I finally reached level 99 Firemaking in RuneScape Classic after a long grind. Here is a screenshot of me leveling up. I know this achievement is kind of pointless, but having two 99's certainly gives me bragging rights. :-)
It's a shame RuneScape Classic is no longer being updated. Sometimes newer isn't better.
Currently playing: RuneScape Classic
Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts
Wednesday, July 21, 2004
Wednesday, June 16, 2004
on being a RuneScape player moderator
I just accepted an invitation from Jagex to become a RuneScape player moderator. This means I can now send priority reports and mute players for serious rule violations. In addition to having a silver crown next to my name when sending messages, I can also post on the official forums as a free user. Besides these things, player moderators don't get any special perks.
For those concerned about us abusing our power, there are guidelines on when we can mute people. I can't disclose much else as the player moderator manual is confidential, but you needn't worry about being muted as long as you follow the rules. :-)
Currently playing: RuneScape
For those concerned about us abusing our power, there are guidelines on when we can mute people. I can't disclose much else as the player moderator manual is confidential, but you needn't worry about being muted as long as you follow the rules. :-)
Currently playing: RuneScape
Monday, March 29, 2004
my thoughts on RuneScape 2
Jagex just released one of the biggest RuneScape updates ever. Despite its name, RuneScape 2 is more of a new game engine than a sequel. The game now has true 3D graphics, an updated combat system and many other new features.
The new version actually looks pretty nice. However, after trying it for a while, I decided it wasn't for me and transferred my items back to the old game. I'll probably regret this later on as Jagex has said that RuneScape Classic won't get any more updates. Oh well.
Currently playing: RuneScape
The new version actually looks pretty nice. However, after trying it for a while, I decided it wasn't for me and transferred my items back to the old game. I'll probably regret this later on as Jagex has said that RuneScape Classic won't get any more updates. Oh well.
Currently playing: RuneScape
Friday, October 10, 2003
so I'm legal now...
I just turned 18 years old. In other words, I'm now legally an adult. Of course, that doesn't mean I'll stop listening to my parents - after all, they can kick me out of the house anytime. :P
As for celebrations, my family went to Pizz'a Chicago for dinner last weekend. Though we hadn't been there in several years, the pizzas were really good as always. It's hard to believe how fast time goes.
In other news...
I reached 1,200 skill total in RuneScape two days ago. You can see the screenshot here.
Currently playing: RuneScape
As for celebrations, my family went to Pizz'a Chicago for dinner last weekend. Though we hadn't been there in several years, the pizzas were really good as always. It's hard to believe how fast time goes.
In other news...
I reached 1,200 skill total in RuneScape two days ago. You can see the screenshot here.
Currently playing: RuneScape
Tuesday, September 2, 2003
accidentally let my RuneScape membership renew itself...
Now that school has started for me, I decided to cancel my RuneScape membership in order to focus more on my classes. But when I logged in yesterday afternoon, the membership had already been renewed. Though I immediately requested a refund, Jagex told me this wasn't possible.
This was pretty cheap of them in my opinion. Because the RuneScape website never made it clear when the automatic payments would occur, I had always assumed it was the last day of the billing period. At least the same thing didn't happen last year. Shame on you, Jagex.
While $5 isn't a big deal, companies should be clear in this matter. On the bright side, I can't exactly complain about another month of membership. :P
Currently reading: Siddhartha by Hermann Hesse
This was pretty cheap of them in my opinion. Because the RuneScape website never made it clear when the automatic payments would occur, I had always assumed it was the last day of the billing period. At least the same thing didn't happen last year. Shame on you, Jagex.
While $5 isn't a big deal, companies should be clear in this matter. On the bright side, I can't exactly complain about another month of membership. :P
Currently reading: Siddhartha by Hermann Hesse
Monday, July 7, 2003
1,100 skill total in RuneScape
So my parents recently let me become a RuneScape member again. This was the perfect time to catch up on the new skills. Speaking of which, I just hit 1,100 skill total. W00t!
The addition of the agility skill certainly allowed me to reach this milestone a lot faster. You can view the screenshot here. I love how the gnome trainer congratulates me on completing a lap just as I level up. That was purely coincidental, but the timing couldn't have been better. :D
Currently playing: RuneScape
The addition of the agility skill certainly allowed me to reach this milestone a lot faster. You can view the screenshot here. I love how the gnome trainer congratulates me on completing a lap just as I level up. That was purely coincidental, but the timing couldn't have been better. :D
Currently playing: RuneScape
Tuesday, April 29, 2003
RuneScape account hacked :-(
The thrill of getting level 99 Cooking in RuneScape was short-lived as my account got hacked.
