GiveUpAlready.com - Blogs - Carnage

you know the drill

Carnage — Fri, 11 Feb 2011 15:53:47 GMT

another week: more tracks

Carnage — Tue, 25 Jan 2011 15:59:52 GMT

Continuing my series of 'good' tracks i've been finding

Carnage — Tue, 18 Jan 2011 11:31:37 GMT

another good track

Carnage — Tue, 21 Dec 2010 17:00:18 GMT

Saving this for later

Carnage — Thu, 16 Dec 2010 11:17:31 GMT

3 trance tracks.

How I fixed email (not totally yet) part 1

Carnage — Sat, 29 Aug 2009 11:38:23 GMT

This guide isn't how to set stuff up, its a general debugging guide plus a few reminders for me if it ever breaks.

So, the setup is simple.

Virtualmin/webmin/usermin
Postfix
Dovecot

Problem is they aren't playing nicely together.

The first step was to get the dammed things working in isolation. I started with dovecot. Virtualmin's automatic installation/configuration didn't quite work and left a few configuration issues that caused dovecot to crash whenever it was connected to. Fortunatly they were simple to resolve. Redirecting its logfile from /dev/null to a file i could read revealed (one at a time) the 4 or 5 problems with the setup which I googled for correct values for and fixed the server. Eventually it worked.

Recieving email was another issue. The fix was slightly more complex; but involved reading the /var/log/maillog (A big log file) fixing the issue (a missing aliases file fixed with postmap /etc/aliases no idea why virtualmin didn't do this itself as it runs the postmap command on all the OTHER mapping files it uses) At this stage to fix another issue (part 2) I also recompiled postfix to include mysql support (on bsd the port to use is postfix-current not postfix)

After the servers were running without complaining I had to add an aditional mapping into the virtual map file to allow an email to recieve emails.

This setup works however only for username@domain.com virtualmin insists on adding a system user for each mail account this is a huge issue on freebsd. After some research the answer was to use mysql and instead of using virtual_alias_maps to use virtual_MAILBOX_maps. Virtualmin dosn't support this, but i'm hoping to use some clever trickery to have it write emails to a different place than it thinks its doing. More on this in part 2 when i have it working.

Game Design: Making formulas make sense

Carnage — Mon, 24 Aug 2009 12:03:29 GMT

I was going to post this up in KOC as a suggestion on how to fix sabotage however, as some people mentioned that rocco may not be too receptive to suggestions of this nature (I'm guessing he gets a lot of them) I figured I'd take a slightly more generalised approach and go into how to design an algorithm for an online game using kings of chaos as an example where needed.

So, how should you go about desiging an algorithm for sabotage (or any feature for that matter)?

Firstly, to make an (online) game fun it needs to be balanced and consistant.

For a game to be balanced, it should mean that every player has the same chance of doing well. At the moment i'd say koc isn't balanced. Looking at the top ranks the majority of the top players are dwarves. Also, the only gaming stratergy that works in the long run is to have a huge defence a huge TFF and bank your gold as often as possible. Foe suffers from a similar mono stratergy issue but it is something i'm working to compensate for.

For a game to be consistant, the game should play how the player expects it to and shouldn't deviate from that very often. If it plays differantly to how a player would expect, it should at least alwats behaive in that manner. An easy example here; if my attack is greater than a players defence I expect to be able to beat them if I attack them, if for some reason the opposite is true (lower strike beats higher defence) then if i go on to attack another player with a higher defence than my attack, i would expect to beat them.

With these two key properties in mind we can start to design an algorithm but first, a quick look at what is there at the moment.

1) sab turns.
In my oppinion these are redundant. It makes no sense at all to ever use less than 5.

2) number of spies
Again, no one has ever offered any proof that more than one spy is better than just sending one.

3) weapons
In my experiance it is far more difficult to sab an IS or BPM than it is to sab a NUN or a LT. This may not acctually be the case, but if it is its rather stupid. All the weapons have the a similar gold value, they should be equally difficult to sab

4) AAT's
This is something in the current system which i think works well. It seems to be set at about the right level, however with the other proposed changes to the system, this will need a few tweaks to remain as effective.

Design criteria

1) Higher spy should prevail against lower sentry
2) A lower spy should still be able to do damage to a high sentry but this damage should be less than (1)
3) Smaller accounts should take less damage
4) In general a high sentry should mean less damage from sabotage
5) In general having high spy should mean you can do a lot of damage.
6) A sab account should be a viable method of play
7) A sab account should be beatable

Player assumptions

The following is a list of things that a player may assume when presented with a sab form

1) bigger weapons are harder to sab than smaller ones. (eg easier to sab a dragonskin than an IS)
2) sending more spies makes it easier to sab weapons
3) sending more spies make it more likely you'll get caught
4) using more turns increases the chance you'll be caught
5) using more turns increases the damage you can do
6) its harder to sab 2 weapons than 1

A good system would forfill these assumptions or not allow them to be made in the first place.

