Author: Lukas Rox

LMeve dev blog: Catching up with Phoebe. Bonus: setting up SSO

Lukas Rox EVE Online, Games, Programming , , , ,

Good news! Last monday I had a day off, so I finally caught up with all outstanding tasks, including making LMeve Phoebe-compatible. In the meantime, I started tinkering with the following features:

Vagrantfile, bootstrap.sh

These two files make it easier to set up a host for any app. Trent Bartlem suggested to me on Github to include these files back in August. While the files themselves are pretty straightforward to prepare, I have to install LMeve from scratch somewhere to make sure I included all the necessary packages required to run LMeve. It’s on my to do list, and it should happen sooner than soon™.

Page Caching

Another idea I have is to make the longest loading pages cached (and maybe – just maybe – refreshed in the background, for example by the poller). Code to make this kind of caching possible is already written, and two sample pages (Inventory, Profit Chart) have been added as well. I use AJAX call to request the cached page, and if  cached version is not available (or has expired) I display a “Loading…” sign and prepare a refreshed version of the page. I was thinking about adding a “Force refresh” button, so users can force LMeve to refresh a cached page.

I still evaluate how this improves performance, but it looks pretty good and should become public soon.

PoCo module

lmeve-pocoLast one on the To Do list is expanding PoCo module. It has been recently revamped with features such as displaying last month’s income and current month income prediction. Judging by the talk I had with Dracoth Simertet from RvB (they have a huge PoCo network) and CCP FoxFour, there is a demand for a tool for managing PoCo networks. But what features would you need to monitor your PoCos?

  • Last month income per PoCo (currently only a sum for entire corp is displayed)
  • Planet type the PoCo is orbiting
  • Number of interactions
  • Client list per PoCo (by corp, by char)
  • Reinforced status
  • Do you have more ideas? Please leave a comment if you do!
    • We are only limited with what’s available in the API

SSO integration

I have mentioned a few times already that LMeve can benefit from EVE SSO, but some players were not sure how to set it up. Don’t worry! I’ve got you covered! Here’s a quick guide.

  • Secondly, click “Create new application”
    developers-02
    developers-03
  • Fill in the form. Application Name can be for example “LMeve – <your corporation name here>”
  • Now make sure to fill in Callback URL field correctly. If your LMeve address is https://myhostname.com/lmeve/, then the correct callback will be https://myhostname.com/lmeve/ssologin.php
  • Save the changes.

Once the application has been created, open it again by clicking the “View application” button, and write down these two values:

  • Client ID
  • Secret Key

developers-04

they will be required to complete setup on the LMeve side.

  • Log in to your web server host, open up config/config.php in your LMeve directory.
  • Find these variables, enter your callback URL and the values written down in previous step:
//use EVE SSO - see https://wiki.eveonline.com/en/wiki/EVE_SSO_Documentation
$SSOENABLED=TRUE; 
$SSO_REDIRECT_URL='https://myhostname.com/ssologin.php';
$SSO_CLIENT_ID='sso_client_id';
$SSO_CLIENT_SECRET='sso_client_secret';
//Auth server can be either login.eveonline.com for Tranquility, or sisilogin.testeveonline.com when trying to use Sisi.
$SSO_AUTH_SERVER='login.testeveonline.com';
  • Make sure characters are connected to LMeve usernames. This is crucial for the SSO to work!
    • Go to “Characters” module in LMeve and check if your characters are there.

lmeve-sso

Now you are ready to use EVE SSO to login to your LMeve instance!

LMeve dev blog: Phoebe support delayed

Lukas Rox EVE Online, Games , , ,

I have a very quick announcement today. CCP has changed a few things in Phoebe release, namely the way successful invention jobs are handled in XML API, and Blueprints.yaml structure in Static Data Dump. As a result, current version of LMeve can neither load Phoebe Static Data, nor correctly show successful invention jobs.

I should be able to write a patch to support both changes until mid next week.

developers-portalWhy I haven’t done this sooner? Two reason really. Firstly, CCP has “commercially” started their Developer Portal recently – see it at https://developers.eveonline.com/. You can also set up shared secret required for EVE SSO there – feel free to use SSO in your own instance of LMeve! As a side effect, dev blogs regarding API and Static Data no longer appear on the Community page, and I simply missed the information about Static Data changes 🙁

Secondly, there was a lot happening IRL recently and I simply didn’t have the time to look at the Developers portal, start the game or develop LMeve.

