28/02/2005

Whoop, whoop.

THAT IS THE SOUND OF THE POLICE

Horn of the Feds

Having played the two editions of the Classic Episode I decided I should replay one of its main inspirations, Dawn of the Dead. It replaces Episode 1 of Doom. There is a DeHackEd patch supplied, but all it does is change the level names on the map.

It is a rare example of a wad that despite being a beta release is still a classic. You can tell it's a beta because, for example, one of the maps is missing. It's often cited as one of the "classic Episode 1 replacements" but it's not all episode 1 style (the classic episode itself is also similarly misrepresented) It is also quite oddly balanced with regard to booby traps, especially monster teleporters. You can pick up a prize like a key and have nothing happen, but a seemingly innocent object in the corner of a room might release a trap of alarming ferocity...

  1. Warp Station starts off quite easily in a grey brick techbase. There's a zigzag path over slime later on that's blatantly from Doom E1M1. It's pretty trivial to do.
  2. The Reactor centres around a large room full of slime, with a bridge over it. I don't know, it's pretty hard to describe, but it's well architectured, with plenty of windows and views of later areas. The secrets are good. You press a button and one of the pillars in the main room lowers and it turns out to have a soulsphere on it and you have no idea how to get to it. And then it turns out to be at the far end of a long run through a maze of slime-filled tunnels! Fun!
  3. Space Port doesn't have much to do with space... It has a lot to do with backtracking though. From the start area, which is very tricky, you go through some dark corridors with motion sensor lighting, to a couple of large outdoor slime lakes. On the far side there's another techbase-style area from which you get a red key. Then you pick a door and go round the loop. There is a right way and a wrong way to do this; there's one point round the loop that is one-way. So having been round the loop twice you can get into the hangar and get the blue key and then run all the way back to the start where the exit is. And then run all the way back to the far side of the loop to where the secret exit is. This map also features the world's most heavily booby-trapped box of rockets. Yes, box of rockets. Considering what happens, you'd have expected a soulsphere at least.
  4. Atmospheric Processor centres around a dark rectangle of slime-filled halls. Try to find the secret switch that raises drawbridges, it helps. There's a few side areas; a tech lab obviously inspired by E2M7, another tech lab that has its own thing, this optional bit that's full of slime and leads eventually to a chainsaw (and after all that you'll be thinking "what, only a chainsaw?") The main secret area is also inspired by the computer rooms in E2M7, but the secret it leads on to is more like your E1-style secret route to the outside of the base.
  5. Outpost 666 is the famous "missing map" of Dawn of the Dead. It is a placeholder, a tiny octagonal room with an exit switch. Map 6 of the Classic Episode is the finished version of this map.
  6. Fortress of Hate has more in common with The Citadel (Doom 2 Map 19) than anything from Doom. It's a castle. You start outside, and you should run around outside to find the plasma gun, you'll need it. Then you get locked inside the castle, where you are sniped at from windows everywhere. Seriously it's very hard not to run out of health, you really need to know your way around. Eventually you find the switch that opens the inner keep, which gives you the red key and another one of those bizarrely misplaced teleporter traps. The most frustrating thing about this map is the wide availability of bullets, but you don't get a chaingun until probably three quarters of the way through. You're limited to shells, and a berserk box near the start, if you can get to it, which I strongly suggest you try to do (There's also that plasma gun, if you found it, but there's next to no ammunition for it... although for some odd reason, that which is there, is spotlighted...)
  7. Death Awaits is one of that fine class of maps that I usually call "cohesive" or some crap like that. It does that thing where it crosses over itself and you keep revisiting the same areas but from different angles. Stylistically it's episode 4 more than anything else. The start is ridiculously hard, if you don't run in exactly the right direction you will die. In fact there are several places where if you don't do exactly the right thing you will die. That just makes it all the more satisfying to finish though, I suppose. Also it has these wonderful chains of secrets and teleporters and stuff. It is a pleasure to run around.
  8. At the Heart of It All is a fairly simple finale map; mainly episode 3 in style, I suppose, starting with a promising view of a castle, you go past a pool of lava, through a lab of some sorts, then a hellish chapel, finally teleporting into a large outdoor courtyard for the usual episode 1 ending of barons, spectres and pentagrams of blood. The main dangers here are the sniping sergeants on the battlements and accidentally being too close to an exploding barrel.
  9. Hunted down The secret level is achingly atmospheric, due to the incredible lighting. I don't know why its relegated to being a secret level, you usually save your crappy maps for secrets because fewer people will see them. Anyhow, it's a mostly open-air fortress, lit by warm sun in the south-west. Seriously, it really does feel like it's a fine spring day and summer is on the way. It is however quite hard, in particular at the start. There are monsters everywhere, they teleport around apparently at random, and there's no health. The yellow key is on an altar, on the way to which is a fiendish trap involving dropping bars and two barons... shame it doesn't work properly and is totally bypassable, really. Later on you get out the back of the fortress to a chapel, which is for once predictable about trap placement. It's not perfect but the sunshine effect amazes me every time.

