At 8/2/16 04:55 PM, Diki wrote: You don't need to do this:

Why did you have to post this a day before my vacation D:
I'll be back in a week and fix it. Obviously "password storage done right" should be done right.

Most of the backend code is old, which got me into my old way of thinking about things- before tokens and such existed in my head. I'm thinking temporary auth tokens would be a better way to go with the cookies.

The reason for the encryption is to make a database dump just that much harder to muddle through. Obviously the keys are still there (actually I'm now thinking about setting the keys to some hashed form of the user's password. That sounds like a fantastic idea. Can't hurt, anyway.)

I'll look into more openssl functions for encryption. I'l also look into turning the backend database file into more of a wrapper for PDO than anything else. When I originally created it I wanted it to work exactly like the old mysql functions for easier migration. Now that's passed it makes more sense for it to be its own thing.

Having a RESTFul API isn't a bad idea either. JSON anyone?

Sadly MVC isn't really my thing. If anyone wants to help turn it into MVC once I'm done modifying it later, that would be really great?

At 8/2/16 09:22 PM, egg82 wrote: Obviously "password storage done right" should be done right.

Quick fix: change the name

At 8/2/16 11:23 PM, GeoKureli wrote: Quick fix: change the name

Made me laugh, though I might seriously do it :P

FIANLLY! Ubuntu in Windows is here :D

At 7/25/16 08:08 AM, Diki wrote:

At 7/25/16 06:25 AM, Rustygames wrote: - If you use an unsigned integer for your iterator, the loop will become infinite if it's allowed to go below 0, since the number will wrap back up to a large positive number

So long as i-- is used as the conditional, an integer underflow won't be an issue. You'd have to do something pretty goofy (or downright wrong) with the conditional to cause an infinite loop.

I didn't notice i-- was being used as the conditional. You're right, that works better :)

At 8/2/16 09:22 PM, egg82 wrote: Why did you have to post this a day before my vacation D:

That's how I roll.

At 8/2/16 09:22 PM, egg82 wrote: The reason for the encryption is to make a database dump just that much harder to muddle through. Obviously the keys are still there (actually I'm now thinking about setting the keys to some hashed form of the user's password. That sounds like a fantastic idea. Can't hurt, anyway.)

My point was that it's already difficult to muddle through due to the hashes. Encrypting a hash is just not really accomplishing anything.

At 8/2/16 09:22 PM, egg82 wrote: I'll look into more openssl functions for encryption. I'l also look into turning the backend database file into more of a wrapper for PDO than anything else. When I originally created it I wanted it to work exactly like the old mysql functions for easier migration. Now that's passed it makes more sense for it to be its own thing.

I'd try not to go overboard with making a PDO wrapper. By itself, it can do pretty much anything you would need it to. It can take some getting used to if you're accustomed to the mysql_ functions, but it makes life a lot easier. Most ways you're likely to fetch data can be done with a single line. Such as returning a single value, not an array:

Or, if you want to fetch multiple rows and have the value of one of the fields be the array key:

Whatever the first column being selected is, that will be the key. Having a column with repeated values will just append the array that the index refers to, which also means that a column with just one value will have a one-length array. You coul add PDO::FETCH_UNIQUE to the fetch type if you had multiple values but only want one of them. (It will end up selecting the last row with the repeated value.) Using PDO::FETCH_UNIQUE will also mean you don't need to fart around with two-dimensional arrays:

A lot of PHP is utter shit, but PDOs are actually pretty good. Definitely worth reading up on them.

At 8/2/16 09:22 PM, egg82 wrote: Sadly MVC isn't really my thing. If anyone wants to help turn it into MVC once I'm done modifying it later, that would be really great?

MVC is pretty simple when you get down to it: just separate your application into three components (i.e. the models, views, and controllers) that have their own specific purpose.

Your controller is basically the brains of the operation; it is where requests get sent, and it decides what to do with them, and validates them; it's also what communicates with the models and views, as models and views should never communicate with each other, only ever with the controller.

