Messages

406

General Security Information / Re: Whitehouse.gov tracks users with an invisible image

« on: January 02, 2006, 09:31:53 pm »

AFIAK cookies can't work cross-domain so I don't get how that can be used for tracking. Referer only shows the last site you visited and thats only if you click a link for the site on the last site. Both of these are standard things for browsers to do. It seems sorta silly to be sending a webserver such information and then bitch when someone decides to analyze it. Basically if you don't want to share limited information fix your browser and don't complain about what said website does.

407

General Security Information / Re: Whitehouse.gov tracks users with an invisible image

« on: January 02, 2006, 08:12:44 pm »

Uh huh, and its not like the whitehouse.org site couldn't do it themselves so I don't get what the big deal is? Its not something evil but the story makes it out to be that way.

408

General Security Information / Re: Whitehouse.gov tracks users with an invisible image

« on: January 02, 2006, 07:51:01 pm »

Perhaps I'm missing something these days, but how is this any different then simply looking at the web server logs?

409

General Discussion / Re: Computer Illiterate Parents Suck

« on: January 01, 2006, 06:29:48 pm »

Haha, lifting the rules on snowball fights is a massive liability issue; they'd never comply to that.

yeah, it's just like skateboards: what happens if the school allows it and somebody gets injured?  The school gets sued++. Because people in the US are so sue-happy (I'm told), they can't possibly lift that regulation. 

Oddly enough my school allows both and AFIAK they have never had any problems with it. Although I think they disallowed skateboards this year, likely not because of people getting hurt but because the people involved in that group were uhh sketchy at best.

As far as parents go, I wouldn't know as both of mine are rather computer literate. Since Nate seems to want to brag, my dad has written code thats run on some of the fastest super computers in the world. Beat that?

410

[x86] Announcements / Re: Apache 2.2.0

« on: December 31, 2005, 06:52:35 am »

Is your MySQL server running on the box you have with the most memory? If not you should try putting it on there, or perhaps moving it off the webserver box anyways just for the hell of it to see the effect.

411

iago's forum / Re: Hot Sauce

« on: December 27, 2005, 05:41:43 pm »

Chile goes w/everything.
Here we have it in eggs, burritos, pancakes, icecream, uh..., burgers

Indeed, green chile pizza is yummy++.

However breakfast burritos from Chile Works are the best thing ever. Potatoes, cheese, eggs, bacon, red/green chile in a tortilla can't be beat(Some people even put sour cream on top, I can't handle that). Its so popular that often when theres nothing going on during class at school the teacher will ok a burrito run.

412

Botdev / Re: Trivia Bot by Joe[e2]

« on: December 24, 2005, 10:26:27 pm »

I implemented those commands because Stealth has those in StealthBot. Why don't you all go bitch at him?

Last time I checked, he wasn't a power freak.

*coughs*

413

New Project Announcements / Re: Web based MUD/RPG

« on: December 24, 2005, 10:24:49 pm »

I've started work on the basic systems for it. You can see my progress so far at http://www.advancedcontent.net/zorm/RPG/.

I'm working on authentication things now. I intend to use SHA-1 and a salt to hash the passwords for storage in the database. Should I try and use javascript to hash the passwords before the client sends them to the server? Does anyone have a secure method of generating a salt?

Thinking through this project I also realized I'll need protection against bots and such at various stages in the game. One obvious place this is needed is at account registration. It will require an email and a link will be sent to that email in order to activate the account. Is there anything that can be done about those 'one' time use email accounts? My general feeling is there isn't a whole lot that can be done. The other thing that will be needed is some sort of CAPTCHA to prevent automated registrations and playing of the game. I'll make some simple checks that will try and detect 'bot' like activity, if its triggered a CAPTCHA will be shown and no other actions allowed until it has been passed.