In summary, Dawn of the Dead is not without its flaws, but given that it's a beta release, the fact that it's any good at all is impressive. The fact that it is roundly hailed as one of the quintissential Doom episode 1 replacements, and inspiration for so many, is astonishing. Give it a go, and play The Classic Episode afterwards for good measure.

27/02/2005

I think I have Tourettes because I have this constant urge to go COCK ARSE CUNT TITS SHIT FUCK WANK MUFF SLUT WHORE

Yeah this is another back-dated update, and I'm going to stop pointing this out now, it should be obvious which one will be the first live update, it'll be the one at the top of the page when I PUT THIS SHIT BACK ON THE INTERNET

Metamorphosis 10

Once again I found myself in the Union drunk off my arse listening to various forms of shitty dance music and trying to get a decent amount of dancefloor space, or maybe even a girl (yeah, right.) They didn't even have any drum and bass. Come on, guys, I've been to like six of these things and you always have drum and bass. On the other hand, unlike last year it meant I didn't get left behind by the people I went with because they're faggots who can't keep up with 174BPM.

Other than that I was determined to make some effort at talking to sluts, or "girls" as most people seem to call them. This was met with mixed success. As in, I was successful in speaking to them, but not successful in stopping them avoid eye contact, or run away, or whatever. In particular I managed to hug this girl in the queue after the tiringly predictable fire alarm, but that went quickly downhill after I found out what her name was.

Oh and immediately before that there was this fat girl in front of me being given a piggyback, she had low-slung trousers on so I took a pencil and attempted to write slogans on her enormous rippling backside, but they didn't turn out.

index.cgi

Okay you may be wondering what the hell is taking me so long getting this server thing done. Once I'd done my traffic shaping I set about installing Apache - well, Apache 2, in fact, I have no particular reason to stick with 1.3 - and reading all the documentation on how to configure it. This might seem like a trivial thing, you just apt-get it, but since it's user-visible I have to get it just right. Also, I can't go off writing web scripts without being sure that their inevitable bugs are in fact their fault and aren't coming from the server setup underneath them.

It initially took about a week. I had the vhosts working the way I wanted, the server successfully executing CGI scripts, enough knowledge about perl's CGI.pm to get started, and, ultimately, this page back up. However, it was a hacked-up, all-in-one executable named index.cgi. This was a) huge b) slow c) ugly d) in many places a line-for-line conversion of the PHP scripts I'd made before and thus e) unacceptable.

So I've decided to chop it up, and learn how to do Perl modules at the same time. The PHP version was all based around one file called index.php which, depending on the query string passed to it, would include other helpers, and call hooks in them as it generated the page. I've turned this on its head and made a library module (or package or whatever) called SiteLib.pm, and a bunch of small scripts that go "use SiteLib;". They call it at various points to generate the "templated" parts of the page, then fill in the gaps.

