At 9/11/14 01:03 PM, Sam wrote: We need an AS: Main-esque thing that starts with the basics and brings in new concepts in AS3 where each chapter is written by a different reg.

The amount of inexperienced knowledge floating about is horrendous.

Share the knowledge, boys.

There are tonnes of books that do that though. I don't know if enough people will read it to be worth our time :(

At 9/11/14 05:15 AM, slugrail wrote: 2 x 2gb of 1333Mhz RAM costs $50 here in Australia. 8gb is more than double that (I've seen some being sold for $170). That's dirt cheap wherever you are!

RAM's cheap here, you can pick up some generic crap for under $20 which is what I did. Not fancy or even terribly good, but it gets the job done so meh.

At 9/11/14 01:03 PM, Sam wrote: We need an AS: Main-esque thing that starts with the basics and brings in new concepts in AS3 where each chapter is written by a different reg.

sure, but how do we do that without turning it into AS:Main? Like, how's all that going to work?

At 9/11/14 02:17 PM, Rustygames wrote: There are tonnes of books that do that though. I don't know if enough people will read it to be worth our time :(

I doubt many of the people who post here are reading those books. I feel like having a resource directly on Newgrounds would benefit a lot of people and stop these ridiculous threads.

At 9/11/14 02:21 PM, egg82 wrote: sure, but how do we do that without turning it into AS:Main? Like, how's all that going to work?

I feel like AS: Main had a lot of specific stuff that wasn't really necessary. There should be language essentials and programming concepts and then let people figure out how to use these things to build the things they want.

At 9/11/14 02:47 PM, Sam wrote: I doubt many of the people who post here are reading those books. I feel like having a resource directly on Newgrounds would benefit a lot of people and stop these ridiculous threads.

We can't stop them; we can only hope to lessen them. No one reads stickies, no one knows the wiki links exist, no one uses search, and a normal thread will be lost after a few weeks.

I'm trying to find the specs on the iPhone 6, specifically CPU and GPU speed, and I haven't found anything. Wiki says 1.4GHz (unconfirmed), but how many cores?
Is it more or less powerful than my Nexus 7? Nobody knows.

I found an article that says the iPhone 6 processor has over two billion transistors but THAT MEANS ABSOLUTELY NOTHING.

Same thing happened with the XBox One, if people remember. Had over 2 billion transistors or some bullshit and was STILL less powerful than the PS4 or any PC from 6 years ago. If I have a pile of two billion transistors does that mean I have a powerful processor, then? Is that how that works?

/rant

At 9/11/14 05:56 PM, egg82 wrote: I'm trying to find the specs on the iPhone 6, specifically CPU and GPU speed, and I haven't found anything. Wiki says 1.4GHz (unconfirmed), but how many cores?
Is it more or less powerful than my Nexus 7? Nobody knows.

I found an article that says the iPhone 6 processor has over two billion transistors but THAT MEANS ABSOLUTELY NOTHING.

Same thing happened with the XBox One, if people remember. Had over 2 billion transistors or some bullshit and was STILL less powerful than the PS4 or any PC from 6 years ago. If I have a pile of two billion transistors does that mean I have a powerful processor, then? Is that how that works?

/rant

It is most definitely much, much faster than a Nexus 7 (I've got one too). It's a dual core variant of (my guess) an ARM Cortex A53 OR a die shrink of the same A15 used in the Apple A7 chip (from 28nm to 20nm I guess) clocked slightly higher and where they used that extra space to squish more GPU transistors.

Apple says the A8 is 25% faster in CPU perf and up to 50% faster in terms of GPU.

Seeing as the K1 is a Kepler-based GPU with 192 CUDA cores it's nearly equivalent to the Fermi GT 540m in my laptop (192 Kepler CUDA cores = 96 Fermi CUDA cores). The K1 can run the T-Rex demo from GFXBench 3.0 60 FPS @ 1080P. The iPhone 5S could run it at 40 FPS at 640p (for comparison the Nexus 7 2013 runs it at 15 FPS at 1080p). Since Apple's increased resolution to 1080p they must've taken into account the extra horsepower needed to run at that resolution, so its safe to say at 1080p it is 50% faster than the A7. We're looking at around the same level of performance as the K1.

The Apple A7 chip is a dual core variant that had a geekbench 3 score of ~1500 PER core. 2x 1500 = 3000 multithreaded score. A Snapdragon 801 is a quad core ARM Cortex A15 SoC clocked at 2.4ghz. Single threaded Geekbench 3 scores show ~800-900 per core. So in theory the dual core A7 @ 1.3ghz scores 1500 p/core while a quad core S801 at 2.3-2.4ghz scores around 800-900 p/core. A quadcore S4 Pro @ 1.5ghz (on the Nexus 7) scores around 500 p/core. My Intel i5 2410m scores 2500 p/core at 2.3ghz for comparison.

