| Pages: 1 2 3 4 [5] 6 7 8 9 10 11 12 .. 12 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 5 post(s) |
Nova Kierra
State Protectorate
Caldari State
56
   |
Posted - 2013.06.21 07:51:00 -
[121] - Quote
Sorry, I have been busy last couple of days with real life matter, but here is an update on the status of New Eden Faces:
I have found a way to prevent voting for the same character multiple times via global session object. This session object will track character IDs of winners and losers, and if someone were to try and vote via a console by sending an XHR request they will get a nice Error 500: Already voted message. Since this is a global session object, opening New Eden Faces in incognito window or another browser, or another computer will not help the potential attacker, they will still get Error 500: Already voted. Session object is reset after all characters have been voted on, giving a fair chance for everyone to be seen.
Skip button. Initially there was no Skip button on newedenfaces.com. I added it as a feature request in the first few days that the site was up. Since then I have noticed that people would skip votes likes there's no tomorrow. In the end it just turned into abuse. You could have simply held 's' button and it would skip hundreds of characters in a matter of seconds. So with that, there will no longer be a skip functionality.
"But there are so many awfully looking characters, I don't want to be forced to vote if I don't like either of two avatars" you say. To partially remedy this problem I will create a Hall of Shame page and every day a character with the most losses will enter the hall of shame. Of course this won't go into effect right away. I'll give it a few days for wins/losses to be adjusted first.
@Skill Training Online: If anything, I should be thankful to those a**holes that were abusing the site. I know more now about general web security practices than I did a few days ago. 
@S Byerley: a) Yes they (or perhaps one person) were abusing it. I was looking at the console that outputs all requests and log messages in real time right before I decided to shut it down. What was happening is characters' wins/losses counts were being updated without actually clicking on the image. It was quite easy, open REST API console, select a PUT request on www.newedenfaces.com/api/characters/:id and pass in character IDs of winner and a loser. You could send it as much as your heart desires.
b) What do you mean by [the website] being stateless? The web is stateless.
@JAG Fox: Thank you, it won't be long before it's up and running again.
@Khira Kitamatsu: Forcing users to register won't solve the problem unfortunately. This is a problem of authorization rather than authentication. There was no restrictions on API that updates a vote count for winning and losing characters. Plus I think it's nice that a website doesn't force users to register or "Sign in with Facebook". Anyone can jump in and start voting right away.
Regarding to your second question I have already done that using a session object. Alternatively I could use an IP address to see who has voted on which characters. But with session object I don't have to check who voted on what, I just check: has this character been voted on?; it doesn't matter who voted; if this character has already been voted, then no one can vote for same character twice.
@Danica Kaliinen: That level of cryptography is a little beyond my understanding but thanks for suggestion. I think this is a step in the right direction. Although I found a way to prevent voting for the same character more than once, I still don't know how to prevent voting for any characters other than two characters currently present on the screen. In other words current API design still allows to vote for arbitrary character without actually seeing it on the page (as long as no one has voted on that character yet). I don't see much potential abuse here, but nonetheless it's possible. The best case scenario for a potential attacker is that he/she may vote one time for someone from a console, but will still have to wait until all 1500+ people have been voted on before doing this again.
@Eurydia Vespasian: I know, there is really nothing to gain from jacking up the votes on an avatar contest site. It's not even a major contest website, let alone popular among EVE players. But on a bright side I am glad it happened sooner than later.
@Ariel Dawn: You must be referring to that skank (Mr.Epeen's words) that had 400 votes at the end, which 4 times more votes than the next highest rated avatar. 
