I know, I know. This time it’s a little late. Though it is still April, so why not give a status on the developments of Lumonality? A few security changes have taken effect, the Lumonality Launcher has gotten an update, and there are a few updates on upcoming projects.
Account
To start, there have been a few changes to the account management system in the form of two new features. The first of which has been inspired by the idiotic vulnerability that Google’s YouTube platform has experienced in the past month.
Session Tokens
What is a session token? When a user logs into a website. The website must keep track of who is logged in and where. To do this, a long randomly generated string is sent along with every browser request in the form of a Cookie. The cookie’s value is an Identifier that the webserver will use to serve the information that pertains to your account, rather than someone else’s. Though there is an issue, cookies are stored on the user’s computer meaning they can be stolen. If someone steals a cookie from your computer and injects it into theirs, the web server will assume that the stealer is you. While it appears Google may not have had any checks in place for cookie stealing, Lumonality has. From the very beginning, a session would be terminated if the IP address of the client changed. This means that if a user were to steal that cookie, it would do them no good. The moment they attempt to use it unless they are in the same location as you, it would be terminated. Though this also means that when you traveled, you had to log in every time you moved to a different internet connection.
However, Lumonality will now remember your IP address for 30 days in an encrypted format. Once you are logged in, your IP address is stored under your account. If you move to a location that Lumonality doesn’t recognize, the session will be immediately terminated and you will be prompted to log in again. While this feature is on by default, the in coming weeks it will be optional as stated later in this article.
The second of these features comes in a much smaller significance. Login Passover is a feature used by the Lumonality Core. It allows an app to be launched with a key that will automatically log you in. In the past, an app may open up a browser window that closes immediately, as the webpage just needed to be opened to log you in. Yet, now the application must open the browser window and the user must authenticate the login handshake.
Lumonality Core
The Lumonality Core Launcher has gotten several features in the last couple of months. The Launcher will now show you a friends list, keep you up to date with articles, update applications in the background, and install applications to multiple different locations.
Login
The login page of the Lumonality Launcher has changed. The Login starts automatically and the user is presented with two options, a button to open the login in the browser and a QR code. The QR code is used to log in with a mobile device. While it is possible to log in to the Launcher remotely with the QR code, it is not recommended as the session will be terminated at random once it notices that the IP address has changed. The QR code login is available for login with mobile devices in the same vicinity. If you are logged in to a different account on your phone compared to your computer, you may log in with your phone and use that account instead of the account logged into your computer. Alternatively, if you only have passwords saved to your phone, you may log in quicker with the phone.
Drives
The Lumonality Launcher will now also allow applications to be installed on different drives or folders. This allows you to store specific apps in different locations if you would like. If a drive isn’t detected, the Launcher will ask you to “Insert the application media” and once detected will run the Application from that drive. Drives can be set up within the settings menu of the Launcher.
Upcoming
Account
As stated previously, an Account options menu will be coming soon that will allow a user to opt in or out of different features such as the IP recording stated before. This page will continue to be updated with different features that may come later. If there is ever a feature that you may not want on your account, such as 2FA, this would be the first place to check. Domains will also be able to control if certain features should be on or off for their users.
Website
The home page may change dramatically soon. There isn’t a lot of reason to go to the home page right now and it needs to be revamped, there may also be a slight change in theme across the website to give everything a similar feeling.
The Tile Game…
As stated in the last update. I released an early alpha version of a game named Havoc. I also stated I was continuing to develop this game in Unity. This development is still in progress and an early demo should be available by the next status update.
Image Gallery
Arizotaz.com used to have a system where a user could upload images to their account and share them via URL or keep them private. This feature was hooked into a companion application that would allow screenshots to be uploaded directly to the site and the URL for the image was copied to the clipboard. I plan to re-invent this feature and store images in a user’s cloud storage.
Cloud Migration
To expand cloud storage, a system needs to be developed that will allow for files on Lumonality to be dumped to an offsite server. This feature is expected to come but has fallen into hardship recently. Once this feature is complete, Cloud storage may jump from just 25MB to over 10GB. A new cloud portal will also be coming to view files from the other server.
I believe that this ends the updates and coming changes to Lumonality. Though as always many of the added features are not planned, rather they are implemented as they are thought of. There will likely be other changes that were not mentioned in this article.