Quote from TFalke55 :

The only disadventage is that you cannot just go to the setupfield to search a setup

We expected that problem, and we will try to supply a good default setup for every track before the season starts.

Quote from WGooden :

Hey Harjun Super Glue On The Heatsink Works Gr8 M8, Its Perfect For Those Of Us Who Don't Wanna Pay For The Name Brand "Arctic Polar Ice"!!!!

don't sniff the glue dude, it makes your pinky spasm on the shift key

well, to be honest, vertical is 90 degrees . Top mounted pedals would be a better description I think.

Anyhow, my tips for the thread:

- Remove the spacer for the throttle pedal pad (makes heel and toeing a bit easier.
- Only use the top bolt for the throttle pedal, so you can adjust the angle (also aids h&t)
- Get dxtweak to adjust the clutch axis (1st third and last third of the pedal travel shouldn't do anything). More realistic this way and helps a lot against misshifting
- On rscnet there is a thread on how to reduce the clicking sound of the h-shifter. unfortunately i forgot my rscnet password, so I cant search for the link (but this method does work).

harjun, if you overclock you should also benchmark you system. All that I've seen from you are some guesstimates as to what the exact fps was in lfs (while the lfs counter in lfs is the most irregular one i've ever seen).
So why don't you bring out 3dmark and proof the statements you're making (like running a 100mhz ppro at 900mhz!!)

Anyhow, this thread gets my vote for the most ridiculous thread of 2007

Mounting the pedals vertically? Wouldn't that be weird to operate?

Or did you mean mounting the pedals so they pivot from the top?

21.30 CEST indeed

Easiest way, and thanks to danowat for that, would be starting an empty server, and start a 1 hour race. When you finish the race you'll see all the laptimes on lfsworld

If you're a programmer this should be pretty straightforward with insim.

Quote from TFalke55 :

There is a programm called LFSPoints which works brilliant... as far as I tested it out...
so callculate the points should not be the problem...
as last season I could release some unofficial championchip standings after the race 'til the replays are reviewed (because of protests) and the official standings are released

Yeah, I've heard of the program, but I was looking for a mix of lfspoints and ctra X

Quote from gohfeld23 :

Lol I guess my download went sour as I didn't have anything to launch. It was just a series of unknown files, etc.
I'll re-download and run it again (btw I know how to connect insim, just didn't realize that it comes with a launch file and mine didn't)

*EDIT*
OK, I did it again and this is what I have in the folder. Nothing to launch, unless I'm missing something.
Thanks for your help.

Looks like this is a sdether sample app? In that case what you are seeing is a Visual Studio project, and you can find the application in bin>debug or bin>release

The biggest problem last year with the points was that we did it in excel (which sucks imo). If we have some preparation time, I'll try to code something that gets the race results at the end of the race, puts it into a sql db, and then exports it back out to lfs so every participating driver can see their points immediately (and without human error hopefully )

uf1300 will definitely be interesting as long as the majority of the participants share their sets easily. Dropping the reverse grid is also nice, and we can easily make them point-based for races 2 and 3. Success ballast is also a good idea as long as the increments stay small and are monitored and enforced.

Anyhow, I hope can settle on the perfect format soon so i can start coding certain stuff.

I dunno if "uitmelken" can be translated, but the closest would be "overdoing it"/ "extracting to much from a single product".
However, I have to disagree. ky2r, as3r, bl1r are way better then their overdriven (thus dull) counterparts.

A few ZWR members are also still interested

Quote from xaotik :

Yes, but Bruce there is on a totally different level and he can say "security industry" in a room full of people and they will maintain a straight face. I doubt he is referring about doing this to a software developer you can just about walk over to his house, knock on the door and tell him about it in person*.

* Disclaimer: I am not saying people should start doing this. It's just a proof of concept idea - however it will likely be very educational for you if you do do it. So yes - for educational purposes only.

That would make the whole "bug disclosure cycle" more interesting Maybe this is an idea for a reality tv show specifically tuned for nerds

Quote from tristancliffe :

I FOUND A FLAW IN THE CODE

If I replace cfg.txt with an executable virus, I can control the whole world! Devs, please fix this flaw. If you don't I'll release the code vulnerabilities in 37 minutes. No need to thank me, other than praise me online where everyone can see it please. Haw does that sound?