Tl;Dr: Apple A8 CPU > K1 >= Apple A8 GPU > Apple A7 CPU (iPhone 5S) > S801 = Apple A7 GPU > Apple A6X >= Snapdragon 600 > Apple A6 (iPhone 5) > Snapdragon S4 Pro >= Apple A5x > Apple A5 (iPhone 4S).

More stats:
A7 ~ 115 GFLOPS for GPU compute and 700+ GFLOPS for CPU compute.

Apple really has been in the forefront of mobile CPU and GPU innovation for the last 3 years. http://www.anandtech.com/show/7460/apple-ipad-air-review/4

At 9/12/14 12:15 AM, slugrail wrote: Apple really has been in the forefront of mobile CPU and GPU innovation for the last 3 years.

Did they commission you to drop that knowledge? :P

At 9/12/14 12:15 AM, slugrail wrote: Apple really has been in the forefront of mobile CPU and GPU innovation for the last 3 years. http://www.anandtech.com/show/7460/apple-ipad-air-review/4

Shame they're a bunch of wankers though

At 9/12/14 12:17 AM, MSGhero wrote: Did they commission you to drop that knowledge? :P

Hahahahaa I wish I was getting paid! Just regurgitating what I've read from Anandtech. Great site for analysis and benchmarks before you buy that new Intel i7 5960X or you invest that $1000 on a new iPhone :P

At 9/15/14 05:05 AM, Rustygames wrote: Shame they're a bunch of wankers though

Yeah agreed, their marketing campaigns are going stale (been using the same 'amazing new best iPhone yet' line for ages) for their overpriced products and I think a lot of people are realizing an (recently matured) alternative and cheaper ecosystem & platform exists (thanks Google).

At 9/15/14 05:45 AM, slugrail wrote:

At 9/15/14 05:05 AM, Rustygames wrote: Shame they're a bunch of wankers though

Yeah agreed, their marketing campaigns are going stale (been using the same 'amazing new best iPhone yet' line for ages) for their overpriced products and I think a lot of people are realizing an (recently matured) alternative and cheaper ecosystem & platform exists (thanks Google).

No to mention the slave labour, fair competition rule breaking and the other slew of nasty business practises Apple are known for (to those who aren't blinded by the shiny marketing)

At 9/15/14 06:17 AM, Rustygames wrote: No to mention the slave labour, fair competition rule breaking and the other slew of nasty business practises Apple are known for (to those who aren't blinded by the shiny marketing)

Well, the more people buy the iPhone 6 on the 19th the better I get paid, so I dunno if I wanna complain about it all that much.

Yeah, I'm gonna hit commish x10

Mordor: https://github.com/HaxeFoundation/haxe/blob/development/gencommon.ml

At 9/15/14 11:11 AM, egg82 wrote: Well, the more people buy the iPhone 6 on the 19th the better I get paid

I think we have arrived at the root of the problem ;)

At 9/15/14 11:11 AM, egg82 wrote: Well, the more people buy the iPhone 6 on the 19th the better I get paid, so I dunno if I wanna complain about it all that much.

Genius Bar I'm guessing?

At 9/16/14 07:35 AM, slugrail wrote:

At 9/15/14 11:11 AM, egg82 wrote: Well, the more people buy the iPhone 6 on the 19th the better I get paid, so I dunno if I wanna complain about it all that much.

Genius Bar I'm guessing?

If mario egg man was one of those I wouldn't speak to him any more

At 9/16/14 07:35 AM, slugrail wrote: Genius Bar I'm guessing?

No idea what that is, so I'm guessing not.
Nope, I sell protection and accessories for mobile devices. Basically I lie to people and steal their money.. Legally.

Posting in a thread about communicating across domains, it's got me wondering about authentication.

I've been giving AngularJS a go, and I'm attempting to build a RESTful API to expose my data. I'm obviously building this API as if any developer can use it, AngularJS is just what I want to use to build a "web app".

How the fuck do I secure my API?

If I were building a website "conventionally", my website's server would make the requests to the API using some key, process the data and spit out the view for the user. The key is never exposed publicly so there's no risk of someone taking that key and using it to make malicious requests to the API.

But, using Angular, all the means of getting data is passed to the client and the client executes it and displays it and whatever. So if I were to use a key, they could sniff the traffic and see it clear as day in the request. If I encrypt the key then they can still just use that because I'd have to decrypt it on the other end anyway.

I feel like I'm missing something here, but I think this is an interesting topic so let's have a chat.

Oh no ads. And I haven't gotten paid yet. The page is lagging so hard right now.

Edit: There is no edit button.

At 9/20/14 04:14 PM, Sam wrote: How the fuck do I secure my API?

The answer is: you don't.

The key is called "cookies". When you emit a "Set-Cookie" header browsers will automatically pass that variable back to your server.

You're right that HTTP can always be intercepted, because you would have to use math tricks to share a key with a server in a way that can't be intercepted. Fortunately this stuff is also automatically handled by servers and browsers: secure connections.

If you're using a service like Heroku or Azure to host your server , you can just change the URL to "https:" and a secure connection will be used. Now your interchange is not interceptable.

At 9/26/14 09:53 AM, yoloswag69 wrote: The key is called "cookies". When you emit a "Set-Cookie" header browsers will automatically pass that variable back to your server.

You're right that HTTP can always be intercepted, because you would have to use math tricks to share a key with a server in a way that can't be intercepted. Fortunately this stuff is also automatically handled by servers and browsers: secure connections.

If you're using a service like Heroku or Azure to host your server , you can just change the URL to "https:" and a secure connection will be used. Now your interchange is not interceptable.

I'm not sure I fully understand. To store a cookie I need to run some client side JavaScript, which is just vulnerable, no?

My imaginary API worked like this: devs sign up, are given a key, that key is used to allow them to access only data specific to that key. I had no idea what this "API" would do (i.e. what data I was going to store), only the way devs would interact with it.

The problem was that in an Angular app, all requests are made "client-side". So if you make the request in Angular via the http module:

The devs server does none of the requesting, no preprocessing is done, so the key is essentially plain text to any user of the app.

I spoke with a developer at work and the solution we came up with this. As a dev and user of my super cool API, you can either:

Inject the key into the request via something like an Apache module or run some server script to route the requests, and add the key there.

It shouldn't be my concern if the developers adequately secure their key.

If your site requires registration (?) you will already be able to easily secure your API in the backend, just like you secure any other page request.

In regards to the devs using your API: they should route the API call through their own backend, making the actual API call go from server to server.

I misread what you were trying to ask. Angular is not important in this context, it's just a clientside library.

It can still be done, but the dev key should be stored on a server.
1) App user (client) requests authorization to app server
2) App server requests auth URL to API server using dev key
3) API server generates URL, app server redirects client to URL
4) Client visits URL, API server generates a session, client gets cookie, redirects back to app page
5) App runs, client now has cookie for API server, all HTTP calls to //api.wow send the cookie identifying the client and the app they're using

This is how OAuth works.

At 9/26/14 08:08 PM, yoloswag69 wrote: I misread what you were trying to ask. Angular is not important in this context, it's just a clientside library.

Well, it was the initial point. "Can I even make it secure if all the dev is using is a client side library". I was too stuck in the mindset of "make it as easy as possible for anybody", but it boils down to them needing a backend to hide the request to the API from the user of their application, regardless of what authentication method I use (key or user/pass or whatever)

At 9/26/14 05:24 PM, knugen wrote: In regards to the devs using your API: they should route the API call through their own backend, making the actual API call go from server to server.

Is basically what it came down to.

At 9/27/14 10:10 AM, Sam wrote: Well, it was the initial point. "Can I even make it secure if all the dev is using is a client side library". I was too stuck in the mindset of "make it as easy as possible for anybody", but it boils down to them needing a backend to hide the request to the API from the user of their application, regardless of what authentication method I use (key or user/pass or whatever)

Well, since we know this is what OAuth is, a dev could use a third party service for this purpose.

https://oauth.io

This lets you keep all your app keys private.

For those FD users:

https://twitter.com/kircode/status/517397355902275584

Alt+click and drag

At 10/2/14 06:55 PM, MSGhero wrote: For those FD users:

https://twitter.com/kircode/status/517397355902275584

Alt+click and drag

Damn, that's nice. I'd be cool if FD worked with Unity and C#, one of the nicest IDEs I've ever used.

At 10/4/14 12:37 PM, Wurmy wrote:

At 10/2/14 06:55 PM, MSGhero wrote: For those FD users:

https://twitter.com/kircode/status/517397355902275584

Alt+click and drag

Damn, that's nice. I'd be cool if FD worked with Unity and C#, one of the nicest IDEs I've ever used.

Really? I think IntelliJ is the best. If not that then Eclipse (FDT for flash) or Flash Builder. Flash develop is always a last resort for me because it's so lacking in features that I take for granted in the others I mentioned.

At 10/5/14 06:43 AM, Rustygames wrote: Really? I think IntelliJ is the best. If not that then Eclipse (FDT for flash) or Flash Builder. Flash develop is always a last resort for me because it's so lacking in features that I take for granted in the others I mentioned.

IntelliJ's IDEs are great but a bit of a memory hog. For some reason I use them for everything but Haxe and AS3, but I might have to set up a workflow cause I seriously love them.