Creator of New Eden Faces -> www.newedenfaces.com |
Indahmawar Fazmarai
2466
|
Posted - 2013.06.21 13:45:00 -
[122] - Quote
Nova Kierra wrote:Sorry, I have been busy last couple of days with real life matter, but here is an update on the status of New Eden Faces: I have found a way to prevent voting for the same character multiple times via global session object. This session object will track character IDs of winners and losers, and if someone were to try and vote via a console by sending an XHR request they will get a nice Error 500: Already voted message. Since this is a global session object, opening New Eden Faces in incognito window or another browser, or another computer will not help the potential attacker, they will still get Error 500: Already voted. Session object is reset after all characters have been voted on, giving a fair chance for everyone to be seen. Skip button. Initially there was no Skip button on newedenfaces.com. I added it as a feature request in the first few days that the site was up. Since then I have noticed that people would skip votes likes there's no tomorrow. In the end it just turned into abuse. You could have simply held 's' button and it would skip hundreds of characters in a matter of seconds. So with that, there will no longer be a skip functionality. "But there are so many awfully looking characters, I don't want to be forced to vote if I don't like either of two avatars" you say. To partially remedy this problem I will create a Hall of Shame page and every day a character with the most losses will enter the hall of shame. Of course this won't go into effect right away. I'll give it a few days for wins/losses to be adjusted first. @Skill Training Online: If anything, I should be thankful to those a**holes that were abusing the site. I know more now about general web security practices than I did a few days ago. @S Byerley: a) Yes they (or perhaps one person) were abusing it. I was looking at the console that outputs all requests and log messages in real time right before I decided to shut it down. What was happening is characters' wins/losses counts were being updated without actually clicking on the image. It was quite easy, open REST API console, select a PUT request on www.newedenfaces.com/api/characters/:id and pass in character IDs of winner and a loser. You could send it as much as your heart desires. b) What do you mean by [the website] being stateless? The web is stateless. @JAG Fox: Thank you, it won't be long before it's up and running again. @Khira Kitamatsu: Forcing users to register won't solve the problem unfortunately. This is a problem of authorization rather than authentication. There was no restrictions on API that updates a vote count for winning and losing characters. Plus I think it's nice that a website doesn't force users to register or "Sign in with Facebook". Anyone can jump in and start voting right away. Regarding to your second question I have already done that using a session object. Alternatively I could use an IP address to see who has voted on which characters. But with session object I don't have to check who voted on what, I just check: has this character been voted on?; it doesn't matter who voted; if this character has already been voted, then no one can vote for same character twice. @Danica Kaliinen: That level of cryptography is a little beyond my understanding but thanks for suggestion. I think this is a step in the right direction. Although I found a way to prevent voting for the same character more than once, I still don't know how to prevent voting for any characters other than two characters currently present on the screen. In other words current API design still allows to vote for arbitrary character without actually seeing it on the page (as long as no one has voted on that character yet). I don't see much potential abuse here, but nonetheless it's possible. The best case scenario for a potential attacker is that he/she may vote one time for someone from a console, but will still have to wait until all 1500+ people have been voted on before doing this again. @Eurydia Vespasian: I know, there is really nothing to gain from jacking up the votes on an avatar contest site. It's not even a major contest website, let alone popular among EVE players. But on a bright side I am glad it happened sooner than later. @Ariel Dawn: You must be referring to that skank ( Mr.Epeen's words) that had 400 votes at the end, which 4 times more votes than the next highest rated avatar.
Good to know that it is coming back, it's a very nice minigame. 
The Greater Fool Bar-áis now open for business, 24/7. Come and have drinks and fun somewhere between RL and New Eden!-áIngame chat channel: The Greater Fool Bar |
Anslo
The Scope
Gallente Federation
1957
|
Posted - 2013.06.21 16:16:00 -
[123] - Quote
Please vote for your favorite Gallente gud/shite carebear psycho poster
|
Miilla
Hulkageddon Orphanage
485
|
Posted - 2013.06.21 16:17:00 -
[124] - Quote
Title is playing with my dyslexia. |
Anslo
The Scope
Gallente Federation
1957
|
Posted - 2013.06.21 16:22:00 -
[125] - Quote
Also, the vote seems to get stuck when I click a face. I'll click, but it'll..not load a new set?
|
Miilla
Hulkageddon Orphanage
485
|
Posted - 2013.06.21 16:22:00 -
[126] - Quote
Anslo wrote:Also, the vote seems to get stuck when I click a face. I'll click, but it'll..not load a new set?
Try punching it |
Anslo
The Scope
Gallente Federation
1957
|
Posted - 2013.06.21 16:31:00 -
[127] - Quote
Miilla wrote:Anslo wrote:Also, the vote seems to get stuck when I click a face. I'll click, but it'll..not load a new set? Try punching it
Didn't work. Tried clearing cache and other stuff, but no joy. This thing not good with Chrome?
|
Nova Kierra
State Protectorate
Caldari State
57
|
Posted - 2013.06.21 16:34:00 -
[128] - Quote
Anslo wrote:Miilla wrote:Anslo wrote:Also, the vote seems to get stuck when I click a face. I'll click, but it'll..not load a new set? Try punching it Didn't work. Tried clearing cache and other stuff, but no joy. This thing not good with Chrome?
