Screw you, past me. Screw you. 15 Mar 2018 11:27 AM (7 years ago)
Right now past me is not in my good books. As I said I am moving things to a new paltform but that does not mean that I have not been keeping things up to date. That very act of keeping things up to date is what came back to bite me today. It seems that way back when I was writing NucleusCMS plugins regularly I got a bit sloppy. Well, I say sloppy. I did not follow the strictest of coding standards. When the PHP documentation said things like "this feature is deprecated don't use it because it will break later," my response was "I'll worry about that later." Later just happened. As a result, every last NucleusCMS site I was maintaining went down. 500 Errors all around. FML.
Sunset, prior to big site move 21 Feb 2018 7:48 AM (7 years ago)
My plan is to make a huge change to this site. Change to the system, change to the platform, change to the design.
While I am doing that I cannot keep on top of things the way that I once did. Thus, only members can comment (there are that many of you).
However, if you want to know what I am thinking I also blog at all of the following sites:
- Matthew D. Brown (Author Buzz UK, profile)
- Matthew D. Brown (author)
- Thanet Star
- Thanet Creative
- Author Buzz UK
You can probably spot the theme there.
Hacking with SQL injection 21 Nov 2017 9:00 AM (7 years ago)
And how to stop it
As a professional geek, I get asked about hacking a lot.
Hacking attacks - commonly called cracking by those that use hacking to mean doing crazy cool things - are ways of getting where you should not be.
Let me be clear. Almost everything we are talking about is illegal to do on systems that you do not have explicit permission to act upon. In most countries, we are talking jail time. Do not do it.
Today, I am going to talk about SQL injection. If you are a developer, you should be insulating your code from these attacks.
What is an SQL injection attack?
SQL injection works because the language for getting data into and out of databases does not distinguish between commands and data.
If you are able to make the data you provide look like a command it may be acted upon. If you are a nasty criminal intruder this is good. If you own the server this is very bad.
For example:
SELECT * FROM `secureUsers` WHERE `user`='name' and `password`='123456';
This would probably get you the row that relates to that user. But that password and username might have come from the user.
USERNAME: name
PASSWORD: 123456
But what happens when I type something a bit dodgy.
USERNAME: name'--
PASSWORD: 00000
SELECT * FROM `secureUsers` WHERE `user`='name'--' and `password`='00000';
What we just did is make everything after the username a comment which the database engine will ignore. So now, it doesn't matter what the password was because that part of the test is skipped.
The Modern Rogue look at SQL injection.
Just how bad could this be?
Not only can your "security" be by-passed but a canny hacker can start learning information about your system that they really should not have access to.
This is not just bad but catastrophic for your site.
Computerphile explains SQL injection
Prepare to feel slightly nervous about your server's security.
How to stop SQL injection happening to you
There are two answers to this question. The easy one and the practical one.
The easy answer is: do not, under any circumstances, trust user provided input.
In other words, code with the assumption that everyone is trying to break in.
The more comprehensive answer is a lot more complicated. It starts with data sanitization.
Data sanitization are a group of techniques that convert potentially dangerous data into nice safe data.
You could, for example, escape special characters so the engine treats them as just data. Often, but not always, this means adding a backslash behind them.
For PHP you have the real escape string function.
That's a good start but it should not be your only line of defence. Any even remotely well-made system should check input to see if it make sense. That's why usernames often have character limits.
For example, with an email address, you might check that there is an at sign "@", a domain name, and so forth. In other words, make sure the user is giving you well-formed data.
There are more sophisticated database techniques like prepared statements, which you should definitely get into the habit of using. There are client-side Javascript checks which don't provide any real security but can stop regular users being stupid and wasting server resources. There are back-end checks to see if the data is well-formed. There are string escape functions. There are a lot of simple best practices and if you are going to put up a site with any important data - you need to learn about them.
There is one other test you should perform. You should attempt to SQL inject your own work. You know the work better than anyone else so if you can't inject it and you really try - it might be safe.
Stay safe and remember that SQL injecting other people's stuff is almost always illegal.
Just how bad could this be?
Not only can your "security" be by-passed but a canny hacker can start learning information about your system that they really should not have access to.
This is not just bad but catastrophic for your site.
Computerphile explains SQL injection
Prepare to feel slightly nervous about your server's security.
How to stop SQL injection happening to you
There are two answers to this question. The easy one and the practical one.
The easy answer is: do not, under any circumstances, trust user provided input.
In other words, code with the assumption that everyone is trying to break in.
The more comprehensive answer is a lot more complicated. It starts with data sanitization.
Data sanitization are a group of techniques that convert potentially dangerous data into nice safe data.
