Shadow

Luckely they are not, because DU has a voxel system for building and those games (at least SE) doesn't.
With the voxels you can do ALOT more then with blocks, especially when building slopes.
 
@Federal Initiator
I have watched your first video and a little bit from the second and from that it looks like you are not that familiar with 3D modelling with a direct modeller, like Blender?
Never, ever, ever use n-gons in any situation (faces with more than 4 verticies). They will completly screw up your renders and many modifiers. Use quads (4 verticies) wherever possible and tries (3 verticies) where needed. Your approach of preemtively subdividing a cube is not a good practise when you are not sculpting. It will create unnececcary faces and therefor reduces performance and increases render time. Use edge loops instead to create just enough extra faces. It should also be faster. A very good Blender addon is Destructive Extrude with which you can create extrusions more intuitive and much faster. The music is WAY to load. Get yourself Audacity and use the "normalize" ("Normalisieren") filter for your audio track. This will bring down the audio level to a decent, usable loudness. There is also an addon for Audacity for extracting audio tracks from videos, just in case. If you have the music files as mp3 I can recommend "MP3 Gain", which is a programm to alter the loudness of mp3 files and bring them to the same level. However overall the project looks like a good idea. I have designed my ship in Blender first, too and then build it in game afterwards.

 
And yes I took screenshots of some ingame elements and roughly rebuild them in blender so that I can scale the whole thing acordingly.
No I sadly can't give you the numbers, because NDA.

Shooting mechanics and time-based skill training aside, Mastering a ship and/or ship XP etc are going to be problematic in DU purely because the ships are voxel constructs and can physically change over time.

What happens if I level an atmospheric interceptor, or master it or whatever, then transform it into a huge destroyer? Does the ship keep it's XP and I effectively get a pre-levelled Capital ship? What happens if I level an interceptor and just stick an extra gun on it? Have I lost the Mastery progress? Is there going to have to be a set of rules that defines how much a ship can change and still be the same ship? Does it become impossible or impractical to modify or repair or even paint a ship once it starts levelling? What if I have two identical ships, does my mastery skill transfer?
 
Ships and Orgs are going to get a reputation, by actually getting a reputation. You know, actual people actually talking about actual events in game.

I'll take "people are genuinely terrified of the famous pirate ship The Black Pearl and it affects the opposing player's decisions in combat" over "the Black Pearl has +10 armour because it's survived ten fights", any day.

Hi everyone,
 
All right, the three pages that revolved into a flame war have been archived.
 
@Paul Nicolas:
As you are new on the forum, this is a first (but also the last) warning.
 
Your posts have broken several forum and/or EULA rules, among which:
- starting a flame war when nobody has agressed you.
- being particularly rude by calling people dicks and using some inappropriate text emoticons.
- suggesting to sell your account to someone else.
 
Being a gold backer gives you rights, but absolutely not those stated above.
If you continue with this behavior, your account can be banned with no refund possible (as you break the rules you explicitly accepted first when you created a Dual Universe account, to post on the forum and play the game). 
 
@everyone:
When you see something that is obviously the beginning of a flame war, just report it and don't respond to this kind of provocation.
 
Thank you for your understanding.
 
Best Regards,
Nyzaltar.

Actually, I think you are right: skills affect it and they were thinking about upgrades, but not confirmed if I remember correctly.
 
Regards,
Shadow

This has been discussed to death. However I feel that it's been a year since the F2P thread started, so everything does deserve a valid answer.
 
So, there was actually a way to avoid the subscription. That is to get a lifetime subscription in the kickstarter and crowdfunding period. How much? $475 USD for the physical rewards pack offered with the kickstarter. I think $425 USD for the digital rewards. I got the lifetime subscription for these reasons. A) I wanted to support Dual Universe and B ) I know that I'll be playing Dual Universe for the amount of time that my investment turns back, which is over two years.
 
