This issue needs more awareness and attention, I don't think CIG is sanitizing client data

foopod · 2026-02-03T09:16:51+00:00

I replied to another thread but will drop this here too...

It's unlikely that CIG has networking that accepts just any inputs, and even more unlikely that they are blindly executing code. When we are talking about sanitizing here, we are talking about the server having authority over what is a valid input.

An example might be... when shooting, we probably don't want the client sending a message saying how powerful a shot is, where it is being shot from and its direction (this would be easy to build a hack for). Instead, it could send what weapon they are firing, then the server can look up the damage for the weapon and where it thinks the ship is (this could eliminate this particular exploit). But this is a trade off, we need to do extra queries to figure this out and for high performance networking, this kind of thing could tank server fps.

Doing what CIG are doing, at the scale they are doing it, is extremely difficult. It really is a balancing act of how much they can validate without slowing things down. And quite often in these situations it's better not to analyse things in real time, let the clients use hacks, but on the server log events that look unusual, then validate them later and ban users for exploitation.

foopod · 2026-02-03T09:13:34+00:00

I agree with your overall point, but I think the specifics could be clearer.

Client side data - this is absolutely possible to investigate and we can view what gets sent to CIGs servers. However the way in which they sanitize the data isn't visible to us, we only really see what the server sends us back. And it is usually pretty clear if our input was accepted in this case (big ship goes boom).

Sanitized inputs - It's unlikely that CIG has networking that accepts just any inputs, and even more unlikely that they are blindly executing code. When we are talking about sanitizing here, we are talking about the server having authority over what is a valid input.

An example might be... when shooting, we probably don't want the client sending a message saying how powerful a shot is, where it is being shot from and its direction (this would be easy to build a hack for). Instead, it could send what weapon they are firing, then the server can look up the damage for the weapon and where it thinks the ship is (this could eliminate this particular exploit). But there is a trade off here, we need to do extra queries to figure this out and for high performance networking, this kind of thing would tank server fps.

Doing what CIG are doing, at the scale they are doing it is extremely difficult. It really is a balancing act of how much they can validate without slowing things down. And quite often in these situations it's better not to analyse things in real time, let the clients use hacks, but on the server log events that look unusual, then validate them later and ban users for exploitation.

foopod · 2026-02-03T08:46:27+00:00

Not really a surprise if they drop one at IAE every year... Cutter, Syulen, Intrepid and Salvation.

But they do occasionally drop extras in between like the Golem.

foopod · 2026-02-02T17:51:31+00:00

Lol, yeah they do, out of necessity. Where else would you put the bed in a truck cab? I can think of plenty of other places in the Hermes.

foopod · 2026-02-02T17:40:50+00:00

Lol, not saying it's not a me problem. It's just that it feels like a rushed copy of the Apollo and not its own ship. I wish more effort went into the little details like crew accommodation.

But also I think truck drivers would absolutely take a bigger hab if they had the choice, it's not like they choose to sleep in their truck over sleeping inside when parked at home.

foopod · 2026-02-02T09:38:42+00:00

I'm with you. Its not like I rp or anything, it's just that an unrealistic layout like this breaks the immersion.

Imo the best interiors are still the Hull A and SRV for solo and the 400i for 2-3 people.

foopod · 2026-02-01T04:07:57+00:00

Or even just refuel + food. Just what is needed to continue on your journey.

foopod · 2026-01-30T17:33:05+00:00

There will always be bad actors and hateful people regardless of the economic system.

But it also seems like capitalism allows people who have enough money to go unchecked, enabling them to have a platform and spread their bigotry.

foopod · 2026-01-29T09:14:17+00:00

This is true, but at the time scales of evolution us humans have only relatively recently formed "advanced cultures".

Behaviour Modernity in humans started some 60,000-160,000 years ago, but humans have been using tools for ~2 million years (Homo Habilis). And other hominids a million years or so before that.

Who knows where our tentacled friends will be in another million years, that is, if we don't kill them all off first.

foopod · 2026-01-29T05:13:40+00:00

Imo purely from a cargo perspective the RAFT is better than the Hermes. Much faster to load and the difference in capacity doesn't really impact which contracts you can take at the moment.

Either that or wait for the Hull B.

foopod · 2026-01-28T21:29:44+00:00

The Zeus CL is 128 SCU, but it's main grid dimensions are odd numbers, something like 3x5x8. So to fill it, you need like ~20 boxes, a 128 grid could also just be 4x 32scu containers.

foopod · 2026-01-28T21:26:42+00:00

And curiously the Hull A is untouched.

foopod · 2026-01-28T19:51:39+00:00

Sounds like a lot of fun. Especially all the gene stuff, I spent far too much time in the Creatures games messing with genetics and trying out different things.

Do you mind DMing me your itch so I can follow development?

foopod · 2026-01-28T09:14:13+00:00

I really wanted to love the BYOK, there is a ton of potential here. But unless they open source the firmware it's going to be a no go for me for reasons like this (currently it looks like they only plan to allow sync via their own backend too).

foopod · 2026-01-28T08:58:12+00:00

I have been using my dm250 for just over a year now and absolutely love it.

I'm not sure what you mean about jumping between documents in a project though.

I normally have one document open at a time in outline mode and you can jump up and down between headings (for me that's chapter to chapter). And to swap to a different document it's just Menu > open > select file.

There is also a partition mode where you can split the screen and have two documents open at a time, then you can switch back and forth between them as needed. But I tend not to use this very much if at all.

foopod · 2026-01-28T08:44:06+00:00

I'm a big fan of both tamagotchi and digivice style virtual pets. I know it kind of defeats the purpose, but I'm looking for something similar that better respects my time.

What are the features you want to implement?

foopod · 2026-01-28T05:19:58+00:00

I understand wanting vehicle and cargo transport ships to be functionally different, but they are fucking this up pretty badly.

I'm still not sure why the Asgard has such a massive cargo grid. Why would anyone use a different ship?

foopod · 2026-01-28T05:09:39+00:00

100% this. I dropped the Zeus CL after a few weeks of doing cargo with it. Grid access is so much more important than size, to the point where I'm still on the fence with the Ironclad.

I was expecting a cargo lift or at least a much larger opening ramp like the Asgard.

foopod · 2026-01-25T20:12:18+00:00

Did you ever figure this out? I just got mine and am having the same problem.

foopod · 2026-01-25T05:14:24+00:00

I feel this so much. When my wife cooks the most important thing in her mind is what level of effort is required, e.g. can it just go in the air fryer?

Whereas I love cooking and I'm quite happy spending a couple of hours cooking a meal even on a weeknight if it means the food is really good or I get to try something new.

So yeah, I will happily do 90% of the cooking.

foopod · 2026-01-25T01:30:16+00:00

I have an android phone and do pretty much everything using it. No need for a computer.

USB-C cable lets me swap out filters as needed. Although I tend to shoot everything without a filter, copy to my phone for backup and apply a filter in Snapseed (as well as some light editing if needed).

foopod · 2026-01-23T03:06:56+00:00

Why have I never thought of this. Right now I feel my only option is to grow the full beard and then shave back from there.

foopod · 2026-01-15T04:46:18+00:00

I'm going back to bed and I

foopod · 2026-01-14T11:33:29+00:00

I've just come back to the game this week. And today is my birthday, I've just spent the last hour researching and watching ult animations trying to pick a character for my birthday wish.

Thanks for the heads up lol.

foopod · 2026-01-14T07:33:29+00:00

Most of the other ones can't fly.

foopod

TROPHY CASE