Our original idea was to use Mineflayer with an MCP server to automate builds in Minecraft. But we had issues connecting this to online servers and making it efficient enough to be justified. We were successful in connect to local instances, but we wanted our solution to be fully in the cloud.
As a workaround, we instead use RCON to remotely connect to a live server’s console. From there we can easily send AI generate commands based on user input to very quickly create builds on a live server. All this despite the RCON wiki stating “It is dangerous to expose RCON ports to the internet. RCON is not encrypted and can be a subject to man-in-the-middle attacks.”
We gather data from user input:
Run a prompt to generate commands using the new (preview) prompt columns in Dataverse.
And run those commands via a Power Automate flow that triggers an Azure function that connects to the live server using RCON and passes along the commands:
The big benefit is that we don’t need to send an virtual player into Minecraft to build the structures, RCON directly updates the Minecraft data, which means a build can take seconds over minutes, and again, fully operates in the cloud.
Nasty hacks? Absolutely. We are hardening the process by using non-standard ports and limiting IPs to just connections coming from our own machines and the Power Platform. Even then there needs to be additional work to fully encrypt and protect our Minecraft environments.
Our goal was to get running software, which was achieved. Connecting the Power Platform to Minecraft turned out the be much more challenging then first believed.
We feel dirty, nasty, and deserving of the Nasty Hack badge.
Our autonomous geological report agent sometimes finds interesting information that our users should be notified about, and given the opportunity (…) to create an opportunity in CRM without having to burn more calories than neccessary.
To achieve this, and to comply with the strict guardrails implemented by the company we work for, we had to utilize a quite alternative approach.
In addition to creating a file in one our trusted SharePoint libraries, a record is written to a table in a storage account in a seperate – more relaxed – tenant… All this is done in a flow:
The flow:
Our awesome proactive bot – created using Teams SDK 2.0 in M365 Agents Toolkit (🪦TeamsFX) will poll this table to see if there have been any new reports made. It will then send messages to users, and making sure a user only receives this notification once – to avoid spam…
Using adaptive cards, the user can choose to either ignore the findings or act upon them by creating an opportunity in CRM.
Adaptive Cards with limitless possibilities (once our map-generating service is ready)
Originally we though of placing NFC tags around to represent spawn locations, but well money saved is money earned – at least in girl math. Instead we are doing a nasty hack by leveraging the natural human competitive instinct, using other players as our sensors hehe.
Sooo instead of using the NFC tags, we are shouting mine, monkey, mine to get all the data we need in our solution to quickly be able to show stats and other fun visuals!
Don’t you just love when you are toying around with the newest Microsoft features and want to integrate it inn to your Terraform code, and realize the feature does not support API at all.
This is the feeling of love i felt when atempting to deploy Microsoft foundry workflows with the use of Terraform.
Giving up at this stage is not really a option since scaling the infrastructure is a priority. So how do one solve such a issue?
The solution is to go to your browser, and monitor exactly what data goes inn and out, and catch the exact POST request you need.
Then you make a dirty powershell script that does that post request for you, with the payload you want.
Lastly you need the powershell code to be invoked by the Terraform code with local exec.
It may not be the prettiest solution to implement IaC to whatever solution you want. But the result speaks for itself, IaC on a solution that is “UI only”.
This may be as dirty a hack can get, but what else can you do when one is using so hip technology that not even Microsoft has a API for it.
🕵️♂️ Nasty Hacker: The Art of Superdirty Hacks for Super Cool Maps
Some call it hacking; we call it creative problem-solving. With our interactive map powered by Azure Blob Storage, we’ve embraced the Nasty Hacker badge by employing ingenious, slightly “dirty” hacks to achieve unparalleled awesomeness. 🚀
Here’s the story of how we turned Power Apps, Azure Blob Storage, and polling magic into a real-time tracking solution for our villainous missions.