Now Lethys has been doing an excellent job explaining this. There is also a dev blog about it here:
https://devblog.dualthegame.com/2016/04/08/monetization-player-happiness-and-economic-viability/
You can hear it explained by the people personally working on the game that way.
 
Along with that, here's the way I'm going to put it. Let's take a look at a game like Space Engineers. It's been a big hit, selling many copies, and so on. However you should have noticed that it hit beta at a certain point, with a release planned at some point evidently. This is a simple problem of the fact that not everyone is going to buy Space Engineers at the same rate for extended periods of time. KSH is likely planning to put the cap on it when it no longer has enough profit(if it hasn't already done that). So you will see Space Engineers have a life cycle that's impressive for a B2P game, but would not cut it for an MMO. Infact I'd call myself a detriment due to my status not having to pay monthly.
 
That's a summary of it all. I tried to touch on points that Lethys didn't cover. Hope you were able to get some more information from it.

Hello fellow Noveans, I just wanted to write a short post to thank the PR deptartment at Novaquark. While I do not wish to go into details, I had to contact Novaquark recently in relation to my account. Their response was swift, polite, understanding and highly satisfactory.

A special thank you to Gary, but to all at Novaquark, for assisting in my situation.

Good customer service in gaming is rare nowadays, sadly, so something like this really makes a difference. I am honoured to say that I got the Gold Pledge, worth every penny.

Thanks again!
Lei07

Hi guys, 
 
It's time once again for NovaWrimo! If you don't remember what it is or you're new around here, let’s catch you up.
 
What is NovaWrimo?
NovaWrimo is a contest inspired by "Nanowrimo" (National Novel Writing Month) that happens during the month of November (from November, 1st to November, 30th). The goal of NanoWrimo is to write a 50,000-word novel in 30 days. If you're curious, here's the official Nanowrimo website: http://nanowrimo.org/.
 
NovaWrimo is slightly different: 
 
It's not strictly tied to the month of November (meaning we might hold similar contests several times a year). To be accessible to a broader range of participants, the minimum word count is only 5,000 words instead of 50,000. Ideally, entries would have a word count between 5,000 and 7,500 words. Depending on the number of entries, it can take a lot of time to review everything. Of course, if you're really inspired and the result very good, there's no hard limit. Who are we to tell Shakespeare when to stop?  
The rules:
The 2017 NovaWrimo contest starts today, Thursday, November 30th, 2017 at 9:30 PM PST.  It will end on Sunday, January 7th at 11:30 PM PST. The story should be compatible with what is known of the Dual Universe backstory so far.   
For reference:
The Official Dual Universe Lore Bible The short story written by Alain Damasio The mods of the novel by Alain Damasio mentioned in the beginning of this post, some info here and here too The Backstory Page of the official website   Some more recent information  
If you spot an inconsistency between the different sources, the Official Lore Bible should be considered authoritative.
 
