BreakPoint
Idea Exchange Priorities
Just a little teaser on the interface for voting for your "Top 10 Most Respected" users. The list is populated with all users from the database who have a non-zero Reputation (your reputation is equal to the number of people who have you in their Top 10 - if you are on 8 people's Top 10, you have a Reputation of 8), in addition to the top 20 or so Kudoe'd authors on the LabVIEW board.
Is there someone not on the list you would like to add? No worries, just type in their UserID (mine is 88938, you can see it in the hyperlink of my profile page). For instance, you can see below that I added 117075, the highest-Kudoed non-ASCII user on the forums. Who is in your Top 10 is viewable only by you, but your cumulative Reputation is public.
And of course, to do CCFrog.gif and friends proper justice, the Avatars are properly animated.
There are a few hurdles still holding me back from releasing this Top 10 interface and IdeaVIEW (the interface for sorting, grouping, and investing in your favorite Ideas from the Idea Exchange, I'll give screenshot teasers at a later date).
First, user authentication. I want a 1-to-1 relationship between who-you-say-you-are to the IdeaVIEW server and your ni.forums.com username. The problem here is I am certainly not going to do a IdeaVIEW-server-side authentication with your password - your credentials stay between you (the client) and ni.forums.com. I have attached (as a zip, cannot figure how to save a library for previous version?) a client-side authentication mechanism that piggybacks on to your secure ni.forums.com login (look at the code, let me know if there are any security issues) that also scrapes your accurate post count since the service provider for these forums is, shall we say, arithmetically challenged. That accurate count is used to determine your initial "bank" for investments. I plan on using this client-side authentication just one time for an IdeaVIEW registration process (not a "process" per se, just a username verification and a new password creation for logging on to the IdeaVIEW server).
Secondly, hardware restrictions. Currently, I would be able to use my own piece of hardware at home as a server running LabVIEW homebrew server code, but uptime is an issue here. I have attempted to fast-track some PHP and MySQL skills so I can host the database and API on my website, but learning this stuff as I go has been throttled by my cranial horsepower limitations.
Finally, this project has become heavily tilted toward my own benefit of learning rather than any potential benefit the community would gain from having a decent way to view and vote for Ideas. It's been a fun sandbox of new toolkits and connectivity that I just can't spend time on at work, and I constantly get distracted learning how to do things better and more professionally.
So, check out my attached authentication code, give feedback, and stay tuned for the next few weeks... IdeaVIEW screenshots to come...
It hit me this morning a few more ways of making this "black box" less "iffy".
First, rather than black boxing the entire messaging protocol to the IdeaVIEW server along with the forum authentication, only black box the forum authentication. That black box would return an 8-byte Unique IDentifier - an encoded version of your forum User ID. Again, mine is 88938, and it would be transformed into an arbitrary 8-byte number, for instance 0x3FC9F9B5B870BFB8. This encryption could be done with secret salt hard coded into the login exe - again, not totally fool-proof, but good enough. Currently, there are around 150k registered users here, which can be represented by 18 bits (2^18=262144) If I used a 64-bit UID, that's 46 bits of encrypted fluff - virtually impossible to randomly guess another UID unless you know the secret salt.
Still, I would want to share this algorithm with a few trusted community members who can all vouch that it's legit.
So, the GetLoginCredentials that I attached would become the "black box" executable and it's output would be a 64-bit UID, which would go in the header of any message back and forth between you (the client) and the IdeaVIEW server as your identification. You could feel free to try and guess another UID to spoof someone else's identity, but the probably of getting one right that the server would accept as valid is 1 in 70368744177664 (2^46).
Also, as proof that this "black box" is not sending your password to my server is simply the size of the UID - I can't fit a typical username and password into only 8 bytes, and if I can, you need to change your password anyway!!!
With this method, virtually 100% of the source code could be run from the project in development mode, so it will even be clear how communication back and forth with the server works. And even the black box source code can be released - just not the secret salt.
On another topic...
I realized a good server-side verification that client-side authentication is legit: just look at the Recent Logons to forums.ni.com. If the IdeaVIEW server receives a message from a client, it can verify that the requesting client is actually logged on and active. Cool!
With that being said... what the hell is the Grand Wizard doing logged on at over a dozen different computers???! Is he outsourcing his expertise to lowly-payed lackeys in all timezones of the world? Is this the secret to his success?! (altenbach, just giving you a hard time... but seriously? What's up?)
well there are some fields, which you can make public in your profile, and you could just pick on of them.
For instance, how many of you still have an ICQ number?
The easy thing is that I don't see a valid reason of storing any data in there (your personal profile) and have no-one seeing it.
For me it would be very little work to get a valid hash and store this in my ICQ field and open up that page.
Ton
LabVIEW user groep 