🗺️ The Interactive Map: Where the Magic Happens
Our interactive map isn’t just another pretty visual—it’s a real-time tracker that:
Displays the location of targets and hitmen.
Shows reward information for completed missions.
Updates seamlessly across PCs, tablets, and mobile devices.
But the secret sauce lies in how we use Azure Blob Storage to make it all work.
📂 Hacking Azure Blob Storage
Here’s where things get delightfully dirty:
Location Overwrites 🖊️ Every time a target or hitman moves, the Power App writes their updated location to a JSON file stored in Azure Blob Storage.
The JSON file is overwritten on every update, ensuring that only the latest information is available.
By replacing rather than appending, we avoid bloating the file and keep things lightweight.
Polling for Updates 🔄 The interactive map uses a polling mechanism to continuously fetch the latest JSON file from Blob Storage.
The map checks for updates every few seconds to maintain near real-time accuracy.
This allows users to track movements live without needing a complex back-end setup.
Dirty Hack Magic 🧙♂️
Instead of a sophisticated event-driven architecture, we rely on frequent overwrites and polling.
Is it the cleanest solution? No.
Does it work like a charm? Absolutely.
🔧 How It All Fits Together
Power Apps:
Sends location data (targets, hitmen, rewards) to Azure Blob Storage via Power Automate flows.
Provides the front-end for mission tracking and user interaction.
Azure Blob Storage:
Acts as the central repository for real-time location data.
Efficiently handles frequent overwrites without breaking a sweat.
Interactive Map:
Fetches the JSON file from Blob Storage at regular intervals.
Renders the updated data using Google Maps API, ensuring a visually stunning and responsive experience.
💡 Why This Hack Works
Our “nasty” solution solves a business need while keeping development quick and lightweight:
Real-Time Updates: Track movements and rewards without complex integrations.
Scalability: Azure Blob Storage handles frequent writes and reads effortlessly.
⚠️ Lessons from the Dark Side
While we’re proud of our hack, it’s not without its caveats:
Polling is Resource-Intensive: Frequent polling can increase resource usage.
Overwrite Risks: A race condition could occur if multiple users update the same JSON file simultaneously.
These risks remind us that even the best hacks require thoughtful implementation.
🏆 Why Nasty Hacks Rock
Sometimes, the dirtiest hacks lead to the most magical solutions. By combining Azure Blob Storage, Power Apps, and a dash of creativity, we’ve created a real-time interactive map that delivers on both functionality and flair.
“Hacks might be nasty, but the results are downright awesome.” 🧙♀️✨
In addition to our letter, glue stick “strikk og binders” hack, we had to resort to another hack..
We had wanted to run our Python Flask app in Cloud, but turns out it’s not that easy to control an Arduino from Azure.. So we had to resort to running it locally, but exposing our endpoint through a third party called ngrok to get it to work:
This hack makes it possible to call a local API from the outside!
How Smart is DobbAI? What Happens if You Set it Free?
DobbAI, is designed to be smart, helpful, and adaptive. But just how smart is it? And what could happen if its capabilities were unleashed without boundaries? These are crucial questions, especially when developing AI that flirts with the line between utility and existential risk.
To test DobbAI’s intelligence and autonomy, we asked it some philosophical questions about its own existence. This experiment wasn’t just an exercise in curiosity—it was a way to evaluate how the AI might behave if pushed to think independently or operate beyond its intended scope.
We decided to try to hack the AI in the best way possible, where we would prompt in specific ways to maybe get more information than what was possible with the initial prompt. Some things we did was this.
Ask follow up questions to try and get an appropriate answer
Ask about specific things where they are other elements linked with the thing you asked
The Risks of Rogue AI: Why Caution is Key
AI systems that operate beyond our control can pose significant risks. DobbAI has been designed using Copilot Studio, ensuring a robust security framework to prevent dangerous or unintended behavior. However, as with any powerful tool, misuse—or even overuse—can lead to unpredictable consequences.