The story must happen between 2049 and 2450. (Between the creation of the United Earth Federation (UEF), the transnational institution in charge of coordinating humanity’s efforts and response to the Star Kiss of Death (SKiD) and the time when the Arkship technology is finally mastered). No alien creatures should be involved. Physical violence should be limited (No gore or similar things).  Verbal violence and cursing is tolerated but should be limited and not gratuitous. Explicit sexual content isn't allowed. Hate speech toward specific people, ethnic groups, or religions isn't allowed. You must submit your text in the form of a PDF file and you must attach it to a dedicated topic (with the tag [NovaWrimo2017] in the title) you created in the "Novaquark Archives" forum section. The PDF file must not exceed 500 kb in size. You also must send your file in Word or .txt format to both Nyzaltar and Nomad to be eligible. You can do so by private message on the forum. By submitting a fan fiction with the tag [NovaWrimo2017] in the topic title, the poster will explicitly cede author rights to Novaquark. While these texts won't be sold in any form, they might be used (fully or partially) as promotional materials or in marketing campaigns for the game Dual Universe. For more information, please read our "Terms of Use" and our EULA. You also must accept and you must respect the legal conditions bound to your Dual Universe account (the aforementioned game's EULA, but also the Terms of Use, Privacy Policy, and NDA if relevant). Your submission must be written in English. Your submission must not contain elements or information under NDA you may have found while playing the Pre-Alpha. A non-native English writer can seek help from a native English speaker to polish the text in English. The native English speaker must be aware that it can help only on a volunteer basis: he won't be eligible for any reward. If a non-native English writer seeks help from a native English speaker, he/she must submit the complete text before proofreading. Once his/her text is proofread, he/she will have to keep both pre-proofread and post-proofread versions of the text available on the forum. If several people collaborate on a story, please be aware that only the individual submitting the entry on the forum will be eligible to win any prizes or awards. We will not have group prizes available.  Because the juries are completely different, a participant may win a Novaquark prize and the Community prize. You may submit multiple entries, however, you may only win one Novaquark prize.  If an entry does not meet all of the requirements for eligibility (not reaching the minimum word count, missing the deadline by a few days, etc.), the author won't be considered as eligible for the Novaquark and the Community prizes. However, it may still be considered as a participant to the contest. It will be up to the Novaquark team to decide on a case by case basis.  Late entries will not be eligible for either the Novaquark or Community prizes, but will still be considered as participants.  A gentle reminder more than a rule: please consider the reading comfort of your future readers by formatting your text in a way that makes it easily readable (make sure to put some space between your paragraphs, etc.). 
The rewards:
1st Prize: 
1 Digital Gold Founder Pack

2nd Prize:
1 Digital Silver Pack

3rd Prize:
1 Bronze Pack 
1 Closed Beta Key

Last year winners were: 
• 1st Prize: Aetherios, for his short story "That Bright Dawn"
• 2nd Prize: Temerian, for his short story "Rebirth"
• 3rd Prize: Devious_T, for his short story "Left Behind".

Community Prize:
Unique in-game title: "Famous Writer". Won by Kurock last year.
 
Only one vote is allowed per person, regardless of the number of accounts he or she owns.

How the winners will be selected:
For the 1st, 2nd and 3rd Prizes, the winners will be selected by the Novaquark team. For the Community Prize, the community members will vote for their favorite fan fiction.  
Last year saw very cool entries. If you want to discover them, you can download them all here.
Good luck everyone! 
 
Cheers,
The Novaquark Team.
 

Hello,
 
From this topic:
 
... I followed the link to the event to https://www.eventbrite.com/e/novaquark-open-doors-event-dec-2017-evenement-novaquark-portes-ouvertes-tickets-40138804244 but cannot find where to register for it (I have created an account).
 

 
The website says that "Sales Ended", but it was only announced for one hour... Are all the places already sold !?
 
Regards,
Shadow

Hi CPExtreme,
 
Long story short: you can't buy the game currently.

Detailed answer: future pledge packs will be available (probably later this year) and will give access to alpha 2 which starting date is not announced yet (and probably subject to change anyway). Note also that, until release, the game servers may not be up all the time, several bugs are expected and features are not all implemented (it's an alpha after all).
Last information was given by Nomad is this thread:
 
Regards,
Shadow

Hey everybody! so I'm new around these parts...
Thought i'd share some animated forum signature banners that I threw together (in other words I was extremely bored and am impatiently waiting for the alpha  )
 

 

 

 

 

 
Edit: Had some people asking if they need to credit me if they use these banners... the answer is no since most of the content in the banners is already novaquark copyright... so just handle it how you would if it was from novaquark.

Just to be clear: this thread is not targeted against yamamushi's bot (or any other specific bot for that matters).
I've done some tests on it and I have not found any evidence of major security breach (I won't say any as there is always a risk in any application, even minimal).
 
Besides, any information gathered by the bots are publicly available (you can only hide your pledge status and, in this case, the bots won't  find it either).
 
The potential problem is identity theft: someone saying that he is you backed by a bot validation.
Don't trust someone if you didn't verified it yourself correctly or trust the bot having verified him.
 
