Archives of May 2005

Rasterbator now in Norwegian

New language in The Rasterbator: Norwegian. Thanks to Terje Moe!

Categories: Art, Creations, Programming
Posted by Matias at 22.05.2005 10.40 (12 years ago) | 113 comments

Complex numbers in ActionScript

Here's a class for handling complex numbers and their basic operations with ActionScript. With minor modification it should work with JavaScript as well. It should be pretty obvious to use by just looking at the source code. Due to lack of operator overloading, there are methods for Add, Subtract, Multiply, Divide and Equals. It's probaly a lot slower than the native Number class/data type.

function Complex(r, i) {

Complex.prototype=new Object();

Complex.prototype.Add=function(im) {
  return new Complex(this.r+im.r, this.i+im.i);

Complex.prototype.Subtract=function(im) {
  return new Complex(this.r-im.r, this.i-im.i);

Complex.prototype.Equals=function(c) {
  return this.r==c.r && this.i==c.i;

Complex.prototype.Multiply=function(im) {
  return new Complex(this.r*im.r-this.i*im.i, this.i*im.r+this.r*im.i);

Complex.prototype.Divide=function(im) {
  var c=this.Multiply(im.Conjugate());
  var d=im.r*im.r+im-i*im.i;
  return new Complex(c.r/d, c.i/d);

Complex.prototype.Argument=function() {
  return Math.atan2(this.i, this.r);

Complex.prototype.Modulus=function() {
  return Math.sqrt(this.r*this.r+this.i*this.i);

Complex.prototype.Conjugate=function() {
  return new Complex(this.r, -this.i);

Complex.prototype.toString=function() {
  if(this.r==0 && this.i==0) return "0";
  var s="";
  if(this.r!=0) s+=this.r;
  if(this.i>0 && this.r!=0) s+="+";
  if(this.i==1) {
    return s;
  if(this.i==-1) {
    return s;
  if(this.i!=0) s+=this.i+"i";
  return s;
Categories: Programming
Posted by Matias at 03.03.2012 07.52 (5 years ago) | 465 comments

The Halcyon Days of System.Threading.Timer

Did installing Windows Server 2003 Service Pack 1 break your multithreaded application? My first guess would be that the application uses a class called System.Threading.Timer, which apparently is something the testing dept. of Microsoft does not care much about.

Quite a few people have encountered the same problem.

This also suggests that since the server is otherwise working perfectly well with SP1, Microsoft is not using .NET Framework very extensively in it's own implementations. Given the complexity of IIS, for example, there's bound to be some kind of timer functionality.

Post-SP1, the following code works only for a minute or so - after that the Timer just stops sending the events. Prior to SP1 the service application and the timer have been running continuously for months.

public Timer ServiceTimer=new Timer(); // System.Threading.Timer

private void OnTimer(Object Source, ElapsedEventArgs e) {
  // ... do the periodical stuff

public void StartService() {
  ServiceTimer.Elapsed+=new ElapsedEventHandler(OnTimer);

public void StopService() {

Fortunately it is quite easy to work around the functionality of the Timer object by creating another thread and using the static Thread.Sleep method, but the workaround done with C# does not use native platform methods directly, so it might be unsuitable for very time-critical purposes. .NET Framework has also another server-type timer, System.Timers.Timer - I'm unsure if that still works in server environment.

Here's how I fixed the timer. Note that there is a significant difference in the behavior, which may be very relevant. In the previous example, the time taken to execute the periodical stuff is excluded from the timer interval, ie. the interval between the start time of executions is constant. In the following, the interval between the executions is a constant.

private Thread TimerThread=null;
private bool Running=false;

private void OnTimer() {
  while(Running) {
    // ... do the periodical stuff

public void StartService() {
  TimerThread=new Thread(new ThreadStart(OnTimer));

public void StopService() {
Categories: Programming
Posted by Matias at 26.06.2005 16.54 (12 years ago) | 215 comments

Preventing deep linking of Flash games

Several times, the Flash-based GasGames have been copied to other, completely unrelated sites or deep linked (the Flash application is embedded directly to another page so that the user has no clue about the origin of the app), of course without authorization. This article is not about copyright issues; suffice it to say that I don't mind people downloading the games and copying them to their friends, but deep linking and displaying advertisements next to the game is not acceptable.

