Value of two-factor authentication in MMOs
Cypherpunks everywhere know that using two-factor authentication, when done right, is inherently more secure.
Nothing can be said against the security of wisely-used one-factor authentication, but care must be taken to ensure the ongoing security of that factor. If you use a password, you need to choose a secure one — and if you don’t change it regularly, it logically gets weaker, too.
I know of at least one WoW player who is positively paranoid about exposing their passwords to someone, even though they don’t exhibit that behaviour elsewhere.
And then, of course, there’s the people who complain about having their accounts hacked, even though they used a secure password like their birthday. Or abcde.
A mitigating factor against people being too stupid to use passwords securely, then, is needed. And that’s where two-factor authentication comes along.
Two-factor authentication, in essence, means that there you need to prove your own identity by two different means. This isn’t like using two different passwords. The common examples for factors include “things the user knows” — like a password, PIN, etc, “things the user has”, like some form of physical security token, and “things the user is”, i.e. biometric verification methods.
Biometric verification is more “comfortable” to use, but does have two major drawbacks:
- it requires specialized equipment (in most cases)
- it is vulnerable to replay attacks
So, mainly for reasons of practicality, owning an authentication token is the best method of getting a second factor into the mix.
But why would a company like Blizzard, for example, cough up the effort to actually enable something like authenticators — not only via device, but by mobile phone, too — and then go ahead and reward players (in the form of an in-game pet, but nevertheless) for using an authenticator — merely to save people from their own stupidity?
Simple enough: to help battle against “economic” abuse, and to help protect their own interests by having to deal with less “hacked account” cases.
Even though the latter reason might just be enough to implement it, the former is actually the most important one. Gold farming is a serious problem for online gaming companies, and even underdeveloped economies like that of WoW can suffer greatly from such manipulation.
If you want to read a fictional example of a near-future vision on the importance and concepts of gold farming, you should read up on Cory Doctorow’s “For The Win”. Even though it’s a bit over the top compared to the current state of the game, it might very well be similar in the years to come.
Of course, the battle.net authentication token Blizzard distributes does seem to have reliability problems, the mobile authenticator — a Java application — seems to work fairly well, and, compared to the DIGIPASS Go 6 authenticators used by Blizzard, actually has a reverse-engineered spec available.
Even though the DIGIPASS algorithm was, to the author’s knowledge, not broken so far, the fact that the developing company does not disclose the DIGIPASS source code to non-customers, along with a rather cheeky attitude, should serve as sufficient indicators to avoid their products.
D&D rules lawyering: cover and stealth
I was recently reading up on the stealth and cover mechanics, and even though I was fairly certain about what is and what is not possible, I found out that one edge case isn’t particularly well-documented.
The rules, to be exact the Stealth rules correction from Player’s Handbook 2, state:
Becoming Hidden: You can make a Stealth check against an enemy only if you have superior cover or total concealment against the enemy or if you’re outside the enemy’s line of sight. Outside combat, the DM can allow you to make a Stealth check against a distracted enemy, even if you don’t have superior cover or total concealment and aren’t outside the enemy’s line of sight. The distracted enemy might be focused on something in a different direction, allowing you to sneak up.
So, what it especially says is that “superior cover” works as a basis to get hidden behind. According to the Dungeon Master’s Guide on determining cover for ranged attacks:
Choose a Corner: The attacker chooses one corner of a square he occupies, and draws imaginary lines from that corner to every corner of any one square the defender occupies. If none of those lines are blocked by a solid object or an enemy creature, the attacker has a clear shot. The defender doesn’t have cover. (A line that runs parallel right along a wall isn’t blocked.)
Superior Cover: The defender has superior cover if no matter which corner in your space you choose and no matter which square of the target’s space you choose, three or four lines are blocked. If four lines are blocked from every corner, you can’t target the defender.
So, in theory, if you’d have a situation where you’d have superior cover from an enemy, e.g.
you’d be able to stealth yourself and gain combat advantage.
The only thing that really denies this possibility are, again, the Stealth updates from Player’s Handbook 2, this time the “Remaining Hidden” section [emphasis mine]:
Keep Out of Sight: If you no longer have any cover or concealment against an enemy, you don’t remain hidden from that enemy. You don’t need superior cover, total concealment, or to stay outside line of sight, but you do need some degree of cover or concealment to remain hidden. You can’t use another creature as cover to remain hidden.
Many thanks to @Milambus for looking up that passage. [And making me feel stupid for not having found it myself, by the way.]
And that’s the only problem. So, you could gain stealth moving behind enemies, but immediately lose stealth status again by being only behind a creature.
In a sense, this is balanced, since your rogue strikers could then just continue to camp behind your own fighters and shoot sneak attacks at enemies from just behind their buddies (since they don’t block for the player), which would make combat encounters quick enough, but also a bit boring.
