New account registration once again locked as it seems that ReCaptcha 2 has been broken. We are also looking into methods of blocking or throttling those users that seem to do a full mirror of the site at least once a day.

Current events

From Shifti
Jump to: navigation, search

I've gone and done it and it didn't cost all that much once I found the right reseller. That's right - I've purchased an SSL cert for Shifti that is good for the next 3 years.

Yep, you heard me, Shifti is now "Secure" and will default to using 'https' from now on.

Thank you and have a good day! --ShadowWolf (talk) 01:09, 4 February 2017 (CST)

Separator k left.png Old News Separator k right.png

Y'know how that upgrade of MediaWiki (as mentioned below) ate our skin and some of our customizations, yet again? That was kind of the final straw for our more tech-minded admins. We're presently looking at and working on a replacement backend for Shifti. The hope is that this way we can add a few more Useful Collaborative Tools and also stop having to recreate things we use every time a security hole is discovered. The hope is to make this as unobtrusive and undisruptive as possible for our users whereever feasible (y'all are why we're here, after all!).

If you have an idea for something that would be useful for Shifti to be able to do, please feel free to email me, or leave a note on my talk page. Things we're already considering:

  • Markdown formatting support (in addition to or as a replacement for WikiML)
  • "Editor copies" for collaboration purposes (creating edits to a page that are proposed rather than final and reviewable by the page owner, for things like story editing collaboration and similar stuff)
  • Group-sourced tags and story categorization that doesn't require the author to make their entire story editable

Can we pull this off without disrupting things? Dunno, but we hope to give it a try. Hope this helps!

--Viqsi (talk) 12:00, 15 January 2017 (CST)

In trying to fix the issue with the 403 errors I upgraded to MediaWiki 1.26 - during this the 'skins' directory apparently disappeared.

A bit later I came across a quick patch style fix that papers over the issue causing the 403's without addressing the root cause. There is some hope that we can work with the hosting company to get a proper fix in place.

On a different topic... My backups are on a couple of hard drives that are not currently attached to my laptop. If anyone has a copy of the backups that were made available from before the move to the hosted system, please contact me. This will save quite a bit of work in rebuilding our custom skin.

--ShadowWolf (talk) 22:30, 3 March 2016 (CST)

I have just received notification from Google that the new version of ReCaptcha - based on detecting browser information that can generally differentiate a human from a bot - is now available for general purpose use. I am going to see if the Captcha framework module we rely on has an updated version capable of using it.

--ShadowWolf (talk) 17:41, 1 July 2015 (CDT)
Okay, ReCaptcha 2 is not yet merged with the ConfirmEdit framework - however, their "testing/unstable" branch does seem to have a module that will work for us based on a service called "Are You A Human" that seems to work in a similar manner to Asirra. I'll be working to bring that into Shifti today.
--ShadowWolf (talk) 17:44, 1 July 2015 (CDT)
Alright, the AYAH bit is not possible - the service providers reserve the right to insert advertisements along with the Captcha. However, it appears that the ConfirmEdit extension is currently without a maintainer and the Wikimedia Foundation is maintaining it steady-state for now. This does mean, however, that several patches have been suggested, one of which does enable the ReCaptcha v2 API and the use of ReCaptcha v2 entirely.
--ShadowWolf (talk) 17:57, 1 July 2015 (CDT)

ReCaptcha v.2 integrated and basic test completes without complaint. Site is unlocked to new registration and after I hit the "post" button here I'm going to change the banner.

--ShadowWolf (talk) 18:31, 1 July 2015 (CDT)

The Asirra (cat&dog picture) Captcha system that we have been using for the last few years has shut down.

I have temporarily activated a different Captcha system, but if it is a permanent change or if we'll be switching to a different system has yet to be decided. If anyone has tried to sign-up since the start of the month and couldn't because the Captcha didn't work, mea culpa, mea maxima culpa. I did not pay attention to how Asirra was going even though I knew the system was still in Beta and might go away at any time.

