At 4/4/16 08:45 PM, MSGhero wrote:

At 4/4/16 08:28 PM, Diki wrote: I'm pretty sure he's talking about regular C++, so what you would do in Haxe wouldn't apply, and if it is in fact the latter: I hope I don't actually need to answer that question.

I may or may not have oversimplified.

Eh, I was just sarcastically saying that if someone asks why C++ doesn't do what higher level languages do: the clue is in the title.

Also:

At 4/4/16 08:14 PM, MSGhero wrote: Edit: Haxe's dead code elimination doesn't compile variables, functions, and classes that I'm not using, and the analyzer even deletes local variables I'm not using. So why is C++ so dumb?

C++ won't fix that for you—it can't really do anything for you, as C++ is just a language, really—but any C++ compiler worth its salt will fire off warnings if you define variables that are never used.

However, it won't not compile anything that's not in use—most of the time—because doing so could possibly be worse than the alternative, or the compiler simply does not have the information required to determine if a class or function is not being instantiated/called. It is possible that the compiler will be able to figure out that it can omit something, but it will only do so if it can be 100% certain of it.

So, it probably won't omit unused functions and classes, but sometimes it will. It's very circumstantial.

Like most decisions the compiler makes, it's done to be in accordance with the spec: it will do whatever the fuck it wants so long as the resulting program is in compliance with the spec, and the spec doesn't say anything about omitting unused shit.

So, if haxe is eliminating those functions/classes, it's either doing a bunch of shit that will negatively impact pre or post compilation performance, or it's not being in compliance with the spec.

This is one of the poorest attempts to exploit my computer I've ever seen.
It didn't even execute when I ran it in my VM.

pcap file.

At 4/5/16 01:46 PM, egg82 wrote: This is one of the poorest attempts to exploit my computer I've ever seen.
It didn't even execute when I ran it in my VM.

pcap file.

what the hell have you been doing to get so many zips and exes emailed to you? worst I ever get is obviously sketchy links... all sent to a separate spam catcher email address I have...

At 4/5/16 05:15 PM, Glaiel-Gamer wrote: what the hell have you been doing to get so many zips and exes emailed to you? worst I ever get is obviously sketchy links... all sent to a separate spam catcher email address I have...

I've had that e-mail account for over 12 years and I use it for all of my "iff-y" stuff. I just checked my spam box and found a ton of shit in it. Decided to test it all out.

Man, I just set my new game server up two days ago and I get flooded with these e-mails.
Them automated bots is fast.

I decided to fuck with tech support scammers.
:D

Aw, I thought you guys would enjoy that video :(
Well, I finally made one on hacking if anyone's interested?

At 4/8/16 12:03 AM, egg82 wrote: Aw, I thought you guys would enjoy that video :(
Well, I finally made one on hacking if anyone's interested?

I haven't had free time in the past few days, so I just looked through the scam one. When he took control of your desktop or at least screenshared it, is there no indication that it was a VM? For you, there's the "Send ctrl alt del", but that would be pretty bad if it were visible to the VM itself.

I'm not sure why I'm awake tbh. Part of me wants to learn to draw, but the other part wants to sleep.

At 4/8/16 12:52 AM, MSGhero wrote: I haven't had free time in the past few days, so I just looked through the scam one. When he took control of your desktop or at least screenshared it, is there no indication that it was a VM? For you, there's the "Send ctrl alt del", but that would be pretty bad if it were visible to the VM itself.

The only indication of a VM is the VirtualBox icon in the system tray, which is optional client software to integrate nicely with the host. Otherwise, no. It just looks like a normal Windows system. You can't see or interact with the window it's in or desktop behind it.

I'm not sure why I'm awake tbh. Part of me wants to learn to draw, but the other part wants to sleep.

You waited until now to pick up an artistic skill?
I'm just surprised it took you until college to say "yeah, this might be something I want to do" in a major field of study.

At 4/8/16 01:18 AM, egg82 wrote: You waited until now to pick up an artistic skill?
I'm just surprised it took you until college to say "yeah, this might be something I want to do" in a major field of study.

It's mostly been motivation as far as art is concerned. Programming is kind of an art, and I've done a good bit of that, and I also do uni newspaper which is an art (layout; writing stories is like kinda an art). So I have a few half-arts I've been doing for a while. I've been sketching in Krita some, but not consistently enough to my liking.

My unrealistic goal is to make my ideal game mostly by myself. Programming is fine, art I want to learn, and I have 26 gb of sound effects that I hope just assemble themselves. Obviously, I know how hard it is to just do programming, but it's kinda nice to have something to aim for.

