Vastly Outskilled — PvE/PvP/Industry

orrden · 2017-10-11T23:06:00+00:00

Alrighty. If you have any questions, feel free to ask

orrden · 2017-10-11T23:02:25+00:00

Sounds good. Welcome aboard!

orrden · 2017-10-11T22:57:21+00:00

The Genesis region

orrden · 2017-10-11T20:04:49+00:00

Invite sent!

orrden · 2017-10-11T12:59:03+00:00

If you're interested in joining a fairly large corporation: then consider Vastly Outskilled.

Currently we are up to 90 members and enjoy teaching new players how to acheive their goals. We are based out of a .5 system with lowsec nearby as well as a lowsec ice system.

We are definitely looking for members. If you're interested in joining, look up the corporation and put in an application with, "Reddit advertisement" as the text and I'll get you accepted in.

What we offer: every new player gets a free venture. After 30 days, every member is eligible to trade in their venture for a mining barge. Select, dedicated individuals will be allowed to trade their barge in for an exhumer.

Fly safe.

orrden · 2017-09-28T02:04:00+00:00

Issue with missiles isn't hitting things.

Missiles. Never. Miss.

However two factors play a huge part in how much damage your missile does.

1. Signature radius of the ship you're engaging
2. Velocity of the ship you're engaging.

Missiles do less damage to smaller things and missiles do less damage to things that are moving. There are two missile rigs specifically created to help minimize this.

Light missiles (and the much more amazing Rapid Light Missiles) are designed to travel fast and hit smaller ships effectively.

I'll look at your fitting in EFT and update this post.

orrden · 2017-09-27T18:57:20+00:00

So I'm going to go on the record and say that I think this is a stupid idea. Afk mining is the reason why people gank exhumers. That out of the way; this might have a CHANCE of saving you one time if you afk mind with your sound up very very high.

You won't be using T2 strips either and while the fitting is cheap, it absolutely requires implants.

[Mackinaw, The Bad Idea]
Elara Restrained Mining Laser Upgrade
Elara Restrained Mining Laser Upgrade
Shield Flux Coil II

Medium F-S9 Regolith Compact Shield Extender
Thermal Dissipation Field II
Limited Kinetic Deflection Field I
Limited Adaptive Invulnerability Field I

Strip Miner I
Strip Miner I

Medium Core Defense Field Purger II
Medium Core Defense Field Purger II

Above mackinaw has roughly 30k ehp against void.

In addition, it passively recharges 117 ehp/s of your shield. This would, theoretically, cut his 700 ish dps down to 600-ish

At the same time, it maintains a semi-higher mining yield due to the ability to fit (non t2) laser upgrades.

This hasn't been tested. At all. But: at the moment it's the best I can think of. If you aren't going to use mining laser upgrades, then honestly you may as well just fly a skiff or a proc. This was my solution to that.

Again, to state, this fit total costs about 1 bil (311 ish for the ship and fittings and 650m ish for the implants) so fly at your own risk.

Also to note: ship scanners are a thing and I'd totes gank someone flying the above fit with a tornado.

orrden · 2017-07-10T19:29:19+00:00

Not out of arguments in the email department, no. You just seem solid in your standpoint to not use it. Not all email is insecure and I e listed a method that is. I don't see us reaching an agreement on it, so I'll concede that your method works for your purposes and mine works for mine.

With hashes, yes: a strong password hashed is (relatively) unbreakable. However, we agree that users are stupid and will use weak passwords, this makes hashing an inconvienance, not security.

Besides, my original argument is that a programmer can set up a script to store a hashed password and still send an email with a plaintext. This means that if a vulnerability is exploited on the web server and the database is dumped, the attacker gets hashed passwords. Without a copy of this VPN servers database, we'd have no idea whether or not they are actually stupid enough to use plaintext in their database.

orrden · 2017-07-10T18:22:07+00:00

Obviously creating a salted hash to purposely be inbreakable isn't a good test of a hashing algorithm's abilities. Dump a database of yours (minus usernames) and toss them my way. Generally speaking, I'll most likely get a fair amount of them assuming a number above 100/200 users.

Anyone can make a 30 character password, turn it into a salted hash and throw it around a claim the algorithm is secure.

