Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have a set of data that is used by GUI for positions and stuff, and that positions are also stored in MySQL. Every time the data changes, it is reflected on the server too.
Then if I want to update MySQL as frequent as jquery (or javascript, I don't know) tracking "mousemove" motion, that is, send request to the server that for every "mousemove" change the value in MySQL, how 'heavy' is it, especially when multiple users are using the same server?
What would be a better solution? I'm thinking of waiting for 3 seconds until the motion is finished, then if there is no more motions, sending request to the server then.
Although multiple people aren't using my server, but this always concerns me and hinders me from progressing. Please help.
Its better to have an intermediate in-memory solution to mitigate the number of database calls. Eg. Memcached. But! but! before we begin, lets have some numbers.
So lets do the Math, shall we?
You want to track the events to their details.
| Action to be recorded | Frequency of Occurrence | Per user/minute avg. |
|:---------------------------:|:------------------------:|:--------------------:|
| 1. MouseMove!!! (Seriously?)| Very Heavy!!!| 200|
| 2. Clicks (MouseDown) | Medium to High| 10|
| 3. Hover (MouseOver) | High| 50|
So with a very rough ball park estimate for one active user the total events fired for a specific session would be 260/per minute.
So for lets say 10 concurrent users your events per minute become 2600.
And this becomes a sure fire way of DDoS(ing) your own server.
Some useful hints.
Try to log the events in batches, ie. log the events as they occur on the client-side and once a threshold is crossed send a request to server to log that batch.
Do not use your main application server for this kind of logging, because this thing is -- wait for it -- logging and you should use a separate server for maintaining logs.
As said earlier, on the server too, implement an in-memory store of logs before pushing them to the database.
This data doesn't even need to be stored in a Relational DB. Nearly all big companies use flat DB(NoSQL) for storing this kind of info.
If you still decide to proceed with relational DB, when doing the INSERTs use Transactions.
If the tracking is to be done for only the logged in users, and a dedicated in-memory cache is not feasible for you, you could store the tracking data in user's session, and again after a threshold move the records to DB.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm working on a web application (JavaScript + PHP) for a taxi company. I need to add advanced alert system in which each app user (company employees) can specify what type of alert would like to get. Let' say user#1 wanted to track taxi#101 and get alerted whenever it enters any customer's district and show their details. user#2 wanted to get alerted whenever taxi#202 and taxi#303 enters any customer's area.. etc.
Note. There are many other cases for alerts but I prefer to think of theme one after the other.
I started scratching the high level design as follows:
I'll add an alert option to each taxi on the app.
user#1 will choose taxi#101 to get alerts from.
taxiID will be added to DB table with userID.
Do batch processing every 3 hours, joining this table with other table has taxi's positions.
Get a list of positions + area's + userIDs (not sure what technology should I use here to generate this list).
Script to run and check each area from the list and get all customers info inside it.
Join result table from step 6 with table from step 3
Every time user logged in, scrip will run to check the table and list the customers info that the taxi comes near them.
My Questions are:
How can I translate these steps into real software design flow? (exact techniques)
There must be a technique to handle all this headache. imagine that there are 50 users and over 5000 taxi. I'm thinking of drools and started reading about it but still not sure how it fits here.
I'd be grateful for any hint.
EDIT
Thank you Alexander. Here are the answers for your questions:
Q: why would any one user even need to get alerted?
A: I'm not sure. For generating reports or something like that.
Q: Do you always know the positions of Taxis?
A: Yes, The system receives real time positions through GPS
Q: Do you always know the positions of Users?
A: No, it's not important. thy are regular employees. I just need their IDs so I can show each one the info he asked for.
Q: How do you know what an 'area' is, and what determines if a user/taxi is in range?
A: When I get the position of the taxi, I draw a virtual zone around it and call it and area. It should inserted in the DB as well.
Q: are the rules predefined? Or must the user be able to create them dynamically?
