Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Hi all,
it's still crashing once a day with:
CPU time limit exceeded (core dumped)

ulimit -t gives unlimited.
in /etc/security/limits.conf their is nothing.
I'm not setting time limits in the software.
Any ideas?

On Fri, Mar 1, 2013 at 3:33 PM, Corentin Dupont
wrote:

> Hi all,
> with the mutiplayer server, the game was occasionally crashing with:
> CPU time limit exceeded (core dumped)
> I think it was due to some ulimit set too low, it should work better now.
>
> BR,
> C
>
>
>
> On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <
> corentin.dup...@gmail.com> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game
>> where You can change the rules.
>> This is an implementation of a Nomic [2] game in Haskell (I believe the
>> first complete implementation). In a Nomyx game you can change the rules of
>> the game itself while playing it. The players can submit new rules or
>> modify existing ones, thus completely changing the behaviour of the game
>> through time. The rules are managed and interpreted by the computer. They
>> must be written in the Nomyx language, which is a subset of Haskell.
>> At the beginning, the initial rules are describing:
>> - how to add new rules and change existing ones. For example a unanimity
>> vote is necessary to have a new rule accepted.
>> - how to win the game. For example you win the game if you have 5 rules
>> accepted.
>> But of course even that can be changed!
>>
>> Here is a video introduction and first tutorial of the game:
>> http://vimeo.com/58265498
>> The game is running here: www.nomyx.net:8000/Nomyx
>> I have set up a forum where players can learn about Nomyx and discuss the
>> rules they intend to propose: www.nomyx.net/forum
>>
>> As this is the first beta release of the game, I'm looking for beta
>> testers :) Although I tested it quite a lot, I'm sure a lot of bugs
>> remains, especially in multiplayer.
>> So if you are interested in testing Nomyx, please go to this forum thread
>> and we'll set up a small team to start a match!
>> http://www.nomyx.net/forum/viewtopic.php?p=5
>>
>> Comments/contributions are very highly welcome! There is still a lot to
>> do.
>> As for now, the game is not completely securised. It is easy to break it
>> by submitting rules containing malicious code. I'm working on it. If you'd
>> like to do security testing, please do it locally on your own machine and
>> send me a bug report :).
>>
>> Cheers,
>> Corentin
>>
>> [1] http://hackage.haskell.org/package/Nomyx
>> [2] www.nomic.net
>>
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Hi all,
with the mutiplayer server, the game was occasionally crashing with:
CPU time limit exceeded (core dumped)
I think it was due to some ulimit set too low, it should work better now.

BR,
C


On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont  wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.
> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or
> modify existing ones, thus completely changing the behaviour of the game
> through time. The rules are managed and interpreted by the computer. They
> must be written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta
> testers :) Although I tested it quite a lot, I'm sure a lot of bugs
> remains, especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it
> by submitting rules containing malicious code. I'm working on it. If you'd
> like to do security testing, please do it locally on your own machine and
> send me a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Ertugrul Söylemez]

Joe Quinn  wrote:

> Additionally, you can change the session hash with every page hit, to
> some other totally random hash. If someone steals your session, they
> had better act on it immediately, lest you visit another page and it
> changes completely. If your session gets hijacked, you get logged
> out. When you log in again the attacker loses access.

That will likely cause trouble with concurrent connections aka
pipelining:

  * Client sends request 1 with session id A.

  * Server receives request 1, verifies A = A, handles the request, sets
new hash to B, sends response.

  * Client sends request 2 with session id A.

  * Server rejects request 2, because session id mismatch (A /= B).

  * Client receives response to request 1, sets session id to B.

Don't change the session id in the middle of the session.  To prevent
session hijacking you need to use SSL.


Greets,
Ertugrul

-- 
Not to be or to be and (not to be or to be and (not to be or to be and
(not to be or to be and ... that is the list monad.


signature.asc
Description: PGP signature
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Joe Quinn]

On 2/28/2013 11:17 PM, Chris Wong wrote:

On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont
>wrote:

>>Hi Chris,
>>Thanks!
>>That's true for the user number. What should I do? Encrypt it?