Then again, as my player rogue pointed out, when there’s two huge dragonborn warriors pounding away at an enemy, how are they not supposed to be able to hide behind them? They aren’t 5′ wide, surely, but certainly bigger than a half-elf in every other dimension.
I just think that with a further update (yuck), we might be able to get a bit of clarification on the fact how allies grant cover, but cannot grant superior cover.
A new reason for leaving Ubuntu
So, if you’re wondering yourself: “Why, Ubuntu is in the process of making everything quite a bit more annoying and fucking things up”, yet still think “that might just be misjudged opinion”, then fret no more. There’s an easy way to now know that Canonical has officially gone bonkers.
After installing an annoying App Market-like “Software center” by default, switching users over to a IM client that’s only remotely usable, trying to sell you a cloud-based storage solution and switching to Yahoo as the default search engine, you really have to wonder what the guys responsible are up to.
So.
In short, Canonical is on the verge of going Apple. Just bail boat while you still can.
D&D item: Martyr’s Collar
Seeing how everyone else is currently creating interesting items, I thought that I should throw one of my ideas into the mix. And after a bit of tinkering with how it should work, I present:
Martyr’s Collar Level 5
Resting tight against the throat, the wearer is always reminded of the price of sacrifice.
Lv 5 1.000 gp
- Item slot:
- Neck
- Property:
- This item can mean instant death for the character. To wield it, the character must succeed at a hard willpower check. After three failures, the character needs to take an extended rest before trying again.
- Power (At-Will ♦ Necrotic):
- Standard action. A conscious and willing character may activate the collar while it is around their throat. The collar magically constricts, severing the user’s head from their body. The user’s life energy serves as a power source for the collar and sends every attuned ally in range (burst 10) to the point defined by the attuning process.
Being able to survive the decapitation does not save the user, as all of their life energy is used up to power the collar’s magic.
The allies do not need to be willing, conscious, or even alive. If, for whatever reason, the destination is not reachable, the collar will not activate. After the teleportation, the collar expands to its normal proportions and loses any attunement. - Power (Daily):
- Standard action. Every willing ally in a burst 5 are attuned to the collar, and the item itself is attuned to the location. When the at-will power is used, all allies attuned and in range are transported back to the current location. The collar does not need to be worn to be attuned; any character touching the item can initiate the process. When passing between owners, the item does not lose connection to any attuned user or the attuned location.
Nobody really knows how these devices ever came to be, but they seem to have been used by devout and loyal warriors throughout time to save comrades from certain death by using their own life to shield them. The ultimate heroic sacrifice, most souls sacrificing their bodies this way ascend to the Astral Sea.
Trusting self-signed certificates with Google Chrome on Linux
Update: added the “C” flag to SSL attributes which I accidentally forgot to include.
Also changed $HOST to $host, as $HOST is the shell parameter for the current hostname…
If you’re not really sure about how you can stop Chrome from permanently reminding you that the server you’re connecting to is a bad boy (read: using a self-signed certificate), you’ll probably end up looking at CACert’s Browser Client page by way of Google. With a bit of reading documentation, you can probably find out how to import a self-signed certificate and mark it as trusted, but since you’re probably lazy, you’d rather just copy and paste a few instructions.
First, I have to stress is that blindly trusting a certificate you download off the internet is a Bad Idea. But expressing a certain laissez-faire attitude: if you’re stupid enough to copy and paste blindly, you deserve it.
Second, simple copy and paste instructions:
openssl s_client -connect $host:443 -showcerts > temporary_file certutil -d sql:$HOME/.pki/nssdb -A -t CP,,C -n "$host" -i temporary_file
Third, explanations:
- s_client just connects to the given hostname, 443 being, as you should know, the (default) HTTP SSL port.
- –showcerts shows all kinds of information about the certificate, including the certificate itself. You will probably have to hit ^C/^D to stop s_client.
- If you get multiple (and different) certificates, first one will be the server certificate, and second one the CA certificate.
- certutil (package hint: libnss3-tools can be used to manage your local «Network Security Services» SQLite database.
- The specified argument for certutil are:
- The database to use (in this case, the user-specific NSS database).
- The flag to add something to the database (-A).
- The “trust types” for the certificate, in “SSL, S/MIME, CA” notification: “P” for a trusted peer, and “C” for a certificate authority that may issue server certificates.
- A shortname to identify the certificate in the database. The hostname works well and is fairly obvious.
