Part 3 in a series on authentication for multiplayer games www.rhelmer.org/blog/stellar..., I'll have a post in a few weeks on how the games are actually using this (still testing that bit!)
Posts by Robert Helmer
Part 3 will be released next week and describes using HPKE to prevent PII (like real name and email address exposed by the Identity Provider like Google/Apple sign-in) from being exposed by a database breach. Let me know if you're interested in reviewing!
A sequence diagram showing a secure authentication flow between a User, Browser, Auth Server, and Game Server. The process begins with the User entering credentials into the Browser, which sends a POST request to the Auth Server. The Auth Server returns a "Set-Cookie auth token" to the Browser. The Browser then sends a "Join game with cookie" request to the Game Server. The Game Server validates the session with the Auth Server, receives a "Valid user ID," and confirms "Game joined" back to the Browser. A highlighted note at the bottom emphasizes: "Cookie never accessible to JavaScript."
Part 2 of my series on multiplayer web games is live!
Using HttpOnly + CHIPS to stop XSS and tracking while keeping subdomains seamless. I *think* it describes a reasonable CSRF mitigation, thoughts?
🔗 www.rhelmer.org/blog/stellar...
#WebDev #InfoSec #WebSecurity #indiedev #gamedev
17 years in the making! ☄️👾
Meteor Bounce is a modern rewrite of a 2008 Breakout clone. We’ve added cosmic physics, touch support, and a fresh coat of paint. 🚀
See the evolution: www.rhelmer.org/blog/rewriti...
Play: www.stellarwhiskers.com/meteor-bounce/
#StellarWhiskers #IndieDev
New coordinates locked in! 🚀 We’ve just updated the Stellar Whiskers quadrant with:
🃏 Stellar Solitaire (Brand new!)
⚪️ Rocket Reversi (difficulty levels + fresh UI)
💎 Crystalign & Meteor Bounce (Graphics overhaul)
Come play for free and help us fuel the mission! 🌌
#IndieDev #Gaming #SpaceVibes
Major progress on login system:
☁️ Cloud saves for all games
⚔️ Multiplayer coming soon
📬 Optional updates (no spam, ever)
❌ Zero ads, zero data selling, zero nonsense
We're indie devs, not data brokers. Your trust > everything.
www.stellarwhiskers.com
#indiegamedev #cloudsave #privacy
Spent the morning wrestling a subtle C/SDL memory leak. Brutal reminder of low-level complexity makes me profoundly grateful for Godot. Perf trade-off is real, but velocity and sanity gain from its resource management and abstraction layers are a huge win.
#gamedev #godotengine #indiedev #godot
what happens if u cut 4 wires out of an ethernet cable & then plug it into yr PC
Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.
I have […]
Decided to learn modern C++ by building a game engine instead of Hello World.
Now I have: ECS architecture, OpenGL renderer, cross-platform builds, and a working space shooter demo.
Was this overkill? Yes. Would I do it again? Also yes. 🎮
www.rhelmer.org/blog/buildin...
#gamedev #cpp
Split-panel pastel illustration with the caption “Are you gonna be #1 or a 0?” Above, on the left, a confident woman in a pink blazer holds a shiny gold number one trophy. Below her is a red error message reading “Error: exit status 1.” On the right, a chill woman with lavender hair in a teal hoodie holds a glowing number zero while sitting at a sticker-covered laptop. Her side is labeled with a green success message: “Success: exit status 0.” Beneath both panels is the tagline “REAL ONES EXIT 0” in bold lettering. This meme-style artwork plays on Unix shell conventions, where a process that finishes successfully exits with status code 0, and errors exit with code 1 or higher. The cultural punchline flips mainstream notions of “being number one” by celebrating stability, quiet success, and correct code execution over flashier but broken performance. It’s beloved by coders, DevOps engineers, and anyone who’s spent late nights chasing green checkmarks in CI pipelines. This is terminal humor with pastel swagger—where “zero” isn’t nothing, it’s everything. Real ones don’t crash, they compile, deploy, and vibe out in soft hoodies with stickered laptops and clean logs.
My humor?
Terminal.
Music notes looking like a smiling face
Funny guy
Everyone hates cookie banners—users ignore them, conversions drop, compliance is messy.
I tested cookieless approaches that eliminate banners. Promising results, but legal nuances matter.
My findings: rhelmer.org/blog/privacy-analytics-without-cookie-banners/
A privacy-first analytics enhancement for @umami — adds scroll depth, time-on-page, visibility, click tracking, and more.
- No cookies
- First-party tracking
- Just one script tag to get started
www.rhelmer.org/blog/automat...
#UmamiAnalytics #PrivacyTech #OpenSource #Analytics #WebDev
Github repo is here: github.com/rhelmer/magi... it works a little better locally, if you have trouble with the resolution of web version looking wrong try entering/existing full screen.
A contributor just fixed a game-breaking bug in my old Magicor fork! This game is nostalgic for me since my kids and I used to play it when they were little. I ported it to Python 3 & Pygame, and I'm updating the WASM version for better web play: www.rhelmer.org/magicor/ 🎮 🐧 #gamedev #Magicor
Quick post about re-writing my 17-year-old Breakout! clone www.rhelmer.org/blog/rewriti... #webdev #gamedev #buildinpublic
I reimplemented the same game (Reversi) in Godot, Typescript and C+SDL to compare (so you don't have to!) www.rhelmer.org/blog/game-de... #gamedev #webdev #godot
I've added a video to the post showing highlight.io live view on the left as I play the game in a browser on the right youtu.be/H_1KrXpJ1cs?...
My old blog post about experimenting with React for the `about:addons` UI in Firefox (spoiler: Firefox uses Lit now) keeps getting search engine traffic for people looking for how to build browser extensions in React, so I made one that covers a bunch of frameworks: www.rhelmer.org/blog/browser...
Just published my first blog post in quite a while! Sharing my 2025 website hosting setup guide using Astro + Azure Blob Storage + Cloudflare Workers for fast, scalable, and cost-effective sites. www.rhelmer.org/blog/how-i-a... #webdev #perfmatters