The first sign of trouble was that my character was in an unfamiliar area. I checked my bank to find most of my valuables gone, including 33 Halloween masks and 52 Santa hats. The hacker also took my armor and weapons, all of my gold and lots of other items. I know it's only a game, but this really sucks ass.
Of note is that an online virus scan picked up a Trojan on my computer. I guess that explains everything. Though I'm pretty careful about downloads, I've heard some malicious websites can install viruses through browser vulnerabilities. On the other hand, this was probably partly my fault because I had a weak password.
It's also possible that I was specifically targeted. Being the 36th player to get 99 Cooking likely made me somewhat famous. But considering that Jagex doesn't return items, none of this really matters. Oh well, better start earning my stuff again...
Update: A bit of good news: my friend Sandman2002 gave me a green mask to help me get started again. There are no words to express my gratitude. Thanks, dude!
Currently listening to: "Sandstorm" by Darude
The first sign of trouble was that my character was in an unfamiliar area. I checked my bank to find most of my valuables gone, including 33 Halloween masks and 52 Santa hats. The hacker also took my armor and weapons, all of my gold and lots of other items. I know it's only a game, but this really sucks ass.
Of note is that an online virus scan picked up a Trojan on my computer. I guess that explains everything. Though I'm pretty careful about downloads, I've heard some malicious websites can install viruses through browser vulnerabilities. On the other hand, this was probably partly my fault because I had a weak password.
It's also possible that I was specifically targeted. Being the 36th player to get 99 Cooking likely made me somewhat famous. But considering that Jagex doesn't return items, none of this really matters. Oh well, better start earning my stuff again...
Update: A bit of good news: my friend Sandman2002 gave me a green mask to help me get started again. There are no words to express my gratitude. Thanks, dude!
Currently listening to: "Sandstorm" by Darude
Wednesday, April 9, 2003
level 99 Cooking in RuneScape
I finally reached 99 Cooking in RuneScape after an eight-month grind. Here is a screenshot of me leveling up. I still can't believe this actually happened. Hell yeah!
Of course, this monumental task would have been much harder without the help of friends. I'd like to thank Vera02 and Jeboy for swapping their raw lobsters for my cooked, and Cbkmy for letting me cook his swordfish. The same goes for everyone else who sold me supplies. There are too many people to name, but you know who you are.
In my opinion, the biggest problem with RuneScape is that training is too repetitive. Doing the same thing over and over again quickly gets old. For the Cooking skill, I'd probably be in the top 10 on the leaderboard had I really tried. That said, being the 36th person to reach 99 Cooking certainly gives me bragging rights. :-)
In other news...
On a related note, good luck to fellow RuneScape player Thehate as he is also getting 99 Cooking soon!
Currently playing: RuneScape
Of course, this monumental task would have been much harder without the help of friends. I'd like to thank Vera02 and Jeboy for swapping their raw lobsters for my cooked, and Cbkmy for letting me cook his swordfish. The same goes for everyone else who sold me supplies. There are too many people to name, but you know who you are.
In my opinion, the biggest problem with RuneScape is that training is too repetitive. Doing the same thing over and over again quickly gets old. For the Cooking skill, I'd probably be in the top 10 on the leaderboard had I really tried. That said, being the 36th person to reach 99 Cooking certainly gives me bragging rights. :-)
In other news...
On a related note, good luck to fellow RuneScape player Thehate as he is also getting 99 Cooking soon!
Currently playing: RuneScape
Wednesday, October 30, 2002
more DLS vulnerabilities
You may remember that I found a security issue in my school's student information system a while ago. It turns out the DLS had additional vulnerabilities. I can talk about them now that they're fixed. Hopefully I don't get in trouble for this. :P
Changing another user's settings
On the profile settings page, the user ID is used to specify the target profile. Because it was stored in a hidden field on the client side, an attacker could manipulate the data and change another user's preferences. It was a serious issue as they could compromise any account — including those with administrative privileges. I'm glad I discovered it before someone with nefarious intentions did.
File inclusion vulnerabilities and IP address spoofing
Due to security concerns, the DLS is configured to only accept certain file types. However, there was nothing more than some JavaScript to validate file extensions. I was able to bypass it by calling the submit() method on the form. This could be exploited to distribute malware or even execute arbitrary code on the server.