A records on top level domains
After I stumbled upon the wonderful URL shortener http://to/ today and immediately began posting it on IRC, I received a comment that someone didn’t even know that is was possible to do so. I, of course, could only comment “of course it’s possible”. But in the same train of thought, I just had to have a look at who else has a valid A record on their top level domain. So I fetched the IANA TLD list and, after being baffled by the punycode TLDs, threw some sh at the problem:
(for domain in $(grep -v '^#' tlds-alpha-by-domain.txt); do host -t A "${domain}."; done) | grep -v 'has no A record'
For the sake of enjoyability, I thus offer the results in table form, along with what kind of site is running on port 80. Data timestamp is 2010–01-08T16:05:00+0100, location for routing is DTAG-DIAL26 / AS3320.
| TLD | IP | content (port 80) |
|---|---|---|
| AC | 193.223.78.210 | “Always connected” (NIC.AC) |
| AI | 209.59.119.34 | “Offshore Information Services” |
| BI | 196.2.8.205 | “It works!” |
| CM | 195.24.205.60 | cm [195.24.205.60] 80 (www) : Connection refused |
| DK | 193.163.102.23 | “DK Hostmaster” (NIC.DK) |
| GG | 87.117.196.80 | Channel Isles Domain Registration |
| HK | 203.119.2.28 | hk [203.119.2.28] 80 (www) : No route to host |
| IO | 193.223.78.212 | NIC.IO |
| JE | 87.117.196.80 | Channel Isles Domain Registration |
| PH | 203.119.4.7 | HTTP 500.100 via broken Microsoft IIS |
| PN | 80.68.93.100 | Apache default home page |
| PW | 203.199.114.33 | pw [203.199.114.33] 80 (www) : No route to host |
| SH | 64.251.31.234 | sh [64.251.31.234] 80 (www) : No route to host |
| TK | 217.119.57.22 | “TK your long URL”, free .tk domain name registry |
| TM | 193.223.78.213 | NIC.TM |
| TO | 216.74.32.107 | TO./ URL shortener |
| UZ | 91.212.89.8 | some WAP page I can’d decipher |
| WS | 63.101.245.10 | ws [63.101.245.10] 80 (www) : Connection timed out |
So, in short, 5 of 18 (27%) are downright broken, one is being autistic, and a further 2 (11%) are not configured to do anything meaningful, leading to a total of 8 — or 44% — of TLD A records being useless. Bonus: none of the sites have AAAA records and, thus, no IPv6 availability.
Discordian iCal calendar
Since I was playing around with Date modules a bit, I decided to conjure up some iCal files for the Discordian calendar, which chronicles the Year of Our Lady Discord, as described in the Principia Discordia.
With the goal eliminating any kind of dependency on actions by me to generate the calendar files, I just pregenerated them for the whole 21st century.
The files are stored at /discordian/$year.ical, with $year ranging from 2001 (which was the real start of the century and the millenium) to 2100.
For the sake of easy access — and as an experiment to see what Google’ll make of it — I’ve compiled a handy table so you can just click for the file you want.
Feel free to include this on your Google calendar (will make for an interesting traffic study) or redistribute it with a kudos to me, linking to this page (http://ydal.de/discordian-ical/). Copyright shouldn’t be an issue since this compilation does not exceed the Schöpfungshöhe, but I’ll declare them to be CC-BY-DE 3.0 just in case.
Ubuntu — why it sucks
Earlier this year, I switched from Debian to Ubuntu on both my netbook and my desktop machine, because it quite pleased me how well it worked. For the netbook, this was sort of appropriate, when ignoring the fact that a netbook is slow by principle, but with my desktop, my choice might have been less than wise.
Jaunty, 9.04, left me with occasional random crashing of my X server, and applications sometimes only starting at the second try, if at all. You’d get situations like banshee firing up, drawing the window on the desktop, and then locking up — which my compiz duly acknowledged by shading the window after about fifteen seconds. You kill it, you restart it, everything works.
Add to this some other applications (like Evolution, Nautilus and Tomboy), along with the fact that GNOME Do just seems to randomly evaporate into digital nothingness in the course of my uptime, and voila, you have a system that works mostly well, but just sometimes annoys the hell out of you, especially when the X server crashed the system because you did something like Alt-Tabbing while you had two applications running fullscreen on different monitors. Yep, it happened.
So, alas and behold, comes the saviour: Ubuntu 9.10, Karmic Koala! It shines, it glitters, and it saves kittens from trees! Everything is so much better with it!
… not.
Karmic, in the vain hope to be so much greater to the common good, tries to optimize and dumb down things for the users. Which, according to others, seems to work splendidly — but absolutely failed on my end.
My woes with the rare animal
odin (the desktop)
For the record: odin’s specs are something along the line of a Core2 Duo, GeForce 260 linked to two screens, a couple of terabytes of hard drive and a SoundBlaster SB Live! 5.1, after the onbound soundcard started acting up and being generally retarded on the gaming OS.
