Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Fri Nov 15, 2024 6:01 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Meta » Puppetmaster Help
Tibits for ARGs (Producing and Playing)
Moderators: imbri
View previous topicView next topic
Page 1 of 1 [7 Posts]  
Author Message
snorkle256
Unfettered

Joined: 23 Apr 2008
Posts: 631
Location: West Central Wisconsin

 		Tibits for ARGs (Producing and Playing)
A quick list of things to check for both puppetmasters and players.
Snorkle256's Tidbits to ARGs (Producing and Playing)

Many of the items and ideas listed here are something that both players and puppet masters need to pay attention to. However one may look at the "10 Commandments" these are the things that should and will be tried regardless. The rule of thumb for players is to look at all of these. The rule of thumb for puppet masters is if you didn't want them to know anything, don't put it in there.

HTML Source Code
Obviously one of the most popular places to insert hints, clues, and other trailheads. Source code should be checked for links to other sites via image hosting and hidden links. Comments placed here make for excellent clues.

CSS Code
Not as common of place to insert anything, but if the HTML source code links to a CSS style sheet you can bet players will look at it (eventually). This is an awesome place for an initial breadcrumb. Generally can only be used once unless you realllllllly like to use more than one stylesheet.

404 Error Pages
What is better than making the player think they have hit a dead end? Why, it's a 404 Page with breadcrumbs. Also, you can always make it redirect after a certain amount of time elapsed if you think your players won't look into the source right away and you really need them to make it to the next stage.

Flash Coding
Almost anyone can gain access to a decompiler, even if it is just a trial version. Most people will not be able to understand the programming langue inside, but if you have links or hidden passwords they will surely be able to understand that. Encrypt your coding so plaintexts are illegible. Also, don't leave the "Next" button enabled or we might just skip over your password entry form.

Javascript Coding
Not nearly as easy to decode understand by regular players, however there is always the off chance that a programming could be playing.

Domain Names
Fairly obvious, when you register a domain name either do not use your name or use the privacy features of your registry service. This is of course if you don't want them to know your name that is; otherwise it would be possible to use these as a clue (Although technically to be legal these are supposed to be filled out with the correct info, but who is going get you for it?)

Hosting/Servers
Where are you hosting your pages/domains? Are they on the same server as your business pages? Great, then we can easily find out who is running the show. Also, we can find out if any domains are connected. There are several online sites that do reverse ip searches, listing all the domains that point to the same ip address. While it may not be cost effective, get several different servers going. Otherwise, don't get your other sites going until absolutely needed.

Wordpress
Properly lock your wordpress installations down. There are many tutorials and plugins that will allow you to keep your hidden info secure. Rule of thumb: if players are not supposed to see it, don't upload it and queue it. This includes pictures, not just posts.

Passwords
Although brute forcing is considered bad form, in this day and age the tools and time to do so has significantly dropped. If they aren't supposed to get in yet or ever, make it a good one!

Ultimate Rule of Thumb for Puppet Master (recapped)
If the players are not supposed to know about it, just plain do not put it on the internet!


edit: moved to puppetmaster help forum -imbri

PostPosted: Wed Aug 12, 2009 3:21 pm
 View user's profile Visit poster's website MSN Messenger
 Back to top 
Dominic1978
Boot


Joined: 18 Feb 2009
Posts: 45
Location: Arnhem, Netherlands

 		Muchos props for this list.

Greets,

Dominic

PostPosted: Thu Aug 13, 2009 4:00 am
 View user's profile Visit poster's website
 Back to top 
Nighthawk
I Have 100 Cats and Smell of Wee


Joined: 14 Jul 2007
Posts: 4751
Location: Miami, Florida, USA, Earth

 		Some comments on the above list, from a PM's point of view...

Flash Coding

NEVER have login/password determination in the Flash asset itself. Always post back to the server and await a response. Also, NEVER have the RESULT of said login/password in the Flash asset itself.

In cases when I've done this, I post the login/password to the server and the server returns the URL where the Flash goes. The Flash has no idea what's going to happen after success until the server tells it.

Javascript Coding

Quote:
Not nearly as easy to decode understand by regular players, however there is always the off chance that a programming could be playing.


*cough!* Twisted Evil

It's not perfect, but there are plenty of online Javascript obfuscators that make the lives of us nozy folks harder.

Hosting/Servers

For a first time PM, yeah this is probably a good idea. I've had no secrets over who's been running my past few games, so they've all been piled in to the same server.

My next game... I'm not going to make it that easy! Smile

Passwords

The passwords to my hosting services is a 42 character alpha+number+symbol string that is so complex I have to copy/paste it from a text file to use it.

I'm *that* paranoid, and you should be too.

Having an "in game" password hacked is not the end of the world; you simply will have to adjust your timeline. Getting your hosting services hacked can most definitely mean the end of your game and a whole lot else.

