Current events

From Shifti
Revision as of 20:33, 12 October 2014 by ShadowWolf (Talk | contribs) (new account creation temporarily disabled)

Jump to: navigation, search

The Asirra (cat&dog picture) Captcha system that we have been using for the last few years has shut down.

I have temporarily activated a different Captcha system, but if it is a permanent change or if we'll be switching to a different system has yet to be decided. If anyone has tried to sign-up since the start of the month and couldn't because the Captcha didn't work, mea culpa, mea maxima culpa. I did not pay attention to how Asirra was going even though I knew the system was still in Beta and might go away at any time.

--ShadowWolf (talk) 23:19, 11 October 2014 (CDT)
After the rash of account creations after switching to ReCaptcha thanks to the Asirra shutdown we've temporarily disabled account creation. We have had 15 new accounts created, and only one of them is verified as not being a bot - the rest have names that meet the standards of an auto-generated bot name.
--ShadowWolf (talk) 20:33, 12 October 2014 (CDT)

Separator k left.png Old News Separator k right.png

It seems that something went wonky with a security feature of the server that the hosts insists on yesterday and stopped all significant edits from occurring. The fine folks working the technical support department of our hosting provider managed to locate the cause really fast and after examining things on their end found that it was easy to fix.

After fixing it there was still a 403 error happening when I tried to edit Shifti:Sandbox. That, it turns out, was not any kind of bug, it was the security feature doing its job. A very long time ago I had tried to include a Google Talk widget on that page as a test to see if I could possibly make it easier to contact an admin. That code included an <iframe> element. While used correctly (in this case) to host an applet served up by a different site, they are also very commonly used to perform malware injection and some attempts at server hacking. And how do they get into pages? Through form-fields submitted with an HTTP POST command - exactly how saving an edit on Shifti is done.

In other words, our hosts have done something to provide extra security and it has been a complete success so far, although it has it's moments. The problem is now gone and Shifti is back to its usual, quirky self.

--ShadowWolf (talk) 12:55, 19 September 2014 (CDT)

It seems that the Asirra captcha mechanism is broken again. It might be related to an error that has started popping up on pages where a bit of javascript is broken. Said bit of javascript refers to a variable that should exist (and in the past did exist) but is, apparently, no longer being created before it is being used. I don't know if this is because Firefox and Chrome (the two browsers I've tested with) are running in "strict" mode (a feature recently added as part of the ECMAScript 5 standard) by default or not. I will keep testing and looking for a solution.

--ShadowWolf (talk) 14:02, 27 September 2013 (CDT)
I've narrowed down the error, somewhat, to a problem with the javascript being served from the actual Asirra providers site. I'll keep looking to see whats happening, though. (I disabled the script that was causing the error I thought might be at fault and that has done nothing).
--ShadowWolf (talk) 18:34, 27 September 2013 (CDT)
Issue was localized to something that was actually in the ConfirmEdit git repository but not in their released code. Problem solved.
--ShadowWolf (talk) 19:30, 27 September 2013 (CDT)

As part of checking into an error people were having editing Shifti I updated the code base. Part of that update required deleting the existing code and pulling an all-new copy from the developers. I had to do this because I had not done similar at the original install time. I am now in the process of restoring things from a backup. That's all - sorry about the dust folks. Should be over with soon and the problem has been fixed (for some values of the term).

--ShadowWolf (talk) 18:17, 5 May 2013 (CDT)
We appear to have lost 4 images that were uploaded after the last backup. I'm sorry for this, folks. I'm working on getting in touch with the uploaders to have them restored.
--ShadowWolf (talk) 19:06, 5 May 2013 (CDT)

As I reported back in August of last year some of our users seem to be affected by a piece of crapware called "Yontoo". In the time since that report it has gone from being "potentially unwanted" to being "a threat to Mac users". According to Dr. Web Anti-Virus it has now begun popping up as a full trojan on Mac's - affecting Safari, Firefox and Chrome on that platform. This tells me that it has likely always been a trojan.

According to the article it is presented to the user as one of several things - a "Video Quality Enhancer", a Codec Plugin or something equally odd. When they go to install that item they are asked if they also want to install "Free Twit Tube" and when they say yes, Yontoo is installed as a plugin for all three mentioned browsers.

Yontoo is not (yet) proven to be dangerous, but it does inject ads into pages that do not originate with the site that has served up those pages and is, apparently, driving a massive click-fraud scheme. People please check your systems and do what you can to get rid of Yontoo - Shifti is free of ads for a reason and, if I have anything to say about it, will remain ad-free until it dies.

