Avakael wrote:Quick bug: when using the dark skin, NS++ messes with the CSS and makes telegrams unreadable without highlighting them. As a result, I've had to turn it off.
Will have a fix out shortly, discovered why. Stupid Jquery-UI library...
Advertisement
by Afforess » Fri Jul 19, 2013 11:10 pm
Avakael wrote:Quick bug: when using the dark skin, NS++ messes with the CSS and makes telegrams unreadable without highlighting them. As a result, I've had to turn it off.
by [violet] » Fri Jul 19, 2013 11:21 pm
Afforess wrote:[violet] wrote:Why are you verifying nation ownership anyway? I read the TG from the bot but still don't understand.
To prevent another nation from being able to read/write to user settings or issue choices. I generate a login token for firebase based on my secret key + nation name which is unique and lasts for 30 days. If I didn't do this, any nation could start manipulating another users settings or previous issue selections. Or I would not be able to use cloud backup/syncing.
by [violet] » Fri Jul 19, 2013 11:23 pm
Afforess wrote:My alias 'Afforess' is pretty well linked with my real-life identity, so if I did something malicious, it would get back to me and it would affect my employment situation.
by Afforess » Fri Jul 19, 2013 11:30 pm
[violet] wrote:Afforess wrote:To prevent another nation from being able to read/write to user settings or issue choices. I generate a login token for firebase based on my secret key + nation name which is unique and lasts for 30 days. If I didn't do this, any nation could start manipulating another users settings or previous issue selections. Or I would not be able to use cloud backup/syncing.
By user settings you mean the "NS++ Settings"? Like whether I've enabled Embassy Flags or whatever? That's not actually tied to a nation account, is it? It seems specific to the extension.
[violet] wrote:Issue choices I'm unclear about, too... I don't get why you need a TG from a nation to prevent other people from answering their issues.
[violet] wrote:More fundamentally I'm confused by why sending a TG proves that the user is logged in any more than just, you know, them being logged in. It proves to YOU that someone is using your extension but I'm not sure what it's doing for the user.
by Individuality-ness » Fri Jul 19, 2013 11:40 pm
[violet] wrote:Afforess wrote:My alias 'Afforess' is pretty well linked with my real-life identity, so if I did something malicious, it would get back to me and it would affect my employment situation.
Good to know! If you can send us a highly incriminating photograph of yourself wearing only underpants, that would be helpful, too.
by Hyperion » Sat Jul 20, 2013 12:09 am
Exchange Rate: Hypernote
2.55 H$= 1 N$ = 2 USD
Unemployment: 9%
GPD/Capita: H$ 8,930
Debt: H$ -416,215,102
Details:
http://www.nstracker.net/hyperion&page=economics
Total: 2,080,205
Land: 1,337,700
Navy: 205,800
Airforce: 514,500
Budget: 20%
Details:http://www.nstracker.net/hyperion&page=military
Tax: 29%
Population: 1.029 Billion
Animal: Colossal Squid
Industry: Pizza Delivery
Currency: Hyper-Note
Leader: J Humble
http://www.nstracker.net/hyperion
Administration: 2%
Welfare: 12%
Education: 22%
Defence: 20%
Public Transport: 9%
Environment: 22%
Not listed? We don't fund it.
by Afforess » Sat Jul 20, 2013 12:25 am
by Grobladonia » Sat Jul 20, 2013 4:56 am
- referring to a clue in a guessing game I made.The Saint James Islands wrote:Grobladonia is very sneaky...
He is a devilishly sneaky devil...
by Afforess » Sat Jul 20, 2013 11:29 am
Grobladonia wrote:I'm afraid it's not quite fixed yet. When closed the TGs look like they should, but when opened they still partially display the bug, such as here.
EDIT: And square flags still appear stretched. Very wide flags might be compressed as well, but I can't quite tell. It may be more subtle, or it may be not be there at all. This only happens in lists, such as the Dossier.
by Grobladonia » Sat Jul 20, 2013 12:47 pm
- referring to a clue in a guessing game I made.The Saint James Islands wrote:Grobladonia is very sneaky...
He is a devilishly sneaky devil...
by Avakael » Sat Jul 20, 2013 4:49 pm
Afforess wrote:Grobladonia wrote:I'm afraid it's not quite fixed yet. When closed the TGs look like they should, but when opened they still partially display the bug, such as here.
EDIT: And square flags still appear stretched. Very wide flags might be compressed as well, but I can't quite tell. It may be more subtle, or it may be not be there at all. This only happens in lists, such as the Dossier.