--ShadowWolf (talk) 23:19, 11 October 2014 (CDT)
After the rash of account creations after switching to ReCaptcha thanks to the Asirra shutdown we've temporarily disabled account creation. We have had 15 new accounts created, and only one of them is verified as not being a bot - the rest have names that meet the standards of an auto-generated bot name.
--ShadowWolf (talk) 20:33, 12 October 2014 (CDT)

It seems that something went wonky with a security feature of the server that the hosts insists on yesterday and stopped all significant edits from occurring. The fine folks working the technical support department of our hosting provider managed to locate the cause really fast and after examining things on their end found that it was easy to fix.

After fixing it there was still a 403 error happening when I tried to edit Shifti:Sandbox. That, it turns out, was not any kind of bug, it was the security feature doing its job. A very long time ago I had tried to include a Google Talk widget on that page as a test to see if I could possibly make it easier to contact an admin. That code included an <iframe> element. While used correctly (in this case) to host an applet served up by a different site, they are also very commonly used to perform malware injection and some attempts at server hacking. And how do they get into pages? Through form-fields submitted with an HTTP POST command - exactly how saving an edit on Shifti is done.

In other words, our hosts have done something to provide extra security and it has been a complete success so far, although it has it's moments. The problem is now gone and Shifti is back to its usual, quirky self.

--ShadowWolf (talk) 12:55, 19 September 2014 (CDT)

It seems that the Asirra captcha mechanism is broken again. It might be related to an error that has started popping up on pages where a bit of javascript is broken. Said bit of javascript refers to a variable that should exist (and in the past did exist) but is, apparently, no longer being created before it is being used. I don't know if this is because Firefox and Chrome (the two browsers I've tested with) are running in "strict" mode (a feature recently added as part of the ECMAScript 5 standard) by default or not. I will keep testing and looking for a solution.

--ShadowWolf (talk) 14:02, 27 September 2013 (CDT)
I've narrowed down the error, somewhat, to a problem with the javascript being served from the actual Asirra providers site. I'll keep looking to see whats happening, though. (I disabled the script that was causing the error I thought might be at fault and that has done nothing).
--ShadowWolf (talk) 18:34, 27 September 2013 (CDT)
Issue was localized to something that was actually in the ConfirmEdit git repository but not in their released code. Problem solved.
--ShadowWolf (talk) 19:30, 27 September 2013 (CDT)

As part of checking into an error people were having editing Shifti I updated the code base. Part of that update required deleting the existing code and pulling an all-new copy from the developers. I had to do this because I had not done similar at the original install time. I am now in the process of restoring things from a backup. That's all - sorry about the dust folks. Should be over with soon and the problem has been fixed (for some values of the term).

--ShadowWolf (talk) 18:17, 5 May 2013 (CDT)
We appear to have lost 4 images that were uploaded after the last backup. I'm sorry for this, folks. I'm working on getting in touch with the uploaders to have them restored.
--ShadowWolf (talk) 19:06, 5 May 2013 (CDT)

As I reported back in August of last year some of our users seem to be affected by a piece of crapware called "Yontoo". In the time since that report it has gone from being "potentially unwanted" to being "a threat to Mac users". According to Dr. Web Anti-Virus it has now begun popping up as a full trojan on Mac's - affecting Safari, Firefox and Chrome on that platform. This tells me that it has likely always been a trojan.

According to the article it is presented to the user as one of several things - a "Video Quality Enhancer", a Codec Plugin or something equally odd. When they go to install that item they are asked if they also want to install "Free Twit Tube" and when they say yes, Yontoo is installed as a plugin for all three mentioned browsers.

Yontoo is not (yet) proven to be dangerous, but it does inject ads into pages that do not originate with the site that has served up those pages and is, apparently, driving a massive click-fraud scheme. People please check your systems and do what you can to get rid of Yontoo - Shifti is free of ads for a reason and, if I have anything to say about it, will remain ad-free until it dies.

--ShadowWolf (talk) 17:01, 21 March 2013 (UTC)

Three years ago the Transformation and Furry communities lost one of their best authors to a tragic aneurysm. Michael W. "Morgan" Bard was among the most talented unpublished authors I have ever known. More than that he was a good friend and to this day I find myself running into things that make me think of him and want to talk to him. We miss you, Morgan!