However I feel I've rather missed the point of namespaces (packages are just namespaces, really) since it works by exporting a bunch of functions which are all called "sl_somethingorother". PHP does this sort of thing and it's ugly. So I've not really solved c), I've just replaced one sort of ugliness with another. It's mostly solved a) though, the separation of code makes it more manageable. I've solved d) by just rewriting the worst parts as I've gone along. But there's still b).

It's too slow. When you request a page you're running a whole new process. A Perl interpreter has to be loaded, the script must be compiled, executed, its response collected and served back to the client. 0.4 seconds or so per request is not a good look. Before I can release this shit to the world, I have to speed it up.

So I am investigating mod_perl, which is very complex, and the documentation, which I have only just started reading, is very hard to follow. So, it's anyone's guess how long this is going to take. And I haven't even started reimplementing SNAFU...

14/02/2005

I wanted my site back up for its anniversary today

Instead you get yet another back-dated update. You don't even know when I wrote this, for all you know I could have written it on, I don't know, the fourth of March and you wouldn't be any the wiser

Yes anyway I'm trying to re-code my site in perl because if I can avoid php I will, even if it creates an awful lot of work in the meantime. I guess I should have installed php as a transitional thing, but I didn't want to. I've got apache to run CGI scripts if they're executable and called something.cgi. It's probably hilariously insecure.

Oh well at least Evil Dead II was on last night, oh man that's still the funniest shit ever.

All Hell Breaks Loose!

It certainly does when you use dodgy DeHackEd patches with PrBoom, which frankly doesn't support them very well. All Hell Breaks Loose is five maps with new weapons and monsters. Starting in your country ranch you hike to a nearby abandoned mine, over a bridge, through some caves finally emerging into a city complex(!) Yes it's pretty varied, like the monsters, here are some of them:

At least you get some improved weapons to deal with all of this

The maps are primitive to say the least. The problem with this type of partial conversion is that the author(s) put so much effort into making new monsters and weapons and then slap a few maps together that don't go far enough or don't really play all that well. The thing is, when one area of your project is outstanding and innovative it's really noticeable when another area falls a bit short. The levels aren't bad but they aren't great.

Also there was a huge problem in that the floating baron hellknight things crashed the game engine when they died. This was a terrible shame, and somewhat invalidates all the hype this mapset received both while I was reading about it and then while I was playing through it. Oh well at least you only have to read a shitty site update, you didn't have to play four and a half maps of this crazy shit before you find out it doesn't work properly.

Nuts Lite

I've talked about Nuts many times before. Since the last time I discovered that its author, having made Equinox, wanted to test uploading shit to the archive so he whipped up Nuts and the rest is history.

Recently - sometime in the past few months, anyway - somebody made a tribute called NutsLite. Its "tribute" factor is mostly that its final area is in a large courtyard densely packed with groups of large monsters. It starts out as a ride through some brick passages, and there's quite a nice area with some deep slime. The monsters look pretty weird running around and you can only see their top halves.

The whole thing is pretty near impossible and I had to play it on god mode, but I'm a crappy player and I bet there's people who can actually do this. It was good for a few runs around, anyway. I think the main problem is ammunition and that once you unlock the courtyard you have to run into all of those monsters as if you don't they all try to filter down the passageway. It'd be better if the weapons and some huge ammo reserves were more readily available.

Shock 'em down!

I first played Shock 'em down! when it came out in 2001, and a few months ago had cause to download it again because I was talking about deep water with the girl and recalled it as a wad that had a blue colourmap for that cartoonish underwater effect. It is a techbase, sort of E1-style but I think it uses too much E2 stuff to truly be called an E1 map. It is right to say it's a Doom level and "bloody well looks like it too"

It uses the odd Boom feature here and there, mainly the aforementioned pool, but fortunately doesn't do too much to break the basic Doom gameplay. It's pretty much faultless I guess. You could perhaps pick holes with one or two places where you have to backtrack a lot through rooms long since cleared out, or having to remove large crowds of demons with the shotgun, which is easy but quite tedious. There's a huge warehouse thing at the end which seems frankly empty other than a couple of boxes of rockets, it feels like it ought to be stuffed with monsters.

