[My Connection]

cool

[My Connection]

"so baiscly u dont need to write a conn ... just get the ticket"

That depends what you are doing. Standard mirc connection won't parse listview correctly under CLIENTMODE cd1. But you don't need to write a connection if you are not using cd1 mode.

 

btw, don't post uticket info. If above is the correct one then change your password now.

[My Connection]

About ircop account flag, it has not been implemented yet, but soon in an upcoming update server will switch to that instead of ^. What I've done to keep it compatible with the updates in my client is to check the length of the flags string, if it is 4 then it ignores the account flag, if it is 5 then last char is used for the account type. I'm tokenizing the irc messages by space, so this method works best for me.

 

btw, good work

[Easier Way To Grab Gates.]

language is now en, there will be another property for country that will be in iso format too.

[Easier Way To Grab Gates.]

People join, I dont see their profile code. I do /names $chan and I dont see the profile code again. I join another room and don't see the profile code on raw 353.

I'll check it out later, maybe it is sending nameslist in ircwx format with join only.

 

[Easier Way To Grab Gates.]

/raw CLIENTMODE cd1

 

Do I need to do this only once? Or before I join every chat room?

Once, preferably after connection is made.

 

[Easier Way To Grab Gates.]

Okay, I got the gates, now I have another issue, the new server doesnt give profile information with the names, not like the old system did (PX, FX, MY, etc, etc). Does anyone have any idea how to get this information? I am guessing you need to ask for it.

 

Any help would be appreciated, Thanks.

before joining send /raw CLIENTMODE cd1 that will turn off the standard irc backward compatibility mode for the client connection, which will send you the info you need.

 

Flags:

1. Away/unaway U/A

2. Male/Female/Unsepciefied M/F/U

3. Photo/Non P/N

4. +voice/-voice V/N

5. User/Guide/Sysop/Admin U/G/S/A (not implemented yet)

 

 

 

[New Buzzen Auth]

Uhh yeah, thats some of the reasons why myself and many others said the msn ocx sucked big time. I never want to script for it again!

Well that is normal for any software, it is part of the development cycle... bugs are discovered and patched. mirc had a buffer-overflow issue too.

[New Buzzen Auth]

it has little to no security and I'm guessing the naughty people of chat are already taking advantage of that.

msn ocx had security issues too and much worse, for example: it was possible to crash the whole browser and sometimes that crashed windows too, buffer-overflow issues, cloning, unkickables, etc...

 

So far we had no critical security issue like buffer-overflow. And any security issue that was rated as high was patched within 24hrs.

[Extreme Team Reunion!]

What is ms silverlight? an O/S?

Basically it is Microsoft's version of flash. It is supposed to be released as RTM in early 2008. And we have one webchat ready in silverlight too for IRCwx server

[Msn Chat: Screenshots Of Tools Used By Sysops]

I think those tools are made by Koach, some must having used on msn chat. Looks like they are being used on Koach's server. I can see some names that stay on Koach's server.

[New Buzzen Auth]

Hi, I did all that, the md5 routine returns the same byte sequence as that website, however, I am sending the bytes, not the hex string that the website gives you.

 

I still get the erroneous nickname thing.

 

I went to the irc server and logged in, I got a message about nick Guest_Guest being in use, so I changed my nickname there (it was appearing as a jumble for some reason). After that I could join fine.

 

Next I tried to connect again with the bot, still get the erroneous nickname. I get this returned before I do the USER nic nic nic thing.

 

I'm at a loss to explain it.

 

I did find something while poking around, on the webpage source of the new chat theres a variable that reads like this.. fvTicket=ao7YC9wpefgsegtrthsrthrhrh ..now i'm not sure what that actually is but I cannot find anything else on the page to do with user info. The old chat used to have your cookie in the renderchat call. Now if you could auth just using that ticket, that would be alot easier, lol.

 

Anyway, I'll keep trying.

1. you need to send it in hex, not bytes. If you are using mirc then current version has md5$ function.

2. don't post your session info in public.

[Buzzen Chats New Layout and Design.]