Patch is coming, so stay tuned!

LMeve dev blog: tuning SQL performance and EVE SSO

Lukas Rox EVE Online, Games , , ,

Hello industry moguls and third party devs of EVE o7

First off, I’d like to say I respect Rixx Javix greatly for his last post about EVE industrialists and his respect towards them. Much appreciated, dear sir! But today’s dev blog post will be about three other things. First is a solution to the performance problems that Aideron Technologies instance of LMeve was having recently. Second is an announcement of a new feature, which thanks to @CCP_FoxFour will soon become widely available: ability to log in to LMeve using your EVE Online credentials (EVE SSO). Last but not least, I’ve added the new Blueprints.xml API endpoint.

Ohnoes, LMeve slows down!

I’ve got numerous complaints from my corp members recently about LMeve being slow and unresponsive. It was apparent on many subpages, so at first it was hard to pinpoint. Our database has grown over the past two years, and I thought this performance hit was caused by the amount of records we have accumulated:

lmeve-db

When you look at it, there is a few hundred thousands records there. But usually we only need to display the current month, and the rest has to be filtered out:

lmeve-graphs-1

This prompted me to have a look at how I filter out data by dates to show the current month only:

SELECT (...) FROM (...)
WHERE date_format(beginProductionTime, '%Y%m') = '${year}${month}'
AND (...);

At first glance it looks completely logical (and it actually works). I know the current month and year, so I only select records that have their year and month equal to the current one. But look closely what I’ve done there. I convert a DATETIME field “beginProductionTime” to a string which shows year and month in YYYYMM format, and then I compare this string with another string. As you probably know, comparing strings is much slower than comparing numbers (it’s why in databases you use indexes on text fields that need comparison). But I made it even worse; besides comparing strings, I converted DATETIME, and I did that for each and every record encountered by the query!

Here’s a piece of advice when you write an SQL query that sifts through a lot of data:

  • don’t run unnecessary functions or conversions on database fields that you use in WHERE clause
  • create indexes on TEXT and VARCHAR fields if you have to compare them

Each function which you put in there will have to execute for every record in the table, which will adversely affect performance.

When you take the two rules above into account, fixing my queries was pretty simple and straightforward. Instead of converting DATETIME values to string, I converted the compared string into a DATETIME:

SELECT (...) FROM (...)
WHERE beginProductionTime BETWEEN '${year}-${month}-01' AND LAST_DAY('${year}-${month}-01')
AND (...);

See? The values I compare beginProductionTime against are only evaluated once, instead of for every record, which means the whole SQL executes way faster than before.

Results:

Old query execution time: 37.4 seconds

New query execution time: 0.87 seconds

Op success! o7

Damn, I forgot my LMeve password again

lmeve-ssoWell, this kind of excuse will not be possible anymore, because thanks to @CCP_FoxFour and the limited EVE SSO trial, LMeve can now benefit from the SSO mechanism. CCP FoxFour explained SSO in detail in his dev blog here. How does this work?

  • LMeve redirects user to SSO at https://login.eveonline.com/
  • User logs in with his EVE Online login details and chooses one of the characters
  • EVE SSO redirects user back to LMeve
  • LMeve confirms with the SSO server that the login is valid
  • LMeve accesses the character name and ID and checks if that character is allowed to use LMeve (character must belong to the corporation configured in LMeve, and that character must also be linked to an LMeve account on “Characters” page. Users can do it on their own using their API keys.)

This is of course simplified exchange, because special token and secret values are also exchanged to make sure that nothing got spoofed on the way.

SSO feature for LMeve has already been developed and tested, but to set it up in your own instance of LMeve, you will need a special “client_id” and “secret” values. These values are similar to API keys, and you will be able to generate them  on the new 3rd party developer page (beta of this page working with Singularity server is already available).