>
>It's not that you have a user number, or even that it's accessible: it's
>that it's the entirety of access control, meaning that if the user changes
>it they can masquerade as another user. The correct solution is that a user
>should authenticate, which creates a session hash that you stash away and
>also send back to the user as a cookie so the browser will present it on
>accesses. Then you check that the presented hash is there and matches the
>session hash. These should expire periodically, requiring the user to log
>back in again.
Additionally, you can change the session hash with every page hit, to 
some other totally random hash. If someone steals your session, they had 
better act on it immediately, lest you visit another page and it changes 
completely. If your session gets hijacked, you get logged out. When you 
log in again the attacker loses access.


You can also check sessions by the hash and IP address. That has 
usability concerns though. Even if players never switch machines in the 
middle of a game, suppose you are playing on a cell phone and your train 
goes through a tunnel. When you reconnect, your provider gives you a 
different IP and you are logged out.


___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

happstack-authenticate looks impressive, they seem to support for Google ,
Yahoo, Live Journal, Myspace, and OpenId logins!
I'll try it.

On Fri, Mar 1, 2013 at 5:17 AM, Chris Wong
wrote:

> On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery 
> wrote:
> > On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont <
> corentin.dup...@gmail.com>
> > wrote:
> >> Hi Chris,
> >> Thanks!
> >> That's true for the user number. What should I do? Encrypt it?
> >
> > It's not that you have a user number, or even that it's accessible: it's
> > that it's the entirety of access control, meaning that if the user
> changes
> > it they can masquerade as another user. The correct solution is that a
> user
> > should authenticate, which creates a session hash that you stash away and
> > also send back to the user as a cookie so the browser will present it on
> > accesses. Then you check that the presented hash is there and matches the
> > session hash. These should expire periodically, requiring the user to log
> > back in again.
>
> Brandon pretty much pulled the words out of my mouth, but I have one
> last thing to add: no matter how well you encrypt the information, as
> long as it's in the URL it's insecure.
>
> Hypothetical situation #1: if there's someone looking over your
> shoulder, they can just note down the address -- it is in plain view,
> after all.
>
> Even more likely: your friend wants to watch the game, so you send her
> the link. Unfortunately, you forget to delete your session information
> from the URL. Now your friend (conveniently named Eve) has hijacked
> your account and is voting on your behalf.
>
> The Ruby on Rails website has an excellent explanation of common
> security holes [1]. The article is Rails-centric, but most of it
> applies to Haskell as well.
>
> [1] http://guides.rubyonrails.org/security.html
>
> As for libraries, Happstack has happstack-authenticate [2]. I haven't
> used it myself, but it looks good.
>
> [2] http://hackage.haskell.org/package/happstack-authenticate
>
> Chris
>
> > --
> > brandon s allbery kf8nh   sine nomine
> associates
> > allber...@gmail.com
> ballb...@sinenomine.net
> > unix, openafs, kerberos, infrastructure, xmonad
> http://sinenomine.net
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Chris Wong]

On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery  wrote:
> On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont 
> wrote:
>> Hi Chris,
>> Thanks!
>> That's true for the user number. What should I do? Encrypt it?
>
> It's not that you have a user number, or even that it's accessible: it's
> that it's the entirety of access control, meaning that if the user changes
> it they can masquerade as another user. The correct solution is that a user
> should authenticate, which creates a session hash that you stash away and
> also send back to the user as a cookie so the browser will present it on
> accesses. Then you check that the presented hash is there and matches the
> session hash. These should expire periodically, requiring the user to log
> back in again.

Brandon pretty much pulled the words out of my mouth, but I have one
last thing to add: no matter how well you encrypt the information, as
long as it's in the URL it's insecure.

Hypothetical situation #1: if there's someone looking over your
shoulder, they can just note down the address -- it is in plain view,
after all.

Even more likely: your friend wants to watch the game, so you send her
the link. Unfortunately, you forget to delete your session information
from the URL. Now your friend (conveniently named Eve) has hijacked
your account and is voting on your behalf.

The Ruby on Rails website has an excellent explanation of common
security holes [1]. The article is Rails-centric, but most of it
applies to Haskell as well.

[1] http://guides.rubyonrails.org/security.html

As for libraries, Happstack has happstack-authenticate [2]. I haven't
used it myself, but it looks good.

[2] http://hackage.haskell.org/package/happstack-authenticate

Chris

> --
> brandon s allbery kf8nh   sine nomine associates
> allber...@gmail.com  ballb...@sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net

___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Brandon Allbery]

On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont
wrote:

> Hi Chris,
> Thanks!
> That's true for the user number. What should I do? Encrypt it?


