Entropedia.info Official Thread

[Witte]

Set the cookie for domain .entropiawiki.com and it will be valid for all subdomains.

And you might consider using base64 encoding for the ALPassword cookie instead of urlencoding.

The problem is that the cookie with session is automatically generated. It is probably a setting somewhere in asp.net. What is the advantage of base64 encoding? I think I actually tried that but then the data got lost when saved in the cookie.

 

[wizzszz]

The problem is that the cookie with session is automatically generated. It is probably a setting somewhere in asp.net. What is the advantage of base64 encoding? I think I actually tried that but then the data got lost when saved in the cookie.

There is no big advantage, just urlencoding = 3 byte code per 1 encoded byte whereas base64 = 4 byte code per 3 encoded bytes... maybe just me being a bit anal about it...

The domain setting for the cookie should help though:

No domain specified in the cookie -> valid for current domain only


How do you set cookies for all the different subdomains atm? Or did i miss something?

 

[Witte]

Ah ok, I think I will just leave the password as it is then . Or I will remove the password altogether, I have been reading a bit on the subject and I don't think it is the usual method to use a password for that, but a unique identifier.

Currently I use the domainless cookie for login data, but asp.net automatically creates a cookie for each domain with "session" in it. I think it is just the session id so that the server knows what session its dealing with.

 

[wizzszz]

Ah ok, I think I will just leave the password as it is then . Or I will remove the password altogether, I have been reading a bit on the subject and I don't think it is the usual method to use a password for that, but a unique identifier.

vBulletin used to send 2 cookies, too, one with the member name and one with an access token.

State of the art is one cookie, containing i.e. the memberid and a checksum (i.e. md5) over a secret string and a bit of extra "salt" (and maybe some other parts, i.e. the stored password) - changing the salt in the user table is the easiest and most secure way to terminate a login session.

And, it seems you store the passwords as plain text - this is no good idea either, i am sure many people use the same password for entropedia and the forum or other EU related stuff - if someone hacks your database, they will have access to other stuff, too...

And last but not least: Noone, not even an admin should have access to somebodies clear text password - usual way to do this is storing an additional "salt" and the checksum across salt and the password.
When a user logs on, you calculate the checksum over the provided password and the salt stored for this particular used and compare it to the stored checksum - but keep in mind that this is case-sensitive.

Again, invalidating a password (i.e. when someone requests a password reset code the old password should be invalidated immediately, as it is lost anyway) is as easy as changing the salt to a different string. (the new salt could be used to compute the reset code)

Currently I use the domainless cookie for login data, but asp.net automatically creates a cookie for each domain with "session" in it. I think it is just the session id so that the server knows what session its dealing with.

Setting cookies w/o domain uses the domain the request is made for. I guess i have to check this myself and let you know when i find something that can be improved.

I just suggested that starfinder does the same, because a login is valid for www.ET.com, but not for ET.com - if you're interested in the topic please look here

 

[Witte]

vBulletin used to send 2 cookies, too, one with the member name and one with an access token.

State of the art is one cookie, containing i.e. the memberid and a checksum (i.e. md5) over a secret string and a bit of extra "salt" (and maybe some other parts, i.e. the stored password) - changing the salt in the user table is the easiest and most secure way to terminate a login session.

And, it seems you store the passwords as plain text - this is no good idea either, i am sure many people use the same password for entropedia and the forum or other EU related stuff - if someone hacks your database, they will have access to other stuff, too...

And last but not least: Noone, not even an admin should have access to somebodies clear text password - usual way to do this is storing an additional "salt" and the checksum across salt and the password.
When a user logs on, you calculate the checksum over the provided password and the salt stored for this particular used and compare it to the stored checksum - but keep in mind that this is case-sensitive.

Again, invalidating a password (i.e. when someone requests a password reset code the old password should be invalidated immediately, as it is lost anyway) is as easy as changing the salt to a different string. (the new salt could be used to compute the reset code)

How it currently works is that the MD5 hash value is taken of a password on registration, and this MD5 hash value is stored in the database. When a user logs in, the MD5 hash value is taken of the typed password and compared to the MD5 hash value in the database. It used to be that case that the cookie contained the plain text password. I now changed that so that the cookie contains the MD5 hash code instead. I know the hash code can be cracked though. But when someone has access to somebodies cookie you can as well copy the complete cookie and use it on a different computer.