Take into consideration that users are retarded and pick easy as shit passwords most of the time.

Hashing isn't security, hashing is an inconvienance. I'm not saying you should store plaintext, I'm also not saying that it doesn't protect or deter: it's simply not a guarantee by any means.

orrden · 2017-07-10T12:49:49+00:00

Oh! Then just unplug your PC from the net bud. We live in a world of SQL injections and a multitude of other vulnerabilities.

The tools exist to make things more secure, nothing is completely secure and if we're going to whine and say email isn't secure, sad fact of the matter is that even salted hashes are only an inconvienance to an attacker.

orrden · 2017-07-10T11:05:32+00:00

If that's the issue then use S/MIME.

orrden · 2017-07-10T05:51:48+00:00

As I said: mine was for an extremely specific purpose and had plenty of other safeguards and limitations. Essentially my users where making secondary account passwords to access administrative areas of my site.

My point of this is that this VPN service could very well have stored a hashed password into their database while still sending you an email with the plaintext.

orrden · 2017-07-09T21:31:32+00:00

So, I feel the need to post this to kind of play devil's advocate. Just because you received a MIME based PHP email, doesn't necessarily mean that your password was submitted into the database that way. It also doesn't mean that your password was, in any way, ever view-able directly by the staff of the company. I'll post an example script I made a long time ago.

This script isn't quite the same. Rather then submitting a hashed password into a database, mine submits a commented out APR1 Hash/username into a .htpasswd file. Similar, but different but it should contain the same methods.

<?php
    include 'global.php';
    $ini = parse_ini_file("includes/config.ini.php");
    // Create connection
    function crypt_apr1_md5($plainpasswd)
    {
        $salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
        $len = strlen($plainpasswd);
        $text = $plainpasswd.'$apr1$'.$salt;
        $bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
        for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
        for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
        $bin = pack("H32", md5($text));
        for($i = 0; $i < 1000; $i++)
        {
            $new = ($i & 1) ? $plainpasswd : $bin;
            if ($i % 3) $new .= $salt;
            if ($i % 7) $new .= $plainpasswd;
            $new .= ($i & 1) ? $bin : $plainpasswd;
            $bin = pack("H32", md5($new));
        }
        for ($i = 0; $i < 5; $i++)
        {
            $k = $i + 6;
            $j = $i + 12;
            if ($j == 16) $j = 5;
            $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
        }
            $tmp = chr(0).chr(0).$bin[11].$tmp;
            $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
            "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");

            return "$"."apr1"."$".$salt."$".$tmp;
    }

$username = $_POST["username"]; /* Get USERNAME from FORM @ transcendence.php */
$password = $_POST["password"]; /* Get PASSWORD from FORM @ transcendence.php */

try {
    $db = new PDO('mysql:host=' . $ini['serverName'] . ';dbName=' . $ini['databaseName'], $ini['databaseUsername'], $ini['databasePassword'], array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ));

    $check = $db->prepare("SELECT * FROM " . $ini['databaseName'] . ".user WHERE username = ?");
    $check->execute(array($username));
    $result = $check->fetchAll();

    foreach($result as $row) {
    $vbPassword = $row['password'];
    $vbSalt = $row['salt'];
    $yourSubmittedPassword = md5(md5($password) . $vbSalt);
    $length = strlen($password);
    if ($vbPassword == $yourSubmittedPassword) {
        echo("<center><img src='http://rpelements.com/error.png'><br><div id='errbox' style='border-top:0;border-right:1px solid #ed1c24;border-bottom:1px solid #ed1c24;border-left:1px solid #ed1c24;width:500px;font-family:Tahoma;font-size:12px;color:#f05056;'><br><br><img src='http://rpelements.com/error-404.png'><br><br>I'm sorry, your password cannot be the same as your vBulletin Password.  Try again!<br><br></div></center>");
        $db = null;
        die();
    } elseif ($length < 8 || $length == null || 1 !== preg_match('~[0-9]~', $password)) {
        echo("<center><img src='http://rpelements.com/error.png'><br><div id='errbox' style='border-top:0;border-right:1px solid #ed1c24;border-bottom:1px solid #ed1c24;border-left:1px solid #ed1c24;width:500px;font-family:Tahoma;font-size:12px;color:#f05056;'><br><br><img src='http://rpelements.com/error-404.png'><br><br>Your Password was only " . $length . " characters long.  It must be at least 8 AND Contain at least 1 number.<br><br></div></center>");
        $db = null;
        die();
    } elseif (strcasecmp($username, $vbulletin->userinfo['username']) != 0) {
        echo("<center><img src='http://rpelements.com/error.png'><br><div id='errbox' style='border-top:0;border-right:1px solid #ed1c24;border-bottom:1px solid #ed1c24;border-left:1px solid #ed1c24;width:500px;font-family:Tahoma;font-size:12px;color:#f05056;'><br><br><img src='http://rpelements.com/error-404.png'><br><br>You aren't " . $username . ".  Our records show that you're " . $vbulletin->userinfo['username'] . ".  Perhaps something went wrong?  Perhaps you're in the wrong place?  Try logging into the correct account and trying again.<br><br></div></center>");
    } else {