IP addresses are recorded when users upload a file. But because this data was also stored on the client side, one could use a fake IP addresses or even substitute it with an invalid value. By chaining these vulnerabilities, attackers could cover their tracks.
I also found a similar bug in the settings page. Students used to be able to change their name on the site. Although this feature was disabled some time ago, hidden fields with the data remained in use. LAHS recently asked two ACMA engineers to come over so we could discuss the issues. I renamed myself to "l337 h4x0r" during the demo and got a few chuckles. ^_^
Unauthorized access to private files
Only files in a user's public folder are intended to be accessible to others. Everything else is supposed to be private. Each user also has a "recycle bin" for storing deleted files. One thing I noticed is that the user ID is specified in the path to that folder. I was able to access other people's deleted files by simply changing the value.
All these issues were due to the lack of server-side validation. Chances are the DLS still has vulnerabilities. I can only do so much without access to the complete source code. It would be a good idea for ACMA to conduct an independent security audit of the software. Of course, that's a bit above my pay grade. :-)
In other news...
LAHS had a Halloween dance on Friday to gauge interest in future events. As far as I'm aware, this is something we've never done before. I love dances but skipped this one as it was a little expensive.
Changing another user's settings
On the profile settings page, the user ID is used to specify the target profile. Because it was stored in a hidden field on the client side, an attacker could manipulate the data and change another user's preferences. It was a serious issue as they could compromise any account — including those with administrative privileges. I'm glad I discovered it before someone with nefarious intentions did.
File inclusion vulnerabilities and IP address spoofing
Due to security concerns, the DLS is configured to only accept certain file types. However, there was nothing more than some JavaScript to validate file extensions. I was able to bypass it by calling the submit() method on the form. This could be exploited to distribute malware or even execute arbitrary code on the server.
IP addresses are recorded when users upload a file. But because this data was also stored on the client side, one could use a fake IP addresses or even substitute it with an invalid value. By chaining these vulnerabilities, attackers could cover their tracks.
I also found a similar bug in the settings page. Students used to be able to change their name on the site. Although this feature was disabled some time ago, hidden fields with the data remained in use. LAHS recently asked two ACMA engineers to come over so we could discuss the issues. I renamed myself to "l337 h4x0r" during the demo and got a few chuckles. ^_^
Unauthorized access to private files
Only files in a user's public folder are intended to be accessible to others. Everything else is supposed to be private. Each user also has a "recycle bin" for storing deleted files. One thing I noticed is that the user ID is specified in the path to that folder. I was able to access other people's deleted files by simply changing the value.
All these issues were due to the lack of server-side validation. Chances are the DLS still has vulnerabilities. I can only do so much without access to the complete source code. It would be a good idea for ACMA to conduct an independent security audit of the software. Of course, that's a bit above my pay grade. :-)
In other news...
LAHS had a Halloween dance on Friday to gauge interest in future events. As far as I'm aware, this is something we've never done before. I love dances but skipped this one as it was a little expensive.
Friday, August 30, 2002
found a vulnerability in my school's student information system
Our school district started using a student information system called the Digital Locker System this year. It's being developed by ACMA while the administrative tasks for LAHS are handled by our physics teachers, Mr. Randall and Mr. Florendo. Given that the DLS is bleeding-edge software, the company is still working out the kinks.
I was checking out the DLS when I noticed the default password for students was the same as the user identifier. Each user also has a profile page that is publicly accessible. Because the user ID is specified in the URL as a parameter, an attacker could use it to access other people's accounts. I realized it was serious and reported it to Mr. Randall as soon as possible. He said he would escalate the matter, and the problem was fixed by the time I got home. All accounts now have different user IDs.
As hard as it is to believe, someone else also found the same issue. I was showing it to Mr. Randall when I noticed a lot of accounts with changed names. It was obviously the work of a hacker. Too bad they didn't do the right thing and tell someone. I'm glad we found out before they could cause more damage.
Update: I got word from Mr. Randall that school officials have identified the person responsible. He says they banned him from the DLS and took away his computer privileges. Good riddance.
Currently watching: Dolphins (2000)
I was checking out the DLS when I noticed the default password for students was the same as the user identifier. Each user also has a profile page that is publicly accessible. Because the user ID is specified in the URL as a parameter, an attacker could use it to access other people's accounts. I realized it was serious and reported it to Mr. Randall as soon as possible. He said he would escalate the matter, and the problem was fixed by the time I got home. All accounts now have different user IDs.
