- ComputerCraft | Programmable Computers for Minecraft
- → Twijn's Content
Twijn's Content
There have been 50 items by Twijn (Search limited from 29-March 23)
#268174 Using HTTP to gather a variable in php to process in lua
Posted by Twijn on 09 July 2017 - 11:10 PM in Ask a Pro
(Note: Even in that case, you could remove all of the '.' in lua; though this would mean you'd have to keep the format consistent. Ie, you couldn't move from 1.0 to 1.0.1 or 1.0.0 to 1.0.01 without potentially causing issues. (like from going from 1.0.11 from 1.0.2, you'd have to put 1.0.20 as it'd be comparing 1011 to 102)
I've set up these two samples to hopefully demonstrate this & help your understanding:
First webpage
https://cc.tylertwin...var/1point0.php
<?php header("Content-Type: text/plain"); echo "1.0"; ?>
Second webpage
https://cc.tylertwin...var/1point1.php
<?php header("Content-Type: text/plain"); echo "1.1"; ?>
Lua:
pastebin run 1VZga5iN
This will check both versions and tell if they're up to date with the default version (1.0). You can additionally run `pastebin run 1VZga5iN 1.1` and you'll see the issue that the 1.0 webpage will return false, as if it's out of date when the client would technically be ahead.
The "Content-Type" headers are not very necessary. It's more used to make it more viewable in a webpage (and technically more correct), because it sees it as a text document instead of an HTML page.
#268080 Active Directory in ComputerCraft
Posted by Twijn on 07 July 2017 - 03:03 AM in General
I still might try this though, just for fun.
#267741 Moving the cursor while read() 'ing. (Login GUI)
Posted by Twijn on 21 June 2017 - 09:13 PM in Ask a Pro
Essentially, if someone clicks on "username", start read()'ing at the position of the username, similarly with the password. The only drawback is they'd have to press enter after putting in each field, though that might be fine for your needs, and the only real way to fix that is to make a custom read() function. Moving the cursor when reading is not quite logical, since it'll all be returned in once the read() function is finished.
#267728 Discover App (Ver. 7.4) - Apps, Snippets, Cloud Storage, Chat Board, Mail, Pr...
Posted by Twijn on 20 June 2017 - 06:36 PM in Programs
https://www.tylertwining.com (My personal website, which does not have much content) is not available to most instances I've tried. (Returns nil)
https://www.valoranmc.net (My in progress server website) is not available to most instances I've tried. (Returns nil)
I shall note these things:
All websites use certificates from the came certificate authority. They're all issued by "COMODO RSA Domain Validation Secure Server CA"TwijnWeb is hosted on a $2.99 web server provided by bisect hosting. The other two (valoranmc.net and tylertwining.com) are hosted on a $89.99 dedicated "game" server hosted by OVH. (Hosted alongside my MC servers)These differences might be what's causing the inconsistencies because the dedicated server might not be configured correctly, or CPanel, which exists on twijnweb.com but not the other two, might be glorifying it somehow to where Java/CC prefers it. (Or, potentially, it prefers it because Java's using an older, less modern means of transmitting the cert than the dedicated server is.) Nonetheless, the dedicated server is configured sufficiently for Chrome and Edge and most likely Firefox to accept the certificates, so I don't see why Java would accept TW.COM's but not the others.
It might be worth noting that updating your Java version @Wilma could help your issue; if it is not already up-to-date.
EDIT: This was infact just the issue with my server. Idid upload my certificate and private key, but I forgot my chain. Fixing them now. tylertwining.com & valoranmc.net appears to work fine now. The non-crossed out things are still slightly valid. xP
#267662 Airwaves [1.12] [Latest ComputerCraft]
Posted by Twijn on 18 June 2017 - 02:18 AM in Servers
Bomb Bloke, on 14 June 2017 - 11:21 PM, said:
Np. Though as Bomb Bloke said, they don't really have that much of a purpose, with Ender modems.
#266508 Craftamares - Open source software installer for ComputerCraft - Never make a...
Posted by Twijn on 20 April 2017 - 09:55 PM in Programs
#266379 Craftamares - Open source software installer for ComputerCraft - Never make a...
Posted by Twijn on 16 April 2017 - 07:54 PM in Programs
#265472 Sliders - Easy Slider Creation
Posted by Twijn on 10 March 2017 - 12:59 AM in APIs and Utilities
#265020 STD-GUI - A multi-appstore appstore! Advanced/Normal compatible! Work...
