And we've seen yet another spammer. But once more they got caught - this time by the hard-working [[User:JonBuck|Jon Buck]]. However, we, the admins, have discussed this situation in the past and come up with several plans. The problem is that those plans will all add yet another step to the process of posting. What we've decided on is using a [[wikipedia:Captcha|Captcha]] that must be passed to post. However, there may be a way to have that only needed for users that haven't signed in. We'll stay on top of things, but we do need to do something, because spammers will always take advantage of an open system like a Wiki.
<div class="content-block-body">
::::[[User:ShadowWolf|ShadowWolf]] 16:39, 12 October 2007 (EDT)
Took a bit and there might be a few missing images as I went a bit crazy cleaning things up when I found that I couldn't update because our host is running an old, unsupported version of PHP, but I've managed to, hopefully, get things working to the point that they were before. Sadly... SematicForms had a name-change and despite using a version that claimed to match to the MediaWiki version we're stuck on, the renamed code-base had errors.
The spammer came back from a new IP and has been banned yet again. Remember, we are never without an online admin watching Shifti. Anyway, I'm ready to start making some massive changes to the architecture so it will provide us with more information about people - spam is illegal and I will begin prosecution as soon as I finish making the in-depth logging changes.
In other news... As it says in the banner (might be gone by now), our Captcha system is repaired - seems that there was a change in some variable names and in how the config of the setup worked. It wasn't cleanly documented. Sorry that it was missed for so long.
::::[[User:ShadowWolf|ShadowWolf]] 18:55, 12 October 2007 (EDT)
--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 22:12, 23 May 2018 (CDT)
</div>
=== {{Separator|k|Old News}} ===
=== {{Separator|k|Old News}} ===
A minor period of downtime happened tonight. It wasn't planned, but it was with a purpose. Shifti now has a "[[wikipedia:Favicon|favicon]]"! The downtime was because Apache didn't want to acknowledge some of the localized configuration changes needed to make it work. Anyway, just had to let people know!
<div class="content-block-body">
::::[[User:ShadowWolf|ShadowWolf]] 00:40, 3 October 2007 (EDT)
I've gone and done it and it didn't cost all that much once I found the right reseller. That's right - I've purchased an SSL cert for Shifti that is good for the next 3 years.
Yep, you heard me, Shifti is now "Secure" and will default to using 'https' from now on.
Thank you and have a good day!
--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 01:09, 4 February 2017 (CST)
</div>
<div class="content-block-body">
Y'know how that upgrade of MediaWiki (as mentioned below) ate our skin and some of our customizations, yet again? That was kind of the final straw for our more tech-minded admins. We're presently looking at and working on a replacement backend for Shifti. The hope is that this way we can add a few more Useful Collaborative Tools and also stop having to recreate things we use every time a security hole is discovered. The hope is to make this as unobtrusive and undisruptive as possible for our users whereever feasible (y'all are why we're here, after all!).
If you have an idea for something that would be useful for Shifti to be able to do, please feel free to [[Special:EmailUser/Viqsi|email me]], or leave a note on my [[User talk:Viqsi|talk page]]. Things we're already considering:
* [https://en.wikipedia.org/wiki/Markdown| Markdown formatting] support (in addition to or as a replacement for WikiML)
* "Editor copies" for collaboration purposes (creating edits to a page that are proposed rather than final and reviewable by the page owner, for things like story editing collaboration and similar stuff)
* Group-sourced tags and story categorization that doesn't require the author to make their entire story editable
Can we pull this off without disrupting things? Dunno, but we hope to give it a try.
Hope this helps!
::--[[User:Viqsi|Viqsi]] ([[User talk:Viqsi|talk]]) 12:00, 15 January 2017 (CST)
</div>
<div class="content-block-body">
In trying to fix the issue with the 403 errors I upgraded to MediaWiki 1.26 - during this the 'skins' directory apparently disappeared.
A bit later I came across a quick patch style fix that papers over the issue causing the 403's without addressing the root cause. There is some hope that we can work with the hosting company to get a proper fix in place.