Bought the Crosshair-V Formula-Z a while back but discovered it didn't come with TPM. Bought this two days ago.
I'm happy now.

No performance issues with games since they're stored on an entirely separate drive.

Good christ, yet another Flash 0-day.
At least FP got a recent update that issues basic security to help prevent unauthorized code exec on Windows.

The security geek in me is like "for the love of all that is holy let Flash die"
But the game dev in me is like.. :(

I want to switch, stop using it, and uninstall it all, but then I don't.

At 4/8/16 01:18 AM, egg82 wrote: You waited until now to pick up an artistic skill?

I'm almost 27, been developing for like 15 years, and I still can't draw for shit. Even my stick figures suck. >:]

At 4/8/16 04:02 PM, egg82 wrote: Good christ, yet another Flash 0-day.

Flash Player is so fucking awful that I wouldn't be surprised if it ended up with a -1 day exploit: Adobe manages to include an exploit before they even code anything.

At 4/8/16 04:02 PM, egg82 wrote:

I want to switch, stop using it, and uninstall it all, but then I don't.

Nostalgia is a bitch

not to mention we regularly visit a flash game site

Speaking of not using Flash anymore: I still say it's worth switching to HTML5. Takes some getting used to, but I much prefer working with it to Flash. (Deployment and debugging is a hell of a lot easier.)

Plus you can always use Prototype to get psuedo-OOP in JavaScript. I used Prototype to make this Flash-esque proof of concept a few weeks ago, while just dicking around one day. The implementation for that is just this:

var stage = new Malete.Stage;
var mario = new Malete.Sprite;

mario.load("/malete/img/mario.gif");

stage.addChild(mario);
stage.addEventListener("update", function() {
  mario.x++;
});

Malete.setCanvas(document.getElementById("canvas"));
Malete.run(stage);

I just wanted to see how "Flash-like" I could make HTML5 be.

At 4/8/16 06:31 PM, Diki wrote: I just wanted to see how "Flash-like" I could make HTML5 be.

*cough* Haxe+OpenFL mirrors the Flash API *cough*

At 4/8/16 07:10 PM, MSGhero wrote: *cough* Haxe+OpenFL mirrors the Flash API *cough*

Yeah, but I don't like Haxe so it's not something I would ever consider using.

At 4/8/16 06:31 PM, Diki wrote: I just wanted to see how "Flash-like" I could make HTML5 be.

I have not used it personally, but I think CreateJS, EaselJS in particular, does something like that.

At 4/8/16 07:24 PM, Diki wrote: Yeah, but I don't like Haxe so it's not something I would ever consider using.

>=(

At 4/8/16 10:37 PM, MSGhero wrote:

At 4/8/16 07:24 PM, Diki wrote: Yeah, but I don't like Haxe so it's not something I would ever consider using.

>=(

But really though, I think you would not dislike luxe that much, which is a lower level paradigm that doesn't support flash export. It's still a haxe lib, but you get 1:1 with SDL and other very native libs. Or you have a thin abstract layer so that you can WebGL or SDL or whatever with the same API.

At 4/8/16 10:41 PM, MSGhero wrote: But really though, I think you would not dislike luxe that much, which is a lower level paradigm that doesn't support flash export. It's still a haxe lib, but you get 1:1 with SDL and other very native libs. Or you have a thin abstract layer so that you can WebGL or SDL or whatever with the same API.

I just don't like writing a language that compiles to another language which is then itself either compiled or interpreted; I'd rather just write the language it's being translated into lest I rely on the compiler accurately translating into the target language (if it doesn't, I'm fucked with no way out). And, especially so, if I'm developing an application that is sufficiently complex enough to require C++. I'm sure as shit going to want a debugger worth its salt, which is why I use Visual Studio; it makes debugging a breeze. If I opt for Haxe, I'm going to lose that functionality just for the sake of writing in a language that's just syntactically a tiny bit different. (Haxe may have support for plugins with VS but it will never be as up-to-date or reliable as VS's built-in debugger.) And if I'm writing C++, performance is most likely a concern, and if the resulting compiled application does not perform efficiently enough, I need to refactor; and then I need to determine if my Haxe code is the problem or of the C++ code my Haxe code is being compiled is the problem; if I were to just write regular C++ then I wouldn't have that extra step to deal with because I'll know it's that code that I wrote myself that is wrong.

With web development, which is what my job is, it would give me zero benefits while also making my job harder: if I wrote Haxe instead of JavaScript, I would need to write the Haxe, compile it to JavaScript, and then push that JavaScript onto production, rather than just writing JavaScript in the first place. I don't want to add extra steps between development and production just so I can write code that has static members and classes, both of which don't exist in JavaScript; it's just making me have to type out more things that aren't actually accomplishing anything. What's the point of writing out keywords that represent things that don't exist in the target language?

