Geeks Who Shower

Major site overhaul
posted September 18, 2007 by eedok
If you haven't noticed yet, I did a major overhaul of the site. The most noticeable change is I've redesigned the site for a more minimalist look. I also got rid of all the old code, this new site is 100% new code, which is better suited for memory and cpu usage which should make the site run faster. I've also done away with the forum software as I though it was overkill for a news aggregator and comment system(don't worry the new comment system still supports a subset of bbcode in the comments). The backend was also completely redone to make the site a lot easier for me to update and add new pages.

As for exciting stuff that happened, I took part in 2 game competitions and although I didn't win either of them I uploaded the entries for Larry the Antigrav Slime and Cheese run to the games page. Check them out if you have time.

I hope you enjoy the new

New Game
posted April 15, 2007 by eedok
I have decided to release a lab I did for class publicly as a game here.
Space Survivor


feel free to post your score below.

grabbing text input in pygame
posted January 25, 2007 by eedok
this is just code for a simple way to get some text through a text interruption:
import pygame,sys

def prompt(x,y,prompt_string,font,screen):
    """Create a prompt for a user to enter a string
    x -- the x location of the input box to be rendered
    y -- the y location of the input box to be rendered
    prompt_string -- the string to be rendered in the input box
    font -- the font to render the strings with
    screen -- the main screen to render on
    return_string -- a string of what the user entered
    #the value to be returned
    #calculate the size of the input box, and set it to the
    width,height = font.size(prompt_string)
    box = pygame.Rect((x-5, y-5), (width,height))
    #draw the blue box around the input   
    text = font.render(prompt_string,True,(255,255,255))
    #calculate the white part of the input area
    input_area = pygame.Rect((x, y+height/2-5), (width-10,height/2-5))
    #loop until done(set if enter or escape is hit)
    while not done:
        #fill the input area with white
        #put what's currently inputted into the input area
        input_text = font.render(return_string,True,(0,0,0))
        #wait for an event
        if event.type == pygame.KEYDOWN:
            #if escape was hit assume the user doesn't want to enter anything, return nothing
            if event.key == pygame.K_ESCAPE:
            #if return was hit, assume the user is finished entering text and return what's been entered
            elif event.key == pygame.K_RETURN:
            #if backspace is hit, move the carat back one space and destroy the last letter
            elif event.key == pygame.K_BACKSPACE:
                #make sure there's something in the string first, don't want to kill what's not there
                if len(return_string)>0:
                #add the typed letter to the string
    return return_string
size = width, height = 640, 480
screen = pygame.display.set_mode(size)
pygame.display.set_caption("Prompt test")
while 1:
    for event in pygame.event.get():
        if event.type == pygame.QUIT:
        if event.type == pygame.KEYDOWN:
                    if event.key==pygame.K_ESCAPE:
                    if event.key==pygame.K_RETURN:
                        player_name=prompt(width/2-100,height/2-64,"Please enter your name:",font,screen)
        screen = pygame.display.get_surface()
    text = font.render(player_name,True,(255,255,255))

Open Source Java
posted November 13, 2006 by eedok
looks like sun finally got around to opening the source of java up, making it a more viable platform to develop on. The newest release promises improvement over the current shortcomings when it comes to desktop applications, and the nice thing about now that it's open source, if sun doesn't live up to their promise java can be forked to actually live up to these standards. Another possibility is that of cut down virtual machines that don't take as much memory and are better suited for running games. Another advantage the new release of java is going to have is the new scripting engine that's to be included with the runtime. With this being said the werewolf engine needs to be re-evaluated as it may not even be necessary if building a framework in java will get the job done faster and without the worries of being tied to a specific platform.

Things to consider when building web applications
posted November 02, 2006 by eedok
Looking on the internet you can find a lot of tutorials on how to create web applications. However what most of these forget to tell you is that the majority of them are crap, either incorrect or insecure, and sometimes even both. Here is just a list of things that you should look out for no matter what you're doing in your web application, a crap tutorial can easily be spotted by a lack of including the following that are applicable to their web applications:

1. Improper memory management/Buffer overflows
When it normally occurs: When inputs are larger than the amount of memory allocated for the input
Why this is bad: A large enough buffer overflow may be able to make it to the executable portion of the program allowing arbitrary code execution
Ways to prevent it: The easiest way to prevent buffer overflows is by using string objects built into most languages rather than plain char arrays. Other ways to prevent this is to first find out how much memory is needed, then allocate it before assigning data to the variable. Another way is by trimming the input to fit the size of memory allocated for it.

2. SQL injection
When it normally happens: When invalidated user input makes it directly to the database
Why this is bad: It allows for the attacker to execute whatever SQL they want, giving them the ability to sabatoge or gain sensitive information from the database
How to prevent it: parameterize any queries that allow custom input

3. Cross-site scripting
When it normally happens: When user input is displayed and the html is not validated
Why this is bad: This allows attackers to execute whatever javascript they want and the browser thinks it's from your site, and with new technologies such as ajax they'll be able to retrieve the information across the network
How to prevent it: The easiest way to thwart this attack is to disallow html altogether, and use things like cgi.escape(python) or htmlspecialchars(php) to escape the html values from the input. If you're more adventerous you could create a regex to filter out scripts from the input.

4. Flooding
When it happens: When there is no restriction put on the attacker and they continously spam your program
Why this is bad: Waste of bandwidth and possibly disk space, could make a site look unprofessional, and in worst case scenarios cause DOS attacks. Also can lead to brute force cracking.
How to prevent it: Throttle the amount of bandwidth a user is allowed to use, also could invoke a timer every time input is recieved and disallow input until the timer is up.

5. Lack of CAPTCHA
When it happens: When the programmer is lazy and doesn't verify that who does the input is human
Why this is bad: It makes the web application an easy target for bots, which can range in severity from spam to DDOS attacks
How to prevent it: use a CAPTCHA when authenticating users or allowing guest entries

6. Invalidated includes
When it happens: When the includes are based on user input, and the attacker changes the input for their advantage
Why this is bad: First it can allow the attacker to trick the include system to disclose sensitive information. Another backlash is if the attacker gets the include file to include itself it could lead to an infinite loop and cause a DOS attack
How to prevent it: Whitelist the sites that are allowed to be included

These are just 6 very basic security considerations that should be taking into consideration when building a web application, not a comprehensive list. Publishing an application/tutorial without taking the above things into consideration is just being plain irresponsible

<< Newer News Older News >>