Finally, i didn't have much time to look at buzzen v2 webchat area, but it looks like no javascript on the webchat (especially not on the page where the chat area is done) uses XMLHttpRequest objects. You may say "so what ?" and I may answer "so this is no Ajax without XMLHttpRequest s". If you read DHTML (Dynamic HTML) definition as stated on Wikipedia:

This is exactly matching what seems to be done on buzzen v2 webchat site: HTML4, CSS, Javascript (which may include DOM manipulations). Ajax is the usage of all this plus XML and sending asynchronous HTTP requests from Javascript and processing the result to present it using (X)HTML and CSS (and it's not limited to that). It's not only about formatting text using javascript and displaying it using HTML and CSS by communicating with a flash application which is more in the DHTML scope.

Client is based on html, javascript, css, flash, xml, and asynchronous calls. Programmers are not bothered to give it a specific name, but ajax comes close. If anyone wants to give this kind of programming a specific name, be my guest.

*************************************

 

 

As for XForms, it is an intent to provide an XML-description language for forms that is presentation-INdependant. It is, as stated on wikipedia, much like attempting to define a MVC DP (Model View Controller design pattern, quite a complicated one as there are many approaches and derivations of it). Sure it could be used probably with AJAX but it is not a way to standardize AJAX as far as i can see it from reading currently or previewed released XForms specifications.

I agree that AJAX and XForms will be used in conjunction. However, this blog explains better what I meant:

However, the W3C already has an alternative to Ajax: XForms. Now I’m sure not many people read weblogs from W3C members but I tend to do that — remember the being unique thing? Mark Birbeck is an invited member of the HTML Working Group and he has written two articles on how to implement Google Suggest using XForms and Google Maps (the basics). Of course, we can’t really style XForms or use it. Note that having a semantic solution for Ajax doesn’t make javascript more accessible; that is still a real world problem.

 

Now I’m not advocating for XForms in combination with XHTML2. XForms is the semantic counterpart to Ajax.

 

http://annevankesteren.nl/2005/05/ajax

Here is an article that goes into more detail: http://www.oreillynet.com/xml/blog/2006/03..._revisited.html

*************************************

 

 

ActiveX is not that insecure if users are smart and controls are *signed* (otherwise ie6 sp2 and ie7 do not let them execute)

Actually, it isn't secure compared to ajax or something similar.

1. It may work for well known companies like Yahoo, MSN, and Adobe, but signed code can be from wrong publishers and still it will have trust issues since once activex control is accepted it gains direct access to windows api. This is not an issue with javascript in webbrowsers since it is built to work without signing and thus puts security limitations on commands that can be sent through javascript.

Here is an example of activex issue that I'm talking about:

In addition, IE provides more information about the publisher of a program as well as whether the program is digitally signed. That’s not necessarily a big advantage for users, however, especially when dealing with publishers who are actively trying to deceive them. During the course of testing, I found one program that had been digitally signed using a legitimate certificate but phony information, and two others that had been signed using homemade certificates, including one from – no kidding – Joe’s-Software-Emporium.

 

http://blogs.zdnet.com/Bott/?p=109

 

2. Another problem that comes from direct access to windows api by activex controls is that if there is a security exploit like buffer-overflow then an attacker can use it to take over the computer of a user. This is mitigated with the use of javascript in popular webbrowsers and components build on popular activex based runtime like flashplayer because they are used by millions of users, therefore, these kind of exploits will be discovered and patched very quickly compared to custom developed activex control that would be used by comparatively much less users.

 

I hope that makes it more clearer.

[Buzzen Chats New Layout and Design.]

I already seen that the beta version of Buzn V2 had banned guests few hours after the buzn update, why ? because it's "so stable" ? lol.

First, that was a server side issue and not related to ajax.

Second, guests were banned because server had to take the load of 36,131 page views per hour and irc server had to take 1,900+ concurrent connections, so guest flooders were a nuisance at that time. Web server, database server, and irc server were running on the same machine so for beta load test the results were pretty good. Like you said we'll see the stability and reliability of the system as the development progresses and more load tests are done

[Buzzen Chats New Layout and Design.]

Today, ocx are no longer a security hole for users[emphasis mine]. But ajax used with a chat server, could create new security holes, currently not know on chats with ocx.

