Rosio Pavoris a blog

gnuplot is nice when you’re trying to do something it was designed to do, but kind of painful when you aren’t. Anyway, I made some graphs out of visitor data collected since July last year (all of this is just my blog, not rotahall.org as a whole).
The X axis is always time, with the far left being July 2008 and the far right being March 2009 as of today. The Y axis is the percentage of people using a given thing, so that the whole length adds up to 100%. The white area is always unknown and/or others.

The first is the operating systems used.
The white is “unknown”. In reality it’s mostly phone browsers and spiders, but fuck it, I want an ethernet-enabled typewriter. Red is all of the BSDs combined. There seems to be exactly one person using FreeBSD, OpenBSD, and NetBSD.
The number of Windows users is higher than expected. I blame idiots googling for pictures of axolotls.

The second is the distribution of Windows versions within the Windows users group. I expected more people to use XP than Vista, but it’s nice to see Vista isn’t even growing much anymore. There are a few people still using Windows 98 (that’s the red outline right above 2000) and 95. I’m pretty sure the one guy using Windows 3.1 is spoofing it, though.
I didn’t make one of these for the Linux users, because most of them end up being “other distro”. There are suprisingly few Ubanto users, though.

Next is browsers. I’m not sure what “Mozilla” is in this context, and I really don’t know what Netscape is doing there. Terras thinks people from 1996 are reading my blog, so: hi! Sell your stock in 2000, and don’t vote for Bush!

Finally, IE versions used by the IE users. This is abysmal. I’ve stopped showing content to IEs older than 7, so with luck they’ll go away. Again, though, I blame random googlers, not regular readers.
The bit of blue at the bottom is IE 8. I’m surprised how early they started coming, since the beta was only released earlier this month. Spoofed user agents, probably.

Anyway, just in case anyone’s interested. Making these was fun, but too much effort to turn it into a regular thing.

I say Scandinavian rather than Swedish because it’s not actually from Ikea, but from some Norwegian company.
And I guess it’s not actually this chair but a chair very like it, only I couldn’t find a picture of this one, presumably because it’s fifteen or so years old. It’s made of wood rather than steel, and the seat is actually not curved to hold a butt, but rigid and full of hate.

It’s completely impossible to adjust the tilt of the seat or the leg rests, or the distance to the leg rests, and apparently their reference human was a three-legged midget.
The end result is that five minutes in this chair will make your back explode with discomfort and physically force your buttocks into your spine, and because the seat is tilted you can’t even just consign it to a corner of the room and stack junk on it, because it will slide off.

The company that made the chair still exists, but apparently doesn’t make them anymore. Even so, most of the products they do still make have at one point or another in their lifetime been recalled for health reasons, so they don’t appear to have mended their ways.
It’s actually more comfortable to just sit on the leg rests.

I should probably get rid of it, but it’s one of the things I inherited from my grandfather.

Anyway.
In completely unrelated news, I deleted Quhan’s blog because it was full of exploit. This makes it the third of our blogs to be compromised.
WordPress is absolute crap when it comes to security, but unless you’re Maia, it’s your own responsibility to keep your installs up to date, people. You have FTP accounts for a reason.

In further unrelated news, I’m never going to finish this Monopoly game. It’s due this Friday.

Re: the issue with Muffins! passwords travelling over the network in plaintext: this has been fixed.
The solution involves a nonce, client-side MD5 hashing, and lots of stolen Javascript.

And through the magic of graceful degradation, it will automatically fall back on the old system for people who disabled Javascript. It will also warn these people they should fucking turn on Javascript, because nonces aren’t much fun to implement and if they’re not going to take advantage of them they should go play some other game.

Anyway, the upshot of this is that passwords no longer travel over the network in plaintext (except during registration, which I’m very probably not going to do anything about), so if they get guessed, it’s seriously not my fault.

(Next up, the bruteforce thing. Which is pretty straight-forward: failed log-in attempts are logged, and before it logs you in it checks if there are fewer than, say, three failed attempts in the past fifteen minutes from your IP. If not, it won’t log you in. Shouldn’t bother legitimate users (if it didn’t check IPs malicious users could use it as a denial-of-service attack on users; I guess they sometimes still can through the magic of braindead ISPs), but it makes bruteforce and dictionary attacks completely unfeasible, even for people with very dynamic IPs.
It’ll have to wait until tomorrow, though.)

(Long post! You probably won’t think this is very interesting unless you play Muffins! and have a passing interest in cryptography and/or network security.)

