Author Topic: A new beginning for Maidens of the Kaleidoscope  (Read 11024 times)

0 Members and 1 Guest are viewing this topic.

WishMakers

  • Myouren's IT Guy
  • *
  • Ada.Text_IO.Put("h*ck");
    • Twitch
    • Twitter
    • YouTube
    • WishMakers#0385
    • Steam
    • Analogue Reverie Website
  • Gender: Male
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #60 on: February 21, 2020, 01:43:22 AM »
Quote
The login pages are encrypted using the Secure Hashing Algorithm (SHA-1) already regardless of HTTPS or not

If you still wish to use SSL, for encrypting things such as post content either add a permanent exception for the website (this *does* enable encryption!) or visit this guide for information on setting up encryption keys which will fix any warnings.

SHA-1 is just for the login page, though.
That means that HTTPS is still disabled, and some ISPs don't even allow you to visit sites without it (see: college campuses like my own).  The only way I'm able to even view MotK is from home.
This is honestly even more fundamental than that though.
You say the solution is simply to set up permanent exceptions for the website or encryption keys, but why should we be having to do that in the first place?  (Not to mention Vivaldi/Chrome hates me setting up permanent exceptions, it's only worked consistently for me on Firefox)  Isn't it the job of the website, not the user, to make sure that we can even view the site securely?

(Also, see this tweet: https://twitter.com/james7132/status/1230636148633948160)
Also known as the Return of Eastern Wonderland and Danmakufu Woo Edition guy.

1ccs: SoEW (N), LLS (N), MS (N), EoSD (H), PCB (N), IN (H), PoFV (N, all shots), MoF (N), SA (N), UFO (N), TD (N), DDC (N), LoLK (N), HSiFS (L), WBaWC (N)
Extra 1ccs: All Windows mainline games, including PoFV.
Scoring: HSiFS Easy (PB: 1.1b)

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #61 on: February 21, 2020, 02:44:51 AM »
Your password is already hashed and made unreadable using the Secure Hashing Algorithm (SHA-1) before it is sent to the server regardless if you use HTTPS or not

If you still wish to use SSL, for encrypting things such as post content either add a permanent exception for the website (this *does* enable encryption!) or visit this guide for information on setting up encryption keys which will fix any warnings.

SHA1 is not encryption, it's a one way hash algorithm.
SHA1 is not a password algorithm, but since you're using SMF it's understandable why you're using it. I would STRONGLY suggest moving to something modern like either Discourse (free) or Xenforo if you're looking for something closer to a classic forum software like SMF.
SHA1 is broken.
Your password is not "encrypted" with SHA1 prior to sending it over the network, it's just hashed on the client and stored that way in the database. Whenever someone logs in without using HTTPS they're sending their hashed password over plaintext, which can trivially be captured and replayed. The top of your SSL page is just wrong, and in a way that leads people to believe that their password is safe when it is NOT.
There is no reason to use your own CA to issue certificates. Just use Let's Encrypt. Once you set it up properly you never have to touch it again, and no one has to add exceptions.

Please fix this, if need be I can even make time to help y'all with things.
« Last Edit: February 21, 2020, 02:56:47 AM by MuffinPimp »
I keep thpatch running :D

Tom

  • *
  • Systems Developer
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #62 on: February 21, 2020, 03:07:32 AM »
Solution found, no longer need to use the key guide.
« Last Edit: February 21, 2020, 04:20:06 PM by Tom »

Karisa

  • *
    • Twitch
    • YouTube
    • Karisa#5432
  • Gender: Female
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #63 on: February 21, 2020, 03:11:53 AM »
Implying that requesting members to download and install a certificate, which is unintuitive, varies by browser and operating system, isn't necessarily possible on mobile, and isn't something most members would've heard of before, isn't needless confusion?

It seems this is currently the same situation the old site was in with exceptions, except all the time except only after it stopped being maintained. It's not any better. Considering the added issues about ISPs and Google potentially blocking http:// sites (it's unclear if they'd also block https:// sites with expired certificates), it's worse.

Posting here to show my views on this (and so people don't keep messaging me about it when Tom is hosting this site). I'm trying to read about HTTPS today since it's potentially useful knowledge, but it's not something I can fix on my own.
« Last Edit: February 21, 2020, 03:29:52 AM by Karisa »

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #64 on: February 21, 2020, 03:18:09 AM »
Using certificates with a 3 month expiration limit will lead to same situation the forums were in previously, with the certificate expiring every 3 months and creating needless confusion.  While an automatic renewal bot could somewhat compensate for this it is not compatible with the hosting system.  Other systems such as cron and anacron have been evaluated but as we all know were ineffective and still resulted in unexpected interruptions of service.