The model is where your SQL operations go; so, if you want to log a user in, you would have the controller receive the login request, validate that a username/email and password has been sent and that they don't appear to contain malicious data, send that off to the model, which will respond to the controller if the login succeeded, and the controller will pass that result off to the view. Pretty much any reading or writing operation, regardless of where it is reading from or writing to, goes in the model.

The view is just a representation of the current state for the user to see. Sometimes having a view by itself is not necessary and can be put directly in the controller. (But it's still generally a good idea to not be lazy and put them together, especially for something being used in production, lest you create more work for yourself down the road.) So, if you were using a template engine, such as Twig—and you really should always be using a template engine for web development—your view would handle rendering the correct template and passing it the correct parameters. (The parameters would be given to the view by the controller.)

Just break things down so you're not mixing operations together. It makes it far easier to work with and change. Having your reading/writing operations in the model means that those bits of code don't care what that information is being used for; it just does it's thing and returns the result. It makes re-using code a hell of a lot easier.

At 8/1/16 03:39 AM, egg82 wrote: New website
[...]
Whaddya think? The website was done in less than a day, but I think it came out pretty alright.

Just saw this and I can't help myself and have to post this.

At 8/3/16 09:27 AM, Diki wrote: Just saw this and I can't help myself and have to post this.

But bootstrap is so good and does so many things for you and there's no reason not to use it it's basically de facto now are you even a web developer if you don't use bootstrap and jquery it's 2016 why even write anything yourself you can skin it so it makes it like yours I absolutely love all those classes on my elements it's my favourite part of bootstrap it just has everything built into it have you even used bootstrap 4 it uses this thing called sass it's kind of a huge deal right now in 2016 it's like css but you have variables like in real programming languages I guess you could call me a programmer now.

God fucking damn.

I did a quick test where I built a few components in Bootstrap as well as in my preferred BEM and Stylus approach. I literally saw no reason to use Bootstrap after that. I personally haven't used Bootstrap 4, and it seems to be going in the right direction, but there still isn't much incentive for me.

Great website, though.

At 8/3/16 01:36 PM, Sam wrote: I did a quick test where I built a few components in Bootstrap as well as in my preferred BEM and Stylus approach. I literally saw no reason to use Bootstrap after that. I personally haven't used Bootstrap 4, and it seems to be going in the right direction, but there still isn't much incentive for me.

I like using Bootstrap's theme for forms because they look nicer than browser defaults and I'm not competent enough in that department to design my own. I also tend to use it for backend admin panels, but having to this shit gets old fast:

Suffice it to say, I avoid using Bootstrap whenever possible because it's a fucking pain in the ass to write.

At 8/2/16 11:50 PM, egg82 wrote: FIANLLY! Ubuntu in Windows is here :D

I'm restarting now, but I don't understand Linux enough to be happy for it. I do have a Linux box now, but the program I'm using it for seems very gui-based, and even my haxe compiles aren't just cmd. Not for me I guess ¯\_(ツ)_/¯ it's an optional feature anyway.

I'm really bad with terminology. Is there a term for something that converts native generic objects into typed objects? I've since been calling the class a Deserializer, but seems incorrect, based on other deaerializer classes I've seen. For instance:

Assuming this is haxe or flash and JSON.decode() converts to native objects, what would you call myWhateverThing?

At 8/5/16 12:43 AM, GeoKureli wrote: Assuming this is haxe or flash and JSON.decode() converts to native objects, what would you call myWhateverThing?

Resolver, it resolves the type of the object.
Typer, it types the object.
myWhateverThing, it's faster since you already have that.

At 8/5/16 12:43 AM, GeoKureli wrote: I'm really bad with terminology. Is there a term for something that converts native generic objects into typed objects? I've since been calling the class a Deserializer, but seems incorrect, based on other deaerializer classes I've seen. For instance:

var point:Point = myWhateverThing.create(JSON.decode('{"type":"com.package.Point", "x":"5", "y":"10"}'));

Assuming this is haxe or flash and JSON.decode() converts to native objects, what would you call myWhateverThing?