First pass.

There are so many variables in the current system, as a first pass attempt at a design I will set a number of these in stone to make other criteria easier to resolve.

1) Turns.
The current system is confusing an unneeded. Drop turns all together. Instead, each player may make one sucessful attempt per 24 hours and has 10 tries per player to get an attempt to succeed

2) Spies.
25 is probably too many, the max will be reduced to 10

3) AAT.
As a first pass, the ATT of the target will be doubled, this means that the system stays the same as before.

Algorithm.

At its core, the algorithm needs to decide the differance between the sentry of the target and the spy of the sabber. A simple ratio is too volatile considering that some accounts have over a billion spy compared to accounts which have 100k sentry. We deal with this using a log and the max function (putting a cap on the ratio)
Code:
max(-2,log2((sentry+1)/(spy+1)))
This gives a number between -2 and +infinity. With a value close to 0 if the sentry and spy are close to each other, -1 if the spy is double the sentry, -2 if the spy is more than quadruple the sentry. On the other end of the spectrum, if the sentry is quadruple the spy you get a value of 2, 3 if the sentry is 8x the spy etc.

The next step is to define a mapping between the number coming out of that forumla and a %age success rate. Considering a few things:

1) -2 should be the most likely to succeed.
2) values of 2 of greater should have a very low chance of success (this makes it similar to the current 3x sentry to be unsabbable)
3) even at -2 there should still be a chance of failing.
4) even at a high number (eg 25) there should be a very very slight chance of suceeding.

My suggestion here would be a mapping akin to this:
Code:
value | base sucess rate
-2: 90%
-1: 75%
0: 60%
1: 30%
2:10%
3:5%
4:1%
5:0.1%
These values are fairly arbitary and need to be subjected to some mathmatical analisis. Esp when combined with the modifiers below.

The base success rate assumes sending 1 spy to sab 1/10 of a persons AAT. The maximum that 1 spy would be able to sab is 1/10th AAT. Attempting to send 1 spy to sab more than 1/10th would result in an error informing you that 'Your spy's are only and can't possibly sab that much at once.'

The sucess rate is then modified based on the AAT/spys ratio sabbing for the full AAT with 10 spies gives the same ratio as sabbing 1/10th with 1 spy, but sabbing 1/20th with 2 spys gives 4 times that ratio.

Sending more spies increases the risk to you; if you send 10, you could potentially loose upto 10 Nuns and 10 spies. Only increasing/decreasing the amount you try to sab change the sucess chance.

Essentially, the idea being that if I (with a pathetic 50 million spy) were to try and sab someone with 50 billion sentry, i'd fail. A lot. However since their AAT would probably be 1000+ I may well be able to succeed if i sent 10 spies to try and sab 1 or 2 weapons at a time. This brings balance to the game: A small account can do about the same amount of damage to a large account that the larger account can inflict back on them (due to the smaller account having a lower AAT)

This formula is incomplete and before being implemented would need to go through several stages of Analisis and Refinement.

For the analisis stage, you would simply take some values from the database and figure out what the results would be; look for anomolies; perhaps its too easy for someone to sab someone with 10x their spy. You would then enter the refinement stage and edit the %ages a little and try again till you got the result that you were after.

Finially the resulting system should be compared to the design brief and to the player assumptions. (new assumptions would need to be made based on the new system) If its behaviour is consistant the system is good. If it isn't, either you need to further refine the system or you need to explain to the player how it dosn't meet their expectations through some sort of feed back as they are playing.

The lacn timeline according to me

Carnage — Wed, 05 Aug 2009 18:06:18 GMT

I start sabbing lacn, sending some poetry of forms along with it.

Message 1:
To: zelous
My spies have entered your armory,
They didn't cause too much harm, did they?
Ensuring your shields
break down in the field,
I guess that is payback for your barbary.

no reply

Message 2: (a variation on the above)
To: JHC_fs
my spies have entered your armory
intent on destroying your weaponry
on a vital mission
in this war of attrition
your armaments no more than a memory.

Reply:
There is a spear of ice, newly thrust into the heart of the land.
The soul within it yearns to kill.
He who grasps that spear will know death.
again and again, he shall know death........JHC_fs.....g

Not an original, if it had been he may have got some kudos.