When I started working on Muffins! over two years ago, I was a Japanese language student with no experience in programming or security whatsoever. I had heard about things like packet sniffing, though, and had a vague idea how the internets worked, but my ability to design a log-in system was limited by my ignorance of both PHP and of the possible vectors for attack.
Consequently, when Muffins! was just a blank page with a note saying “Imagine there’s a map here!”, the authentication mechanism sucked. Passwords were stored as unsalted MD5 hashes, and logging in sent your username and password in plaintext to the server, where the password was hashed and compared to the stored hash for your username. The server would then set a cookie with two fields: one for your user ID, and one for your password hash.
With every pageload, the server would look at your cookie and compare it to the contents of the database. If there was something wrong, it’d destroy your cookie and kick you to the log-in page, and that was that.

Read the rest of this entry »

Muffins is back. Seemed right, since it’s two years ago today that it first went online.
Everyone’s been deleted, because I felt like deleting everyone. Development is expected to resume, though probably at a slower pace than two years ago. The only thing changed so far is that accounts are no longer deleted after two months of inactivity.

I can’t deal with this anymore, so now you kids can provide your own content, if you like. Anything even tangentially related to anything can go there, if you so desire.
Those forums will also be the official Rota Hall forums now, in the sense that any complaints, suggestions, or requests about Rota Hall or any of its projects (including Muffins, if you’re still upset about that) go there.

If there’s enough activity, I may add more subforums (one for religion might be interesting, if anyone was actually interested in debating), but I don’t foresee that being a problem.

If you registered an account on the blog, it will work on the forums as well. If you register on the forums, that account almost certainly won’t work on the blog, but if it’s a problem I can always look for the relevant plugin. I’m told one exists.
The theme was made by Terras, because that’s what he’s for~

Now get to activitying.

I set up a blog for Livia/IcLubYou two weeks ago, and she’s finally made her first post.
So go visit and welcome her to the Rota Hall fold, would you?

Three to two in favor of freenode, so #rotahall is moving to freenode, and taking #pharyngula with it.
Goodbye, ZiRC~

For those of you who need Java applets for everything you do, you can get into #pharyngula using this.
I’m working on editing the #rotahall one as we speak.

Edit: Alright, so a rather important complication came up that I didn’t even consider: freenet is huge, and as such, too many nicknames are already taken. So we’re going to synIRC.
The applets all point in the right direction.

This is starting from July 20th or 21st or so. First two-thirds of this month is here.
In line with expectations, roughly. We can afford to start using a lot more bandwidth, though.

You may or may not have been aware of the problems with ZiRC, but the short of it is that all server admins took their ball servers and went home started a new network, synIRC, a few weeks ago.
Most channels are moving away from ZiRC, but I wanted to wait until I found out more about why this happened, both to find out if there was a legitimate reason, and to get an idea of how long-lived synIRC (and ZiRC itself) would be.
Now that I got that answer (tl;dr: prince is a self-important drunk and the only person running ZiRC right now), we are, indeed, moving. The only question remains, to which network?

I’d like to avoid networks without services (EFnet) or with retarded ones (QuakeNet), and ones with a large known population of idiots (DALnet, EsperNet), but other than that, I don’t particularly care.

#pharyngula will probably move with it, though that’s open to discussion, since that’s not just “my” channel.

Edit: ‘kay, apparently we’re moving #pharyngula with it.

1. The LBRS forums.
2. SWBHG
3. Mimetex

Of these, Mimetex bothers me the most, because it’s actually part of my blog and I have no idea how to fix it. It’s a compiled Perl CGI script, and it should be working, but isn’t.

Edit: Fixed it. Just a permissions issue.

The LBRS forums should be fairly trivial to fix, I just can’t be bothered to right now because nobody uses them anyway.

SWBHG could take a while, primarily because apparently Mercury wrote it on the assumption register_globals would be enabled. That’s painfully stupid, though fortunately for him, so was our last webhost.
I’m hoping it’s just in the log-in/registration script, and not in the entire application, because otherwise I’m just not going to fix it.

Edit: Oh, goddammit. Mercury, your code has made me physically ill. I don’t want this piece of shit on my server. No more SWBHG.

This is a baby pygmy hippopotamus.

’bout time. Some set-up hiccups, but apparently we’re finally on the new server.
Our new hosting plan allows for 35 GB of webspace (compared to 500 MB on the old one) and three terabytes of bandwidth per month (compared to 20 GB before), for roughly the same price as the old one, and it auto-renews, so no more fucking around with downtime in August.
Best of all, it’s not run by a 17-year-old and his two imaginary employees.