It's not that you have a user number, or even that it's accessible: it's
that it's the entirety of access control, meaning that if the user changes
it they can masquerade as another user. The correct solution is that a user
should authenticate, which creates a session hash that you stash away and
also send back to the user as a cookie so the browser will present it on
accesses. Then you check that the presented hash is there and matches the
session hash. These should expire periodically, requiring the user to log
back in again.

-- 
brandon s allbery kf8nh   sine nomine associates
allber...@gmail.com  ballb...@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Ozgun Ataman]

You probably can't use it directly but it should at least show you how we did 
it. In particular, the Snap.Snaplet.Session.SecureCookie module (internal, I 
think, so look at source) may be of interest to you as it implements the 
self-contained idea of encrypted cookies.

- Oz 


On Wednesday, February 27, 2013 at 4:43 PM, Corentin Dupont wrote:

> Thanks Ozgun,
> but I'm using Happstack: this will be compatible?
> 
> On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman  (mailto:ozata...@gmail.com)> wrote:
> > I would encourage you to take a look at the snap (the web framework) 
> > package, where this concern is handled for you as part of the "session" 
> > snaplet.
> > 
> > The Snap.Snaplet.Session 
> > (http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session.html)
> >  module and the Snap.Snaplet.Session.Backends.CookieSession 
> > (http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session-Backends-CookieSession.html)
> >  ensure that contents of the cookie-persistent sessions are encrypted and 
> > so you can place anything from user ids to other secret information there, 
> > although I would certainly keep it to a minimum for size concerns. 
> > 
> > Here it is: http://hackage.haskell.org/package/snap
> > 
> > Hope this helps,
> > Oz
> > 
> > 
> > On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont  > (mailto:corentin.dup...@gmail.com)> wrote:
> > > So I need to "encrypt" the user ID in some way? What I need is to 
> > > associate the user ID to a random number and store the association is a 
> > > table?
> > > 
> > > 
> > > On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink  > > (mailto:hessel...@gmail.com)> wrote:
> > > > Note that cookies are not the solution here. Cookies are just as user
> > > > controlled as the url, just less visible. What you need is a session
> > > > id: a mapping from a non-consecutive, non-guessable, secret token to
> > > > the user id (which is sequential and thus guessable, and often exposed
> > > > in urls etc.). It doesn't matter if you then store it in the url or a
> > > > cookie. Cookies are just more convenient.
> > > > 
> > > > Erik
> > > > 
> > > > On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
> > > > mailto:corentin.dup...@gmail.com)> wrote:
> > > > > Yes, having a cookie to keep track of the session if something I plan 
> > > > > to do.
> > > > >
> > > > > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala  > > > > (mailto:mats.rauh...@gmail.com)>
> > > > > wrote:
> > > > >>
> > > > >> The user id is not necessarily the problem, but rather that you can
> > > > >> impose as another user. For this, one solution is to keep track of a
> > > > >> unique (changing) user token in the cookies and use that for 
> > > > >> verifying
> > > > >> the user.
> > > > >>
> > > > >> --
> > > > >> Mats Rauhala
> > > > >> MasseR
> > > > >>
> > > > >> -BEGIN PGP SIGNATURE-
> > > > >> Version: GnuPG v1.4.10 (GNU/Linux)
> > > > >>
> > > > >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
> > > > >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
> > > > >> =tf0d
> > > > >> -END PGP SIGNATURE-
> > > > >>
> > > > >>
> > > > >> ___
> > > > >> Haskell-Cafe mailing list
> > > > >> Haskell-Cafe@haskell.org (mailto:Haskell-Cafe@haskell.org)
> > > > >> http://www.haskell.org/mailman/listinfo/haskell-cafe
> > > > >>
> > > > >
> > > > >
> > > > > ___
> > > > > Haskell-Cafe mailing list
> > > > > Haskell-Cafe@haskell.org (mailto:Haskell-Cafe@haskell.org)
> > > > > http://www.haskell.org/mailman/listinfo/haskell-cafe
> > > > >
> > > 
> > > 
> > > ___
> > > Haskell-Cafe mailing list
> > > Haskell-Cafe@haskell.org (mailto:Haskell-Cafe@haskell.org)
> > > http://www.haskell.org/mailman/listinfo/haskell-cafe
> > > 
> > 
> 

