2017-07-27 20:05:26

I don't doubt that BGT has vulnerabilities waiting to be exploited. I mean, it once told me that 1-0!=1. I specificTh tried to remove floating point rounding errors, so I don't think that's quite it. ... How did I get around that, anyway? sad

看過來!
"If you want utopia but reality gives you Lovecraft, you don't give up, you carve your utopia out of the corpses of dead gods."
MaxAngor wrote:
    George... Don't do that.

2017-07-28 06:26:44

Aprone, I was under the impression that DirectInput was used for keyboard/mouse control in VB.
On another note, I'm currently struggling with a case of writer's block (or in this case, developer's block) where (1) I don't have any ideas for games or programs, or (2) I have too many.
Also, I tried running JAWS 3.7 on Windows XP and I got a "problem installing video driver" error.
The demo of JAWS 15 worked rather well with VB, but it's been so long since I used JAWS that I don't know how to use it anymore.

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-28 06:28:14

Also, CAE Jones, 1-0 is 1.

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-28 09:29:48 (edited by Ethin 2017-07-28 09:30:22)

@blindncool, no, not 1-0==1, it's 1-0!=1. In other words, he managed to make BGT tell him that 1-0 does not equal 1. (Operator == is 'is equals to'; != is 'is not equal to'; <= is 'is less than or equal to'; >= is 'is greater than or equal to'; etc. You get the idea -- just refreshing you.)

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2017-07-28 15:28:52

blindncool, directinput is mostly used for game controllers, joysticks, and I think you can do some mouse related things with it that would otherwise require a bit more coding to pull off.  For example, the way I keep the mouse from hitting the edges of the screen and stopping (which is the default behavior of the mouse cursor), requires a little bit of coding to trick it into looping forever.  I've never looked into it, but directinput probably has some convenient way of doing that for you.

Are you looking for a small game assignment?  If you need something simple, here's a tiny game written in a scripting language.  www.kaldobsky.com/game.vbs
Try making something like that with VB6.  It's an extremely small type of game that can get your feet wet if you're stuck with writer's block.  Don't feel obligated to do that though, ROFL, I just threw that in here in the off-chance it would help.

- Aprone
Please try out my games and programs:
Aprone's software

2017-07-28 17:31:05

Thanks for that script aprone.
I'll get working on a VB translation ASAP.

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-28 18:20:39

aprone I was not saying i had VB6 or BGT exploits hiding up my sleeves. the likely hood however of bugs and/or vulnerabilities for said languages are pretty high. the problem is people neither disclose them properly, or if they do, they are never patched.
i kind of think of it as if you are living in schrodinger's termite infested house. you actively ignore or are oblivious or don't care that there are termites that may or may not be eating away at the supports of your house. until you go look (find bugs or vulnerabilities) or wait until your house collapses around you, you think nothing is wrong. as this topic titles says, you think its not broke but you can't actually verify that. you are vertually sitting in your house with blinders on thinking your house is structurally sound while the time clock is ticking away on a impending crash. if you care at all, even a tiny bit, then stop using old deprecated languages that will never get updates. if you don't care, then you need to stop coding now and find a different hobby or profession. because pirates and hackers do care and they will eat you alive.

I don’t believe in fighting unnecessarily.  But if something is worth fighting for, then its always a fight worth winning.
check me out on Twitter and on GitHub

2017-07-28 19:47:38

Kyleman, I think you've put a bit more faith in modern languages than they deserve.  There is always some new genius exploit someone could hypothetically come up with, if they are skilled enough and determined enough.  New languages are targeted constantly, and even as we sit here people all over the world are searching for new ways to break whatever is popular.

Just because a language is still receiving updates do not mean you are in any way safer using it.  All it means is that you're more likely to have someone find a new vulnerability (since loads of people are looking), have more people use newly discovered exploit (these discoveries get spread around very quickly), and then yes eventually you get a patch to correct it.

It's a lot like the old commercials in the early 2000s that talked about how Macs didn't get viruses but Windows machines do.  Windows dominated the marked by such a wide margin that people targeted it.  A terrorist doesn't blow up a single guy driving down a lonely country road when he could use the same device to blow up a bus full of people.  You go after the product being used by the most people.

The list of VB6 vulnerabilities (and other old languages as well) are not exactly growing these days.  Even though everything has more exploits that could theoretically be found, the world isn't looking anymore.

