ANN: Nomyx 0.1 beta, the game where you can change the rules

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
27 messages Options
12
Reply | Threaded
Open this post in threaded view
|

ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Ben Lippmeier-2

On 27/02/2013, at 10:28 , Corentin Dupont <[hidden email]> wrote:

> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.

Don't forget 1KBWC: http://www.corngolem.com/1kbwc/

Ben.



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Alexander Solla
In reply to this post by Corentin Dupont



On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont <[hidden email]> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.

That's very nice.  I've been following your progress on the list.  Congratulations!

Did you learn as much about Haskell as you hoped? 

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Chris Wong
In reply to this post by Corentin Dupont
> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.

I just gave it a go -- it looks fun :)

However, I've spotted a security hole. The current user number is
stored in the URL -- if I change that number, I can masquerade as
someone else! Is this behavior intended?

> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or modify
> existing ones, thus completely changing the behaviour of the game through
> time. The rules are managed and interpreted by the computer. They must be
> written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta testers
> :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it by
> submitting rules containing malicious code. I'm working on it. If you'd like
> to do security testing, please do it locally on your own machine and send me
> a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

amindfv
In reply to this post by Ben Lippmeier-2
There's another one...
http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AAAAAAAAAuM/j2BHO_TgLi4/s1600/calvinball.jpg

Tom

On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier <[hidden email]> wrote:

>
> On 27/02/2013, at 10:28 , Corentin Dupont <[hidden email]> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
>
> Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
>
> Ben.
>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
I think it would be harder to implement a computer version of 1KBWC and Calvin ball!! Have to think of it ;)

On Wed, Feb 27, 2013 at 9:48 AM, Tom Murphy <[hidden email]> wrote:
There's another one...
http://3.bp.blogspot.com/-0-NT1rzFpik/Tpe4sb18gOI/AAAAAAAAAuM/j2BHO_TgLi4/s1600/calvinball.jpg

Tom

On Tue, Feb 26, 2013 at 7:07 PM, Ben Lippmeier <[hidden email]> wrote:
>
> On 27/02/2013, at 10:28 , Corentin Dupont <[hidden email]> wrote:
>
>> Hello everybody!
>> I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
>
> Don't forget 1KBWC: http://www.corngolem.com/1kbwc/
>
> Ben.
>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
In reply to this post by Alexander Solla
Thank you very much, that's very nice!
That was a great journey, I started Nomyx 2-3 years ago as a personal project and learned Haskell on the way.
I went through many refactorings as my comprehension of Haskell and Nomic progressed.
Out of the top of my head, the points that gave me some headaches were:
- how to split the program into modules properly without dependency cycles
- Happstack big type signatures
- having the right structures to pass data in a StateT
- using existential types and type families for variables and events
- ACID state, this is really not practical during development

Cheers,
Corentin

On Wed, Feb 27, 2013 at 2:17 AM, Alexander Solla <[hidden email]> wrote:



On Tue, Feb 26, 2013 at 3:28 PM, Corentin Dupont <[hidden email]> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.

That's very nice.  I've been following your progress on the list.  Congratulations!

Did you learn as much about Haskell as you hoped? 


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
In reply to this post by Chris Wong
Hi Chris,
Thanks!
That's true for the user number. What should I do? Encrypt it?

On Wed, Feb 27, 2013 at 5:02 AM, Chris Wong <[hidden email]> wrote:
> Hello everybody!
> I am very happy to announce the beta release [1] of Nomyx, the only game
> where You can change the rules.

I just gave it a go -- it looks fun :)

However, I've spotted a security hole. The current user number is
stored in the URL -- if I change that number, I can masquerade as
someone else! Is this behavior intended?

> This is an implementation of a Nomic [2] game in Haskell (I believe the
> first complete implementation). In a Nomyx game you can change the rules of
> the game itself while playing it. The players can submit new rules or modify
> existing ones, thus completely changing the behaviour of the game through
> time. The rules are managed and interpreted by the computer. They must be
> written in the Nomyx language, which is a subset of Haskell.
> At the beginning, the initial rules are describing:
> - how to add new rules and change existing ones. For example a unanimity
> vote is necessary to have a new rule accepted.
> - how to win the game. For example you win the game if you have 5 rules
> accepted.
> But of course even that can be changed!
>
> Here is a video introduction and first tutorial of the game:
> http://vimeo.com/58265498
> The game is running here: www.nomyx.net:8000/Nomyx
> I have set up a forum where players can learn about Nomyx and discuss the
> rules they intend to propose: www.nomyx.net/forum
>
> As this is the first beta release of the game, I'm looking for beta testers
> :) Although I tested it quite a lot, I'm sure a lot of bugs remains,
> especially in multiplayer.
> So if you are interested in testing Nomyx, please go to this forum thread
> and we'll set up a small team to start a match!
> http://www.nomyx.net/forum/viewtopic.php?p=5
>
> Comments/contributions are very highly welcome! There is still a lot to do.
> As for now, the game is not completely securised. It is easy to break it by
> submitting rules containing malicious code. I'm working on it. If you'd like
> to do security testing, please do it locally on your own machine and send me
> a bug report :).
>
> Cheers,
> Corentin
>
> [1] http://hackage.haskell.org/package/Nomyx
> [2] www.nomic.net
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Mats Rauhala
The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying
the user.

--
Mats Rauhala
MasseR

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
Yes, having a cookie to keep track of the session if something I plan to do.

On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]> wrote:
The user id is not necessarily the problem, but rather that you can
impose as another user. For this, one solution is to keep track of a
unique (changing) user token in the cookies and use that for verifying
the user.

--
Mats Rauhala
MasseR

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
=tf0d
-----END PGP SIGNATURE-----

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Erik Hesselink
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:

> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>

_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Clark Gaebel-2
You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
hash is reversible or not?