If it were me, I'd create a generic class—called just something like BaseObject—and create a method for that called fromJSON which does the same thing, and have all classes which need that functionality extend that class, so it would look like this instead:

Which would also have that method call JSON.decode() as it's not really necessary to have that outside the static function.

But if I were to do it the way you are now, I'd call the class JSONToObject or JSONConverter.

At 8/5/16 07:54 AM, Diki wrote: If it were me, I'd create a generic class—called just something like BaseObject—and create a method for that called fromJSON which does the same thing, and have all classes which need that functionality extend that class

That's an issue ofc if you aren't in a position to extend a class. In haxe, you can add metadata and the function to the subclass or class whose property that is to achieve roughly the same thing. It's how the native Serializer works, although I'm not a fan of its output format.

@GeoKureli if your json isn't modified or reloaded during runtime, you could write a macro to do this for you at compile time. I have one that parses my json during compile time, and at runtime I have an object instead of having to parse anything. I did that when I saw json parsing allocated literally hundreds of thousands of strings across the duration of my profiling.

At 8/5/16 09:45 AM, MSGhero wrote: That's an issue ofc if you aren't in a position to extend a class.

Yeah, if you're working with with classes you don't control you'd need to use some static class. Could do this:

I'm assuming Haxe would let you pass classes to a function like that to be constructed.

At 8/5/16 09:59 AM, Diki wrote: var butts:Sprite = Converter.fromJSON(Sprite, '{"x":10,"y":195}');

The reason the json is formatted the way I specified is because my entire levels are 1 giant JSON file created by some editor program. For instance. So 1 JSON may reference any class in my library

At 8/5/16 09:45 AM, MSGhero wrote: @GeoKureli if your json isn't modified or reloaded during runtime, you could write a macro to do this for you at compile time. I have one that parses my json during compile time, and at runtime I have an object instead of having to parse anything. I did that when I saw json parsing allocated literally hundreds of thousands of strings across the duration of my profiling.

Got any references on this? for now I'm loading in all json/assets at runtime so an artist can test changes without compiling, but on release that would probably be the best way to go.

At 8/5/16 01:40 PM, GeoKureli wrote: Got any references on this? for now I'm loading in all assets so an artist can test changes without compiling, but on release that would probably be the best way to go.

I added the ability to edit the object midgame rather than editing the json file (since I test in flash and don't have easy file system access). So any changes we make have to be actually changed in the files.

As far as references...that's funny. The only real documentation for macros is other people.

https://github.com/MSGhero/haxe-things/blob/master/msg/utils/Build.hx At `parseJSONFiles`, I have haxe check the syntax of all my jsons, report the line numbers of all errors if any exist, and then parse if no errors. Nothing in that function will make sense to you, but if that's all you need to do, then drag n drop.

Edit: I found 3 bugs in haxe making this one macro because no one had ever done this specific weird shit before.

Just wrote up Lazy Theta* pathfinding, and it's pretty much just A* with a line of sight check. I modified it slightly to account for the width and height of my searchers so that a clear line of sight but a too-tight fit returns false. I also made up the line of sight algo on the spot, so hopefully it doesn't suck.

I'm being reminded of the data structures class I took 3 years ago. I made a priority queue out of a linked list, then remembered that heaps have better add times. I'm not changing it, though, because I don't care about data structures that much.

Wow haxe flixel indie Gogo hit 200%. Any bets on what the final amount will be? I'll say 9k

At 8/9/16 08:29 PM, GeoKureli wrote: Wow haxe flixel indie Gogo hit 200%. Any bets on what the final amount will be? I'll say 9k

Probably. More ppl are becoming interested in becoming sponsors/the bigger tiers as well.

I finished Lazy Theta* for haxe, and it's literally just A* with a line of sight check. Haven't tried it on a big grid yet, but this output might be good enough to use for all my pathfinding in Enki Adventures. It accounts for the bounding boxes of the seeker and the goal as far as avoiding obstacles.

