Dominion Strategy Forum

Please login or register.

Login with username, password and session length
Pages: 1 ... 17 18 [19] 20 21 ... 72  All

Author Topic: Goko Dominion Salvager Discussion  (Read 616453 times)

0 Members and 1 Guest are viewing this topic.

GwinnR

  • Tactician
  • *****
  • Offline Offline
  • Posts: 417
  • Respect: +786
    • View Profile
    • German Youtube-Videos
Re: Goko Dominion Salvager Discussion
« Reply #450 on: August 26, 2013, 02:01:58 pm »
+1

Would be cool if you could see the rating of your opponent, when a automatch-game is proposed. Now I only see my own rating.
Logged
Nobody's perfect, but I'm only a nobody o.O

My german Youtube-Channel: http://www.youtube.com/gwinnrdominion

michaeljb

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1422
  • Shuffle iT Username: michaeljb
  • Respect: +2115
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #451 on: August 26, 2013, 02:08:53 pm »
0

You're a moderator on this board, you can edit posts as you please :-)

Was just about to start class when I posted that, thought ragingduck might have a chance before me. I've taken care of it now.

Got rejected from the Mozilla gallery again, here's a temporary link for v2.2.3, manual install required (ragingduck, could you add this link to the main description post and whatnot?

What causes the rejection?  Just somebody's whim?

This was in the rejection message:
Quote
1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means.

It looks like the way we set up the in-game log viewer can be insecure or something.
« Last Edit: August 26, 2013, 02:11:31 pm by michaeljb »
Logged
🚂 Give 18xx games a chance 🚂

LastFootnote

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7495
  • Shuffle iT Username: LastFootnote
  • Respect: +10727
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #452 on: August 26, 2013, 02:40:56 pm »
0

This was in the rejection message:
Quote
1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means.

It looks like the way we set up the in-game log viewer can be insecure or something.

I haven't looked at the code, so maybe you're already doing this, but perhaps if you escaped all of the text elements before inserting them into the DOM, including card names that you pull, etc?
Logged

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #453 on: August 26, 2013, 06:39:29 pm »
+3

This was in the rejection message:
Quote
1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means.

It looks like the way we set up the in-game log viewer can be insecure or something.

I haven't looked at the code, so maybe you're already doing this, but perhaps if you escaped all of the text elements before inserting them into the DOM, including card names that you pull, etc?

Yes, that would address the problem, though Mozilla isn't very happy with that solution either and might reject us again anyway. I've been gradually removing the offending code, but that's basically meant rewriting the log viewer and vp counter. I wasn't very familiar with either of these at first, so it's been slow going.

FYI, I'm pretty sure there's no actual security risk here. I think the only way it could be done in the current version is with a particularly clever and very short script that someone put in their Goko username. Like registering with Goko as "<td/></table></div><script>/*DO BAD THINGS*/</script>"

That's not terribly plausible, but Mozilla doesn't actually try to figure out whether or how your code might be exploited. They just identify the vulnerable constructs and disallow them. That's a good policy, IMO.
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

WanderingWinder

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 5275
  • ...doesn't really matter to me
  • Respect: +4389
    • View Profile
    • WanderingWinder YouTube Page
Re: Goko Dominion Salvager Discussion
« Reply #454 on: August 26, 2013, 06:50:45 pm »
+6

This was in the rejection message:
Quote
1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means.

It looks like the way we set up the in-game log viewer can be insecure or something.

I haven't looked at the code, so maybe you're already doing this, but perhaps if you escaped all of the text elements before inserting them into the DOM, including card names that you pull, etc?

Yes, that would address the problem, though Mozilla isn't very happy with that solution either and might reject us again anyway. I've been gradually removing the offending code, but that's basically meant rewriting the log viewer and vp counter. I wasn't very familiar with either of these at first, so it's been slow going.

FYI, I'm pretty sure there's no actual security risk here. I think the only way it could be done in the current version is with a particularly clever and very short script that someone put in their Goko username. Like registering with Goko as "<td/></table></div><script>/*DO BAD THINGS*/</script>"

That's not terribly plausible, but Mozilla doesn't actually try to figure out whether or how your code might be exploited. They just identify the vulnerable constructs and disallow them. That's a good policy, IMO.
http://xkcd.com/327/

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

GendoIkari

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 9719
  • Respect: +10792
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #456 on: August 26, 2013, 07:20:49 pm »
+5

What if they're making this extension just for the respect... (forum respect)

Posting memes would be an easier way...