___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Thanks Ozgun,
but I'm using Happstack: this will be compatible?

On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman  wrote:

> I would encourage you to take a look at the snap (the web framework)
> package, where this concern is handled for you as part of the "session"
> snaplet.
>
> The 
> Snap.Snaplet.Session
>  module
> and the 
> Snap.Snaplet.Session.Backends.CookieSession
>  ensure
> that contents of the cookie-persistent sessions are encrypted and so you
> can place anything from user ids to other secret information there,
> although I would certainly keep it to a minimum for size concerns.
>
> Here it is: http://hackage.haskell.org/package/snap
>
> Hope this helps,
> Oz
>
>
> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
> corentin.dup...@gmail.com> wrote:
>
>> So I need to "encrypt" the user ID in some way? What I need is to
>> associate the user ID to a random number and store the association is a
>> table?
>>
>>
>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote:
>>
>>> Note that cookies are not the solution here. Cookies are just as user
>>> controlled as the url, just less visible. What you need is a session
>>> id: a mapping from a non-consecutive, non-guessable, secret token to
>>> the user id (which is sequential and thus guessable, and often exposed
>>> in urls etc.). It doesn't matter if you then store it in the url or a
>>> cookie. Cookies are just more convenient.
>>>
>>> Erik
>>>
>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>>  wrote:
>>> > Yes, having a cookie to keep track of the session if something I plan
>>> to do.
>>> >
>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
>>> > wrote:
>>> >>
>>> >> The user id is not necessarily the problem, but rather that you can
>>> >> impose as another user. For this, one solution is to keep track of a
>>> >> unique (changing) user token in the cookies and use that for verifying
>>> >> the user.
>>> >>
>>> >> --
>>> >> Mats Rauhala
>>> >> MasseR
>>> >>
>>> >> -BEGIN PGP SIGNATURE-
>>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>>> >>
>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>>> >> =tf0d
>>> >> -END PGP SIGNATURE-
>>> >>
>>> >>
>>> >> ___
>>> >> Haskell-Cafe mailing list
>>> >> Haskell-Cafe@haskell.org
>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >>
>>> >
>>> >
>>> > ___
>>> > Haskell-Cafe mailing list
>>> > Haskell-Cafe@haskell.org
>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >
>>>
>>
>>
>> ___
>> Haskell-Cafe mailing list
>> Haskell-Cafe@haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Ozgun Ataman]

I would encourage you to take a look at the snap (the web framework)
package, where this concern is handled for you as part of the "session"
snaplet.

The 
Snap.Snaplet.Session
module
and the 
Snap.Snaplet.Session.Backends.CookieSession
ensure
that contents of the cookie-persistent sessions are encrypted and so you
can place anything from user ids to other secret information there,
although I would certainly keep it to a minimum for size concerns.

Here it is: http://hackage.haskell.org/package/snap

Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont
wrote:

> So I need to "encrypt" the user ID in some way? What I need is to
> associate the user ID to a random number and store the association is a
> table?
>
>
> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote:
>
>> Note that cookies are not the solution here. Cookies are just as user
>> controlled as the url, just less visible. What you need is a session
>> id: a mapping from a non-consecutive, non-guessable, secret token to
>> the user id (which is sequential and thus guessable, and often exposed
>> in urls etc.). It doesn't matter if you then store it in the url or a
>> cookie. Cookies are just more convenient.
>>
>> Erik
>>
>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>  wrote:
>> > Yes, having a cookie to keep track of the session if something I plan
>> to do.
>> >
>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
>> > wrote:
>> >>
>> >> The user id is not necessarily the problem, but rather that you can
>> >> impose as another user. For this, one solution is to keep track of a
>> >> unique (changing) user token in the cookies and use that for verifying
>> >> the user.
>> >>
>> >> --
>> >> Mats Rauhala
>> >> MasseR
>> >>
>> >> -BEGIN PGP SIGNATURE-
>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>> >>
>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> >> =tf0d
>> >> -END PGP SIGNATURE-
>> >>
>> >>
>> >> ___
>> >> Haskell-Cafe mailing list
>> >> Haskell-Cafe@haskell.org
>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>> >>
>> >
>> >
>> > ___
>> > Haskell-Cafe mailing list
>> > Haskell-Cafe@haskell.org
>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>> >
>>
>
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

NB: being unsubscribed, you can still watch the game. It's just that you
are not anymore considered as a "citizen" of that game, thus not counted in
the votes.