New API endpoint

The last feature is the addition of Blueprints.xml API endpoint, which returns data about all the blueprints owned by a corporation, both originals and copies. Information retrieved from it contains ME and TE levels. Previously LMeve users had to input ME and TE manually for each blueprint owned by the corporation. With this new endpoint LMeve does all this automatically. This way all cost predictions made by LMeve always use up to date ME levels.

That’s all for today!

You can download the latest LMeve version from GitHub.

(Un)intended game mechanics

Lukas Rox EVE Online, Games , , , , , ,

EVE is not the only game where unintended game mechanics emerge, but it is a great example of how creative players can be.

Map OPC1 in Quake 3 ArenaFor example, have you ever heard of “strafe jumping” in Quake 3 Arena or other games on Quake’s engine? It’s a technique which allows players to move around the map much faster than originally intended by the developers. A whole “trick jumping” community emerged around this unintended gameplay, where players would learn and share creative ways how to move from point A to point B on original or custom Quake maps.

Reading forums I stumbled upon a post, which complains about Incursion mothership sites being closed “prematurely” by a group of players and how this is “griefing” the whole incursion community. Players who claim to know EVE and its game mechanics quickly replied that this way of playing incursions is in fact the orignal way intended by the developers. The question arises: is it really? And what should game designers do when players use game mechanics in an emergent and unintended way?

Before we answer these questions, let’s have a look at one more example: jetcan mining. New players might not realize, but Mining Barges didn’t always have such spacy cargoholds as they do now. One or two cycles of Strip Miners was enough to fill them completely. Bah, Mining Barges in fact didn’t even exist initially. Normal combat ships were used for mining, and because of their limited cargo space, players had to dump their ore rather often. Secure Containers (with up to 3900m3 of capacity) could be safely anchored in space and used as temporary 2005.12.27.22.02.58buffers before hauler pilots could pick the ore up and transport it to the nearest station. Each ship can however eject a jettison container, which has a capacity of 27,500 m3, which is far more than anchorable containers. Guess what miners started to do? They used jetcans as their temporary ore buffers. The downside of this was that anyone could take ore from jetcans, but back then it wasn’t very common to harass miners – the world of EVE was so big and there was many things to do more interesting than ganking mining ships.

Was this mechanic intended? Now we know that clearly it was not. But back then you had an alternative: either anchor a Secure Container, which you had to pay for first, and then spend 60 seconds on anchoring it, or simply right click and choose Jettison and get nearly 10 times as much cargo space for free. It doesn’t take a genious to realize it was (kind of) a design flaw, used by the players. Jetcans high capacity was intended for completely other purpose – to preserve all the cargo which survived the ship explosion, or when you wanted to transfer cargo between ships in space.

What could the game designers do if the mechanic of jetcan mining wasn’t intended?

First and easiest, they could simply accept the emergent gameplay and conisder it a valid use case. Secondly they could add bigger anchorable containers to game, so use of a jetcan would simply become less favorable thing to do. Unfortunately, this would break other game systems. Secure containers are “compressors” of sorts. They are bigger inside than they are on the outside by a factor of 1.3x. But if CCP added containers bigger than jetcans, there would be no ships in game that could carry such a big container. The first thought that comes to mind is “if containers are already bigger on the inside, let’s just increase their compression ratio, so they are bigger than jetcan but still fit in cargohold”. This however would affect hauling, making logistics a bit too easy.
“Well” you could say “Let’s just increase the cargo space of the mining ships then”. Which again is bad design decision if you look at it, because Mining Barges with huge cargoholds would simply be more favorable to fly than Industrial ships, making the latter obsolete.
“Wait” I hear you say “But mining barges in the end did get cargoholds bigger than jetcans”. Yes and no. Mining ships has got “Ore holds” which can only hold Ore, and cannot be used for any other types of cargo. This way Barges didn’t obsolete Industrials and Transports, which have general purpose cargoholds. But such specialized cargobays didn’t exist in game back in 2005, so game designers couldn’t use them to solve the unintended jetcan mining mechanic then.

Let’s get back to incursions. How are they supposed to work?

  • incursion consists of a constellation filled with random sites, which have varying tiers of difficulty
  • all systems affected by incursion have NPC induced debuffs
  • NPCs are tuned in such a way which prevents to complete it solo
  • with each completed site NPC imposed debuffs become slightly weaker
  • once players complete a specific amount of lower tier sites, a boss site spawns
  • to encourage players to complete sites, each participant gets the same amount of ISK after the site is completed.

