Stackable Blueprints

When I started doing industry jobs, I found it very annoying to constantly look up the item details for each blueprint and I often lost my BPOs in a sea of BPCs.

After looking on the forums, I found that many people were asking for a icon change. CCP’s response was that their look-up query for blueprints was very database heavy (costs a lot of resources) and there would need to be some major reworking of their database structure and query code to give the client the ability to quickly differentiate blueprints.

Here I was in 2008 getting annoyed while I found forum posts dating back to 2004 asking for this change!

With Incursion 1.5 (May 2011), the icon change for BPO/BPCs hit Tranquility and I rejoiced because my industrial life was forever changed. Simple change with a large impact. I believe than when they transitioned to 64-bit numbers for items, some work was done to rectify the database query and code was cleaned up.

I would like to rally all industry people for another change. For any person that does industry, you work with a large number of blueprints. I would love if there was the ability to stack items of similar ME/PE.

Here is a mock-up of two versions of stacking for blueprints:

The version on the left seems to be easier on the eye as the information is displayed in a banner format at the top.

CCP, here is your Agile user story:

As a person that performs industry jobs, having a way to organize a large numbers of blueprints would declutter the UI and simplify working with them.

Put that in your backlog and work it into a Sprint planning meeting.


2011 Trading and Industry Reflection

Overview

Moved my operations completely out of wormhole space and into known space. Attempted to get into the 0.01 fast flip market in Jita and Amarr. My interested in Eve faded over the Summer with the lackluster expansion and Monoclegate sentiments. I eventually expanded into Capital production with the acquisition of Carrier and Capital Part BPOs. Later on in the year I attempted a Invention/T2 production line but ultimately decided it was far too click heavy for the effort.

Profit Summary

The start of the year, I found great market niches and was moving 35-40 B/month to achieve around 7-9 B/month profit. Later on in the year due to personal life commitments and a lack of interest in Eve, I wasn’t logging in as frequently; I found that I was moving about 15-20 B/month in order to turn a 3-4 B/month profit.

Top 30 Items of 2011

The image on the right shows the top 30 items by profit for the last year. This was definitely a breakout year for me as I experimented with the market to find what Ships, Modules, Implants and other items produce the best profit.

#1 Large CCC’s. The best performer as these rigs are used in Capital and Battleships to reduce the Capacitor recharge cycle time.

#2 Capital Shield Transporter I. Producing Capitals in lowsec and keeping these items on the market was a great cross sell.

#3/4 Large Rigs. No surprise here as these are put in every Battleship.

#5 Maelstrom. I was slow to move into the Maelstrom market but after looking at the standard 2011 nullsec Alpha fleet doctrine, I quickly realized that I needed to be trading these heavy hitters — pun intended.

#6 Ishtar. This HAC was a surprise performer for me as they kept getting sold. My theory is that they are great AFK mission ships.

#7/8. Capital ship and the popular module. Easy cross sell like the Shield Transporter.

#9 Noctis. Everyone wants one.

#14 Oxygen Isotopes. I did not make any profits from the GoonSwarm ice interdiction. I was working through a stockpile of about 2-3 M Isotopes before the announcement hit. I was trading all four racial Isotopes but due to the popularity of Gallente towers, Oxygen Isotopes traded better than the other three.

#19 Hulk. Surprisingly a good performer. The majority of Jita flips came in at 5-6 M profit each.

#21 Dominix. The Space Potato is a great mission ship.

#22 Anshar. I wanted to build one as the project was a end-game build for an Industrialist. Details about the build costs and profits can be found in this post.

#26/27/29 Blockade Runners. This item was also a nice discovery once I started trading them.

#30 Dramiel. With the nerf in Crucible, I have seen a slow down in sales.

#12/13/18/20/24/25/28 Implants. People die.

SQL Profit Query

If you have your own wallet table, here is the query I used to pull up the stats for the year. Granted I took the output and made a nice table with it using PHP, but you can easily work with this query.

$sql = ('SELECT typeID, typeName, sum(profit) AS totalProfit, sum(quantity) AS totalVolume
				FROM wallet
				WHERE DATE(transactionDateTime) > DATE_SUB( DATE( :eveDate ), INTERVAL 365
				DAY )
				AND personal = 0
				AND transactionType = "sell"
				GROUP BY typeID
				ORDER BY totalProfit DESC
				LIMIT 30');

2012 Prospects

I’ve found a new, painless method for moving around large amounts of minerals using compression techniques. The new Tier3 Battlecruisers have great market potential not only in the ship hull, but the associated Large guns and modules.

I have been considering shutting down the Capital operation and venturing into different areas. This will move about 20-25 B worth of BPOs into liquid ISK. More spreadsheets are needed to illuminate my path.


Wallet Manager Security Issues

If you have been following this blog for a while, you know that my corpmate James and I have been working on a Wallet Manager site to help manage our Eve ventures. Over time it has grown into our all-encompassing-project-management-thing which now has a trading, manufacturing, invention, and cost analysis sections.

I wanted to disclose why this darn thing is not open to the public as the majority of the feedback that I have been hearing has been, “awesome, now when can I use it!?”

We have not made the site public because of security issues, specifically due to the numerous SQL injection abilities in our code.

Here is a common function that we use that takes the typeID of an item and returns its name. We use this so when we display a Cap Recharger II for example, you can see the name of the item and not just the ‘2032’ number identifier that is easier to work with from a programmability standpoint.

This PHP function retrieves the item name from an input of its typeID.

public function getName($typeID)
{
$sql = ‘SELECT typeName FROM invTypes WHERE typeID = ‘.$typeID.’‘;
$connection=Yii::app()->db;
$command=$connection->createCommand($sql);

//Run the query
$results = $command->query();
$itemName = $results->read();

return $itemName[‘typeName’];
}

The database query is highlighted in green and the terrible part has been highlighted in red.

What you are seeing is a database query that is fed a non-sanitized input. Good programmers will take the $typeID variable and sanitize it before putting it into the SQL query. A common check is to limit the variable to only have characters such as A-Z and 1-3 characters. This check will not allow any special characters such as  : ; ‘ ” $ that are used for SQL operations to be allowed in the query.

With our current function with the unsanitized input variable, you can plug in all sort of things into the query. You could inject code in place of the variable to read, drop, and modify the database,  something we obviously don’t want happening.

Sadly around half of our function were written in this fashion in order to get the pages up and working. Because it has been an internal project, the focus has been on the aesthetic result and not the security of the code behind it. If we were to release it to the public we would have to go over each function and check to make sure that it is secure.

Let me quote CCP and say Soon(tm) for the release.