Still it was rightly hailed as one of the best maps of 2001 and you should go play it.

The Call of Ktulu

As part of the same discussion about colourmaps and Boom maps the girl pointed me towards The Call Of Ktulu. This turned out to be a Boom feature-laden castle map named after some song by some godsawful metal act whose name escapes me. The map is much better though. The moat is made of blood (red colourmap) There's a crazy bit where you walk up an wide and empty staircase to a button, press it, turn round and all these demons have appeared silently behind you. There's a point where you teleport (switch teleporter) to a kind of basement which then rapidly fills up with monsters. This is not an easy level.

As with all maps laden with Boom features some of them feel like they're only being used for the sake of using Boom features, I don't know if that's actually the case here or whether I just think that because I'm not so accustomed to them and so when I see them I'm all "hey that can't happen in regular game rules" so it's more noticeable. But, yeah. I liked the way you get drawn around it and you see bits that you can't visit yet and the blood flows through the tunnels and takes you with it down to the exit which you go past long before you actually get access to it.

Okay I seem to have lost the ability to write with any structure. So I'll just say okay it's pretty good and you should give it a go, but use savegames because it's pretty hard.

Halo of Wonders

Halo of Wonders is number 14 in the "kaiser_" series, and unfortunately it's more like 12 than 9. That is to say, it's impossible. It has some plot about every demon you've ever killed being resurrected in this arena and now it's your turn to enter the arena and blah blah who cares it just adds up way over 1000 monsters and well basically it's too hard for me to do it at all.

It is as usual from Kaiser very well made architecture with lots of detail, even too much detail maybe, I don't know. It's part techbase part gothic castle sort of thing. It does a few interesting Boom things like teleporting a red skull key into the centre of an arena. There is a dehacked patch which changes the BFG into some weapon from Doom 64 and to finish the map you have to use this weapon to kill this great big bug creature that does this hilarious dance and spits out mancubus fireballs at an alarming rate. But you won't get that far because it's way too hard.

It's okay to run around and look at or do on god mode but don't try to play it normally because it's too hard.

Putting the monster in a sandbox was quite interesting but the problem is it's rigged to end the current level when one dies. This isn't helpful in a sandbox so I managed to fix the dehacked patch to stop it happening. You have to extract the lump DEHACKED from the wad then reinsert it having removed the two consecutive lines "Pointer 423 (Frame 751)" and "Codep Frame = 783"

12/02/2005

Hear the drummer get wicked

Another back-dated article, written during the time I was rebuilding my site. I don't know how many of these there'll be. If I write too much nobody'll read all of it if/when I put it back up. Oh well.

Classic maps

The Classic Episode is an full replacement for Episode 2 of Doom, and if you haven't played it, you should. There are two versions; the one above is version 2, released mid-2002, and Classic Episode Original hosted by Doom2.net or Classic Episode Original hosted by Compet-n is the first version, released end of 2000.

The differences are mainly that the re-release is easier. The compet-n version is considerably more difficult on certain maps, due mainly to lack of health. It only still exists because lots of people had made demos for it by the time the rerelease was made. There's a changelog document in the rerelease zip file. In fact that's the point. Something recently inspired me to get both versions and play them side-by-side to examine the differences.

Those are the ones that I can remember. Anyway, enough babbling, the point is you should play this wad right now!

Hell Revealed on skill 2

I got into doing Hell Revealed on a lower skill level, again. I can now claim I've done all but a few of the maps, even if I have to whisper "on HNTR" afterwards.

The maps I still have yet to do on HNTR are 23, 24, 25, 26 and 30

25 seemed the most probable, but it turns out it's hardly any different from the UV version, and hadn't been toned down at all. No wait, there's two differences, on easy and medium skills you get a BFG at the start and on easy skill there's an invulnerability replacing a partial invisibility at the far end of the map. I found this not to be enough. Map 25 consists of a sequence of very nasty traps and frankly one invulnerability wasn't enough for me. I could have done with at least four.

