Messages

61

Modification Help / Re: Getting a server's player count cliently?

« on: September 21, 2012, 02:20:35 AM »

Cant you just do secureCommandToClient to give him false infos

Idk

No, it's protected to stop people spoofing players.

62

Modification Help / Re: How might i decrypt something?

« on: September 13, 2012, 09:18:55 PM »

The only thing that makes the one-time pad encryption method more secure than encryption functions comparable in workload is that it's impossible to know what the key used is, and therefore impossible to extrapolate the original text. Generating keys through any form of generator compromises that security.

That's also the reason you can't re-use keys. An attacker could XOR the two encrypted strings together to get the key, then XOR that against the two strings to get the original text for both, thus totally compromising the encryption.


In fact, the one-time pad is incredibly difficult to put into practice at all due to inherent vulnerabilities over any possible communication line. It's only uncrackable in a theoretic situation where both parties have successfully recieved the keytext without interception and never misuse the keytext (using any portion of it twice).

Yeah, if you had actually read my message you would have seen that only one key would be used per encrypt/decrypt. I know how the OTP works and that it has vulnerabilities, but like I mentioned it's probably one of the only schemes that is simplistic enough to be applicable in TorqueScript. To say that the OTP is vulnerable to MITM attacks is like saying cats have fur - every single cipher is.

Besides, using ciphers in Blockland just isn't worth it. Unless you're making some sort of massive slave to master server system that needs the API to be public (e.g. if you were making an MMO add-on that anyone could host and communicate with the master server or something like that), don't even bother.

63

Modification Help / Re: How might i decrypt something?

« on: September 13, 2012, 05:50:50 AM »

If you only need to encrypt it and decrypt it once, you could easily use a one time pad, otherwise the best you're going to get is a basic shift cipher (maybe a really stuffty and slow stream cipher). Depending on the frequency of requests, you might also be able to generate new keys over and over for each packet (send the new key of %n length in the next packet) and use the one time pad.

64

Modification Help / Re: canvas.setCursorPos(x,y); causing me to crash?

« on: September 07, 2012, 09:10:57 PM »

It might be different for him if (assuming) he does it ingame. The play GUI likes to do some funky stuff.

65

Suggestions & Requests / Re: Awesomium (webpage in 3D environment)

« on: September 02, 2012, 02:24:36 AM »

Badspot: Oh look, another way for a crazy woman on menopause to try and sue me.

like he gives a stuff

66

General Discussion / Re: The servers that I've visited lack so much - READ MORE

« on: September 02, 2012, 02:02:54 AM »

by mrcookie

67

General Discussion / Re: Anyone else think that we got a great deal for this game?

« on: August 31, 2012, 05:02:03 AM »

To be honest, no. $20 is the most I would pay for this game. Maybe $30, but definitely not any more.

68

Modification Help / Re: Downloading an Image

« on: August 31, 2012, 02:42:35 AM »

It's using POST because frankly there's no real reason not to. I adapted it from a script where it would POST variables so I never changed it, and there's really no reason to.

There is a reason to change it. Using a GET request is the correct way to grab a resource off a website. POST requires extra headers that a GET request doesn't - such as content-type or content-length, because a POST request is meant to have a body. A GET request only needs the essential headers in a request and will require less processing on the server-side (you might find issues with caching as well). In the long run, using a GET request uses less bandwidth.

No matter how I change it, I keep getting a bad request error. I'm too tired to really fix up the code to work with chunked downloading (why would you even do that badspot, why) so you should just use Plornt's code which should look oddly familiar (hint: it's derived from mine)

Because it's faster (especially for CDNs). When you're telling a server you're running HTTP 1.1, you're practically screaming "I love chunked encoding, please give it to me!". Try sending the header as HTTP 1.0.

69

Off Topic / Re: Stupid locker neighbors

« on: August 30, 2012, 12:19:25 AM »

You're on pal.

gosh you're fabulous

70

Off Topic / Re: Stupid locker neighbors

« on: August 30, 2012, 12:12:21 AM »

Yo and I'm saying you're always angry.

71

Drama / Re: Ephialtes vs. Kalphiter (AKA, Let's Rip on Autism)

« on: August 29, 2012, 11:59:19 PM »

"Oh look, I don't think he understands, I'm gonna call him a douche!"

He was calling him a douche because he was being a hypocrite. P.S. You're an idiot, and I'm saying it because I don't think you understand.

72

Drama / Re: Ephialtes vs. Kalphiter (AKA, Let's Rip on Autism)

« on: August 29, 2012, 11:38:45 PM »

Ephialtes has been kind of a richard lately.

Not what I'd expect from an upstanding moderator, but hey, we all have our methods.

Wow, this is hilarious. Ephialtes has been a richard "lately"? How long have you been on the forums? Ephialtes has been a richard for years, that's what he's well-known for. And to say that's not what you'd expect from a moderator is ridiculous. Badspot is also a world-class richard. Ask either of them and they will agree with me.

The thing is: 99% of the times when they are richards are a) when they're clearly in the right b) they genuinely hate the person. Ephialtes genuinely hates Kalphiter. It is not about "picking fun at autism". Most of the times that is an inside joke, and when it's not, the person's mannerisms and personality actually really do resemble autistic qualities (e.g. Kalphiter).

Sometimes I think Ephi is only a mod because Bedpost doesn't have anyone else to help him moderate the forum (bedsides Rotondo).

Or maybe because they're two of the only users on this forum who Badspot knows aren't dumb enough to break them.

Both of them have stuff arguments, and I won't give any reason why, because I'll start being called autistic for having opposing opinions, too.

Oh look, it's the opinion play. Do you want to sound anymore like a butthurt hipster? No, they are not calling him autistic because they don't like his opinion.

TL;DR, your average internet fight.  Good to see the forums haven't changed since I left.

Mmm, average internet fight, not a fan of those. Better go start another thread to stoke the fire a bit more, shouldn't we darling hypocrite?

73

Modification Help / Re: base64, sha1, hell, and me - friends 4 lyfe - still broke

« on: August 29, 2012, 05:13:36 PM »

a and c are bad and you should feel bad

74

Modification Help / Re: base64, sha1, hell, and me - friends 4 lyfe - still broke

« on: August 29, 2012, 05:47:16 AM »

The specification requires the sha1 hash to be outputted as plain binary (20 bytes) and then encoded in base 64 directly. As Truce mentioned, the sha1 function in Torque is outputting it as 2 characters per byte (hexadecimal string).

But here's my input: This is not going to work. It is perfectly possible for sha1 to output a 0x00 (NUL) byte. Collapsing the hex "00" is going to result in a NUL byte in the string, and we all know how Torque loves that. You'll end up getting a shortened form of the actual sha1 (cuts off the NUL byte and everything beyond it) which will output malformed base64.

75

General Discussion / Re: Where are all the good servers?

« on: August 29, 2012, 05:17:02 AM »

oh look it's this rant again