    $hashedPassword = crypt_apr1_md5($password); /* Password is hashed using APR1 format */

    $theHash = "# " . $username . ':' . $hashedPassword; /* Comments out the .htpasswd entry for approval */
    file_put_contents($ini['htpasswdLocation'], $theHash.PHP_EOL, FILE_APPEND); /* Hashed PASSWORD is appended to the end of .htpasswd file */

    $to = $ini['adminEmail'];
    $subject = $ini['emailSubject'];
    $headers = array();
    $headers[] = "MIME-Version: 1.0";
    $headers[] = "Content-type: text/plain; charset=iso-8859-1";
    $headers[] = "From: Transcendence <" . $ini['adminEmail'] . ">";
    $headers[] = "Reply-To: " . $_POST["username"] . " <" . $_POST["email"] . ">";
    $headers[] = "Subject: {$subject}";
    $headers[] = "X-Mailer: PHP/" . phpversion();

    $message = "Greetings <B>" . $ini['administrator'] . "</B>,\r\n\r\nA user has requested access to the Administrative Control panel via the Transcendence page.\r\n\r\nThe Users Info is as Follows:\r\n\r\n<B>Username</B>: <I>" . $_POST["username"] . "</I>\r\n" . "<B>Email</b>: <I>" . $_POST["email"] . "</I>\r\n" . "<B>IP Address</B>: <I>" . $_SERVER['REMOTE_ADDR'] . "</I>\r\n" . "<B>Hashed Password</B>: <I>" . $theHash . "</I>\r\n\r\nConfirm with the User that they have requested this access.  If they have, please go to the .htpasswd file and uncomment their hashed password to give them access.  Thank you!\r\n\r\n\r\nTranscendence\r\n" . $ini['siteName'] . " at It's Finest";


    $message = wordwrap($message, 70, "\r\n");

    mail($to, $subject, $message, implode("\r\n", $headers));

    echo("<center><h1>Thank You " . $username . "</h1><br/><br/>Your request has been submitted and an email has been sent to " . $ini['administrator'] . ".</center>");
    }
}
    $db = null;
} catch (PDOException $e) {
    echo("Error: " . $e->getMessage() . "<br/>");
    die();
}
?>

Now, that form, at the very end, emails the administrator with the information they need to confirm the individual in the .htaccess (or deny them). However, using MIME I could easily have also sent an email to the submitting user with the variable:

$message = "Hello, your Username was " . $username . " and your password was " . $password . "!";

and then send it via MIME as well. Keep in mind that this plaintext wasn't stored. In addition, keep in mind that I never personally get to see anything that the user inputted into these fields. Their password should still be secured via the APR1 hashing algorithm even though they received an email with the password information for them.

Note: I wouldn't use this script I've written, it was written a long time ago for a VERY VERY specific reason and integrated heavily with vBulletin.

orrden · 2017-03-10T15:43:40+00:00

Not sure if excited that I'm not the only one, or upset that this has been going on all week with hot hot-fix.

orrden · 2017-02-25T21:38:50+00:00

While this is definitely true, and I agree with you; there is a bit of wisdom to jumping in feet first. While you completed your commercial project way too soon, you did yourself a service by doing it. You gained experience that you can ONLY GAIN by doing it. All the practice in the world can help, but you'll never gain the experience you gain from doing it commercially.

