NEWER POSTS

Common Security Failings

By Shamus Posted Tuesday Feb 17, 2015

Filed under: Projects 213 comments
A Pyrodactyl Postmortem PostmortemPrevious Post
Next PostAudio Editing for Podcasts

I’m planning the column I’m going to write for the Escapist in a couple of weeks, and I’m looking to do a kind of public service-y kind of piece on how to judge the security of a website from the position of a user. If you play videogames then you most likely have a lot of accounts: MMO’s, gaming sites, DRM systems, etc. That’s a lot of data entrusted to a lot of idiots, and obviously it doesn’t always work out.

So I think it would be good to encourage a little more security-savvy among the masses. Normally I wouldn’t crowdsource my columns like this. I realize this probably comes off as rude and lazy. It’s my job to write stuff, not yours. But this is for a good cause and I’d rather beg for help than get it wrong on this topic. And I’m not confident enough in my knowledge to write this without some input and half-assed peer review.

I really want people to read this, so I want the list to be breezy and easy to digest. This is not a technical column. I might even make it a top N list. The whole point is to come up with things that should cause concern when a website does it. Here is what I have so far:

Security sins:

  1. Has visible data in the URL: www.gamesite.com/user/[email protected]/profile or whatever.

    (I know Xbox had a problem with this, but I can’t remember how it worked. I’ll read up on this before I write the column, obviously.)

  2. Sites that limit password length. (Dude, do you even hash?)
  3. Sites which SEND YOU YOUR PASSWORD IN PLAINTEXT FOR ANY REASON WHY DIDN’T I MAKE THIS #1 ON MY LIST?
  4. Sites that require uppercase, lowercase, a number, and a symbol in the password.
  5. Also: Are sites supposed to store the number that comes from the BACK of your credit card? I always thought that short number was so that it would be safe(ish) to store the CC# and Exp date on their site (so you don’t have to type it in every time) but still make it so that you need to enter SOMETHING to make a purchase happen. The security code is short so it can be entered even on a console or a phone without too much pain. But I see sites (including Steam) remember the security number along with everything else. Am I misunderstanding how this is supposed to work?

Anything you’d add to the list? Remember that I’m looking for ways that a typical user can spot bad security policies. “Has open ports on the server” might be a sign of trouble, but it’s not the kind of thing the average person can detect. (And even if you teach them, it’s not the kind of fooling around people want to do when creating an account. Also, probing for open ports is dangerous and not something I’d teach Joe and Jane Internet.) Likewise, while “Asks for too much personal information” is a sign that a breach would be more damaging, it doesn’t necessarily mean the system is inherently insecure.

So if we could just have a general discussion on horrible security policy, that would be great.

Also, this is my favorite security story. It’s not the most destructive (not even close) and it didn’t make headlines, but it is a glowing display of incompetence and stupidity. Tom Scott describes what happened at MoonPig:


Link (YouTube)

So… what are some major indicators of bad security policy?

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

A Pyrodactyl Postmortem PostmortemPrevious Post
Next PostAudio Editing for Podcasts

213 comments

 

Diecast #93: Nintendoh, Game Development Sucks, Mailbag

By Shamus Posted Monday Feb 16, 2015

Filed under: Diecast 167 comments
Diecast #92: Nintenduh, Evolve, Life is StrangePrevious Post
Next PostDiecast #94: Wolfenstein, Planet Explorers, Evolve, Destiny

Dear young people who ask me how to get into game development: Don’t. Just don’t. I like you too much to see that happen to you.

Download MP3 File
Download Ogg Vorbis File

Hosts: Shamus, Josh, Chris.

Show notes:
Continue reading ⟩⟩ “Diecast #93: Nintendoh, Game Development Sucks, Mailbag”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Diecast #92: Nintenduh, Evolve, Life is StrangePrevious Post
Next PostDiecast #94: Wolfenstein, Planet Explorers, Evolve, Destiny

167 comments

 

Overused Words in Game Titles

By Shamus Posted Sunday Feb 15, 2015

Filed under: Programming 114 comments
Borderlands Badass RanksPrevious Post
Next PostA new programming language for games, Annotated: Part 1

It’s been a running joke for a couple of years that half the games coming out have the word “Dead” in the titleAlso, games with ‘half’ in the title are dead.. Dead Space, Dead Island, Deadlight, Left 4 Dead, etc. So it got me thinking: Just how common is the practice, really? Is the word “Dead” really as played out as it seems, or is this a case of confirmation bias run amok? Aside from “dead”, what are the top overused words in game titles? Are there any overused words that we just don’t notice?

