Though, it appears he was trying to implement high scores, which would send some information to another site, including document.location.href, but it is commented out in the version I linked, and removed in the minified version.
(lol, seriously though, it highlights "real" login fields based on domain for the page/frame which can't be spoofed and does a one-click login rather than typing it in - you can't get "fooled" because you should never be typing anything)
Heh, yeah, when I saw it earlier I wondered how successfully people could use an approach like this to social engineer people in such a manner. Glad I'm not the only paranoid one. :)
Interesting. It worked great on google reader. On Gmail I can sometimes get to the point where I can thrust & fire, but as soon as I destroy anything the gmail client seems to reset itself.
Interesting, it does work on the "basic HTML" version of Gmail. For me it seems like the "keyboard shortcut" functionality gets in the way of controller the "ship"
Not only great, in a few situations it's a useful and fun way to 'cross off' content on a site you don't need to see anymore. Like stories you wish were not on hacker news.
It might deserve a newspost of its own, but I'd like to have a working server running so people can actually, you know, use it. Unfortunately, I haven't thought to get node running on my VPS before now, and it's almost 02:00 here...
It also has Asteroids integrated in a similar way, as shown at around 70% into the video (unfortunately the video doesn't have a timecode, but it's worth watching in its entirety anyway.)
Holy crap, I had an extremely similar idea last month for a bookmarklet that let you machine gun and blow up pages. In fact, it's sitting half complete in a projects folder. Erkie, get out of my head!!!!
At least it's open source, so I guess I can fork it and add in my ideas.
Same here! Except instead of blowing up the page, you shoot at links to follow them. Also, fog that is revealed as you move around, minimap, etc. Maybe this can spark some more ideas?
It's not that it's non-deterministic, it's just that, since your javascript interpreter doesn't execute each instance and its event handlers in parallel, each instance will receive slightly different inputs. This is because the number of times each instance's main loop fires before its keyup/down handler gets called will vary.
If you load up, say, 6 instances, hold the up button for a while to get them up to full speed, then turn for 4 or 5 seconds and let go, they'll be a bit divergent, but not too badly. They should all be going roughly the same direction, and wrapping around at roughly the same time.
If you load up 6 instances again, hold the up button for a while, and then turn back and forth very rapidly for a short period of time, they'll be much more divergent.
Here is an example that will search hacker news (via google). This is based on the wikipedia example:
javascript:function se(d) {return d.selection ? d.selection.createRange().text : d.getSelection()} s = se(document); for (i=0; i<frames.length && !s; i++) s = se(frames[i].document); if (!s || s=='') s = prompt('Enter%20search%20terms%20for%20HackerNews',''); var goo = 'http:'; var g = '//'; var le = 'www.google.com/'; open(goo + g + le + (s ? '#q=site%3Anews.ycombinator.com ' + encodeURIComponent(s) : '')).focus();
76 comments
[ 4.7 ms ] story [ 158 ms ] threadThough, it appears he was trying to implement high scores, which would send some information to another site, including document.location.href, but it is commented out in the version I linked, and removed in the minified version.
Could, but doesn't yet.
If you're not locally rehosting the 'known-good' version that you just audited, you're not being paranoid enough.
Though that's a good reminder :) Thanks for pointing it out!
A new protip for the paranoid: the author could phish the snot out of you with an overlay that made it look like Facebook needed a re-login, too!
(lol, seriously though, it highlights "real" login fields based on domain for the page/frame which can't be spoofed and does a one-click login rather than typing it in - you can't get "fooled" because you should never be typing anything)
(bit scrappy, 10 min of code, but funny)
(test it by running asteroids on this page: http://bl4k.github.com/)
And the HN article, if you want to drum up some more players: http://news.ycombinator.com/item?id=1738543
I hacked together a very (very) basic multiplayer with a paper-thin node.js server in coffeescript.
Yes, really: http://github.com/cushman/asteroids.js
It might deserve a newspost of its own, but I'd like to have a working server running so people can actually, you know, use it. Unfortunately, I haven't thought to get node running on my VPS before now, and it's almost 02:00 here...
Maybe something like Twitter, where new stuff to shoot appears on a constant basis?
I think these Asteroids are a fun to use, web design tool to cut out what is not necessary. :))
It also has Asteroids integrated in a similar way, as shown at around 70% into the video (unfortunately the video doesn't have a timecode, but it's worth watching in its entirety anyway.)
At least it's open source, so I guess I can fork it and add in my ideas.
http://tanksurfing.appspot.com/
I didn't realize it was that popular.
If you load up, say, 6 instances, hold the up button for a while to get them up to full speed, then turn for 4 or 5 seconds and let go, they'll be a bit divergent, but not too badly. They should all be going roughly the same direction, and wrapping around at roughly the same time.
If you load up 6 instances again, hold the up button for a while, and then turn back and forth very rapidly for a short period of time, they'll be much more divergent.
http://en.wikipedia.org/wiki/Bookmarklet
javascript:function se(d) {return d.selection ? d.selection.createRange().text : d.getSelection()} s = se(document); for (i=0; i<frames.length && !s; i++) s = se(frames[i].document); if (!s || s=='') s = prompt('Enter%20search%20terms%20for%20HackerNews',''); var goo = 'http:'; var g = '//'; var le = 'www.google.com/'; open(goo + g + le + (s ? '#q=site%3Anews.ycombinator.com ' + encodeURIComponent(s) : '')).focus();