No offence, but that was hilarious . Ocx has full access to windows API, once a user accepts to run it. AJAX client is no more than javascript & xml/xhtml code running in a browser. Best answer was given by Director of Engineering of the Mozilla Foundation.

When asked why they don't support ActiveX, Chris replied: "Firefox doesn't provide support for proprietary technologies such as ActiveX and the Microsoft Security Zone model [because] these two features set up the possibility for the silent download, installation, and execution of remote code as a feature of the browser. It's a powerful feature that web developers can take advantage of, but has also proven to be a feature that is prone to security and privacy problems.

 

http://www.webreference.com/programming/firefox/index.html

 

here is another quote:

The lack of ActiveX support has been a major reason why the Opera, Safari and Mozilla browsers remain more secure than Internet Explorer, according to security experts.

 

http://www.techworld.com/applications/news...cfm?NewsID=1856

 

Another thing ajax is not really a new technology, it is a name given to the new style of use of old technologies. Javascript, xml, x/html, and http asynchronous calls didn't came into existence with ajax, people just combined them for better webapps and called it ajax.

 

Btw, W3C is officially standardizing AJAX style of programming in the form of XForms ( http://en.wikipedia.org/wiki/XForms ). But at the moment no browser natively supports XForm specification. Firefox has an extension, so perhaps firefox will be the first one to properly support it. Maybe XForms will replace Activex browser controls.

[Buzzen Chats New Layout and Design.]

For the differences between ocx and ajax see the following links:

OCX: http://en.wikipedia.org/wiki/ActiveX_control (ocx is basically an activex control).

Ajax: http://en.wikipedia.org/wiki/Ajax_%28programming%29

 

Few main differences I'll put it here:

1. OCX is executable like an exe file, and it is compiled to binary code. AJAX is scripting based technology, it is not complied to binary code.

2. OCX is native to windows and may run into problems if used on other platforms. AJAX is comparatively platform independent.

3. OCX gains full access to local system just like any other executable file, thus it can read or delete local files etc. AJAX is very secure on the client side and most browsers run javascript code under security limitations, thus it has almost to none chances of serious security exploits; for this reason AJAX apps don't require digital certificates.

4. OCX is coded in programming languages that support Microsoft's COM model e.g. C++, VB6, etc. AJAX programming is mainly done in javascript along with htm/xhtml/xml code.

 

Some people are calling our ajax client as ocx, thats not a problem really... I think users in general don't really care what you call it as long as they like it.

 

Ajax could make for a very unstable chat client. SQL attacks could be very easy to do seeing as the xmlhttprequests are going to be constantly used, along with the JS. But, as I've said, atleast they're working on something different.

We have good protection against SQL attacks, and we are constantly monitoring and updating against any other kind of security exploits. In any case, AJAX is much better than ocx (or any other executable) from client-side security point of view.

The only main concern with AJAX client is speed of execution since it is a script based technology. But people who have tried it never complained about an speed issues; most PCs these days are over 2Ghz and difference in speed in normal chatting won't be noticeable by a human.

 

Furthermore, people have choice of clients. At the moment server supports flash, ajax, and mirc clients. In future, there will be support for activex client, and other kind of applets and clients.

[Cloning on Buzzen?]

He going to BSR helpdesk and they said for supporting a chatroom you need to idle there.

BSR rooms are registered rooms, they don't need idling. Room may have gotten closed during updates, your friend can put this in BSR support forum, if he can give the correct info (verify) about the transaction then they will reopen the room.

[Cloning on Buzzen?]

[Cloning on Buzzen?]

Okay, first, we're using emoticons, not the whole ocx.

Emoticons are copyrighted by MS, so they are illegal to use. However, I doubt it, MS cares and I don't care either.

 

Okay, first, we're using emoticons, not the whole ocx. We're not basing our entire chat service off of an OCX that another corporation built, and claiming fame for.

You can use the ocx, but I doubt it it would help. There are couple of networks that are using msn ocx:

"THE CHAT THAT WE DARE NOT SPEAK IT'S NAME": 5,000+ cc users on average.

Phriek: 750+ cc users on average.

Sparkpea: 250+ cc users on average.