@egg82 https://github.com/cliffe/secgen

I've returned from my vacation in Las Vegas (DefCon 24) to find my PC's OS HDD failed. At first I thought the Win 10 update screwed up, but then I discovered after I used it for a while on any OS I couldn't read or write to it at all.

I've only had it for like four months :(

Ah, well. I'm replacing it with a 500GB SSD next week anyway. Woo!
In the meantime, I put Ubuntu on my internal SSD until I can get things fixed. Good thing all my data is either on other drives or on Dropbox- the only thing that one had was an encrypted Windows system + apps.

Secgen looks interesting. I'll give it a try later since I'm in Ubuntu anyway. That reminds me I also heard about some online service that lets you rent vulnerable servers to pentest while I was standing in line for DefCon tickets. Nobody knew what it was called, though. Any ideas?

Edit: Taking a closer look, my Ubuntu system doesn't seem to be seeing my other WD Black drive full of Steam games, either. Weird..
Maybe I just accidentally unplugged the cable? I'll check later.

Edit 2: Yeah, I figured out why it didn't see the other drive.
.. Look, I got frustrated. Don't judge me.

I tried installing Nvidia proprietary drivers on Ubuntu to get multi-monitor working, but unfortunately it doesn't work without disabling Secure Boot & UEFI which I sure as hell am not about to do- so I skipped it and am sticking with a single monitor for the week. Sucks, but whatever.

Decided I'd install VirtualBox as a semi-test because I never get the pleasure of running linux on this PC. Turns out the drivers it installs are unsigned so Secure Boot & UEFI need to be disabled.

.. You know what? Here's a solution: SIGN YOUR FUCKING DRIVERS YOU LAZY BASTARDS.

/rant

@MSGHero I got SecGen to start working (finally) after spinning up a VM for it. Took some work, though.
Pull requests ahoy.

So, yeah. I got VMs running under a VM. Yo dawg..

Now to figure out how in the hell I'm going to network this so everything's still accessible from the outside. Hooking it into my public-facing CTF won't be a challenge, thankfully.

At 8/14/16 05:11 PM, egg82 wrote: Now to figure out how in the hell I'm going to network this so everything's still accessible from the outside. Hooking it into my public-facing CTF won't be a challenge, thankfully.

*inserts "way over my head" emoji*

I finished implementing the new pathfinding algo. It works. Better than my old nape-based solution. It's faster, less memory-intensive, and no obvious edge cases.

If I had started with A* like I knew I should have, Lazy Theta* is an hour more code, half of which is understanding the garbage pseudocode in the research paper.

I should probably use a heap-based Priority Queue instead of a linked list one...hm

I'm gonna write a blog post about my pathfinding findings.

complete with crappy ms paint drawings

Edit: @Sam you were right

At 8/14/16 05:40 PM, MSGhero wrote: *inserts "way over my head" emoji*

I'm thinking "OpenVPN into the VirtualBox network" would work absolutely perfectly.

I'm gonna write a blog post about my pathfinding findings.

^ This

but why

At 8/16/16 02:52 AM, Glaiel-Gamer wrote: but why

Because yes.

JESUS FUCKING HELL I dodged a bullet. The ONE TIME I got lazy and didn't check the full sig..

Nopenopenopenopenopenopenopenope

Pathfinding findings http://enkiangames.tumblr.com/

PSA Alert: NSA tools have been leaked to the general public. These tools are seriously dangerous and will cause a lot of damage in the wrong hands; now they're in everybody's hands. Lock everything you can down as tight as you can until updates and patches arrive for the zero-days now released into the wild. Trust nothing and nobody.

Edit: Following the style of the leaks, I made a codename for this operation: DUCKANDCOVER

At 8/19/16 04:00 PM, egg82 wrote: PSA Alert: NSA tools have been leaked to the general public. These tools are seriously dangerous and will cause a lot of damage in the wrong hands; now they're in everybody's hands. Lock everything you can down as tight as you can until updates and patches arrive for the zero-days now released into the wild. Trust nothing and nobody.

i got nothing to hide