Alternative solutions will be evaluated but for now the best course of action is to either stick with http and login hashing or enable encryption by adding an exception like on the old forum or follow the guide to setup encryption keys.
Updates will be posted as solutions are found and tested.
If Let's Encrypt is truly incompatible with the hosting platform I'd be happy to host the website. But, if you have access to cron then I doubt this is the case. I've had it working on thpatch.net for years now and I've only had to mess with it when I was changing things around. They even email you warning you that your certificate will expire soon if it's not properly auto-renewing.
I keep thpatch running :D

Tom

  • *
  • Systems Developer
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #65 on: February 21, 2020, 03:50:13 AM »
As there's no harm in starting the process we created an encryption key and setup a time based automatic renewal script, if it succeeds remains to be seen.  We'll monitor it in the weeks leading up to the expiration date in case adjustments need to be made.

Feature Changelog is now live with the addition of the spoiler tags: [Here]
« Last Edit: February 21, 2020, 06:12:46 AM by Tom »

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #66 on: February 21, 2020, 06:33:05 AM »
we created an encryption key and setup a time based automatic renewal script
You might also want to set a permanent redirect to HTTPS on the HTTP side. This way no inadvertent leaking of private information (passwords and such) will take place.

WindyKitsune

  • Lumin(ifer)ous Touhouism
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #67 on: February 21, 2020, 02:57:39 PM »
Maidens of the Kaleidoscope can finally go on, excellent job.
You were to be able to setup, host and activate the MotK website in such a short time.
Thank you.

Tom

  • *
  • Systems Developer
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #68 on: February 21, 2020, 04:21:54 PM »
Maidens of the Kaleidoscope can finally go on, excellent job.
You were to be able to setup, host and activate the MotK website in such a short time.
Thank you.

You're welcome, and we hope you enjoy your stay~

SilSinn9801

  • Chiptune musician in PMD98
  • I will remain silent on that question.
    • Twitter
    • YouTube
    • SilSinn9801#0413
    • Steam
    • My musician profile on CD Baby
  • Gender: remain silent
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #69 on: February 22, 2020, 05:37:24 AM »
Alright, I am back to slowly repopulate Alice’s Art Atelier with my PC-9801 music covers that established my place in this diverse community. Man, this new dark mode was very well thought up by Tom as an excuse to leak elements from his secret PC-98 fangame (of which I can only say it features Rumia and fully-translated English HUD labels). And that Luna Dial captcha thing? That was an exquisite idea Tom privately showed me last year in Discord DMs, and to see it in actual use (rather than merely on a drawing board) is purely satisfying. (And no, I didn’t fail it three times since I had past experience reading analog clockfaces; my sincere empathies to those who failed it at least once.)

Look forward to a few more Touhou PMD98 covers this year (if time permits, since I am also working on non-Touhou-based PMD98 projects that mean a lot to me)!

SilSinn9801

  • Chiptune musician in PMD98
  • I will remain silent on that question.
    • Twitter
    • YouTube
    • SilSinn9801#0413
    • Steam
    • My musician profile on CD Baby
  • Gender: remain silent
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #70 on: February 22, 2020, 05:54:18 AM »
Ah, there was something I was forgetting:

The previous MotK profile system had a field for specifying a user’s DeviantArt username. This was useful for users who made actual art and had DA accounts where they showcased their art. I noticed that such field is not available here. Is there a remote possibility of adding it here to accompany all other social fields (YouTube, Twitter, Discord, etc.)? Thankee!

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #71 on: February 22, 2020, 07:40:23 AM »
Great job getting the old domain

It doesn't look like the mobile theme is working yet, only the desktop theme. Hopefully the mobile theme can get ported over soon.

Also that clock is devious. Those fake hands are mean.

Helepolis

  • Charisma!
  • O-ojousama!?
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #72 on: February 23, 2020, 01:58:38 PM »
Good job with the setup of the site. Cheers for your efforts Tom.


OT: Regarding the security and encryption, one shouldn't even use SSL.  TLS is the way the go.