My reply:
my poem to you was a gift
the point of which was to uplift
the mechanics of war
can be such a bore
but this last line has just gone adrift

There were two replies from him, including a book recommendation but nothing noteworthy or poetic.

Big_ sabbed me; his sentry is too high for me to have realistic success against but i sent him this:

I admire your show of camaraderie
but your attempts will not stop my victory.
The terms for surrender
is every alliance member
pay tribute to me with some poetry.

I receive a message from Sventjuh130 informing me that I've been approved. It wasn't poetic but I replied with this:

I'm glad that I meet your approval
but my terms have been met with refusal.
Your armories are
too full by far
so I'll continue my campaign of removal.

so far no response.

A raft of responses came in from lacn, for brevity I'm only quoting the poetry parts. They are to an extent humoring my demands but not complying with them.

From: Doograkan
There once was a young noob named Carix,
Whose sentry caused much hysterics;
They were quite inept,
With each other they slept,
And then I ghosted you for two nunchaku.

From big_:
Carix, this was not meant to be!
You're not destined to be my enemy
With a bit of luck
Your poems won't ****
I fear them more than sabs, you see.

This one is quite good

this one isn't:
from: Archangel_LaCN
There once was a man named Car-ix
Who's diet was made out of p r i c k s
At Chaos he ****ed
LaCN sabbed, he ****ed
then barfed up his treasure of D i c k s

Now, as my alliance affiliation states:

If you don't want to be sabbed, see,
the solution is really quite easy.
In your Alliance affiliation,
declare to the nation,
in limerick form, that I'm Godly.

Firstly, most replies were insulting not declaring my awesomeness and secondly, not in the AA box.

UPDATE:

I've been sabbing lacn on and off for a few days (i dont have the time to do it everyday as i'd rather play other games eg l4d) Not much meaningful communication, a few demands to know why i'd sabbed them, but a bug in koc is preventing me responding to one, and another of them is on vac mode now... (probably not my doing but meh) So, i thought i'd tempt a response out of their battlefield mod with this poem:

The cost for my poems is great:
a two point two billion rebate.
For that is the cost,
of all you have lost.
Am I really too demanding to placate?

Just to make it clear, i'll not sab any lacn member who a) refrains from sabbing/massing me and b) conforms to my AA. Anyone else is fair game.

UPDATE: 20th August

I've had a host of new messages, and given two replies but for some reason KOC only seems to be alerting me to messages several days after they've been sent :s In any case heres an update

tantallous sent me a message asking why i'd sabbed; I composed a reply but KOC kept redirecting me to the home page when i tried to send it; I assume this means the user blocked me

xshintenshix sent me a message claiming that I was a noob i responded with this, admittedly not my best but still:

A noob is someone who is new,
but I've been here since age two.
Until you comply
your weapons will die.
Either way, I'm still better than you.

The response (apparently sent two days ago but the first i saw of it was today)

a "noob" can also be someone who is crap at a game; you've confused it with "newbie" which many people believe to be the same.
I've been here since the end of Beta, and you weren't here since age 2, bl there.
My weapons will die? give me a break, i may not spend my spare time thinking up limericks but at least i can play this game for fun yeah?

His insults at my playing ability are obviously wide of the mark to date he has lost 385 look out towers (it would have been more but someone gave me the wrong aat...) whereas I lose 30 or so nuns from the whole alliance sabbing me. In his eyes he calls me a noob, but he fails to see the maths of this situation. The lymeric wasn't quite accurate either, i've been around since age 1 possibly even beta. but neither beta or one would have rhymed...

As for fun; I'm having fun :P Might update with a reply later, but i've got a lot to get through and some paid work i need to get done tonight so it may have to wait a while.

FrostBite sent me a pm asking why i sabbed his officer. My response:

The answer to your question is easy:
your officer stole gold from me.
Unlike the rest
i think the best
defense is removal from the armoury.

I'm certain that wasn't the reason, however it happens to be true so meh. It made a reasonable poem. No response to this yet; might just have been delayed by koc thou. . .

Now i've started sabbing with a better updated list which has added a number of new targets to my strikes. I've had an influx of demands and requests to know why I sabbed, i'll list them all here until such a time as i've responded then i'll give them each their own section.

