So lately I’ve been dabbling into the market a bit again however, I’ve stopped updating orders until this problem is resolved.

Basically I logged in to see one of my orders for 200k of a certain item was fullfilled, however they weren’t in the station they were supposed to be in. I checked through the assets window, checked all my ships to be sure. Just nothing nowhere to be found.

I’ve opened a petition because I’m sure I’m not that fucking stupid that I lost these items, and then there’s also this 1k of another item that wasn’t in my hangar. 4 days without hearing from CCP so far, guess I’ll just have to be patient.

~Xeross

Update: Being the dumbfuck I am (Living up to the goon name of worst players in EVE) I forgot that corp orders go into a deliveries thing in-game so clicking that button I saw my lost goods o/

So where the last post was a write-up of what CCP managed to fuck-up this’ll just be a rant on the idiocy that accompanied the development of these new forums.

Every single person that’s in the programming business (Including webdevelopers) have at least some basic knowledge of how this fucking stuff works. For example the cookies, every webdev knows that anything you store in the damn bastards can be edited by the end user, so at least use proper checks or proper cookies.

And now there’s people saying it’s a simple oversight but it’s not, even every person I know at my school that’s currently doing webdev knows this fucking thing. And I highly doubt it can be that fucking hard to implement a way to store data alongside your fucking forum sessions.

And then there’s the ip/account banned guy that posted, how fucking hard can it be to block those, 1 simple fucking SQL query in your log-in or posting code is all it takes, it just doesn’t make any god damn sense.

Oh yes and the fucking forum signatures, really you don’t sanitize the value of the cookie, not that this should be stored in a cookie to begin with, but if you’re being stupid you might as well hide your stupidity with data sanitization.

And the last thing, they used existing open-source forum software, I encourage using open-source software, but don’t fucking claim it’s made in-house when you’re just modifying some open-source code, and being terribad at modifying it at the same time.

The only scenario that is remotely plausible is that the forums were developed by some interns, but even then one of them would’ve realized the cookies aren’t secure. Now I hope that monday devblog sheds some fucking light, but I highly doubt it.

Once again, Xeross out.

P.S.: Yes my idea of a rant is adding the word fuck a lot in my sentences, deal wiz it

So CCP made a huge blunder with the “awesome” new forums, shortly after they were opened to the public a multitude of exploits was found, and their response as always was top notch.

In-house Developed Forums…

So one of the statements from CCP was that the new forums were going to be completely developed in-house, but as multiple people soon found out there were certain urls starting with yaf_ in them present in the forum software. And with some googling one finds http://yetanotherforum.net/

So it turns out the forums are using some open-source .NET based forum as their base, which in turn spawns a few other problems (Even though it would’ve probably been easy to prevent them).

Insecurely stored sensitive data

One of the issues found was that certain data was stored in the cookies, and this data wasn’t being validated server-side again. This data included both signatures and the current character ID.

This meant that anyone could pose themselves as any character by changing this value, this eventually resulted in people being able to post in the announcements forum and even read forums that are normally not available to them.

XSS Exploits

As I mentioned previously also the forum signature settings were being stored as a cookie, and people soon found out that one could simply modify that cookie to include any kind of HTML they wanted into their signature, including <script> tags.

This would open up a whole myriad of possible attacks, just check the wikipedia article on Cross-site Scripting to get an idea of what’s possible. Simply said everything is possible though, people can change the behaviour of the entire page that this malicious signature is being displayed on. In short, bad stuff.

Posting from a banned IP

At one point a post was made with the poster claiming they are posting from a banned account from an IP that has been banned, I can’t verify it, but if it’s legit that means they failed to implement the current banning system into the forums too.

CCP’s Response

So far CCP’s response on this has been that they’ve taken offline the new forums and reopened the old. And that on monday the 11th of april more info will be released. There might’ve been other statements on twitter and alike but this is what the official frontpage says.

Not just the forums

Eventually this is now not just about the forums anymore, for example Mandrill’s Loss of Faith post. Which seems to say that more and more things are going wrong at CCP, and that they need a more enterprise-style mentality, because in essence they still work with their hobbyist enthusiasm that they started with.

Now we’ll just have to wait and see what the Monday devblog will be and if CCP will step up their game soon, I definitely hope they read Mandrill’s blog post and I hope they can get something of value from it.