On a different topic... My backups are on a couple of hard drives that are not currently attached to my laptop. If anyone has a copy of the backups that were made available from before the move to the hosted system, please contact me. This will save quite a bit of work in rebuilding our custom skin.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 22:30, 3 March 2016 (CST)
</div>
<div class="content-block-body">
I have just received notification from Google that the new version of ReCaptcha - based on detecting browser information that can generally differentiate a human from a bot - is now available for general purpose use. I am going to see if the Captcha framework module we rely on has an updated version capable of using it.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 17:41, 1 July 2015 (CDT)
:Okay, ReCaptcha 2 is not yet merged with the ConfirmEdit framework - however, their "testing/unstable" branch does seem to have a module that will work for us based on a service called "Are You A Human" that seems to work in a similar manner to Asirra. I'll be working to bring that into Shifti today.
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 17:44, 1 July 2015 (CDT)
:Alright, the AYAH bit is not possible - the service providers reserve the right to insert advertisements along with the Captcha. However, it appears that the ConfirmEdit extension is currently without a maintainer and the Wikimedia Foundation is maintaining it steady-state for now. This does mean, however, that several patches have been suggested, one of which does enable the ReCaptcha v2 API and the use of ReCaptcha v2 entirely.
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 17:57, 1 July 2015 (CDT)
ReCaptcha v.2 integrated and basic test completes without complaint. Site is unlocked to new registration and after I hit the "post" button here I'm going to change the banner.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 18:31, 1 July 2015 (CDT)
</div>
<div class="content-block-body">
The Asirra (cat&dog picture) Captcha system that we have been using for the last few years has shut down.
I have temporarily activated a different Captcha system, but if it is a permanent change or if we'll be switching to a different system has yet to be decided. If anyone has tried to sign-up since the start of the month and couldn't because the Captcha didn't work, mea culpa, mea maxima culpa. I did not pay attention to how Asirra was going even though I knew the system was still in Beta and might go away at any time.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 23:19, 11 October 2014 (CDT)
:After the rash of account creations after switching to ReCaptcha thanks to the Asirra shutdown we've temporarily disabled account creation. We have had 15 new accounts created, and only one of them is verified as not being a bot - the rest have names that meet the standards of an auto-generated bot name.
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 20:33, 12 October 2014 (CDT)
</div>
<div class="content-block-body">
It seems that something went wonky with a security feature of the server that the hosts insists on yesterday and stopped all significant edits from occurring. The fine folks working the technical support department of our hosting provider managed to locate the cause really fast and after examining things on their end found that it was easy to fix.
After fixing it there was still a 403 error happening when I tried to edit [[Shifti:Sandbox]]. That, it turns out, was not any kind of bug, it was the security feature doing its job. A very long time ago I had tried to include a Google Talk widget on that page as a test to see if I could possibly make it easier to contact an admin. That code included an <iframe> element. While used correctly (in this case) to host an applet served up by a different site, they are also very commonly used to perform malware injection and some attempts at server hacking. And how do they get into pages? Through form-fields submitted with an HTTP POST command - exactly how saving an edit on Shifti is done.
We've recently had our first fight with spammers. Basically the spammers lost - because I don't think Shifti is ever without an admin online. Anyway, Shifti is growing by leaps and bounds. We've been online for approximately three months and for a few weeks it looked like we would be an "also ran". Then the TSA page on [http://en.wikipedia.org Wikipedia] was updated to mention Shifti and I modified a few pages on [http://furry.wikia.com WikiFur] and we started seeing traffic. Not long after than we were indexed by Google, but still the traffic was light - by the time Shifti had been online for 30 days we'd only hit about three thousand unique visitors. But then [[User:JonBuck|Jon Buck]] decided to move all of his stories to Shifti and replaced his site with a simple page pointing people here. Now, as we near the end of our second full month we've had our best month yet. While not a single one of the above events can be said to have caused this months explosion in traffic, the statistics speak for themselves. With the massive number of visitors (nearly 500) from Google set aside, [[User:JonBuck|Jon Buck's]] redirection is our single biggest source of traffic (short of direct access from bookmarks). Anyway, I guess the point of this little bit of talk is to let everyone know that Shifti is growing up. We've had more than 1300 unique visitors this month - more than we have for the last two months combined. And it holds true for the other stats - including bandwidth use. Before the end of the month Shifti will have used at least a half a gigabyte of bandwidth.