Nibiru asked why i was sabbing; suggested his/her own reason was that i wanted to quit and was sabbing at random. Asked if (s)he should sab back.

hunter05 asked why the hell i was sabbing him/her, again this message was delayed in getting to me...

nOObie12 this message didn't quite make sense, but from what i gathered, (s)he was trying to find out why i sabbed him/her while online. I'm tempted to respond with something along the lines of i couldn't be bothered to wait for you to go offline. It would now seem that not only online attacks are frowned upon, but online sabs as well...

Kottos also asked why i sabbed.

I'm wanting to come up with a generic response that i can pm people with, theres not much point coming up with unique responses for everyone when half the people never respond to it anyway.

On licensing

Carnage — Sat, 20 Jun 2009 01:35:14 GMT

A recent conversation with someone about the election of members of the pirate party to the European parliament had them taking the stance that the only reason I thought it was a good thing was that I wanted to download music for free and that I wouldn't like it if people were depriving me of an income by 'pirating' software I had written.

My response to this wasn't as coherent as it should have been but essentially boiled down to the fact that software I write falls into two categories; that which i'm paid to write/customize for a client and that which I give away for free. Making it very hard for someone to pirate my work.

Why this is the case is because I'm of the firm belief that it isn't possible to charge fairly for software as its value is based on how it is used. Take for example, a piece of software I recently downloaded a trial for; priced at well over $100, the purpose of which is for creating/editing music tracks. There is no way I would pay $100 for this software; I was tinkering around for fun with a couple of tracks. On the other hand, someone could create and sell multiple hit records with this software, at which point $100 seems silly as they've probably made millions - to them the software has far more value.

I have recently decided that for some of the mods etc that I release for free, it would be nice to receive more than $0 in donations and that some more formal license structure would be appropriate to leverage some cash from them. The idea behind this license is to embody the fact that software has different value to different people; it also stays away from too much legal speak and relies on common sense to make a judgment as to what is appropriate.

How it works:

I've divided users up into three broad categories; different terms apply to the different categories.

Personal use: Any one using the software for their own uses making little or no money because of it.
Indirect commercial: Anyone using the software as an aid to making money. The example above of music creation software falls into this.
Direct commercial: Anyone selling or distributing the software.

Things I allow anyone to do with my software released with this license:

Install and use as many copies as you like on as many machines as you own.
Use it in ways not originally intended.
Modify and adapt it to better suit your needs
Tell anyone who asks what the software is, who wrote it and where they can get a copy.

Things you shouldn't do:

Remove any copywrite notices
Sell or redistribute without my permission
Pass any portion of it off as your own work

Anyone who falls into the personal use category dosen't need to pay me anything but might still like to.

Anyone who falls into the indirect commercial group will in most cases not need to pay anything but you are strongly urged to make a donation.

Anyone who falls into the direct commercial category needs to contact me to discuss a direct commercial license. Generally I fall by the rule of thumb that if my code makes up 10% of your product, I want 10% of the profits.

Examples.
I will sometimes specify uses that are considered indirect commercial/direct commercial alongside a release, if I don't, common sense should be used; as an aid I provide the below examples.

1: Chess mod
Personal use:
A user has installed the chess mod onto a forum that is free for anyone to use.
Indirect commercial:
A user has installed the chess mod onto a forum, they charge a subscription fee to access this forum and often run paid chess tournaments using the mod.
Direct commercial:
A distributer has packaged the chess mod alongside several other gaming mods for vbulletin, they sell it for a fixed fee.

2: Ad Manager
Personal use:
A user installs it onto a small forum which makes little or no profits from advertising.
Indirect commercial:
A user installs it onto a busier forum despite high hosting costs, the forum makes regular monthly profits of around $100 from adverts.
Direct commercial:
An advertising company is distributing a modified version of the mod to publishers wishing to display ads on their forums, the company takes a cut of all advertising revenue generated by it.

There are of cause many cases not covered by the above; the examples are meant to serve as a guide not a definitive list; this license doesn't take into account other types of use eg charities, schools etc; I also refer to licensing fees as donations - essentially they are. Except in the case of direct commercial stuff, I don't consider licenses to be mandatory, just good manners. Consequently I won't be suing anyone who doesn't pay.

When deciding what license you need, ask yourself what value does this software have to me? and donate accordingly. Common sense comes in very handy; if you don't have any/enough feel free to pm me with your situation and I'll make a recommendation.

Infection

Carnage — Tue, 17 Mar 2009 00:06:33 GMT

A problem that plagues meny a game owner is that of how to detect multiple accounts and how to distinguish between players that are seperate and in the same house and those that are genuinely cheating.

In foe, i've always kept good logs of practically every method of figuring out if an account is run by the same person - I'm not going into specifics, but i dont just rely on ip address information. The problem has always been - how to aggregate this information to create an automated system as despite the quantity of information and scripts I have for this, I still find that i end up having to manually check accounts that the system flags up.

