Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Bisqwit wrote:
Nach wrote:
How do you think that would work?
Not sure. The database (MySQL) needs considerable amounts of RAM to be efficient.
Well, my server has 128 MB free for Apache and MySQL. Although I'm hosting other sites on it too.
Bisqwit wrote:
I could buy you RAM too...
Since I'm renting a server, I can't exactly add RAM straight to it...
Although I could get upgraded to a server with an additional 256MB of RAM in it for $10/month...
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Bisqwit wrote:
Nach wrote:
I now have my own server to host stuff on. The question is, does it have the capacity for this site?
I can provide 2GB HD space. 30 GB of transfer a month. RAM and CPU usage by scripts has to remain pretty low. Would that be enough to cover things?
The CPU usage is very low (at least if you have RAM for disk-caching most of the database)
Well, maybe I'm wrong on this, but I imagine that most of the main site can be stored in mod_disk_cache, and only updated twice a day or something. Which is good for CPU usage.
Bisqwit wrote:
RAM usage however can peak a bit (as in, the default memory limit of 16 MB in PHP is not enough), and add the space used by memcache to that.
The disk space should not be a problem.
I don't have a lot of RAM on my server. I have to check but I think I limited PHP itself to 32MB or 64MB, and then gave another 32MB to XCache.
How do you think that would work?
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
I now have my own server to host stuff on. The question is, does it have the capacity for this site?
I can provide 2GB HD space. 30 GB of transfer a month. RAM and CPU usage by scripts has to remain pretty low. Would that be enough to cover things?
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Okay, I have to say this run is very bad.
You have the chancellor saying that Marle kidnapped Princess Nadia, and putting her on trial? They're the same person!
What are you doing? Ripping off the plot from that Hitchhiker's Guide to the Galaxy movie? Looking for a lawsuit?
It's not fair use. It's not proper law. It's not proper playing. It's not a proper TAS. Just delete it now.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
You can still get visually lossless without using lossless mode though. Some of my encodes aside from the intro logo are virtually indistinguishable from lossless mode.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Bisqwit wrote:
Nach's idea is splendid, but it doesn't solve the problem of accidentally using pathnames outside the allowed webroot and rendering them to the browser, and the such.
You can prevent that with proper filtering.
IIRC, Apache allows locking files and symlinks read to a particular root.
However for more security, you can run Apache inside a chroot. Since you have multiple sites, you'll need a bit more trickery. Run more than once instance of Apache, have the TASVideos site run on the chroot'd Apache which runs on a different port. Have tasvideos.org:80 on the main Apache do a "Location: http://'.$_SERVER['HTTP_HOST'].$other_port.$_SERVER['PHP_SELF'].$getVariables".
If you want them both on port 80 with a chroot. You can setup a tunnel for the site on port 80 to foward the request onto the other port and pass on the results, leaving the other Apache locked well.
If you don't want a chroot, you'll need to setup a PHP prefilter to catch everything beyond Apache's level. All file system access by PHP will need to be passed through realpath(), and then see if your list of allowed roots matches the beginning until a slash of the realpath.
Or perhaps you can try that mod to run PHP scripts as a different user. In which case you have that other use have very limited permissions, and rely on UNIX and your partitions setup properly.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
arflech wrote:
Nach wrote:
Bisqwit wrote:
― Understanding of secure web programming; proper escaping of SQL queries, proper escaping of HTML characters, etc.
Escaping SQL queries? What decade are you living in?
the decade where your username is hax0r and your password is ' or '1'='1
If such things worry you nowadays, then you're writing your SQL bindings wrong.
There's basically 3 levels of security:
1. No security
2. Escaping
3. Prepared Statements
qFox wrote:
Bisqwit wrote:
Warp wrote:
Bisqwit wrote:
Nach wrote:
For the sites we develop at work, all our code is stored in a version control system...
That is an immensely interesting idea. I have never heard of it before
Knowing your usage and expertise of versioning systems, including git, that comment rather surprises me. Clearly I didn't understand something here.
It only surprises you because you misquoted me. It was not "all our code is stored in a VCS" that was immensely interesting to me, but the notion of "the site itself via its admin interface allows telling it to update itself to any particular revision (usually the latest)."
So, a CMS with CVS? That can hardly be any news? Heck, wiki's sorta work like that...
No. A site where the wiki engine code is updated via the wiki itself.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Bisqwit wrote:
Nach wrote:
Why are you requiring developers to login and upload changed files?
The process is error prone, and gives more permission out to people than they should have.