What do you want to hide exactly (and to who) ?
 
Regards,
Shadow

I have been gaming / father of 4 / full time tech for 14 years now. My steam account shows that if you know that type of account but i want to personally Thank ALL the devs , And workers of DU for
bringing the world of DU to us all, and all gamer's together into a game that i think personally will change game-play mechanics for all of us for any future game. games will need to compare or beat standards being set here. Glad im a part of this!
 
So Big thanks to JC , Alain , Maxime , And all the Programmers , Graphic designers. As I speak from most DU fans we love you guys for it
 
No need for comments not needed its just a Thank You !
 

What about https://youtu.be/jPRx6WQlVQc?t=499 ?
Does it answer the question or were you talking about ship defense ?
 
Regards,
Shadow

There is currently no mechanism in DU to claim a random volume of space. NQ have said they will consider those mechanics at some point after launch, but no promises were made.
 
Territory control units (TCU) can only be deployed on bodies that have been divided into hexes by the game systems (planets and probably moons).
 
Asteroids presumably will not support this, because they have irregular shapes and will therefore be very hard to equally divide into hexes. But you could probably "claim" an entire asteroid by placing a few large static cores.
 
Space stations won't be able to "claim" a volume of space, they will be constructed by placing many large static cores.

Hey everyone, 
 
I just found a new youtube interview with J.C.
I didn't see this posted on the forum yet so I thought why not share the joy with everyone.
 
 
Have fun. 

Hi everyone, 
 
Unfortunately, the PGW website is correct: we won't be at the Paris Games Week this year  
 
One of the main reason is the time needed to prepare a proper demo version in "local mode". Each time we go to an event, we have to dedicate a significant part of the team to release a "Demo" version of the game. As relying on a decent internet connection isn't realistic, it implies to make a customized version of the game to make it work with LAN settings. As you can imagine, it's not a trivial matter.
 
Making demo versions for Gamescom and PAX West was a necessity. However, it slowed down significantly for a few weeks improvements of the game itself. As we want to limit extra delays due to this kind of branching, and as presenting an old Demo version wouldn't make sense (because the game has progressed so much during the past months), we decided to avoid presenting Dual Universe at the Paris Games Week 2017 and focus on the game development. 
 
However, we plan to organize an "Open Doors" event (less time consuming for the team) before the end of the year. We will announce it in the coming weeks, well in advance, to let interested community members enough margin to manage their time table if they want to attend this event.
 
Best Regards,
Nyzaltar.

Hello explorers,
 
I see more and more communities and organizations setting up authentication based on Dual Universe account in order to identify players on Discords, websites or other places outside the game.
However, it's not a simple process and there are lots of potential security breaches (I've seen and reported a few).
 
Thus, I decided to write this post where I describe good security practices and point some common attack scenarios.
While this post is mostly directed towards developers and webmasters, I think it's also a good and interested read for all players.
 
How authentication works
 
Currently, Novaquark doesn't provide any way for third party applications to identify a player (they have other priorities like creating the game for now).
So, how to do it then ?
Usually, we rely on authenticating a player on the third party application via standard login/password authentication and then give to the player a random token he must show on his/her profile.
 
In other words, the authentication process works using the following steps:
The player create an account on the third party application. The third party application generates and gives a token to the player (ex: "my-app-auth:396943934983749839"). The player logs into his Dual Universe account and updates his profile, appending the token. The player tells the application that token is uploaded on his profile (specifying his/her profile name or URL). The application browses the profile, read the player name and public information (organizations, titles, etc.). It also double-check that the token is present and correct. The application then "links" the local account to the player profile and may autorise access to restricted content.
 
When security fails
 
This list is not exhaustive, but contains most problems I've seen or can think about.
For easier reading, I put in red the attack scenario and in green the good practices you should use/see.
 
