Vexed by Vagrant

We (the company I work for) have a suite of sites that have been having performance issues. We’ve done a few optimization passes and they’ve helped, but not enough and we were seeing diminishing returns. Finally I got approval to beef up hosting for them. I was over-joyed because for once here was a solution to the problem that wasn’t going to be a big headache.

Boy was I wrong. I didn’t factor in that the newer hosting plan was running more recent versions of Ubuntu, PHP and MySQL. The ISP moved the sites for us…and they blew up. *sigh* Fortunately they were able to roll things back, but now it’s up to me to figure out how to get these sites running on newer software.

I didn’t want to update my dev server and potentially blow up a bunch of other sites, so I turned to Vagrant. I’ve been looking for a good reason to use it and this seemed like the ideal situation. I know the cool kids all use Docker now but I still haven’t really wrapped my head around Docker yet. Vagrant feels reasonably intuitive to me.

Soon enough I was off to a good start. I pulled down the ‘official’ (Canonical-supplied) Ubuntu 16 Vagrantbox, installed Apache, PHP and MySQL. Everything was looking good; it was serving pages through a forwarded port. The next step was to create a custom box from the server as it was running. The idea is that you create this Vagrant box with all the software configured the way you want it, then you can spin up identical virtual machines really easily. You can give a less tech-savvy co-worker (yes, they do exist even though I’m a NOOB) a copy of the box and with a minimum of instruction they can spin up an identical setup.

So I did that…and something went wrong. When I spun up a Vagrant VM from my box, I couldn’t SSH to it. Seemed to be an issue with the SSH keys or something. It wasn’t a complete train wreck…Apache was still serving pages via a directory shared between Windows and the VM, so I could have forged ahead but I knew that sooner or later I was going to want to SSH into the virtual machine for something.

Off to Google to find out what I’d done wrong. And oy, did I find a lot of info. I wasn’t the first one to have this issue, but some of the bug report threads started in 2014 and ran up to last week. I found a dozen or more fixes, none of which seemed to work for everyone. Most of the fixes involved SSHing into the VM using a username and password, which, I read time and time again, is vagrant/vagrant (obviously these aren’t production boxes). But try as I might I couldn’t log in with username and password. I could connect to the port so I knew SSH was running but I couldn’t authenticate.

I went further and further down the rabbit hole, eventually uninstalling Vagrant and VirtualBox and starting from scratch, all to no avail.

About 5 hours into this process, I found a new post about it. Apparently the official Ubuntu 16 boxes don’t use vagrant/vagrant as the username and password, even though they are ‘supposed’ to according to Vagrant’s guidelines. Instead they use ubuntu as a username and no one seems to know what the password is.

To say I was frustrated to learn this would be quite an understatement. The fix for the bug is apparently to use the v0rtex/xenial box which is set up with a vagrant/vagrant account. You can read more about the bug here.

So now I’m back to square one and tomorrow I’ll install a LAMP stack on the vortex/xenial box, then try packaging it again. Still think I’m doing something wrong with my packaging, unfortunately. Today was wasted by a bug that was preventing me from fixing a different problem, more or less. That’s going to look great on my weekly productivity report. /sigh

Maybe I should’ve tried Docker after all…

[Update: SOLVED (I hope)]

OK I finally got a working box, here’s what I did, based on the info in this thread.

You start in your existing VM — the one you’re going to build from.

Add
config.ssh.insert_key = false
to the Vagrant file

vagrant up
to start the machine.

vagrant ssh
to SSH in.

Run these commands:

wget https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -O .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown -R vagrant:vagrant .ssh

Exit your SSH session.

Now create your new box. I followed these instructions

For me the command was

vagrant package --base arcus_default_1484688088638_34762 --output ../arcusv2.box

where “arcus_default_1484688088638_34762” is the name of the VM I wanted to base the box off of..you get this from VirtualBox. And I was naming my new box arcusv2.box and putting it one level up in my directory tree.

Then create a new directory, move into it.

Do something like this to add the new box
vagrant box add arcusv2 ../arcusv2.box

Then
vagrant init
to create the initial vagrantfile. Add
config.vm.box = "arcusv2"
config.ssh.insert_key = false

(obviously substitute whatever you named your new box for ‘arcusv2’)

And finally

vagrant up

And if you’re lucky like I was, the box will start up without authentication errors.