…

Finally I have to credit Helicity’s post or most of the details I posted regarding the forum exploits, and I also recommend you read that as it’s a good write-up. And also credits to whomever made the banner that I used for this post.

Xeross out.

Well, having reactivated the main I’ve happily flown around in home sweet Deklein, been on a few ops and enjoyed myself as usual. Good to be back.

Now I haven’t gotten any combat reports for these roams because I suck and I’m lazy.

Anyway, enjoy this little update in the meantime.

~Xeross

So yeah, as  was stated in the previous micro-post on this blog I have reactivated my EVE subscription, well for my main account, my alt was still active.

Luckily there was a roam planned this evening (Even though some lazy faggot forgot to put it up on the calendar) and I just decided to hop in. And luckily the preferred ship type was a Drake.

Made sure it was reimbursement fit, stocked up on ammo and drones, and off we went.

Went to the staging POS, waited for 45 minutes to leave, and headed on out. Multiple jump-bridges and jumps later we find ourselves in the beautiful Fountain.

After jumping around a bit these people that seem to be members of the River Styx. engaged(And probably some other random people). They kept moving away from us but luckily their logistics didn’t do well and we managed to pop a few, until most of  ’em fled the battlefield.

I managed to get in on 2 of the 4-5 killmails (Might be more, I suck at counting this shit apparently). And if I recall correctly an allied fleet jumped in to help (I should really start taking notes during this kind of shit so I can get a decent report up).

After that some jumping around occured and ended up in finding nothing, after this we headed home and because I was distracted for some reason I ended up being 10 jumps behind and the damn node crashed (DB apparently fucked up according to CCP).

When the node came back online I found myself on a gate with a neutral Vagabond luckily it didn’t seem to chase me (Not sure how effective a Vaga is against a Drake anyway), and I managed to jump my way back home.

Definitely going to try and roam more actively, fun stuff.

Anyway, Xeross out.

So reactivated my EVE subscription, fun times ahead o/.

Welcome to the twenty-fifth installment of the EVE Blog Banter, the monthly EVE Online blogging extravaganza created by CrazyKinux. The EVE Blog Banter involves an enthusiastic group of gaming bloggers, a common topic within the realm of EVE Online, and a week or so to post articles pertaining to the said topic. The resulting articles can either be short or quite extensive, either funny or dead serious, but are always a great fun to read! Any questions about the EVE Blog Banter should be directed to crazykinux@gmail.com. Check for other EVE Blog Banter articles at the bottom of this post!

This month’s topic comes to us from @Tetraetc – “Tetra’s EVE Blog” – who asks: “Have Alliances and the sovereignty system limited the amount of PVP and RP potential in Null sec? Imagine a Null Sec where anyone could build outposts wherever. Would the reduction of the alliance game mechanic, and the removal of the sovereignty game mechanics (or the modifcation of it from Alliance level to Corp level for that matter) force more PVP into Null sec, or would giant power blocs like the NC still form themselves?”

Have alliances and the sovereignty system limited the potential amount of PvP in null-sec? No I don’t think they have, they might have impacted the scale of the PvP, but surely not the amount. There’s plenty of PvP in null-sec, actually just as much as you want to do yourself, if you want more, plan more ops, simple.

And has it limited the amount of RP? I don’t think it did that either, it allowed for large alliances to form, of which some are even RP alliances, so I’m pretty sure there’s plenty of RP out there.

And a null-sec without sovereignty, I don’t really think that would really change a lot, it would cause a bit of panic in the beginning but everyone would eventually settle down and not a lot would change, why would groups suddenly splinter without the actual sovereignty mechanics, I just don’t see that happening.

And if you could place a station anywhere it would still require a good amount of control over the location because you would get crushed by anyone if you don’t.

We as the human race will always form groups, and we’ll always end up with power blocs, in New Eden, and in the real world, regardless of explicit ownership of a certain region of space by some mechanic, as we’ve seen before in New Eden, we don’t need an actual game mechanic to achieve things, we’ll just abide by unwritten rules.