2011.02.19.15.47.35Where’s the unintended part? The rewards for completing lower tier incursion sites is high enough to make it the best ISK-making activity in high sec space. Players have no intent on completing the boss site, because farming Vanguard sites simply pays better. Now we’re back to the original forum post I mentioned at the beginning. Is completing incursions griefing? Or is it just playing the game the way it was intended to be played?

I am not the game designer, so honestly, I can’t know for sure. In most games farming is not desired, because it devaluates the rewards for the more casual players, who can’t invest the same amount of time (it would be ISK and Concord LP in incursions case).

If I were the game designer, how would I make sure low level incursion sites are not farmed?

There could be a couple of solutions, starting with a simple rule: If enough lower tier sites have been completed to spawn the boss site, I would reduce the rewards for completing the lower tier sites (even down to zero). This way I would make it undesirable for players to keep running lower tier sites instead of completing the boss site. If instead of a hard cut it was a gradual decrease, it would work even better.

One more approach would be to keep lower tier sites from respawning once the boss site has been spawned. Increasing reqrds for boss sites would be risky, because no one would attempt low sec or null sec incursions, if high sec mothership sites dropped the Revenant BPCs.

As you can see, solutions that would stop people from farming lower tier sites are simple. The fact that CCP didn’t do anything against incursion farmers means that this kind of player behaviour is not entirely unwanted.

Invention, Tiericide and Unlimited Skill Queues

Lukas Rox EVE Online, Games , , , ,

Invention and Reverse Engineering are one

On November 4th Phoebe is going to be released and it will bring a second wave of industry changes, this time focusing on Invention and Reverse Engineering, which will be merged into one industrial activity. Both activities are very similar: they take some items (initiator, modifiers) put them into a lab, and give Tech II or Tech III blueprint copies as a result. Because of these similarities, CCP decided to put it all together:

phoebe-inventionAs you can see from the graph, Data Interfaces are being removed. CCP Ytterbium said that they don’t provide any interesting gameplay (besides you need to obtain them if you want to start doing Invention). All Data Interfaces will be reimbursed when CCP removes them from the game. If I were you, CCP, I would leave them in game as more less useless collector items, but that’s just me: “These units used to be essential for Invention in the early days of capsuleer industry, but since every laboratory in the cluster has them built in now, they’ve become obsolete”.

Another change is Meta Items, which will not be used for Invention after Phoebe. Instead, CCP will add additional Teams, just like the ones introduced in Crius, but these new ones will affect Invention input instead (=reducing Datacore cost).

The formula which governs the succes rate has been changed and will now give arbitraly 50% at max skills.

Base * ( 1 + (Science 1 + Science 2)/50 + (Racial Encryption)/100 )

This means about 20% lower chance if you used Meta 4 items, and about 40% less for Reverse Engineering. While this seems an obvious nerf, combined with the multiple possible outcomes and some datacores returned for failed attempts, it does not seem so bad.

What are the multiple outcomes? Invention currently has two possible outcomes: an outstanding success, which results in a ME2/TE2 BPC, or a complete failure, which results in, well, nothing. This will change after Phoebe, as more possible outcomes will be introduced (chances for maxed skills):

  • 2,52% chance  – Success (exceptional): gives a ME +2 and TE +3 to the resulting BPC
  • 5,04% chance  – Success (great): gives a ME +1 and TE +2 bonus to the resulting BPC
  • 10,08% chance  – Success (good): gives a TE +1 bonus to the resulting BPC
  • 32,76% chance  – Success (standard): basic unmodified BPC
  • 32,24% chance  – Failure (standard): returns 50% of datacores
  • 9,92% chance  – Failure (poor): returns 25% of datacores
  • 4,96% chance  – Failure (terrible): returns 10% of datacores
  • 2,48% chance  – Failure (critical): no datacores returned

Having multiple outcomes is more lifelike, but as a result, you will obtain different ME/TE BPCs, which will affect the ability to plan exact material consumption. Tools like LMeve will have to use average material amounts instead of definitive amounts like they do now. Fortunately, percentage difference is so small, that additional logistics resulting from this change is negligible.