Apollo astronaut Gene Cernan has died.

I’m old enough to remember the first moon landing. What a time that was. Every kid wanted to be an astronaut. We drank Tang and ate Space Sticks and anything that was freeze dried. We built plastic models of the lunar module. It was the start of a bold new world of human exploration of space.

And then it all stopped.

Now there are just a handful of humans who’ve set foot on a chunk of rock other than earth. On Monday we lost one of those few, Gene Cernan. Here’s NASA’s profile of him. Rest In Peace.

There are now six people who’ve walked on two worlds:

Buzz Aldrin
Alan Bean
David Scott
John Young
Charles Duke
Harrison Schmitt

A sad day.

Any Linux experts in the audience? Problems with Suspend

I had to work last night, and before work I was messing around with a laptop, so very little gaming to speak of. When my frustration peaked I did play a little Diablo 3 which felt pretty cathartic, honestly.

So I’m vexed by Linux and this laptop. I have an old Lenovo V570 that was cheap when I bought it a long time ago (it came with Windows 7 pre-installed, that’s how old it is). I had it set up to dual-boot into Linux Mint and Windows 10 Preview. Since Win10 Preview isn’t a thing any longer, the other day I decided to reformat everything and make the laptop a dedicated Linux machine.

I’ve tried two distributions, Ubuntu and Linux Mint and they both have the same problem: the laptop won’t wake up from Suspend. (Granted Mint is based on Ubuntu so I shouldn’t be surprised they have the same issue.) So I close the laptop, then open it and I just get a black screen. Fans might be running but there’s nothing I can interact with. I have to cut power and restart. For all I know maybe the screen just isn’t waking up…it’s hard to say.

If this was a desktop machine I’d probably just roll with it but for a laptop it’s an issue. I looked at /var/log/pm-suspend.log and I don’t see any errors, so I think the problem isn’t the suspend itself, but waking from suspension. I’ve Googled and tried lots of things but it seems like Linux Suspend issues have been with us a long time and it’s tough to get current info. I’ve checked the size of the swap partition, put esoteric scripts in /etc/pm/sleep.d/, tried installing various kernels… so far nothing works.

Currently I have Mint 18.1 installed. Before wiping the laptop I think I had Mint 16.something and it had no issues with Suspend. Now I wish I’d just re-sized the partition rather than wiping everything.

At one point I did see a tip to add something to grub to force it to wake the keyboard. The theory was that when you opened the laptop when it was suspended, the keyboard didn’t ‘wake up’ so it was effectively dead so there was no way to wake the machine. I lost that page in a reboot though and haven’t found it again yet!

I’m not averse to just trying a different distro, if someone can recommend a good distro for noobs that isn’t based on Ubuntu.

Or if anyone has any suggestions on how to fix this issue I’d appreciate that too. In truth I can only work on it so long before frustration mounts since everything I try has to be tested by Suspending the machine, finding that the fix didn’t work, then killing the power, then booting everything up again. It’s pretty time consuming.

Vera Rubin obituary at the NY Times

Vera Rubin died last month, and her obituary in the NY Times is a fascinating read, not just because of the great work she did in identifying the mysteries of dark matter in the universe, but because of the obstacles she had to overcome in order to even be given a chance to do that work.

I can’t pretend to know what it feels like to be a woman fighting to be considered equal to men in so many aspects of our culture, but Dr Rubin’s story at least shows how much progress has been made inside of one lifetime. For instance, in 1948 Rubin was turned away from the astrophysics program at Princeton since they didn’t allow women in that program. Another story recounted in the piece is how she had to meet with astrophysicist George Gamow in the lobby of the building where he worked because women weren’t allowed in the offices.

Anyway, well worth a read for a number of reasons, IMO:
Vera Rubin, 88, Dies; Opened Doors in Astronomy, and for Women

My tech nightmare

This week I offended some ancient technology demi-god somehow, and I paid the price.

It all started Wednesday when folks were talking about LOTRO. I was wondering if my old characters still existed so I fired up Steam and installed the game. When it finished installing through Steam I fired it up and it did that thing where every damned Steam game seems to need to install C++ libraries and assorted other things. In this case ANCIENT versions. Then it had to patch. Then I let it download high-resolution textures.