A: Yes, they are predefined. There are many other rules such as [The user can choose to get alerted when specified taxi has not moved for a long time]. but I started with this one.
The scenario, each user will request different alerts for different taxis and I should do some processing then display the results for each user.
I couldn't figure out how to process these different variables and what's the best solution for this case.
Out of interest: why would any one user even need to get alerted?
What data do you have access to?
Do you always know the positions of Taxis? Is this GPS? Do drivers add/update data?
Do you always know the positions of Users? Is this GPS? Do users add/update data?
How do you know what an 'area' is, and what determines if a user/taxi is in range?
KISS - Keep It Simple Shadin
I propose the following entities in your system:
Taxi
+ id : int
+ positions : Position[]
User
+ id : int
+ username / password / email etc
+ observing : Taxi[]
+ rules : Rule[]
Rule
I do not know what you need or expect from this
I don't know what you mean by area, but you probably need some entity for that as well, though maybe not in the database - I don't know.
Now, for the rules. It seems you want a Domain Specific Language (DSL).
Then the question becomes, are the rules predefined? Or must the user be able to create them dynamically?
If they are predefined, you could simply implement a class for that rule, and execute it in your controller (or whatever you use to handle http requests) when it's time to check that rule. Something like myRule.checkFor(user). May even be a worker process of some kind.
I'll update my answer when you answer my questions as comments :)
EDIT:
Ok, so I think I'm starting to get a feel for your problem. This would be my solution:
REST API:
POST yoursite.com/v1/taxi/1.json {x:0.23, y:23} //update position for taxi 1 with json payload
POST yoursite.com/v1/user/1/register {taxi:1, eventType:NO_MOVEMENT, args:"3600"} //no mov for 1 hr
POST yoursite.com/v1/user/1/unregister {taxi:1, eventType:NO_MOVEMENT }
This seems to me should be sufficient for aggregating the data you need. It answers the following questions:
Where are the taxis? Which user is looking for events on x taxi?
You'll need a table (taxipos) for storing taxi id and it's position. [taxiid:int, long:float, lat:float]
You'll need a table (listeners) for storing which taxi is listened to by which users and for what event. [userid:int, taxiid:int, event:enum, arguments:string]
You'll need a table (events) that stores each event. [eventid:int, eventType:enum, taxiid:int]
The next step in my proposed solution would be to have a worker continuously aggregate events based on the recieved data. Say you define a NoMovement process. This process is run at a frequency that is sufficient to detect the least allowed interval in your system. For this example, lets assume that we could run at 15 minute interval (that is to say, you're not interested in a taxi that stands still for 14 minutes).
Now, each of your processes will be able to store events in a new table in your database. Let's investigate the NoMovement process (which will be run every 15 minutes by your worker):
For each $taxiid present in listeners#taxiid
Retrieve taxipos closest to now, and taxipos closest to 15 minutes ago (interval must be => to 15 minutes)
Check distance between now, and 15 minutes ago
If distance is <1 THRESHOLD (I don't know what this should be)
Add to event table with (eventType:NO_MOVEMENT, taxiid: $taxiid) you'll get that from the loop
Finally, it's just a matter of
GET youriste.com/v1/events/taxiid (your client will need to store which taxiids we want to ask for events, and call get at an appropriate interval - your client should then locally set event by id as read and filter those out before alerting)
Does this make any sense to you?
From what you are saying, it sounds like your system will include mobile devices of some kind, and you will need a map system for tracking.
Best solution I can recommend is using something like Leaflet with the openstreetmap api,this would give the map as an svg with ample xml data for tracking locations, and a simple js script that would use ajax to post location data to the server at set intervals.
Using backbone js gives simple event listener control for your alerts. Just have to test taxi location vs customer area when locations are updated.