Logged
Check out my F.DS extension for Chrome! Card links; Dominion icons, and maybe more! http://forum.dominionstrategy.com/index.php?topic=13363.0

Thread for Firefox version:
http://forum.dominionstrategy.com/index.php?topic=16305.0

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #457 on: August 26, 2013, 08:07:21 pm »
+22

What if they're making this extension just for the respect... (forum respect)

Posting memes would be an easier way...



Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

Kirian

  • Adventurer
  • ******
  • Offline Offline
  • Posts: 7096
  • Shuffle iT Username: Kirian
  • An Unbalanced Equation
  • Respect: +9416
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #458 on: August 26, 2013, 08:16:25 pm »
+1

You're a moderator on this board, you can edit posts as you please :-)

Was just about to start class when I posted that, thought ragingduck might have a chance before me. I've taken care of it now.

Got rejected from the Mozilla gallery again, here's a temporary link for v2.2.3, manual install required (ragingduck, could you add this link to the main description post and whatnot?

What causes the rejection?  Just somebody's whim?

This was in the rejection message:
Quote
1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means.

It looks like the way we set up the in-game log viewer can be insecure or something.

I imagine it's almost as insecure as Goko's site itself!
Logged
Kirian's Law of f.DS jokes:  Any sufficiently unexplained joke is indistinguishable from serious conversation.

sudgy

  • Cartographer
  • *****
  • Offline Offline
  • Posts: 3431
  • Shuffle iT Username: sudgy
  • It's pronounced "SOO-jee"
  • Respect: +2708
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #459 on: August 26, 2013, 08:21:30 pm »
0

What if they're making this extension just for the respect... (forum respect)

Posting memes would be an easier way...





Hey, that's actually good advice!
Logged
If you're wondering what my avatar is, watch this.

Check out my logic puzzle blog!

   Quote from: sudgy on June 31, 2011, 11:47:46 pm

michaeljb

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1422
  • Shuffle iT Username: michaeljb
  • Respect: +2115
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #460 on: August 26, 2013, 08:22:44 pm »
+5

Logged
🚂 Give 18xx games a chance 🚂

florrat

  • Minion
  • *****
  • Offline Offline
  • Posts: 542
  • Shuffle iT Username: florrat
  • Respect: +748
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #461 on: August 26, 2013, 10:13:56 pm »
+5

What happened to me twice today, is that I was hosting a game with auto-automatch turned on, and just after somebody joined my game, automatch found someone. In fact, I was one of the decliners of sudgy (see this post)

Suggestion: cancel automatch search when somebody joins your game (and start searching when the spot becomes empty again).
Logged

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #462 on: August 26, 2013, 11:11:44 pm »
+1

Would be cool if you could see the rating of your opponent, when a automatch-game is proposed. Now I only see my own rating.

Good idea. I thought it already did this, but it's actually only being shown when the game is announced.

What happened to me twice today, is that I was hosting a game with auto-automatch turned on, and just after somebody joined my game, automatch found someone. In fact, I was one of the decliners of sudgy (see this post)

Suggestion: cancel automatch search when somebody joins your game (and start searching when the spot becomes empty again).

I'm a little nervous about the race conditions that this solution might produce. We've got five agents communicating asynchronously (Goko, my server, you, your automatch opponent, and the guy who just joined your table).

Help me understand the problem a little better. Is it that you're not sure which opponent you'd rather play against? Or you want to avoid giving offense to either opponent?

What if the UI let you see both offers and told your automatch opponent why he was being declined?
« Last Edit: August 26, 2013, 11:13:15 pm by ragingduckd »
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

florrat

  • Minion
  • *****
  • Offline Offline
  • Posts: 542
  • Shuffle iT Username: florrat
  • Respect: +748
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #463 on: August 27, 2013, 12:05:01 am »
0

Hmm... Okay, maybe my suggestion wasn't very good, because I can see some timing issues with five agents... It's not a big problem, but my problem was indeed to avoid giving offense to either opponent. Both hosting a game and using automatch suggest I look for a game, and I feel bad for then turning either opponent down.

I don't see a good solution for it, so maybe you should change nothing at all. Telling automatch opponent why he was being declined may be good, but might also be annoying (if you let them know via a pop-up). Maybe it should be something I have to live with if I use two methods of finding an opponent.

