unforum

[Tiny]

Yes, the key has definetly got to be some type of a chatter device. It is linked into your everyday life. We know it's hooked into your bank account because it is used to pay for a subscription, kind of like a credit card but a direct link to a bank account. It has to be a means of communication because we are told to point are key to different addresses to leave messeges. It probably aslo doubles a hand held computer except extremely powerful. Think of a souped up Nokia Sidekick, keyed exactly to each individual person (no pun intended) via some sort of identification means...Ie Voice, Blood, Fingerprint, Eyesight or Password.
Tj-

[Kelis]

interesting result from a google search for: allinurl: pcbc

http://misplacedkeys.net/keys/weblog/tags/PCBC

[spugmeistress]

interesting that it has both PCBC and misplaced keys on one page but its hardly googlewhackable material to start off with ;)

its just some guys blog, and from what i can see on his site PCBC seems to be an abv. for the name of his church, probably (placename beginning with P and C) Baptist Church.

rach =)

[Tiny]

Hehe, see I wasn't completly crazy when I suggested a brain implant even for there closely relate society...Looky at this!!!! No but seriously, Holy Shit, look at how far technology has come in human beings...science fiction is becoming science reality!
http://www.guardian.co.uk/life/feature/story/0,13026,1448140,00.html
Tj-
To make that clearer, that is deifnetly out of game, but just shows how much a year or two ahead of us in technology could change things.

[csieg]

[SPEC] Sentinel "key" files....No way to get in.

[neopuff34]

I think the general thought is that we aren't meant to get in yet. When we do, the HTML will probably change, (or dissappear) or we may get a 'back door' into the articles. Also notice that when you try to click the missing areticles, it doesn't even try to link to them, just puts you straight to authenticate.html.

[Daffy889]

To all those saying that there is definitely no authentication because there's no client-side javascript code and the links point directly to the /authenticate page, this could technically all be done server-side.

All the server would have to do is check the database where the articles are stored to see if a particular article required authentication to be viewed. If it does not, the server would write the direct link to the article to the page, and if it does it would replace the link with a link to the /authenticate page. Very simple to do with server-side scripting such as PHP or ASP, and to the viewer it appears to be plain HTML with the links pointing to /authenticate.

As for the /authenticate page itself, if all it had to do was check for a specific device such as a key, then that could probably be done server-side as well, since certain information about the users' software and hardware is sent to the server with the page request. All the viewer would recieve is a page saying that it could not connect.

Now I'm not saying that any of this is actually happening, and personally I believe that we are not meant to get in yet, but it is definitely possible that there is an authentication system already in place on the site.

[POTUS]

I agree. The HTML we view is only what the server allows us to view. A server variable can detect where a page request originates, or what browser you're using, etc. If the server doesn't like it - it can send you whatever it wants to send you.

I still think we have to include the Key in our requests. It just makes so much more literal sense to think that 'pointing' actually means 'pointing'. I really wish I could prove that by presenting you with a working key!

[THeReVeReND999]

I just tried

http://www.perplexcitysentinel.com/authenticate/index.html?key=221545484848465100503215

And it's no go.... but it may be something like that... just because it says html, doesn't mean it isn't something else. Anything else to try?

[songofthephoenix]

[POTUS]

I tried a bunch of those the first week. None of them worked. I;ve tried tham as directories, variables and subdomains. While any one of these may be correct, the key itself will probably be readily apparent only after we solve some puzzle.

The postcard had that number and a maze. One thing about the maze was that it was a trapazoid, or the interiors hallways were slanted. My point being that the Ascendancy Point is also tapered. If the Ascendancy Point building is really mega-cool like forests and stuff - I can see that being a maze to navigate as well. Maybe the maze is vertical - maybe the key is the 24 digit number. Maybe maybe maybe, but yet maybe may be may be.

[thebruce]

ok I'll see if I can re-iterate a post I did a while back...

.html extension means nothing. A server can be told to filter any file type through any parser - on the server, the source of what we see as .html may be asp or php or any other server side language. The extension of a file in the URL can't indicate for certainty what is happening on the server.

On any request by a browser to receive a page content, cookies are sent by default to the server, so upon requesting any url, the server will know, by default, if there are any cookies on the client, and serve whatever the result of the code on the server for the url being requested may be.


Now, my belief is that there is currently no check for authentication on the website. Why? Because the only way there could be - since the links themselves are to /authenticate, not a specific url to request specific content - is that every page on the site, though seeming to be public, checks for an authetication cookie, and rewrites all 'private' URLs to /Authenticate instead of their actual urls. This is simply too much effort to protect a private page if the pages are already protected by authentication key. The only reason I can see the designer going this extra step is if s/he truly wants the urls themselves to remain hidden, so it's not just about protecting the content, but also the url. Which at this point, is extremely unlikely (99% unlikely IMO).

So, if the content was already on the site, but waiting for us to find a way to 'authenticate', I would expect the urls already to be available (not all pointing to /Authenticate), and those pages themselves would be protected - on requesting that url, the server would check the cookies the browser sends, verifies a valid authentication cookie, and decides whether to serve the protected content or redirect the client browser to /Authenticate.

I'll have to remember this post reference so I can refer to it later, cuz I'm sure this authentication cookie thing is gonna come up again

[Catfurnace]

Setinel Links

[POTUS]

thebruce said:

[Daffy889]