Setting cookies w/o domain uses the domain the request is made for. I guess i have to check this myself and let you know when i find something that can be improved.

I just suggested that starfinder does the same, because a login is valid for www.ET.com, but not for ET.com - if you're interested in the topic please look here

I figured out how to remove the subdomain from the session cookie already, so now only 1 cookie is made with the ".entropiawiki.com" domain. The login data was already stored in this domain.

 

[wizzszz]

How it currently works is that the MD5 hash value is taken of a password on registration, and this MD5 hash value is stored in the database. When a user logs in, the MD5 hash value is taken of the typed password and compared to the MD5 hash value in the database. It used to be that case that the cookie contained the plain text password. I now changed that so that the cookie contains the MD5 hash code instead. I know the hash code can be cracked though. But when someone has access to somebodies cookie you can as well copy the complete cookie and use it on a different computer.

You compare only the checksum on login? Or both, the username and the password checksum?

However, you should always add some "salt" (a random string) to the passwords before you compute the hash, especially those you store in your database - ever heard of rainbow tables? Passwords use only a very limited subset of the available chars.

You can't "crack" md5 (it's a one-way function), only produce a set of bits that will produce the same checksum, but that will only help you to forge a fake certificate, i.e. for ssl - but you can use rainbow tables to look up what md5 hash belongs to which password - this will no longer work when you "salt" your passwords:
Pre-/append a couple of random characters to the password string before you compute the md5 - of course this "salt" has to be stored somewhere, too (i recommend using a salt string per user stored in the user table, but a global salt will do for a start and doesn't require any changes to the db).

I figured out how to remove the subdomain from the session cookie already, so now only 1 cookie is made with the ".entropiawiki.com" domain. The login data was already stored in this domain.

Great

Btw, I like the idea of filtering the content by use of a certain subdomain.

 

[Serica]

Smoerble, I notice you've added video walkthroughs to some of the missions., like this one.

Perhaps you could create a separate heading when you do this? Putting it in the same heading as the dialog pushes the text out of the way, making it very hard to read.

(Witte, I tried moving it but it just seems to play havok with the formatting. Any tips ?)

 

[RobBuona]

Armor + Plates?

I've tried adding plates to armor in the armor section a few times, and it has never seemed to work. I just tried it, but I also remember trying it three or four weeks ago and it didn't work then either.

 

[Witte]

Smoerble, I notice you've added video walkthroughs to some of the missions., like this one.

Perhaps you could create a separate heading when you do this? Putting it in the same heading as the dialog pushes the text out of the way, making it very hard to read.

(Witte, I tried moving it but it just seems to play havok with the formatting. Any tips ?)

The wysiwyg editor can be a bit tricky sometimes, in such cases you can always switch back to wiki syntax (although that may be even more tricky ). In this case, using the wysiwyg editor, the procedure is to select the box with the movie, go to styles, and deselect the "floating box" style. The video now becomes regular text and you can copy paste it or remove it.

But I noticed there was a bug in it too which may have caused the problem. I fixed that bug and as you suggested, I moved the walkthrough to its own section.

 

[Serica]

The wysiwyg editor can be a bit tricky sometimes, in such cases you can always switch back to wiki syntax (although that may be even more tricky ). In this case, using the wysiwyg editor, the procedure is to select the box with the movie, go to styles, and deselect the "floating box" style. The video now becomes regular text and you can copy paste it or remove it.

But I noticed there was a bug in it too which may have caused the problem. I fixed that bug and as you suggested, I moved the walkthrough to its own section.

Cheers Witte Noted for the future too.

 

[DxBlueIce]

Search function broken atm?
Everytime I'm searching something I get "Oops... something went wrong".

Or is it just me?

 

[danimal01]

Search function broken atm?
Everytime I'm searching something I get "Oops... something went wrong".

Or is it just me?