As hard as it is to believe, someone else also found the same issue. I was showing it to Mr. Randall when I noticed a lot of accounts with changed names. It was obviously the work of a hacker. Too bad they didn't do the right thing and tell someone. I'm glad we found out before they could cause more damage.
Update: I got word from Mr. Randall that school officials have identified the person responsible. He says they banned him from the DLS and took away his computer privileges. Good riddance.
Currently watching: Dolphins (2000)
Thursday, August 8, 2002
1,000 skill total in RuneScape
I reached 1,000 skill total in RuneScape today after playing for 18 months. Being a member helped me get there a little faster. Here is a screenshot if anyone is curious.
Some might argue this isn't special anymore these days. It's also become easier because of all the new skills. However, this achievement is still a big deal for me. Just wanted to share. :-)
Currently playing: RuneScape
Some might argue this isn't special anymore these days. It's also become easier because of all the new skills. However, this achievement is still a big deal for me. Just wanted to share. :-)
Currently playing: RuneScape
Monday, July 1, 2002
just got RuneScape membership
I finally convinced my parents to let me subscribe to RuneScape after begging for a long time. It's only for a month because we have a lot going on this summer. However, that's good enough for me. I especially appreciate it because they don't like using credit cards online.
In any case, there's so much content in the premium version even though it only came out earlier this year. I've already completed a few quests and tried the new skills, but they have barely scratched the surface. One can see why RuneScape is so addictive. It's going to take a lot of self-control...
Currently playing: RuneScape
In any case, there's so much content in the premium version even though it only came out earlier this year. I've already completed a few quests and tried the new skills, but they have barely scratched the surface. One can see why RuneScape is so addictive. It's going to take a lot of self-control...
Currently playing: RuneScape
Wednesday, May 29, 2002
a close call in RuneScape
For those who haven't seen today's RuneScape update, there has been a crackdown on rule breakers. Everyone who used RuneBot in the last 24 hours was wiped and had to start over. Jagex also posted their names on the front page. RuneBot is a modified game client that lets you automate simple tasks.
According to the rules, you can't use any software that interacts with the game. To be fair, this has always been risky because they can contain malware. However, people do it anyway due to the competitive atmosphere. It doesn't help that the game can get repetitive.
So one thing I noticed is that RuneBot has been making the rounds in recent months. I must admit I tried it myself out of curiosity a few days ago. It certainly has some nice features, such as the ability to zoom in or out and change window size. Vee also modified the code to remove the chat filter. I was tempted to keep using RuneBot but decided against it after seeing people complain about lag on the forums. As you could imagine, the news was a huge surprise.
I almost had a heart attack right there. Even though I wasn't on the list — probably because I didn't use RuneBot again — that doesn't mean it's over. Jagex has said they "expect to catch more people at it over the next few days." I wanted to make sure nothing happened to me, but it's impossible to tell just by looking at the website. So the only option was to log into the game.
Because I shouldn't play RuneScape in class, there was little else I could do. I was stressed the whole time as I waited to go home. Four hours is a long time when you're anxious. I rushed home and checked my accounts, and found everything in order. You have no idea how relieved this makes me.
But there are many others who aren't as fortunate. Some were merely curious and wanted to see what the program does. One of the top players — who just hit 1,300 skill total on Monday — was caught after using RuneBot to access the servers. He was actually doing his own investigation to help Jagex and accidentally logged into the wrong account once. Despite his reputation as a respected community leader, the company has said they are making no exceptions. It really sucks to lose all that progress.
Good thing I didn't use RuneBot again despite the temptation. Someone was definitely looking out for me.
Currently playing: RuneScape
According to the rules, you can't use any software that interacts with the game. To be fair, this has always been risky because they can contain malware. However, people do it anyway due to the competitive atmosphere. It doesn't help that the game can get repetitive.
So one thing I noticed is that RuneBot has been making the rounds in recent months. I must admit I tried it myself out of curiosity a few days ago. It certainly has some nice features, such as the ability to zoom in or out and change window size. Vee also modified the code to remove the chat filter. I was tempted to keep using RuneBot but decided against it after seeing people complain about lag on the forums. As you could imagine, the news was a huge surprise.
I almost had a heart attack right there. Even though I wasn't on the list — probably because I didn't use RuneBot again — that doesn't mean it's over. Jagex has said they "expect to catch more people at it over the next few days." I wanted to make sure nothing happened to me, but it's impossible to tell just by looking at the website. So the only option was to log into the game.