In other words, our hosts have done something to provide extra security and it has been a complete success so far, although it has it's moments. The problem is now gone and Shifti is back to its usual, quirky self.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 12:55, 19 September 2014 (CDT)
</div>
<div class="content-block-body">
It seems that the Asirra captcha mechanism is broken again. It might be related to an error that has started popping up on pages where a bit of javascript is broken. Said bit of javascript refers to a variable that should exist (and in the past did exist) but is, apparently, no longer being created before it is being used. I don't know if this is because Firefox and Chrome (the two browsers I've tested with) are running in "strict" mode (a feature recently added as part of the ECMAScript 5 standard) by default or not. I will keep testing and looking for a solution.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 14:02, 27 September 2013 (CDT)
However, there is no need to worry about availability yet. Shifti isn't yet getting the amount of traffic that will cause problems with the server and it's network connection. The traffic is a lot when taken as a whole, but so far Shifti hasn't seen more than thirty megs of traffic in a single day. When Shifti gets to the point that it is pushing the internet connection to fifty percent of available bandwidth, then we'll worry. (However, long before we reach that point donations will start being requested so we can be sure that Shifti will be able to be moved without worries or emergency "donation drives")
:I've narrowed down the error, somewhat, to a problem with the javascript being served from the actual Asirra providers site. I'll keep looking to see whats happening, though. (I disabled the script that was causing the error I thought might be at fault and that has done nothing).
::::[[User:ShadowWolf|ShadowWolf]] 22:41, 28 September 2007 (EDT)
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 18:34, 27 September 2013 (CDT)
Sorry about the down-time everyone. There was a blackout here - seems the local substation blew a main bus-bar in the distribution side. (I heard it go and originally thought it had blown a transformer!) Looks like the worried about "donation" system is going to have to be finalized and brought online sooner - a UPS is desperately needed to help make sure this doesn't happen again.
:Issue was localized to something that was actually in the ConfirmEdit git repository but not in their released code. Problem solved.
::::[[User:ShadowWolf|ShadowWolf]] 14:14, 23 September 2007 (EDT)
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 19:30, 27 September 2013 (CDT)
</div>
<div class="content-block-body">
As part of checking into an error people were having editing Shifti I updated the code base. Part of that update required deleting the existing code and pulling an all-new copy from the developers. I had to do this because I had not done similar at the original install time. I am now in the process of restoring things from a backup. That's all - sorry about the dust folks. Should be over with soon and the problem has been fixed (for some values of the term).
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 18:17, 5 May 2013 (CDT)
:We appear to have lost 4 images that were uploaded after the last backup. I'm sorry for this, folks. I'm working on getting in touch with the uploaders to have them restored.
:::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 19:06, 5 May 2013 (CDT)
</div>
<div class="content-block-body">
As I reported back in August of last year some of our users seem to be affected by a piece of crapware called "Yontoo". In the time since that report it has gone from being "potentially unwanted" to being "a threat to Mac users". According to [http://news.drweb.com/show/?i=3389&lng=en&c=5 Dr. Web Anti-Virus] it has now begun popping up as a full trojan on Mac's - affecting Safari, Firefox and Chrome on that platform. This tells me that it has likely always been a trojan.
Shifti is growing exponentially. Already this month we've hit almost 200M of bandwidth use and over 500 unique visitors. If this keeps up there may be a problem with the connection serving the site won't be able to keep up. However, there is no need to worry - Shifti is not going to be moving, adding advertising or asking for money to join. Why? Because until it becomes clear that the growth trend is going to continue I see no need to do anything drastic. Even then there is an option that has worked for other sites - donations. So if Shifti keeps up the wild, rampant growth look forward to seeing the Donations page filled out so that a separate server and much higher bandwidth hosting can be paid for to keep the site running.
According to the article it is presented to the user as one of several things - a "Video Quality Enhancer", a Codec Plugin or something equally odd. When they go to install that item they are asked if they also want to install "Free Twit Tube" and when they say yes, Yontoo is installed as a plugin for all three mentioned browsers.