Inspired (sortof) by biological systems, I came up with this mechanism that works well for this problem and should adapt well for other similar tasks, namely discovering similarities between entities based on their interactions.

How it works

Each entity has a host 'bacteria'.
This bacteria is harmless to the host.
In high quantities (application specific) it is lethal (or demonstrates a link) to others.
Bacteria are spread by sharing/interacting.
Actions can either be additive or multiplicitive.
Bacteria can die off over time if a temporal relationship is also required.

A sortof Example

As mentioned, there are additive and multiplicitive actions, these are important as some actions can be totally harmless when done between two accounts that have never before interacted, however far more suspicious if other markers are in place already. For an online game, such as foe, roc, koc etc. I came up with the following actions:

Additive

Sharing an Ip: If an ip address used for accessing one account is subsequently used to access another; infect each account with 1 unit of the others bacteria. This action should probaly have a time limit on it as ip addresses are dynamic. The exact limit should be determined in the field.

Sharing a PC: This one is harder for a browser based game but can be done reasonable accuratly using a combination of javascript, cookies, browserside caches and a number of other methods. As above infect each account with 1 unit.

Multipicitive
These actions are ones that demonstrate that a cheater is benifitting from having more than one account but generally for normal players are just part of game play.

Attacking someone: Attacking a player could be indicative of using one account to boost a second, in most games this is fine between alliance members, but its obviously not fine for a cheater to do it. Its also normal game play for two people who happen to just share an ip due to being at school together for example. So a low multiply factor is used in general. However, if either of the following conditions are true, a much higher factor should be used:

the defending player has recently sold/untrained a large number of men/weapons.
the defending player has a lot more gold than is an average for foe this can be generalised by them having more than 5 turns of gold other games will be different

Attacking the same player:This could be shown as an example of using one account to 'probe' for a main account, or of ganging up multiple accounts against an enemy. This is obviously not at all suspicious if the two players dont share ips/pcs as its just normal game play. The multiply factor for this should probably start of fairly low but increase the more times it happens. Time should also be taken into account - if the attacks happen within minuites its far more suspect than if attacks are hours apart.

The exact factors for the above actions still need to be determined as does the 'lethal' dose of bacteria. It would also be possible to 'kill off' bacteria over time to avoid accidentilly banning someone who has two accounts but no longer uses one of them.

The system is far from complete; and will require a lot of training for a certain game before being let loose on its own but this method should provide a much better way of weeding out cheats.

PyDj: a project to write a better DJ in python than work in local clubs.

Carnage — Sat, 31 May 2008 13:43:39 GMT

A few recent nights out have been ruined by DJ's in clubs that fail really badly at beat matching tracks - it really grates when a new track is mixed in a quater of a beat early/late.

I was convinced that this wasn't really a hard thing to do - with a bit of practice i was able to match stuff up however, being a programmer came to the better conclusion that it shouldn't be too hard to write a program to do it automatically.

Dispite PHP being my usual language of choice, it lacks the speed and abilities to handle media well, so my choice for this project was python. Python hgas the module Pymedia which provides some audio codec's and functions for playing sound. It unfortunatly lacks most of the functions i'll eventually need however does have one useful class. SpectrAnaliser.

Beats are usually, very low notes; In order to match the accuratly, i'll have to filter out all high and middle notes, leaving just the beats. Due to the shockingly poor documentation for the spectranaliser class my code for this ended up very messy with debugging stuff all over the place so i'm not going to post it here. Instead i'm going to explain how the class works.
Code:
analyzer= sound.SpectrAnalyzer( CHANNELS, SAMPLES, NUM_FREQS )
That line is used to initialise the class; it has three parameters (not two as the docs suggest)

CHANNELS: the number of Channels in your music track, the documentation suggests that this may only be one and i've not tested it with more, however its possible it'll take 2.
SAMPLES: this one confused me a bit, but it seems to be the number of samples it averages when analising. The minimum value for this is 32 , in my code i used 512 which is close to the maximum.
NUM_FREQS: i have no idea why this parameter is used for the initalisation (see later) however i've been using it set to 256 - it determines the number of frequencies that the track is split into.

Once you've initialised the class, it has two methods asBands and asFrequencies.
Code:
analyzer.asBands(BANDS,SOUND_DATA)
BANDS: the number of bands to seperate the sound into, i used 3 here to get high, mid and low you can use more however for my project 3 appeared to be sufficient.
SOUND_DATA: the data to analise; it should have first been decoded by a sutiable pymedia decoder.

the return from this function will be a list of lists of tuples and can be confusing as to what all the data represents. From my experiance, the tuple contains two values, the first appears to be worthless, the second contains a much more useful value.