Yes it is currently "broken", a workaround to this is just to select the category of the item that you want. Then in the middle of the page there will be a "search" function, utilize this instead and it will take you to the item you are searching for

~Danimal

 

[Cail]

Yes it is currently "broken", a workaround to this is just to select the category of the item that you want. Then in the middle of the page there will be a "search" function, utilize this instead and it will take you to the item you are searching for

~Danimal

That's not exactly a workaround, that's what you do when you know where to look for something
I wasn't quite sure where in there i'd find "item tiers" the other day, the search would had been helpful there.
But happily, there's google: http://www.google.fi/search?q=site:entropiawiki.com+"item+tiers"

 

[danimal01]

That's not exactly a workaround, that's what you do when you know where to look for something
I wasn't quite sure where in there i'd find "item tiers" the other day, the search would had been helpful there.
But happily, there's google: http://www.google.fi/search?q=site:entropiawiki.com+"item+tiers"

True, I had not thought about that. I'm on that site regularly looking up stats and what not so I pretty much memorized a lot of stats and categories and such..which is why for me it was a "workaround". But yes google does seem to work in your case as well

~Danimal

 

[DxBlueIce]

Thanks for your help!

 

[Witte]

Search has been fixed.

 

[Doer]

I'm not a trusted member.





That seems odd.

PS Also left a message in the weapons chart discussion about it being time to add crits to dps and dpp calculation.

 

[TheOneOmega]

I'm not a trusted member.





That seems odd.

PS Also left a message in the weapons chart discussion about it being time to add crits to dps and dpp calculation.

Not sure about adding crits. Is the EXACT formula for crits known? And you would also have to add MISSes then as well, right?

 

[Doer]

Not sure about adding crits. Is the EXACT formula for crits known? And you would also have to add MISSes then as well, right?

Misses are included now, ofc. You can see the existing formulae on that discussion page. The reason crits were not included previously is that the crit rate was hard to determine accurately before we had misses in chat.

What I missed, though, is that there is apparently inclusion of crits already. It's in the formula there, even though there was no comment that it had been added. So I take back my suggestion: it's already been done.

Anyway, take technical discussion of that issue to that discussion page, where the discussion to this point is already available. I posted about it here mostly as a notice that I've reopened that conversation there.

 

[wizzszz]

Good this got bumped, reminds me of what i planned to post here:


We were able to filter the missions by "Completed" a while ago - this no longer works (for months).

Either my memory tricks me and i am doing it wrong, but from what i remember it should've been = or != "Completed" but that somehow does not work anymore.


I have tried Completed equal/not equal to "Completed", "completed", "true", "false", "0", "1", no luck.

 

[Serica]

...


I have tried Completed equal/not equal to "Completed", "completed", "true", "false", "0", "1", no luck.

It used to be Completed = 'Yes' or 'No', but it's been broken a while now, and only Witte can fix it afaik.

 

[wizzszz]

It used to be Completed = 'Yes' or 'No', but it's been broken a while now, and only Witte can fix it afaik.

Now that you mention it... i tried those, too, ofc - lack of sleep here...



So i think we can say it is indeed broken and need Witte to fix it.

 

[Doer]

Let me recant and bring the discussion here, because I believe there's currently an error in the weapon chart formula for effective damage and am not sure anyone monitors that discussion. Here's that formula

EffectiveDamage = AverageDamage * (0.8 + HitModifier * 0.1) + MaxDamage (0.01 + CriticalHitModifier * 0.01)

Where AverageDamage = (MinDamage + MaxDamage) / 2

The last term is the point in question here. It adds MaxDamage, which is the extra damage of a crit hit (a crit is a normal shot and a maximum damage together), to between 1% and 2% of shots (depending on the value of CriticalHitModifier, which is CHA/10).