On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <[hidden email]> wrote:
You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe




_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

David Thomas
hash(id:secret) should not be reversible, if you use a cryptographic hash.

hash(id) can be brute-forced, on something with so small a range.


On Wed, Feb 27, 2013 at 11:20 AM, Corentin Dupont <[hidden email]> wrote:
hash is reversible or not?


On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <[hidden email]> wrote:
You could just hash it.

  - Clark


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?



On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe




_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
In reply to this post by Corentin Dupont
Hi all,
there is quite a lot of players! Fantastic!
I proposed a rule to lower the vote quorum from unanimity to a quorum of only 4, for the experimentation.
But still, to have this rule accepted, everybody needs to vote! Could you please cast your vote? If you don't plan on playing, it's better to unsubscribe.
The players which have submitted their email should have received a notification for this rule.

To experiment with the rules, it's better to install Nomyx on your machine (cabal install Nomyx) and play alone, since the voting process can be long in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).

I saw people having problem writing the rules (in the log), I'll post some comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
not to flood this mailing list ;) Just note that all proposed rules should have type "RuleFunc".
If you'd like to use GHCI to compose your rule, here's how:
$ wget http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
$ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
$ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs


Cheers!
Corentin

On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <[hidden email]> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
NB: being unsubscribed, you can still watch the game. It's just that you are not anymore considered as a "citizen" of that game, thus not counted in the votes.

On Wed, Feb 27, 2013 at 10:12 PM, Corentin Dupont <[hidden email]> wrote:
Hi all,
there is quite a lot of players! Fantastic!
I proposed a rule to lower the vote quorum from unanimity to a quorum of only 4, for the experimentation.
But still, to have this rule accepted, everybody needs to vote! Could you please cast your vote? If you don't plan on playing, it's better to unsubscribe.
The players which have submitted their email should have received a notification for this rule.

To experiment with the rules, it's better to install Nomyx on your machine (cabal install Nomyx) and play alone, since the voting process can be long in multiplayer (I expect 1 or 2 days to reach the quorum for a rule).

I saw people having problem writing the rules (in the log), I'll post some comments on the game's forum: http://www.nomyx.net/forum/viewtopic.php?p=5
not to flood this mailing list ;) Just note that all proposed rules should have type "RuleFunc".
If you'd like to use GHCI to compose your rule, here's how:
$ wget http://hackage.haskell.org/packages/archive/Nomyx-Rules/0.1.0/Nomyx-Rules-0.1.0.tar.gz
$ tar -xzvf Nomyx-Rules-0.1.0.tar.gz
$ ghci Nomyx-Rules-0.1.0/src/Language/Nomyx/Examples.hs


Cheers!
Corentin


On Wed, Feb 27, 2013 at 12:28 AM, Corentin Dupont <[hidden email]> wrote:
Hello everybody!
I am very happy to announce the beta release [1] of Nomyx, the only game where You can change the rules.
This is an implementation of a Nomic [2] game in Haskell (I believe the first complete implementation). In a Nomyx game you can change the rules of the game itself while playing it. The players can submit new rules or modify existing ones, thus completely changing the behaviour of the game through time. The rules are managed and interpreted by the computer. They must be written in the Nomyx language, which is a subset of Haskell.
At the beginning, the initial rules are describing:
- how to add new rules and change existing ones. For example a unanimity vote is necessary to have a new rule accepted.
- how to win the game. For example you win the game if you have 5 rules accepted.
But of course even that can be changed!

Here is a video introduction and first tutorial of the game: http://vimeo.com/58265498
The game is running here: www.nomyx.net:8000/Nomyx
I have set up a forum where players can learn about Nomyx and discuss the rules they intend to propose: www.nomyx.net/forum

As this is the first beta release of the game, I'm looking for beta testers :) Although I tested it quite a lot, I'm sure a lot of bugs remains, especially in multiplayer.
So if you are interested in testing Nomyx, please go to this forum thread and we'll set up a small team to start a match!
http://www.nomyx.net/forum/viewtopic.php?p=5

Comments/contributions are very highly welcome! There is still a lot to do.
As for now, the game is not completely securised. It is easy to break it by submitting rules containing malicious code. I'm working on it. If you'd like to do security testing, please do it locally on your own machine and send me a bug report :).

Cheers,
Corentin

[1] http://hackage.haskell.org/package/Nomyx
[2] www.nomic.net



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

ozataman
In reply to this post by Corentin Dupont
I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe



_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont
Thanks Ozgun,
but I'm using Happstack: this will be compatible?

On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <[hidden email]> wrote:
I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe




_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
Reply | Threaded
Open this post in threaded view
|

Re: ANN: Nomyx 0.1 beta, the game where you can change the rules

ozataman
You probably can't use it directly but it should at least show you how we did it. In particular, the Snap.Snaplet.Session.SecureCookie module (internal, I think, so look at source) may be of interest to you as it implements the self-contained idea of encrypted cookies.

- Oz

On Wednesday, February 27, 2013 at 4:43 PM, Corentin Dupont wrote:

Thanks Ozgun,
but I'm using Happstack: this will be compatible?

On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <[hidden email]> wrote:
I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.

The Snap.Snaplet.Session module and the Snap.Snaplet.Session.Backends.CookieSession ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.


Hope this helps,
Oz


On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <[hidden email]> wrote:
So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <[hidden email]> wrote:
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.

Erik

On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<[hidden email]> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <[hidden email]>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> [hidden email]
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> [hidden email]
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>


_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe





_______________________________________________
Haskell-Cafe mailing list
[hidden email]
http://www.haskell.org/mailman/listinfo/haskell-cafe
12