To compare, I've done 1-8, 10, and 12, on a proper skill level. Of the others I think 9 might be possible if I got really good with the berserk box, and 21 might be possible because the entire level's weapons and ammunition supply is at the start. (The problem with many of the levels is not that they're impossible but they're impossible without already having an arsenal at your disposal on entry to the level)

Hell Revealed is one of those perennial WADs, but I've got sick of it again so I'm done now.

02/02/2005

Cluckfuck McDuck, Bumfuck Chuckschmuck

This is the fifth in a series of back-dated site updates that have only just been published

firewalling and traffic shaping part 2

So we move onto traffic shaping. The main reason I want to do this is so that I can still log in to remote hosts using ssh and be able to type fairly easily, even if I am downloading something or you fucks are spamming my web server with stupid requests (e.g. "GET /favicon.ico". Note to self: write another rant about Firefox another time)

Suppose you're uploading and also trying to ssh. If you're downloading you're also uploading; there are things called ACK packets to maintain a reliable stream. ssh sets its outgoing packets to have Type Of Service (TOS) Minimise-Delay so they leave your router at high priority by default. However they also are transmitted at the speed your network card talks to your modem, typically 10 megabits per second. This is way above your internet connection's upload speed, which is typically about 256 kilobits per second, if you're on ADSL. So a queue forms in the modem. You don't want this. The modem will just drop packets it doesn't have room to queue, for example ssh packets that should be prioritised over, say, http ACK packets. This creates latency and those annoying delays between keypress and character appearing in your ssh window. You want to

When there is network traffic to send out the kernel puts it in a Queueing Discipline, abbreviated to qdisc. Then the packets are dequeued as determined by the qdisc. A classless qdisc treats all packets the same. A classful qdisc is split into classes and you have to specify filters to tell the qdisc which packets go into which class. The default qdisc on an ethernet interface is a first in first out 3 band priority queue, that is, when a packet is queued it gets put into one of three FIFO queues depending on its TOS value. Packets are dequeued by priority and no attempt is made to slow the connection down; if there's packets to send, they'll just go.

Probably the easiest way to do what I want is to replace the default qdisc with a Hierarchial Token Bucket (HTB). This qdisc is pretty much designed for the problem I'm trying to solve but is only available in recent kernels (2.4.20 onwards, so not in Debian Woody unless you've upgraded) What you can do with this is set the maximum rate at which the entire qdisc can dequeue (that is at which your upstream link can transmit), and classify traffic into subflows which will be dequeued in an order given by choosable priorities. The best part is that if a higher priority queue isn't full lower priority queues can borrow their bandwidth.

(If you don't have a recent kernel you can make a similar setup by putting a bunch of Token Buckets into a simple Priority queue; the token buckets are independent of each other and their rates have to add up to the total upstream bandwidth you have)

Implementation

Okay that's the theory, and it's not really conceptually difficult, my terrible explanations notwithstanding. How do you actually set up this stuff? Obviously you need it compiled into your kernel. To initialise it however requires use of the command tc, which has probably one of the most awful command line interfaces ever made. I don't even think it's meant to be human-readable.

The first part is relatively straightforward, you set the qdisc of your outgoing interface to be an HTB, and make its first child class specify the maximum bandwidth of the link. (That should be a little bit less than your actual upstream bandwidth) Then you create subclasses of that first class that have a given guaranteed bandwidth, a given maximum bandwidth, and a priority. Obviously the given maximum bandwidth for each subclass shouldn't exceed the maximum bandwidth of the the parent class, nor should the sum of the guaranteed bandwidths.

Finally you attach filters to the qdisc that say which subclass of the qdisc to put packets into. This is probably the hardest part as the u32 filter is an awful thing that requires intimate knowledge of the structure of the header of a packet and inhuman ability with bitshifts and bitmasks and stuff. I found it much easier to use the fwmark filter, which classifies packets according to their iptables mark. This is why I have the mangle table, as I mentioned in the previous update. It says a lot about tc that writing iptables rules is much easier(!)