The inner lists are lists of bands; there will be as meny items in the list as the parameter BANDS.

The outer list is a collection of these lists of bands as they differ over time.
Code:
analyzer.asFrequencies(SOUND_DATA)
The differance between this and the above, is instead of giving you a limited number of bands, it gives you the data split into the number of frequencies you specified in the constructor.

Getting somethine useful from it...

For some reason, when using asBands, the highest level band seemed to give the lowest frequencies. but anyway to get something i could use i did the following list comprehension.
Code:
BANDS = 3
y = analiser.asBands(BANDS,sounddata)
z = [q[][1] for q in y]
where should be replaced by the number of the band you are interested in. To get the lowest band use (BANDS -1) Now, if you save z to a cvs file or something similar and then use open office/excel/gnuplot to draw a graph of the data, you should see a representation of your song. If you pulled out the lowest band, asuming your song has clear drum beats (use a dance track for best results) you should be able to count the beats in the song.

To get a count of the beats i decided upon the following algorithm.

sum all values in z (from above)
divide by len(z)
loop through z and count all values greater than average * 2.49

Code:

total = 0 for i in z: total += i avg = total / len(z) cutoff = avg * 2.49 cnt = 0 for i in z: if i > cutoff: cnt+=1 print cnt

This got me the same result as counting the beats manually on the graph.

NEXT:

Cleaned up version of all the code to get this far.
some way of calculating bpm... (can't get a correct value for track length out of pymedia atm)
considerations for mixing.

PHP Basics: Using php as an extra html tag in dynamic webpages

Carnage — Tue, 15 Apr 2008 13:45:32 GMT

Using includes

When writing a normal pure html page, you quite often have somethings which appear on every page in your site menus, header images etc. Now, what if you want to change one of these things, say you add a new page in and want to add a new link on the menu. In order to do so, you would have to edit every single page on your site to put the new link in. This is very time consuming, not to mention that fact that you may not quite get it the same on every page.

So, what are the solutions?

Many people do this using frames, however I don't think this is the best way to do it also this is a php tutorial so i'm going to ignore this method.

The basis behind the php method is using a simple function, include

This takes another php file and adds its contents into the current file automatically.

Now to add in menus etc we need to create them as a single separate file
HTML Code:
menu
url1
url2
url3
url4
this would then be saved as menu.php

the following could also be saved as header.php
HTML Code:
</span>my website<span style="color:#000080">


My website
and finially footer.php
HTML Code:
Copyright me 2006
Notice that there is nothing special about these files, they are only fragment of html put into a php file. This means you can just copy and paste your header from your current pages into a new file without any editing at all.

Then each of your pages would use the following php code:

PHP Code:

include('header.php'); //this includes our header //we close the php tag so we can output normal html?> include('menu.php');?> main content for page goes here include('footer.php'); ?>

Notice that the php code we are using is very small, and essentially acts as another html tag in your page. The important part that you need is this:

PHP Code:

include('.php'); ?>

Which you place where you want it to go in the page. Its as easy as adding any other html tag.

The finial output of this would be:
HTML Code:
</span>my website<span style="color:#000080">


My website



menu
url1
url2
url3
url4
main content for page goes here


Copyright me 2008
Dynamically creating each of your pages.

irc 101: host masks & banning people.

Carnage — Tue, 06 Nov 2007 12:37:27 GMT

It has recently come to my attention that people are unable to place proper bans and ignores so end up complaining to opers when people continue to dodge their woefully lacking bans. So i'm writing a quick referance guide on how to place proper bans.

First off, lets look at the irc hostmask. This is a string that identifies a user. the easiest way to see this string is the whois command. the first line of output will look something like this:
Code:
 Carnage  is BlackGhost@Cyanide-405EA211.dynamic.dsl.as9105.com * Carnage
This is not the full string, it only displays their ident and host, for ban masks you also need to add the nick to the mask; the finial mask will look something like this:
Code:
 Carnage!BlackGhost@Cyanide-405EA211.dynamic.dsl.as9105.com
so, lets break that down a bit and look at what it means.

The first part of the mask before the ! character is the nick name. Placing a ban against the nick name is a bad idea as someone can just change their nick to soemthing else and rejoin your channel. Nickname banning can come in useful however; in #kingsofchaos nicks like shit fuck and a bunch of others are banned, this prevents people with vulgar or racist nicks from joining that channel.