When it was finally done I started the game, with the intention of literally taking a screen shot of my characters to share on Imzy. I had no intention of actually playing the game. LOTRO started, my primary monitor when black. Stayed black. I could hear sounds but they were broken and stuttering. So I jumped over to monitor #2 and right clicked LOTRO and picked Close Window and nothing happened. So I hit CTRL-ALT-DELETE and nothing happened. Task manager wouldn’t come up. Vexed, I held down the power button on the machine to kill it. And that’s when trouble really began.

When I restarted the machine it blue-screened with an error of BAD_SYSTEM_CONFIG_INFO. Someone suggested this could be a video card issue, so I dragged the system out and swapped it with an old card I had. No help there. Swapped it back and started googling solutions. Tried various things for the next day or so. Some of them, like an extended chkdsk, took hours and hours to run. Tried to restore but Windows said it couldn’t find any restore points.

Finally found this solution online and it got me back to the desktop. Basically you’re replacing a bunch of files in C:\Windows\System32\config with backup copies.

So now I was at my desktop but my Start menu wouldn’t come up and everything felt really slow and sluggish. Virus maybe? Ran a bunch of checkers but found nothing. That was another few hours gone. Ever since installing LOTRO when the system starts up, about 20-30 seconds after I see a desktop, one of my monitors goes black for a few seconds. I see a ‘loading cursor’ and then the desktop appears, but with limited functionality (no Start menu, can’t open more than 1 file explorer window from the task bar, and some other stuff). I kind of feel like whatever this is, it’s undoing my fixes.

But at least I could get to my files. First thing I did was check to make sure my backups were up to date and…my backup system had quietly stopped working last June! Nothing since then was backed up. OK well I decided to back stuff up manually. Starting copying stuff to an external USB drive and it was going at like 18 Kbs and was going to take two days to copy, then it crapped out completely. USB was apparently out, but I could still copy across my home network to my Linux server. But first I had to clear out a bunch of stuff from that to make room.

I had to blow away a bunch of dev sites but freed up the space and starting copying my files to the Linux server. That was going to take a couple hours. 25% of the way through, I get an error that the PC can’t talk to Linux any more. I look at the Linux box and it was frozen. It has never done this, and had been running flawlessly for months. NOW it decides to crap out. So I reboot THAT and when I get it back online, the PC can no longer see it.

Interspersed with all of this I’m trying a bunch of things to repair the Windows installation but nothing is working. OK time to Reset the machine. By this time it’s about 4 pm Thursday. I start the reset process. It gets about 40% done and reboots to a black screen with a circle of dots indicating some process is happening. I let it sit like that for 7 hours. At about 11:30 I manually restart the machine and I get a “Loading Windows…” screen. Yay! I go to bed. In the morning I find that same black screen with the circle of dots. I reboot again and I get “Restoring files” and when that finishes I’m right back to where I started. The Reset failed.

At some point you start trying crazy shit. I read somewhere to unplug all USB devices. I do that and try the Reset again and it fails again. And for some reason when I re-attached the external USB drive I plug it into another USB port and… it works perfectly. So apparently one of my USB ports is blown. At least that means I can backup my files, so I do that. Now the pressure is off.

I try to reset or restore the system through a bunch of different techniques and none of them work. Half-way through this process, my main monitor stops working. Now to be fair this monitor has been a little wonky for a while. It would get stuck in standby mode and I’d have to cut the power to reset it. Now it’s frozen and won’t come back, but the thing is, it APPEARS to be working. So now I start to wonder how many times in the past days I’ve thought Windows was frozen but it’s just the monitor freezing. Anyway I crawl under the desk and disconnect that, and switch the backup monitor to the port that main monitor was using just to be sure it isn’t the video card connection.

So count so far: 1 fubar’d Windows OS, 1 fubar’d USB port, 1 fubar’d Linux service, 1 fubar’d monitor. All in the course of 3 days. AND my laptop has been acting up; the cursor keeps going nuts. Oh well.