Summary

Anyway so basically what you have happening is this

Please note you can only do this with outgoing packets. There's not a lot you can do with incoming traffic, except police it. That is, drop some if you recieve too much. TCP ensures it gets retransmitted at the other end. I do this but I'm not sure how much effect it has.

Links

01/02/2005

"that doesn't make me amiable, it makes me stupid"

This is the fourth in a series of back-dated site updates that have only just been published

firewalling and traffic shaping

Okay so like I said last time I had decided to write an init script for setting up iptables since the one that came with the package was now deprecated. I also thought, if I do this for iptables I might as well do traffic shaping with tc at the same time, I've got all the kernel modules and how hard can it be?

Anyway so firstly lets do iptables. There's three tables you have to worry about. They are named filter, nat and mangle. Then, there are five places, called hooks, where the kernel's networking code gives packets to iptables (well, more strictly, to netfilter) to process. These are called PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING. For each table, when a packet reaches a given hook, the corresponding chain of rules attached to that hook is called to process the packet.

The tables seem to exist to conceptually separate iptables rules into known tasks. Some tables don't even have chains on all hooks, and only specific types of rule are allowed into each table. For example, the filter table only has chains at the INPUT, OUTPUT and FORWARD hooks. The separation into tables is for two reasons, one, it makes things clearer, and two, if you don't need a whole table, you don't have to have it in your kernel, and you can save space.

(I don't see any reason why you couldn't implement iptables without the tables, by allowing any type of rule to be attached to one big chain at each hook. However this would make configuration more complicated, make your kernel bigger than it needs to be, and probably harm a load of other stuff I can't think of right now... but I digress)

Anyway rather than repeat the entire netfilter HOWTO documents here I'll just say what I did. Firstly the input chain

I should note at this point that instead of just dropping packets I set it to "reject" them. This means you send back an ICMP packet saying the connection has been refused. You can also send back a TCP RESET for refused TCP connections. I have still yet to decide whether this is a good thing or not. It makes things like port scans faster (and I do like to portscan myself from time to time just to check it's all still working) but it could potentially be used to flood hosts with ICMP port unreachables or TCP resets by faking your source address. I don't know.

Anyway the OUTPUT chain, in contrast, can probably be left empty with a default polict of acceptance, since it is likely that you don't want to block anything your server does. One thing I have seen in OUTPUT chains is the dropping of all traffic leaving on port 135; ISPs such as plusnet interpret this as possible virus traffic and shut you down until you reboot your modem, even if it was actually just something harmless, like nmap. NTL don't do that though so at the moment I don't care.

The FORWARD chain is slightly more complicated. In some sense it needs to be the INPUT chain and the OUTPUT chain both at once. You have to be more careful and look at which way packets are heading when they reach it. You probably want to allow hosts on your network to connect to hosts outside it, but not hosts outside to connect to hosts within; although, if you have to use NAT you get that anyway.

That bring me nicely to NAT. How's that for a segué! It stands for Network Address Translation and means rewriting either the source or the destination address of packets as they enter or leave your network. A common use of NAT, and the only thing I use it for currently, is called masquerading:

As you can see, connection tracking is inherently a part of NAT so if you use NAT at all you get the state matching stuff for the filter table for free!

Other uses of NAT include things like port forwarding: say you are trying to play an online game and running a server for your friends to connect to. More than likely this game is Windows-only so you have to run the server program on a Windows box. You don't want to connect a Windows box directly to the internet. So you open the game's port and use NAT to forward all traffic into that port to the windows box. I did this a few months ago so the girl and I could play Doom over the internet, because I don't have X or any Doom stuff installed on my router. (Don't try this though, prboom's network code is really meant for LANs and runs really slowly over the internet, we called it treacle mode, it was quite painful)

The final table is the mangle table, which on recent kernels at least puts chains on all possible hooks. It is meant for changing arbitrary variables in packets. It is usually not necessary and has quite specialised uses. I use it to mark packets to help the traffic shaping script.

Yeah speaking of which I'll save traffic shaping for another time as this update is long enough already. I nearly said "long and boring enough" but I'll get yelled at if I'm too negative about my things, so yeah