On Wed, Feb 27, 2013 at 10:12 PM, Corentin Dupont  wrote:

> Hi all,
> there is quite a lot of players! Fantastic!
> I proposed a rule to lower the vote quorum from unanimity to a quorum of
> only 4, for the experimentation.
> But still, to have this rule accepted, everybody needs to vote! Could you
> please cast your vote? If you don't plan on playing, it's better to
> unsubscribe.
> The players which have submitted their email should have received a
> notification for this rule.
>
> To experiment with the rules, it's better to install Nomyx on your machine
> (cabal install Nomyx) and play alone, since the voting process can be long
> in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).
>
> I saw people having problem writing the rules (in the log), I'll post some
> comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
> not to flood this mailing list ;) Just note that all proposed rules should
> have type "RuleFunc".
> If you'd like to use GHCI to compose your rule, here's how:
> $ wget
> http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
> $ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
> $ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs
>
> Cheers!
> Corentin
>
>
> On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <
> corentin.dup...@gmail.com> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game
>> where You can change the rules.
>> This is an implementation of a Nomic [2] game in Haskell (I believe the
>> first complete implementation). In a Nomyx game you can change the rules of
>> the game itself while playing it. The players can submit new rules or
>> modify existing ones, thus completely changing the behaviour of the game
>> through time. The rules are managed and interpreted by the computer. They
>> must be written in the Nomyx language, which is a subset of Haskell.
>> At the beginning, the initial rules are describing:
>> - how to add new rules and change existing ones. For example a unanimity
>> vote is necessary to have a new rule accepted.
>> - how to win the game. For example you win the game if you have 5 rules
>> accepted.
>> But of course even that can be changed!
>>
>> Here is a video introduction and first tutorial of the game:
>> http://vimeo.com/58265498
>> The game is running here: www.nomyx.net:8000/Nomyx
>> I have set up a forum where players can learn about Nomyx and discuss the
>> rules they intend to propose: www.nomyx.net/forum
>>
>> As this is the first beta release of the game, I'm looking for beta
>> testers :) Although I tested it quite a lot, I'm sure a lot of bugs
>> remains, especially in multiplayer.
>> So if you are interested in testing Nomyx, please go to this forum thread
>> and we'll set up a small team to start a match!
>> http://www.nomyx.net/forum/viewtopic.php?p=5
>>
>> Comments/contributions are very highly welcome! There is still a lot to
>> do.
>> As for now, the game is not completely securised. It is easy to break it
>> by submitting rules containing malicious code. I'm working on it. If you'd
>> like to do security testing, please do it locally on your own machine and
>> send me a bug report :).
>>
>> Cheers,
>> Corentin
>>
>> [1] http://hackage.haskell.org/package/Nomyx
>> [2] www.nomic.net
>>
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Hi all,
there is quite a lot of players! Fantastic!
I proposed a rule to lower the vote quorum from unanimity to a quorum of
only 4, for the experimentation.
But still, to have this rule accepted, everybody needs to vote! Could you
please cast your vote? If you don't plan on playing, it's better to
unsubscribe.
The players which have submitted their email should have received a
notification for this rule.

To experiment with the rules, it's better to install Nomyx on your machine
(cabal install Nomyx) and play alone, since the voting process can be long
in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).

I saw people having problem writing the rules (in the log), I'll post some
comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
not to flood this mailing list ;) Just note that all proposed rules should
have type "RuleFunc".
If you'd like to use GHCI to compose your rule, here's how:
$ wget
http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
$ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
$ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs

Cheers!
Corentin

On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont  wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.
> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or
> modify existing ones, thus completely changing the behaviour of the game
> through time. The rules are managed and interpreted by the computer. They
> must be written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta
> testers :) Although I tested it quite a lot, I'm sure a lot of bugs
> remains, especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it
> by submitting rules containing malicious code. I'm working on it. If you'd
> like to do security testing, please do it locally on your own machine and
> send me a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[David Thomas]

hash(id:secret) should not be reversible, if you use a cryptographic hash.

hash(id) can be brute-forced, on something with so small a range.


