Topics

OK, so some of you may know that I'm a game dev student (or have been for a couple years now).  So a few friends of mine have graduated and went on to create an indie team and realize their dreams.  While in school they made a wildly popular survival racing game Nitronic Rush.  Their game went on to become probably the most successful student game in history.

Well, long story short, they're attempting to get the funds together to create its "spiritual successor" called Distance.  The primary reason here is that our school actually owns Nitronic Rush, so they can't really do anything more with it and stay afloat (we game devs need to eat, after all).  Due to this, they have turned to kickstarter to raise funding for Distance.  I'm simply trying to help spread the word.

There's only 3 days left on their kickstarter.  Having played the hell out of Nitronic Rush, I can ensure the game was a blast, and Distance has a ton of promise.  I urge anyone into these sorts of games to check it out, maybe throw a small donation their way, and help spread the word.  They're almost at their mark, but lets push them well over it!!

Distance Kickstarter

Has anyone been watching the news here lately?

Some of the things I've seen on the news as of late makes me actually ashamed to be an American. It's kind of sad that we even have this huge debate over something like this health plan... but now we have people comparing it to... Nazi's?

Really?

Nazi's??

Really really??

I mean, come on, how stupid can people really be?

This whole debate has been blown way out of proportion as of late. I mean, why is there even a debate? People are defending insurance companies who have raped and pillaged people's wallets for years. Many of these companies who, unless people forgot, tend to try to find excuses to deny coverage at every possible turn that they can.

"Oh you lapsed for 3 days"
"Well this was a pre-existing condition"
"Sorry we don't cover that"
...

Really? This whole damn debate is all over money. You have large insurance companies which feel threatened by some sort of government plan, so what happens? They raise hype, suspicion, and fear over the whole thing. What I think people fail to realize is that if they do indeed want to continue to keep their private coverage... THEY CAN.

Then you have all the job stuff people don't talk about. Illegal immigrants and their rights (also briefly brought up in this whole health care debate).

Here's a hint, they're "illegal immigrants". They should have no rights here. Patch them up, send them home, plain and simple. If they want to be in this country, they can go through the same process that other, legal immigrants, have. Same goes for having them work jobs here. How many millions of people are without a job now? Now, how many illegal immigrants have jobs here? Finally, how many jobs would be available if we started hammering down on illegal immigrants and deporting their ass left and right?

Not sure how many people here actually do programming, but this technique is applicable to all web languages. I'll be focusing on PHP in this particular example though.

When writing website systems, there's generally a few rules of thumb that you want to always follow. First, you want your users data to be secure and second, especially on high traffic sites, try to offload anything you safely can onto the users browser.

Now, some people who have used things like PHP sessions are probably using it wrong. First and foremost, with ANY session system, it's usually horrible practice to store a ton of information in the session. Generally, you want to store only id's and use that information on your backend to reference the data. Never, ever, ever store the data directly in the session. Simply put, when you start relying on doing such a thing it can end up giving you unintended consequences later down the road.

The easiest example I think I can give for this would be something like user profile information. Say after you log in a user, you decide that to keep things easy you'll just store all their profile information into their session. In things like PHP the session data is read/written to the disk (or database) each and every page load, sometimes multiple times per page load depending on how you write your system. Not only can this kill your sites performance, when you start getting more and more data it can also cause unexpected issues. For instance, one day you decide to change the session handling to store the information in a database rather than the file system, but you start getting errors because information is being truncated off and corrupting the session data itself.

The simplest way to avoid something like that is simply don't do it. It's bad practice anyhow.

Now, another nice trick, is storing the session information on the users browser in a cookie. This gives you a few advantages. Not only does it significantly simplify your session handling, it makes it so you no longer need to store/retrieve this information from a database or file system. This is best done when you are actually properly using sessions in the first place (rather than storing all the users information, store just the user id and use that to reference the users information later only when you actually need it). However, you can't just store something like a user id and hope that you won't have malicious users spoofing information.

But there is a way, and it's actually quite simple. By using something like a server-side secret value (usually something extremely long and extremely random), and hashing functions you can safely place such a thing into a cookie and make it impossible to "easily" crack (by that I mean, no encryption in the world is 100% totally unbreakable).

First of all, you'll need a non-changing secret key in your application. Something which you never, ever, distribute out to anyone (it'd break any security you add to do so). For this example, I'll be using a random SHA1 hash, but you'd likely use something a little stronger.