::::[[User:ShadowWolf|ShadowWolf]] 18:09, 11 September 2007 (EDT)
Ever looked at the "Blind Pig" universe and decide not to write a story in it because there was some facet that you didn't like? Well, [[User:ShadowWolf|myself]], [[User:Bryan|BD]], [[User:JonBuck|Jon Buck]], [[User:Cubist|Cubist]] and [[User:Michael Bard|Michael Bard]] decided to do something about the sometimes annoying holes in the TBP universe. (Most notably is the consistent violation of the Conservation of Mass/Energy and the broken 'neo-luddite' nature of the world that van Sciver didn't have in place but others have later written into the setting)
Yontoo '''''is not''''' (yet) proven to be dangerous, but it does inject ads into pages that do not originate with the site that has served up those pages and is, apparently, driving a massive click-fraud scheme. People please check your systems and do what you can to get rid of Yontoo - Shifti is free of ads for a reason and, if I have anything to say about it, will remain ad-free until it dies.
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 17:01, 21 March 2013 (UTC)
</div>
<div class="content-block-body">
Three years ago the Transformation and Furry communities lost one of their best authors to a tragic aneurysm. [[User:Michael Bard|Michael W. "Morgan" Bard]] was among the most talented unpublished authors I have ever known. More than that he was a good friend and to this day I find myself running into things that make me think of him and want to talk to him. We miss you, Morgan!
Anyway, we set to work on modernizing the setting—bringing the science up to date and fixing the holes. The result is the '[[Pig and Whistle]]' universe—a version of the TBP universe stripped of the morass of the history that universe has and corrected to be more realistic. If the setting interests you, there is a 'quick and dirty' intro to the setting called '[[User:ShadowWolf/Little Things|Little Things]]'. And if, after reading that (in my own opinion) horrid hack of a story, you are still intrigued, then write away!
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 19:14, 12 March 2013 (UTC)
::::[[User:ShadowWolf|ShadowWolf]] 15:23, 29 August 2007 (EDT)
</div>
<div class="content-block-body">
The captcha system appears to be giving some users problems with posting new content. If you are an author and looking to post your stuff to Shifti, please contact [[User:ShadowWolf|ShadowWolf]] for a free upgrade of your account to author status in preparation for your posts that would normally move you to Author status. At this time it appears to be the only fix. We will be looking into this problem.
<nowiki>{{title}}</nowiki> has been updated—you can now specify a list of "coauthors" instead of (or in addition to) the 'author' parameter. Though using coauthors means that you'll need to add the links yourself, it also allows for doing things like acknowledging the illustrator and such. And there is a brand-new template you can use—<nowiki>{{byline}}</nowiki>. The[[Template:Byline|Byline Template]] is meant to be used instead of the [[Template:Title|Title Template]] on pages in the main namespace. Enjoy!
::--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 02:17, 28 February 2013 (UTC)
::::[[User:ShadowWolf|ShadowWolf]] 04:33, 24 August 2007 (EDT)
</div>
<div class="content-block-body">
'''Note for new Shifti users.'''
Had a power failure that took the server oflfine momentarily while I was asleep. Unfortunately this meant that the rather unstable hack I had to implement to bring my setup inline with what the ISP expects had to be re-established. Of course, I have no idea when the problem happened or how long the server was offline, but from some circumstantial evidence it looks like it was around two hours. The only way that I could correct this would be to coloc the server, and I do not have the money to do that. If there are no complaints I'll be setting up a pay-pal account to accept donations to make the co-location possible and actually happen. Of course this means that Shifti will be entirely donation driven, but I'm sure that the community will help us keep it online. Any comments can be made on my talk page or on this pages talk page.
When you sign up for an account, ''please'' put something on your user page so we know you're not a spammer. If you decide to use a NameNumber (ie: JonBuck42, Darla25) username pattern ''without'' doing this your account may be preemptively blocked due to the amount of spam we get that fits this pattern.
