Corentin Dupont | 27 Feb 00:28 2013
Picon

ANN: Nomyx 0.1 beta, the game where you can change the rules

Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Ben Lippmeier | 27 Feb 01:07 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules


On 27/02/2013, at 10:28 , Corentin Dupont <corentin.dupont <at> gmail.com> wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.

Don't forget 1KBWC: http://www.corngolem.com/1kbwc/

Ben.
Tom Murphy | 27 Feb 09:48 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

There's another one...
http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AAAAAAAAAuM/j2BHO_TgLi4/s1600/calvinball.jpg

Tom

On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier <benl <at> ouroborus.net> wrote:
>
> On 27/02/2013, at 10:28 , Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
>
> Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
>
> Ben.
>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 14:20 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

I think it would be harder to implement a computer version of 1KBWC and Calvin ball!! Have to think of it ;)

On Wed, Feb 27, 2013 at 9:48 AM, Tom Murphy <amindfv <at> gmail.com> wrote:
There's another one...
http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AAAAAAAAAuM/j2BHO_TgLi4/s1600/calvinball.jpg

Tom

On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier <benl <at> ouroborus.net> wrote:
>
> On 27/02/2013, at 10:28 , Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
>
> Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
>
> Ben.
>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Alexander Solla | 27 Feb 02:17 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules




On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.

That's very nice.  I've been following your progress on the list.  Congratulations!

Did you learn as much about Haskell as you hoped? 
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 14:36 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Thank you very much, that's very nice!
That was a great journey, I started Nomyx 2-3 years ago as a personal project and learned Haskell on the way.
I went through many refactorings as my comprehension of Haskell and Nomic progressed.
Out of the top of my head, the points that gave me some headaches were:
- how to split the program into modules properly without dependency cycles
- Happstack big type signatures
- having the right structures to pass data in a StateT
- using existential types and type families for variables and events
- ACID state, this is really not practical during development

Cheers,
Corentin

On Wed, Feb 27, 2013 at 2:17 AM, Alexander Solla <alex.solla <at> gmail.com> wrote:



On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.

That's very nice.  I've been following your progress on the list.  Congratulations!

Did you learn as much about Haskell as you hoped? 

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Chris Wong | 27 Feb 05:02 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.

I just gave it a go -- it looks fun :)

However, I've spotted a security hole. The current user number is
stored in the URL -- if I change that number, I can masquerade as
someone else! Is this behavior intended?

> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or modify
> existing ones, thus completely changing the behaviour of the game through
> time. The rules are managed and interpreted by the computer. They must be
> written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta testers
> :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it by
> submitting rules containing malicious code. I'm working on it. If you'd like
> to do security testing, please do it locally on your own machine and send me
> a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
Corentin Dupont | 27 Feb 14:37 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi Chris,
Thanks!
That's true for the user number. What should I do? Encrypt it?

On Wed, Feb 27, 2013 at 5:02 AM, Chris Wong <chrisyco+haskell-cafe <at> gmail.com> wrote:
> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.

I just gave it a go -- it looks fun :)

However, I've spotted a security hole. The current user number is
stored in the URL -- if I change that number, I can masquerade as
someone else! Is this behavior intended?

> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or modify
> existing ones, thus completely changing the behaviour of the game through
> time. The rules are managed and interpreted by the computer. They must be
> written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta testers
> :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it by
> submitting rules containing malicious code. I'm working on it. If you'd like
> to do security testing, please do it locally on your own machine and send me
> a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Mats Rauhala | 27 Feb 15:16 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying
the user.

--

-- 
Mats Rauhala
MasseR
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 15:30 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Yes, having a cookie to keep track of the session if something I plan to do.

On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com> wrote:
The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying
the user.

--
Mats Rauhala
MasseR

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
=tf0d
-----END PGP SIGNATURE-----

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Erik Hesselink | 27 Feb 15:52 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
Corentin Dupont | 27 Feb 20:08 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Clark Gaebel | 27 Feb 20:18 2013
Picon
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 20:20 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

hash is reversible or not?

On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <cgaebel <at> uwaterloo.ca> wrote:
You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
David Thomas | 27 Feb 20:31 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

hash(id:secret) should not be reversible, if you use a cryptographic hash.

hash(id) can be brute-forced, on something with so small a range.


On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
hash is reversible or not?


On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <cgaebel <at> uwaterloo.ca> wrote:
You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe




_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Ozgun Ataman | 27 Feb 22:30 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 22:43 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Thanks Ozgun,
but I'm using Happstack: this will be compatible?

On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <ozataman <at> gmail.com> wrote:
I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Ozgun Ataman | 27 Feb 22:55 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

You probably can't use it directly but it should at least show you how we did it. In particular, the Snap.Snaplet.Session.SecureCookie module (internal, I think, so look at source) may be of interest to you as it implements the self-contained idea of encrypted cookies.

