First you need to get your session id. In Chrome you can do it by opening Facebook, right clicking on a blank bit of the page and in the Developer Tools menu clicking ‘Network’. Then open the game.

You will see a lot of different hits that your browser is making, but you want to scroll down until you find the gameInit request. Copy and paste that url in to a new tab to load it and scroll right down to the bottom. There will be a chunk of text at the bottom like “currentUser”:{“userId”:10169xxxxx. 10169xxxxx is your user id so keep that for later. In the url you also see gameInit?_session=M-RzT9CNQfjM6xxxxxxx and the part after the = is your session id. You also need this.

Behind the scenes Candy Crush Saga uses a different naming scheme for the levels. You have an episode id and a level id. Episode id seems to be after every ‘break’ in the track in game and level id is the number of levels after the break starting from 1. For example level 39 is episode 4 level 4.

So you now have the following information:

Episode id: 4
Level id: 4
Session: M-RzT9CNQfjM6xxxxxxx
Facebook id: 10169xxxxx
Score: 123456 (Make something roughly plausible up for this)

You now need to make the security checksum. They simply hash a specific string and use the first 6 hex characters. Open a online MD5 tool such as this one which has a text box and a button and it outputs a string of gibberish when you press the button.

In the text box write this, filling in the values inside the square brackets as you go:
[episodeId]:[levelId]:[score]:-1:[userId]:1361826675157:BuFu6gBFv79BH9hk

The bit on the end is their ‘top secret’ verification string. You end up with something like this:
4:4:123456:-1:10169xxxxx:1361826675157:BuFu6gBFv79BH9hk

Pop that in to the MD5 box and hit hash. Make sure there are no spaces before or after your text as that changes the outcome. You should get 72a872f0399990657b6dd5fd2012691d for this example. You are only interested in the first 6 characters so keep 72a872 and ignore the rest.

Then you create the magical submit score request and load it in your browser. Fill in the blanks then open it.

https://candycrush.king.com/api/gameEnd?arg0={“score”:[score],”seed”:1361826675157,”cs”:”[6 character hash]“,”timeLeftPercent”:-1,”episodeId”:[episodeId],”reason”:0,”levelId”:[levelId]}&_session=[sessionId]

Remember the bits in [] brackets are the sections you replace. Don’t alter the rest.

Happy cheating.

Allow only alphanumeric:

$out = preg_replace('|[^A-Za-z0-9]|', '', $in);

Only numeric:

$out = preg_replace('|[^0-9]|', '', $in);

Alphanumeric with whitespace:

$out = preg_replace('|[^A-Za-z0-9\s]|', '', $in);

The ^ means match everything that is not listed, so you just list anything you need like symbols, numbers and letters and it will match everything else and replace it with nothing leaving you with a nice clean string. You can use this to filter stuff like hexadecimal, base64, postcodes, or just to force plain text.

It goes down from 10 to 6 cm resolution on the ground which is 8x better than Google’s satellite imagery in those areas.

It chews up over 100gig at the moment and more areas are being flown. Had to drive a portable hard drive of data to the data center to move it all. When you can very clearly see individual wires on a power line you know its good footage.

The growth of PropertyNow however has caused that speed to increase – first to 0.8 requests/second then to 1.5 requests/second then even faster still to 2.5 requests/second.

That is the fastest I’ve ever heard of. There has been a increase in quality content, and also the server can handle the speed, so naturally Google wants to crawl it all as soon as possible and refresh it as often as possible. The logs show that they do actually push that limit but in bursts rather than constantly.

This change has also coincided with alterations of the search results. All keywords dropped temporarily during the speedy crawl period.

Very interesting stuff indeed.

So much so, Google has taken a interest. Googlebot has been frantically crawling the past couple of days, and the Crawl Rate settings have changed as well. Usually you cant ask Googlebot to go any faster than 0.5 requests/s  but it is now letting me select up to 1.25 requests/sec or 0.8 seconds between requests! I’ve never seen that behaviour before.

We’ll have to see if that is reflected by a improvement in the search results. Fingers crossed.

Yesterday they attacked AFACT (Australian Federation Against Copyright Theft) and managed not only to take their site out, but they completely flattened NetRegistry who was their host.

On Whirlpool, NetRegistry is now being slammed for hosting them. It sounds like they will lose a bit of credibility after this one. Not only because some people are sympathetic towards 4chan’s cause, but also because NetRegistry willingly hosted a high risk site right next to everyone else’s website.

You really see a host’s true colours after a incident after this. A NetRegistry rep, Angelina Potapova, isnt handling the criticism very well. She’s basically said that anyone who criticises them must be one of the attackers which isnt a smart move when they are your customers or potential customers. She also incorrectly credited the attack to The Pirate Bay when it was 4chan who is completely unrelated.

As someone who pays for hosting through a provider, if they were hosting a high value target such as AFACT anywhere near my hosting, I’d be looking very closely at my SLA and I’d also look for a new host. Keeping them on the same infrastructure as everyone else is horribly stupid.  Not that it would have mattered if NetRegistry separated the site because the DDoS flattened their routers as well from the sound of it. They completely went offline for a good hour or two and everything was sluggish for quite awhile later.

I sure hope they are making AFACT pay for breaking everyone’s SLA…..thats if they have one. I couldnt find theirs which isn’t a good sign for their customers.

By the way, yes AFACT is the group that has been suing iiNet for not breaking the law and giving AFACT personal details on subscribers so my sympathy is limited.

I’ve also managed to finally find a very tall lava lamp. I’ve been looking for one for ages but its almost as if they dont exist. Its nice and tall with a metal stand which supports it. Only come in blue and red with clear liquid but beggars cant be choosers. $40 made it a quick sell.

Why? It is the release of Cornelia Funke’s new book called Reckless, and the server I’m watching is the official website. If anything goes wrong then I need to scramble around and fix it. I didnt create the website, but I’ve been tasked with making sure it can scale to stand up to the barrage of visitors from the Official New York premier of the book. Every single book has the URL in it so its not a small feat.

It should go well.
Few more hours and then the worst will be over and I can get a little bit of sleep before real work tomorrow.

NASA’s Gravity Recovery and Climate Experiment (GRACE) satellite data has been used to make an estimate of ice melt from Greenland and Western Antarctica. Why Western Antartica? Cause the rest of Antarctica is actually gaining ice. No one has the faintest idea why. That satellite data has now been shown to estimate 3x more melting than there actually is.

Just like in 2008 when the Arctic was predicted to melt completely. No ice at all during the summer. All the data was saying that it would be a bad year to be a polar bear.
But none of the predictions came true. The data was completely off.

It would be nice if the politicians made us stop wasting resources sure, but we dont have the faintest idea how the environment works, as shown by Antarctica growing and dozens of other examples. Do we know enough to create policy that has severe impacts everywhere especially the economy?