You could, for example, escape special characters so the engine treats them as just data. Often, but not always, this means adding a backslash behind them.
For PHP you have the real escape string function.
That's a good start but it should not be your only line of defence. Any even remotely well-made system should check input to see if it make sense. That's why usernames often have character limits.
For example, with an email address, you might check that there is an at sign "@", a domain name, and so forth. In other words, make sure the user is giving you well-formed data.
There are more sophisticated database techniques like prepared statements, which you should definitely get into the habit of using. There are client-side Javascript checks which don't provide any real security but can stop regular users being stupid and wasting server resources. There are back-end checks to see if the data is well-formed. There are string escape functions. There are a lot of simple best practices and if you are going to put up a site with any important data - you need to learn about them.
There is one other test you should perform. You should attempt to SQL inject your own work. You know the work better than anyone else so if you can't inject it and you really try - it might be safe.
Stay safe and remember that SQL injecting other people's stuff is almost always illegal.
A RoyalGames update 5 Nov 2017 3:00 AM (7 years ago)
Last year I asked, Are RoyalGames and Google playing fair? Now we have something of an answer.
From the evidence Google, yes; Royal Games, not so much.
It looks like that post is now on the first page of Google for the search term "RoyalGames". I had not noticed because it has been two months since I last gave the fantastic site any attention. All I can say is that it never pays to try and scam a geek.
The story from people who have found the post has been consistent. RoyalGames.com is fine right up until you win too much or want your money. At that point, they seem to go full-metal a-hole.
As far as I can tell most people are finding me after RoyalGames.com screw them over. The cone of silence around this behaviour seems to be cracking and as well as my blog post I have noticed a Trust Pilot review page.
I dug a bit deeper and found this complaintslist.com post from 2014, a general compliant on ripoffreport.com, and not much else.
Given what people are saying, I imagine that this is not your typical scam. However, like any gambling site, they are very aggressive at defending their pot. They say the house always wins. In the case of royalgames.com, this might have something to do with reports of falsely accusing talented players.
I, personally, do not trust royalgames.com and cannot advise anyone else to do so.
It might look deliberate but we just don't know. Even given the benefit of the doubt, my only advice, at this time, is don't give royalgames.com any time or money to start with.
Going back to the Google part of my question, my only guess is that no one else is writing about this problem. If more people did that, maybe royalgames.com would be forced to clean up their act. Part of what enables RoyalGames to continue being so aggressive is that they have been able to do so with impunity. When, and only when, the agressive treatment they give people starts to hurt their publicity will they consider changing.
How to ruin a perfectly good science joke 31 Oct 2017 1:00 AM (7 years ago)
In "that story with a cat in it" I make reference to some pretty silly sounding science. The funny thing is that most of the wild-sounding science is no-where near as silly as you might think. Most of it is simply good science in a very and context.
I'm going to ruin a perfectly good joke by explaining it. If that offends you, keep reading.
Also, spoilers. This joke is from an unpublished part of the work.
A lot of the science jokes revolve around dark matter and quarks because the language science uses to talk about these things sounds so ridiculous to the uninitiated that scientists have done all the work for me. But if you do know the science there is a whole other way that the humour works that "normals" will not be able to appreciate.
Dark Matter
Dark matter is a hypothetical type of matter distinct from baryonic matter (ordinary matter such as protons and neutrons), neutrinos and dark energy.
Although dark matter has not been directly observed, its existence and properties are inferred. The standard model of cosmology indicates that there should be a certain (very large) amount of stuff in the universe. However, as far as we can tell there is only 4.9% of the stuff we were expecting. In other words, 95.1% of our stuff is missing.
Thus it has been concluded that the total mass-energy of the universe contains 4.9% ordinary matter, 26.8% dark matter and 68.3% dark energy.
Dark matter has never been directly observed. So it might or might not be real. It is, in essence, a guess. That said, the existence of dark matter would explain a number of otherwise puzzling astronomical observations. The name "dark" refers to the fact that dark matter does not emit or interact with observable electromagnetic radiation, such as light, and is thus invisible. It looks like it should be there but we can't detect it. Invisible stuff!
Dark matter is divided into cold, warm and hot categories. These categories (temperatures) refer to velocity rather than an actual temperature. This is where the joke starts to take shape.
That dark matter joke
In "that story" Doc's recipe for the fuel for his device calls for
0.5 grams of cool left-handed dark matter. This is both a dark matter and a cooking joke. Cool as in "cool milk" and cool as in velocity.
I can feel the joke getting less funny as I type.
Additionally quarks, for example the beauty quark (I kid you not), can be left or right handed. So this is also a physics joke. For reference, we live in a left-handed universe. Just so you know.