Ultimate Rule of Thumb for Puppet Master

Most of the things I devise and post on the Internet are wrapped around coded timers. I can explicitly set a time through code (C#, most of the time) for it to become active; before that, it's not there, and it comes active and available even when I'm not around.

THis goes the same for password sites. People were trying to brute force the Umbrati site for weeks... Little did they know that NO password would have worked until a certain date/time.
_________________
"Omne ignotum pro magnifico"

PostPosted: Thu Aug 13, 2009 12:06 pm
 View user's profile Visit poster's website
 Back to top 
thebruce
Dances With Wikis


Joined: 16 Aug 2004
Posts: 6899
Location: Kitchener, Ontario

 		Javascript/Flash/client-side code

To follow up on comments above, never put any 'secret' information on the client-side. Even if it's encrypted or encoded, it's there, and if the browser can decode it, there's always potential for a player to decode it. Even encrypted flash source code can be decrypted (I've actually accomplished it for some of 42's recent games that incorporated flash code that when decompiled was still obfuscated or had encrypted content).

Anything you want to keep secret, as nighthawk said, put on the server to be retrieved only by client request. Even then, the request shouldn't be easily sent. Form submissions can be spoofed. Text entry (like passwords or codes) would be the best/simplest way of making retrieval of said sensitive info difficult, as the only 'hack' is brute force.

It can get more complex than that, but it starts to get into secure communication and highly advanced encryption techniques.

Searching

Players:
Google is your friend. Quotes, names, phrases, acronyms - all easy finds via google. Context is important too. If you have an acronym you're curious about, it may be very common, but include a word with the acronym that's related, and hits can be drasatically reduced and more accurate. Put words in quotes to ensure only that spelling or spacing is found (google will otherwise attempt to provide links that it thinks are relevant, even if slightly different than your query). Don't be afraid of quotes! Always check for a 'Cached' version link, as google's cached version of a page may be different than the live version (which may not even exist any more at all)
A great parameter to use as well is "site:", for example - include site:forums.unfiction.com in the query, and google will only return matches that are located on that domain name. Great for finding pages that google managed to find, hidden or not.

PMs:
Google is your enemy.
If you have a website with content on it that's not ready to deploy - 1) DON'T make it publicly visible (password it, or don't put it up at all), 2) DON'T link to it anywhere that's publicly accessible by a search spider - while the engine might not catalogue the page's content if it's protected, do you want to risk the link itself appearing in search results? If the referring page is spidered, the link may also be googleable. And if you're too late, the search engine may cache its version before you kill the page. Then there's pretty much nothing you can do.
_________________
@4DFiction/@Wikibruce/Contact
ARGFest 2013 - Seattle! ARGFest.com

PostPosted: Thu Aug 13, 2009 12:27 pm
 View user's profile Visit poster's website AIM Address
 Back to top 
Rogi Ocnorb
I Have 100 Cats and Smell of Wee


Joined: 01 Sep 2005
Posts: 4266
Location: Where the cheese is free.

 		Two more that seem to be often forgotten by PMs are:

"properties" data in files (Such as "Author" for .pdf, MS Office and OpenOffice).

EXIF data in jpg images.

Either of these can be a quick way to push a hint or to give away the farm.
_________________
I'm telling you now, so you can't say, "Oh, I didn't know...Nobody told me!"


PostPosted: Thu Aug 13, 2009 12:42 pm
 View user's profile AIM Address Yahoo Messenger MSN Messenger
 Back to top 
thebruce
Dances With Wikis


Joined: 16 Aug 2004
Posts: 6899
Location: Kitchener, Ontario
Rogi Ocnorb wrote:
"properties" data in files (Such as "Author" for .pdf, MS Office and OpenOffice).

JPG too - Corel for one defaults the Author to the current windows user name unless you change it when saving.
Pretty much any file with extended properties: check before deploying.


Tip for players:
As soon as you find a new page or site, copy it locally, or copy it out of your browser cache. You never know what might change (in-game or by PM mistake) at any point in time. For new websites, I always have my temp internet files open to check for hidden URLs/pages requested (XML data files, scripts, etc) when loading the content. To go a step further, make a note of the last modified dates for the files. Coming back the next day, a refresh may show you an image or page has been updated.
(different browsers handle caches in different ways - I prefer IE's temporary internet files for cache handling)
_________________
@4DFiction/@Wikibruce/Contact
ARGFest 2013 - Seattle! ARGFest.com

PostPosted: Thu Aug 13, 2009 12:57 pm
 View user's profile Visit poster's website AIM Address
 Back to top 
snorkle256
Unfettered

Joined: 23 Apr 2008
Posts: 631
Location: West Central Wisconsin

 		Just wanted to say thanks to everyone who has posted additions, perhaps I will rewrite a v2 tidbit list soon. (Also thanks for not biting my head off when I posted, was very nervous about doing so.)

PostPosted: Thu Aug 13, 2009 3:56 pm
 View user's profile Visit poster's website MSN Messenger
 Back to top 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
View previous topicView next topic
 Forum index » Meta » Puppetmaster Help
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group