On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont  wrote:

> hash is reversible or not?
>
>
> On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel wrote:
>
>> You could just hash it.
>>
>>   - Clark
>>
>>
>> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
>> corentin.dup...@gmail.com> wrote:
>>
>>> So I need to "encrypt" the user ID in some way? What I need is to
>>> associate the user ID to a random number and store the association is a
>>> table?
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote:
>>>
 Note that cookies are not the solution here. Cookies are just as user
 controlled as the url, just less visible. What you need is a session
 id: a mapping from a non-consecutive, non-guessable, secret token to
 the user id (which is sequential and thus guessable, and often exposed
 in urls etc.). It doesn't matter if you then store it in the url or a
 cookie. Cookies are just more convenient.

 Erik

 On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
  wrote:
 > Yes, having a cookie to keep track of the session if something I plan
 to do.
 >
 > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala >>> >
 > wrote:
 >>
 >> The user id is not necessarily the problem, but rather that you can
 >> impose as another user. For this, one solution is to keep track of a
 >> unique (changing) user token in the cookies and use that for
 verifying
 >> the user.
 >>
 >> --
 >> Mats Rauhala
 >> MasseR
 >>
 >> -BEGIN PGP SIGNATURE-
 >> Version: GnuPG v1.4.10 (GNU/Linux)
 >>
 >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
 >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
 >> =tf0d
 >> -END PGP SIGNATURE-
 >>
 >>
 >> ___
 >> Haskell-Cafe mailing list
 >> Haskell-Cafe@haskell.org
 >> http://www.haskell.org/mailman/listinfo/haskell-cafe
 >>
 >
 >
 > ___
 > Haskell-Cafe mailing list
 > Haskell-Cafe@haskell.org
 > http://www.haskell.org/mailman/listinfo/haskell-cafe
 >

>>>
>>>
>>> ___
>>> Haskell-Cafe mailing list
>>> Haskell-Cafe@haskell.org
>>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>>
>>>
>>
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

hash is reversible or not?

On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel  wrote:

> You could just hash it.
>
>   - Clark
>
>
> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
> corentin.dup...@gmail.com> wrote:
>
>> So I need to "encrypt" the user ID in some way? What I need is to
>> associate the user ID to a random number and store the association is a
>> table?
>>
>>
>>
>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote:
>>
>>> Note that cookies are not the solution here. Cookies are just as user
>>> controlled as the url, just less visible. What you need is a session
>>> id: a mapping from a non-consecutive, non-guessable, secret token to
>>> the user id (which is sequential and thus guessable, and often exposed
>>> in urls etc.). It doesn't matter if you then store it in the url or a
>>> cookie. Cookies are just more convenient.
>>>
>>> Erik
>>>
>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>>  wrote:
>>> > Yes, having a cookie to keep track of the session if something I plan
>>> to do.
>>> >
>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
>>> > wrote:
>>> >>
>>> >> The user id is not necessarily the problem, but rather that you can
>>> >> impose as another user. For this, one solution is to keep track of a
>>> >> unique (changing) user token in the cookies and use that for verifying
>>> >> the user.
>>> >>
>>> >> --
>>> >> Mats Rauhala
>>> >> MasseR
>>> >>
>>> >> -BEGIN PGP SIGNATURE-
>>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>>> >>
>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>>> >> =tf0d
>>> >> -END PGP SIGNATURE-
>>> >>
>>> >>
>>> >> ___
>>> >> Haskell-Cafe mailing list
>>> >> Haskell-Cafe@haskell.org
>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >>
>>> >
>>> >
>>> > ___
>>> > Haskell-Cafe mailing list
>>> > Haskell-Cafe@haskell.org
>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >
>>>
>>
>>
>> ___
>> Haskell-Cafe mailing list
>> Haskell-Cafe@haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Clark Gaebel]

You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont
wrote:

> So I need to "encrypt" the user ID in some way? What I need is to
> associate the user ID to a random number and store the association is a
> table?
>
>
>
> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote:
>
>> Note that cookies are not the solution here. Cookies are just as user
>> controlled as the url, just less visible. What you need is a session
>> id: a mapping from a non-consecutive, non-guessable, secret token to
>> the user id (which is sequential and thus guessable, and often exposed
>> in urls etc.). It doesn't matter if you then store it in the url or a
>> cookie. Cookies are just more convenient.
>>
>> Erik
>>
>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>  wrote:
>> > Yes, having a cookie to keep track of the session if something I plan
>> to do.
>> >
>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
>> > wrote:
>> >>
>> >> The user id is not necessarily the problem, but rather that you can
>> >> impose as another user. For this, one solution is to keep track of a
>> >> unique (changing) user token in the cookies and use that for verifying
>> >> the user.
>> >>
>> >> --
>> >> Mats Rauhala
>> >> MasseR
>> >>
>> >> -BEGIN PGP SIGNATURE-
>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>> >>
>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> >> =tf0d
>> >> -END PGP SIGNATURE-
>> >>
>> >>
>> >> ___
>> >> Haskell-Cafe mailing list
>> >> Haskell-Cafe@haskell.org
>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>> >>
>> >
>> >
>> > ___
>> > Haskell-Cafe mailing list
>> > Haskell-Cafe@haskell.org
>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>> >
>>
>
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

So I need to "encrypt" the user ID in some way? What I need is to associate
the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink  wrote:

> Note that cookies are not the solution here. Cookies are just as user
> controlled as the url, just less visible. What you need is a session
> id: a mapping from a non-consecutive, non-guessable, secret token to
> the user id (which is sequential and thus guessable, and often exposed
> in urls etc.). It doesn't matter if you then store it in the url or a
> cookie. Cookies are just more convenient.
>
> Erik
>
> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>  wrote:
> > Yes, having a cookie to keep track of the session if something I plan to
> do.
> >
> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
> > wrote:
> >>
> >> The user id is not necessarily the problem, but rather that you can
> >> impose as another user. For this, one solution is to keep track of a
> >> unique (changing) user token in the cookies and use that for verifying
> >> the user.
> >>
> >> --
> >> Mats Rauhala
> >> MasseR
> >>
> >> -BEGIN PGP SIGNATURE-
> >> Version: GnuPG v1.4.10 (GNU/Linux)
> >>
> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
> >> =tf0d
> >> -END PGP SIGNATURE-
> >>
> >>
> >> ___
> >> Haskell-Cafe mailing list
> >> Haskell-Cafe@haskell.org
> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
> >>
> >
> >
> > ___
> > Haskell-Cafe mailing list
> > Haskell-Cafe@haskell.org
> > http://www.haskell.org/mailman/listinfo/haskell-cafe
> >
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Erik Hesselink]

Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
 wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala 
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -END PGP SIGNATURE-
>>
>>
>> ___
>> Haskell-Cafe mailing list
>> Haskell-Cafe@haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Yes, having a cookie to keep track of the session if something I plan to do.

On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala wrote:

> The user id is not necessarily the problem, but rather that you can
> impose as another user. For this, one solution is to keep track of a
> unique (changing) user token in the cookies and use that for verifying
> the user.
>
> --
> Mats Rauhala
> MasseR
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
> =tf0d
> -END PGP SIGNATURE-
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Mats Rauhala]

The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying
the user.

-- 
Mats Rauhala
MasseR


signature.asc
Description: Digital signature
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Hi Chris,
Thanks!
That's true for the user number. What should I do? Encrypt it?

On Wed, Feb 27, 2013 at 5:02 AM, Chris Wong  wrote:

> > Hello everybody!
> > I am very happy to announce the beta release [1] of Nomyx, the only game
> > where You can change the rules.
>
> I just gave it a go -- it looks fun :)
>
> However, I've spotted a security hole. The current user number is
> stored in the URL -- if I change that number, I can masquerade as
> someone else! Is this behavior intended?
>
> > This is an implementation of a Nomic [2] game in Haskell (I believe the
> > first complete implementation). In a Nomyx game you can change the rules
> of
> > the game itself while playing it. The players can submit new rules or
> modify
> > existing ones, thus completely changing the behaviour of the game through
> > time. The rules are managed and interpreted by the computer. They must be
> > written in the Nomyx language, which is a subset of Haskell.
> > At the beginning, the initial rules are describing:
> > - how to add new rules and change existing ones. For example a unanimity
> > vote is necessary to have a new rule accepted.
> > - how to win the game. For example you win the game if you have 5 rules
> > accepted.
> > But of course even that can be changed!
> >
> > Here is a video introduction and first tutorial of the game:
> > http://vimeo.com/58265498
> > The game is running here: www.nomyx.net:8000/Nomyx
> > I have set up a forum where players can learn about Nomyx and discuss the
> > rules they intend to propose: www.nomyx.net/forum
> >
> > As this is the first beta release of the game, I'm looking for beta
> testers
> > :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> > especially in multiplayer.
> > So if you are interested in testing Nomyx, please go to this forum thread
> > and we'll set up a small team to start a match!
> > http://www.nomyx.net/forum/viewtopic.php?p=5
> >
> > Comments/contributions are very highly welcome! There is still a lot to
> do.
> > As for now, the game is not completely securised. It is easy to break it
> by
> > submitting rules containing malicious code. I'm working on it. If you'd
> like
> > to do security testing, please do it locally on your own machine and
> send me
> > a bug report :).
> >
> > Cheers,
> > Corentin
> >
> > [1] http://hackage.haskell.org/package/Nomyx
> > [2] www.nomic.net
> >
> > ___
> > Haskell-Cafe mailing list
> > Haskell-Cafe@haskell.org
> > http://www.haskell.org/mailman/listinfo/haskell-cafe
> >
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