Here are a few countermeasures I have implemented. None of them are completely secure, but they should provide enough of an obstacle so that the potential violators go somewhere else. These tricks are not platform-specific on the server side and they can be adapted to other formats apart from Flash, provided that some browser variables can be accessed programmatically. Some of the tricks rely on certain browser features, which are common, but not everyone has them enabled; they work in most cases nevertheless.

Intermediate page that serves the Flash file

The Flash application is not directly available, ie. it is not under the root directory of the site. Instead of that, there is a script or a page that serves the Flash file if several things check ok:

  • The format of the request parameters is correct. Such a basic thing: always validate parameters!
  • The game is already published. In this case, all the games have a specific time of publication; it's fairly easy to guess if the address of the newst game ends with getgame.gas?26 that there might be a new game at url getgame.gas?27.
  • The referrer is not an external site, or it is empty. Browsers send the referring url with every request. If a link to an external site is clicked from here, there will be a line in the http request that says HTTP_REFERER: It's quite an easy way to tell if something deep linked. However, some ISPs filter out the referrer from the requests and requests without the referrer are always accepted.
  • The file assigned to the ID number exists. Just to fail gracefully even if someone forgets to copy the file to the server.

If any of the checks fail, the web server sends a response, which redirects the browser to the index page of the games.

Time-dependant hash code

A very effective way to prevent deep linking is to use cryptography. The page containing the Flash application creates a digital signature based on a secret word and the current time (year, month, day, hour and minutes). The signature is appended to the url. This effectively changes the url of the Flash file every minute (or precisely, every other minute; there must be some tolerance to allow requests that were sent at 59 seconds and 99 hundedths of a second of a certain minute and that would get to the server at 00.01 of the next minute).


The index page checks whether it is the outermost frame; this will cause pages linked using frames to load themselves directly to the window. In other words, it kills the other content on the page. This is very simple to accomplish using Javascript:

if(top.location!=location) top.location.replace(location);

English translation: "if the location of the outermost frame is not the location of this page, load this page to top". If the page is outermost, the location of top is the same as the location of the page and nothing is done.

This has quite an interesting effect when combined to the previous methods, since deep linked games open the index page of all the games without the external site. The deep linked game, used to lure people into external site opens the source site and the external site becomes the one providing visitors. (This may have some really bizarre legal issues, I pre-emptively pity the court that needs to judge such a case.)

Url checks in Flash apps

If an external site loads source code to be executed from your site, you get the chance to do quite a lot of different things. In Flash environment, the sandbox security model of Flash prevents anything truly nasty being done (such as delete files), but it provides ways to control the browser of the visitors of the external site.

Before doing anything, all the Flash applications check the source url. If this is in the list of acceptable urls, it proceeds. Otherwise it opens the source site. In ActionScript this is as follows:

var urls=new Array("", "");
var ok=false;
for(var i=0;i<urls.length && !ok;i++) {
  var u=urls[i];
  if(_url.substr(0, u.length).toLowerCase()==u) ok=true;
if(!ok) {
} else {

This will cause the Flash application to stop at the first frame if the url of the game does not begin with any of the urls listed in the first row. A bit more efficient way would be to somehow encrypt the urls. It wouldn't stand decompilation and a lot of scrutiny, but at least it would be effective against direct editing and replacement.

If the url of the game file is not in the list, it opens the front page of to the outermost frame. Same effect as described previously.

Being nice

The outcome of the previous methods is rather nice. I decided to be kind and just grab the visitors - who quite likely don't even realize what happens.

Being nasty

Of course, it would be as easy to display goatse to visitors of the deep linking site or crash their browser. It would also be it easy to make it seem to visitors that the deep linking site is stretching the boundaries of obscenity or that it causes their browser to crash. It's just the final step that does all this.

Maybe I shouldn't tell this very nasty way to irritate people:

while(true) getURL(_url, "_blank");

The previous line of ActionScript causes the Flash application to open an infinite amount of windows, containing duplicates of the application, which start opening new windows...

Categories: Games, Programming, Web
Posted by Matias at 05.05.2005 20.42 (12 years ago) | 615 comments

content licensed under Creative Commons BY-NC-SA - Valid HTML 5