I'm also not fond of Haxe's syntax; it's like a mishmash of Java, C#, ECMAScript, none of which I consider to be syntactically well-designed. I don't want to deal with public/protected/private member namespaces if I don't have to; they make sense to exist in C/C++ but they weren't included in Python or Ruby for a reason. They just wouldn't be accomplishing anything. If I'm writing a language that supposedly exists to make my job easier, I don't want it littered with private and static keywords and C-like curly braces; if I'm going to write a language that makes it easier to write code, I explicitly don't want to have to deal with those, which is why Python is my favourite language: it's succinct, clear, and easy to read and write; it has no extra baggage. Writing code is hard enough as is; I don't want redundant syntax piled on top of it.

As a whole, for me, Haxe is like having a speech interepter attached to a water faucet that allows you to verbally say the temperature of water you desire, which then physcially turns the knobs on the faucet for you. If you end up getting the wrong temperature, you need to figure out if the speech interpreter is fucked or if your faucet is, and will likely end up needing to turn the knobs with your hands, which isn't difficult to begin with. It's just one step forward and two steps back. I just don't like Haxe: it's solving a problem that doesn't exist.

And that's about the best way I can explain why I don't like Haxe and why I will never use it.

I actually really like C#
What don't you like about the syntax? I find it to be very english-language-friendly and easy to read.

Okay, real talk:
I've recently been following SwiftOnSecurity religiously (thanks, MSG) and recently read up on "compression before or after encryption"
I figured the obvious answer would be "compress before", since any good encryption algorithm will result in what is essentially noise (which gets terrible compression) but others are saying "compress after" because of information leakage.

The solution to this problem is obvious: Pad the file to a series of fixed lengths before encryption. This is obviously different from encryption padding, but it eliminates estimating of the original file based on the encrypted file's length.

My problem with this is that you end up with this problem anyway, without compression. In fact, I'd argue compression helps since it adds a small amount of entropy to the original file's length because the new length is based on the repetitive nature of the file's actual contents.

Another argument is known plaintext, but honestly if you're looking at headers then simply changing the file extension will be enough. If the attacker doesn't know it's compressed (and they shouldn't) then file headers are useless because it results in simply trying to guess the headers which is as fruitless as guessing the actual file itself.

Good encryption algorithms won't leak enough information to fingerprint (see: Caesar Cipher with One-Time Pad), so I suppose as long as you pad your data beforehand and change/remove the extension there shouldn't be any information leakage anyway.

Hmm. I dunno. I still say "compress, then encrypt"

At 4/8/16 11:50 PM, Diki wrote: (Haxe may have support for plugins with VS but it will never be as up-to-date or reliable as VS's built-in debugger.)

I have no idea about plugins... I just debugged directly from VS the one time I had to.

But yeah, our applications are different. My game needs to go/would be cool if it went on multiple platforms, and I'm not about to learn js and cpp to do that, or even worse recode the whole thing. All of your cases seem to be single-target and possibly performance-heavy, and haxe is subpar for that. BUT if you had to rank every language-lib combination, you would like haxe-luxe more than haxe itself.

Obligatory eww php @PsychoGoldfish

Edit: I told you, Taylor Swift knows her infosec

At 4/9/16 12:55 AM, egg82 wrote: What don't you like about the syntax? I find it to be very english-language-friendly and easy to read.

In and of itself, it's not really that bad; I just find it overly verbose. (Which is the same reason I don't like Java.) Example:

using System;
class Person
{
    private string myName ="N/A";
    private int myAge = 0;

    public string Name
    {
        get 
        {
           return myName; 
        }
        set 
        {
           myName = value; 
        }
    }

    public static void Main()
    {
        Console.WriteLine("Simple Properties");
        Person person = new Person();
        Console.WriteLine("Person details - {0}", person);
    }
}

It's just keyword and curly brace spaghetti.

At 4/9/16 02:21 AM, MSGhero wrote: All of your cases seem to be single-target and possibly performance-heavy, and haxe is subpar for that.

Yeah, I mainly only develop front-end and back-end web applications. Front-end will just be JS/HTML5, so it already supports pretty much any platform (except for maybe Opera or Safari, but I refuse to support either of them) and back-end will always be Linux (because who in their right mind would run a server that isn't Linux?).

And if I were to make a game for desktop, it would be made in either C++ and/or Python, both of which can easily be made to compile to Windows and Linux. (And probably OSX, but I don't care about or support Apple products.)