Because I shouldn't play RuneScape in class, there was little else I could do. I was stressed the whole time as I waited to go home. Four hours is a long time when you're anxious. I rushed home and checked my accounts, and found everything in order. You have no idea how relieved this makes me.
But there are many others who aren't as fortunate. Some were merely curious and wanted to see what the program does. One of the top players — who just hit 1,300 skill total on Monday — was caught after using RuneBot to access the servers. He was actually doing his own investigation to help Jagex and accidentally logged into the wrong account once. Despite his reputation as a respected community leader, the company has said they are making no exceptions. It really sucks to lose all that progress.
Good thing I didn't use RuneBot again despite the temptation. Someone was definitely looking out for me.
Currently playing: RuneScape
Sunday, December 30, 2001
check out my new forum — no registration required
You may remember that I started a website last year. For those unaware, this is a math website where you can download my software. I'm thrilled to announce that I've added a forum to the site. Check it out here and tell me what you think — any comments and suggestions are welcome. :-)
Discussion is not limited to math — feel free to talk about anything as long as it's within the rules. Just be nice and use common sense. Although you don't need an account to participate, registered users have access to additional features. For example, they can edit their posts, send private messages and vote in polls. Have fun!
Please note that the server is owned by ProBoards. I don't have control over things like software upgrades and maintenance. However, this is a small price for a great service. If anyone is interested in a forum like this one, simply go to the ProBoards website to sign up for free.
I should get back to studying as finals are coming up. But don't worry because I'll still drop in from time to time. :-)
Currently playing: Alchemy
Discussion is not limited to math — feel free to talk about anything as long as it's within the rules. Just be nice and use common sense. Although you don't need an account to participate, registered users have access to additional features. For example, they can edit their posts, send private messages and vote in polls. Have fun!
Please note that the server is owned by ProBoards. I don't have control over things like software upgrades and maintenance. However, this is a small price for a great service. If anyone is interested in a forum like this one, simply go to the ProBoards website to sign up for free.
I should get back to studying as finals are coming up. But don't worry because I'll still drop in from time to time. :-)
Currently playing: Alchemy
Tuesday, February 6, 2001
started playing RuneScape today
RuneScape is a new online RPG that came out about a month ago. It's made by a company called Jagex and runs in the browser. All you need is to have Java installed on your computer. I decided to sign up after having played their other games. Some features aren't yet available as the game is in beta stage, but there is already so much to do.
You may know I don't often play online. However, this game is really fun so far. I plan to check out some more areas in the next few days. Feel free to hit me up — my character's name is "ixfd64" if anyone wants to say hello. :-)
Currently playing: RuneScape
You may know I don't often play online. However, this game is really fun so far. I plan to check out some more areas in the next few days. Feel free to hit me up — my character's name is "ixfd64" if anyone wants to say hello. :-)
Currently playing: RuneScape
Saturday, October 7, 2000
my first computer program + new math website!
I just finished my first real Visual Basic program. It takes in the radius of a circle and returns its diameter, circumference and area. I know it doesn't do much, but my geometry teacher was nevertheless impressed. Therefore, I've decided to release it to the public in hopes that someone will find it useful. :-)
Download information
You can get the program at my math website here. Please note that it requires the Visual Basic 5.0 run-time files to work. For the record, future updates regarding my software will usually be posted at my math website.
For those unaware, my website used to be a fan site for the game Terminal Velocity until my mother made me shut it down over concerns that I was breaking the law. It's not copyright infringement to post links to shareware or demo versions of software - as opposed to distributing full versions - but I didn't feel like arguing with her. In any case, at least my GeoCities account is being put to good use now. :-)
Historical note: GeoCities has been shut down, so I've replaced the link with one to a static mirror.
Download information
You can get the program at my math website here. Please note that it requires the Visual Basic 5.0 run-time files to work. For the record, future updates regarding my software will usually be posted at my math website.
For those unaware, my website used to be a fan site for the game Terminal Velocity until my mother made me shut it down over concerns that I was breaking the law. It's not copyright infringement to post links to shareware or demo versions of software - as opposed to distributing full versions - but I didn't feel like arguing with her. In any case, at least my GeoCities account is being put to good use now. :-)
Historical note: GeoCities has been shut down, so I've replaced the link with one to a static mirror.
Subscribe to:
Posts (Atom)
