26
DC Website Help and Extras / Re: Is DC attacked again?
« on: December 26, 2018, 05:44 PM »
Gave $10 of my DonationCredits to the server! Hold strong server!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
An AI has managed to cheat with the best humanity has to offer after discovering an exploit in classic arcade game Q*bert and running with it.
While earlier iterations of the AI would play Q*bert properly, at some point in its learning of how the game works, it discovers an exploit that lets it rack up insane points. Naturally, as any score-hunting player would, it repeats the process so it can boost its score in the most effective way possible.
You can see the AI working its way around platforms in the video below. At first, it looks as if it’s aimlessly jumping between platforms. Instead of seeing the game progress to the next round, Q*bert becomes stuck in a loop where all its platforms begin to flash – it’s here the AI can then go on a score-frenzy racking up huge points.
It does it even when the lid is closed?My laptop has a hard switch for detecting if it is closed or open, but it is currently set at the Windows software level to hibernate if that happens (apparently, I never close my lid). I have not powered off my mouse yet and I do believe it did light up on its own again, but I have to wonder if it really is the mouse. Although they are different OSes, the OpenSUSE partition, if left on all night, it doesn't seemingly power my screen on if it turns off.-4wd (December 25, 2018, 05:37 PM)
In short, a simple process of elimination is likely to produce a much quicker cause for the problem that you experience. Only when your computer is still acting up when you have disconnected all peripherals. It can even be something like your USB mouse/keyboard is supplying too much information than Windows is set to handle. Any operation system can start acting weird with something like that.-Shades (December 24, 2018, 10:56 PM)
Or the simple solution, turn the monitor off.Well, you'd think that. This is a laptop setup, in which the PSU and monitor are all wedged into one chassis (so to speak), and even using a softswitch (the FN keys) to turn off the monitor, it does power itself back on at random times when I am trying to sleep.-4wd (December 25, 2018, 05:19 AM)
Is the machine set to shut down or hybrid hibernate which is the default on W10. If the latter it's not something like a Wake on LAN or Wake on USB?-magician62 (December 25, 2018, 06:52 AM)
It might also be some service like the update service, causing your pc to power on at certain times to check for updates.I've also considered this, but the event logs from checking for updates (at least Window logs) do not match the times of the random powerons.-mouser (December 25, 2018, 09:04 AM)
Asudem: Until July 29 you can probably just re-install Win 10. I downloaded the installer myself. If you can't reinstall Win 10 the way you did before because of the shorted USB port, it's a hardware problem not a software problem. You have until July 29th to get that fixed and reinstall Win 10.-Arizona Hot (June 24, 2016, 11:14 PM)
Heh. It was cute. But not as cool as the one where you throw the ball and the dog chases it.WHAT! Link please!-MilesAhead (June 22, 2016, 04:32 PM)
Sounds like you did the change before sending out the message, rather than immediality before displaying it? Also sounds like you're not doing proper escaping of the messages.-f0dder (June 13, 2016, 11:50 AM)
Oh no doubt that was my first though. Perhaps I'll just replace <script> tags altogether with null =P. I'm not too worried about my userbase at the moment and will brainstorm on some proper escape handling!Super amazing find! Thank you so much! And yes, now the trick is the escape handling as the messages are inThat's once concern - the biggest concern is security. You really don't want to execute random <script> blocks sent by malicious users
Quote
[timestamp]<username> message
format and the angle brackets eat the usernames!-Asudem (June 11, 2016, 10:55 AM)-f0dder (June 11, 2016, 12:14 PM)
You'll probably want to hack in your handling in the cah.log.js - and you really, really, really want to be careful when dealing with user input.
The actual rendering of the text is this snippet:Code: Javascript [Select]
if (opt_allow_html) { $(node[0]).html(full_msg); } else { $(node[0]).text(full_msg); }
So a quick guess without looking at the rest of the codebase is that the user input isn't escaped, it's simply not rendered as html content. You could add escape-then-linkify to the text codepath and replace .text() with .html(), while hoping that whatever escaping method you use handles all the nasty corner cases :-)-f0dder (June 11, 2016, 06:08 AM)
[timestamp]<username> messageformat and the angle brackets eat the usernames!
Sounds like you need to find out where the code escapes the HTML characters and un-escape it.I am slightly new to javascript, but I think I have a fairly good basic grasp of reading it. I believe the escaping occurs somewhere here, not 100% how though...-Deozaan (June 10, 2016, 07:03 PM)
Can't you run that regex code on the "text" variable from that highlighted line of code?
Specifically, use:Code: Javascript [Select]
// Set the regex string var regex = /(https?:\/\/([-\w\.]+)+(:\d+)?(\/([\w\/_\.]*(\?\S+)?)?)?)/ig // Replace plain text links by hyperlinks text = text.replace(regex, "<a href='$1' target='_blank'>$1</a>");
Between lines 154 and 155.-Deozaan (June 10, 2016, 04:24 PM)
<a href='http://www.google.com' target='_blank'>http://www.google.com</a>
TeamViewer has introduced some new features to make it harder to take over a user's computer from an unauthorized remote computer.
TeamViewer says that they were not hacked, and I tend to believe them. However there is currently a thriving online market in passwords stolen from various sites (LinkedIn, Adobe, etc...), so perhaps the most important step in protecting oneself from hacking is to use significantly different passwords for different sites. Long ones!-xtabber (June 06, 2016, 02:46 PM)
I use it to remote in from mobile. Not anymore though.Oh the hack is very real. Someone logged into my computer at about 6am and went to eBay and bought themselves $400 in iTunes giftcards and then tried to buy $200 in PlayStation giftcards from amazon.-Asudem (June 03, 2016, 01:36 PM)
Why are you continually running it?-wraith808 (June 03, 2016, 01:50 PM)