--ShadowWolf (talk) 17:01, 21 March 2013 (UTC)

Three years ago the Transformation and Furry communities lost one of their best authors to a tragic aneurysm. Michael W. "Morgan" Bard was among the most talented unpublished authors I have ever known. More than that he was a good friend and to this day I find myself running into things that make me think of him and want to talk to him. We miss you, Morgan!

--ShadowWolf (talk) 19:14, 12 March 2013 (UTC)

The captcha system appears to be giving some users problems with posting new content. If you are an author and looking to post your stuff to Shifti, please contact ShadowWolf for a free upgrade of your account to author status in preparation for your posts that would normally move you to Author status. At this time it appears to be the only fix. We will be looking into this problem.

--ShadowWolf (talk) 02:17, 28 February 2013 (UTC)

Note for new Shifti users.

When you sign up for an account, please put something on your user page so we know you're not a spammer. If you decide to use a NameNumber (ie: JonBuck42, Darla25) username pattern without doing this your account may be preemptively blocked due to the amount of spam we get that fits this pattern.

Thank you.

--Buck (talk) 19:06, 19 September 2012 (UTC)

In checking the logs as processed by AWSTATS (reading the raw logs is rather boring) I noticed an odd referrer line. After researching it, I found that it comes from a piece of adware. According to Symantec, the makers of Norton 360 and related suites of security software and tools for deep work on PC's, it is "potentially unwanted" and installs an IE Toolbar that will pop-up ads that "look like they are from FaceBook". To me the fact that they are trying to hide the source of the ads and, it seems, pull sites through their own software to add advertisements, makes this not "potentially unwanted" but "completely unwanted". I'm suggesting that all users of Shifti check their PC's for that and other nastiness and, if possible, either remove the stuff themselves or find someone with the skills to remove the crapware for them.

This suggestion comes because our users are the lifeblood of our site and therefore very important to us. If their computers are infected with one piece of crap like that, then there are likely other pieces of crapware installed. The name of the crapware in question is "Yontoo" -- people, please note the name and check your systems. Crapware like that never comes alone and usually opens up holes that other crap can use to screw your computer completely.

--ShadowWolf (talk) 01:56, 4 August 2012 (UTC)

Shifti has now moved to a new hosting provider whose machines have more grunt than could ever be provided by me. The only problem is that I will not be able to provide the comprehensive, weekly database dumps that have been being provided. Not to worry, though, because the new host provides a cPanel interface that should let us backup the databases easily.

--ShadowWolf (talk) 03:40, 9 July 2012 (UTC)

Finally figured out what was causing the problems with the upgrade to MediaWiki 1.19 and have completed it. Due to file-caching issues (I believe!) there may be some issues with images not displaying properly. This is not something I can easily solve, but I will attempt to purge the cache manually and see if this does, in fact, fix the issue.

Other than that, enjoy! The site is now running the latest public version of the MediaWiki software and will likely soon be moved to its new home on a hosted service that Jon Buck is paying for out of his own pocket. We're hopeful that the move (when it is completed) will solve the lag issues and the problems some people have reported with editing pages.

And yet again spammers win - any new accounts require a validated email before editing is allowed. I have, as well, installed an extension that checks several blacklists of known bot addresses and similar for purposes of blocking known spammers.

--ShadowWolf 19:04, 27 February 2012 (UTC)

The spammers win again - I've updated the captcha system to use ReCaptcha so we should be facing less spam. The problem is that this now means more technological hurdles for the users and that isn't always a good thing. On the plus side all people flagged as "author" in the database will be able to skip the captcha system.

--ShadowWolf 15:36, 17 January 2012 (UTC)
I'm still seeing what look like 'bot registrations. They fit the pattern but apparently can't post anything. --Buck 19:07, 28 January 2012 (UTC)
I see 'em too, but can't do anything unless they start spamming. And if they've broken ReCaptcha, then there is no real way to stop them. Unless there is another system we can use in addition to the two or three spam-blocking methods already in place. --ShadowWolf 20:20, 28 January 2012 (UTC)

After a report from Robotech Master I fixed an error in the font embedding that seems to have effected users of Chrome and possibly other WebKit based browsers. Simply put they expected a 'font-style' and 'font-weight' specification in the font-embeddings, which I didn't do because I didn't know of the requirement. I've also cleaned up that part of the CSS and made the embedding a bit more streamlined. Hopefully this works to solve the problem of italics and boldface not showing for some people.

--ShadowWolf 17:24, 11 January 2012 (UTC)