I believe this is wrong because it seems that crit hits are only possible if a shot is already a hit. If we look at the proportion of crit hits for maxed weapons, we get a nice 2% of hits, not of shots (taking for a single but typical example narfi's huge dataset from the THING hunt: crits are 2% of hits but 1.78% of shots). If we assume that the nice round 2% number is because crits are only found among hits, we can conclude that:

• accuracy enhancers should increase crit hit rate without increasing hit rate (if this has been found to not be the case, it would be a good counter-evidence to this)
• crit contribution to damage must be scaled by hit rate (which it currently is not)

The correct final term of the effective damage formula would then be:

+ MaxDamage(0.01+CriticalHitModifier*0.01)*(0.8+HA*0.01)
(where CriticalHitModifier is also known as CHA/10)

Thoughts? I thought I had seen some data where Accuracy Enhancers increased hit rate, but it was a small sample. It seems much tidier if the enhancers just increase the fraction of crits among hits.

Anyone have data to counter this hypothesis?

 

[DRDoom]

It seemed my LA with Estophyls disappeared from the wiki list.

If I search the list of Areas I see my LA with only Atrax high in numbers (that isn't true)
The DNA samples were set wrong I could change this (These were correct in the past so someone changed it)

I tried to added, drawing funky polygons etc. but it doesn't appear in the Wiki.
It seems you need registration, but after typing Recaptchas for over 10 minutes hoping to hit a correct one I gave up. (One is always readable, but the other one is just impossible and plain guesswork)

1: Is there another way to update this information without having to enter Recaptcha?
2: Can I see who deleted / modified this information in the first place, I assume if you need to be registred to add you also need to be registered to delete thus can be traced? (Without accusing the competing LA owners that also benefit from the Estophyl/Allophyl missions.)

Edit: It seemed I already had an account I forgot password, I did password reset procedure, but if I try to logon with it after reset I still get wrong password.

Edit2: After some hassle I managed to update this again, still curious who deleted the info in the first place

 

[Serica]

...
2: Can I see who deleted / modified this information in the first place, I assume if you need to be registred to add you also need to be registered to delete thus can be traced? ...

Go to the Land Area DNA chart, and check the History tab. You may have go back several pages. From what I can see there, a number of LA DNA's including your OLA28 were updated by the same user in February this year, with the mistake possibly due to inaccurate reading of the LA terminal info.

 

[DRDoom]

Go to the Land Area DNA chart, and check the History tab. You may have go back several pages. From what I can see there, a number of LA DNA's including your OLA28 were updated by the same user in February this year, with the mistake possibly due to inaccurate reading of the LA terminal info.

I can see the updated tax numbers, but now who removed the location from the map.
It also doesn't show the updated I made now on the map neither the numbers and the maturity.

I guess that this isn't logged?

Edit: I can see the updates if I see map history, but all updates are there, and I have no clue when the previous changes has been made so I'm not going to search this entire list.

But the settings are corrected now and that is the most important thing

 

[Serica]

I can see the updated tax numbers, but now who removed the location from the map.
It also doesn't show the updated I made now on the map neither the numbers and the maturity.

I guess that this isn't logged?

Yes it would be, but that would be the History tab on the Locations page. This one is far more active than the Land Areas DNA table, so you might have a fair bit of paging back to find it.

 

[Svarog]

What decay value is used for mining finders - for 1 type of minerals (as a min possible decay) or both?

For example, a Demonic detector has a decay of 0.5pec, according to Entropedia. I just tested the new Cyrene's tt finder and it has exactly the same stats as a Demonic (except for low tt, ofc) but decays for 0.25/0.5pec for one/both types of minerals. It, depending on what value is used, makes this A.R.C. Finder 0001 (L) either equal to the Demonic (as long as you don't mind to carry 50 finders instead of one ) or twice as eco and the most eco finder in EU.

 

[Chillbanan]

regeneration chip VI

I just looted a regeneration chip VI from a araneatrox young and checked but only fungoid drop it according to entropedia.
So if anyone want to add it to araneatrox it would be great

 

[Svarog]

I just looted a regeneration chip VI from a araneatrox young and checked but only fungoid drop it according to entropedia.
So if anyone want to add it to araneatrox it would be great

Done.

Btw people, how to edit "missing items"? What if I have something that is listed as "missing" on Entropedia, for instance Imperium Pilot Scorpion Rank 5 (L) - I can't see how to edit it and add data.

And I'm still waiting for an answer about finders