Part 3 in a series on authentication for multiplayer games www.rhelmer.org/blog/stellar..., I'll have a post in a few weeks on how the games are actually using this (still testing that bit!)

Part 3 will be released next week and describes using HPKE to prevent PII (like real name and email address exposed by the Identity Provider like Google/Apple sign-in) from being exposed by a database breach. Let me know if you're interested in reviewing!

A sequence diagram showing a secure authentication flow between a User, Browser, Auth Server, and Game Server. The process begins with the User entering credentials into the Browser, which sends a POST request to the Auth Server. The Auth Server returns a "Set-Cookie auth token" to the Browser. The Browser then sends a "Join game with cookie" request to the Game Server. The Game Server validates the session with the Auth Server, receives a "Valid user ID," and confirms "Game joined" back to the Browser. A highlighted note at the bottom emphasizes: "Cookie never accessible to JavaScript."

Part 2 of my series on multiplayer web games is live!

Using HttpOnly + CHIPS to stop XSS and tracking while keeping subdomains seamless. I *think* it describes a reasonable CSRF mitigation, thoughts?

🔗 www.rhelmer.org/blog/stellar...

#WebDev #InfoSec #WebSecurity #indiedev #gamedev

Rewriting my 17-year-old Breakout! clone for the modern web A post about rewriting my 17-year-old Breakout! clone, now named Meteor Bounce hosted by Stellar Whiskers Games

17 years in the making! ☄️👾

Meteor Bounce is a modern rewrite of a 2008 Breakout clone. We’ve added cosmic physics, touch support, and a fresh coat of paint. 🚀

See the evolution: www.rhelmer.org/blog/rewriti...

Play: www.stellarwhiskers.com/meteor-bounce/

#StellarWhiskers #IndieDev

New coordinates locked in! 🚀 We’ve just updated the Stellar Whiskers quadrant with:

🃏 Stellar Solitaire (Brand new!)
⚪️ Rocket Reversi (difficulty levels + fresh UI)
💎 Crystalign & Meteor Bounce (Graphics overhaul)

Come play for free and help us fuel the mission! 🌌

#IndieDev #Gaming #SpaceVibes

Play Free Online Games | Reversi, Puzzles & More | Stellar Whiskers Play free online games including Rocket Reversi (reversi/othello), puzzles, and arcade games. No downloads required - start playing instantly in your browser!

Major progress on login system:

☁️ Cloud saves for all games
⚔️ Multiplayer coming soon
📬 Optional updates (no spam, ever)
❌ Zero ads, zero data selling, zero nonsense

We're indie devs, not data brokers. Your trust > everything.

www.stellarwhiskers.com

#indiegamedev #cloudsave #privacy

Spent the morning wrestling a subtle C/SDL memory leak. Brutal reminder of low-level complexity makes me profoundly grateful for Godot. Perf trade-off is real, but velocity and sanity gain from its resource management and abstraction layers are a huge win.

#gamedev #godotengine #indiedev #godot

what happens if u cut 4 wires out of an ethernet cable & then plug it into yr PC

Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.

I have […]

Decided to learn modern C++ by building a game engine instead of Hello World.

Now I have: ECS architecture, OpenGL renderer, cross-platform builds, and a working space shooter demo.

Was this overkill? Yes. Would I do it again? Also yes. 🎮

www.rhelmer.org/blog/buildin...

#gamedev #cpp

Split-panel pastel illustration with the caption “Are you gonna be #1 or a 0?” Above, on the left, a confident woman in a pink blazer holds a shiny gold number one trophy. Below her is a red error message reading “Error: exit status 1.” On the right, a chill woman with lavender hair in a teal hoodie holds a glowing number zero while sitting at a sticker-covered laptop. Her side is labeled with a green success message: “Success: exit status 0.” Beneath both panels is the tagline “REAL ONES EXIT 0” in bold lettering. This meme-style artwork plays on Unix shell conventions, where a process that finishes successfully exits with status code 0, and errors exit with code 1 or higher. The cultural punchline flips mainstream notions of “being number one” by celebrating stability, quiet success, and correct code execution over flashier but broken performance. It’s beloved by coders, DevOps engineers, and anyone who’s spent late nights chasing green checkmarks in CI pipelines. This is terminal humor with pastel swagger—where “zero” isn’t nothing, it’s everything. Real ones don’t crash, they compile, deploy, and vibe out in soft hoodies with stickered laptops and clean logs.