Really all of this is a little pointless since the exploits and vulnerabilities you're referring to are the sorts of things you get when websites and web services are involved.  Things like PHP injection where people can inject their own SQL commands due to issues with how the php language handles user input.  Those are exploits that you need to worry about because they are interacting with outsiders.  If you have a game on your own computer, it could have 500 holes in it and it isn't going to matter.

- Aprone
Please try out my games and programs:
Aprone's software

2017-07-28 20:26:47 (edited by Orko 2017-07-28 20:36:50)

Proof of what Aprone is saying can be easily found at Microsoft's web site where you can get updates to even the latest versions of the C and C++ runtimes redistributable libraries, which are mostly security fixes.

Not only that, but no matter how secure a language or its runtime libraries are, poor programming can produce programs that are not at all secure.

You can't just rely on the language to make your programs secure, you, the programmer, has to take an active role in coding your program to make it as secure as possible.

A simple example is, instead of using the strcpy function to copy a string, use the strncpy function instead, in strncpy you not only specify the source and target strings, you also specify the maximum allowed number of characters to copy. Just this one little change can go a long way towards preventing buffer overflows, which is one of the more common security exploits hackers use.

2017-07-28 20:32:42

You know? When I heard that Heartbleed was a code injection via overflow, I was surprised, on the grounds that I'd heard about this style of vulnerability since I'd started programming classes, and assumed that this meant that of course the big companies knew about this sort out vulnerability and accounted for it. Turns out they did not, or at least, not enough. Were my teachers unusually aware of this sort of thing (possibly by secretly having spent over a decade working on heartbleed), or did this stand for years, known but unpatched?

看過來!
"If you want utopia but reality gives you Lovecraft, you don't give up, you carve your utopia out of the corpses of dead gods."
MaxAngor wrote:
    George... Don't do that.

2017-07-28 23:47:12

I don't see how vulnerabilities in a specific language have any major effect on an audiogame. Sure, if you are writing an app that becomes popular mainstream you might want to reconsidder, but when audiogames are coded in it who would take the time to develop an exploit for a specific audiogame, and then get past a router firewall and everything? Old languages might be a bit easier to reverse engineer, but many newer programming languages can be too. Python, for example was not even made for hiding your code so it is doable to get sourcecode out of a compiled program. I am not speaking from experience here, but you probably have to write in something extremely low-level to make reverse-engineering much more difficult. That said, I really can't understand why people would go with vb6 now, since apparently you need some ancient version of Jaws to even work with it and almost noone uses it, which will make getting help from other programmers on stackoverflow etc that much harder. That said, It will probably work fine once you've learned it, but a 13 year unmaintained language might not be the sollution if you can't figure out a more modern language.

Roel
golfing in the kitchen

2017-07-29 00:46:46

@roelvdwal
That isn't necessarily true. As I said, JAWS 15.0 works okay with VB, although the virtual toolbox is a bit slow at best and laggy at worst.

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-29 02:56:19

Maybe I'll make a Sega Genesis game after I have a release candidate for EC. Although I've had a horrible time finding accessible tools for Genesis music creation, so maybe that won't go as well as I'd like.
What do you mean "What does that have to do with the topic"? I think it's perfectly on topic. big_smile

看過來!
"If you want utopia but reality gives you Lovecraft, you don't give up, you carve your utopia out of the corpses of dead gods."
MaxAngor wrote:
    George... Don't do that.

2017-07-29 15:27:06

Any program you install on a computer can affect the whole computer, especially if it's poorly written or has exploitable vulnerabilities. Are you really willing to bet your and your customers' computers that I'm not right? If so, remind me not to use anything you write!

2017-07-29 15:55:36

To someone who is concerned about exploits and vulnerabilities, I have to ask what is your background experience with computer security?  I'm not intending for that question to sound rude, but I'm starting to think some of these "exploit" and "vulnerabilities" concerns are rooted more in fiction than in how they actually work.  For example, I've spoken to many real people who believe a hacker can cause their home's lights to go on and off, refrigerator door to open and close, and steer their car, because they've seen such things in television shows and have no idea how things work in real life.  Your concerns are not to that same extreme, but you're leaning pretty far off from the real life risks of software exploits and vulnerabilities.