At 4/9/16 02:21 AM, MSGhero wrote: Obligatory eww php @PsychoGoldfish

Obligatory "The PHP developers are beyond retarded" comment.

At 4/9/16 11:10 AM, Diki wrote: Obligatory "The PHP developers are beyond retarded" comment.

I just did an absolute fuckton of research into integer overflows. I always sorta knew about them, but this gave me an excuse to learn more. Thanks!

(Also an interesting paper I quickly scanned through)

So from what I learned a proper solution would be to check EXPR for the possibility of an overflow (before actually performing the operation that could cause said overflow) before it's passed to the method(s) listed in that article. Am I right?

This was just retardation:

if (size > INT_MAX || size <= 0) {

Because, you know, an integer overflow is when an integer winds up with a value past its maximum possible memory allocation. Clearly unicorns wrote this code.

At 4/10/16 12:36 AM, egg82 wrote: So from what I learned a proper solution would be to check EXPR for the possibility of an overflow (before actually performing the operation that could cause said overflow) before it's passed to the method(s) listed in that article. Am I right?

Yep, pretty much. There are a few ways you could do it. One way would be to store the given integer in an 8-byte integer, and then just compare that to INT_MAX before storing it in a 4-byte. You could also use some kind of specialised structure for storing integers even larger than 2^64, and do the same thing (i.e. store it in the huge container before putting it into the regular one).

You could also just store the number as a string and then, if the string has the same number of digits as INT_MAX, iterate over it character by character and check if any of those digits are greater than any of the digits in INT_MAX which are in the same position. (And if the source integer has more digits than INT_MAX, you know it would overflow.)

I'm not an expert on the subject, so I don't know precisely what would be the best solution, but those would work.

At 4/10/16 12:36 AM, egg82 wrote: Clearly unicorns wrote this code.

Never underestimate how stupid and incompetent the PHP developers are. These are the same people that thought storing function pointers as strings was a good idea. Yes, I am serious. Or that their empty() function returns true if given a string containing the character '0', which is by design.

It is truly mind-boggling how terrible PHP is.

Revisiting world generation. This time trying to make the world a little more interesting, and the road generation algorithm look a little more natural.

My thinking is that the top 35% of the world will be a harder area which is purely covered in snow. Inspired a little bit by "beyond the wall" in Game of Thrones. There is always one town which is more mysterious and very difficult to capture in the snowy area. I also added city-states which are towns that are not capturable, and don't have castles. They will probably serve as player spawns.

I've yet to generate some other "points of interest" like graveyards, bandit camps, or other spawns. After this refactor I have some other things to improve before returning to the combat system.

At 4/10/16 11:08 AM, Diki wrote: I'm not an expert on the subject, so I don't know precisely what would be the best solution, but those would work.

I mean, I make it pretty obvious that I bat for the red team (because it's more fun to break things than it is to fix them) but I'm always interested in defensive techniques because I need to know what blue team is up to to stay current (and because I also develop stuff, of course)

Random side-note rant: I hate that I'm known as a web dev to everyone I know in real life. I keep getting calls from companies that want to hire me to make their website. Tell them I work in information security for god's sake!

At 4/10/16 10:19 PM, PrettyMuchBryce wrote: Revisiting world generation. This time trying to make the world a little more interesting, and the road generation algorithm look a little more natural.

Holy shit, actual game dev talk is going on in here. I heard these discussions were rare, we should screenshot it before it dies out entirely and we never get another opportunity.

Though you've got my interest right here. I freaking love worldgen. What's this for, again? And how did you create this? And a million other related questions?

Also, is this multiplayer? I also freaking love multiplayer. Why do I not know about this?? Where have you been hiding it all?!?!

At 4/11/16 03:27 AM, egg82 wrote: Holy shit, actual game dev talk is going on in here. I heard these discussions were rare, we should screenshot it before it dies out entirely and we never get another opportunity.

What haha. All I've been doing recently is world generation. I just got to a point where I'm "done for now" because you can only generate so much terrain and stay sane.

At 4/11/16 03:27 AM, egg82 wrote: Though you've got my interest right here. I freaking love worldgen. What's this for, again? And how did you create this? And a million other related questions?

Also, is this multiplayer? I also freaking love multiplayer. Why do I not know about this?? Where have you been hiding it all?!?!

I'm building a networked multiplayer roguelike game. I'm not very far along yet. The server (including worldgen) is all written in Go. One of the important mechanics will be capturing cities and becoming king, which brings you into a more RTS-style game where you're controlling the guards of the city, setting taxes, and managing the citizens (other players) of your city. I'm still working a lot of this out. I'll keep posting updates here.