Edit:
@ Kilga, remember this avatar?
« Last Edit: February 23, 2020, 02:00:55 PM by Helepolis »

Kilgamayan

  • False Administrator
  • *
  • The Real Treasure is You
    • Twitch
    • Twitter
    • YouTube
    • Let's Play Super Marisa World
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #73 on: February 23, 2020, 02:22:58 PM »
Indeed indeed! It has been a while.
[22:40:12] <Drake> "guys i donwloaded esod but its not workan"
[22:40:21] <Drake> REPORTED
[22:40:25] <NaturallyOccurringChoja> PROBATED
[22:40:30] <Drake> ORGASM
[22:40:32] <NaturallyOccurringChoja> fire truck YEAH

7TC7

  • Your level of hope can't fulfill me
    • YouTube
  • Gender: male
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #74 on: February 23, 2020, 06:39:20 PM »
Also that clock is devious. Those fake hands are mean.

It took me way too many attempts to get through Sakuya's dastardly trap, but here I am.

I am glad we are back and must admit that I felt slightly nostalgic when I learned we moved back to the old domain. I wish everyone still moving things over from the previous version good tidings with your work and hope we can start anew in a good light!
« Last Edit: February 23, 2020, 07:01:36 PM by 7TC7 »

^ Picture leads to my YouTube channel

SomeGuy712x

    • YouTube
  • Gender: Male
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #75 on: February 23, 2020, 07:32:01 PM »
Alright, I've completed my registration here. Hello, everyone!

Also that clock is devious. Those fake hands are mean.

Yeah, I somehow misread Sakuya's Luna Dial the first time as well, and had to come back two hours earlier to try again, but I got it correct the second time.

Suspicious person

  • Just a fun loving kind of person
  • ... but what is fun ?
  • Gender: Suspicious
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #76 on: February 23, 2020, 07:37:44 PM »
I have at home a clock with a picture of a mosquito on it. The clock handles of that mosquito clock were the same color as the mosquito legs, and figuring the time is an endeavor most cumbersome. My first reaction at seeing the clock captcha was "even here ?!", while my second reaction was "how was my answer wrong ?!"

Anyway, glad to be here. Sorry for the circumstances that led to this new site, put here's hoping that there's only gonna be good and fun times going forward, cheerio lads

Lt Colonel Summers

  • Not actually a lieutenant colonel
  • You thought this soldier has gone AWOL. But now he
  • Gender: Male
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #77 on: February 24, 2020, 08:57:22 AM »
I actually got that clock thing right on the first try. Maybe its because I didn't notice the alleged fake hands that other people here mentioned?
Also, that is one weird CAPTCHA. Never seen it before...

BTW, in case you don't know what happened to me in the old forums, it was because of the expired certificate thing. I became worried by it, and thus hasn't been visiting the old forums very much. It was only recently that I decided to say "screw it" to the browser's warning about the expired certificate and visit the site that I found out about this new incarnation of MOTK.

So with that said, I plan on becoming a regular member again here. Perhaps I should continue the Money Is Forever - Poverty Quest CYOA that I left on hiatus in the old forums (because of the expired certificate thing)...
The dog tag is completely blank...

Tom

  • *
  • Systems Developer
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #78 on: February 24, 2020, 07:56:49 PM »
Welcome back, I was a big fan of poverty quest, glad to see you're thinking of continuing it!  As for the expired certificate thing, its harmless and you can ignore it whenever you see it.  Could you maybe provide a summary of what we did in the quest up to the point where we left off?  Its been forever since I posted on it

Lt Colonel Summers

  • Not actually a lieutenant colonel
  • You thought this soldier has gone AWOL. But now he
  • Gender: Male
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #79 on: February 25, 2020, 02:01:39 AM »
Welcome back, I was a big fan of poverty quest, glad to see you're thinking of continuing it!  As for the expired certificate thing, its harmless and you can ignore it whenever you see it.  Could you maybe provide a summary of what we did in the quest up to the point where we left off?  Its been forever since I posted on it

Long story short...

It's an AU CYOA starring Shion (who in this universe has her last name as Mitsutake instead of Yorigami) stumbles upon Nitori being attacked by a female gangster. Shion kicks the gangster's ass (then steals her money) and befriends Nitori, who then takes Shion home. Later that night, the two goes out to have dinner at a yakisoba joint, but the aforementioned gangster's friends, who are members of a local mafia group called the Yorigami Sukeban, suddenly shows up to rob the place. Shion and Nitori manages to beat back the Sukeban, then makes their getaway just as the cops arrive at the scene. Their dinner foiled, Shion and Nitori decides to settle on simple store-brought sandwiches and call it a day.