List of OSM frameworks including Leaflet http://wiki.openstreetmap.org/wiki/Frameworks
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
[I know there have been similar questions about preventing cheating on high score lists, but no answer didn't really help me for JavaScript based games, so please try to think about my question, before telling me about similar posts. I ask about best practices because the JavaScript is always visible for the user and therefore it is not possible to prevent cheating completly, I just want to make it harder.]
I'm developing a JavaScript based game that works in the browser. I want to make a high score list that contains the user name and the score of all users. To achieve that the browser sends the username and the score to my server (via AJAX).
Submitting fake scores to this list would be fairly easy: One could take a look at the AJAX requests and then make an own AJAX request with a faked score. Using something like a token that has to be send with the other data is pointless, as it will be easy to discover.
My only approach, that would prevent cheating, would be to send a description of every user action to the server and calculate the score there. But this is not really practicable as it would be too much for the server.
I accepted an answer, but in case anyone has other ideas about how to make cheating harder, please create another answer!
I like to play cheat the cheater - something like using a token to authenticate the score that changes every time the update is called... but I accept the cheat score that gets posted using a duplicate token. Then I display that cheat score to only the cheater, so it appears that it worked, but now the cheater is seeing his results in a sandbox.
You pretty much answered your own question. If you want to really make it harder for users to cheat, send game log to the server, where you'll calculate the score.
You don't have to send all the events, just ones that affect result score.
There are some techniques, though, that may help you:
include signature in your request. Something like MD5(secret_key + params). Although, "secret key" will have to be in JS source, it will effectively protect you from simple request interception (see Tamper Data and Charles)
if it's a multiplayer game, accept scores calculated by clients and compare them. Cheaters will be pretty visible (assuming that the majority of users are honest).
you can set a score cap, an "unreachable" result. Everyone who posts score higher than this is a cheater. For example, speed typing game: no one can type correct text at 1500 chars/minute, even 700 is pretty damn hard (though achievable).
On score submit:
Request some token from the server, this should be time based and only valid for about 2 seconds
Only accept submits that include a valid hash of this token, some salt and the score.
This prevents manual tampering with the request as it would timeout the score. If you want to account for high-latency give it a little more time until the timeout.
The hashing function:
Scramble the hashing function inside packed code (http://dean.edwards.name/packer/ really produces nasty to read code) if you use jQuery or some other library just drop the hashing functionality inside the library file and it gets pretty bad to find, escpecially if you use a function name like "h" :)
Handling the score-variable itself:
Well everybody with a debugging console can change the variable on runtime when doing this but if you encapsulate your whole Javascript inside a function and call it nothing is in the global namespace and it's much harder to get to the variables:
(function() {
//your js code here
})();
I have had lots of thoughts about it and, eventually, decided to only have local individual highscores, so cheating is not really beneficial for player and not harmful to others. Yet my game is just a simple minesweeper, and there were people who complained about the lack of competitive table.
Option 2, is approach taken by WebSudoku - to show your place "among the people of internet". So you will not see any other results, and people wont see your results - but you can compare yourself to crowd.
p.s: And seriously - any kid with Firebug/WebInspector can easily hack your JS game and, eventually, to be able to reach very high score.
If you are relying on the client to send the final score to the server, then there is no way (afaik) to prevent a genius from cheating. But I think you might be able to prevent stupid people (and honest people) from cheating, so that only geniuses and their friends will dominate your leaderboards.
There are two ways I can think of
1.) "security through obscurity."
Come up with an algorithm that transforms simple scores into something else (and to transform them back). Then obfuscate it. Complicate it. Write a function that multiplies it by q and divides it by ralph. Apply a bunch of functions to it, and among the 5-15 functions that do random stuff to it, include one that multiplies the number by 19 ( a prime number ). On your server, check to make sure every incoming number (or letter) is divisible by 19, and decode
You have to write a bunch of complex code that transforms simple scores into something crazy-looking. You have to write a series of functions in the least-efficient, most spaghetti-code fashion possible. Use
One thing you cold do is to have a set of disallowed values. I.e., perhaps all points awarded are even. If anyone tries to submit an odd number, they are obviously cheating (and very stupid).