The second part of the mask is between the ! and the @ this is called the ident its set based on the users settings in their irc client when they connect to the server. Once a user is connected only an ircop can change this value. Placeing a ban which includes the ident means that someone would have to disconnect from irc to dodge the ban.

The third part after the @ is the host. This can vary alot between different users however unless they are using a vhost (covered later) on cyanide-x.net it will always start with Cyanide-(string of letters and numbers) This value is an encrypted version of the clients ip address. This is an example of an unencypted version:
Code:
 Carnage is Carnage!Blackghost@79-75-247-97.dynamic.dsl.as9105.com
This version is only accessable to ircops, but i've included it to help explain what the values represent. It will also remain constant while the user is connected. Usually the only way to change this value is to disconnect from the internet and get a new ip address. Banning against this value is USUALLY enough to keep a user out of your channel, however isn't always effective against a determined user.

The finial part of the host mask is usually representitive of the clients isp the only way for a user to change this would be to change isp or use a proxy. So banning against the isp is the strongest ban you can place be aware however setting a ban against the isp might effect innocent users you want to be allowed in your channel.

Ok, so now i've explained how to understnad the masks, this is how you can use them. The easiest way is to work out the ban you want to place yourself. For bans * acts as a wildcard for any number of characters and ? acts as a wildcard for a single character. So here are some example masks and what they will ban.

carnage!*@* will ban the nick carnage from any host or ident
*!blackghost@* will ban the ident blackghost from any host and any nick
*!*@Cyanide-405EA211.dynamic.dsl.as9105.com will ban the host Cyanide-405EA211.dynamic.dsl.as9105.com from your channel. no matter what nick or ident they use.
*!*@*.dynamic.dsl.as9105.com will block all hosts ending in dynamic.dsl.as9105.com

The easiest way to ban a host mask is the mode command. This will work on any irc client and any irc server. The syntax for this command is simple:

/mode #channel +b mask

broken down this means change the mode on channel #channel setting a b (ban) mode against mask.

To remove a ban you would do the following:

/mode #channel -b mask

and to view the ban list you type:

/mode #channel +b

note that if you dont specify a mask it will instead list all the bans set on that channel.

Ok so thats how bans work, however it may still be possible for someone to join your channel. The cyanide-x irc server has two lesser known features which work in a similar way to bans however OVERRIDE them. These are called exempts and invites.

An exempt is basically the opposite to a ban, it tells the irc server that a user matching this mask is allowed to be on this channel. If you ban a user but they also match an exempt they will still be able to join the channel. The syntax for manipulating exempts is exactly the same as for bans however instead of a b you use an e for example

/mode #chan +e mask
/mode #chan -e mask
/mode #chan +e

to set, remove and list respectivly.

the finial mode is an Invite. These are slightly confusing, as there is also an /invite command which acts in a similar way. The /invite command effectivly adds a tempoary I mode to the channel to allow the /invited user to join. An I mode however is permanet and will remain untill someone removes it. A user matching an I mask will be able to join if banned like if they matched an exempt however will also be able to join if the channel is set to invite only (+i) manipulations of the invites list can be done as follows:

/mode #chan +I mask
/mode #chan -I mask
/mode #chan +I

to set, remove and list. Note that you must use a capital I.

I and e modes are not evil modes that allow people to dodge bans and can come in very useful for preventing users you want in your channels from geting accidentilly banned or allowing them into invite only rooms without having to be /invited however when setting a ban you must ensure that the user dosn't also match an exempt or invite or the ban will be pointless. For this reason its unadvisable to set an exempt against a nick or ident as a banned user could change to that nick in order to rejoin the channel.

Vhosts.
This is a slightly seperate issue as it shouldn't be that common. Cyanide-x operates a #vhosts channel where users can go in and request their host name be changed to somthing cooler. For example mine is @bastard.global.net many of the other opers use @cyanide-x.net.

If a user is using a vhost you wont see their true host mask and a ban against it will only be effective untill a user changes their host or reconnects. Using vhosts in this manner to dodge channel bans is against the network rules and if this is happening, contact an oper to have them set a ban on your channel against the users real host or suspend the users vhost privilages.

mirc

for anyone using mirc there is an easier way than working out ban masks for yourself. The address identifyer will return the address of a user which you can then pass to the mode command.

the syntax for the ban using the address identifyer is:

//mode #chan +b $address(nick,number)

note, the two / at the front of the command. This tells mirc to evaluate the command instead of just sending it and will turn the address part into the acctual address of the user.