So I’m going to find out. Since I don’t want to run through and manually enter the name of every videogame ever made, I need a way to automate this. The path of least resistance seems to be to use Steam’s library. Being a PC platform, Steam is obviously missing a ton of games. But this should be close enough for our purposes. This isn’t science, it’s trivia.

Sadly, I can’t find a clean way to extract a full list of titles from Steam. The closest I can come is this file, which looks kind of promising at first. But there’s no way of knowing how old the list is, or if all games are listed.

Worse, the list includes a lot of non-game stuff like DLC and trailers. Which means that if there was a game called Dead Shooter, then it might appear several times in our list like so:

Continue reading ⟩⟩ “Overused Words in Game Titles”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Borderlands Badass RanksPrevious Post
Next PostA new programming language for games, Annotated: Part 1

114 comments

 

Half Life 2 Episode 1 EP5: Radiator Gladiator

By Shamus Posted Friday Feb 13, 2015

Filed under: Spoiler Warning 73 comments
Half Life 2 Episode 1 EP4: Alyx is CrankyPrevious Post
Next PostHalf Life 2 Episode 1 EP6: The Room of Sadness


Link (YouTube)

I’ve said in the past that Spoiler Warning seems to polarize my thoughts on a game. I develop admiration for some games, and animosity for others. This one is definitely falling into the “admiration” category. Yes, I know there are annoying bits all over the place. But overall I just love the rollercoaster of tension I feel when playing it. Like Chris said in an earlier episode: Nobody can create a sense of relief like Valve.

This is the same reason I enjoy survival horror. Not for the dread, but the relief. And Episode One is really good about this. You keep exiting horrible places into moments of quiet safety and exploration. That really scratches my itch.

So the Episode One Spoiler Warning is going to be seven episodes longThat sentence sounds ridiculous when deprived of context. Heck, it sounds a little silly IN context.. The final two episodes will happen next week. And then… I don’t know.

We’re still haggling over what game to cover next. We’re down to a list of four games, all of which were supported by three people and vetoed by the fourthMumbles wasn’t there for our last meeting..

Half-Life 2 and its episodes are so fun to do that I want to suggest we go back and do a season on the original Half-LifeWell, not the ORIGINAL original. The source engine remake would be easier to get running., but that would be a long season and that game has been thoroughly picked over, commentary-wise. I’m sure we’d have lots to talk about, but I doubt we would say anything that hasn’t been said a thousand times already. Also the game is crazy long by today’s standards. And kind of hard by today’s standards.

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Half Life 2 Episode 1 EP4: Alyx is CrankyPrevious Post
Next PostHalf Life 2 Episode 1 EP6: The Room of Sadness

73 comments

 

Project Button Masher: UNATCO Office Party

By Shamus Posted Thursday Feb 12, 2015

Filed under: Music 26 comments
Project Button Masher: The 7th GethPrevious Post
Next PostProject Button Masher: So Cool JC

And so we come to the end of the project. This was an interesting exercise, and it pushed me into doing a lot of new things. So regardless of how good the music is (or isn’t) it was still a success for my purposes.

This week I’m going to attempt to make something that would feel like it belongs in the Deus Ex soundtrack:


Link (YouTube)

Notable characteristics:

  1. The particular sound of the late-90’s UMX music. This technology was used in Unreal, Unreal Tournament, and Deus Ex, and has a pretty distinctive sound. If I had to describe it, I’d say it sounded like the mid 90’s synth MIDI music, but with lots of chorus effects. (More on that below.)
  2. Lots of climbing and descending sequences of notes.
  3. There is some really mild gliding and pitch-bending going on in a lot of tracks. That’s when a long note goes slightly out of tune – or glides to a different note – during its duration. I’ve fiddled with this, but I don’t think I really nailed it. Sounds interesting when it works, though.
  4. Echo effects. Nothing says “moody cyberpunk” like echoing synths.

For the purposes of making something Deus Ex-ish, I made a track that has both a slow ambient part and a faster section with drums. In the game it would often shift between the two styles when you entered or ended combat, but here I’ve just worked both into the same song.