PS: I see I had two (non-ragingduck) upvotes for the suggestion, so maybe I'm not the only one with this problem (or I'm interpreting upvotes wrongly).
« Last Edit: August 27, 2013, 12:07:27 am by florrat »
Logged

ashersky

  • Mountebank
  • *****
  • Offline Offline
  • Posts: 2343
  • 2013/2014/2015 Mafia Mod of the Year
  • Respect: +1520
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #464 on: August 27, 2013, 01:46:23 am »
+1

I had the opposite issue, where I had automatch searching, then joined a table someone was hosting, and then was matched with someone by automatch after my game had started.  I think it may have been Turn 3 or 4, so it wasn't just as I was connecting.

I believe automatch doesn't disengage when I join a different game.
Logged
f.ds Mafia Board Moderator

2013, 2014, 2015 Mafia Mod of the Year
2015 f.ds Representative, World Forum Mafia Championships
2013, 2014 Mafia Player of the Year (Tie)

11x MVP: M30, M83, ZM16, M25, M38, M61, M76, RMM5, RMM41, RMM46, M51

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #465 on: August 27, 2013, 01:54:19 am »
0

I had the opposite issue, where I had automatch searching, then joined a table someone was hosting, and then was matched with someone by automatch after my game had started.  I think it may have been Turn 3 or 4, so it wasn't just as I was connecting.

I believe automatch doesn't disengage when I join a different game.

It's supposed to. It gets confused when if you log in from multiple tabs though. Was that the case for you, or is this a different bug? Did it crash the game?
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

ashersky

  • Mountebank
  • *****
  • Offline Offline
  • Posts: 2343
  • 2013/2014/2015 Mafia Mod of the Year
  • Respect: +1520
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #466 on: August 27, 2013, 02:08:16 am »
+5

I had the opposite issue, where I had automatch searching, then joined a table someone was hosting, and then was matched with someone by automatch after my game had started.  I think it may have been Turn 3 or 4, so it wasn't just as I was connecting.

I believe automatch doesn't disengage when I join a different game.

It's supposed to. It gets confused when if you log in from multiple tabs though. Was that the case for you, or is this a different bug? Did it crash the game?

I only do one tab when I play.  Here's the sequence:

Click Multiplayer button
Screen Loads
Click Automatch, Submit (it goes green: searching)
Start room jumping, see one I meet the reqs for
Sit at the seat
Game accepted, wait for long loading screen
Game starts, open Scout - Scout if Baker board, Scout - Estate if not
A few turns in, Automatch pops up with a game offer, I decline
Continue game, buy 10 Scouts
Logged
f.ds Mafia Board Moderator

2013, 2014, 2015 Mafia Mod of the Year
2015 f.ds Representative, World Forum Mafia Championships
2013, 2014 Mafia Player of the Year (Tie)

11x MVP: M30, M83, ZM16, M25, M38, M61, M76, RMM5, RMM41, RMM46, M51

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #467 on: August 27, 2013, 02:17:14 am »
+2

I had the opposite issue, where I had automatch searching, then joined a table someone was hosting, and then was matched with someone by automatch after my game had started.  I think it may have been Turn 3 or 4, so it wasn't just as I was connecting.

I believe automatch doesn't disengage when I join a different game.

It's supposed to. It gets confused when if you log in from multiple tabs though. Was that the case for you, or is this a different bug? Did it crash the game?

I only do one tab when I play.  Here's the sequence:

Click Multiplayer button
Screen Loads
Click Automatch, Submit (it goes green: searching)
Start room jumping, see one I meet the reqs for
Sit at the seat
Game accepted, wait for long loading screen
Game starts, open Scout - Scout if Baker board, Scout - Estate if not
A few turns in, Automatch pops up with a game offer, I decline
Continue game, buy 10 Scouts

Yup. That's a new one. Thanks for the detail. I'll try to track it down. About what time did it happen?
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

Young Nick

  • Minion
  • *****
  • Offline Offline
  • Posts: 561
  • Respect: +275
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #468 on: August 27, 2013, 03:13:42 am »
+5

This probably has been asked before, but...