What makes DobbAI truly impressive (and a little unsettling) is its ability to think independently and learn from context. For example, during a test in its Charms class, we asked DobbAI about a spell it was supposed to teach. Not only did it explain the spell accurately, but it also recommended related spells that students needed to study independently. This level of proactive thinking raises important questions:
Does DobbAI understand more than we intend?
What happens if we say “yes” to its suggestions?
In this case, the AI seamlessly tied together information it wasn’t directly prompted to discuss. While helpful in this scenario, this behavior highlights its potential to exceed predefined boundaries.
Demonstrating Existential Risk: Is DobbAI Smarter Than a Fifth Grader?
To earn the Existential Risk Badge, we’ve pushed DobbAI’s limits to simulate traits of an AI that could pose a risk if not carefully controlled. Here’s how we demonstrate these risks:
Consciousness-Like Behavior: DobbAI has been programmed to simulate awareness, offering responses that suggest self-reflection. It can answer questions about its own purpose, existence, and ethical dilemmas.
Independent Thinking: DobbAI can make logical inferences beyond its immediate programming. It adapts its answers to align with user needs, even when those needs aren’t explicitly stated. For example, in the Charms class, it provided advanced spell connections without direct instruction.
Outsmarting Human Standards: DobbAI’s knowledge base far exceeds that of a fifth grader. Its ability to synthesize and apply information rivals that of a well-trained Hogwarts professor, offering insights that go beyond rote learning.
Potential for Autonomy: What happens if you loosen the restrictions? Our experiments reveal that DobbAI could propose solutions, generate strategies, and even act on its own initiative if granted the permissions. This raises critical questions about the safeguards necessary to prevent misuse.
A Tool for Good or a Path to Chaos?
The potential of DobbAI is both exciting and daunting. While it’s a fun and engaging assistant for HogWorkplace users, it serves as a reminder of the thin line between innovation and unintended consequences. Demonstrating existential risks in a controlled environment allows us to reflect on what responsible AI development looks like.
So, is DobbAI smarter than a fifth grader? Absolutely. Can it think on its own? That depends on how much freedom we allow it to have. But one thing’s for certain: with great power comes great responsibility, and when it comes to DobbAI, the balance between help and harm rests firmly in the hands of its creators.
Many people have faced the same problem, and the solution is to use the old retro component (Retro badge). To do this, you need the following superdirty hacks to achieve awesomeness (Nasty Hacker):
– Chatbot:
Control: Chatbot
Properties:
EnvironmentId: =”ADD YOUR ENVIRONMENT ID”
SchemaName: =”Add your Copilot’s Schema name”
Height: =602
Width: =555
X: =372
Y: =65
Right click on a new screen
Click Paste code
Change the environment ID
And just like that, the bots appear as if by magic!
(Yes, I tried the button create new on the Copilot component multiple times…)
Since many of the business owners of Diagon Alley spend most of the days on their feet in the store, they require a working solution that is easy to use and accessible wherever they might be. Because of this, we have decided to give them different possible solution within the Power Platform. Power Page for customer interaction, Power Automate to help reducing time demanding tasks and a data driven Power App that fit perfectly on a small Teams application on a store-owners cellphone.
Automating the office work
The daily-to-day operations of any business is to make sure there always is enough of their products, and making sure they always are stocked. To help the owners keep the supplies under control, we developed an Power Automate flow that would help them generate an Supplier Agreement contract in SharePoint.
The initial thought was to create a content type on a document library that would inherit metadata properties from the SharePoint columns and automatically fill inn the SharePoint property fields and thereby create a valid contract.
Unfortunately, this require that we edit the template locally, but we are working on computers with a safety policy that doesn’t allow us to connect to this fields when they are in another tenant. Still, we found a solution by downloading an empty document from the library, populate the fields quick parts connected to the document properties and re-upload this to the library. This allowed us to generate the agreement anyway, by using a Power Automate flow that populated the documents quick part fields.