- Oz

On Wednesday, February 27, 2013 at 4:43 PM, Corentin Dupont wrote:

Thanks Ozgun,
but I'm using Happstack: this will be compatible?

On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <ozataman <at> gmail.com> wrote:
I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink <at> gmail.com> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont <at> gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala <at> gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe <at> haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe <at> haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe




_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Brandon Allbery | 28 Feb 01:26 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hi Chris,
Thanks!
That's true for the user number. What should I do? Encrypt it?

It's not that you have a user number, or even that it's accessible: it's that it's the entirety of access control, meaning that if the user changes it they can masquerade as another user. The correct solution is that a user should authenticate, which creates a session hash that you stash away and also send back to the user as a cookie so the browser will present it on accesses. Then you check that the presented hash is there and matches the session hash. These should expire periodically, requiring the user to log back in again.

--
brandon s allbery kf8nh                               sine nomine associates
allbery.b <at> gmail.com                                  ballbery <at> sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Chris Wong | 1 Mar 05:17 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery <allbery.b <at> gmail.com> wrote:
> On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont <corentin.dupont <at> gmail.com>
> wrote:
>> Hi Chris,
>> Thanks!
>> That's true for the user number. What should I do? Encrypt it?
>
> It's not that you have a user number, or even that it's accessible: it's
> that it's the entirety of access control, meaning that if the user changes
> it they can masquerade as another user. The correct solution is that a user
> should authenticate, which creates a session hash that you stash away and
> also send back to the user as a cookie so the browser will present it on
> accesses. Then you check that the presented hash is there and matches the
> session hash. These should expire periodically, requiring the user to log
> back in again.

Brandon pretty much pulled the words out of my mouth, but I have one
last thing to add: no matter how well you encrypt the information, as
long as it's in the URL it's insecure.

Hypothetical situation #1: if there's someone looking over your
shoulder, they can just note down the address -- it is in plain view,
after all.

Even more likely: your friend wants to watch the game, so you send her
the link. Unfortunately, you forget to delete your session information
from the URL. Now your friend (conveniently named Eve) has hijacked
your account and is voting on your behalf.

The Ruby on Rails website has an excellent explanation of common
security holes [1]. The article is Rails-centric, but most of it
applies to Haskell as well.

[1] http://guides.rubyonrails.org/security.html

As for libraries, Happstack has happstack-authenticate [2]. I haven't
used it myself, but it looks good.

[2] http://hackage.haskell.org/package/happstack-authenticate

Chris

> --
> brandon s allbery kf8nh                               sine nomine associates
> allbery.b <at> gmail.com                                  ballbery <at> sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
Corentin Dupont | 1 Mar 11:20 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

happstack-authenticate looks impressive, they seem to support for Google , Yahoo, Live Journal, Myspace, and OpenId logins!
I'll try it.

On Fri, Mar 1, 2013 at 5:17 AM, Chris Wong <chrisyco+haskell-cafe <at> gmail.com> wrote:
On Thu, Feb 28, 2013 at 1:26 PM, Brandon Allbery <allbery.b <at> gmail.com> wrote:
> On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont <corentin.dupont <at> gmail.com>
> wrote:
>> Hi Chris,
>> Thanks!
>> That's true for the user number. What should I do? Encrypt it?
>
> It's not that you have a user number, or even that it's accessible: it's
> that it's the entirety of access control, meaning that if the user changes
> it they can masquerade as another user. The correct solution is that a user
> should authenticate, which creates a session hash that you stash away and
> also send back to the user as a cookie so the browser will present it on
> accesses. Then you check that the presented hash is there and matches the
> session hash. These should expire periodically, requiring the user to log
> back in again.

Brandon pretty much pulled the words out of my mouth, but I have one
last thing to add: no matter how well you encrypt the information, as
long as it's in the URL it's insecure.

Hypothetical situation #1: if there's someone looking over your
shoulder, they can just note down the address -- it is in plain view,
after all.

Even more likely: your friend wants to watch the game, so you send her
the link. Unfortunately, you forget to delete your session information
from the URL. Now your friend (conveniently named Eve) has hijacked
your account and is voting on your behalf.

The Ruby on Rails website has an excellent explanation of common
security holes [1]. The article is Rails-centric, but most of it
applies to Haskell as well.

[1] http://guides.rubyonrails.org/security.html

As for libraries, Happstack has happstack-authenticate [2]. I haven't
used it myself, but it looks good.