Feature Request: A noise of sorts when you have been called upon by Goko to do something related to the game. I know for a fact I'm not the only one who wishes to be alt-tabbing while playing online.
Logged

ashersky

  • Mountebank
  • *****
  • Offline Offline
  • Posts: 2343
  • 2013/2014/2015 Mafia Mod of the Year
  • Respect: +1520
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #469 on: August 27, 2013, 03:22:22 am »
+1

I had the opposite issue, where I had automatch searching, then joined a table someone was hosting, and then was matched with someone by automatch after my game had started.  I think it may have been Turn 3 or 4, so it wasn't just as I was connecting.

I believe automatch doesn't disengage when I join a different game.

It's supposed to. It gets confused when if you log in from multiple tabs though. Was that the case for you, or is this a different bug? Did it crash the game?

I only do one tab when I play.  Here's the sequence:

Click Multiplayer button
Screen Loads
Click Automatch, Submit (it goes green: searching)
Start room jumping, see one I meet the reqs for
Sit at the seat
Game accepted, wait for long loading screen
Game starts, open Scout - Scout if Baker board, Scout - Estate if not
A few turns in, Automatch pops up with a game offer, I decline
Continue game, buy 10 Scouts

Yup. That's a new one. Thanks for the detail. I'll try to track it down. About what time did it happen?

Maybe 24 hours ago?  It was yesterday evening my time, so maybe 5 am forum time?
Logged
f.ds Mafia Board Moderator

2013, 2014, 2015 Mafia Mod of the Year
2015 f.ds Representative, World Forum Mafia Championships
2013, 2014 Mafia Player of the Year (Tie)

11x MVP: M30, M83, ZM16, M25, M38, M61, M76, RMM5, RMM41, RMM46, M51

fprefect

  • Chancellor
  • ***
  • Offline Offline
  • Posts: 21
  • Respect: +18
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #470 on: August 27, 2013, 05:31:33 am »
+13

Dear Ragingduckd,

I just wanted to say, that in its current form Automatch just works great. Yesterday I had consistently a match right away like 8 times in a row. Thank you so much for doing the work others are payed for.

fprefect
Logged

pst

  • Minion
  • *****
  • Offline Offline
  • Posts: 584
  • Respect: +907
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #471 on: August 27, 2013, 10:52:53 am »
+1

I like automatch a lot! I wonder if it works with multiplayer though. I usually have it set on 2-4 players, but have never got a match for more than two players. When I started wondering about this I set it to 3-4 players, and then I never got a match. Maybe everyone else is asking only for 2-player games, and that's why?
Logged

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #472 on: August 27, 2013, 11:21:07 am »
+1

I like automatch a lot! I wonder if it works with multiplayer though. I usually have it set on 2-4 players, but have never got a match for more than two players. When I started wondering about this I set it to 3-4 players, and then I never got a match. Maybe everyone else is asking only for 2-player games, and that's why?

Everyone is asking for 2-X player gsmes and there's no delay when a match is found. It didnt seem make much sense when there were 10 matches a day, but I could try it now.
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!

shark_bait

  • Saboteur
  • *****
  • Offline Offline
  • Posts: 1103
  • Shuffle iT Username: shark_bait
  • Luckyfin and Land of Hinter for iso aliases
  • Respect: +1868
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #473 on: August 27, 2013, 01:47:46 pm »
+4

Any chance the automatch extension could not reset your game name?  Whenever I host I put certain restrictions in the name that I want if people without automatch join.  (i.e.  #vpoff and 5000+)  Having the name default to "For X" means resetting the game name after each match.
Logged
Hello.  Name's Bruce.  It's all right.  I understand.  Why trust a shark, right?

Is quite curious - Who is the mystical "Celestial Chameleon"?

ragingduckd

  • Board Moderator
  • *
  • Offline Offline
  • Posts: 1059
  • Respect: +3527
    • View Profile
Re: Goko Dominion Salvager Discussion
« Reply #474 on: August 27, 2013, 02:43:21 pm »
+4

Any chance the automatch extension could not reset your game name?  Whenever I host I put certain restrictions in the name that I want if people without automatch join.  (i.e.  #vpoff and 5000+)  Having the name default to "For X" means resetting the game name after each match.

Good call. Yes, that's no problem.
Logged
Salvager Extension | Isotropish Leaderboard | Game Data | Log Search & other toys | Salvager Bug Reports

Salvager not working for me at all today. ... Please help! I can't go back to playing without it like an animal!
Pages: 1 ... 17 18 [19] 20 21 ... 72  All
 

Page created in 0.072 seconds with 22 queries.