Finally I just give in and install Windows from scratch. This works but I see a lot more partitions than I expect to see. There are 2 System Restore partitions, one that’s a few hundred megs, the other and about 3 GB. Then there’s another UEFI partition, if I recall correctly. Not being as up on Windows as I should be, I leave them all be. I hope I don’t regret that.

So now I’m re-installing apps and I’ve confirmed that my backup is actually running again. I ordered a new cheap monitor (money is tight right now or I would’ve just gone and bought a new system…this one is 6 years old) and a new video card because my Spidey Sense is telling me that my current card might have had something to do with this issue (sometimes when I start this machine it reports that the card’s supplementary power cable isn’t attached…in fact I replaced the power supply because of this not too long ago).

Hopefully it won’t take me too long to get everything back where it was. I’m going to have to re-create those dev sites on the Linux server, and I need to get all my tools re-installed on the PC and pull down all my work repos. And then the next thing I am not ever going to do is reinstall LOTRO! In fact I don’t think I’ll mess with installing games on the system again. I don’t play PC games and I just don’t need these kinds of headaches. Maybe games from the Windows Store since they are sandboxed and can’t bork your whole system.

Now I’m going to go give my game consoles a big ‘ol hug!

Elder Scrolls Online HDR patch

One of the reasons I was anxious to get a PS4 Pro as soon as they launched was that I’d heard The Elder Scrolls Online would support the new hardware with improved resolution (or ‘enhanced details on 1080P screens). It was one of the first games I tried on the new console and when I saw the difference I knew I hadn’t made a mistake. Now don’t get me wrong, it was still TESO, but the increased resolution meant more details ‘popped’ and the improved draw distances made the world feel even more alive. Mostly this is all aesthetics though I can spot harvest nodes from further away now.

Of course me being me, soon after I drifted off to other games, but I always come back to TESO eventually.

I did that yesterday and was surprised to see “An HDR video is playing” pop up on my screen when I loaded the game (that’s my TV’s awkward way of indicating it is receiving video from an HDR source). Turns out a recent update added HDR support to the game. I was delighted until I logged in and found the cave I’d happened to log out in was dark. I mean really dark. Dark to the level of having to navigate via the map because I literally couldn’t see the walls.

I went online and found I wasn’t the only one having issues, and in fact even people without HDR TVs were complaining about the game being too dark. So I think Zenimax is going to have to adjust things. That said, for me it was just a matter of tweaking some settings.

Here’s the thing about HDR. First, it’s impossible for me to show you how awesome it is unless you have an HDR display and even then I’m not sure how I, personally, can capture HDR data to share. It’s kind of like 3D or VR; without the right hardware there’s no way for you to see it. Second, it’s still pretty new tech and tends to be fiddly. You see a lot of people talking about how it’s too much trouble; these comments, I have to assume, are coming from people who haven’t experienced it. It is very much worth the few minutes it (sometimes) takes to get it right.

In my TV’s case (a Samsung KS8000) I found that I had to turn on Dynamic Contrast, which is something all the pundits tell you to leave off. With the new patch there’s an “HDR Brightness” slider. With Dynamic Contrast turned off this didn’t appear to do anything. With Dynamic Contrast set to high, moving the slider resulted in noticeable changes though it feel more like “how HDR-ey do you want this” more than an actual brightness slider.

But with Dynamic Contrast set to High I could see in caves again. Given, again, that all the pundits hate Dynamic Contrast, I then tried it set to Medium and still had good results. On Low it’s a wee bit dark. It’s dark in a way that actually feels cool in terms of immersion but maybe too dark to do group dungeon content, not that I ever do group dungeon content.

Anyway once I’d done this….WOW. The Elder Scrolls Online looks like a whole new game now. A lot of colors are brighter, the lighting is amazing and everything just feels more “real” something. It’s really hard for me to articulate what HDR does, but I really like it. Now I’m running around the world and sometimes something will catch my eye (the rays of the setting sun on water, maybe, or a shaft of magical light coming from a relic) and I’ll just stop and gawk. At one point I was looking for the source of glare on my TV screen for a few seconds before I realized it wasn’t glare, but the light from an in-game torch was just THAT bright.