My apologies, I forgot to shutdown the website. It wasn't meant to be up and running just yet. I am mostly done with working out the bugs, so hopefully it will be up and running very soon!
Thanks for your patience!
Nova
Creator of New Eden Faces -> www.newedenfaces.com |
Anslo
The Scope
Gallente Federation
1958
|
Posted - 2013.06.21 16:36:00 -
[129] - Quote
Noooz put it back up, how else will I pass my Friday DDDD:
|
Khira Kitamatsu
650
|
Posted - 2013.06.21 16:56:00 -
[130] - Quote
Sounds good....I hope you get it up and running smoothly. 
Ponies!-á We need more ponies! |
|
|
Nova Kierra
State Protectorate
Caldari State
57
|
Posted - 2013.06.21 20:38:00 -
[131] - Quote
New Eden Faces is back online
Disclaimer: The next few days will be the beta-testing stage. Do not be upset if I reset stats now and then as I find new bugs.
In the meantime, please do try and break the website so I could fix the problems sooner than later. If you find something suspicious, like wins or losses count is not being updated properly, let me know.
Creator of New Eden Faces -> www.newedenfaces.com |
Anslo
The Scope
Gallente Federation
2007
|
Posted - 2013.06.21 21:00:00 -
[132] - Quote
I think I broke it again. The thing is stuck on Brit Green and Deni Aylet no matter who I click.
|
Mr Epeen
It's All About Me
2801
|
Posted - 2013.06.21 21:19:00 -
[133] - Quote
Anslo wrote:I think I broke it again. The thing is stuck on Brit Green and Deni Aylet no matter who I click.
Me too.
It was humming along pretty well up to that point.
Mr Epeen 
There are 86,400 seconds in a day. You just saved one of them by typing 'u' instead of 'you'.-á Congratulations, dumbass! |
Anslo
The Scope
Gallente Federation
2026
|
Posted - 2013.06.21 21:50:00 -
[134] - Quote
...so...I already went through all of them...and I want to do more...I have a problem don't I?
|
Nova Kierra
State Protectorate
Caldari State
58
|
Posted - 2013.06.21 22:02:00 -
[135] - Quote
Anslo wrote:I think I broke it again. The thing is stuck on Brit Green and Deni Aylet no matter who I click.
This will happen if one the characters has already been voted on.
Quick fix is to refresh a page.
I have tested this issue specifically and very surprised to hear you are experiencing it. Did anyone have the same problem?
Creator of New Eden Faces -> www.newedenfaces.com |
S Byerley
The Manhattan Engineer District
24
|
Posted - 2013.06.22 03:05:00 -
[136] - Quote
Nova Kierra wrote:@S Byerley: a) Yes they (or perhaps one person) were abusing it. I was looking at the console that outputs all requests and log messages in real time right before I decided to shut it down. What was happening is characters' wins/losses counts were being updated without actually clicking on the image. It was quite easy, open REST API console, select a PUT request on www.newedenfaces.com/api/characters/:id and pass in character IDs of winner and a loser. You could send it as much as your heart desires. b) What do you mean by [the website] being stateless? The web is stateless.
Ah, that sucks. I hope you don't view it as any sort of attack on your work; I think Eve just has a lot of IT inclined people who like to poke at holes.
HTTP is stateless, but these days there's almost always a makeshift layer on top of it; your new global session object is an example from the sounds of it, but it does have the drawbacks you already mentioned.
I'm not much of a web dev, but I think you do want to switch over to a nonce system at some point. It's just a random string (associated with the vote options) that the server generates and sends to the client with the other junk. The client sends it back as part of their PUT, and the server checks if it's valid. It doesn't give you end-to-end protection, but that would be overkill anyway. It's a pretty common strategy so there ought to be libraries out there for it; they might be called some flavor of cookie depending on where you look. |
miiral
4091
|
Posted - 2013.06.22 11:16:00 -
[137] - Quote
Nova Kierra wrote:Anslo wrote:I think I broke it again. The thing is stuck on Brit Green and Deni Aylet no matter who I click. This will happen if one the characters has already been voted on. Quick fix is to refresh a page. I have tested this issue specifically and very surprised to hear you are experiencing it. Did anyone have the same problem?
I can confirm this too, refresh/reload does not help.
In my case, one portrait appeared twice in a row and then it was stuck on that pair.