The result: Continue reading ⟩⟩ “Project Button Masher: UNATCO Office Party”

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Project Button Masher: The 7th GethPrevious Post
Next PostProject Button Masher: So Cool JC

26 comments

 

Half Life 2 Episode 1 EP4: Alyx is Cranky

By Shamus Posted Wednesday Feb 11, 2015

Filed under: Spoiler Warning 70 comments
Half Life 2 Episode 1 EP3: Combombies! Previous Post
Next PostHalf Life 2 Episode 1 EP5: Radiator Gladiator


Link (YouTube)

Things I noticed:

  • At 4:20, when Josh put the crosshair right on the tripmine, and the auto-aim “helped” by bending the bullets into the soldier. I have to say this kind of thing drives me crazy. Boo.
  • Am I the only one who did the see-saw puzzle the “right” way? I distinctly remember not having enough weight in the room to hold down that pipe, but apparently I’m the only member of the cast to solve it by supporting it. So… I have no idea.
  • At 16:30, the title for this episode was nearly, “Alyx is so Metal”. So you were going to get a pun either way.
  • At 19:30: I really agree. The antlion queens aren’t a very fun enemy. They’re pretty the bog-standard FPS damage sponge with a huge melee attack. I’ve never enjoyed fighting one. Maybe if their stun animation lasted longer, or if you could reliably sidestep them matador-style. But as it stands, these fights feel incredibly random and chaotic. (In a bad way.)

I really do love covering these games.

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Half Life 2 Episode 1 EP3: Combombies! Previous Post
Next PostHalf Life 2 Episode 1 EP5: Radiator Gladiator

70 comments

 

Experienced Points: Graphics Are Sometimes Hard

By Shamus Posted Tuesday Feb 10, 2015

Filed under: Column 47 comments
Experienced Points: What Is the Future of Video Game Journalism?Previous Post
Next PostExperienced Points: Time to Put the Two-Weapon Limit Out of its Misery

As luck would have it, a bunch of people all sent in related questions at once, so this week I’ll answer three different questions about graphics programming.

I don’t have much to add to the column, so instead I want to whine that STRAFE isn’t going to meet its Kickstarter goals, and that makes me really sad.

A couple of weeks ago on the Diecast I was talking about combining modern lighting with retro-90’s low-fi graphics. I’ve actually dabbled in that idea myself. I’m sort of obsessed with it. But work will begin again on Good Robot very soon, and I expect that will keep me busy enough. I just don’t have time to work on mixing lighting models with anachronistic graphics styles. Having STRAFE was going to be the next best thing.

Ah well. Maybe in six months.

 

Shamus Young is a programmer, an author, and nearly a composer. He works on this site full time. If you'd like to support him, you can do so via Patreon or PayPal.

Experienced Points: What Is the Future of Video Game Journalism?Previous Post
Next PostExperienced Points: Time to Put the Two-Weapon Limit Out of its Misery

47 comments

 
OLDER POSTS
From The Archives:

The Terrible New Thing

Fidget spinners are ruining education! We need to... oh, never mind the fad is over. This is not the first time we've had a dumb moral panic.

 

Ludonarrative Dissonance

What is this silly word, why did some people get so irritated by it, and why did it fall out of use?

 

Spec Ops: The Line

A videogame that judges its audience, criticizes its genre, and hates its premise. How did this thing get made?

 

Are Lootboxes Gambling?

Obviously they are. Right? Actually, is this another one of those sneaky hard-to-define things?

 

D&D Campaign

WAY back in 2005, I wrote about a D&D campaign I was running. The campaign is still there, in the bottom-most strata of the archives.

 

Quakecon Keynote 2013 Annotated

An interesting but technically dense talk about gaming technology. I translate it for the non-coders.

 

Chainmail Bikini

A horrible, railroading, stupid, contrived, and painfully ill-conceived roleplaying campaign. All in good fun.

 

Starcraft: Bot Fight

Let's do some scripting to make the Starcraft AI fight itself, and see how smart it is. Or isn't.

 

Revisiting a Dead Engine

I wanted to take the file format of a late 90s shooter and read it in modern-day Unity. This is the result.

 

Batman: Arkham City

A look back at one of my favorite games. The gameplay was stellar, but the underlying story was clumsy and oddly constructed.