Posted by Twijn on 22 February 2017 - 12:04 AM in Programs
EldidiStroyrr, on 21 February 2017 - 03:18 AM, said:
CodeWeaver, on 20 February 2017 - 11:18 PM, said:
The repositories are being pulled from my Pastebin. There's one that is a giant list of store items, then the other two interpret other stores and composes a list based on that.
CodeWeaver, on 20 February 2017 - 11:18 PM, said:
Yes, installers will do very nicely if your program requires multiple files. STD-GUI doesn't support archiving, due to how trivial an installer would make that, and Discover/OnlineAPPS/anything else would be sure to use other types of formats.
In regards to this program and support with Online Apps, all programs outputted by the APIs will be out of date (and potentially non-existent). We're replacing our old way of running with the new system at https://twijnweb.com/oa . This system does not yet have an API publicly available. I do hope that this program will be updated once I do update my API. OnlineApps will allow you to link files to external places where you host your code - might it be pastebin or github - and will add all of these to a list to be downloaded on the client. This means that essentially OnlineApps is an installer that doubles as a distributor. Currently, you can see the format of how we now export the lists for programs here, or you might want to see how to make this readable by Lua here. (If you do look at the list of programs, right click and hit "View source" if on chrome. Your browser will not see the new lines as new lines)
Unfortunately, I don't have it set up yet to give all of the names of programs in the system.
#264785 OnlineAPPS - Online Program Distribution
Posted by Twijn on 15 February 2017 - 12:11 AM in Programs
I've reworked the entire website and API. This means that the API outside of the website is lacking, but the entire system is much more simple. OnlineAPPS no longer hosts code, however it does host the required links to download that code.
See the top post for more information.
#264652 A Problem for Creative Servers that Needs Fixing!
Posted by Twijn on 11 February 2017 - 05:23 AM in Ask a Pro
It potentially could be done with a custom plugin, however I don't see any reason on why a plugin would protect against this since the movement is not normal to what they expect with Vanilla minecraft, as well as modded minecraft.
#263607 ccfBrowse - ComputerCraft Forum Program Browser
Posted by Twijn on 11 January 2017 - 10:02 PM in Programs
Lupus590, on 08 January 2017 - 01:00 PM, said:
Thanks, I'm currently attempting to work on some of those issues. Some of the issues I've pointed out myself are sometimes unfortunately very hard to fix, as the system will need a decent amount of intelligence to decide if a code is decent or not.
I'm also debating on if programs with no code found should just be left out. The entry on the program seems kinda pointless, because you can just browse the forums yourself and get the full post (And you don't have to manually type in the links :/)
Tons of tweaks need to be done.... :/
#263505 ccfBrowse - ComputerCraft Forum Program Browser
Posted by Twijn on 07 January 2017 - 09:01 PM in Programs
ccfBrowse
Introduction
ccfBrowse is a program which allows browsing and installing* on programs listed in any category of the ComputerCraft forums.
*Not every program supports installation.
How it Works
Daily, the server will search for all recent programs (More than 200) on each of the program forums here such as API & Utilities, Programs, etc. The server will look for information such as the program name, the program creator, the category of the program, and the code to install the program (If possible). This information is stored into a database to be displayed via this program.
Installation
There are 2 main ways to download this program.
1: Using wget
wget http://raw.twijnweb.com/ccfbrowse/ccfbrowse ccfbrowse2: (If wget is not available) Using pastebin
pastebin run nwEVWK7b rByqPkOPGzxfohK
You can additionally view the source code here.
Flaws of This Program
This program is very new. Nothing has been tested that well and the intelligence of the auto-scanning is very limited. The program likes specific formats to be followed, and the different formats which some people use on this makes it literally impossible to make it gather all info. (View below to see how to make your program ccfBrowse-friendly.) This results in failure to get codes when the installation code is clearly obvious to human eyes. The program also can catch unneeded information (such as HTML info) when it shouldn't, which requires manual moderation from myself. Additionally, requests to find the code of each program is not very friendly, considering that each one requires an additional request to the server for the topic's link. This program as-of this time is purely a concept - the program is not perfect and it will take a TON of work to be perfect - by both me and by you, those posting the programs.
Making Your Program ccfBrowse-Friendly
Below is a checklist to make your program friendly to our system.
- Don't use formatting inside of your codes. - Things such as bolding certain parts of the installation information or adding a link to the pastebin code will halt the scanning, as it adds unexpected HTML to your code.
- Add a space trailing the code. - Adding a space after your code can help because it is less likely for the the scanning to get other characters after the code
- Make sure the code you want is closest to the top of the page - The system finds the first potential code and goes with it.
- We don't allow arguments - If you put in something such as pastebin run XXXXXXXX version1, VERSION1 WILL BE CUT OFF.
Suggestions
Suggestions, Ideas, & Comments are well appreciated, so post them below!
#263257 Password Hash & Verification - Easy & Lightweight
Posted by Twijn on 31 December 2016 - 07:33 PM in APIs and Utilities
Anavrins, on 31 December 2016 - 06:10 PM, said:
Assuming somebody haven't compromised your computer that was password protected, then nobody could override that function to send the password somewhere else.
Compared with http, even with an uncompromised computer, you have much more vector for leakages, server owner sniffing outbound traffic, no-https because of outdated Java and password most likely appearing in your server logs.
You may not be logging anything, but that's not how you do security, you don't trust a random forum user with your password for any reasons.
However it is not recommended to use the same password for different sites anyway. If you say you've put the same password into a computercraft computer as you did to a website, that's not a particularly good idea, no matter what protection they have used.
#263255 Password Hash & Verification - Easy & Lightweight
Posted by Twijn on 31 December 2016 - 05:47 PM in APIs and Utilities
TheRockettek, on 31 December 2016 - 07:40 AM, said:
function password.hash(text,type)
upld = http.post(somewhere to upload it)
upld.close()
_oldhash(text,type)
end
You can't protect against that. Any program could potentially have that problem. Again, it's showing that CC code is not particularly secure.
The point is, how can you prove this is less secure than this website.
This website uses an HTTP connection. So does mine. Mine has the ability to use an https connection, yet CC does not support it. This website COULD be storing your password in a non-hashed way. (Not saying it does) You can view your own password hash by pressing the (i) in the corner (on chrome), opening up the cookies, looking under www.computercraft.info, and it shows your member_id and pass_hash. This isn't particularly insecure, however an attacker could imitate the password and potentially access your account.
The security issues you've presented, at least from my perspective, are not my server's or my programs fault. They are the fault of CC's plain insecurity, which every password hashing program will have. I claimed this program was "secure" above, but maybe I should reword that - It's secure under ComputerCraft standards. The only thing that makes this less secure than any of the provided programs is that it uses an HTTP connection to gather the hash and verify anonymously.
#263248 Password Hash & Verification - Easy & Lightweight
Posted by Twijn on 31 December 2016 - 06:00 AM in APIs and Utilities
H4X0RZ, on 31 December 2016 - 01:04 AM, said:
1) there will always be latency when using the http API. It also doesn't depend on the users connection, but the connection of the server the user is playing on ( which might be local though). Also, it is possible that the http whitelist is enabled or http is disabled completely.
2) obscurity /= security. Just because people don't know how something is encrypted won't make is more secure. Rot16 is Rot16. Even if you claim that it is a custom algorithm which is more secure than RSA (in your opinion). In addition to that there is no practical way of reversing a hash, even though you know the code which generated it. That's not how hashes work. You are better off searching for collisions.
3) ComputerCraft is not a programming language, but a mod for Minecraft which utilizes Lua ( which is a programming language).
4) languages can't be more secure than others. It all depends on the algorithms used, which are language independent.
5) even though this code is "okay" for most use cases inside of CC, it just implies way too many security risks outside of it. Examples for this are: the server owner is running a proxy, collection all the data sent; the http API has been modified that it logs every request.6) just because your main domain supports HTTPS won't make the subdomain more secure. It is just http.
1) That is my mistake. I meant to say that this resulted into little to no noticeable latency. There will always be latency.
2) Fair enough. I will say though that this is NOT a custom algorithm.
3) I don't take this as a flaw with my logic, but I was referring to the always open source nature that CC has, which is not good in all cases.
4) Same as above
5) There really is no way to prove that I'm not, but I can prove that there is no point to. Say that someone inserted "password" to get hashed. Now having that password is fine and wonderful, but I can't do anything further than that. I don't know where the password came from, if the password was used anywhere else, or anything. I might as well just use a list of common passwords and iterating througha member list, looking for every possible combination hoping for one that'll match. (Which many sites protect against now)
6) I could very well move the folder to http://twijnweb.com/api instead of using the subdomain, allowing for a secured connection. The problem I was pointing out was that ComputerCraft only accepts certain certificates from websites, and mine is not included in that in my tests, and therefore returns nil.