::::[[User:ShadowWolf|ShadowWolf]] 15:40, 17 August 2007 (EDT)
Lots of interesting stuff has been going on behind the scenes here at Shifti. With the recent explosion of stories (we've passed 100) the administrators have begun adding "Transformation Type" categories. While they aren't mandatory – the category could give away a twist in the story – it is going to be one of the main ways for people to find stories on the site. Another bit of news is that [[User:ShadowWolf|I (ShadowWolf)]] have added the "[[ShadowWolfs Pack|ShadowWolf's Pack]]" as an alternate to [[Bryan's picks|Bryan's Picks]] for finding high quality stories. It has three sections — a [[ShadowWolfs Pack#Rated Stories|rated section]], where I will rank the stories from 1 to 4 stars; an [[ShadowWolfs Pack#Unrated Stories|unrated section]], where I have been putting stories that rate more than four stars and a [[ShadowWolfs Pack#Promising New Authors|small section]] where I'm highlighting the first one or two stories from authors new to Shifti who show great promise.
Thank you.
::::[[User:ShadowWolf|ShadowWolf]] 16:03, 14 August 2007 (EDT)
The template <nowiki>{{part}}</nowiki> has been deprecated and is planned to be removed as soon as the admins get around to removing it from use. The reason is that [[User:Bryan|Bryan]] discovered a subtle ''feature'' of the MediaWiki parser that would generate links into sections of a template if the template used the header markup <nowiki>=== text ===</nowiki>. Since [[Template:Part|{{part}}]] does this, it was creating a subtle breakage of the sections in articles.
:--[[User:JonBuck|Buck]] ([[User talk:JonBuck|talk]]) 19:06, 19 September 2012 (UTC)
:::[[User:ShadowWolf|ShadowWolf]] 04:22, 5 August 2007 (EDT)
Nothing to see here folks, move along...
In checking the logs as processed by AWSTATS (reading the raw logs is rather boring) I noticed an odd referrer line. After researching it, I found that it comes from a piece of adware. According to [http://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99 Symantec], the makers of Norton 360 and related suites of security software and tools for deep work on PC's, it is "potentially unwanted" and installs an IE Toolbar that will pop-up ads that "look like they are from FaceBook". To me the fact that they are trying to hide the source of the ads and, it seems, pull sites through their own software to add advertisements, makes this not "potentially unwanted" but "completely unwanted". I'm suggesting that all users of Shifti check their PC's for that and other nastiness and, if possible, either remove the stuff themselves or find someone with the skills to remove the crapware for them.
In all seriousness we are trying to make Shifti a great place to find stories. To do this we have been developing the policies regarding categorization as we go along, such that, recently, a change was made to institute [[:Category:Stories by author]] so that stories are sorted by author and changed the original [[:Category:Author]] so that it is a place to find a list of authors that have contributed stories, so you can find a list of all stories by a given author.
This suggestion comes because our users are the lifeblood of our site and therefore very important to us. If their computers are infected with one piece of crap like that, then there are likely other pieces of crapware installed. The name of the crapware in question is "Yontoo" -- people, please note the name and check your systems. Crapware like that never comes alone and usually opens up holes that other crap can use to screw your computer completely.
:--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 01:56, 4 August 2012 (UTC)
</div>
<div class="content-block-body">
Shifti has now moved to a new hosting provider whose machines have more grunt than could ever be provided by [[User:ShadowWolf|me]]. The only problem is that I will not be able to provide the comprehensive, weekly database dumps that have been being provided. Not to worry, though, because the new host provides a cPanel interface that should let us backup the databases easily.
:--[[User:ShadowWolf|ShadowWolf]] ([[User talk:ShadowWolf|talk]]) 03:40, 9 July 2012 (UTC)
</div>
<div class="content-block-body">
Finally figured out what was causing the problems with the upgrade to MediaWiki 1.19 and have completed it. Due to file-caching issues (I believe!) there may be some issues with images not displaying properly. This is not something I can easily solve, but I will attempt to purge the cache manually and see if this does, in fact, fix the issue.
:::[[User:ShadowWolf|ShadowWolf]] 14:35, 22 July 2007 (EDT)
Other than that, enjoy! The site is now running the latest public version of the MediaWiki software and will likely soon be moved to its new home on a hosted service that [[User:JonBuck|Jon Buck]] is paying for out of his own pocket. We're hopeful that the move (when it is completed) will solve the lag issues and the problems some people have reported with editing pages.
</div>
<div class="content-block-body">
And yet again spammers win - any new accounts require a validated email before editing is allowed. I have, as well, installed an extension that checks several blacklists of known bot addresses and similar for purposes of blocking known spammers.