The number at the end can be one of the following:

0: *!user@host
1: *!*user@host
2: *!*@host
3: *!*user@*.host
4: *!*@*.host
5: nick!user@host
6: nick!*user@host
7: nick!*@host
8: nick!*user@*.host
9: nick!*@*.host

For bans, 2 is recomended in the first instance and 4 if they continue to dodge. 2 sets a ban against the full host including the cyanide-(numbers) bit the 4 will set a ban against their isp.

note, you can only use one number in the command. using 24 will not work.

Finially, if you have set a strong (isp ban) against a user and they continue to use proxies to dodge the ban, contact an oper to have them dealt with at a network level. With the exception of someone using a vhost to dodge, this is the only instance where oper intervention should be needed.

Who stole the pig?

Carnage — Thu, 25 Oct 2007 23:13:43 GMT

To those who haven't already heard it will come as disapointing news that the private torrent site oink has been closed down. The raid took place a few days ago during which the servers were siezed by dutch police. Enough people have already bloged about how this is a waste of police time etc so i'm not going to bother with that angle, however no-one has yet thought about all the data about oinks users that could well be in the hands of the nefarious riaa.

Oink, like meny other private sites requires to keep certain information about upload and download ratios as well as emails, usernames and passwords. All this gives a fairly good idea of who was doing what my thoughts then led on to how this data could be stored securly without linking it to real life people in the event of the servers being siezed...

Considering a number of methods a fairly obvious answer to this would be to encrypt all the user data. There is however one issue... if all the data is encrypted how can the website use it? It needs a method of decryption, the attacker in this case will have at their disposal that method of decryption so however secure you make it they will be able to get the data eventually.

A second method then comes to mind. What if the data was automatically destroyed when the server was siezed? There are a number of ways to do this, the easiest would be to store it all in a memory based mysql table. Once the power goes out the data goes poof. There is two issues with this method. Firstly, storing a huge database in ram isn't really very efficient, secondally if there is a powercut or machine crash you lose all your data for nothing.

Its clear a solution somewhere between the two is needed. My first thought was what if the encryption key for the data was only stored on the servers memory (and in an offsite location such as the admins home (preferably on a quick erasable flash stick)) this would allow the webserver to access the data however if a powercut occured or the server was taken the data would be unacessable. This solution does have the advantage of being able to recover your data in the event of a fault, however such recovery is only possible with admin intervention (reuploading the key) so produces a large ammount of potential downtime. So it is good, yet its far from ideal in a production enviroment.

Then i came up with the following solution. The basic idea here is you split the data accross multiple tables as you would in a standard relationship database however there is no relationship between them. How can this possibly work then? Easy. Lets say you have a table with usernames in and you dont want an attacker to be able to link usernames and emails. You create the following table structure:

User:
userid: Primary key.
username

Email:
emailid: primary key.
email address

you then create a table in memory with the following structure:

userid
emailid

Which links the two together.

Again not wholely useful as in the event of a power faliure you lose all your data. So, you need to make a copy of this data to the harddrive. This should be done on a regular basis and encrypted with a key only stored in memory.

How does this help? Consider the two situations, powerfaliure and server sizure.

If there is a powerfaliure, the application that needs to link usernames to emails is going to have to live with the fact that not all usernames now have emails associated with them however new accounts can be signed up and existing users can change emails (in the second case a new email id row is associated with their userid which upon reuniting the joining table with the encrypted version on the harddrive will overwrite the old one.)

When the admin wakes up and signs in, he simply reuploads the key and merges the backed updatabase on the drive with the newer one. Keeping the newest entries for any key. Untill this happens the server is vunerable to a second faliure, however in this instance far less data will be lost.

In the second case the server being sized, the relationship between the two items of data is destroyed and they become meaning less. The quick thinking admin also uses the quick erase button on his flash key ensuring that the data cannot be recovered.

So the police have a lot of emails and usernames, still not a great situation to be in... but substantially better. The finial act of defence against this kind of attack should be insertion of fake data into the database. The only meaning full items of data in there is the relationship between items. If an item in one table has no matching item in the second it can be safly ignored by the application. However given just the tables with no relationships makes it impossible to determine which items can be ignored and effectivly makes the whole list useless.

The ifpi

Carnage — Wed, 24 Oct 2007 11:57:30 GMT

found something that amused me during my browsing of the internet. The pirate bay, well known digital fredom activists (i think they also do torrents or something like that) are in the process of setting up a website titled the International Federation of Pirates Interests. might be well worth a look when they are done. For now the site is at www.ifpi.com