2.) time
You should be able to know when the user started the game. You should have a session started and record when they requested the page. Then you should also be able to tell when they submitted their score. And you should also know what the time series is for max points. I.e. can you get 5 points per minute, 100 per minute, minute^3, etc... If user submits more points than are possible during that time, they are cheating.
You could also strike a balance between server and client processing and make the client should send progress update every x minutes by ajax. And if it fails to report, you assume it's been compromised (much like in Bond movies, when he's infiltrating the enemy's lair and he snaps some guard's neck. When the guard doesn't respond to his next 10-minutely check-in, the alarms will go off).
If you've ever played Zynga Poker, you've probably seen what happens when someone at the table has a slow internet connection.
Depending on the nature of the game, you could use other players to verify the results. In simple games this works great, on others you have to be clever and develop many aspects around this feature. E.g. sometimes is possible to replay and verify results based on logged actions. This trick works specially well for Human versus AI, as long as the model is deterministic.
Another option is redefining the score concept to be more user-centric, this is pretty easy to implement, but tends to be hard to devise, and only applies to a few categories of games.
Purely speculative approaches are also possible, it's sometimes pretty easy to know when some parameters don't fit. It would not avoid cheating, but would moderate it a lot.
The most complicated part is getting a small enough replay log, but since most data isn't random (except for player actions, which, actually aren't that random because depend on the game) it's essentially a matter of getting the design right.
Also, if gameplay is extended enough, for action games and the like you can get a lot of compression from doing some approximation, merging (e.g. motion vectors), and clipping uninteresting stuff.
Ideally you would send your entire event log to the server for checking. Perhaps you can implement a heuristic so you can easily determine if the score is within a set of bounds. For instance, if the total game time is 5 seconds you might expect a much lower score than with a much longer game time.
Alternatively, you could choose to manually check the event log for really high scores (the overall top-X, which should be fairly stable).
You will need a seeded random number generator if you're doing anything with randomness (like random events). Which might be tricky if you hadn't already thought of it.
You can find many more resources but it really just boils down to server-side checking. JavaScript is not unique in this, but likely easiest to exploit because you not only see the client-server communication but also the client-side source code!
HTML5 Multiplayer Game Security Solutions
http://lanyrd.com/2011/jsconf/sfggb/
Games like Starcraft only record the mouse clicks and key presses. The actual commands are then simulated. I expect 'Worms Armageddon' to do something similar but their random events (like the bounciness of bananas) aren't seeded properly so in the instant replay you might get a different result.
You could imagine something similar for MMORPGs. The server calculates your position based on the keypresses, the client merely tries to give a good early interpretation but you may warp around when you're lagging because the server will place you elsewhere on the map because it didn't get the keypress events timely.
If you attack something, the server will check if you're close enough and how much damage you can expect to deal with current stats and equipment.
Record key points in game, then score is submitted with these key points. When people look high scores, they can also see overview of played game, if it looks like it is impossible to play like that without cheating, then people can report these suspicious scores to admins.
I used a system using a time based request having 3 parameters
req number, curr time, score
The req number is returned from server in the response to the update score request , each time this is a new random value.
The curr time is calculated not from computer clock but from start of game and is synced with server using an ajax request.
Update score request is sent after short intervals (around 30 sec max).
Following checks are applied on the server
Time is within 10 seconds range from the server clock.
there has been not more than 40 seconds since the req number was sent.
the score change sent after 30 seconds is possible (within 2 x humanly possible range)
Score is updated only if the above checks are passed or the user gets a disconnection message :(
This is simpler than most methods and works out to eliminate all casual hackers (well, unless they read this and want to go to the trouble of updating score quickly or making a script of their own).