5 nonstop years in EVE and all I got is-áthis toon... YAY ME ! |
Nova Kierra
State Protectorate
Caldari State
61
|
Posted - 2013.06.22 13:47:00 -
[138] - Quote
miiral wrote:Nova Kierra wrote:Anslo wrote:I think I broke it again. The thing is stuck on Brit Green and Deni Aylet no matter who I click. This will happen if one the characters has already been voted on. Quick fix is to refresh a page. I have tested this issue specifically and very surprised to hear you are experiencing it. Did anyone have the same problem? I can confirm this too, refresh/reload does not help. In my case, one portrait appeared twice in a row and then it was stuck on that pair.
I will temporarily fix it by so that 2 avatars that have been voted on, must be present, instead of at least one. In the meantime I will figure out what's causing these random hicups.
Creator of New Eden Faces -> www.newedenfaces.com |
JAG Fox
GunStars
40
|
Posted - 2013.06.22 19:32:00 -
[139] - Quote
good stuff nova! nice have this going again.
one thing i'm not sure about is allowing you to see the wins/losses on mouse-over? this only serves to bias the selection process i think. i know for myself, if i can't make a quick decision, i will give it to the one with least wins..
Kisses!Foxie. |
Ariel Dawn
F9X
989
|
Posted - 2013.06.22 21:49:00 -
[140] - Quote
Really cool that it's working again, neat to see what people can do with avatars, really like the following ones that I hadn't seen before:
http://www.newedenfaces.com/characters/90433547
http://www.newedenfaces.com/characters/90209574
http://www.newedenfaces.com/characters/91457977
http://www.newedenfaces.com/characters/92948746
http://www.newedenfaces.com/characters/1499924907 <- First time I've seen good use of the monocle!
Large # of the male chars are the NPC faction leaders though, hah. |
|
|
Nova Kierra
State Protectorate
Caldari State
62
|
Posted - 2013.06.23 00:48:00 -
[141] - Quote
JAG Fox wrote:good stuff nova! nice have this going again.
one thing i'm not sure about is allowing you to see the wins/losses on mouse-over? this only serves to bias the selection process i think. i know for myself, if i can't make a quick decision, i will give it to the one with least wins..
I was planning to remove that tooltip for some time now. Funny, but I do exactly the same thing when I am not sure who to vote for, and always vote for the avatar with higher wins count. So perhaps in the next update I'll get rid of it. Meanwhile if you spot any bugs or vulnerabilities please do mention them.
Creator of New Eden Faces -> www.newedenfaces.com |
JAG Fox
GunStars
40
|
Posted - 2013.06.23 00:57:00 -
[142] - Quote
Nova Kierra wrote:JAG Fox wrote:good stuff nova! nice have this going again.
one thing i'm not sure about is allowing you to see the wins/losses on mouse-over? this only serves to bias the selection process i think. i know for myself, if i can't make a quick decision, i will give it to the one with least wins.. I was planning to remove that tooltip for some time now. Funny, but I do exactly the same thing when I am not sure who to vote for, and always vote for the avatar with higher wins count. So perhaps in the next update I'll get rid of it. Meanwhile if you spot any bugs or vulnerabilities please do mention them.
the only bug i see is the blatant down/up voting going on.. but lol. it is what it is
there is no way akirei and others are losing half their matches.. *sigh*
Akirei Skytale
Kisses!Foxie. |
Nynette
Caldari Provisions
Caldari State
1
|
Posted - 2013.06.23 02:21:00 -
[143] - Quote
JAG Fox wrote:Nova Kierra wrote:JAG Fox wrote:good stuff nova! nice have this going again.
one thing i'm not sure about is allowing you to see the wins/losses on mouse-over? this only serves to bias the selection process i think. i know for myself, if i can't make a quick decision, i will give it to the one with least wins.. I was planning to remove that tooltip for some time now. Funny, but I do exactly the same thing when I am not sure who to vote for, and always vote for the avatar with higher wins count. So perhaps in the next update I'll get rid of it. Meanwhile if you spot any bugs or vulnerabilities please do mention them. the only bug i see is the blatant down/up voting going on.. but lol. it is what it is there is no way akirei and others are losing half their matches.. *sigh* Akirei Skytale
A lot of great avatars on that site, just the luck of the draw. I'll even admit I chose a different avatar vs. you when it popped up.  |
Nova Kierra
State Protectorate
Caldari State
62
|
Posted - 2013.06.23 03:52:00 -
[144] - Quote
A lot of similar avatars too: http://www.newedenfaces.com/characters/90380309 and http://www.newedenfaces.com/characters/93458077
Sometimes I have those moments - "wait didn't I just vote for this avatar?!" But they were in fact two different characters.