I’m really looking forward to when HDR is more common and less finicky; I can’t wait for more people to get HDR religion :). One of my biggest issues now is, I’m not a TV professional and there are a lot of settings to play with. I generally look up the settings for a TV from some site like rtings.com and use those. But for this Samsung I keep getting conflicting info, and then there are settings for HDR and settings for regular video, AND then there are a few settings on the PS4 that you can mess with. So many variables! I finally say “Heck with it” and I’m letting my eyes decide. Rather than worrying about if the picture is correct or accurate, I’m worrying about whether it is pleasing to me. Still, there are a LOT of settings to tweak and it can be really confusing. I hope it gets easier over time.

Still, totally worth it though. HDR is the real deal.

Gadgets and killer apps (Acer Iconia A500)

A couple of weeks ago I bought my first Android tablet, the Acer Iconia A500. This in spite of owning an iPad, which I love. So why a second tablet? Mostly curiosity, backed by the fact that I write a lot about Android tablets on my ITworld blog and I always feel more secure writing about a topic if I have real-world, hands-on experience. Yeah, I could’ve gone into a store and played around with an Android tablet, but that doesn’t compare to living with a device.

So far, I’m really enjoying the Iconia. Is it a “better” tablet than the iPad? No, I don’t think so. iOS is more refined than Honeycomb (the version of Android made for tablets), more stable (the Iconia locks up probably once a day) and there’re a lot more apps available for iOS. Also keep in mind my experience is with an iPad 1.

And yet these days when I reach for a tablet, I generally grab the Iconia. Weird, no? Part of it is the ‘new’ factor, but after naval gazing for a while I’ve come to realize it’s mostly about a “killer app.” In this context, a killer app is that one program that just sings to you, personally. It might not be the best or the most popular, but it just fits for you.

In my case, the killer app is Feedly for Honeycomb. Feedly pulls in my Google Reader feeds and presents them in a nice browsable format. There are a ton of apps that do this, and in fact Feedly is available for the iPad too. But I like Feedly on the Iconia. It just feels right.

Feedly only runs in portrait mode, and the Iconia is narrower and longer than the iPad when held in a portrait orientation. That makes Feedly feel like I’m reading a magazine. Each page has a list of new stories. I can tap one to drill down into full content, and from there (if needed) I can choose to open the story in a web browser (I use Dolphin HD on Android). Generally I only need to do this if there’s embedded video. Feedly’s built-in browser doesn’t handle video.

If there’s nothing on a page that I want to read, I just swipe to go to the next page, and Feedly marks all the stories read (you can disable this if you like). If I want to save something for later, Feedly supports Instapaper, which is a tool I lean on heavily.

Anyway, this isn’t meant to be a Feedly review. But it’s just odd to me that this one free app is what makes the Iconia my preferred tablet these days (unless I want to play games…the iPad is still better for that just due to the number of titles available). Well, the Feedly app and the different proportions of the Iconia tablet.

I never would have discovered this combination by playing around with a tablet in the store, and now I just love it. I also prefer the Dolphin browser to iOS Safari (or Android’s built-in browser) for general surfing, too. I find myself laying in bed at night, reading my feeds just like they’re a magazine, now. It’s killing my book reading, though! (Although that reminds me, I like reading Kindle books on the Iconia more than on the iPad, too…again because its narrower and longer. Shorter lines but, I’m guessing, the same number of page turns.) I’ve moved from Evernote to Springpad because of their Honeycomb client, too.

Huh, so Feedly got my foot in the door but I guess I’m really gravitating to more and more Android apps. I didn’t realize that, really, until I started writing this.

Anyway I was wondering if I’m just weird, or if other people have gadgets that they love just due to a specific feature?

I still might trade in the Iconia for the Galaxy Tab when it comes out next month, but I want to see what the proportions are. I’m a little leery of switching at this point, to be honest.

Clearing up the Sony FUD

OK listen, it sucks that some thieves stole your name, address and hashed passwords. I get that. Sony should be held accountable on some level, though I’d say the thieves more so.

But I’m so SICK and TIRED of the professional game bloggers making everything look so much worse than it is, spinning things to make it seem like Sony all but rolled out the red carpet for the thieves. I’ve seen it on Destructoid (though to their credit, they went back and updated the post later), Kotaku, Joystiq, Gamespot, Massively… all saying some variety of “Experts say that Sony had unpatched servers and no firewall, and knew about it.”