With the percentages above, Tech II manufacturing materials should be calculated using ME 0,2 (0,998 * material amount)

The required Datacore amount will also be modified, because on average, 38,5% of datacores will be returned (0,615 * datacore amount)

CCP is also going to do a big cleanup in the Science Skills and Datacores required to invent items, in order to distribute Datacore usage more evenly (right now Mechanical Engineering and Electronic Engineering are the dominating ones). I’m sure you’re interested in details, so I will point you to the original dev-blog by CCP Ytterbium.

Removal of meta items from Invention is not a random thing

It is connected to another set of changes: Module Tiericide that has been partially introduced in Oceanus, and is described in detail in this dev blog by CCP Fozzie. While I like the idea of item rebalancing, and the general direction Fozzie’s team took is generally ok, the yet-another-renaming of modules is in my opinion a terrible idea. But let’s have a look at the new names first:

  • Upgraded – for named modules where no specialization is possible
  • Compact – for named modules that specialize in reduced fitting cost
  • Enduring – for named modules that specialize in lower cap use or otherwise longer running time
  • Ample – for named modules that specialize in extra capacity (damn, I never used Ample as an adjective except for… you know what :x)
  • Scoped – for named modules that specialize in longer range
  • Restrained – for named modules that specialize in reduced drawbacks

First, there is gigabytes of information stored in EVE blogs, third party programs, saved fittings and player-written guides. When modules are renamed en-masse like this (and in the past), all this information becomes obsolete. Ship Fittings stored on websites and blogs won’t import anymore (despite the great feature introduced in Oceanus, which allows one to copy & paste ship fittings between EVE and websites or third party apps).  Not to mention the ability to find anything on the market. Previously, when I was searching for a specific Stasis Webifier I would just enter “X5” into the search window. After the Module Tiericide I will enter “Compact”… and it will give me thousands of results, instead of the single Webifier I’m looking for. Not to mention a large part of the game flavour (different item names, just like in real life) will be gone.

Dear CCP, Tiericide is great, but seriously, please reconsider the new naming scheme. Even a compromise like “Compact ‘X5 Engine Enervator’ Stasis Webifier” will be much better than the bland names proposed in the dev blog.

Unlimited skill queue

This is one of the changes I’m looking forward to most. As my play times have been greatly reduced in the past couple of years, I not always have the time to log on every day to add skills to training queues. With the ability to train all three characters on the account at once it’s become even more of a problem. CCP realized it can be an issue for the players, so they are going to remove the artifical 24h cap on the skill queue. EVEMON skill plan import from clipboard coming next?

iPad games to play when PC is away

Lukas Rox Games, Mobile, Tablets , , , , ,

There are times when it’s not possible to access the gaming PC, be it a hardware failure, summer vacation or a trip to family. In my case, the last two weeks was house repairs, which means the PC was hidden deep under furniture from the other rooms.

How to play EVE Online in such a case? Well, if you have a laptop with a separate video card, then you’re lucky. But what if you’re only left with an iPad?

Well, you won’t be able to play EVE on it yet, but there surely are some other great AAA titles available.

First game I’ve played when my PC was unavailable was…

World of Tanks: Blitz

That’s right, Wargaming made an excellent port of their flag game, World of Tanks for Apple iOS. It plays great and while it’s easy to learn, it is very hard to master. It’s worth mentioning, that the game is not an exact 1-to-1 port from PC. Game rules and the content are a little different.

First, there is only a Random Battle game mode, where during a seven minute match, two 7-player teams try to blow the other team up, or conquer “the base”, whichever comes first.

Visuals are a little different, too. WoT: Blitz looks much like older PC version of WoT, but considering this game is  running on iPhone or iPad, visuals are simply excellent.

Unfortunately for PC WoT players, all the progress that you’ve made on PC will not transfer to your tablet, mainly because there are only three Tech Trees: German, Soviet and US. The amount of available tanks is smaller, too.