~Xeross

Participants

• CrazyKinux’s Musing: EVE Blog Banter #25: And by Alliance you mean…..?
• BB25 What sov changes will come? | A Mule In EvE
• Confessions of a Closet Carebear: Alliances and Sovereignty
• Blog Banter 25: Nerfing Nulsec « OMG! You’re a Chick?!
• Have Alliances and the sovereignty system limited the amount of PVP and RP potential in Null sec? | Nitpickin’s
• Blog Banter #25: Alliance and Sovereignty Limiting PvP in 0.0? | Sarnel Binora’s Blog
• Blog Banter #25 – Mad Haberdashers
• Alliances and sovereignty | Eve Online Focus
• …Shall we not Revenge?: BB 25: What if the Alliance vanished?
• Blog Banter: Alliances and Sov
• EVEOGANDA: BB25: Sov ‘n Go!
• » TBG:EBB#25 – Alliances and Sovereignty To Boldly Go
• Freebooted: BB25: Leviathans of the Deep
• Wrong Game Tetra ~ Inner Sanctum of the Ninveah
• EVE Blog Banter #25 – Human nature what art thou? | Way of the Gun
• Who cares about Sov? – Hands Off, My Loots! ~ well sorta like an entry! :p
• The 25th EVE Blog Banter: Alliances and sovereignty – The Phoenix Diaries
• Achernar: The space commute
• Wandering the Void…my EvE musings. – Blog Banter: Alliances and sovereignty
• (OOC) CK’s Blog Banter #25: How To Break EvE. « Prano’s Journey
• Captain Serenity: Blog Banter #25 – Crappy mechanics
• Helicity Boson » Blog Banter #25 Nullsec and sov.
• BB #25 – “With whom lie the advantages derived from Heaven and Earth?”
• Boom! Hull-Shot?: It’s the End of the Eve as We Know It
• sered’s lives: EVE Blog Banter #25 – Size does matter
• 25th EVE BB – Medieval Solutions to Spaceship Problems | Inventions of a New Eden Industrialist
• Eve Blog Banter #25: “Have Alliances and Sov Limited PvP and RP in 0.0?” « Align Outbound
• Banter 25: Sovereignty, Alliances and Power Blocs | TheElitist
• Blog Banter 25 – But I just left all that! « A Scientist’s Life in Eve
• Nobody likes losing « One capsuleer against all
• &gt;&gt;&gt;Vigil Ant: Alliances and SOV by Munny’s eyes.
• Latro’s Bunker: Blog Banter 25 -Nullsec and Sov
• A “CareBears” Journey » Blog Banner #25: Alliances and Sovereignty, and their affect on PVP and RP
• Blog Banter #25 – Unstoppable « Roc’s Ramblings
• More to come…

So I figured I’d give a quick update, I still haven’t really worked a lot on my market analyzer, and as I’m too fucking lazy to do anything that might take a while.

I did get some decent profits on some random items again now, though I’m not really actively working the market at the moment (Because it’s a pain without a decent scanning tool).

Anyway, I’m off, still need to sell this big stack of ammo I have left.

~Xeross

So a jabber ping was sent out to gather up people to do an incursion, so I refitted my PvP drake and headed on out.

Upon arrival the fleet was already waiting for the site with the Sansha Mothership to spawn, however as people got impatient we decided to do another site first.

So we warped to this site, activated the acceleration gate and killed everything off, it was a small site so no rewards unfortunately.

After that the main side with the mothership finally spawned, after the initial fear of the unknowing washed off it was pretty much a boring, kill fighter bombers, shoot mothership, etc. fight.

So I really wonder what CCP tried to achieve with this, it’s more boring than missions and requires more people to do it.

Why would anyone enjoy doing this in their free time, even though the 90m ISK was nice, and some of the drops are nice, other than that it’s boring and I can make more money in less time through other means.

I guess there’s that group of dedicated PvE people that enjoy doing this stuff, and I guess it does have something to have a medium-sized group to PvE and laugh around with.

Well that’s it, we’ll see if I ever revisit these again.

~Xeross

So I’ve decided to give PI a go, I did some calculations and I should be able to rake in at least 300m a month per planet (The actual numbers I got were 700m but yeah that’s probably ideal circumstances).

This to get rid of the continuous boring grinding that is ratting, PI might be repetitive but a lot less time intensive.

I’ve also taken a look into Datacore Grinding as that’s another more passive income, we’ll see how that goes, still need a lot of skill training.

Also with trading I just made 120m ISK profit, on 1 single item type, so that’s pretty fun.

Regards, Xeross