Thank you very much, that's very nice!
That was a great journey, I started Nomyx 2-3 years ago as a personal
project and learned Haskell on the way.
I went through many refactorings as my comprehension of Haskell and Nomic
progressed.
Out of the top of my head, the points that gave me some headaches were:
- how to split the program into modules properly without dependency cycles
- Happstack big type signatures
- having the right structures to pass data in a StateT
- using existential types and type families for variables and events
- ACID state, this is really not practical during development

Cheers,
Corentin

On Wed, Feb 27, 2013 at 2:17 AM, Alexander Solla wrote:

>
>
>
> On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont <
> corentin.dup...@gmail.com> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game
>> where You can change the rules.
>> This is an implementation of a Nomic [2] game in Haskell (I believe the
>> first complete implementation). In a Nomyx game you can change the rules of
>> the game itself while playing it. The players can submit new rules or
>> modify existing ones, thus completely changing the behaviour of the game
>> through time. The rules are managed and interpreted by the computer. They
>> must be written in the Nomyx language, which is a subset of Haskell.
>
>
> That's very nice.  I've been following your progress on the list.
>  Congratulations!
>
> Did you learn as much about Haskell as you hoped?
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Corentin Dupont]

I think it would be harder to implement a computer version of 1KBWC and
Calvin ball!! Have to think of it ;)

On Wed, Feb 27, 2013 at 9:48 AM, Tom Murphy  wrote:

> There's another one...
>
> http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AuM/j2BHO_TgLi4/s1600/calvinball.jpg
>
> Tom
>
> On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier  wrote:
> >
> > On 27/02/2013, at 10:28 , Corentin Dupont 
> wrote:
> >
> >> Hello everybody!
> >> I am very happy to announce the beta release [1] of Nomyx, the only
> game where You can change the rules.
> >
> > Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
> >
> > Ben.
> >
> >
> >
> > ___
> > Haskell-Cafe mailing list
> > Haskell-Cafe@haskell.org
> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Tom Murphy]

There's another one...
http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AuM/j2BHO_TgLi4/s1600/calvinball.jpg

Tom

On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier  wrote:
>
> On 27/02/2013, at 10:28 , Corentin Dupont  wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game 
>> where You can change the rules.
>
> Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
>
> Ben.
>
>
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe

___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Chris Wong]

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.

I just gave it a go -- it looks fun :)

However, I've spotted a security hole. The current user number is
stored in the URL -- if I change that number, I can masquerade as
someone else! Is this behavior intended?

> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or modify
> existing ones, thus completely changing the behaviour of the game through
> time. The rules are managed and interpreted by the computer. They must be
> written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta testers
> :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it by
> submitting rules containing malicious code. I'm working on it. If you'd like
> to do security testing, please do it locally on your own machine and send me
> a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
> ___
> Haskell-Cafe mailing list
> Haskell-Cafe@haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Alexander Solla]

On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont
wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.
> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or
> modify existing ones, thus completely changing the behaviour of the game
> through time. The rules are managed and interpreted by the computer. They
> must be written in the Nomyx language, which is a subset of Haskell.


That's very nice.  I've been following your progress on the list.
 Congratulations!

Did you learn as much about Haskell as you hoped?
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

[Ben Lippmeier]

On 27/02/2013, at 10:28 , Corentin Dupont  wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game 
> where You can change the rules.

Don't forget 1KBWC: http://www.corngolem.com/1kbwc/

Ben.



___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe