Jump to content


Twijn's Content

There have been 50 items by Twijn (Search limited from 29-March 23)


By content type

See this member's


Sort by                Order  

#268858 CCJam 2017 is here!

Posted by Twijn on 08 August 2017 - 01:45 AM in General

welp



#268174 Using HTTP to gather a variable in php to process in lua

Posted by Twijn on 09 July 2017 - 11:10 PM in Ask a Pro

The code sample provided by KingofGamesYami should work fine. The one issue with that one is that it'll, in addition to returning false if the current version number is below the latest version, it'll also say if the current version number is above the latest version. This, in many cases, won't be an issue, but if you do push the program version above the one that's being returned by the website, it will in fact appear to be out of date. A way to prevent this is by using tonumber() to turn the version into a number before comparison and using >=/<=, though note this obviously won't work correctly if your version is laid out like 1.0.1.
(Note: Even in that case, you could remove all of the '.' in lua; though this would mean you'd have to keep the format consistent. Ie, you couldn't move from 1.0 to 1.0.1 or 1.0.0 to 1.0.01 without potentially causing issues. (like from going from 1.0.11 from 1.0.2, you'd have to put 1.0.20 as it'd be comparing 1011 to 102)


I've set up these two samples to hopefully demonstrate this & help your understanding:

First webpage
https://cc.tylertwin...var/1point0.php

<?php
  header("Content-Type: text/plain");
  echo "1.0";
?>

Second webpage
https://cc.tylertwin...var/1point1.php

<?php
  header("Content-Type: text/plain");
  echo "1.1";
?>

Lua:

pastebin run 1VZga5iN
This will check both versions and tell if they're up to date with the default version (1.0). You can additionally run `pastebin run 1VZga5iN 1.1` and you'll see the issue that the 1.0 webpage will return false, as if it's out of date when the client would technically be ahead.

The "Content-Type" headers are not very necessary. It's more used to make it more viewable in a webpage (and technically more correct), because it sees it as a text document instead of an HTML page.



#268080 Active Directory in ComputerCraft

Posted by Twijn on 07 July 2017 - 03:03 AM in General

Sounds like a decent idea but yes; all programs have that security flaw. As you said, it's just a game - but there still could be sensitive data such as passwords that could be intercepted and be shared by someone in different 'real-life' locations (such as emails, google accounts, the list goes on forever). Putting this onto a server instead might be a little bit more secure, given a secure connection and secure hash/encryption methods within the server, though all it takes is someone to overwrite the http.post method and take that information.

I still might try this though, just for fun. :)



#267741 Moving the cursor while read() 'ing. (Login GUI)

Posted by Twijn on 21 June 2017 - 09:13 PM in Ask a Pro

The best solution to this would likely just be to just activate the screen with touch events.

Essentially, if someone clicks on "username", start read()'ing at the position of the username, similarly with the password. The only drawback is they'd have to press enter after putting in each field, though that might be fine for your needs, and the only real way to fix that is to make a custom read() function. Moving the cursor when reading is not quite logical, since it'll all be returned in once the read() function is finished.



#267728 Discover App (Ver. 7.4) - Apps, Snippets, Cloud Storage, Chat Board, Mail, Pr...

Posted by Twijn on 20 June 2017 - 06:36 PM in Programs

This is quite unrelated to the thread; though I've certainly had many issues with SSL connections. Here's what I've found in the past:

https://www.twijnweb.com is available to every CC instance I've tried. There is no problem with this site nor this SSL certificate; according to Java/CC. (Returns the expected http response)
https://www.tylertwining.com (My personal website, which does not have much content) is not available to most instances I've tried. (Returns nil)
https://www.valoranmc.net (My in progress server website) is not available to most instances I've tried. (Returns nil)

I shall note these things:
  • All websites use certificates from the came certificate authority. They're all issued by "COMODO RSA Domain Validation Secure Server CA"
  • TwijnWeb is hosted on a $2.99 web server provided by bisect hosting. The other two (valoranmc.net and tylertwining.com) are hosted on a $89.99 dedicated "game" server hosted by OVH. (Hosted alongside my MC servers)
  • These differences might be what's causing the inconsistencies because the dedicated server might not be configured correctly, or CPanel, which exists on twijnweb.com but not the other two, might be glorifying it somehow to where Java/CC prefers it. (Or, potentially, it prefers it because Java's using an older, less modern means of transmitting the cert than the dedicated server is.) Nonetheless, the dedicated server is configured sufficiently for Chrome and Edge and most likely Firefox to accept the certificates, so I don't see why Java would accept TW.COM's but not the others.
In conclusion, the way in which Java (or, more specifically, ComputerCraft) handles SSL certificates has always been quite odd, at least in my experience. In most cases I'd just suggest to stay away from SSL unless you're actually submitting or obtaining data that requires an encrypted pathway.

It might be worth noting that updating your Java version @Wilma could help your issue; if it is not already up-to-date.


EDIT: This was infact just the issue with my server. Idid upload my certificate and private key, but I forgot my chain. Fixing them now. tylertwining.com & valoranmc.net appears to work fine now. :) The non-crossed out things are still slightly valid. xP



#267662 Airwaves [1.12] [Latest ComputerCraft]

Posted by Twijn on 18 June 2017 - 02:18 AM in Servers

View PostBomb Bloke, on 14 June 2017 - 11:21 PM, said:

Beats me what you'd want regular modems for, but if you can hunt down the Nether portal near spawn (in the wooden fort), you shouldn't have much trouble popping into the End from there.
Was, as you know, because the ender modems wouldn't work with turtles - though that as you pointed out it was just because of the messed up ID from the typo.

View PostWojbie, on 16 June 2017 - 06:04 PM, said:

View PostTwijn, on 14 June 2017 - 09:00 PM, said:

Though, the item "Wireless" on the supply dispenser screen is an ender modem, as well as "Ender" is. Guess I'll just have to hunt down some endermen. :/

Fixed that. Small typo on my part when defining the shop. Tx for reporting.
Np. :) Though as Bomb Bloke said, they don't really have that much of a purpose, with Ender modems.



#267589 Airwaves [1.12] [Latest ComputerCraft]

Posted by Twijn on 14 June 2017 - 09:00 PM in Servers

Sweet server!

Been playing for a few hours or so now.

Though, the item "Wireless" on the supply dispenser screen is an ender modem, as well as "Ender" is. Guess I'll just have to hunt down some endermen. :/



#266508 Craftamares - Open source software installer for ComputerCraft - Never make a...

Posted by Twijn on 20 April 2017 - 09:55 PM in Programs

I still believe the description "Never make a software installer again" is misleading. You're still making a software installer. You just add a bunch of text in front of it. Sorry for the mention yet again but OnlineApps in my opinion could be considered much more of a "software installer." You create the links to other websites as well as the file it's downloaded as and it'll fetch all of those from any raw location via a pastebin script when ran, all done through a webfront. (https://twijnweb.com/oa/)



#266379 Craftamares - Open source software installer for ComputerCraft - Never make a...

Posted by Twijn on 16 April 2017 - 07:54 PM in Programs

Sounds interesting, but, correct me if I'm wrong, it only installs some "common" programs. This makes what you're describing in the thread misleading and false. My first impression of the program was that it was going to aid the developers with a software installer for their own programs, useful for people creating multi-file programs (Which OnlineApps does with a web front, see https://twijnweb.com/oa/ and the thread for more information ;) ). Instead it just downloads some potentially useful programs?



#266150 Post Your Internet Speed!

Posted by Twijn on 08 April 2017 - 04:10 AM in General

Updated now. Just got Spectrum a few days ago.

Posted Image



#265901 WebStone - Redstone Transmission across Worlds & Servers!

Posted by Twijn on 29 March 2017 - 03:45 AM in Programs

Discontinued.




#265472 Sliders - Easy Slider Creation

Posted by Twijn on 10 March 2017 - 12:59 AM in APIs and Utilities

Then why did he call them sliders if they're percentage bars. ;)



#265020 STD-GUI - A multi-appstore appstore! Advanced/Normal compatible! Work...

Posted by Twijn on 22 February 2017 - 12:04 AM in Programs

View PostEldidiStroyrr, on 21 February 2017 - 03:18 AM, said:

View PostCodeWeaver, on 20 February 2017 - 11:18 PM, said:

Interesting. What are all the repositories this program is pulling from?

The repositories are being pulled from my Pastebin. There's one that is a giant list of store items, then the other two interpret other stores and composes a list based on that.


View PostCodeWeaver, on 20 February 2017 - 11:18 PM, said:

Also, you say that a program can be added if it's a "self-sufficient" file. I'm assuming that excludes programs that require multiple files -- but are "installers" acceptable, to get around this?

Yes, installers will do very nicely if your program requires multiple files. STD-GUI doesn't support archiving, due to how trivial an installer would make that, and Discover/OnlineAPPS/anything else would be sure to use other types of formats.

In regards to this program and support with Online Apps, all programs outputted by the APIs will be out of date (and potentially non-existent). We're replacing our old way of running with the new system at https://twijnweb.com/oa . This system does not yet have an API publicly available. I do hope that this program will be updated once I do update my API. OnlineApps will allow you to link files to external places where you host your code - might it be pastebin or github - and will add all of these to a list to be downloaded on the client. This means that essentially OnlineApps is an installer that doubles as a distributor. Currently, you can see the format of how we now export the lists for programs here, or you might want to see how to make this readable by Lua here. (If you do look at the list of programs, right click and hit "View source" if on chrome. Your browser will not see the new lines as new lines)

Unfortunately, I don't have it set up yet to give all of the names of programs in the system.



#264785 OnlineAPPS - Online Program Distribution

Posted by Twijn on 15 February 2017 - 12:11 AM in Programs

This program has now been reworked, and is again being updated regularly.

I've reworked the entire website and API. This means that the API outside of the website is lacking, but the entire system is much more simple. OnlineAPPS no longer hosts code, however it does host the required links to download that code.

See the top post for more information.



#264652 A Problem for Creative Servers that Needs Fixing!

Posted by Twijn on 11 February 2017 - 05:23 AM in Ask a Pro

I've never coded any sponge plugin before, so this may be incorrect, but, I don't believe that there would be any event to stop a turtle from moving into an unwanted place, unless it's one introduced by CC. Other "blocks" moving is kind of unheard of, but of course that is coming from a Bukkit developer (And I'm unaware of how different bukkit/sponge is...). I would imagine that no plugins will support this, as it's generally not a problem with what they're protecting against - stationary blocks.

It potentially could be done with a custom plugin, however I don't see any reason on why a plugin would protect against this since the movement is not normal to what they expect with Vanilla minecraft, as well as modded minecraft.



#263607 ccfBrowse - ComputerCraft Forum Program Browser

Posted by Twijn on 11 January 2017 - 10:02 PM in Programs

View PostLupus590, on 08 January 2017 - 01:00 PM, said:

work out those issues and i can see this being a very cool package manager like program

Thanks, I'm currently attempting to work on some of those issues. Some of the issues I've pointed out myself are sometimes unfortunately very hard to fix, as the system will need a decent amount of intelligence to decide if a code is decent or not.

I'm also debating on if programs with no code found should just be left out. The entry on the program seems kinda pointless, because you can just browse the forums yourself and get the full post (And you don't have to manually type in the links :/)

Tons of tweaks need to be done.... :/



#263505 ccfBrowse - ComputerCraft Forum Program Browser

Posted by Twijn on 07 January 2017 - 09:01 PM in Programs

ccfBrowse


Introduction
ccfBrowse is a program which allows browsing and installing* on programs listed in any category of the ComputerCraft forums.

*Not every program supports installation.

How it Works
Daily, the server will search for all recent programs (More than 200) on each of the program forums here such as API & Utilities, Programs, etc. The server will look for information such as the program name, the program creator, the category of the program, and the code to install the program (If possible). This information is stored into a database to be displayed via this program.

Installation
There are 2 main ways to download this program.

1: Using wget
wget http://raw.twijnweb.com/ccfbrowse/ccfbrowse ccfbrowse
2: (If wget is not available) Using pastebin
pastebin run nwEVWK7b rByqPkOPGzxfohK

You can additionally view the source code here.

Flaws of This Program
This program is very new. Nothing has been tested that well and the intelligence of the auto-scanning is very limited. The program likes specific formats to be followed, and the different formats which some people use on this makes it literally impossible to make it gather all info. (View below to see how to make your program ccfBrowse-friendly.) This results in failure to get codes when the installation code is clearly obvious to human eyes. The program also can catch unneeded information (such as HTML info) when it shouldn't, which requires manual moderation from myself. Additionally, requests to find the code of each program is not very friendly, considering that each one requires an additional request to the server for the topic's link. This program as-of this time is purely a concept - the program is not perfect and it will take a TON of work to be perfect - by both me and by you, those posting the programs.

Making Your Program ccfBrowse-Friendly
Below is a checklist to make your program friendly to our system.
  • Don't use formatting inside of your codes. - Things such as bolding certain parts of the installation information or adding a link to the pastebin code will halt the scanning, as it adds unexpected HTML to your code.
  • Add a space trailing the code. - Adding a space after your code can help because it is less likely for the the scanning to get other characters after the code
  • Make sure the code you want is closest to the top of the page - The system finds the first potential code and goes with it.
  • We don't allow arguments - If you put in something such as pastebin run XXXXXXXX version1, VERSION1 WILL BE CUT OFF.
Screenshots:
Spoiler

Suggestions
Suggestions, Ideas, & Comments are well appreciated, so post them below!



#263257 Password Hash & Verification - Easy & Lightweight

Posted by Twijn on 31 December 2016 - 07:33 PM in APIs and Utilities

View PostAnavrins, on 31 December 2016 - 06:10 PM, said:

You just have to redefine your standards of security in CC.
Assuming somebody haven't compromised your computer that was password protected, then nobody could override that function to send the password somewhere else.
Compared with http, even with an uncompromised computer, you have much more vector for leakages, server owner sniffing outbound traffic, no-https because of outdated Java and password most likely appearing in your server logs.
You may not be logging anything, but that's not how you do security, you don't trust a random forum user with your password for any reasons.
Fair enough.

However it is not recommended to use the same password for different sites anyway. If you say you've put the same password into a computercraft computer as you did to a website, that's not a particularly good idea, no matter what protection they have used.



#263255 Password Hash & Verification - Easy & Lightweight

Posted by Twijn on 31 December 2016 - 05:47 PM in APIs and Utilities

View PostTheRockettek, on 31 December 2016 - 07:40 AM, said:

_oldhash = password.hash
function password.hash(text,type)
upld = http.post(somewhere to upload it)
upld.close()
_oldhash(text,type)
end

You can't protect against that. Any program could potentially have that problem. Again, it's showing that CC code is not particularly secure.

The point is, how can you prove this is less secure than this website.

This website uses an HTTP connection. So does mine. Mine has the ability to use an https connection, yet CC does not support it. This website COULD be storing your password in a non-hashed way. (Not saying it does) You can view your own password hash by pressing the (i) in the corner (on chrome), opening up the cookies, looking under www.computercraft.info, and it shows your member_id and pass_hash. This isn't particularly insecure, however an attacker could imitate the password and potentially access your account.

The security issues you've presented, at least from my perspective, are not my server's or my programs fault. They are the fault of CC's plain insecurity, which every password hashing program will have. I claimed this program was "secure" above, but maybe I should reword that - It's secure under ComputerCraft standards. The only thing that makes this less secure than any of the provided programs is that it uses an HTTP connection to gather the hash and verify anonymously.



#263248 Password Hash & Verification - Easy & Lightweight

Posted by Twijn on 31 December 2016 - 06:00 AM in APIs and Utilities

View PostH4X0RZ, on 31 December 2016 - 01:04 AM, said:

Some flaws in your logic I would like to point out:
1) there will always be latency when using the http API. It also doesn't depend on the users connection, but the connection of the server the user is playing on ( which might be local though). Also, it is possible that the http whitelist is enabled or http is disabled completely.

2) obscurity /= security. Just because people don't know how something is encrypted won't make is more secure. Rot16 is Rot16. Even if you claim that it is a custom algorithm which is more secure than RSA (in your opinion). In addition to that there is no practical way of reversing a hash, even though you know the code which generated it. That's not how hashes work. You are better off searching for collisions.

3) ComputerCraft is not a programming language, but a mod for Minecraft which utilizes Lua ( which is a programming language).

4) languages can't be more secure than others. It all depends on the algorithms used, which are language independent.

5) even though this code is "okay" for most use cases inside of CC, it just implies way too many security risks outside of it. Examples for this are: the server owner is running a proxy, collection all the data sent; the http API has been modified that it logs every request.6) just because your main domain supports HTTPS won't make the subdomain more secure. It is just http.

1) That is my mistake. I meant to say that this resulted into little to no noticeable latency. There will always be latency.

2) Fair enough. I will say though that this is NOT a custom algorithm.

3) I don't take this as a flaw with my logic, but I was referring to the always open source nature that CC has, which is not good in all cases.

4) Same as above

5) There really is no way to prove that I'm not, but I can prove that there is no point to. Say that someone inserted "password" to get hashed. Now having that password is fine and wonderful, but I can't do anything further than that. I don't know where the password came from, if the password was used anywhere else, or anything. I might as well just use a list of common passwords and iterating througha member list, looking for every possible combination hoping for one that'll match. (Which many sites protect against now)

6) I could very well move the folder to http://twijnweb.com/api instead of using the subdomain, allowing for a secured connection. The problem I was pointing out was that ComputerCraft only accepts certain certificates from websites, and mine is not included in that in my tests, and therefore returns nil.



#263231 Password Hash & Verification - Easy & Lightweight

Posted by Twijn on 30 December 2016 - 07:47 PM in APIs and Utilities

View PostAnavrins, on 30 December 2016 - 06:32 PM, said:

This is a terrible idea for multiple reasons.
- The most obvious one is that it's slow, it uses http which has latency compared to pure implementations.
local post = http.post("http://api.twijnweb.com/password/hash","pass="..pass)
- You are sending passwords via an unsecured http connection to your server which may or may not log every request made to it, including passwords.
- Pure implementations of multiple hash functions are doable and decently fast in CC (md5, sha1, blake256, sha256)

It's http since CC supports few certificates. The api subdomain does not allow for secured connections, however www. and nothing does provide it (ie. https://twijnweb.com). Anyway, these requests are technically anonymous - the chances of being on a server with someone using this API and being able to get to the computer to crack the code is literally impossible. I can easily send requests with little to no noticeable latency, any my internet is plainly terrible, with a expected speed of 6 Mbps up, .5 down, however often get to as low as .3 up and down with a ping of 1000+, since my ISP claims we are "too far away." Programs on ComputerCraft have a decent issue, and that is that all algorithms etc. are public. This in some situations can make a password easier to crack. The hash generated by the server is decently hard to crack. You can decide if you want to take my word that I am not logging any of the passwords sent to it. I very well could. Just tie it up to a SQL database, and yay... I have tons of passwords that people have used! What next... test the passwords on literally every account possible on every server possible, on every webserver, just to hope some person has used that password? It's quite not worth it. Both of them purely check the input with the algorithms and see if they are equivalent, echoing back the result to the person who requested the page. (also known as you)


The conclusion is: This program will suffice. ComputerCraft plainly was not made to be a secure programming language. This is quite honestly the best you can get when it comes to security for CC, and if you think that other ways are better, that may be so, however I'm fairly certain it's not more secure. I built this to be lightweight on a CC computer, and I believe it has successfully achieved this, although I do understand the flaws that you pointed out.



#263224 Password Hash & Verification - Easy & Lightweight

Posted by Twijn on 30 December 2016 - 05:53 PM in APIs and Utilities

Discontinued.




#262451 Post Your Internet Speed!

Posted by Twijn on 04 December 2016 - 06:02 PM in General

I beat all of y'all.

http://www.speedtest...sult/5850780467

Trying to get Charter (about 60 mbps) to extend the extra less than 1000 feet to my house (Edit: They'll do it for an estimated $60,000), but they're being stubborn. Maybe soon they'll finally cave in.

On a very, very, good day we get the recommended (and the speed we're paying for) of 6 Mbps.But that usually only lasts for about ~10 min at that speed, when we do actually hit it. What it's at now is usually what it's at.

As you can imagine, it's not quite enough for a family of 4 to use the internet -especially since we have a business at home.

PS: The ping is taken via a computer with a direct Ethernet cable.



#262408 How to turn api.github.com responses into readable Lua table

Posted by Twijn on 03 December 2016 - 01:14 AM in Ask a Pro

welp



#262381 TCCAIC [Project Ended]

Posted by Twijn on 01 December 2016 - 11:36 PM in Programs

View Postexosceleton, on 01 December 2016 - 10:15 AM, said:

View PostLion4ever, on 01 December 2016 - 04:06 AM, said:

This looks really interesting!
Thanks!

View PostLion4ever, on 01 December 2016 - 04:06 AM, said:

Can you add a pastebin link to your post, so i can download it directly to the command computer and/or the turtles please?
The link I provided is for a special testing world where I set up a bunch of stuff for testing (It also links to the required RP).
Downloading with pastebin onto your computers wont really work, because of things like the Turtle Client IDs and the Server's ID not being the same as the ones I send info (which is hard-coded into the program), and that will break basically everything. Plus- the RP is not just for looks, it contains the Custom APIs I added, so you'll need that as well... So sorry, but pastebin isn't really an option here. Maybe I'll find a way in the future.
All in all- It will be a lot simpler for you to just download and copy the whole batch of files from the link! (check the instructions) :)

Adding a Pastebin code will always result in more of people's interest. Why? Who knows what you're downloading. Some people will simply refuse to download things for CC programs. (Like me, sometimes)

(Shameless advertisement here)

With OnlineAPPs (website, thread), you can easily provide a Pastebin code to your program. How? If it's a program with a single file, you can do it yourself! Simply use the website linked to create an account and create your first program.
Multi-file support for programs is an upcoming feature. But, I do luckily have it in a spot where it is functional as a GET service - if you'd like to set it up let me know, and I can get all of the files uploaded and transferred to your account on there. With this, any person is able to paste the pastebin command onto any computer and have every file downloaded quickly.