And that, ladies and gents, is how you ruin a perfectly good joke by explaining the science behind it. "That story", it can be concluded, contains jokes for science nerds.
This NaNoWriMo I will be writing the other half of the story. I will publish last years parts if you are willing to go to my writer blog and post comments showing some interest.
If I somehow get organised and motivated at the same time, I will send it out to publishers in one year.
Read the first few draft chapters.
Game Creation Log: That story as a game 28 Aug 2017 8:36 AM (7 years ago)
Sometimes card game mechanics make for better computer game mechanics.
I've been kicking around ideas for a game based on That Story with the cat in it for a while now. This was one of those rare moments when the whole concept leapt fully formed into my head.
What I originally wanted to write was a seriously complex text adventure with graphics and chatbot level interactions. The problem is, that is way beyond my current experience level. At least, if I want to pull it off by myself.
After writing a 30-page game plan I decided to leave that one to simmer. What else could I do?
Then, a few days ago I woke up and knew exactly how to do it. I could reuse the graphics I had already created. I could use the AJAX API framework I created for the TONI AI UI. This was good; this was at a level I could code in my spare time and this was something that would be fun to play and replay.
Instead of thinking of the characters as massive AI entities on a par with TONI per character, I thought about them as collectable cards, not unlike Star Trek the customisable card game (ST-CCG).
In ST-CCG you have places; under them are dilemmas. You "beam down" a team and see if the team ahs the attributes to satisfy the conditions on each dilemma.
It occurred to me that the each puzzle, each world, each room could be like that. Each world could have a set of unlockable variations on the stories characters (you meet enough of them in the book).
So in this game, you will log in, build up a team of variants to overcome challenges and unlock new worlds. Gotta catch them all.
I have a data structure, a basic framework and an API in progress. The first thing I will write is a tool for creating amusing characters, funny problems, rewards, and weird worlds. This is going to be fun.
TonnoMint is 3 already, or at least the idea is... 17 Aug 2017 5:15 AM (7 years ago)
I turned my AI project on today and realised that I have
been tinkering with it for 3 years now.
The funny thing is that for most of those 3 years TONI (Twitter Only Nominal Intelligence) has been powered down. I know I only spent a tiny amount of cash on the hardware but I still feel like I have been wasting a potential asset by not developing her.
My problem, if you can call it that, is that to work TonnoMint has a huge performance bottleneck. While I have the hardware to brute force the problem each time, I wanted to find a more elegant solution. So rather than having a solution I have opted for a no-deal solution.
that's a bit like the way the Tory government is willing to make everyone miss out if they don't get their own way. A fail, in other words.
While for me, this is simply a failure to ship - for the UK to do that is bad news for everyone.
On the other hand, I'm getting on with doing something better. Can the Parliament say the same?
Two new sites (by me) 13 Jul 2017 1:00 AM (7 years ago)
You know how I love to launch new sites. I seem to be good at the setting things up part of the site lifecycle.
Well, these two are likely to run for as long as any other I have set up (this site, for example, is about 12 years old). The reason these sites are likely to keep going is that they are both Tumblr sites. No, don't roll your eyes at me I have a good reason for this.
RND() Geek is a just for fun collection of random geeky, nerdy, and dorky things. I'm just having fun and not really caring about anyone's opinion but my own. It's very liberating.
Music for Geeks is a bit more serious but not that much. I wanted to collect all the geek/nerd/dork music I could find in one place. I figured that somewhere like Tumblr which is set up for sharing audio and video was perfect for this.
Then if there are other geeks who enjoy the same niche weird stuff that I do, they can enjoy these sites. If not I have nothing to worry about. It's not work when you do something just for the love of it.
Dreaming of walking the Earth 12 Jul 2017 8:21 AM (7 years ago)
I've been suffering from a touch of wanderlust lately. A word which means, as if you don't know, a strong, innate desire to rove or travel about.
It's been a recurring theme of my thoughts for a while now but recently I've been giving it some serious thought.
What's stopping me going travelling? It is summer and I have so few commitments (due mostly to being too broken to keep any). Why not?
Of course, reality kicks in whenever I start to seriously plan. To start with my body is broken so it is not like I can afford to rough it like I was still twenty. That means hotels or a well-distributed network of friends. I can't afford to live in hotels and I have friends but not that many. So unless there is a company that wants to sponsor a semi-disabled geek to go travelling that ain't an option.
Other than that the theory is good. What I do is write and code. My office, the workspace I need to do what I do, is anywhere with WiFi. Which is pretty much anywhere these days.
If making a living from blogging was easy, I'd pack my bags tomorrow. It is not and anyway my biggest dream is to be a fulltime writer.
All I can really say is this - if you have the opportunity to go travelling take it while you can. Life is very short and the option will pass you by so fast.