For the sites we develop at work, all our code is stored in a version control system, we have the main site, and the developer site. The site itself via its admin interface allows telling it to update itself to any particular revision (usually the latest). Developers play with their own setup, commit to VCS, developer site syncs with VCS, it's tested on a larger scale, and when found stable, main site can be synced, no room for forgetting to upload just one file.
That is an immensely interesting idea. I have never heard of it before.
When we started our new development projects, our overall lead developer decided EVERYTHING should be automated, nothing anywhere should ever be done by hand, since that only leads to possible error on occasion, consistency is key.
We've written up scripts to automate practically everything that we have to do (besides write the actual code). I was actually the one responsible for figuring out how to automate the main update of the site, setting up a page to allow syncing with the VCS seemed the most obvious choice.
We're automated to the extent of how we sync with other projects on the net. We have a custom browser which can be searched for text, and replay key presses and clicks. When there's a site where we download software from which we use, we develop a "movie file" to download the latest version, even when the site doesn't provide an API or non changing latest version link. Then we have the web browser movie scripts automated to run nightly.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Bisqwit wrote:
Site development and maintaining (multiple people wanted)
This is the most important bit. In the future, I will not have time to maintain the site's source code anymore, so others will have to do it. However, I cannot grant access to the current site directly – only to the source code – for the reason that the server contains many other things besides TASVideos – and thus, the actual site has to be moved too, for the maintainership of the site to be possible for others than me.
The TASVideos site source code is stored in a GIT repository, and the database is a MySQL database.
A developer will implement changes in those and upload those changes to the actual site.
Why are you requiring developers to login and upload changed files?
The process is error prone, and gives more permission out to people than they should have.
For the sites we develop at work, all our code is stored in a version control system, we have the main site, and the developer site. The site itself via its admin interface allows telling it to update itself to any particular revision (usually the latest). Developers play with their own setup, commit to VCS, developer site syncs with VCS, it's tested on a larger scale, and when found stable, main site can be synced, no room for forgetting to upload just one file.
Setting up any site to sync itself with any VCS should be pretty straight foward. A paged locked towards admins which when submitted calls whatever program on the server, and presto. If need be, have it also run various scripts to keep things sane after an upgrade.
Bisqwit wrote:
― Understanding of secure web programming; proper escaping of SQL queries, proper escaping of HTML characters, etc.
Escaping SQL queries? What decade are you living in?
Escaping data runs a lot of risk in doing it wrong. Depending where it's coming from, and having it also have to escape HTML, and how many quotes may currently be in the string at the time can make escaping get ugly at times. Escaping SQL can change from query to query, don't leave such things up to chance.
People also spend too much time wondering if due to the filters the data went through, does this particular data ever need escaping, or is it all ready safe or escaped?
Now that PHP 5 integrated PDO, use prepared statements for all queries that contain variables. They never need escaping, you just have to specify the variables external from the SQL string itself. It's not so error prone, doesn't waste brain time thinking about the data, and additionally also allows running the exact same query with different variables easily without building the string again.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Last book in the Dark is Rising Series, the ending of a war which was brewing for the entire series is completely anti climatic.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Well, I guess you'll need to let go of right and press left and then right again on occasion. That's why I threw out 60.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
I just thought of a new idea for a movie category, beating a game in the least amount of button presses.
Imagine tracking how many times a button was pressed down, and seeing how many presses are needed to beat Super Mario Bros. In each level, pressing right and B once is probably a given, but how many times do you have to press A? Each encode would have to display when a button is pressed, so people can see it.
Can SMB be beaten in less than 60 presses?
Thoughts?
Edit:
I take some of that back, SMB would only need Right+B once the entire game, leaving the rest of it to minimal jumps.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Can you please post your full sound options you used when recording this movie? Rate, Filtering, Low Pass, etc...
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
If these were to work on DVD players (yuck), we wouldn't be able to pack them with nearly as many videos.
Although if people were willing to buy just a single video on a video DVD, that would definitely help the site out. I personally though hate waste, and would like each DVD packed with as much video as possible.
What type of commentary or subtitles is wanted exactly? There's also no reason why something like that couldn't be available on the site.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
I just watched this video, and I hate to say it, but a few levels look suboptimal. Those wall squish guys turn around when you're near them on the other side, you seemed to wait for them to turn around sometimes. You also missed throwing your key up and then jumping in a few places and instead used the slower lifts. I also miss seeing the real Donkey Kong fight at the end. I have to vote no.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Depending how many people were interested, maybe it could help. I don't know what people would go for, $3 a month? $5 a month?