1) Token randomness
A secret must be random! Else, someone could just predict or guess the token and use it on his/her own profile.
Standard random() functions provided by languages are actually not random and may present collisions: you can predict their output (see https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d if you don't trust me).
Thus, it is important to use strong random generators like:
java.security.secureRandom() for Java random_bytes() or openssl_random_pseudo_bytes() in PHP crypto.randomBytes() for NodeJS secrets.token_bytes() (or secrets.token_hex()) in Python Etc.  
2) Your token is actually public!
Yes, the token is public: you put it on your public profile as the application needs to read it.
A hacker could read it when you update your profile and authenticates at your place before you get the time to do it yourself. If you think that it is too hard to watch all forums accounts for a new posted secret and authenticate before the player, note that there is a RSS feed which gives in real time all profiles changes.
How to prevent the attack ? Make sure to bind the token to the third party account. This way, if someone else tries to authenticate with the token, the local account won't match.
As a good practice, also send the token in private and not in a public channel.
 
3) Weak or lack of verification
Some applications may forget to actually verify the token (don't laugh, a bug is always possible).
So make sure to test it after each code update.
Another important point: the forums user feed also contains data from the posts liked or messages posted. If the verification function just looks for the token anywhere in the page, a hacker could create a post with his token in the title and this secret will appear in the feed of whoever likes or answers it.
So make sure to only check in profile updates.
 
4) Validating the wrong profile
If the player enters the URL of his profile (on the forum, this is nearly mandatory as there is no easy way to know the profile URL based only on the player name), it is possible to host a webpage on another website with a copy of your profile with modified information about your pledge, title or organizations.
Thus, it is important to double-check when validating the token and gathering player information that the URL domain is actually correct!
Hint: it should be something like *.dualthegame.com (make sure to test against URLs like "*.dualthegame.com.hacker.com" or "hacker.com/*.dualthegame.com").
 
5) Luring someone else to edit his/her own profile
This one is a bit tricky. Let me break it down into a detailed scenario:
I start authenticating on Achilles' Discord which requests me to put the "123456" token in my forums profile. I don't do it right now and instead setup my own application with authentication. I share my application with Hector who tries to authenticate there. He is requested to put the same "123456" token on his profile. Hector put the token on his profile (and finishes authentication on my application for what matters). I finalize authentication on Achilles' Discord indicating that I'm "Hector". And now, Achilles' Discord thinks that I'm Hector. Tricky.
A quick and easy recommendation is to generate a token which is clearly related to your application.
So, for example, Achilles' Discord could have generated a token like `Code for authenticating with Achilles' Discord (don't use this code if it was not given to you by the "Achilles' Bot"): 123456`.
As Hector is a smart guy, he would probably not put this token for authenticating with an application which is not named "Achilles' Discord".
It is not perfect as a player who is not paying attention can blindly copy/paste the code.
 
6) Quits and bans
Last but not least: players may quit an organization, be kicked from ATV or lose their backer title for whatever reasons.
Thus, if a third party application records groups and roles only once during authentication, the player rights may become outdated in the future.
It is important to regularly check the player organisations, titles and rights and update them accordingly (ideally before any request, but realistically a check every hour or day is ok-ish).
 
 
I hope this post will help. Feel free to ask questions or repost it anywhere.
 
Regards,
Shadow

Hello explorers,
 
I see more and more communities and organizations setting up authentication based on Dual Universe account in order to identify players on Discords, websites or other places outside the game.
However, it's not a simple process and there are lots of potential security breaches (I've seen and reported a few).
 
Thus, I decided to write this post where I describe good security practices and point some common attack scenarios.
While this post is mostly directed towards developers and webmasters, I think it's also a good and interested read for all players.
 
How authentication works
 
Currently, Novaquark doesn't provide any way for third party applications to identify a player (they have other priorities like creating the game for now).
So, how to do it then ?
Usually, we rely on authenticating a player on the third party application via standard login/password authentication and then give to the player a random token he must show on his/her profile.
 