Next morning, the Sukeban suddenly comes knocking, literally, forcing Shion and Nitori to flee the place. They escape through the back alleys into a crowded street, hoping to use the crowd as cover. But the Sukeban decides to shoot anyway, causing a mass panic. Shion and Nitori manages to make their way toward a mini-mart, where their confrontation with the Sukeban turned out badly as the Sukeban members are revealed to have super toughness and super strength. With the duo in a literal chokehold, one of the Sukeban reveals that the money Shion stole from the first Sukeban a few days ago are actually counterfeits. Shion and Nitori are only saved when the police arrived, forcing the Sukeban to flee.

After giving their eyewitness testimony to the police (which took a very long time), the duo decides to go back home, and stay there for the rest of the day. While using the time to fix up the place, a photo of Nitori and her old friend (whose face is obscured by a drop of blood splatter) is found among the mess. Nitori then reveals that her friend was brutally murdered by the Yorigami Sukeban years ago in their very first criminal act, and breaks down into tears while talking about it. Shion comforts Nitori, and then the duo get right back to fixing up the mess. Then Nitori's landlady comes and threatens to make her move out if she can't pay the rent AND the damages...

Next day, Nitori decides to go to work, and Shion offers to help. The two later arrives at Nitori's car repair shop, and spends the entire morning working...
And that's where the story stopped before I left it on hiatus.
The dog tag is completely blank...

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #80 on: February 25, 2020, 07:11:43 AM »
Is the old forum down for good yet? Because I just tried to access it only to get an error message. I still had several requests for an upcoming event (mostly from people who had no idea the forums were even moving, it seemed) so I needed to be able to check PMs until the end of the month at least.

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #81 on: February 25, 2020, 07:57:34 AM »
It went down at 06:05 UTC. And we probably don't have anyone who can fix it, do we?

Karisa

  • *
    • Twitch
    • YouTube
    • Karisa#5432
  • Gender: Female
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #82 on: February 25, 2020, 11:09:46 AM »
Seventh Holy Scripture is attempting to extract the old site's database, and needed to take it offline to do so. If this succeeds we'll be able to host a backup of the entire database, rather than piecing it together from the various archival efforts.

Side note, it seems shrinemaiden.org is actually pointing to shrinemaiden.com now.

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #83 on: February 26, 2020, 12:43:18 AM »
Okay, as long as they can still be accessed in some form. I'm just a little concerned because I was still corresponding through people in PMs and I'm not sure if those will get archived.

Despatche

  • アノ地球ヲ、コワスタメ。
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #84 on: February 26, 2020, 12:45:34 AM »
I wasn't expecting this to happen so fast. Glad to see that it has. I'd like to post some scores in the future.

Neovereign

  • Infinite Potential
  • This is not very daijoubu...
    • Twitch
    • Twitter
    • Neovereign#9703
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #85 on: February 26, 2020, 01:45:33 AM »
Where were you when MotK was kill.
I was refreshing knowledge of past quests when phone ring.

But in seriousness, I did manage to get what I wanted to know before it became inaccessible, so that's a relief... Also, now is probably the better of times to try things that don't have a past/history, in hopes of new people being interested in them and being able to actually join.

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #86 on: February 26, 2020, 02:22:01 AM »
Wait, so has it disappeared? I hadn't yet archived some PMs I wanted to save...I guess it's my fault for not acting faster.

Mesarthim

  • Idiot
  • Getting lost somewhere
    • Mesarthim#2674
    • Steam
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #87 on: February 26, 2020, 03:03:46 AM »
Well I've been gone for a really long time as far as MotK goes but I hope to not vanish for too long of a time again. Missed one too many things.
If you add me on steam you are going to be on an indefinite waiting period unless you tell me beforehand.

Neovereign

  • Infinite Potential
  • This is not very daijoubu...
    • Twitch
    • Twitter
    • Neovereign#9703
Re: A new beginning for Maidens of the Kaleidoscope
« Reply #88 on: February 26, 2020, 03:24:25 AM »
It's probably not completely/permanently down yet. I suspect the higher ups and such will tell us when it is. Maybe.

Re: A new beginning for Maidens of the Kaleidoscope
« Reply #89 on: February 26, 2020, 11:21:49 AM »
So it was a planned downtime after all, and MotK v2 is saved. Yay! Though you could've announced you're doing it to not freak people out.