top of page
  • Writer's pictureGraeme Devine

A Secure Site is a Happy Site

Security sucks.

Now when you connect to the site you see this.

Notice that new button in the bottom right hand corner? Authenticate? Even spelt correctly? Well that means you’ve got work to do. Hit that.

Yeah, I’ve not written the zillion lines of Javascript yet to make the nicer looking login work. But it takes you to this, you can use your Google sign in or make a new email login. Note that if you make an email login with your QXR email account you can’t use the google login later (since you used that email to create an email only account) - Prudence I think you’ve gone this route. I will delete all users when I add deck building so this is temporary.

Don’t steal my password btw. That one is mine.

Back here you should see a new online badge appear with your wins and losses. Yay. You are authenticated with the server. The number to the right of that is your ping to the amazon east coast server, it’s meant to cruise between the fourteen data centers and show you the lowest one but I’ve only got a server in Virginia nowhere near the CIA HQ I’m sure.

NOTE. It does load the game again. Sorry. Yes. If I was better with HTML it wouldn’t, also when I host this on Google Firebase Hosting it doesn’t do this. It’s Amazon bloody S3 bloody hosting charging me for bandwidth for no bloody reason.

NOTE 2. Yes, the authenticate button is still there even after you authenticate. Once again. Not a HTML genius at work here.

NOTE 3. Yes, I’m open to a nicer looking “I’m online” badge.

If you select Play / Join Game (and select the default deck, I’ll add the deck builder next now you’re online with an account) you will see this.

Begin matchmaking! Yay! As well as a super large font copyright because the one with the smaller font is still building. If you select Begin Matchmaking it should update the status with “starting” and then “searching” like this.

If someone else is also looking then it will match you and join you with a server and you will play the game! It really will!

There’s no lobby or rooms right now, I can add those as offshoots, there is only classic matchmaking.

Except the game server crashes when you connect to it right now, it does spin up a second server, it does connect you, it does all the things, but I need to work out what’s going on and to do that I need to connect and watch the logging on the AWS server itself WHICH IS HARD.

It won’t crash you the web client, it will just say “match found!” and then bring you back to the main menu screen when the server crashes.

But look, it spins up a second instance! It works! The spinning down bit works too.

s a reminder, all of this worked without security, http was joy, but security is good, and the flow has been refined a bunch since whatever century I played Andy at in a game or two. And Andy said to me, this is great Graeme, but you’ve got to get this secure (he didn’t, but this is how I replay it in my head now).

I’m tired. Really tired. And I’m pissed off today because it’s probably failing on something stupid like a blueprint error I can’t see because I can’t see the server logs and who designs a system where you can’t see the output of your servers without writing a bunch of code..

Hopefully I’ll get up at 6am and fix it, Bella has been glued to me while the house is also in chaos with boxes everywhere and a good co-coder.



Ping. That ping number generates a lot of errors in the chrome console that are expected. There’s a raging debate about that among web developers because say we want to find out long it takes to get to a server and back, well, ping it, but ICMP, the ping protocol isn’t generally open to HTTP so you have to use a HTTP protocol via Javascript so you use a simple GET to the server, knowing it will 404, but it will get you ping, but you add an exception to catch the error and ask the console to NOT PRINT THE FRACKING ERROR because you are trying to debug your code and don’t need and error being printed every second but some people on the JIra thread feel that switching off ALL ERRORS is the way to go instead of being able to catch off specific ones which is insane right?

If you’re debugging in web assembly all you have is a printf statement, there’s no debugger, there’s no gdb, there’s no nothing except the printf. So when there’s something spamming the console 24/7 while you are trying to see the one line that might spill some light on why your WSS connection is failing and as you try to open the header box up to expand it, it’s not helpful to see it scroll away one second at a time in 404 errors.

It’s not useful to turn them off and you can’t even turn them off at all in the Network timeline tab so I feel like I need to make my own web browser as well to actually debug this thing. It could start the revolution, the first truly great browser with it’s own unique extensions to embrace and extend the internet.. oh wait. Shit.

If you’re still here I have a bitcoin address.


bottom of page