Game Development: Charter Shoo

[VDZ]

Are you claiming that the benefits of HTTPS aren't all that? You know that every single HTTP request you're sending your auth cookies in the clear and every time you log in you're sending your password in the clear. About ten years ago, when sites were using still dumb and using HTTP, you could go on any public network and hijack people's facebook sessions like it was nothing. It was stupid, so people started using HTTPS for everything that required any type of auth.

No, I'm not claiming that at all. HTTPS is fantastic. And for this reason, the Haven site has been using HTTPS since at least 2011, probably since the very start. And essentially everything that requires a password has been using it since way longer than only ten years ago. HTTPS is good.

The problem exists with the certificate authority system, in particular browsers' refusal to accept anything outside of it. In another thread I've compared retrieving the HTTPS certificate with getting someone's phone number. Getting a certificate from a CA is like getting a phone number from a phone directory; it'll get you the correct number as long as the phone directory is reliable. HTTPS is also possible via a self-signed certificate, which is like hearing the phone number from the person themselves; as long as you can trust the person you're talking to to provide the correct phone number, the given phone number is reliable. The latter method is what the Haven website used until recently. However, nowadays when modern browsers are directed to access an HTTPS site with a self-signed certificate, they yell 'THIS GUY IS NOT IN THE PHONE DIRECTORY! THIS NUMBER MUST BE FAKE!', which is complete nonsense as long as you know the number is correct (i.e. you've accessed the site at least once before, or managed to get the certificate in some other way). But browsers have managed to convince people that legitimate certificates are not legitimate unless approved by a central authority, meaning that increasingly the authors of the phone directories get to decide who can have a phone number and who cannot (because any unlisted number becomes increasingly unusable).

[BigCountry]

The real PvP in this game only happens here, when Announcements topics are posted. jorb could patch in a pair of rainbow flipflops and you guys and gals would still argue/fight virtually over ganking, sieging, stam drain, HTTP vs HTTPS.
haha

I love it.

[dafels]

customers want safe browsing experience and they don't care what loftar thinks of the https certificate cartel

[MagicManICT]

customers want safe browsing experience and they don't care what loftar thinks of the https certificate cartel

They should. It's their personal data that blows up when the cartel fucks up... or like most other cartels, fucks everyone else over.l

[telum12]

Are you claiming that the benefits of HTTPS aren't all that? You know that every single HTTP request you're sending your auth cookies in the clear and every time you log in you're sending your password in the clear. About ten years ago, when sites were using still dumb and using HTTP, you could go on any public network and hijack people's facebook sessions like it was nothing. It was stupid, so people started using HTTPS for everything that required any type of auth.

No, I'm not claiming that at all. HTTPS is fantastic. And for this reason, the Haven site has been using HTTPS since at least 2011, probably since the very start. And essentially everything that requires a password has been using it since way longer than only ten years ago. HTTPS is good.

The problem exists with the certificate authority system, in particular browsers' refusal to accept anything outside of it. In another thread I've compared retrieving the HTTPS certificate with getting someone's phone number. Getting a certificate from a CA is like getting a phone number from a phone directory; it'll get you the correct number as long as the phone directory is reliable. HTTPS is also possible via a self-signed certificate, which is like hearing the phone number from the person themselves; as long as you can trust the person you're talking to to provide the correct phone number, the given phone number is reliable. The latter method is what the Haven website used until recently. However, nowadays when modern browsers are directed to access an HTTPS site with a self-signed certificate, they yell 'THIS GUY IS NOT IN THE PHONE DIRECTORY! THIS NUMBER MUST BE FAKE!', which is complete nonsense as long as you know the number is correct (i.e. you've accessed the site at least once before, or managed to get the certificate in some other way). But browsers have managed to convince people that legitimate certificates are not legitimate unless approved by a central authority, meaning that increasingly the authors of the phone directories get to decide who can have a phone number and who cannot (because any unlisted number becomes increasingly unusable).

I didn't bother reading the phone thing. I'm aware of how CAs work. I was replying to this statement: "in addition to nobody actually caring about HTTPS and just using HTTP for most things even when HTTPS was available"

Which I completely disagree with, given what I said above.

[VDZ]

I didn't bother reading the phone thing. I'm aware of how CAs work. I was replying to this statement: "in addition to nobody actually caring about HTTPS and just using HTTP for most things even when HTTPS was available"

Which I completely disagree with, given what I said above.

What I meant was that, sad as it is, for a long time most users kept using HTTP for basically every site that allowed it even when HTTPS was available. It wasn't until they were forced to use HTTPS that they started using HTTPS for most things. This was not a good thing, but it did mean that people didn't complain about Haven's self-signed certificate until relatively recently.

[Archiplex]

you misread, im not saying remove tokens, but make them expire each world; so you can't amass a large hoard of tokens across worlds

rn people hoard tokens over worlds which makes them effectively rich forever++ which makes trading in almost anything except tokens not really worth it

Now that I think of it, I think that would be a nice solution. Though I could still see there being some market for tokens, because they would still work as a currency as they are something hard to acquire and people would RMT the tokens forward etc.

Think of gold and silver coins RL, they weren't useful but still had value. So even expiring tokens may have value just because.

it'd also make sure if any big merchants want to buy stuff from other merchants or make backroom deals for big things that they'll need a fresh supply of new tokens from prior years, which in turn will make them value tokens more.
it's silly to have an economic foothold on this game based off prior worlds anyways.
plus, having a bigger need for tokens each world in turn probably makes the devs profit more or something

btw while shubla is stupid about siege, but the fact they are so stupid about it and misunderstand all the mechanics is just a testament to how convoluted and annoying siege is to understand currently, on top of further evidence of how stupid they are. you'd imagine someone who's been here for so long would have some sort of understanding of such an integral mechanic to the game

but they don't. and neither do i really. in fact most of the people coming into the game probably don't, and the best we have to rely on are a wikipedia compiled by what appears to be a hysterical schizophrenic with massive language barriers

[pawnchito]

Using the charter stone break anyone elses map?

[Zyean]

charter pog. also no removing tokens won't make me buy blue berries from you.

I'll buy your blueberry pies

[vatas]

Using the charter stone break anyone elses map?

Possibly related, I can't move by clicking map when a Thingwall is near me. Works fine when I go further from it. Pasta client.