[2] http://hackage.haskell.org/package/happstack-authenticate

Chris

> --
> brandon s allbery kf8nh                               sine nomine associates
> allbery.b <at> gmail.com                                  ballbery <at> sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Joe Quinn | 1 Mar 13:38 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

On 2/28/2013 11:17 PM, Chris Wong wrote:
> On Wed, Feb 27, 2013 at 8:37 AM, Corentin Dupont<corentin.dupont <at> gmail.com>
> >wrote:
>> >>Hi Chris,
>> >>Thanks!
>> >>That's true for the user number. What should I do? Encrypt it?
> >
> >It's not that you have a user number, or even that it's accessible: it's
> >that it's the entirety of access control, meaning that if the user changes
> >it they can masquerade as another user. The correct solution is that a user
> >should authenticate, which creates a session hash that you stash away and
> >also send back to the user as a cookie so the browser will present it on
> >accesses. Then you check that the presented hash is there and matches the
> >session hash. These should expire periodically, requiring the user to log
> >back in again.
Additionally, you can change the session hash with every page hit, to 
some other totally random hash. If someone steals your session, they had 
better act on it immediately, lest you visit another page and it changes 
completely. If your session gets hijacked, you get logged out. When you 
log in again the attacker loses access.

You can also check sessions by the hash and IP address. That has 
usability concerns though. Even if players never switch machines in the 
middle of a game, suppose you are playing on a cell phone and your train 
goes through a tunnel. When you reconnect, your provider gives you a 
different IP and you are logged out.
Ertugrul Söylemez | 1 Mar 13:59 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Joe Quinn <headprogrammingczar <at> gmail.com> wrote:

> Additionally, you can change the session hash with every page hit, to
> some other totally random hash. If someone steals your session, they
> had better act on it immediately, lest you visit another page and it
> changes completely. If your session gets hijacked, you get logged
> out. When you log in again the attacker loses access.

That will likely cause trouble with concurrent connections aka
pipelining:

  * Client sends request 1 with session id A.

  * Server receives request 1, verifies A = A, handles the request, sets
    new hash to B, sends response.

  * Client sends request 2 with session id A.

  * Server rejects request 2, because session id mismatch (A /= B).

  * Client receives response to request 1, sets session id to B.

Don't change the session id in the middle of the session.  To prevent
session hijacking you need to use SSL.

Greets,
Ertugrul

--

-- 
Not to be or to be and (not to be or to be and (not to be or to be and
(not to be or to be and ... that is the list monad.
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 22:12 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all,
there is quite a lot of players! Fantastic!
I proposed a rule to lower the vote quorum from unanimity to a quorum of only 4, for the experimentation.
But still, to have this rule accepted, everybody needs to vote! Could you please cast your vote? If you don't plan on playing, it's better to unsubscribe.
The players which have submitted their email should have received a notification for this rule.

To experiment with the rules, it's better to install Nomyx on your machine (cabal install Nomyx) and play alone, since the voting process can be long in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).

I saw people having problem writing the rules (in the log), I'll post some comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
not to flood this mailing list ;) Just note that all proposed rules should have type "RuleFunc".
If you'd like to use GHCI to compose your rule, here's how:
$ wget http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
$ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
$ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs


Cheers!
Corentin

On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 27 Feb 22:20 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

NB: being unsubscribed, you can still watch the game. It's just that you are not anymore considered as a "citizen" of that game, thus not counted in the votes.

On Wed, Feb 27, 2013 at 10:12 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hi all,
there is quite a lot of players! Fantastic!
I proposed a rule to lower the vote quorum from unanimity to a quorum of only 4, for the experimentation.
But still, to have this rule accepted, everybody needs to vote! Could you please cast your vote? If you don't plan on playing, it's better to unsubscribe.
The players which have submitted their email should have received a notification for this rule.

To experiment with the rules, it's better to install Nomyx on your machine (cabal install Nomyx) and play alone, since the voting process can be long in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).

I saw people having problem writing the rules (in the log), I'll post some comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
not to flood this mailing list ;) Just note that all proposed rules should have type "RuleFunc".
If you'd like to use GHCI to compose your rule, here's how:
$ wget http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
$ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
$ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs


Cheers!
Corentin


On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 1 Mar 15:33 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all,
with the mutiplayer server, the game was occasionally crashing with:
CPU time limit exceeded (core dumped)
I think it was due to some ulimit set too low, it should work better now.

BR,
C


On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Corentin Dupont | 4 Mar 00:08 2013
Picon

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Hi all,
it's still crashing once a day with:
CPU time limit exceeded (core dumped)

ulimit -t gives unlimited.
in /etc/security/limits.conf their is nothing.

I'm not setting time limits in the software.
Any ideas?

On Fri, Mar 1, 2013 at 3:33 PM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hi all,
with the mutiplayer server, the game was occasionally crashing with:
CPU time limit exceeded (core dumped)
I think it was due to some ulimit set too low, it should work better now.

BR,
C



On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <corentin.dupont <at> gmail.com> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Gmane