All fixed.
by Afforess » Sat Jul 20, 2013 5:04 pm
by Avakael » Sat Jul 20, 2013 6:43 pm
by Hyperion » Sat Jul 20, 2013 7:05 pm
Exchange Rate: Hypernote
2.55 H$= 1 N$ = 2 USD
Unemployment: 9%
GPD/Capita: H$ 8,930
Debt: H$ -416,215,102
Details:
http://www.nstracker.net/hyperion&page=economics
Total: 2,080,205
Land: 1,337,700
Navy: 205,800
Airforce: 514,500
Budget: 20%
Details:http://www.nstracker.net/hyperion&page=military
Tax: 29%
Population: 1.029 Billion
Animal: Colossal Squid
Industry: Pizza Delivery
Currency: Hyper-Note
Leader: J Humble
http://www.nstracker.net/hyperion
Administration: 2%
Welfare: 12%
Education: 22%
Defence: 20%
Public Transport: 9%
Environment: 22%
Not listed? We don't fund it.
by Avakael » Sat Jul 20, 2013 10:59 pm
Hyperion wrote:Waterfox has a modified code than Firefox, so while it CAN run Firefox plugins, it can't exactly run them too well. It would need to have support adjusted. Also, I just don't like how Waterfox looks.
by Grobladonia » Sun Jul 21, 2013 2:56 am
- referring to a clue in a guessing game I made.The Saint James Islands wrote:Grobladonia is very sneaky...
He is a devilishly sneaky devil...
by The IASM » Sun Jul 21, 2013 2:57 am
by Kalosia » Sun Jul 21, 2013 3:04 am
by Afforess » Sun Jul 21, 2013 9:45 am
Grobladonia wrote:I've got another bug. The puppet switcher misfires sometimes. When I click certain puppets instead of logging in I'm just simply take to it's nation page. Interestingly, one such puppet worked a few times, but it no longer does.
Deleting it from the list and adding it again seems to clear it up.
by Afforess » Sun Jul 21, 2013 9:46 am
Kalosia wrote:When can we expect a Safari version?
by Grobladonia » Sun Jul 21, 2013 2:25 pm
Afforess wrote:Grobladonia wrote:I've got another bug. The puppet switcher misfires sometimes. When I click certain puppets instead of logging in I'm just simply take to it's nation page. Interestingly, one such puppet worked a few times, but it no longer does.
Deleting it from the list and adding it again seems to clear it up.
This means you entered the wrong user/pass. I'll look into making it tell you it failed to login in the future.
- referring to a clue in a guessing game I made.The Saint James Islands wrote:Grobladonia is very sneaky...
He is a devilishly sneaky devil...
by Afforess » Sun Jul 21, 2013 3:15 pm
by [violet] » Sun Jul 21, 2013 4:35 pm
Afforess wrote:This will all need to be synced, and localStorage is a poor place to keep permanent data.
Afforess wrote:Edit: However, if you would like to provide an up to 5mb json storage option for each user, I would totally use that. Then you could be sure the data was secure and under your control.
by Afforess » Sun Jul 21, 2013 5:59 pm
[violet] wrote:Afforess wrote:This will all need to be synced, and localStorage is a poor place to keep permanent data.
If I understand this right, what you want is for the user effectively to create an NS++ account on your server, but you don't want them to have to do this manually (and come up with a password for it, etc). So in lieu of a password, your extension wants to piggyback off NS authentication, and make sure the user is logged into NS before offering up access to any stored NS++ data. But this makes it vulnerable to a situation where, for example, a user alters their machine's DNS settings and creates a fake nationstates.net that verifies the user is logged in as anyone. So you do a TG exchange with your bot that proves to you that the nation is indeed logged in, and then they get access to an NS++ account in that nation's name.
Is that right? If so, what happens when I delete that TG and switch browsers? I'm logging in as the same nation and using NS++ but how do you know it's really me?
[violet] wrote:The TG bot is clever but definitely sub-optimal. It surprised me to see a telegram in my Sent Items that I never sent (is there any warning about this?). And it seems like a violation of site script rules, which prohibit the auto-sending of TGs.
[violet] wrote:Afforess wrote:Edit: However, if you would like to provide an up to 5mb json storage option for each user, I would totally use that. Then you could be sure the data was secure and under your control.
We are unlikely to do that, but we have tossed around various authentication schemes for 3rd-party sites, as you know. So possibly a nation could generate a key, and that key would authenticate them to you.
Advertisement
Users browsing this forum: Haku
Advertisement