World of Tanks: Blitz is free to play, just like it’s PC counterpart, so in order to start playing, you don’t have to pay. If you are willing to support Wargaming devs for their hard work, you can choose between buying premium tanks (which are usually faster, but weaker than their free counterparts), adding premium time (+50% to exp and rewards), or converting experience points earned by premium tanks to so called “free experience” that can be used to unlock more “free” tanks on the Tech Tree. If you don’t want to pay, that’s ok, you don’t have to.

To sum up, you get a great quick fix PVP tank game, that looks much like it’s PC counterpart, that you can play when your gaming rig is inaccessible.

IMG_1388 IMG_1404 IMG_1393 IMG_1392 IMG_1391 IMG_1390 IMG_1389 IMG_1438

What was the other game? You’ve guessed it right, it’s…

Hearthstone: Heroes of Warcraft

Hearthstone is a digital Collectible Card Game by Blizzard, set in the Warcraft universe. This game is a complete port of the PC version. The cards you bought or unlocked on your PC will wait for you on your tablet. The same applies to progress and stats. When playing the game online, you play against both tablet and PC players.

Visuals are amazing and besides some textures being in a slightly lower resolution, the game looks exactly identical to the PC original.

The game has several playing modes, but all of them, even single player, require a network connection. You can test your deck and level the basic cards by playing against AI, you can play against other players in Casual mode, or in Ranked mode, where each win gives you a “star” (and a set of stars make a rank), and each loss above rank 20 takes a star from you. The last mode is “The Arena” which is nothing else, but a draft tournament. You choose your cards from a random pool and compete against other players.

Hearthstone is free to play, and you can buy additional cards either completely free by using in-game “gold” or with real money. The same applies to Arena entrance fee (150 gold or 1,79 EUR).

Is Hearthstone fun? Is it challenging? 20 Million players think it is.

Photo-20-04-14-23-33-15-2 Photo-20-04-14-23-33-15-3 Photo-20-04-14-23-33-16-4 Photo-20-04-14-23-33-17-9 Photo-20-04-14-23-33-19-13 Photo-25-04-14-09-30-56-0 Photo-2014-08-04-18-10-55_1349

Wrapping up

As you can see, tablet games are already catching up to what’s available on the PC. I hope a mobile client for EVE becomes available at some point (even with reduced set of things that a pilot can do).

Evernus – third party market tracking app

Lukas Rox EVE Online, Games, Programming , , , ,

I have recently stumbled upon a third party program, which in my opinion, deserves a spotlight.

Evernus is a market tracking app made for Windows, but it is open source and written in Qt, which means with a little effort it can be compiled for Linux and Mac as well (there’s actually a .dmg ready for download). This is something worth noting, because there is almost no EVE apps for Mac or Linux at the moment.

What does it do?

Evernus is basically a market/margin trading tracker application, so it is focused on prices comparison and buy/sell order tracking. It takes character skills into account when calculating profits and taxes, so it is pretty accurate. Of course to track orders and automatically update your character’s skills, you need to supply the app with your API key.

If your character doesn’t have all trade skills at level 5 yet, but you would like to experiment and see if training them to 5 is worth it, you can manually tune all relevant skill levels as well.

evernus-character-full1Of course Evernus shows pretty graphs, so at a glance you know if you’re making profit or not.

evernus-basic-statistics-full1
Don’t like graphs? Want exact values? You’re covered, simply view it as a table.

evernus-assets-full2 evernus-orders-full2Evernus can use price data from several sources. First, it’s your EVE client’s market exports. Secondly, it can scrape client cache (but please mind CCP considers it a breach of EULA, and Evernus shows a proper warning, if you try to enable this feature), or from internet. Lastly, you can also import your data from other apps such as EVE Mentat.

What’s also a very useful feature is in-game browser integration. Evernus can run a tiny web server on your PC, and you can access it directly from the inside of the EVE client, simply by opening in-game browser and pointing it to your own computer’s address, plus a port number which you set in options.

evernus-igb-full1

One more thing

Evernus is being actively developed by Pete Butcher, a member of polish EVE Online community. New features come out literally DAILY. Moreover, Pete contacted me, and LMeve integration is coming soon as well (Evernus will be able to access LMeve’s features like Industry Task tracking and item manufacturing costs).

All in all, if you’re a station trader, Evernus is a tool really worth looking into.