This brings me to my next point on the CAPTCHA. The simple text ones have been broken and are often insanely hard to read even by humans, clearly this won't work. My idea was to show a simple picture and give 4 options for what the picture is(the options and picture will all be a single image). Then the user enters the letter of the correct option to pass the test. The problem with this is that the picture can't be truely random because I don't know of a way to reliably generate pictures of objects. So I'll likely end up with 5-10 pictures, would performing simple transformations on them be enough to stop something from recognizing them? My other thought is that perhaps I'm overthinking this and such measures won't be needed as its unlikely someone smart enough to solve the problem will play my game anyhow.

414

New Project Announcements / Web based MUD/RPG

« on: December 22, 2005, 05:22:25 pm »

I've decided I want to make a web based MUD/RPG. I already have a story line(borrowed from a D&D world, but the creator will let me use it). Having this the next step becomes actual design of the game and world. Since this will be made in PHP and a lot of the information will be somewhat dynamic it appears the best method would be to use a MySQL database to store information about possible monsters/items that can appear in the world. The world itself will likely be hardcoded as it will be static.

Perhaps another method would be better than a MySQL database? Does anyone have suggestions and is anyone out there capable of making lots of decent 'pixelish' artwork?

415

General Security Information / Re: mIRC Exploit Found

« on: December 22, 2005, 03:06:17 pm »

At first I thought this might be something neat and then i realized its a local exploit and totally lame.

416

New Project Announcements / Re: Digital Text CMS (Continued from AC discussion)

« on: December 10, 2005, 01:30:40 am »

Security should be done at the time of initial coding and not something added later. You'll likely have enough problems with obscure bugs that will just be added too if you forget to add security to something.

417

New Project Announcements / Re: Digital Text CMS (Continued from AC discussion)

« on: December 09, 2005, 10:18:43 pm »

Also unless im missing something it looks like just about all of your SQL queries are open to injection?

418

New Project Announcements / Re: Digital Text CMS (Continued from AC discussion)

« on: December 09, 2005, 10:07:02 pm »

See http://www.advancedcontent.net/demo/ for rather clear flaw in the way your code works.

419

General Programming / Re: Interesting Problem

« on: December 08, 2005, 03:18:46 pm »

We used to do these everyday in English class last year for fun. The method we used to solve them most often was looking at patterns in the letters of words. For example "people" is I believe the only word with a abxaxb pattern. My English teacher from last year knew a whole bunch of these and it helped lots. Once you get to this point you could likely just start filling in letters and trying to match them to actual words. You don't have to worry about names all that much because you can normally fill in all the other words and get the letters needed.

This seems like a lot of fun perhaps I'll start writing some code and see what I come up with.

420

General Programming / Re: Java final project!

« on: December 04, 2005, 09:23:59 pm »

Depending on exactly how complex the AI needs to be it should be rather easy to do. If you just need a basic AI that you can play against I'd suggest this:

Have 4 states:
Advancing
Attacking
Retreating
Sacrifice

Advancing:
This would be the state at the start of the game, you could decide on a simple goal like to get the pawns to the other side of the board. Basically you just need a strategy for how you want to move when pieces aren't at stake.

Attacking:
This would be when you can take an opponents piece. You can setup basic rules for this like "If I take this piece will the piece I take it with be taken?" If the answer is yes then you compare the values of the pieces. If the piece you are using is worth less than the piece you can take then take it. Overwise look for a better move. If the answer is no then you take it no matter the value of the pieces.

Retreating:
This would be when the opponent can take a valuable piece on their next move if you don't move something. Likely this should only be on the King+Queen; however, you could attach it to a random piece that isn't the pawn to make the game more interesting.

Sacrificing:
This would be when the King is in check and it has to be not in check at the end of the turn no matter the cost.

To make a more advanced AI you could just expand on these ideas. Say for example advancing, you could have an internal list of good setups for defense and have the AI try to move its pieces to form said defensive position.

If you do something like this you avoid the complex task of trying to have an all knowning AI that needs advanced formulas and such. A few basic rules and you are good to go.