need 2N-1 unflagged sockpuppets to win.

That's not too bad, the flag notice just says to contact support to get the account unflagged. But then I thought before I did that I should look in the terms of service, and unfortunately that has "you may not have more than one free Account". Violating GitHub's TOS is not in bounds, and using paid accounts to win isn't fun, so we decided to ban sockpuppets.

At this point it feels like the game is winding down, with Pavel leaving and me starting to lose interest. Even though I couldn't turn puppetry into a win it was still a lot of fun!