Anyway, all blogs should be up (though some things are apparently broken; I’m working on fixing that now), and all databases should be reasonably up to date. The blogs are from backups taken a few hours ago, but if you posted something interesting (or someone interesting commented) in the meantime, let me know and I’ll retrieve if from the old databases while I still have access to them.
Incidentally, the essentially unlimited webspace means you can use StatTraq again, if you like, though I don’t guarantee those tables won’t crash eventually.

I know SWBHG is broken, and I know Muffins is missing entirely. I didn’t move Muffins because syncing the databases while the game was up would’ve been a nightmare. I’ll get to that in a bit.

I also know all FTP accounts are gone. This is because I don’t have access to the passwords, and without that, there’s no way to move them seemlessly anyway. If you had an FTP account and need it back, tell me so I can make you a new one.
You can still use your old FTP info to get to the old server, if you connect to ftp.ysgonzo.be instead of ftp.rotahall.org.

Everything else (well, such as it is) should be working. Let me know if there are any problems.

Edit: Muffins is back up and seem to be working properly. I know the LBRS forums are still broken (though they were before the move as well), and I’m working on those now. SWBHG, the Selectively Antisocial subdomain, and Terru’s blog seem to be having DNS problems (I think), which I hope will resolve itself in a bit. Otherwise, I’ll look at those next.
Meanwhile, here are the last of the bandwidth statistics on our old server:
Read the rest of this entry »

Presumably.
They spoke of calendar day, not business days, so I assumed they worked on Sunday. Apparently not so much.

Go play these games while you wait. They’re made of not fail.

I’m in the process of uploading everything to our new server right now. The databases have all been set up, and DNS should take care of itself now (though actually transferring it and having it propagate will obviously take a while; possibly several days still), so wooh.

I’m not even going to try moving Muffins until at the very, very end, so there will be downtime there. The blogs, though, should all transfer relatively seamlessly.
If everything goes alright, this will be my last post on the old server, and it’s one I don’t intend to transfer to the new one, so if you’re reading this, the move hasn’t happened yet!

Dogs that are smaller than cats are a cruel, cruel joke.

Incidentally, progress is being made on switching webhosts. Yesterday I made a full file backup of everything on the server now (and I won’t be doing that again, so if you (Rota Hall peoples) upload any files between then and the switch you’ll have to re-upload them afterwards; I’ll be doing final database backups right before the switch, so don’t worry about that), and the domain is being released soon.
There will be downtime, but it shouldn’t be more than a few hours. With luck.

Progress is also being made on that text adventure engine I’ve been writing. Compromising between genericity and actual doingstuffness is annoying, so I’ll probably give up and just write a damn text adventure before I’ve got a releasable engine, but it’s still kind of entertaining.

Pandapile.

A full day of downtime isn’t acceptable, especially for something as simple as MySQL locking up.
If this were the first time, I wouldn’t mind, but anyone who’s read this blog for more than a month knows it’s a relatively common occurence, and it always takes at least a day before anything gets fixed.

Since our contract renewal is coming up, I’ve decided not to renew and instead to switch hosts. Our new host will offer 250 GB of webspace (compared to our current 500 MB) and 2.5 TB of monthly bandwidth (compared to 20 GB) for slightly less money than we’re paying right now, so I think that’s a good idea.

Since this involves domain transferrals and moving everything to a different server, I expect some downtime. And if our current host turns out to be a dick about the domain name, we may have to move to rotahall.com instead.
Still, take heart! Everything will be better in a few weeks.

I’m winning~
I deleted a few dead subdomains, and will be deleting more in the near future. I’d like to make Rota Hall entirely about blogs soon. Maybe I’ll think of a way to integrate them all moar better.

(Last month is here.)

I took SWBHG down, and it’ll stay down. For “undisclosed vulnerabilities”, is all I’ll say.

(By which I mean, a retarded chimpanzee could code a more secure application.
At least we won’t be going over our allotted webspace as quickly in the future.)

Why do I manage to get four times as much traffic as Terru even when I don’t post at all?

I’ve changed the permalinks the blog uses to the “pretty” ones. They’re uglier, but GET data gets stripped from URLs in a lot of contexts, and at least they’re more informative.
If you’ve linked to something I’ve posted in the past, the old links will still work, so don’t worry.

(If you have a Rota Hall blog and want to change your own permalinks, you’ll have to mess around with .htaccess. WordPress can do this for you, but it’ll tend to break. If anything goes wrong, just delete whatever .htaccess you’ve created and ask me for help.)

(Also, this will make the last fifteen posts show up again in your RSS feed. Sorry ’bout that.)