:--[[User:ShadowWolf|ShadowWolf]] 19:04, 27 February 2012 (UTC)
</div>
<div class="content-block-body">
The spammers win again - I've updated the captcha system to use [http://www.google.com/recaptcha ReCaptcha] so we should be facing less spam. The problem is that this now means more technological hurdles for the users and that isn't always a good thing. On the plus side all people flagged as "author" in the database will be able to skip the captcha system.
:--[[User:ShadowWolf|ShadowWolf]] 15:36, 17 January 2012 (UTC)
::I'm still seeing what look like 'bot registrations. They fit the pattern but apparently can't post anything. --[[User:JonBuck|Buck]] 19:07, 28 January 2012 (UTC)
:::I see 'em too, but can't do anything unless they start spamming. And if they've broken ReCaptcha, then there is no real way to stop them. Unless there is another system we can use in addition to the two or three spam-blocking methods already in place. --[[User:ShadowWolf|ShadowWolf]] 20:20, 28 January 2012 (UTC)
</div>
<div class="content-block-body">
After a report from [[User:Robotech_Master|Robotech Master]] I fixed an error in the font embedding that seems to have effected users of Chrome and possibly other WebKit based browsers. Simply put they expected a 'font-style' and 'font-weight' specification in the font-embeddings, which I didn't do because I didn't know of the requirement. I've also cleaned up that part of the CSS and made the embedding a bit more streamlined. Hopefully this works to solve the problem of italics and boldface not showing for some people.
:--[[User:ShadowWolf|ShadowWolf]] 17:24, 11 January 2012 (UTC)
</div>
<div class="content-block-body">
</div>
<div class="content-block-body">
<div class="cb-header">Older News</div>
*[[Current events/2007|Events from 2007]]
*[[Current events/2008|Events from 2008]]
*[[Current events/2009|Events from 2009]]
*[[Current events/2011|Events from 2011]]
</div>
Latest revision as of 22:12, 23 May 2018
Took a bit and there might be a few missing images as I went a bit crazy cleaning things up when I found that I couldn't update because our host is running an old, unsupported version of PHP, but I've managed to, hopefully, get things working to the point that they were before. Sadly... SematicForms had a name-change and despite using a version that claimed to match to the MediaWiki version we're stuck on, the renamed code-base had errors.
In other news... As it says in the banner (might be gone by now), our Captcha system is repaired - seems that there was a change in some variable names and in how the config of the setup worked. It wasn't cleanly documented. Sorry that it was missed for so long.
I've gone and done it and it didn't cost all that much once I found the right reseller. That's right - I've purchased an SSL cert for Shifti that is good for the next 3 years.
Yep, you heard me, Shifti is now "Secure" and will default to using 'https' from now on.
Thank you and have a good day!
--ShadowWolf (talk) 01:09, 4 February 2017 (CST)
Y'know how that upgrade of MediaWiki (as mentioned below) ate our skin and some of our customizations, yet again? That was kind of the final straw for our more tech-minded admins. We're presently looking at and working on a replacement backend for Shifti. The hope is that this way we can add a few more Useful Collaborative Tools and also stop having to recreate things we use every time a security hole is discovered. The hope is to make this as unobtrusive and undisruptive as possible for our users whereever feasible (y'all are why we're here, after all!).
If you have an idea for something that would be useful for Shifti to be able to do, please feel free to email me, or leave a note on my talk page. Things we're already considering:
"Editor copies" for collaboration purposes (creating edits to a page that are proposed rather than final and reviewable by the page owner, for things like story editing collaboration and similar stuff)
Group-sourced tags and story categorization that doesn't require the author to make their entire story editable
Can we pull this off without disrupting things? Dunno, but we hope to give it a try.
Hope this helps!
In trying to fix the issue with the 403 errors I upgraded to MediaWiki 1.26 - during this the 'skins' directory apparently disappeared.
A bit later I came across a quick patch style fix that papers over the issue causing the 403's without addressing the root cause. There is some hope that we can work with the hosting company to get a proper fix in place.
On a different topic... My backups are on a couple of hard drives that are not currently attached to my laptop. If anyone has a copy of the backups that were made available from before the move to the hosted system, please contact me. This will save quite a bit of work in rebuilding our custom skin.