#263231 Password Hash & Verification - Easy & Lightweight
Posted by Twijn on 30 December 2016 - 07:47 PM in APIs and Utilities
Anavrins, on 30 December 2016 - 06:32 PM, said:
- The most obvious one is that it's slow, it uses http which has latency compared to pure implementations.
local post = http.post("http://api.twijnweb.com/password/hash","pass="..pass)- You are sending passwords via an unsecured http connection to your server which may or may not log every request made to it, including passwords.
- Pure implementations of multiple hash functions are doable and decently fast in CC (md5, sha1, blake256, sha256)
It's http since CC supports few certificates. The api subdomain does not allow for secured connections, however www. and nothing does provide it (ie. https://twijnweb.com). Anyway, these requests are technically anonymous - the chances of being on a server with someone using this API and being able to get to the computer to crack the code is literally impossible. I can easily send requests with little to no noticeable latency, any my internet is plainly terrible, with a expected speed of 6 Mbps up, .5 down, however often get to as low as .3 up and down with a ping of 1000+, since my ISP claims we are "too far away." Programs on ComputerCraft have a decent issue, and that is that all algorithms etc. are public. This in some situations can make a password easier to crack. The hash generated by the server is decently hard to crack. You can decide if you want to take my word that I am not logging any of the passwords sent to it. I very well could. Just tie it up to a SQL database, and yay... I have tons of passwords that people have used! What next... test the passwords on literally every account possible on every server possible, on every webserver, just to hope some person has used that password? It's quite not worth it. Both of them purely check the input with the algorithms and see if they are equivalent, echoing back the result to the person who requested the page. (also known as you)
The conclusion is: This program will suffice. ComputerCraft plainly was not made to be a secure programming language. This is quite honestly the best you can get when it comes to security for CC, and if you think that other ways are better, that may be so, however I'm fairly certain it's not more secure. I built this to be lightweight on a CC computer, and I believe it has successfully achieved this, although I do understand the flaws that you pointed out.
#263224 Password Hash & Verification - Easy & Lightweight
Posted by Twijn on 30 December 2016 - 05:53 PM in APIs and Utilities
Discontinued.
#262451 Post Your Internet Speed!
Posted by Twijn on 04 December 2016 - 06:02 PM in General
http://www.speedtest...sult/5850780467
Trying to get Charter (about 60 mbps) to extend the extra less than 1000 feet to my house (Edit: They'll do it for an estimated $60,000), but they're being stubborn. Maybe soon they'll finally cave in.
On a very, very, good day we get the recommended (and the speed we're paying for) of 6 Mbps.But that usually only lasts for about ~10 min at that speed, when we do actually hit it. What it's at now is usually what it's at.
As you can imagine, it's not quite enough for a family of 4 to use the internet -especially since we have a business at home.
PS: The ping is taken via a computer with a direct Ethernet cable.
#262381 TCCAIC [Project Ended]
Posted by Twijn on 01 December 2016 - 11:36 PM in Programs
exosceleton, on 01 December 2016 - 10:15 AM, said:
Lion4ever, on 01 December 2016 - 04:06 AM, said:
Lion4ever, on 01 December 2016 - 04:06 AM, said:
Downloading with pastebin onto your computers wont really work, because of things like the Turtle Client IDs and the Server's ID not being the same as the ones I send info (which is hard-coded into the program), and that will break basically everything. Plus- the RP is not just for looks, it contains the Custom APIs I added, so you'll need that as well... So sorry, but pastebin isn't really an option here. Maybe I'll find a way in the future.
All in all- It will be a lot simpler for you to just download and copy the whole batch of files from the link! (check the instructions)
Adding a Pastebin code will always result in more of people's interest. Why? Who knows what you're downloading. Some people will simply refuse to download things for CC programs. (Like me, sometimes)
(Shameless advertisement here)
With OnlineAPPs (website, thread), you can easily provide a Pastebin code to your program. How? If it's a program with a single file, you can do it yourself! Simply use the website linked to create an account and create your first program.
Multi-file support for programs is an upcoming feature. But, I do luckily have it in a spot where it is functional as a GET service - if you'd like to set it up let me know, and I can get all of the files uploaded and transferred to your account on there. With this, any person is able to paste the pastebin command onto any computer and have every file downloaded quickly.
- ComputerCraft | Programmable Computers for Minecraft
- → Twijn's Content