- Boot time has gone way … up. Even though it’s supposed to be optimized for quicker boot and whatnot, my previous “less than ten seconds” boot time somewhat diminished in the face of the optimized bootup, which made my resolvconf (which I haven’t even touched!) for no apparent reason, adding a 30 to 60s timeout on the top.
- It solved the crashing problems … not at all. The only it actually managed is to get bug-buddy to be all “It looks like nautilus crashed” with a nice dialog saying I should report a bug to Ubuntu. Which I won’t, since there’s nothing logworthy to submit, it just dies and that’s it.
- The sound interface has been made super-easy! And, also, bloody hard to configure correctly. The new sound preferences eschew any kind of knowledge about your sound card and just presume to know better than you, which is exactly why it thinks it should fiddle with the Master volume of my Soundblaster when on four way stereo mix up, which controls only two channels, and not the PCM, which then regulates everything. Jaunty allowed me to change the mixer control to one I deemed best — no dice in Karmic. I now need to fire up alsamixer for that, and can’t use my keyboard volume wheel without fiddling.
- Speaking of sound, it has become even more annoying to find a way to turn off the logon sounds with GDM, since gdmsetup has been replaced by something which does quite about nothing at all.
- And, of course, hibernate doesn’t work anymore. As if any distribution would ever get that right.
baldr, the netbook
- Boot time has gone way … up. Yes, even one the famed “we sooo lurv you” Atom notebooks Karmic pretends to like so much, performance pretty much went down the drain.
- Improved external monitor support! Plug in a second screen, get none of the real estate! As soon as I plug in the VGA display while the laptop is still running, screens go irreversibly blank until reboot. Having it plugged in while rebooting allows you to run 800×600 on both displays, cloned, without the ability to change the resolution.
- Hibernate doesn’t work. Even though it did before.
- And myriads of minor nuisances like stutters and all that jazz.
May I note that this even happens when being freshly installed from source on the netbook, so this is no tale of the common upgrade blues.
Conclusion
Well, I’ll probably be changing distribution soonish, yet again. Fedora might be a neat idea for the netbook, not yet sure if I will revert to Debian on odin.
The Karmic Koala is becoming increasingly extinct and fails to reproduce appropriately even with an accepting mindset.
Internet address (IPv6) autodiscovery
At the U23 yesterday, we included a simple practice lesson on how networks work. We have a server on our network called fiep.labor.koeln.ccc.de. fiep only has a single address, 192.168.23.240/25 according to the local DNS server, as opposed to the rest of the network, 172.23.23.0/24.
The router did not announce any route for 192.168.23.128/25, but fiep still had addresses in other networks (172.23.23.23 as well as an address in 2001:6f8:100c:1::/48), but they weren’t announced anywhere.
The task, as given, was “to connect to http://fiep/hacking4pizza/”. In essence, this reduced the task at hand to either just giving yourself an IP in the 192.168.23.128/25 network or just setting a route for said network, and then opening up your browser. Along with other workarounds, of course, that do require knowledge not easily available.
We had an interesting case, though: one single Mac user could connect to the host without problem, just typing in http://fiep/ and everything’s good.
Confusion was amongst us. We couldn’t quite explain how the Mac managed to just access the site. We assumed it was IPv6, blocked it, and voilà, it didn’t work anymore.
Vague theories were ramped up. Mine was the scariest, and also rather possible:
- The client looks up the hostname, as usual.
- It gets the IP, sees that it has no route to go there.
- Next, an ARP request is pushed out for the IP.
- The switch comes yapping along and says “got it!”, along with the MAC address.
- The client then generates an IPv6 address from the MAC address.
- Voila, connectivity.
There’s just two points where this would have went wrong:
- Usually, the default route catches any stragglers.
- Why generate a v6 address when it gets a connection to the v4 address? Of course, it doesn’t know whether the router will actually forward anything at all.
In the end, though, it was something way more simple: we still had an external DNS server which propagated the public IPv6 address, and the client was using an external DNS server.
But trying to find out what actually happened did prove quite entertaining.
DNS prefetching for spam address verification
Seeing how DNS prefetching is the new fad with browsers, I reckon there’s an easy way to confirm valid addresses of webmail service users:
- Control a DNS to assign unique hashed hostnames.
- Integrate links to hashed hostnames in spam mails.
- If the recipient uses current Chrome, Firefox, etc:
- The DNS prefetcher will resolve the host name,
- Giving you a confirmed hit for the address in your logfiles, since your unique hostname gets resolved.
Kind of reminiscent of the whole “oh, we can have e-Mails with HTML, let’s put in images!” affair. The only thing that might be a bit of a problem for a spammer is getting a domain with DNS server control.