--ShadowWolf (talk) 19:14, 12 March 2013 (UTC)

The captcha system appears to be giving some users problems with posting new content. If you are an author and looking to post your stuff to Shifti, please contact ShadowWolf for a free upgrade of your account to author status in preparation for your posts that would normally move you to Author status. At this time it appears to be the only fix. We will be looking into this problem.

--ShadowWolf (talk) 02:17, 28 February 2013 (UTC)

Note for new Shifti users.

When you sign up for an account, please put something on your user page so we know you're not a spammer. If you decide to use a NameNumber (ie: JonBuck42, Darla25) username pattern without doing this your account may be preemptively blocked due to the amount of spam we get that fits this pattern.

Thank you.

--Buck (talk) 19:06, 19 September 2012 (UTC)

In checking the logs as processed by AWSTATS (reading the raw logs is rather boring) I noticed an odd referrer line. After researching it, I found that it comes from a piece of adware. According to Symantec, the makers of Norton 360 and related suites of security software and tools for deep work on PC's, it is "potentially unwanted" and installs an IE Toolbar that will pop-up ads that "look like they are from FaceBook". To me the fact that they are trying to hide the source of the ads and, it seems, pull sites through their own software to add advertisements, makes this not "potentially unwanted" but "completely unwanted". I'm suggesting that all users of Shifti check their PC's for that and other nastiness and, if possible, either remove the stuff themselves or find someone with the skills to remove the crapware for them.

This suggestion comes because our users are the lifeblood of our site and therefore very important to us. If their computers are infected with one piece of crap like that, then there are likely other pieces of crapware installed. The name of the crapware in question is "Yontoo" -- people, please note the name and check your systems. Crapware like that never comes alone and usually opens up holes that other crap can use to screw your computer completely.

--ShadowWolf (talk) 01:56, 4 August 2012 (UTC)

Shifti has now moved to a new hosting provider whose machines have more grunt than could ever be provided by me. The only problem is that I will not be able to provide the comprehensive, weekly database dumps that have been being provided. Not to worry, though, because the new host provides a cPanel interface that should let us backup the databases easily.

--ShadowWolf (talk) 03:40, 9 July 2012 (UTC)

Finally figured out what was causing the problems with the upgrade to MediaWiki 1.19 and have completed it. Due to file-caching issues (I believe!) there may be some issues with images not displaying properly. This is not something I can easily solve, but I will attempt to purge the cache manually and see if this does, in fact, fix the issue.

Other than that, enjoy! The site is now running the latest public version of the MediaWiki software and will likely soon be moved to its new home on a hosted service that Jon Buck is paying for out of his own pocket. We're hopeful that the move (when it is completed) will solve the lag issues and the problems some people have reported with editing pages.

And yet again spammers win - any new accounts require a validated email before editing is allowed. I have, as well, installed an extension that checks several blacklists of known bot addresses and similar for purposes of blocking known spammers.

--ShadowWolf 19:04, 27 February 2012 (UTC)

The spammers win again - I've updated the captcha system to use ReCaptcha so we should be facing less spam. The problem is that this now means more technological hurdles for the users and that isn't always a good thing. On the plus side all people flagged as "author" in the database will be able to skip the captcha system.

--ShadowWolf 15:36, 17 January 2012 (UTC)
I'm still seeing what look like 'bot registrations. They fit the pattern but apparently can't post anything. --Buck 19:07, 28 January 2012 (UTC)
I see 'em too, but can't do anything unless they start spamming. And if they've broken ReCaptcha, then there is no real way to stop them. Unless there is another system we can use in addition to the two or three spam-blocking methods already in place. --ShadowWolf 20:20, 28 January 2012 (UTC)

After a report from Robotech Master I fixed an error in the font embedding that seems to have effected users of Chrome and possibly other WebKit based browsers. Simply put they expected a 'font-style' and 'font-weight' specification in the font-embeddings, which I didn't do because I didn't know of the requirement. I've also cleaned up that part of the CSS and made the embedding a bit more streamlined. Hopefully this works to solve the problem of italics and boldface not showing for some people.

--ShadowWolf 17:24, 11 January 2012 (UTC)