EVE Online cloaking effect evolution

Lukas Rox EVE Online, Games , , , , ,

The constant evolution of EVE is one of the main things that keeps me hooked to it. Today’s post is one of those posts about EVEolution of EVE 🙂

First discovered by those, who frequent Singularity test server, and then officially confirmed by both CCP Seagull and CCP Manifest in dev blog and on YouTube, Cloaking Device effect gets a visual overhaul in Oceanus! This new effects complements warp and jump animations and the recently added warp blink after ship leaves and before it enters the grid. This new cloaking effect looks quite original, but it bears some similarity to Predator’s cloak from Aliens, which was most likely the inspiration for this new shader. Behold:

But did you know this is not the first time CCP attempts to change the cloaking effect?

First time CCP done it was in 2007 when Trinity was still in development. In Trinity CCP has done an immense graphical overhaul. All starships have been redesigned into higher poly models and have been given higher resolution textures. As you know, Cloaking Device icon shows half of the ship visible and the other half cloaked, so the effect introduced in Trinity was obviously trying to reflect that:

Second attempt was in 2009 when Apocrypha was being developed. If you logged on to Singularity to have a look at the then-new Wormhole Space, you could also notice this “Triage” like cloaking effect:

Eventually, both of the above visuals have been rolled back to a simple “vanishing” animation.

I must say the new cloaking effect in Oceanus looks really cool and I hope it stays in the game. It is just as good as visuals in some modern sci-fi series (but please mind the one in EVE is rendered in real time, while the ones on the TV shows have been rendered during visual post-processing).

Kudos (again) to CCP’s art departament!

LMeve dev blog: security, guidelines and a handful of new features

Lukas Rox EVE Online, Games , , , ,

In the last couple of weeks I focued on polishing LMeve. Especially that the project has a new contributor, who is both user and developer at the same time 😉 Say hello to @MarqAideron from Stay Frosty!

Security & CCP Guidelines

About two weeks ago @FuzzySteve suggested that EVE third party devs should use nonce values (also known as CSRF tokens) in all their web apps.

What’s that? Well, it’s a security mechanism, and a quite important one, too.

Let’s assume you are an admin of an open source web application (whether it’s a forum, blog or anything else). You log in to that application (of course using secure HTTPS protocol and a very secure password). Application then creates a random session identifier, verifies if user is connecting using secure connection and verifies the credentials. Then website then sends the session identifier back to the web browser in a cookie file. Each time you navigate around your app, web browser sends the cookie file to the server, so server knows which user he’s talking to.

Now let’s assume a hacker wants you to create an account for him in your app. Of course he can’t simply ask you to do it, but he knows your app, becuase it’s open source. He doesn’t know your password, or your session cookie, because it’s completely random. But he does know that adding a user in your app is done by this URL: https://your-app.com/?action=adduser&user=hacker_login&pass=1eK4Gaq4gj$g==

All the hacker needs to do, is make you open this URL while your web browser is logged to the application, for example by sending you an email with some embedded images. However, one of the images addresses is not an image at all: it will be the URL which creates a new account! What does your browser do when you open such email? It will attempt to load all images be default, including the crafted URL. It’s your browser, so it knows the session cookie for your application. Server will belive this is a genuine request coming from you, and application will create the account for the hacker! I don’t have to tell you what happens next. This is an attack known as Cross-site Request Forgery, or CSRF in short.

How to protect against this?

First: use POST in your forms instead of GET. This will make it harder for the hacker, because he won’t be able to use a simple URL to deceive the user (he will need a web form to send the crafted request).

Second: add a random hidden field in all your forms. When you draw the form for the user, you add a field with random “token” value. Save this token on the server side (it can be a session variable or a record in database). It should also have a short expiration timeout. so it cannot be used if it was somehow intercepted by the hacker. When user fills in the form and submits it, you verify if the value sent by the user is equal to the one you saved earlier. If both values are the same, request is considered genuine ,and otherwise it should be ignored.

CCP Bugartist followed on the conversation started by @FuzzySteve, and suggested a way to generate the CSRF tokens using openssl:

Don’t abuse the API, or else…

A few days later CCP FoxFour suggested adding an User-Agent field in third party apps, because instead of banning API (ab)users, CCP would prefer to contact the developer instead.

