Jump to content
Game-Labs Forum


  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by Brigand

  1. Shouldn't the 'Brig' and 'Navy Brig' be listed as real under the US ship called 'Fair American'? http://www.modelshipmaster.com/products/tall_ships/Brig%20Fair%20American%20model.htm


    I'm aware of the similarities, but so far, it has not been confirmed if the devs used those plans or if they just looked at several model ships or their plans and came up with their own design. If they had build the brig to truly resemble the Fair American, they would have surely named her as such. Somaybe she was loosely inspired on by the Fair American, but we simply don't know. Keep in mind that there were a lot of brigs sailing these days; it was quite a popular rig. So she could just as easily represent some other brig.


    The Fair American is a nice model though.



  2. The cutter has the cutter rig. The difference between the cutter and the sloop* is that a cutter typically has more head sails; at least more than one, typically three. All topsail from the 18th century were still almost invariably square (the gaff top was only introduced very late in the 18th century) In addition to the main sail (which is a gaff sail on a cutter rigged vessel), cutters of old typically also had a yard to fly a square course from.


    As Maturin already observed: it would be unlikely that a cutter would fly both square course and the gaff mainsail at the same time.




    *As with most sailing related 'definitions' you could have a discussion about this. Sailing terminology is not helped by the fact that the terms are used interchangeably by different countries, for a great many years, etc.

    • Like 1
  3. I'm guessing (but I don't know, I'm just a volunteer) that you will miss out on the extras:

    3. All current owners of the game will be able to start playing before Steam early access opens. Head start date is set on 19th of January. Everyone will receive several exceptional vessels for participating in the testing of the game. To receive the exceptional vessels you must login and create a character during head start. Only created characters will receive ships.

    But nobody other than admin can make the decision.



    • Like 1
  4. Thank you very much... reinstaling steam and dedicating a new folder to instal games helped. See you in the seas fellow sailors! 


    Welcome to the open seas and good luck!


    closing topic,



  5. Why is the Ontario listed in the OP and greyed out (meaning not released yet), when the Snow (which is basically the Ontario afaik) is also listed in the OP and is also in-game already? Also, isn't the "Pirate Frigate" in-game? Also, if you're listing variants, there's the unnamed "74/3rd Rate" that's in the game right now.


    Thanks for the comments! I've clearly been away too long.


    I was under the impression that, our current snow is loosely based upon the HMS Ontario, while there are plans to include a more faithful representation of the HMS Ontario in the future. I'm however not sure about this.


    The "Pirate Frigate" is simply in the wrong category, I'll move it. Do you know if it is simply a variant of the Cherubim?


    What is the 74 / 3rd rate you speak about of which ship is it a varaint?



  6. handling language issues in the forums is already ridiculous and is going to be impossible after EA. Also many EA players are not going to come here to read rules and are probably not going to read any "click to agree" rules you put in the game.

    We are going to have to tolerate bad words until language rules are directly in game and dealt with entirely in game.


    Ignorance is not an excuse. Let's not pretend otherwise.


    We've had this discussion before, those who did not agree at first, changed their minds later and learned to play by the rules.



    • Like 2
  7. (...), you can litrally do the same thing using a pirate group vs one guy who has a second character on any of the nation or neutral. ...)


    This has happened in the past. It is the classic case of damage farming. It has been made very clear in the past that damage farming will not be tolerated.



  8. You don't need a https website to HASH passwords, which is already a pretty safe way of doing things. So i disagree and think that its a bad and misinformed point with a lack of understanding of what https actually does and how to properly secure passwords.


    I should probably not step into this discussion, but I think some clarification is needed.

    It seems you are confusing two parts of password security. One part is about storing passwords or, more properly, password identifiers. The other part is about communicating the (knowledge of) the password with the server. My question to migrate the forums to https addresses the second part.

    Storing passwords on the server is a bad idea. Fortunately, this fact is slowly becoming a known fact. Instead of storing a password, a password verifier should be stored. The accepted best practice is to hash the password (using a password hashing algorithm (such as BCrypt or SCrypt) or, less ideal, a key derivation algorithm (PBKDF2)) and only store the computed hash. Verification of the password is done by hashing the client supplied password and compare the resulting hash to the one stored on the server; if they match, access is granted.

    However, before the password can be verified, it needs to be communicated to the server. The only* method of communicating safely with a server available to a web browser is (unfortunately) by communicating through SSL/TLS. In other words, by communicating over https.

    Hashing a password on the client side (before transmission) to subsequently send it over a non-encrypted connection is, unfortunately, non-secure. The problem is two fold: first, the hash (as calculated on the client side) effectively became the password: since the server will grant access to whomever sends the hash, I could simply send the hash as well and impersonate you. The second issue is that, since the connection is non-encrypted, the integrity of the data you receive cannot be guaranteed. In other words: I can manipulate the information sent between client and browser and, as a result, I can remove the client side hashing (which is typically handled by a snippet of javascript code). The result would be that you would, unknowingly, send your password as plain text over the wire (=wifi nowadays).

    Hope this clears things up a bit.


    *other methods exist, but they are far from practical and typically only feasible within an organization which can control software on the client machines.

    • Like 5
  9. Hello Admin,


    It would be a good idea if the forums (and maybe the website) would be moved to https. This may seem as a low priority issue, but I think it is not. Let me explain.


    Short explanation: Because passwords.


    Long explanation:

    Because it is a well know fact that people reuse passwords, and people like to keep their passwords organized (the human brain is awfully bad at remembering strong passwords) there is a big chance that people reuse their Naval Action forum password for other services, both Naval Action related and other, as well.


    Since the connection to the forums is non-encrypted, username::password combinations are send in plain text over the wire (which ironically nowadays means through wifi). So any user logging in using a public or otherwise shared wifi router is extremely vulnerable to MITM (=man in the middle) sniffing attacks; anybody with a mild interest in the subject can harvest passwords at, for example, your local starbucks corner.


    By migrating the forums to https this attack vector would effectively be disabled.



    • Like 5
  • Create New...