Introducing Author Buzz UK 21 Jun 2017 10:52 AM (7 years ago)
Author Buzz UK is new but soon it will be making shockwaves in the UK publishing and author world.
Desgned with the The Five Specific Goals of a Business Website in mind, Author Buzz UK aims to help authors get going with those aims while helping readers find what they want. Double win!
How does Author Buzz UK meet those goals?
Improving reputation with Author Buzz UK
In the case of Author Buzz and authors, this is not so much about improving reputation as helping to establish one to begin with.
The first hurdle of becoming a successful author is to build up a reputation with readers as the kind of author that writes what you want to read. Much easier said than done.
Author Buzz UK makes this easy. By providing a profile for you as an author which integrates with a blog that you control and a forum you can participate in, you are put in the driving seat. Author Buzz gives you, the author, the tools you need to interact with readers (and other authors).
The more fans you pick up, the more likely you are to pick up new fans. All you have to do is focus on putting out the kind of writing that you became an author to write. Everything else happens quite naturally.
Increasing sales or leads with Author Buzz UK
I have to be honest, right now, Author Buzz does not have you covered. But our devs do.
We are working on a new section where you can list your books. This might not sound like much, and on its own, it isn't. Yet, how we present that data makes all the difference.
Your books will become part of your profile. You will be able to display them on your blog's sidebar and create news stories about them. For example, if you are bringing out a sequel or doing a book signing - that will appear on your profile and thus in the news feed of your fans. Which means all your fans will know about it.
Furthmore anyone who finds your profile can explore your books and will have links to leading retailers where they can purchase them.
This is proving to be quite a lot of work. Worry not, we will keep at it until this feature is ready to be rolled out.
You won't even need to worry about SEO as the SEO and discover is baked right into the core of the website's design. All done for you.
Increase Brand Awareness with Author Buzz UK
This aim is implicitly solves with the Author profiles. (Such as my profile).
As an author, your brand is your author name. That's why everything about Author Buzz is about helping you get your name in front of prospective readers. Everything you do, every forum chat you participate in, every blog post you write, every comment you post, everything - it all helps to build public awareness of your brand as an author.
Improve author to reader communications
As an author, the consumers you want to reach are your readers. We help that to happen.
This is the author version of business to consumer communication but the principle is exactly the same.
You can post updates on your profile, talk in the forum, chat in groups, post on a blog, and (coming soon) announce book release dates.
You can keep your readers updated with just a few keystrokes.
Understand your readers with Author Buzz UK
Responding to reader feedback is a great tool for authors. Good communication with readers can turn those readers into evangelical fans.
But that is not the only advantage of good communication with fans and readers.
Let us say you have two series on the go. One a high adventure and one a dark and brooding introspective series. Both have sold reasonably well. Now you are ready to write a new book but which series are the fans most hungry for?
With Author Buzz you can find out because you can see what your fans are saying and, better yet, you can simply ask them. All you need is a (free) profile
Why you should use Author Buzz UK right now
It is a fair question to ask - if Author Buzz UK is still being created why should I use it? Should I wait until it is all finished to get a profile?
Advantage
The first and foremost reason to join Author Buzz right now is advantage.
It is a well-observed fact that those who join a community early tend to gather more fans or followers simply as a product of being there first. That early joiner advantage will almost certainly translate directly into readers. Readers, as I covered before, are what you need to develop evangelical fans - fans that go and get you new readers.
It takes almost no effort to create a profile, upload your best author image (you have a few of those, right?) and start a few topical threads. Yet that minimal effort could repay you endlessly as you become one of the first authors that all the other site's users discover first.
Limited resources
First come, first served
Due to technical stuff that I don't have time to go into. Some of the best features - the free blog, the book database, and enhanced author profiles - may not be available to everyone once the site gets busy.
By getting in early, even if you don't take advantage of it right away, you will be at the front of the line when it comes to gaining access to anything with a limited availability.
Of course, you could wait until we start upgrading hardware to make more space to run more blogs. But why should you wait when you could skip all that by acting early.
A greater say
The simple fact is that we are a small team. That means that if the current users have something to say, or request a feature, we will probably get to that first. Remember what I was saying about advantage before?
More than that though, there are some things that we are still working out. Your opinion on the way you would like us to do things is most powerful earlier in the creation process. Right now, your opinion counts for a heck of a lot.
Don't miss out
We authors need every advantage we can get. So why wait. It takes moments to create a free profile.
While you are wondering if you can spare less time than it took to read this article, you could have already grabbed a free Author Buzz UK profile and the advantage that comes with it. Don't let some other writers beat you to the punch. This is your moment - grab it with both hands.