In other words, the authentication process works using the following steps:
The player create an account on the third party application. The third party application generates and gives a token to the player (ex: "my-app-auth:396943934983749839"). The player logs into his Dual Universe account and updates his profile, appending the token. The player tells the application that token is uploaded on his profile (specifying his/her profile name or URL). The application browses the profile, read the player name and public information (organizations, titles, etc.). It also double-check that the token is present and correct. The application then "links" the local account to the player profile and may autorise access to restricted content.
 
When security fails
 
This list is not exhaustive, but contains most problems I've seen or can think about.
For easier reading, I put in red the attack scenario and in green the good practices you should use/see.
 
1) Token randomness
A secret must be random! Else, someone could just predict or guess the token and use it on his/her own profile.
Standard random() functions provided by languages are actually not random and may present collisions: you can predict their output (see https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d if you don't trust me).
Thus, it is important to use strong random generators like:
java.security.secureRandom() for Java random_bytes() or openssl_random_pseudo_bytes() in PHP crypto.randomBytes() for NodeJS secrets.token_bytes() (or secrets.token_hex()) in Python Etc.  
2) Your token is actually public!
Yes, the token is public: you put it on your public profile as the application needs to read it.
A hacker could read it when you update your profile and authenticates at your place before you get the time to do it yourself. If you think that it is too hard to watch all forums accounts for a new posted secret and authenticate before the player, note that there is a RSS feed which gives in real time all profiles changes.
How to prevent the attack ? Make sure to bind the token to the third party account. This way, if someone else tries to authenticate with the token, the local account won't match.
As a good practice, also send the token in private and not in a public channel.
 
3) Weak or lack of verification
Some applications may forget to actually verify the token (don't laugh, a bug is always possible).
So make sure to test it after each code update.
Another important point: the forums user feed also contains data from the posts liked or messages posted. If the verification function just looks for the token anywhere in the page, a hacker could create a post with his token in the title and this secret will appear in the feed of whoever likes or answers it.
So make sure to only check in profile updates.
 
4) Validating the wrong profile
If the player enters the URL of his profile (on the forum, this is nearly mandatory as there is no easy way to know the profile URL based only on the player name), it is possible to host a webpage on another website with a copy of your profile with modified information about your pledge, title or organizations.
Thus, it is important to double-check when validating the token and gathering player information that the URL domain is actually correct!
Hint: it should be something like *.dualthegame.com (make sure to test against URLs like "*.dualthegame.com.hacker.com" or "hacker.com/*.dualthegame.com").
 
5) Luring someone else to edit his/her own profile
This one is a bit tricky. Let me break it down into a detailed scenario:
I start authenticating on Achilles' Discord which requests me to put the "123456" token in my forums profile. I don't do it right now and instead setup my own application with authentication. I share my application with Hector who tries to authenticate there. He is requested to put the same "123456" token on his profile. Hector put the token on his profile (and finishes authentication on my application for what matters). I finalize authentication on Achilles' Discord indicating that I'm "Hector". And now, Achilles' Discord thinks that I'm Hector. Tricky.
A quick and easy recommendation is to generate a token which is clearly related to your application.
So, for example, Achilles' Discord could have generated a token like `Code for authenticating with Achilles' Discord (don't use this code if it was not given to you by the "Achilles' Bot"): 123456`.
As Hector is a smart guy, he would probably not put this token for authenticating with an application which is not named "Achilles' Discord".
It is not perfect as a player who is not paying attention can blindly copy/paste the code.
 
6) Quits and bans
Last but not least: players may quit an organization, be kicked from ATV or lose their backer title for whatever reasons.
Thus, if a third party application records groups and roles only once during authentication, the player rights may become outdated in the future.
It is important to regularly check the player organisations, titles and rights and update them accordingly (ideally before any request, but realistically a check every hour or day is ok-ish).
 
 
I hope this post will help. Feel free to ask questions or repost it anywhere.
 
Regards,
Shadow

Hello explorers,
 
I see more and more communities and organizations setting up authentication based on Dual Universe account in order to identify players on Discords, websites or other places outside the game.
However, it's not a simple process and there are lots of potential security breaches (I've seen and reported a few).
 