I have just received notification from Google that the new version of ReCaptcha - based on detecting browser information that can generally differentiate a human from a bot - is now available for general purpose use. I am going to see if the Captcha framework module we rely on has an updated version capable of using it.
Okay, ReCaptcha 2 is not yet merged with the ConfirmEdit framework - however, their "testing/unstable" branch does seem to have a module that will work for us based on a service called "Are You A Human" that seems to work in a similar manner to Asirra. I'll be working to bring that into Shifti today.
Alright, the AYAH bit is not possible - the service providers reserve the right to insert advertisements along with the Captcha. However, it appears that the ConfirmEdit extension is currently without a maintainer and the Wikimedia Foundation is maintaining it steady-state for now. This does mean, however, that several patches have been suggested, one of which does enable the ReCaptcha v2 API and the use of ReCaptcha v2 entirely.
ReCaptcha v.2 integrated and basic test completes without complaint. Site is unlocked to new registration and after I hit the "post" button here I'm going to change the banner.
The Asirra (cat&dog picture) Captcha system that we have been using for the last few years has shut down.
I have temporarily activated a different Captcha system, but if it is a permanent change or if we'll be switching to a different system has yet to be decided. If anyone has tried to sign-up since the start of the month and couldn't because the Captcha didn't work, mea culpa, mea maxima culpa. I did not pay attention to how Asirra was going even though I knew the system was still in Beta and might go away at any time.
After the rash of account creations after switching to ReCaptcha thanks to the Asirra shutdown we've temporarily disabled account creation. We have had 15 new accounts created, and only one of them is verified as not being a bot - the rest have names that meet the standards of an auto-generated bot name.
It seems that something went wonky with a security feature of the server that the hosts insists on yesterday and stopped all significant edits from occurring. The fine folks working the technical support department of our hosting provider managed to locate the cause really fast and after examining things on their end found that it was easy to fix.
After fixing it there was still a 403 error happening when I tried to edit Shifti:Sandbox. That, it turns out, was not any kind of bug, it was the security feature doing its job. A very long time ago I had tried to include a Google Talk widget on that page as a test to see if I could possibly make it easier to contact an admin. That code included an <iframe> element. While used correctly (in this case) to host an applet served up by a different site, they are also very commonly used to perform malware injection and some attempts at server hacking. And how do they get into pages? Through form-fields submitted with an HTTP POST command - exactly how saving an edit on Shifti is done.
In other words, our hosts have done something to provide extra security and it has been a complete success so far, although it has it's moments. The problem is now gone and Shifti is back to its usual, quirky self.
It seems that the Asirra captcha mechanism is broken again. It might be related to an error that has started popping up on pages where a bit of javascript is broken. Said bit of javascript refers to a variable that should exist (and in the past did exist) but is, apparently, no longer being created before it is being used. I don't know if this is because Firefox and Chrome (the two browsers I've tested with) are running in "strict" mode (a feature recently added as part of the ECMAScript 5 standard) by default or not. I will keep testing and looking for a solution.
I've narrowed down the error, somewhat, to a problem with the javascript being served from the actual Asirra providers site. I'll keep looking to see whats happening, though. (I disabled the script that was causing the error I thought might be at fault and that has done nothing).
As part of checking into an error people were having editing Shifti I updated the code base. Part of that update required deleting the existing code and pulling an all-new copy from the developers. I had to do this because I had not done similar at the original install time. I am now in the process of restoring things from a backup. That's all - sorry about the dust folks. Should be over with soon and the problem has been fixed (for some values of the term).
We appear to have lost 4 images that were uploaded after the last backup. I'm sorry for this, folks. I'm working on getting in touch with the uploaders to have them restored.
As I reported back in August of last year some of our users seem to be affected by a piece of crapware called "Yontoo". In the time since that report it has gone from being "potentially unwanted" to being "a threat to Mac users". According to Dr. Web Anti-Virus it has now begun popping up as a full trojan on Mac's - affecting Safari, Firefox and Chrome on that platform. This tells me that it has likely always been a trojan.
According to the article it is presented to the user as one of several things - a "Video Quality Enhancer", a Codec Plugin or something equally odd. When they go to install that item they are asked if they also want to install "Free Twit Tube" and when they say yes, Yontoo is installed as a plugin for all three mentioned browsers.