I always humbly await the moment you come posting in threads to read your intelligent input. And I have to say, this time you surpassed my expectations

Anyhow, for the opponents of public disclosure i'll post one more story to let them see from a different side. This one is written by Bruce Schneier, a well known person in the security industry.

http://www.schneier.com/crypto ... ublicizingVulnerabilities



here an excerpt for people to lazy to click

Quote :

Those against the full-disclosure movement argue that publishing vulnerability details does more harm than good by arming the criminal hackers with tools they can use to break into systems. Security is much better served, they counter, by not publishing vulnerabilities in all their gory details.

Full-disclosure proponents counter that this assumes that the researcher who publicizes the vulnerability is always the first one to discover it, which simply isn't true. Sometimes, vulnerabilities have been known by attackers (sometimes passed about quietly in the hacker underground) for months or years before the vendor ever found out. The sooner a vulnerability is publicized and fixed, the better it is for everyone.

That's the debate in a nutshell: Is the benefit of publicizing an attack worth the increased threat of the enemy learning about it? (In the language of the intelligence community, this is known as the "equities issue.") If vulnerabilities are not published, then the vendors are slow (or don't bother) to fix them. But if the vulnerabilities are published, then hackers write exploits to take advantage of them.

In general, I am in favor of the full-disclosure movement, and think it has done a lot more to increase security than it has to decrease it. Publicizing a vulnerability doesn't cause it to come into existence; it existed even before it was publicized. Given that most vendors don't bother fixing vulnerabilities that are not published, publicizing is the first step towards closing that vulnerability. Punishing the publicizer feels a lot like shooting the messenger; the real blame belongs to the vendor that released software with the vulnerability in the first place.

Quote from BBO@BSR :

I said a buffer overflow alone doesn't do anything to anyone
till someone used his criminal energy and wrote code to use or let others use this part of the software illegally.

Discovering a buffer overflow and writing shellcode for it isnt criminal nor illegal, otherwise they wouldn't sell books on amazon on how to do it....

Quote from xaotik :

Well, seeing this realistically - both people I know and myself have at times informed developers of software we use of security issues and in some cases of open-source software we supplied the patch as well.

Was there any public disclosure and release of a ready exploit? No.
Did the software become safer? Yes, I suppose. More stable for sure.
Did anyone exploit the vulnerability found in the meantime? No.
Did we hold anyone hostage demanding they do it within they timespan we, in our great wisdom, thought was appropriate? No.
Did anyone get credit someplace? Maybe - never followed up.

well, kudos for you, but I think you'll agree on the fact that you're part of a minority doing that.

Quote from Bob Smith :

Your country is set to UK - YOU did that - and your IP traces there.

Since when do moderators need to do ip traces?

Maybe this is a good article to read about bug disclosure:

Mozilla: Hackers control bug disclosure


Also, the main vibe I get from people like Sam is that you guys hate public disclosure. I do hope that you guys also realize what that actually means. Let's see what a ban on PD does:

There will indeed be a decrease in script kiddie activity, so hooray for that, but what will happen to all the POC's people write? Will the POC's still reach the devs of the software or even the anti-virus industry? And if the dev's and anti-virus firms no longer receive information about software weaknesses, how secure will the world be as a whole, and where do the exploits actually end up?

There is 1 thing I need to say to muhaa though. Releasing the POC code after only 2 days of notification is way too short, and scawen should've gotten more time. I hope you'll tell your friend that.

Quote from Krammeh :

I really think that there needs to be less "omg i want a cruise insim application" threads in here. If you cannot make an application you obviously don't have the knowledge required.

Can we sticky replies?

But seriously, I come to this forum section to read about programming stuff and to check out source code. I don't come here to read about someone who doesn't even know what insim is, and is requesting cruise or drift "insims" (....).

Last edited by mikey_G, Tue, 28 Aug 2007 11:25.

+1 here as well

Would be nice if we could put custom stuff on the lcd with insim (with multiple pages support).

Quote from wark :

ORLY :rolleyes:

Well, I guess if they used the books for teaching purposes, that there must be some truth in it right?
So far I havent found anything that backs up what you were saying, so if you think you can write more intelligent replies, please do

Here are the replays.