The closest situation that really can cause problems is when your software is hosting something online and will interact with other people who may wish to cause harm.  Even when this is the case, the harm they can cause is almost always to the database your program is reading and writing information to.  If you wrote a web server I may be able to use some problem with how you coded it, or some known problem with the language, to trick your program into doing something you did not intend for it to do.  Those tricks will almost always be me getting your program to delete entries from its own database, tell me information from that database I do not normally have access to, or to write in information I want added.

People like to look at adobe flash as an example of how someone can use a software exploit to run malicious software on your computer, which is true.  In the web server example someone may be able to trick the program into reading, writing, and deleting from its database because those are the functions your web server already does.  Flash is designed to be able to download files, run those files, and even run scripted commands based on information it receives online.  It's not a flaw in the language Flash was written in, it's a flaw in it's overall design.  Because it is actually designed to do those pretty important and far-reaching tasks based on information it can receive online, if you can fool it into listening to your instructions then you can get it to do any combination of those things you wish.

So the language is almost never the problem, the problem is the programmer.  Exploits and vulnerabilities almost always just find a way to trick the program into doing what you asked rather than what it was supposed to do, but its abilities are literally limited to what you designed it to be able to do.  Even when the TV show hacker is the most skilled hacker on the planet, he can't make your refrigerator door open and close if the fridge isn't designed to open and close the door automatically through digital commands.

- Aprone
Please try out my games and programs:
Aprone's software

2017-07-29 16:43:09 (edited by Orko 2017-07-29 20:41:31)

My last job before I lost my vision was as a senior software engineer for the popular Armadillo software protection and licensing system, you'd call it DRM. We were constantly dealing with hackers trying any kind of exploit they could to break our protection, part of trying to prevent their exploits from working was doing what ever we could to make sure that Armadillo was as secure as we could make it.

Certainly, an old language like VB6 has vulnerabilities that will never be fixed. A skilled developer might be able to write code to minimize the risk of writing in such an old language, but a beginner never will.

Any program that is installed on a computer can be executed, and if that program is vulnerable, while it is running, the system it is running on could be rendered equally vulnerable.

Given the choice, I'd prefer not to run any program written in VB6 or any other old and no longer supported system. But that is unrealistic, so the first thing I do is examine an executable to try to determine what it is written in, and sandbox those programs I want to run that are written in old languages like VB6.

Better safe than sorry.

@Aprone

You are, of course, entitled to your opinion, but I take exception to having someone like you assault my opinions by calling them fiction. Especially when you know almost nothing about me and my experience and what I might or might not know.

For that reason I will no longer participate in this particular discussion.

2017-07-29 17:01:01

I just want to say that security is proportional to the effort you want to spend on it.
It's very true that the Python language isn't designed to hide your source code, but I
do know that some companies like Dropbox have developed C extensions
that load it from encrypted files and thus have managed to
make something that Python wasn't designed for work.
Of course that is only an example.

2017-07-29 17:49:09

The way I understand it, exploits need to be received from somewhere. So if a vulneribility in an audiogamewritten in vb6 is exploited, the attacker would need to have access to your computer and probably router as well already. If an attacker has access to your router, you're pritty screwed anyway. VB6 is pritty insecure in applications which receive lots of untrusted data from the internet for example, but when it just handles local input I don't see the problem, especially as there is other software which does not get updated every month with the latest security updates. Now I am not saying that you should actively learn vb6 at this time, mainly since it doesn't and will never have support for things like 3d audio and whatever innovations are around the corner and because the rest of the world has left it behind, so finding support will be difficult. You probably want to ask your self the question what vb6 can do for you that more modern languages can't before you start learning it.

Roel
golfing in the kitchen

2017-07-30 00:42:04

Orko, it's a shame you're upset about having your opinion "assaulted", when you pushed your own so forcefully just 1 post earlier.  You can participate in this discussion or not, it's your choice.  Some people can dish it out...

Orko wrote:

Are you really willing to bet your and your customers' computers that I'm not right? If so, remind me not to use anything you write!

Orko wrote:

...I take exception to having someone like you assault my opinions...

