Jump to content

  • Log In with Google      Sign In   
  • Create Account


Member Since 18 Dec 2002
Offline Last Active Today, 02:45 AM

#5262685 read records from database with index using entity framework

Posted by Nik02 on 18 November 2015 - 10:18 PM

Linq supports skip and take, you can modify the "query" to include the operations.

#5262370 D2D1.1 EndDraw or Present for device lost?

Posted by Nik02 on 17 November 2015 - 02:08 AM

If the device isn't available, both of them return the same thing. While the success of the Present call is not logically tied to the success of EndDraw call, in practice you can determine "device lost" if either of them returns that status. 

#5261728 ConstantTable Doesn't Follow when Switching Pixel Shaders

Posted by Nik02 on 12 November 2015 - 02:41 AM

That is correct usage - SetDefaults sets the shader registers to the default values parsed from the shader source.


Since the offsets of the constants can be assumed to vary between different shader instances, the API user should always call constant table's SetDefaults after setting the corresponding shader, and then call the various Set* methods on the constants that need to differ from the defaults.

#5261725 ConstantTable Doesn't Follow when Switching Pixel Shaders

Posted by Nik02 on 12 November 2015 - 01:58 AM

Constant table is just a map of shader symbols to their corresponding registers. It, by itself does not remember the values you set through it at all. When you call Set* on the interface, the implementation will call Set*ShaderConstants immediately on the associated device, by using its map to determine which constant registers correspond to the symbolic constant name you give to it.


The point is, the buffer of the constant table is not a buffer of the constant values you set through it - the buffer just holds the mapping between constant registers and constant names (and the default values).

#5261267 Can a full program be stored in a photo image

Posted by Nik02 on 09 November 2015 - 08:40 PM

What prevents someone from just copying the paper?

#5260982 Looking for resources to learn Windows Server for developing web pages/apps/s...

Posted by Nik02 on 07 November 2015 - 11:49 PM

To get you started on the server itself:

You need to install a web server "role" in order to get access to IIS. IIS is Microsoft's web server backend, and the reference platform for asp.net.

#5258255 scaling down a texture causes it to fade away (transparency increases?)

Posted by Nik02 on 21 October 2015 - 01:26 AM

You are not filling the mip levels of the texture. The unfilled levels represent transparent black (0).

#5256383 Best IDEs for HTML5 Game Development?

Posted by Nik02 on 09 October 2015 - 10:02 AM

Visual Studio. Disabled or not :)

#5255742 Using whitelisting to run untrusted C# code safely

Posted by Nik02 on 05 October 2015 - 07:51 PM

Roslyn cannot make the distinction between good and malicious intents. Something like encrypting all files in "my documents" is just business as usual for the system, but the majority of users certainly don't want a game to do that.

The overarching problem is that it is impossible to recognise harmful code in advance. And when all of your users get hacked by a malicious content pack that slipped past your inspection, it largely becomes your problem.

#5255610 Using whitelisting to run untrusted C# code safely

Posted by Nik02 on 05 October 2015 - 01:10 AM

"Reasonably" is a relative term :)

#5255602 Using whitelisting to run untrusted C# code safely

Posted by Nik02 on 05 October 2015 - 12:37 AM

With reflection, you can circumvent such whitelists.


In general, it is not wise to trust user-written code at all. It is unrealistic to assume that one could take into account all possible attack vectors. 


In "game makers", the user usually produces just data (or very primitive logic as in LBP), and STILL some users are able to hack the systems via said data.


Case in point, I played Mario Maker two days ago and I stumbled upon a level named something like "this will crash the game" - which it indeed did. It is not far-fetched to think that such level could then execute arbitrary code by using the level data as the injection vector, even though presumably the MM level system was not by any means designed to run user code.


Case in point 2: by trivially editing some save data of certain Wii games, one used to be able to cause a buffer overflow which could then be used to run arbitrary code, including overwriting the system firmware with a custom one loaded from USB or SD. The trivial edit? Change a save file name to be just slightly longer than the buffer allocated for it. The vulnerable games, which I won't mention here, were not particularly obscure either.

#5245389 encryption http data transfer between unity and asp.net server

Posted by Nik02 on 10 August 2015 - 01:39 AM

The only difference between self-signed and purchased certificates is that the latter has a chain of trust established. This means that the clients can trust your server identity without asking the user, as a trusted party has signed your certificate and therefore it can be assumed that it hasn't been tampered with. The actual encryption algorithm(s) and cryptographic strength is exactly same whether you self-sign your certificate or purchase the signature for it.


SSL/TLS by itself does not do anything that would render it incompatible with URL rewriting. That said, you need to be careful about the protocol prefix and/or the port, if your system uses them somehow. HTTP default port is 80, while HTTPS is 443 (although almost all servers can be configured to listen to different ports regardless of the protocol). For example, if you hard-code some resource paths with the absolute URL, note the small but real difference between http://something/example.jpg and https://something/example.jpg :)


Domain name is used with verifying the certificate owner's identity, along with the signature trust. A SSL client is free to choose to ignore the protection that the domain name association gives (for example, common browsers will let you proceed even if there is no match), but this would also cause the effective security and manageability of the system to decrease.


For development, self-signed certs are ok because developers can of course trust a certificate they themselves created. But the chain of trust is very important when giving access to other people, so purchased signatures are the way to go when you publish.

#5238141 How to run a DX8 application on windows 7 64-bit

Posted by Nik02 on 03 July 2015 - 02:25 AM

VB6 and D3d interop was provided as a separate ActiveX dll. Said dll needs to be present in the target system.

I'm surprised that you can actually run the VB6 IDE itself in 64bit Windows, as it suffered significant compatibility issues the last time I tried it.

#5237635 Fading texture

Posted by Nik02 on 30 June 2015 - 01:39 AM

You are probably not filling the mipmap chain of the texture.

#5237453 What is the easiest way to show effects(ice, fire, thunder, etc...) in direct...

Posted by Nik02 on 29 June 2015 - 03:45 AM

Effects, especially realistic ones, are hard to do from scratch; there is no way around that. Usually, the effects you listed are implemented as a creative mix of billboards, particles, shaders and textures.


However, engines like Unreal already implement most of the effects you listed. Ask yourself, are you writing a game or a game engine?