Secret: 2bffd564c0979f5d4bf68ab630c5234fb38b3493

Now, say you have a user log into your site. We'll say that this particular user's id is 54.

Now here's where the magic comes in, you need to generate a cookie value using your secret value, the users id, and some random seed value that you'll generate on the spot now. So lets generate our seed:

Seed: 9389552

So we now have a seed (randomly generated for each new cookie), a user id, and a secret key. Lets make a cookie (for this demonstration I'll be using SHA1 one-way encryption, you may substitute this with any other method you wish, such as SHA256).

The basic formula for this is:

UserId + '-' Seed + '-' + SHA1(UserId + Seed + Secret)

which for this case would end up being:

54-9389552-5fd41536bfb364e6fec7922297f041f13445eea8

This here is the value you would store in the users value within your cookie. But this is only the first half of it. You'll need to read and validate the cookie too. So here we go (I assume people know how to read/write cookies who have gotten to this point).

First, if the cookie is set, read in the value. In this case the value of our cookie was "54-9389552-5fd41536bfb364e6fec7922297f041f13445eea8".

Now, split the cookie up so you have the user id, seed, and generated sha1 value:
uid = 54
sed = 9389552
hsh = 5fd41536bfb364e6fec7922297f041f13445eea8

At this point you have all you need to make sure that this cookie is valid to allow access for user 54 to the user. Simply compare the hash with another hash generated using the same method above:

If 5fd41536bfb364e6fec7922297f041f13445eea8 EQUALS SHA1(uid+sed+Secret)

then your id is valid, otherwise they're spoofing and you can handle it however you want to.

Ok so, this poses an interesting question as I'm bored and need a project to work on outside of normal work stuff.

What is it that people look for in web comic software? Like what sorts of features aside from being able to upload the pages and browsing them?

I mean as in certain things that people look for in different packages. Things that people wish were provided but rarely are. Certain useful features that exist in most suites. Plugin options, advertisement systems, surveys, etc...

Multiple DB support options (MySQL, PostgreSQL, SQLite, File System, etc...)

(no Xeph I'm not thinking anything like Artica, I'm looking at stand-alone setups with simplistic installation methods)

Now I know a lot of people who work in PHP have heard about Smarty, but I tell ya I've never seen something so horribly over-complex as it.

Tell me the use of a templating language that can't even do string concatenation in a somewhat simple and sane manner? How about that it complies template to raw php code which can quickly become a nasty security hole on shared hosts? That's not to mention that it's flat out a pain in the ass in many situations and isn't exactly web designer friendly. The worst part is you have to MANUALLY escape things during output, which from a security standpoint is *retarded*. Things should be escaped by default and you should need to tell it not to.

Well now there's a templating system that exists that is sane, is just as fast as smarty, more secure, escapes things intelligently, and is web designer friendly.

I can also vouch for it's speed and ease of use as we've now used it on a few rather decent sized contract projects.

http://php-sugar.net/

I'm hoping this can come in handy for some people who are a little more code-oriented here.

Looks cool as hell:

http://www.swordofthenewworld.com/

[Warning:]

See, as I stated, I'm a professional web developer, but apparently unlike many out there I have a concept of things like security. It's for reasons such as a few below that I actually have a job in the first place.

Warning: Some of this is sort tech-coder-geeky

http://worsethanfailure.com/Articles/Secure-This-.aspx

http://worsethanfailure.com/Articles/Banking-So-Advanced.aspx

http://worsethanfailure.com/Articles/Not-Doing-Nothing.aspx

As a prospective game developer I tend to like to pop some questions like this out in random places for feedback. It helps in getting an idea of what people look for in a game, what catches attention, and what sort of things remain memorable for years to come. So, without further delay:

What games do you remember for not their graphics, not their game play, but their music?

Well, so I'm finding myself in need of some basic character shapes to build 3d models around (front, back, side, and top view) so I decided to start messing around with vector graphics again. After composing some sort of general character framework for a front view, I asked Xepher for some critique info and after a few revisions got something a bit more acceptable than the original (11 revisions so far). However, I'm no artist and it'd be greatly appreciated if some of y'all could give some critique information on anything that needs to be changed.

Now rather than just posting the latest revision, I decided to just post the images location, which contains all of them from revision 1 to revision 11:

http://images.databits.cc/templates/female/

Currently, the female front is the only thing that is near completion, so there's a long ways to go, and there will certainly be more of these postings in the future. 