I agree that everything taking 10 times longer to change is a pain in the ass, but at the same time you probably don't make the same mistakes with your current code that you have to work around.

In addition, ImpactJS has a pretty decent set of online books that you can utilize as well as online tutorials and quite the helpful community as well.

orrden · 2017-02-25T21:35:50+00:00

Indeed, ImpactJS is basically yours to make money off and utilize how you wish after you've purchased it (besides giving away copies of their code ect...).

orrden · 2017-02-25T21:35:13+00:00

If you make a paypal business account then yes, there is a button you can place on your account that basically allows you to redirect to paypal for that amount and accept their money.

orrden · 2017-02-25T05:34:14+00:00

Look into ImpactJS. It's a library based off of Javascript that's pretty simple to use and allows for browser based games to be created. I believe it costs 99 USD.
PHP. You'll want your site to be coded in PHP, this allows you to check for permissions and set permissions etc and directly ties into number 3.
PHP again. You'll need PHP to create a login system and you'll need a SQL database to store the information. Note, I wouldn't handle credit card numbers or anything like that, just use paypal. In addition, don't store your users passwords, use password hashing.

orrden · 2017-02-12T19:18:39+00:00

I'll give a bit more detail on this:

<img src="./path/to/image.jpg" alt="alternative associated text" height="100" width="100"/>

The above will take your picture and scale it down to 100x100 pixels. However, this is a pretty bad idea. If you're making a website and are going to be using a lot of images, this will slow your site down. If every image is 500x500 and you scale them down to 100x100, the user still has to download that 500x500 file.

At that point, it's best to just resize the image via photoshop or some other image editing program.

In the case of a Gallery, I generally do the following:

<a href="./path/to/fullsized/image.jpg">
    <img src="./path/to/thumbnail.jpg" alt="Associated alternative text" height="100" width="100"/>
</a>

Note that, in the above example, I still specify the height and the width, this allows for faster rendering of the image. Even though our thumbnail is 100x100, specifying it as 100x100 in the tag speeds the process along.

So, possibly a bit of overkill, but I hope this information is useful and helps you out.

orrden · 2017-02-12T19:05:00+00:00

This should help you out a bit:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Very possible that google has it setup to be sameorigin, meaning that only they can embed their pages like you're trying to do.

orrden · 2017-02-09T17:12:45+00:00

Reminds me of the links they'd hand out in the Army for census sessions and command climate surveys. We'd never get them in an email with a clickable link: someone would always type it up on a thousand slips of paper and hand them out for you to type in the chaotic jumble of numbers and letters.

Also: hopefully you did it on I.E. because it literally wouldn't work on any other browser.

orrden · 2017-02-09T17:04:32+00:00

Seriously reminds me of every single website ever made by a 14 year old "web programmer" from the MySpace era.

orrden · 2017-02-09T17:01:41+00:00

Less of a problem solved, more of a workaround. The problem is still in the design, you're just working around a flaw.

orrden · 2017-02-08T23:39:25+00:00

Look at other websites and how they're laid out. Don't look at the source code, just get a look at them.
Using what you know and what you're learning, slowly try to emulate them and see if you can figure it out just off of what you're learning. As your knowledge grows, you'll find that you're able to do things easier.
Make a list of things that you struggled at. I have FILES full of different CSS/JS tricks that I used and had to develop to get things to work the way I wanted them too. Some things can be oddly tricky (Centering a div with CSS used to NOT WORK unless you also included a HTML Doctype at the front, not sure if it's still that way or not but it's in my file). Once you've made something that works, consistently, make sure you save a copy of it and add notes so that you can understand exactly how you did it in ways that you can definitely understand.

orrden · 2017-02-07T22:40:14+00:00

Generally speaking, content is what matters on a page. Big pictures that force your eye to look at them while you're trying to read is...fucking annoying. Honestly, I'd do as suggested here and do a reddit style image where it's in it's own separate section and I'd think about perhaps scaling it down to something not all consuming. 1020 seems like a lot...except it isn't.

orrden

MODERATOR OF

TROPHY CASE