Canonical (Ubuntu) seems to ship a CD anywhere for an average of $1.2, add on the DVDs themselves, as well as the packaging is probably another dollar or so. If the subscription was $5 a month, you'd basically get $3 profit a month per subscriber. If it's 50 people who subscribe, you should have your hosting fees and hardware covered right there.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
ShadowWraith wrote:
Nach wrote:
...Corneria...
Uh... Crateria? Or is this now a Starfox thread. :O
Yeah sorry, got my video game locations mixed up there.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
So I was thinking, would it be feasible to start a subscription service? Would anyone be interested?
Basically each month, you'll receive a DVD in the mail with all the videos that came out that month, and perhaps the latest version of MPlayer and FFDShow or something for Windows users. Each DVD would have the TASVideos logo on it and the month/year.
Money can be broken down into 3 groups, 1/3 supports the service itself and whoever is running it, 1/3 goes to Bisqwit for the site, and the other 1/3 is divided among those who had video(s) on the DVD that month.
People still on dial-up would probably like a subscription service, and those with small hard drives, or don't want to be bothered downloading each new video may be interested.
It'd also be a good way to fund the site, if people aren't too stingy.
If you're interested, what price do you think is fair to all? I was thinking maybe $36/year, although if international shipping applies, a different price may be in order, or perhaps we'd only cover certain countries.
Thoughts?
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Well, when it comes to doing 100%, there is no reason to go into Tourian at all, you can trigger the end game sequence in Corneria after you get 100%, but that's besides the point. I'm sure someone one day will find something else clever to do with the glitches exploited here.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
moozooh wrote:
Might be possible for in-game, but likely not for realtime (I don't really see how several additional room transitions + death cutscene + saving/loading cutscenes + intro screen + x-raying up the wall will turn out any faster than just fighting MB with all beams).
That's being narrow minded, we don't do that here. Here we try to find how else we can apply glitches, as opposed to the single location where we first saw it.
The X-Ray stuff for an example might be used as a shortcut to reaching the bottom of large rooms.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
If you need a good technical label for the glitches exploited here, you can say that it makes use of buffer overflows and uninitialized variables, as opposed to other glitches which are just flaws in the game engine or level design.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
So, when is someone going to make a video of breaking into the back door of Tourian, triggering the explosion sequence there, and then just returning the way you came for a quicker TAS?
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Just a heads up for everyone, don't meet Bisqwit, he's a serial killer, and if you want to live, you're better off not meeting him. Didn't your parents ever tell you to not meet up with strangers you meet on the internet?
Bisqwit:
I recommend the Statue of Liberty, although be prepared to have a huge line and waiting for at least an hour to get in. Also make sure to bring a large amount of water with you.
I'd also recommend vising the technology places if you like technology. Normally, I'm all for boycotting everything Sony, but going to Sony Wonder (formerly AT&T Infoquest) is a great place to see crazy futuristic technology.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
Joined: 3/9/2004
Posts: 4588
Location: In his lab studying psychology to find new ways to torture TASers and forumers
Tub wrote:
IMHO the encoders/publishers should be listed somewhere, but less prominently than the runner.
This is a good point.
It's nice to list encoder/publishers somewhere, as it makes the encoders/publishers feel good that they get recognition for their work. But displaying it as a key point I think is a bad idea.
In general the idea of displaying an encoder of a video is closely tied to the illegal movie ripping community. Each group sticks their name into the file so they get recognition, so they can become better equipped to pirate upcoming movies, and the users also know who ripped it as some groups do better encodes than others, and they may go with certain groups because they like the quality.
This view is completely different from what we do. Our videos aren't made illegally (unless of course you don't own the game you're dealing with, or some encoder pirated some encoding software, despite the fact it can be done excellently with all free tools). Thus displaying the encoder in itself can carry a bad connotation that there's something illegal about it. Also, here we stress very high quality encodes, and we all use x264 as our encoder these days, we should never have any low quality videos up, unless they're very hard to compress (I'm looking at you X2). Therefor specifying who encoded it so prominently says that certain encoders do a bad job, so you know who to avoid, which simply isn't the case with us.
Lastly, equating the encoder with the person who did the real tedious work of making the run is insulting. 95% of the time, 95% of the encoding process is automated, and maybe requires 10-15 minutes of actual work, as opposed to just leaving your machine to do its job.
So I'm all for listing the encoder, but not on the main page, and on the particular movie's page, it should be off to the side where it's not a prominent point.
Warning: Opinions expressed by Nach or others in this post do not necessarily reflect the views, opinions, or position of Nach himself on the matter(s) being discussed therein.