LMeve poller already used context setup in file_get_contents() so I simply added User-Agent field to it. Op success!

LMeve new features!

Ok, end of technicalities, let’s get down to business 😉 Last two weeks saw three new features added.

API character Self-register

This one was well overdue. I have mentioned it for the first time about a year ago. Why is it important? By default, LMeve doesn’t know which in-game characters belong to which person. This information is useful, because LMeve can then highlight the information regarding user’s characters, or simply limit the amount of information displayed only to these characters.

Previously only people with “Administrator” permission were able to link LMeve accounts to in-game characters, but with this new feature everyone can do it now. And it’s very simple, too.

First, input your account level API KEY first. If you don’t have a key ready, simply follow the link.

api-self-linkWhen ready, user clicks OK. LMeve will now access personal API (just this one time) to download the characters. Then it will compare the corporations these characters belong to with corporation that owns this particular instance of LMeve. When corporations match, LMeve will check if these toons are already visible in corporation API. If all checks are green, characters become linked to the account:

api-self-link2Simple, eh? And no administrator input is needed.

This will become even more important when EVE SSO becomes openly available, because once characters are linked to the account, users will be able to use their EVE Online password to log in to LMeve. there will be no need to remember another password!

Industry Facilities and Logistics

Everyone who’s done some industry in EVE knows just how important logistics are. Without ingredients corporation cannot invent or produce anything, so a constant flow of materials is the only way to keep productivity high (and this in turn directly impacts the amount of ISK earned).

Previously I’ve added a way for users to track the materials needed for their specific tasks, so users could refill their own labs easily. Most corporations however has a few dedicated pilots who do hauling and logistics, and they would benefit if they knew the materials needed by a specific assembly array, rather than specific character. With the information about Industry Facilities now available in the API, we only need to assign tasks to specific facility.

facilitiesWith this information available it’s then quite easy to calculate the materials required in each Lab:

facility-logisticsI’ve done the logistics and hauling recently, and you can believe me, it’s really useful!

What to build to become a real EVE Online industry mogul?

This is a tricky question. Profit on a single item is not enough to make a well informed decision, because some items, while profitable at single unit level, don’t sell very well. Other items have smaller margins, but because of their high sales volume, they give much higher profit. So what should you build? LMeve comes to the rescue.

profit-explorer

Under Database you can now find Profit Explorer and Profit Chart. The first one is very similar to normal Item database view, but it also calculates manufacturing cost and compares them with market prices. Please note that:

a) items must have their prices tracked (you must turn on “Fetch Prices” in Database for each item and each material; only minerals are turned on by default after LMeve installation)

b) items must have a bleuprint (so they can be built and their manufacturing cost can be calculated)

That’s all for today!

You can download the latest LMeve version from GitHub.

Tranquility connectivity issues – August 12

Lukas Rox EVE Online, Games ,

eve-offline

EDIT: Tranquility and eveonline.com are now back online

Since the official website and forums are down, I put this friendly heads-up here:

Tranquility is suffering from a third party networking problem, and CCP is working with their partners to resolve the issue. Tranquility,  EVE Online website and forums are currently inaccessible.

This is an excerpt from CCP Falcon’s forum post:

Hey guys,

Apologies for the connectivity issues some of you are experiencing right now. We’re currently having a few login issues and are investigating.

I’ll update this thread once I have more information.

Thanks for your patience, and apologies for the inconvenience!

– F

UPDATES:

09:40 UTC – OUR OPERATIONS TEAM ARE CURRENTLY WORKING ON INVESTIGATING CONNECTIVITY ISSUES
10:30 UTC – OUR SERVICE PROVIDERS ARE CURRENTLY WORKING ON INVESTIGATING SEVERAL ISSUES
11:00 UTC – THIS APPEARS TO BE A THIRD PARTY ISSUE – WORKING WITH PARTNERS TO RESOLVE IT
12:10 UTC – TRANQUILITY WILL BE REBOOTED IN VIP MODE IN 10 MINUTES
12:20 UTC – TRANQUILITY IS NOW IN VIP MODE

Good luck to CCP and their ISP in resolving the issue!

PS. Feel free to check Chribba’s eve-offline website to check if EVE is back up.