Yontoo is not (yet) proven to be dangerous, but it does inject ads into pages that do not originate with the site that has served up those pages and is, apparently, driving a massive click-fraud scheme. People please check your systems and do what you can to get rid of Yontoo - Shifti is free of ads for a reason and, if I have anything to say about it, will remain ad-free until it dies.
Three years ago the Transformation and Furry communities lost one of their best authors to a tragic aneurysm. Michael W. "Morgan" Bard was among the most talented unpublished authors I have ever known. More than that he was a good friend and to this day I find myself running into things that make me think of him and want to talk to him. We miss you, Morgan!
The captcha system appears to be giving some users problems with posting new content. If you are an author and looking to post your stuff to Shifti, please contact ShadowWolf for a free upgrade of your account to author status in preparation for your posts that would normally move you to Author status. At this time it appears to be the only fix. We will be looking into this problem.
When you sign up for an account, please put something on your user page so we know you're not a spammer. If you decide to use a NameNumber (ie: JonBuck42, Darla25) username pattern without doing this your account may be preemptively blocked due to the amount of spam we get that fits this pattern.
In checking the logs as processed by AWSTATS (reading the raw logs is rather boring) I noticed an odd referrer line. After researching it, I found that it comes from a piece of adware. According to Symantec, the makers of Norton 360 and related suites of security software and tools for deep work on PC's, it is "potentially unwanted" and installs an IE Toolbar that will pop-up ads that "look like they are from FaceBook". To me the fact that they are trying to hide the source of the ads and, it seems, pull sites through their own software to add advertisements, makes this not "potentially unwanted" but "completely unwanted". I'm suggesting that all users of Shifti check their PC's for that and other nastiness and, if possible, either remove the stuff themselves or find someone with the skills to remove the crapware for them.
This suggestion comes because our users are the lifeblood of our site and therefore very important to us. If their computers are infected with one piece of crap like that, then there are likely other pieces of crapware installed. The name of the crapware in question is "Yontoo" -- people, please note the name and check your systems. Crapware like that never comes alone and usually opens up holes that other crap can use to screw your computer completely.
Shifti has now moved to a new hosting provider whose machines have more grunt than could ever be provided by me. The only problem is that I will not be able to provide the comprehensive, weekly database dumps that have been being provided. Not to worry, though, because the new host provides a cPanel interface that should let us backup the databases easily.
Finally figured out what was causing the problems with the upgrade to MediaWiki 1.19 and have completed it. Due to file-caching issues (I believe!) there may be some issues with images not displaying properly. This is not something I can easily solve, but I will attempt to purge the cache manually and see if this does, in fact, fix the issue.
Other than that, enjoy! The site is now running the latest public version of the MediaWiki software and will likely soon be moved to its new home on a hosted service that Jon Buck is paying for out of his own pocket. We're hopeful that the move (when it is completed) will solve the lag issues and the problems some people have reported with editing pages.
And yet again spammers win - any new accounts require a validated email before editing is allowed. I have, as well, installed an extension that checks several blacklists of known bot addresses and similar for purposes of blocking known spammers.
The spammers win again - I've updated the captcha system to use ReCaptcha so we should be facing less spam. The problem is that this now means more technological hurdles for the users and that isn't always a good thing. On the plus side all people flagged as "author" in the database will be able to skip the captcha system.
I'm still seeing what look like 'bot registrations. They fit the pattern but apparently can't post anything. --Buck 19:07, 28 January 2012 (UTC)
I see 'em too, but can't do anything unless they start spamming. And if they've broken ReCaptcha, then there is no real way to stop them. Unless there is another system we can use in addition to the two or three spam-blocking methods already in place. --ShadowWolf 20:20, 28 January 2012 (UTC)
After a report from Robotech Master I fixed an error in the font embedding that seems to have effected users of Chrome and possibly other WebKit based browsers. Simply put they expected a 'font-style' and 'font-weight' specification in the font-embeddings, which I didn't do because I didn't know of the requirement. I've also cleaned up that part of the CSS and made the embedding a bit more streamlined. Hopefully this works to solve the problem of italics and boldface not showing for some people.
Old News 
|
Old News 
