Yikes! #2 is definitely a pretty big security no-no. Means all usernames and passwords are sent clear text without any encryption and could be easily read by anyone sniffing traffic along the route from user to OGA server. Feeling pretty glad I use a different username and password on this site than anywhere else.
I'll add that the concern goes beyond general internet security concerns. OGA has made a few enemies over the years. I'd hate to see a disgruntled user wreak havoc on the site by exploiting such an obvious security flaw.
Isn't there some way HTTP users can be directed through the HTTPS server for the login process? That's a pretty common arrangment, although I notice all HTTPS/SSL is actually becoming even more common these days.
Monday, March 20, 2017 - 09:48
Hi all! Just here to prove that I won't let sleeping dogs lie! :)
Actually, sorry for the long delay, been busy trying to keep my own projects on track, but rest assured this thread is still dear to my heart! So much so that I recently got back in touch with the folks at CC to help get some of the 'derivative' works questions answered.
I actually spoke with a copyright lawyer at CC on Thursday, she had some interesting things to say.
On the topic of what constitutes a derivative work, she said that so far it's been CC's goal to remain 'agnostic' about the specifics of what makes a derivative work. Their goal has been to simply mirror what existing copyright law says. Legally this makes lots of sense as it puts their licenses in line with existing law and increases their chance of holding up in court. However, as she pointed out (and out myriad of questions illustrate), the problem is that there is very little in the way of litigated/established legal doctrine with regards to what's a derivative vs simple reproduction in the case of video game art and assets.
An example she gave was using a CC-BY-SA picture in a book. She said it's well established that simply using a CC-BY-SA picture in a book does not make the book a derivative work. In an extreme example, taking a CC-BY-SA piciture or set of pictures and extrapolating a detailed story and characters based on the picture(s) might constitute a derivative, but as a general rule, simple using a picture in a book, does not make the book a derivative work. She said this is a common use case and that it sometimes bothers photographers when their CC-BY-SA works show up in random news articles or blog posts that are not themselves shared as CC-BY-SA but there's nothing to be done about it because this is the established copyright law.
Unfortunately, in the case of video game art, the legal framework is not nearly as established. So there is no legal precendent to look to for wether using a CC-BY-SA sprite or tile set or jump sound or something in a video game makes the video game a derivative work or not.
The good news is CC is very interested in these questions and in learning about OGA and the questions and concerns we have with their licenses. I asked if they would be willing to review the wording for the new FAQ and she said certainly, and we agreed to talk again soon so hopefully we can end up with something for the FAQ that'll provide some kind of useful guidance on the subject.
Monday, March 20, 2017 - 08:38
yuck! I guess I've always assumed SSL was used for the login bits on OGA but it sounds like SSL is only used if you connect to the HTTPS port, is that correct?
Thursday, March 16, 2017 - 06:53
Is this true? I don't get any warning when logging into the site, typically a browser would pop a warning if the cert was self signed and/or expired.
Wednesday, March 15, 2017 - 18:13
> perhaps didn't inspire those who did see i
Just want to say I did it see it and was totally inspired (think Sega Genesis: Cyborg Justice) but unfortunately I've been too busy with my mainline project to do any fun stuff this month. Bummer too as it looks like this one was mine to win! ;)
Wednesday, March 15, 2017 - 18:10
Just want to say this is awesome! Thanks for putting in the work to clean up all those tags!
Any hope of seeing this tags write up appended to the game faq or submission guidelines? Am afraid it'll get forgotten quick if it only lives in your blog.
Friday, February 24, 2017 - 11:23
Love it! Dancing cactus is really cute!
Monday, February 20, 2017 - 04:57
Awesome! Thanks for sharing! What about a % slider for dead-end removal, so you can make a maze with just a few dead ends, instead of just all deadends or no deadends?
just want to say I'm heart broken I couldn't get anything together in time for this challenge!
I was even thinking of pleading for an extension but truthfully this week looks even tougher than last as far as my schedule is concerned. :(
stupendous! great work!
Yikes! #2 is definitely a pretty big security no-no. Means all usernames and passwords are sent clear text without any encryption and could be easily read by anyone sniffing traffic along the route from user to OGA server. Feeling pretty glad I use a different username and password on this site than anywhere else.
I'll add that the concern goes beyond general internet security concerns. OGA has made a few enemies over the years. I'd hate to see a disgruntled user wreak havoc on the site by exploiting such an obvious security flaw.
Isn't there some way HTTP users can be directed through the HTTPS server for the login process? That's a pretty common arrangment, although I notice all HTTPS/SSL is actually becoming even more common these days.
Hi all! Just here to prove that I won't let sleeping dogs lie! :)
Actually, sorry for the long delay, been busy trying to keep my own projects on track, but rest assured this thread is still dear to my heart! So much so that I recently got back in touch with the folks at CC to help get some of the 'derivative' works questions answered.
I actually spoke with a copyright lawyer at CC on Thursday, she had some interesting things to say.
On the topic of what constitutes a derivative work, she said that so far it's been CC's goal to remain 'agnostic' about the specifics of what makes a derivative work. Their goal has been to simply mirror what existing copyright law says. Legally this makes lots of sense as it puts their licenses in line with existing law and increases their chance of holding up in court. However, as she pointed out (and out myriad of questions illustrate), the problem is that there is very little in the way of litigated/established legal doctrine with regards to what's a derivative vs simple reproduction in the case of video game art and assets.
An example she gave was using a CC-BY-SA picture in a book. She said it's well established that simply using a CC-BY-SA picture in a book does not make the book a derivative work. In an extreme example, taking a CC-BY-SA piciture or set of pictures and extrapolating a detailed story and characters based on the picture(s) might constitute a derivative, but as a general rule, simple using a picture in a book, does not make the book a derivative work. She said this is a common use case and that it sometimes bothers photographers when their CC-BY-SA works show up in random news articles or blog posts that are not themselves shared as CC-BY-SA but there's nothing to be done about it because this is the established copyright law.
Unfortunately, in the case of video game art, the legal framework is not nearly as established. So there is no legal precendent to look to for wether using a CC-BY-SA sprite or tile set or jump sound or something in a video game makes the video game a derivative work or not.
The good news is CC is very interested in these questions and in learning about OGA and the questions and concerns we have with their licenses. I asked if they would be willing to review the wording for the new FAQ and she said certainly, and we agreed to talk again soon so hopefully we can end up with something for the FAQ that'll provide some kind of useful guidance on the subject.
yuck! I guess I've always assumed SSL was used for the login bits on OGA but it sounds like SSL is only used if you connect to the HTTPS port, is that correct?
Is this true? I don't get any warning when logging into the site, typically a browser would pop a warning if the cert was self signed and/or expired.
> perhaps didn't inspire those who did see i
Just want to say I did it see it and was totally inspired (think Sega Genesis: Cyborg Justice) but unfortunately I've been too busy with my mainline project to do any fun stuff this month. Bummer too as it looks like this one was mine to win! ;)
Just want to say this is awesome! Thanks for putting in the work to clean up all those tags!
Any hope of seeing this tags write up appended to the game faq or submission guidelines? Am afraid it'll get forgotten quick if it only lives in your blog.
Love it! Dancing cactus is really cute!
Awesome! Thanks for sharing! What about a % slider for dead-end removal, so you can make a maze with just a few dead ends, instead of just all deadends or no deadends?
Pages