- Aprone
Please try out my games and programs:
Aprone's software

2017-07-30 05:53:25 (edited by blindncool 2017-07-30 05:55:39)

For all of you that have a problem with me learning VB, what would you have me learn? C#? VB.net? C++? Java?
As I have said before in the opening post, I do not have the skills needed to create games (or anything else) in these languages.
Aprone has been able to create some fantastic audiogames in VB6, with very complicated (for me at least) systems.
I recognize that VB6 is rather old. I recognize that VB6 is not necessarily the best language for programming audiogames. However, everyone has to start somewhere, and I'm nowhere near Aprone's level of Expertise in Visual Basic.
If this turns into a flame war or "my language is better than yours" debate, I may have to delete this topic and start a new one.

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-30 20:54:02

If you want to use vb6, go right ahead. It will create audiogames just fine, we've got enough audiogames to prove that. But keep the following in mind:

From the things I remember, Aprone was a software developer in the nineties (correct me if I'm wrong). vb6 was probably a widely used language at that time, so he learned it. So does it make sence for Aprone to make audiogames in vb6? absolutely. He knows the language, and it suits his needs. Why replace a tool when the one you are using is working fine?

Now you are a different story. You still seam a bit uncertain about what programming language to choose. I decided to just search on google for a comparison of programming languages, the second result seemed pritty extensive:
https://fusion809.github.io/comparison- … languages/
Take a look at the python and visual basic entries. Apparently from this article, python is often the first language people try to learn. This means you can finds lots and lots of beginner questions conserning python. Just type your question into the google search box and you have an answer.

Now as voor visual basic, apparently it's specialty is in graphical user interfface programming. That means it is probably not used as much for programming games, in the mainstream world anyway. Getting answers to your questions will be more difficult, you will probably have to ask a lot of questions here.

Programming is also not as much choosing a language, as it is having a specific mindset. You must be able to devide an action into small steps the computer can execute. If you master one language, and then decide it wasn't right, you can always switch. I'm not trying to start a flamewar, I am just sharing my opinions and insights in the hope that you might find them useful.

Roel
golfing in the kitchen

2017-07-30 21:16:56

You're exactly right, roelvdwal. I'm not exactly sure what language to use.
So far, VB seems rather easy to use. Yes, there are a lot of people suggesting Python as a good beginner language.
In fact, once my programming skills are better, I may jump ship and switch to Python.
Something I probably won't use is BGT. Since BGT is C-like (and is only for Windows like VB), I'd rather spend my time learning something like JavaScript (which would allow me to develop cross-platform games).

One thing I'm also unsure of is this:
In vb, should I call my functions the Basic way (E.G., MsgBox "Hello world!") or the normal way (MsgBox("Hello world!")).

“Can we be casual in the work of God — casual when the house is on fire, and people are in danger of being burned?” — Duncan Campbell
“There are four things that we ought to do with the Word of God – admit it as the Word of God, commit it to our hearts and minds, submit to it, and transmit it to the world.” — William Wilberforce

2017-07-30 23:17:06

Blindncool, parentheses are required if you will be passing more than 1 argument to the function.  If you're only passing 1, such as in the hello world example you gave, it just saves a tiny bit of time by leaving them out.

- Aprone
Please try out my games and programs:
Aprone's software

2017-08-08 07:05:56

I'm not really sure what this post is supposed to accomplish, especially given the defensive nature taken when creating it (maybe that's not what you intended).
Microsoft has declared vb6 abandonware and has said that they will no longer be supporting it. That means that the next version of windows may very well not have runtimes that work with it, and that's a risk you're taking by learning a new language. I don't particularly care which language a single person decides to use, but it's worth note that it may not work after a while and that's a risk. I'd hate to see someone spend time learning a language that will eventually just fade out and not be used anymore.

@comment regarding vb.net: they are different programming languages.

2017-08-08 07:13:20

@aprone hackers can't switch off your lights? Unfortunately that's becoming less far-fetched with IoT.
But to hit the security exploits issue in vb6:
the VB6 runtime -could- have security exploits, there's no way of actually verifying it. Chances are that on a multi-player game you could be targeted, but I would assume aprone's server is at a much higher risk. If you're going to warn against a language that's fine, but do make sure that there's a viable warning.

In terms of recommended languages, I really do recommend Python. c++ is a nice language to learn, but it's not going to be suited for quickly building up a game. You can pull all kinds of libraries to make code faster in Python and literally accomplish all kinds of things quickly and easily.
HTH,