My humor?
Terminal.

Music notes looking like a smiling face

Funny guy

Can You Ditch Cookie Banners and Still Get Useful Analytics? Explore cookieless analytics with Umami to ditch cookie banners while keeping useful insights. Privacy-first approach to GDPR compliance.

Everyone hates cookie banners—users ignore them, conversions drop, compliance is messy.

I tested cookieless approaches that eliminate banners. Promising results, but legal nuances matter.

My findings: rhelmer.org/blog/privacy-analytics-without-cookie-banners/

Automatic, Configurable Analytics for Umami with umami-kit Umami Kit is a drop-in enhancement for Umami Analytics. Scroll depth, time-on-page, visibility, and click tracking—no cookies, configurable, and privacy-first.

A privacy-first analytics enhancement for @umami — adds scroll depth, time-on-page, visibility, click tracking, and more.

- No cookies
- First-party tracking
- Just one script tag to get started

www.rhelmer.org/blog/automat...

#UmamiAnalytics #PrivacyTech #OpenSource #Analytics #WebDev

GitHub - rhelmer/magicor: Magicor is a puzzle game similar to Solomons Key, but quite different. Magicor is a puzzle game similar to Solomons Key, but quite different. - rhelmer/magicor

Github repo is here: github.com/rhelmer/magi... it works a little better locally, if you have trouble with the resolution of web version looking wrong try entering/existing full screen.

A contributor just fixed a game-breaking bug in my old Magicor fork! This game is nostalgic for me since my kids and I used to play it when they were little. I ported it to Python 3 & Pygame, and I'm updating the WASM version for better web play: www.rhelmer.org/magicor/ 🎮 🐧 #gamedev #Magicor

Rewriting my 17-year-old Breakout! clone for the modern web A post about rewriting my 17-year-old Breakout! clone, now named Meteor Bounce hosted by Stellar Whiskers Games

Quick post about re-writing my 17-year-old Breakout! clone www.rhelmer.org/blog/rewriti... #webdev #gamedev #buildinpublic

Comparing game development using C and SDL vs. Godot vs. Web A post comparing and contrasting game development using C and SDL, Godot, and a pure web approach, from a cross-platform perspective.

I reimplemented the same game (Reversi) in Godot, Typescript and C+SDL to compare (so you don't have to!) www.rhelmer.org/blog/game-de... #gamedev #webdev #godot

Godot Web in Highlight io YouTube video by rhelmer

I've added a video to the post showing highlight.io live view on the left as I play the game in a browser on the right youtu.be/H_1KrXpJ1cs?...

Building a Cross-Browser Web Extension with React, Astro, Svelte, and Angular Step-by-step guide to creating a web extension in React, Astro, Svelte, and Angular for Firefox, Chrome, Edge, Brave, Vivaldi, and Safari.

My old blog post about experimenting with React for the `about:addons` UI in Firefox (spoiler: Firefox uses Lit now) keeps getting search engine traffic for people looking for how to build browser extensions in React, so I made one that covers a bunch of frameworks: www.rhelmer.org/blog/browser...

Observability in Godot Web games with Highlight.io Learn how to enable observability for Godot Web games for errors and session record/replay with highlight.io to see how people play your game

www.rhelmer.org/blog/observa... #webdev #gamedev #godot #indiedev

My Modern Website Hosting Stack for 2025 An overview of my modern approach to hosting and optimizing websites.

Just published my first blog post in quite a while! Sharing my 2025 website hosting setup guide using Astro + Azure Blob Storage + Cloudflare Workers for fast, scalable, and cost-effective sites. www.rhelmer.org/blog/how-i-a... #webdev #perfmatters