An then there are many other networks that use msn ocx, but they won't even reach 100 cc users.

 

In short, using msn doesn't necessarily mean that the chat network will be popular. MSN ocx is a good software - secure, almost bug free, and easy to use; however, it doesn't guarantee large user base.

 

 

 

 

"i have my own chat"

Whats the link?

 

i have my own chat

Whats the link?

[Cloning on Buzzen?]

 

Legal

<snip>

[Cloning on Buzzen?]

We're glad you find your own chat network a joke.

First, Βuzzen is not my network. Second, you are rushing to conclusion. This thread could be entertaining for many reasons other than what you assumed.

[Cloning on Buzzen?]

This thread is most entertaining... keep up the good work!

[I stand corrected: it is legal to use msn chat control]

Copyright law has 3-year statute of limitations, and msn chat control has passed its copyright statute of limitations. In layman terms, it is not illegal to use msn chat control on the basis of copyright law.

 

Check the following link for copyright statute limitations: http://law.freeadvice.com/intellectual_pro...limitations.htm

 

 

[I stand corrected: it is legal to use msn chat control]

am i rite inthinking you are a little bias towards buzzen chuck , because they host the project your working on?

Make it what you will but it doesn't really matter. Maybe or maybe not, it is difficult for me to access correctly. And I'm not working on the project, but I help. Logically, it doesn't make sense because supporting buzzen on this issue can make them stick more with their own system. Developers at net-bits.net were clear from the beginning, users come first and net-bits.net software comes second. If users like buzzen's own set-up then they won't push their software. Buzzen can try it, if their users like it then they can switch to it, if they don't and buzzen won't host the server then no hard feelings, buzzen has her rights and whatever comes out better for the users.

 

JJ never really used modified ocx or supported it, but he never bashed other scripts or bot developers over it or their users. Whatever is good for the users, is good for net-bits.net developers.

 

For the sake of argument lets say I'm biased towards buzzen, but then I don't go around bashing other networks on their short comings even though buzzen has a clear advantage of better infrastructure. I leave to the users to try, whatever they find good, is good enough for me even though my personal opinion may differ. I'm simply trying to state the facts.... there is difference between stating point of facts and going on and on a lengthy argument on why people shouldn't use <xyz> network or why it is bad. Except this one I didn't start topic related to buzzen, and even then I never went into to argument about very strong points of buzzen network from users perspective. It has some down points but it has apparently strong points from users perspective. And I'm not gona go into them unless I get pushed - it is up to the users to try and make their own assessment. I'm just gona try to balance disproportional, and in some cases false, views.

[I stand corrected: it is legal to use msn chat control]

Who cares? lol, Just see This Thread and build your own using your choice of compiler, Even use visual basic if you like, Its official, But its illegal for them to decompile your code, Which then means unless you use an image created by them etc, They couldnt know, Remember you can modify the modules using something as simple as reshacker, idk - what do you think?

I hope you don't take my comment personally. But I think that would be worse and won't stand a chance in court. Court doesn't judge things as black and white, they'll look at the perspective of users, msn, or any other party involved. If it benefits public and doesn't harm original owner(s) than in cases like these courts may rule in the favor of the defendant if a case is filed. But riping due credits is ethically very wrong and won't stand a chance in courts at all.

 

Delivering the opinion of the Court, Justice Thomas played it down the middle. He explained that there is no basis for treating patent cases differently than other types of disputes in evaluating the appropriateness of equitable relief. “According to well-established principles of equity,” he wrote, “a plaintiff seeking a permanent injunction must satisfy a four-factor test before a court may grant such relief.” Specifically, a plaintiff must show:

 

- that it has suffered an irreparable injury;

- that remedies available at law, such as monetary damages, are inadequate to compensate for that injury;

- that, considering the balance of hardships between the plaintiff and defendant, a remedy in equity is warranted;

- that the public interest would not be disserved by a permanent injunction.

 

http://www.nixonpeabody.com/copyright_arti...4&PubType=N

Above case not exactly the same, but it may give some idea. Second, if software is not hosted on the network then it make things more complicated since linking normally doesn't constitute of copyright violation. Court can rule differently based on the situation but normally linking is not an issue.