If not cheating is more important than the game itself, try to construct and present your game in a way that it looks like finding the solution to a math problem. So the server will give an instance of the problem to the client (example A: a chess board about to be won in 3 moves, example B: a geometry dash randomly generated level) and the user will have to solve it and post back a solution (example A: the winning moves, example b: the exact timestamps and intensity of jumps to avoid obstacles)
With this approach, it is key that the server doesn't send the same level twice, or else the cheater can plan and "design" his solution in advance. Also, the game information must be randomly generated in the server and not sent via seed, or else the cheater can fake the seed and design his solution with time.
The given time for valid submissions must be also tracked in the server so that they will only have "playing" time and no "designing" time. If the cheater is good enough to design a solution as fast as honest players can win the game, then they are talented enough to win the game honestly and deserve their points.
Back in the server, you will need to check that the submitted solution is valid for that instance.
Of course this approach requires lots of extra work: More instances of games (ideally infinite and non repeating), server side generation, server side validation of submissions, time caps, etc.
Note: I know these approach was already suggested in multiple solutions some years ago, I wanted to add my humble contribution.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Apologies if this is too abstract.
I using mainly jQuery to create a Chrome extension where users can subscribe to feeds. A 'random' selection of items from these feeds are then delivered on the user's new tab page.
Here's the process I'm planning to use. Is this the fastest way of doing it?
Check which feeds the user is subscribed to and use nested $.getJSON requests to bring them in.
Cache these locally for at least the next 12 hours so they can be quickly retrieved again.
Convert the feeds to JSON objects and combine using concat.
Shuffle the items in this new, single, combined feed.
Load the first 36 results (and display using Masonry).
Add an infinite scroll that loads blocks of 36 results when the user scrolls down.
On top of this, I also intend to cache the JSON feeds on the server for 12 hours or so.
Is this the quickest way of going about it? Might it be faster to swap steps 2 and 3 around given that it's not very frequent that a user will subscribe to more feeds?
As the emphasis is on loading speed, there's plenty else I'm happy to sacrifice. For example, it doesn't have to be JSON I use if a database would be better. Similarly, the caching can be for a long period of time because the objects the user is being shown will be in a 'random' order and so needn't be the latest.
You could do most of this on the server side and only send the 36 required feeds, which should load very fast depending on their content.
Your biggest bottlenecks are the following:
Fetching the various feeds (~1 second per feed)
Building a list of those feeds for a specific user
Downloading the feeds to the user's browser
The last two are not terribly long, but the difference between loading 36 presorted items and organizing an arbitrary number of random elements is important when the new tab page is only used for a few seconds.
The easiest solution is to fetch all feeds on the server, put them in a database and retrieve the last 36 matches for the users that need them. This has several advantages:
Fetching from a database takes milliseconds. Fetching a feed from a remote page can take a few seconds.
Databases are made to be queried, so fetching, merging and sorting results is easy.
The short, pre-filtered list of items will download far faster.
My company regularly run competitions on the internet. These consist of simple multiple choice quizzes, where the fastest person to complete the quiz wins a prize.
Recently we've been having big problem with cheaters (a lot of sub one second entries that would be impossible to complete manually). The time is calculated server side, so the cheater can't be manipulating the times directly. The only feasible way to cheat would be to write a script to automatically fill in and submit the quiz.
We've already implemented the following to try and combat this:
Limit the user to one entry (by checking IP and asking for email address)
randomly take questions from a pool (unfortunately each quiz has to be translated, so the actual pool size is quite small due to our limited translation resources)
randomize question and answer order
randomize quiz element class names and ids
Even with all of the techniques above, we're still getting people who manage to cheat.
As a last resort, we're considering replacing the quiz text with images, and randomizing the image names, but this would be a nightmare for accessibility and could still feasibly be cheated by using image comparison. Hence, we really want to avoid this if at all possible.
So I was wondering if anybody here had any ideas of how to combat this?
Maybe load the next Random question with AJAX only after the previous question get answered. I hope this helps.