Thanks!

I used to be working on a small game of my own. I did everything for the entire project, from the game engine programming to the graphical creation to the music and sound effects. Needless to say, I bit off more than I could chew and probably only really excelled in the area of software programming more than anything.

However, while going through some really old files I found some of my music creations. Since I don't plan on using any of these within my projects now, I decided to upload them and share them here. May as well eh?

Most of these are fitted for perfect looping in any player far as I remember. Town 3 and 4 were never taken very far and all of them never really left draft stages. Town 4 was the last attempt at music creation that I took before I dropped the project completely.

• Adventure 01
  
• Untitled Music 01
  
• Title 01
  
• Town 01
  
• Town 02
  
• Town 03
  
• Town 04

Well, something that those like Xepher know but many of the rest of you do not is that I (used to) work from home as a professional web developer. Recently I have decided to rent an office and begin trying to expand horizons in terms of clients and whatnot. Up until this point I have pretty much worked more or less for a single person for their clients, not as an employee but as an outsourced programmer. But now that I'm going to be venturing out and trying to find some of my own clients, I'll be needing resources that I do not have.

One of those resources, is artists.

Now, things are going to start off pretty slow, but in the meantime it doesn't mean I can't at least look for people who may be interested. So at the moment I'm looking for those who are good at web art (don't need to worry much about the specifics of the html/css, I've got that handled) and/or flash. Chances are, if I begin to get contracts I'll need artists on a per-contract basis. Since I've been here at the Xepher community for a long time, and considering that these will most definitely be paid contracts, I figured I'd give people here a chance first.

To begin, an example of your work would be nice. Once again, I'm not looking for W3C compliance or anything like that, but I'd like to see what those who are interested can do. Be it a personal site for your comic here, some example quick flash thing, or even other people or company sites you've done. Some sort of idea of rate information would also be helpful, but not necessary at this time.

Thank You,

Databits

All right, check it!

Starcraft 2

Hope everyone has a fun and safe holiday today!

Enjoy!

http://www.hongfire.com/cg/data/25/Pirate1.swf

http://www.alexa.com/data/details/traffic_details?url=xepher.net

Not bad, you've got a higher ranking than most large companies Xeph.

Some guy trying to actually build a flying saucer.

http://www.freep.com/apps/pbcs.dll/article?AID=/20061227/NEWS04/612270379

So I guess in 8 months we'll see what a lack of technology know-how and physics will get you when you do something like this.

use games to make videos and such. But really this is the first time I've seen a fighter game used to make one, it's kinda amusing.

http://youtube.com/watch?v=5JG4BpAY7A4

Who would do this to their poor pet rat?

I've found myself quite bored with WoW, may move along to something else like Warhammer Online. However, it leave the question that need be asked... what causes boredom in some online games and not others? As a programmer interested in game design, and a consumer who has experienced this first hand numerous times, I honestly think this is an interesting thought. How do you keep players interested for long periods of time??

Now my ideas on some of the things happen to do with social interaction. In WoW, the social interaction is pretty much limited to a bare minimal. Usually when it comes down to it, I think raiding is actually very bad for the game itself. Having content that players need to go through repeatedly 100's of times just doesn't seem like it'd be the greatest of designs to keep players truckin on through and happy.

Aside from that, I think it's the general look of the game itself. While Ragnarok Online (a former game I played) had a bright and cheery graphic set, WoW has an always rather dull and boring graphics set. Pretty much all the color tones get to a dark and dismal look for almost all the end game content (which is pretty much the entire gameplay for WoW). It's like they're limited to a palette of dark grey, brown, green, and orange colors... for EVERYTHING. It's really rather dull after awhile. For anyone who's played WoW, you'd know what I'm talking about. You never at any point see some nice bright sunny green fields, vast blue as BLUE water, or anything like that in the game. It's always the same, no matter where you go.

Lastly, guilds... have no point in the game. The general function of the guild in WoW is for a large group to organize things. Rarely do you see a lot of interaction within the guild itself, and due to the game design, there isn't a whole lot of things you can do "as a guild".

These are just some late night rough thoughts on this, anyone else care to add some to it?

So uhm, someone seems to have gotten to ie7.com before microsoft, and the most amusing part is... well... you take a look.

http://www.ie7.com/