đž Archived View for bbs.geminispace.org âē s âē smolgaming âē 20983 captured on 2024-12-17 at 15:20:41. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "I'm working on a proof of concept for that game I mentioned..."
yeah, the file-per-userhash should work fine in terms of load. I've been working on a session manager that keeps a simple key-value store in memory, with the top 16 in a cache which is reordered by access order. But it's an overkill.
Consider protecting yourself from a cheap and simple DOS attack of making a few thousand requests with random hashes...
Oct 18 ¡ 2 months ago
â¯ī¸ dragfyre [OP] ¡ Oct 19 at 03:29:
@stack yeah, I was thinking of throttling requests somehow / returning a "slow down" request to catch spam clicks. How would you suggest handling the multi-hash DoS scenario?
đ stack ¡ Oct 19 at 04:15:
In your case, the simplest way I can think of is pick a limit of new registrations and track with your CGI. You have to store it somewhere, so it's another file to open and read, which may be combined with your other global data file... Maybe as simple as writing the time along with number of registrations in the last minute (if now is a different minute, restart count).
đšī¸ skyjake [...] ¡ Oct 19 at 05:06:
I agree with @stack, you want rate limiting for new registrations. I also recommend making the registration flow include a step that is not easily scriptable, for instance having to click on a link that contains a random (or deterministic but non-obvious) sequence of characters. The attacker would have to parse the response for the right URL to request, which can be a deterrent.
â¯ī¸ dragfyre [OP] ¡ Oct 22 at 01:21:
Thanks @skyjake and @stack for the suggestions and guidance! I found the Gemini CGI guide and will be following it to implement the security checks. Things may be a bit slower going until it's ready to release, but that should be fine as it'll give me time to test things out, to refine gameplay and to keep proofreading the word list.
â¯ī¸ dragfyre [OP] ¡ Oct 27 at 02:41:
Rate limits are in and seem pretty solid and not too irritating. I've also added some basic caching to reduce the CPU load. I have an idea of how to handle possible registration spam; it'll require a bit of refactoring. All told, we should be ready for alpha within the coming week.
â¯ī¸ dragfyre [OP] ¡ Oct 30 at 13:27:
Soon.
Crostic Nines ⨠âĸ 2024-10-30
â â â â â â â â â â
đ 21 đ 2 âąī¸ 3h7m đ 255pts
â¯ī¸ dragfyre [OP] ¡ Nov 02 at 08:13:
Refactoring is done, and everything that needs to be there is there. Time to do some last-minute debugging and then we're ready to launch!
I'm working on a proof of concept for that game I mentioned earlier. I won't give away too much just yet, but it's a word guessing game. The basics of gameplay are working; making it look good in Gemini will come later. The biggest headache right now is generating grammatically correct clues. Right now, the word list includes a lot of derived forms, like "walks" and "walked". I've used NLTK and WordNet to auto-generate clues, but the problem is, it lemmatizes words and gives definitions for the...