Creator of New Eden Faces -> www.newedenfaces.com |
Anslo
The Scope
Gallente Federation
2088
|
Posted - 2013.06.24 17:52:00 -
[145] - Quote
Sigh, I'm loosing so badly now :(
Need feedback D:
|
Ariel Dawn
F9X
989
|
Posted - 2013.06.24 18:55:00 -
[146] - Quote
Nynette wrote:JAG Fox wrote:Nova Kierra wrote:JAG Fox wrote:good stuff nova! nice have this going again.
one thing i'm not sure about is allowing you to see the wins/losses on mouse-over? this only serves to bias the selection process i think. i know for myself, if i can't make a quick decision, i will give it to the one with least wins.. I was planning to remove that tooltip for some time now. Funny, but I do exactly the same thing when I am not sure who to vote for, and always vote for the avatar with higher wins count. So perhaps in the next update I'll get rid of it. Meanwhile if you spot any bugs or vulnerabilities please do mention them. the only bug i see is the blatant down/up voting going on.. but lol. it is what it is there is no way akirei and others are losing half their matches.. *sigh* Akirei Skytale A lot of great avatars on that site, just the luck of the draw. I'll even admit I chose a different avatar vs. you when it popped up.
Majority of the leading avatars are good looking as well as showing "character", a large number of the well made avatars that look nice but are boring don't seem to get votes because of the larger picture sizes used for the voting (not that I'm complaining ).
Lot of new, really awesome avatars out there that I've seen on the site now that it's working, giving me some ideas for other characters! |
Nova Kierra
State Protectorate
Caldari State
62
|
Posted - 2013.06.24 20:10:00 -
[147] - Quote
I am surprised that it's still running 3 days later, no crashes, no cheating or hacking attempts.
Anyway, I will be pushing an update tonight that fixes minor UI glitches and I will also be removing the tooltip with Wins/Losses when you mouse over character's name. This is to remove the voting bias.
Do you have any other quick suggestions while I am at it?
Creator of New Eden Faces -> www.newedenfaces.com |
Indahmawar Fazmarai
2469
|
Posted - 2013.06.24 20:43:00 -
[148] - Quote
Nova Kierra wrote:I am surprised that it's still running 3 days later, no crashes, no cheating or hacking attempts.
Anyway, I will be pushing an update tonight that fixes minor UI glitches and I will also be removing the tooltip with Wins/Losses when you mouse over character's name. This is to remove the voting bias.
Do you have any other quick suggestions while I am at it?
Ban Achura, give Khanid a chance. 
The Greater Fool Bar-áis now open for business, 24/7. Come and have drinks and fun somewhere between RL and New Eden!-áIngame chat channel: The Greater Fool Bar |
JAG Fox
GunStars
44
|
Posted - 2013.06.24 21:23:00 -
[149] - Quote
Indahmawar Fazmarai wrote:Nova Kierra wrote:I am surprised that it's still running 3 days later, no crashes, no cheating or hacking attempts.
Anyway, I will be pushing an update tonight that fixes minor UI glitches and I will also be removing the tooltip with Wins/Losses when you mouse over character's name. This is to remove the voting bias.
Do you have any other quick suggestions while I am at it? Ban Achura, give Khanid a chance.
It's actually mostly sebiestors that seem to be popular. I don't think the tattoo/goth look is that interesting, but then i was never into the vampire movies either, and still don't have any tats.. *sigh* 
Kisses!Foxie. |
Brit Green
Science and Trade Institute
Caldari State
30
|
Posted - 2013.06.24 21:25:00 -
[150] - Quote
Once upon a time some guy made character portrait for the original portrait games. Since there was no CQ at that time he didn't care about the fact that his character, while hot, had a fat ass and no boobies. As time passed he wanted a new character and found that it gave him the heebie jeebies to look upon the hot, fat assed character he made so long ago. So he made another one that was similar but had a decent body.
That's my story and I'm sticking to it 
|
|
|
|
|
| |
|
| Pages: 1 2 3 4 [5] 6 7 8 9 10 11 12 .. 12 :: one page |
| First page | Previous page | Next page | Last page |