Thus, I decided to write this post where I describe good security practices and point some common attack scenarios.
While this post is mostly directed towards developers and webmasters, I think it's also a good and interested read for all players.
 
How authentication works
 
Currently, Novaquark doesn't provide any way for third party applications to identify a player (they have other priorities like creating the game for now).
So, how to do it then ?
Usually, we rely on authenticating a player on the third party application via standard login/password authentication and then give to the player a random token he must show on his/her profile.
 
In other words, the authentication process works using the following steps:
The player create an account on the third party application. The third party application generates and gives a token to the player (ex: "my-app-auth:396943934983749839"). The player logs into his Dual Universe account and updates his profile, appending the token. The player tells the application that token is uploaded on his profile (specifying his/her profile name or URL). The application browses the profile, read the player name and public information (organizations, titles, etc.). It also double-check that the token is present and correct. The application then "links" the local account to the player profile and may autorise access to restricted content.
 
When security fails
 
This list is not exhaustive, but contains most problems I've seen or can think about.
For easier reading, I put in red the attack scenario and in green the good practices you should use/see.
 
1) Token randomness
A secret must be random! Else, someone could just predict or guess the token and use it on his/her own profile.
Standard random() functions provided by languages are actually not random and may present collisions: you can predict their output (see https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d if you don't trust me).
Thus, it is important to use strong random generators like:
java.security.secureRandom() for Java random_bytes() or openssl_random_pseudo_bytes() in PHP crypto.randomBytes() for NodeJS secrets.token_bytes() (or secrets.token_hex()) in Python Etc.  
2) Your token is actually public!
Yes, the token is public: you put it on your public profile as the application needs to read it.
A hacker could read it when you update your profile and authenticates at your place before you get the time to do it yourself. If you think that it is too hard to watch all forums accounts for a new posted secret and authenticate before the player, note that there is a RSS feed which gives in real time all profiles changes.
How to prevent the attack ? Make sure to bind the token to the third party account. This way, if someone else tries to authenticate with the token, the local account won't match.
As a good practice, also send the token in private and not in a public channel.
 
3) Weak or lack of verification
Some applications may forget to actually verify the token (don't laugh, a bug is always possible).
So make sure to test it after each code update.
Another important point: the forums user feed also contains data from the posts liked or messages posted. If the verification function just looks for the token anywhere in the page, a hacker could create a post with his token in the title and this secret will appear in the feed of whoever likes or answers it.
So make sure to only check in profile updates.
 
4) Validating the wrong profile
If the player enters the URL of his profile (on the forum, this is nearly mandatory as there is no easy way to know the profile URL based only on the player name), it is possible to host a webpage on another website with a copy of your profile with modified information about your pledge, title or organizations.
Thus, it is important to double-check when validating the token and gathering player information that the URL domain is actually correct!
Hint: it should be something like *.dualthegame.com (make sure to test against URLs like "*.dualthegame.com.hacker.com" or "hacker.com/*.dualthegame.com").
 
5) Luring someone else to edit his/her own profile
This one is a bit tricky. Let me break it down into a detailed scenario:
I start authenticating on Achilles' Discord which requests me to put the "123456" token in my forums profile. I don't do it right now and instead setup my own application with authentication. I share my application with Hector who tries to authenticate there. He is requested to put the same "123456" token on his profile. Hector put the token on his profile (and finishes authentication on my application for what matters). I finalize authentication on Achilles' Discord indicating that I'm "Hector". And now, Achilles' Discord thinks that I'm Hector. Tricky.
A quick and easy recommendation is to generate a token which is clearly related to your application.
So, for example, Achilles' Discord could have generated a token like `Code for authenticating with Achilles' Discord (don't use this code if it was not given to you by the "Achilles' Bot"): 123456`.
As Hector is a smart guy, he would probably not put this token for authenticating with an application which is not named "Achilles' Discord".
It is not perfect as a player who is not paying attention can blindly copy/paste the code.
 
