[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Hello everybody! I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules. This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

On 27/02/2013, at 10:28 , Corentin Dupont wrote: > Hello everybody! > I am very happy to announce the beta release [1] of Nomyx, the only game > where You can change the rules. Don't forget 1KBWC: http://www.corngolem.com/1kbwc/ Ben. ___ Haskell-

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont wrote: > Hello everybody! > I am very happy to announce the beta release [1] of Nomyx, the only game > where You can change the rules. > This is an implementation of a Nomic [2] game in Haskell (I believe the > first complete implementation). In a N

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

> Hello everybody! > I am very happy to announce the beta release [1] of Nomyx, the only game > where You can change the rules. I just gave it a go -- it looks fun :) However, I've spotted a security hole. The current user number is stored in the URL -- if I change that number, I can masquerade a

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

There's another one... http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AuM/j2BHO_TgLi4/s1600/calvinball.jpg Tom On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier wrote: > > On 27/02/2013, at 10:28 , Corentin Dupont wrote: > >> Hello everybody! >> I am very happy to announce the beta rele

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

I think it would be harder to implement a computer version of 1KBWC and Calvin ball!! Have to think of it ;) On Wed, Feb 27, 2013 at 9:48 AM, Tom Murphy wrote: > There's another one... > > http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AuM/j2BHO_TgLi4/s1600/calvinball.jpg > > Tom > >

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Thank you very much, that's very nice! That was a great journey, I started Nomyx 2-3 years ago as a personal project and learned Haskell on the way. I went through many refactorings as my comprehension of Haskell and Nomic progressed. Out of the top of my head, the points that gave me some headache

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi Chris, Thanks! That's true for the user number. What should I do? Encrypt it? On Wed, Feb 27, 2013 at 5:02 AM, Chris Wong wrote: > > Hello everybody! > > I am very happy to announce the beta release [1] of Nomyx, the only game > > where You can change the rules. > > I just gave it a go -- it

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

The user id is not necessarily the problem, but rather that you can impose as another user. For this, one solution is to keep track of a unique (changing) user token in the cookies and use that for verifying the user. -- Mats Rauhala MasseR signature.asc Description: Digital signature _

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Yes, having a cookie to keep track of the session if something I plan to do. On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala wrote: > The user id is not necessarily the problem, but rather that you can > impose as another user. For this, one solution is to keep track of a > unique (changing) user t

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Note that cookies are not the solution here. Cookies are just as user controlled as the url, just less visible. What you need is a session id: a mapping from a non-consecutive, non-guessable, secret token to the user id (which is sequential and thus guessable, and often exposed in urls etc.). It do

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table? On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink wrote: > Note that cookies are not the solution here. Cookies are just as user > controlled as the url

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

You could just hash it. - Clark On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont wrote: > So I need to "encrypt" the user ID in some way? What I need is to > associate the user ID to a random number and store the association is a > table? > > > > On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselin

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

hash is reversible or not? On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel wrote: > You could just hash it. > > - Clark > > > On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont < > corentin.dup...@gmail.com> wrote: > >> So I need to "encrypt" the user ID in some way? What I need is to >> associate

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

hash(id:secret) should not be reversible, if you use a cryptographic hash. hash(id) can be brute-forced, on something with so small a range. On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont wrote: > hash is reversible or not? > > > On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel wrote: > >> You

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all, there is quite a lot of players! Fantastic! I proposed a rule to lower the vote quorum from unanimity to a quorum of only 4, for the experimentation. But still, to have this rule accepted, everybody needs to vote! Could you please cast your vote? If you don't plan on playing, it's better to

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

NB: being unsubscribed, you can still watch the game. It's just that you are not anymore considered as a "citizen" of that game, thus not counted in the votes. On Wed, Feb 27, 2013 at 10:12 PM, Corentin Dupont wrote: > Hi all, > there is quite a lot of players! Fantastic! > I proposed a rule to

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet. The Snap.Snaplet.Session module and the Snap.Snaplet.S

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Thanks Ozgun, but I'm using Happstack: this will be compatible? On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman wrote: > I would encourage you to take a look at the snap (the web framework) > package, where this concern is handled for you as part of the "session" > snaplet. > > The > Snap.Snaple

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

You probably can't use it directly but it should at least show you how we did it. In particular, the Snap.Snaplet.Session.SecureCookie module (internal, I think, so look at source) may be of interest to you as it implements the self-contained idea of encrypted cookies. - Oz On Wednesday, Feb

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont wrote: > Hi Chris, > Thanks! > That's true for the user number. What should I do? Encrypt it? It's not that you have a user number, or even that it's accessible: it's that it's the entirety of access control, meaning that if the user changes it th

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery wrote: > On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont > wrote: >> Hi Chris, >> Thanks! >> That's true for the user number. What should I do? Encrypt it? > > It's not that you have a user number, or even that it's accessible: it's > that it's th

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

happstack-authenticate looks impressive, they seem to support for Google , Yahoo, Live Journal, Myspace, and OpenId logins! I'll try it. On Fri, Mar 1, 2013 at 5:17 AM, Chris Wong wrote: > On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery > wrote: > > On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dup

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

On 2/28/2013 11:17 PM, Chris Wong wrote: On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont >wrote: >>Hi Chris, >>Thanks! >>That's true for the user number. What should I do? Encrypt it? > >It's not that you have a user number, or even that it's accessible: it's >that it's the entirety of access

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Joe Quinn wrote: > Additionally, you can change the session hash with every page hit, to > some other totally random hash. If someone steals your session, they > had better act on it immediately, lest you visit another page and it > changes completely. If your session gets hijacked, you get logge

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all, with the mutiplayer server, the game was occasionally crashing with: CPU time limit exceeded (core dumped) I think it was due to some ulimit set too low, it should work better now. BR, C On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont wrote: > Hello everybody! > I am very happy to an

Re: [Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all, it's still crashing once a day with: CPU time limit exceeded (core dumped) ulimit -t gives unlimited. in /etc/security/limits.conf their is nothing. I'm not setting time limits in the software. Any ideas? On Fri, Mar 1, 2013 at 3:33 PM, Corentin Dupont wrote: > Hi all, > with the mutipla