Good christ, yet another Flash 0-day.
At least FP got a recent update that issues basic security to help prevent unauthorized code exec on Windows.
The security geek in me is like "for the love of all that is holy let Flash die"
But the game dev in me is like.. :(
I want to switch, stop using it, and uninstall it all, but then I don't.
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
At 4/8/16 01:18 AM, egg82 wrote: You waited until now to pick up an artistic skill?
I'm almost 27, been developing for like 15 years, and I still can't draw for shit. Even my stick figures suck. >:]
At 4/8/16 04:02 PM, egg82 wrote: Good christ, yet another Flash 0-day.
Flash Player is so fucking awful that I wouldn't be surprised if it ended up with a -1 day exploit: Adobe manages to include an exploit before they even code anything.
At 4/8/16 04:02 PM, egg82 wrote:
I want to switch, stop using it, and uninstall it all, but then I don't.
Nostalgia is a bitch
not to mention we regularly visit a flash game site
Speaking of not using Flash anymore: I still say it's worth switching to HTML5. Takes some getting used to, but I much prefer working with it to Flash. (Deployment and debugging is a hell of a lot easier.)
Plus you can always use Prototype to get psuedo-OOP in JavaScript. I used Prototype to make this Flash-esque proof of concept a few weeks ago, while just dicking around one day. The implementation for that is just this:
var stage = new Malete.Stage;
var mario = new Malete.Sprite;
mario.load("/malete/img/mario.gif");
stage.addChild(mario);
stage.addEventListener("update", function() {
mario.x++;
});
Malete.setCanvas(document.getElementById("canvas"));
Malete.run(stage);
I just wanted to see how "Flash-like" I could make HTML5 be.
At 4/8/16 06:31 PM, Diki wrote: I just wanted to see how "Flash-like" I could make HTML5 be.
*cough* Haxe+OpenFL mirrors the Flash API *cough*
At 4/8/16 07:10 PM, MSGhero wrote: *cough* Haxe+OpenFL mirrors the Flash API *cough*
Yeah, but I don't like Haxe so it's not something I would ever consider using.
At 4/8/16 07:24 PM, Diki wrote: Yeah, but I don't like Haxe so it's not something I would ever consider using.
>=(
At 4/8/16 10:37 PM, MSGhero wrote:At 4/8/16 07:24 PM, Diki wrote: Yeah, but I don't like Haxe so it's not something I would ever consider using.>=(
But really though, I think you would not dislike luxe that much, which is a lower level paradigm that doesn't support flash export. It's still a haxe lib, but you get 1:1 with SDL and other very native libs. Or you have a thin abstract layer so that you can WebGL or SDL or whatever with the same API.
At 4/8/16 10:41 PM, MSGhero wrote: But really though, I think you would not dislike luxe that much, which is a lower level paradigm that doesn't support flash export. It's still a haxe lib, but you get 1:1 with SDL and other very native libs. Or you have a thin abstract layer so that you can WebGL or SDL or whatever with the same API.
I just don't like writing a language that compiles to another language which is then itself either compiled or interpreted; I'd rather just write the language it's being translated into lest I rely on the compiler accurately translating into the target language (if it doesn't, I'm fucked with no way out). And, especially so, if I'm developing an application that is sufficiently complex enough to require C++. I'm sure as shit going to want a debugger worth its salt, which is why I use Visual Studio; it makes debugging a breeze. If I opt for Haxe, I'm going to lose that functionality just for the sake of writing in a language that's just syntactically a tiny bit different. (Haxe may have support for plugins with VS but it will never be as up-to-date or reliable as VS's built-in debugger.) And if I'm writing C++, performance is most likely a concern, and if the resulting compiled application does not perform efficiently enough, I need to refactor; and then I need to determine if my Haxe code is the problem or of the C++ code my Haxe code is being compiled is the problem; if I were to just write regular C++ then I wouldn't have that extra step to deal with because I'll know it's that code that I wrote myself that is wrong.
With web development, which is what my job is, it would give me zero benefits while also making my job harder: if I wrote Haxe instead of JavaScript, I would need to write the Haxe, compile it to JavaScript, and then push that JavaScript onto production, rather than just writing JavaScript in the first place. I don't want to add extra steps between development and production just so I can write code that has static members and classes, both of which don't exist in JavaScript; it's just making me have to type out more things that aren't actually accomplishing anything. What's the point of writing out keywords that represent things that don't exist in the target language?
I'm also not fond of Haxe's syntax; it's like a mishmash of Java, C#, ECMAScript, none of which I consider to be syntactically well-designed. I don't want to deal with public/protected/private member namespaces if I don't have to; they make sense to exist in C/C++ but they weren't included in Python or Ruby for a reason. They just wouldn't be accomplishing anything. If I'm writing a language that supposedly exists to make my job easier, I don't want it littered with private and static keywords and C-like curly braces; if I'm going to write a language that makes it easier to write code, I explicitly don't want to have to deal with those, which is why Python is my favourite language: it's succinct, clear, and easy to read and write; it has no extra baggage. Writing code is hard enough as is; I don't want redundant syntax piled on top of it.
As a whole, for me, Haxe is like having a speech interepter attached to a water faucet that allows you to verbally say the temperature of water you desire, which then physcially turns the knobs on the faucet for you. If you end up getting the wrong temperature, you need to figure out if the speech interpreter is fucked or if your faucet is, and will likely end up needing to turn the knobs with your hands, which isn't difficult to begin with. It's just one step forward and two steps back. I just don't like Haxe: it's solving a problem that doesn't exist.
And that's about the best way I can explain why I don't like Haxe and why I will never use it.
I actually really like C#
What don't you like about the syntax? I find it to be very english-language-friendly and easy to read.
Okay, real talk:
I've recently been following SwiftOnSecurity religiously (thanks, MSG) and recently read up on "compression before or after encryption"
I figured the obvious answer would be "compress before", since any good encryption algorithm will result in what is essentially noise (which gets terrible compression) but others are saying "compress after" because of information leakage.
The solution to this problem is obvious: Pad the file to a series of fixed lengths before encryption. This is obviously different from encryption padding, but it eliminates estimating of the original file based on the encrypted file's length.
My problem with this is that you end up with this problem anyway, without compression. In fact, I'd argue compression helps since it adds a small amount of entropy to the original file's length because the new length is based on the repetitive nature of the file's actual contents.
Another argument is known plaintext, but honestly if you're looking at headers then simply changing the file extension will be enough. If the attacker doesn't know it's compressed (and they shouldn't) then file headers are useless because it results in simply trying to guess the headers which is as fruitless as guessing the actual file itself.
Good encryption algorithms won't leak enough information to fingerprint (see: Caesar Cipher with One-Time Pad), so I suppose as long as you pad your data beforehand and change/remove the extension there shouldn't be any information leakage anyway.
Hmm. I dunno. I still say "compress, then encrypt"
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
At 4/8/16 11:50 PM, Diki wrote: (Haxe may have support for plugins with VS but it will never be as up-to-date or reliable as VS's built-in debugger.)
I have no idea about plugins... I just debugged directly from VS the one time I had to.
But yeah, our applications are different. My game needs to go/would be cool if it went on multiple platforms, and I'm not about to learn js and cpp to do that, or even worse recode the whole thing. All of your cases seem to be single-target and possibly performance-heavy, and haxe is subpar for that. BUT if you had to rank every language-lib combination, you would like haxe-luxe more than haxe itself.
Obligatory eww php @PsychoGoldfish
Edit: I told you, Taylor Swift knows her infosec
At 4/9/16 12:55 AM, egg82 wrote: What don't you like about the syntax? I find it to be very english-language-friendly and easy to read.
In and of itself, it's not really that bad; I just find it overly verbose. (Which is the same reason I don't like Java.) Example:
using System;
class Person
{
private string myName ="N/A";
private int myAge = 0;
public string Name
{
get
{
return myName;
}
set
{
myName = value;
}
}
public static void Main()
{
Console.WriteLine("Simple Properties");
Person person = new Person();
Console.WriteLine("Person details - {0}", person);
}
}
It's just keyword and curly brace spaghetti.
At 4/9/16 02:21 AM, MSGhero wrote: All of your cases seem to be single-target and possibly performance-heavy, and haxe is subpar for that.
Yeah, I mainly only develop front-end and back-end web applications. Front-end will just be JS/HTML5, so it already supports pretty much any platform (except for maybe Opera or Safari, but I refuse to support either of them) and back-end will always be Linux (because who in their right mind would run a server that isn't Linux?).
And if I were to make a game for desktop, it would be made in either C++ and/or Python, both of which can easily be made to compile to Windows and Linux. (And probably OSX, but I don't care about or support Apple products.)
At 4/9/16 02:21 AM, MSGhero wrote: Obligatory eww php @PsychoGoldfish
Obligatory "The PHP developers are beyond retarded" comment.
At 4/9/16 11:10 AM, Diki wrote: Obligatory "The PHP developers are beyond retarded" comment.
I just did an absolute fuckton of research into integer overflows. I always sorta knew about them, but this gave me an excuse to learn more. Thanks!
(Also an interesting paper I quickly scanned through)
So from what I learned a proper solution would be to check EXPR for the possibility of an overflow (before actually performing the operation that could cause said overflow) before it's passed to the method(s) listed in that article. Am I right?
This was just retardation:
if (size > INT_MAX || size <= 0) {
Because, you know, an integer overflow is when an integer winds up with a value past its maximum possible memory allocation. Clearly unicorns wrote this code.
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
At 4/10/16 12:36 AM, egg82 wrote: So from what I learned a proper solution would be to check EXPR for the possibility of an overflow (before actually performing the operation that could cause said overflow) before it's passed to the method(s) listed in that article. Am I right?
Yep, pretty much. There are a few ways you could do it. One way would be to store the given integer in an 8-byte integer, and then just compare that to INT_MAX before storing it in a 4-byte. You could also use some kind of specialised structure for storing integers even larger than 2^64, and do the same thing (i.e. store it in the huge container before putting it into the regular one).
You could also just store the number as a string and then, if the string has the same number of digits as INT_MAX, iterate over it character by character and check if any of those digits are greater than any of the digits in INT_MAX which are in the same position. (And if the source integer has more digits than INT_MAX, you know it would overflow.)
I'm not an expert on the subject, so I don't know precisely what would be the best solution, but those would work.
At 4/10/16 12:36 AM, egg82 wrote: Clearly unicorns wrote this code.
Never underestimate how stupid and incompetent the PHP developers are. These are the same people that thought storing function pointers as strings was a good idea. Yes, I am serious. Or that their empty() function returns true if given a string containing the character '0', which is by design.
It is truly mind-boggling how terrible PHP is.
Revisiting world generation. This time trying to make the world a little more interesting, and the road generation algorithm look a little more natural.
My thinking is that the top 35% of the world will be a harder area which is purely covered in snow. Inspired a little bit by "beyond the wall" in Game of Thrones. There is always one town which is more mysterious and very difficult to capture in the snowy area. I also added city-states which are towns that are not capturable, and don't have castles. They will probably serve as player spawns.
I've yet to generate some other "points of interest" like graveyards, bandit camps, or other spawns. After this refactor I have some other things to improve before returning to the combat system.
At 4/10/16 11:08 AM, Diki wrote: I'm not an expert on the subject, so I don't know precisely what would be the best solution, but those would work.
I mean, I make it pretty obvious that I bat for the red team (because it's more fun to break things than it is to fix them) but I'm always interested in defensive techniques because I need to know what blue team is up to to stay current (and because I also develop stuff, of course)
Random side-note rant: I hate that I'm known as a web dev to everyone I know in real life. I keep getting calls from companies that want to hire me to make their website. Tell them I work in information security for god's sake!
At 4/10/16 10:19 PM, PrettyMuchBryce wrote: Revisiting world generation. This time trying to make the world a little more interesting, and the road generation algorithm look a little more natural.
Holy shit, actual game dev talk is going on in here. I heard these discussions were rare, we should screenshot it before it dies out entirely and we never get another opportunity.
Though you've got my interest right here. I freaking love worldgen. What's this for, again? And how did you create this? And a million other related questions?
Also, is this multiplayer? I also freaking love multiplayer. Why do I not know about this?? Where have you been hiding it all?!?!
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
At 4/11/16 03:27 AM, egg82 wrote: Holy shit, actual game dev talk is going on in here. I heard these discussions were rare, we should screenshot it before it dies out entirely and we never get another opportunity.
What haha. All I've been doing recently is world generation. I just got to a point where I'm "done for now" because you can only generate so much terrain and stay sane.
At 4/11/16 03:27 AM, egg82 wrote: Though you've got my interest right here. I freaking love worldgen. What's this for, again? And how did you create this? And a million other related questions?
Also, is this multiplayer? I also freaking love multiplayer. Why do I not know about this?? Where have you been hiding it all?!?!
I'm building a networked multiplayer roguelike game. I'm not very far along yet. The server (including worldgen) is all written in Go. One of the important mechanics will be capturing cities and becoming king, which brings you into a more RTS-style game where you're controlling the guards of the city, setting taxes, and managing the citizens (other players) of your city. I'm still working a lot of this out. I'll keep posting updates here.
At 4/11/16 01:22 PM, PrettyMuchBryce wrote: I'm building a networked multiplayer roguelike game
see you in 4 years
At 4/11/16 02:16 PM, Glaiel-Gamer wrote: see you in 4 years
I was thinking 1 or 2, but this is a nights and weekends project for me. So maybe you're not far off. :)
At 4/11/16 02:38 PM, PrettyMuchBryce wrote:At 4/11/16 02:16 PM, Glaiel-Gamer wrote: see you in 4 yearsI was thinking 1 or 2, but this is a nights and weekends project for me. So maybe you're not far off. :)
see you in 5 years
At 4/11/16 01:22 PM, PrettyMuchBryce wrote: I'm building a networked multiplayer roguelike game. I'm not very far along yet. The server (including worldgen) is all written in Go.
How did you end up doing the generation?
For mine, it's fairly hard-coded in a random sense. Like, there's a random chance 1-3 rocks can show up in a random open tile per map. Random chance that a hill of a certain size can show up, given that its dimensions fit. Etc. It seems kinda boring given all the algorithms I have read about, but the generation of 37k tiles happens very fast.
it fits the spec I was given == correct solution
At 4/11/16 07:09 PM, MSGhero wrote: How did you end up doing the generation?
It's not very complex. It starts off with perlin noise for an elevation map. I decrease the elevation exponentially as the tiles get closer to the edge. This ensures that the result will be a large island. The higher elevations are used for groups of trees. Then I repeatedly try random points to see if they are suitable for cities. The criteria there is just making sure they are some distance away from other cities, and that the space is empty. I repeat that for all of the cities. Then I use A* to draw roads between every building, putting a preference on taking existing roads during this search which creates a more natural-looking road system. Then at the end I place a bunch of random trees everywhere.
At 4/11/16 08:45 PM, PrettyMuchBryce wrote: It's not very complex. It starts off with perlin noise for an elevation map. I decrease the elevation exponentially as the tiles get closer to the edge. This ensures that the result will be a large island. The higher elevations are used for groups of trees. Then I repeatedly try random points to see if they are suitable for cities. The criteria there is just making sure they are some distance away from other cities, and that the space is empty. I repeat that for all of the cities. Then I use A* to draw roads between every building, putting a preference on taking existing roads during this search which creates a more natural-looking road system. Then at the end I place a bunch of random trees everywhere.
So basically the same thing I do, except I'm not making an island, and I haven't gotten to connecting the maps with Prim's/Kruskal's algos or sanity checking the layout with A*/Dijkstra's. At least I can spell that correctly without looking it up now.
See you in 4-5 years.
At 4/11/16 09:07 PM, MSGhero wrote: See you in 4-5 years.
Thanks man. My true goal in life is to be twitter famous. This game is just my vehicle to achieve that goal. Hopefully Twitter is still around in 5 years otherwise this will all be pointless.
Did a bit of password cleanup earlier today.
Yaaaay!
I was at 87% on the security score
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
Taking several courses on privacy and security as required training for a contract job I will be doing in the next few days.
I like it already. As a pentester, I also regularly enter the Matrix for all my hacking needs.
(Artist depiction of a hacker performing medical identity theft)
I think I found my new wallpaper.
".. It may be tempting to write people's confidential information in a blog.."
You're actually saying you're seriously tempted to write random people's SSNs on a blog? Reeeeeaaallly?
I know what they're saying, but the analogy is silly
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
At 4/11/16 09:25 PM, PrettyMuchBryce wrote:At 4/11/16 09:07 PM, MSGhero wrote: See you in 4-5 years.Thanks man. My true goal in life is to be twitter famous. This game is just my vehicle to achieve that goal. Hopefully Twitter is still around in 5 years otherwise this will all be pointless.
just saying Bombernauts actually did start off as a networked multiplayer co-op roguelike and I got as far as adding bombs and tiles and was like fuck it this is enough
3 years later and its not done yet
Programming stuffs (tutorials and extras)
PM me (instead of MintPaw) if you're confuzzled.
thank Skaren for the sig :P