6) Quits and bans
Last but not least: players may quit an organization, be kicked from ATV or lose their backer title for whatever reasons.
Thus, if a third party application records groups and roles only once during authentication, the player rights may become outdated in the future.
It is important to regularly check the player organisations, titles and rights and update them accordingly (ideally before any request, but realistically a check every hour or day is ok-ish).
 
 
I hope this post will help. Feel free to ask questions or repost it anywhere.
 
Regards,
Shadow

The four tutorials are now released on our YouTube Channel!
Tools & UI Basics (25 min) (WATCH FIRST) Atmospheric Ship Building (12 min) Interactive Elements & Linking (21 min) Rights Management, Outposts & Territories (8 min)  
Best Regards,
Nyzaltar.
 

Ok guys, stop now. This is not going anywhere.
Kind reminder: all time spent on moderating and reading trolls is time not spent on communication and game.
Feeding the trolls is not the smartest idea.
 
Please leave it and find something more useful to do.
 
Regards,
Shadow

Ok guys, stop now. This is not going anywhere.
Kind reminder: all time spent on moderating and reading trolls is time not spent on communication and game.
Feeding the trolls is not the smartest idea.
 
Please leave it and find something more useful to do.
 
Regards,
Shadow

EVE has plenty of content for solo players and will easily support an alpha to sub though money earned in game. The F2P model EVE uses is actually quite good in that it allows for plenty if gameplay and will allow you to build experience and get quite proficient in PVP without paying anything. PVP is not a money making activity anyway unless you get really lucky and kill, then loot, some expensive drops. While we have a lot of corp content and activity in game, my solo (exploration) roams pay the bills and do so easily and consistently. A day 1 alpha character today can make enough ISK to go Omega with some effort.
 
It's interesting to see how the usual suspects have their opinion ready and will spread the usual misinformation BS about this. I have some breaking news, CCP is a business and they need to generate revenue, The bittervets farming WH PVE content or the hordes mining in Alliance paid Rorqs do not pay the bills for CCP. The changes to Alpha clonestate are not a freebee and it is not a sign that EVE is dying. It is designed to give those who come back more room to move as well as give new players access to much more ships and modules while not requiring a rolling sub. Unless you were at EVE Vegas the past days and attended the round table as well as discussed this with CCP staff you really do not know anything as the presentation which was streamed was fairly basic. It became quite clear to me, reading between the lines in comments made, that this is not a 'remodel' of the alpha close but more a second phase in a planned rollout. And it will not stop here either. EVE Vegas was amazing and certainly renewed my belief that this game will be around for quite a few years more.
 
EVE is much more a game of experience than having the skills to fly a certain ship and right now an experienced alpha can wreck a lot of Omega brains and get a good number of kills.
 
I like DU, I really do , and the promise it holds is amazing. But it will be a long time before it gets anywhere near EVE in sheer numbers of players and solid gameplay with a server cluster which really is the best money can buy. DU obviously borrows heavily from EVE in a number of aspects and that's fine. It is however a completely different game  and while there will certainly be some crossfeeding, it will have to carve out it's own place.
 
Whether or not DU is enjoyable solo depends entirely on what you want to do. I would agree that a lot of game play in DU will be a much better experience when interacting with other players in game but I certainly see, and plan for, solo activity which I believe will turn out to be very lucrative. In fact I have a separate backer account with a character just for that purpose. He will be out on his own doing what he does and will only have interaction with me when needed.
 

At least, this seems more useful.
 
Looking at all troubles and the difficulties to "just" manage the ATV Discord, I'm pretty sure that NQ won't host an official Discord.
An I can't blame them: they don't have the man power to moderate it, from far and value added is minimal.
I may be wrong though. It's only my opinion.
 
Regards,
Shadow
 

Lispy, I would like to point out that YOU have violated many of the forum rules and that it would be best if you stop. Many of these violations are actually comments made about your brother.