“i am a heron. i haev a long neck and i pick fish out of the water w/ my beak. if you dont repost this comment on 10 other pages i will fly into your kitchen tonight and make a mess of your pots and pans”

That is the basic explanation for today’s useless creation, the Realistic Heron Simulator. And, you can probably guess the context. If not, go watch the video in this post. If you are too lazy, once again, Tom Scott released some ideas so I built another one. How does it work? Well, there is a GitHub repo, linked here. However, below is the main JavaScript behind it, but this time I did not comment because I am lazy.

Otherwise, go play with it. It’s fun. Anyway, goodbye!

Woah!? What’s Happened?

Okay, newsflash time. It turns out I was linked by Matt and Tom’s Park Bench for my terrible project of “Are they Break-dancing or Falling Over?” To explain, I watched this video (it does not have that image), and I decided to make the actual thing. Just thought I would acknowledge the call out, because it’s rather cool. The video I was linked in is this one:

The code behind it.

The code behind the site is so simple it’s almost a joke. There are two parts to it. The HTML page and the JavaScript. The HTML page is literally just a basic site knocked out with Bootstrap, so is nothing special, but here is the code, all nicely commented:

If you can’t see that, click me to be taken to a GitHub Gist…

Thanks for enjoying it!

In other news, I may try to make “Realistic Heron Simulator” in Unity3D. It’s tempting…

i am a heron. i have a long neck and i pick fish out of the water w/ my beak. if you dont repost this comment on 10 other pages i will fly into your kitchen tonight and make a mess of your pots and pans

About six months ago, I started working on a game for my BTEC project. However, things wen’t sour with the school and I no longer am a student there. I had a choice. Go for a super simple clone of something like Flappy Bird, or make a game that’s a bit more like a AAA game. So what did I do? I went for the AAA game.

The AAA game route was somewhat hard. I built it in Unity 3d with Networking (more on this later). The game? A World of Tanks/War Thunder game styled around the hit anime and manga Girls und Panzer. Why? I like the series and had completed it about then. Anyway, it was a semi-bad idea. Finding and then texturing and using tank models that are Creative Commons/free to use is difficult. However, the Unity Asset Store pulled through and found me a Panzer IV that I re-textured to Ooarai’s Anglerfish team skin.

The next hurdle was Networking. This is where things went horridly wrong. The initial version had two cubes that connected together and could interact. Good. And after a few months, we had a working networking thing with fully functional shooting etc. However, I went to create a “release” variant. This is where the curse of UNET strikes. To give some background, this is what Unity publish about UNET:

Unity Personal

For beginners, students and hobbyists who want to explore and get started with Unity.


No credit card required

Yeah, that’s a lie. It would cost me, on estimate, £150 a month to run this. Not going to happen. So I turned to an old friend, Photon Unity Networking, who offer legitimately free hosted networking for you. Yes you can only have 20 players concurrently, but it works fine. And is more than functional. However, this caused issues. The way that I was managing the original tank driving was poor. The implementation was terrible, and it resulted in the tanks flying rather than driving as they should. Not good enough. Back to square one. And this is where we are at.
For PTU, I picked up a copy of Physics Tank Maker from ChobiGames (it was on sale!). From this, I started building the game as it is.
The current state is to use the Physics Tank Maker to handle all tank physics driving etc. The only thing I really have to do is synchronise all the players together. Not hard right? Think again. The current tests give me anywhere between 3-6 players spawned in a two player game who are unable to interact and who’s movement is not synchronised. Amazing. However, this is vastly better than flying tanks and there is a working tutorial level.

Continue reading

Recently (as of Feb. 24th), internet giant Cloudflare has experienced a bug that leaks users passwords, cookies, tokens, API keys and other rather sensitive information. So what happened?

Who are Cloudflare?

Cloudflare are a Content Delivery Network, internet security company and a distributed domain name server. It sits between the end user (you) and your favourite websites and services (e.g. Fitbit, Discord, Reddit) and protects them from DDoS attacks and other malicious attacks.

What happened?

As I said before, a bug was found in a couple of areas of Cloudflare’s code that allowed passwords, API keys and other sensitive information to be leaked. It was compared to the famous 2014 Heartbleed bug in the OpenSSL software library.

Who found it?

Luckily for us, the bug was found by someone on Google’s ‘Project Zero’. Tavis Ormandy discovered the bug after seeing multiple corrupted pages being returend by some of his HTTP requests that ran through Cloudflare’s system. Like a responsible and good person, he disclosed this immediately to Cloudflare, who went on to disable the affected services within 47 minutes of the issues being brought to light.

What was leaked?

Various things were leaked. We are not fully sure of what exactly has been leaked, but the following is a somewhat useful guide:

  • Passwords
  • API Keys
  • Cookies
  • Auth Tokens
  • Usernames
  • Private Messages

Has it been fixed?

Yes. Cloudflare was amazingly quick at fixing this. It took them 7 hours to complete it globally. Good job guys.

So what went wrong?

In one phrase. HTML Parsing. In a bit more complex, basically the HTML Parser was being updated. A bug meant that the server would have a buffer overflow and would read out unused/unallocated memory and dump it into the html file. This would result in (on occasion) sensitive information being dumped. Only 1 in 3,300,000 requests would actually cause this to happen, so it was a tiny number, but still a number.

Cloudflare have a nice rundown here.

Who was affected?

There is a GitHub Repo with the full list (its a 70mb txt file in a 22mb ZIP archive). There is also an excellent website called Does It Use Cloudflare? It does what it says on the tin.

Final Thoughts?

It worries me that this happened, however at least it was solved quickly. What annoys me more that Cloudflare fixed this, and when I presented a similar (but not as serious) issue to my school, they tried to throw me out.

#cloudbleed on Twitter is interesting too.

Anyway, see you soon. Also, check out Citation Needed Fan Edition.

I had the idea for this as I watched the analysis of the Nerdfightaria Survey. The basic concept is programmer answer the questions and we get an idea as to who here programs. Results will be published in January 2017 with an analysis and a raw spreadsheet.


Anyway, if you wish to answer the survey, click here: https://goo.gl/forms/HCfCtRe1kprUEhEI2

Thanks and have fun!