This is all coming from Dr. Gene Spafford, from Purdue University. Or so the spun stories will tell you. Most of these stories even link to the written testimonial. Which actually says:

In the Sony case, the majority of the victims are likely young people whose sense of risk, privacy and
consequence are not yet fully developed, and thus they may also not understand the full
ramifications of what has happened. Presumably, both companies are large enough that they
could have afforded to spend an appropriate amount on security and privacy protections of
their data; I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk.

(emphasis mine)

Most of the testimony is really basic stuff about how bad having data stolen is and what “phishing” means and other stuff that 99.99% of the people reading this blog already understand. As for the spoken testimonial, here that is:

There’s your expert and you can hear it for yourself. Basically he read a mailing list where someone claims to know that Sony had an out of date version of Apache (no details on how out of date) and no firewall (this is clearly bullshit…there’s no way they didn’t have a load balancer in place to distribute 77 million users across their servers, and pretty much every load balancer is also a firewall; between the apache servers and the application servers there needs to be some kind of firewall to handle NAT or something…unless all of Sony’s servers were on public facing machines, which is very very VERY hard to imagine) and claims that Sony reads the same mailing list and knew all about it.

That’s not exactly compelling testimony to me… people say all kinds of random shit on mailing lists and forums. Also note that in his written testimony he refers to news reports, leading me to wonder if he even reads the mailing lists in question.

Now whatever security measures Sony had in place, they were clearly not up to the task at hand, and shame on them for not having beefier security. We’re all paying the price for that mistake. But there’s a big difference between “not enough security” and what this expert is saying, which is essentially “there was no security at all.”

Add to that the fact that Sony says the breach occurred via an application server, not a web server, and with all the security people looking over their shoulders, the FBI involved and the intense scrutiny they’re under, I find it a stretch to think they’re going to try to pull off a lie right now.

And yet.. every one of these posts have commenters nodding their heads and dragging out the pitchforks and torches and assuming that yup, everything this old gentleman has to say must be 100% true.

I’ve never been more ashamed of the community of professional bloggers out there.

DAW post: the little guys

It’s Developer Appreciation Week! If you don’t know what that is, read up about it on ScaryBooster’s blog (he invented it, after all!)

I like to think I always appreciate developers but maybe that’s just in my own head. I certainly do my fair share of bitching about games.

Back in olden times when I wrote for a gaming magazine I met a lot of game developers. In those days only the biggest companies had PR flacks. More often than not you’d sit down with a few members of the team and a producer and talk about their next big thing.

I can’t remember ever meeting a developer who wasn’t super-excited about their product. Now I was press so maybe the grumpy devs were all locked in a closet, but from my point of view visiting a company meant hanging out with a bunch of people who were overflowing with energy and optimism and a love of gaming. I’d come out of those meetings bursting with energy. So much fun.

But that was long ago and now it’s rare that I get to meet game developers. The closest I come is rubbing shoulders with them at PAX East. No, I didn’t talk to Cliff Bleszinski at PAX (my one and only meeting with him was at the very first E3 when he and a few other teen-aged guys were running around with a laptop trying to get journalists to look at some shooter they were building…it was called Unreal or something like that) or anyone from SW:TOR or Battlefield 3.

I talked to, or at least hovered around, the little guys. So my DAW post is going to be about the smaller developers. I’m constantly impressed at how devoted these folks are to making their games. They’re always on a strict budget, trying to figure out how to get published (or whether to self-publish) and how to handle PR & Marketing and pay the rent and do the taxes…while they’re also slaving away on a game.

I love the timing of DAW because it comes so soon after PAX East, and both years I’ve come out of the show enthused about the smaller and indie devs. Y’know, those “garage developers” that Nintendo doesn’t give a fig about. Stupid Nintendo. Really stupid.

So let’s name some names. There’s Fire Hose Games (Slam Bolt Scrappers) and Robot Entertainment (Orcs Must Die) and Demiurge (Shoot Many Robots) and Hothead Games (Swarm) and Polytron (Fez) and Owlchemy Labs (Smuggle Truck). These guys were all showing their games at PAX and I plan to buy and play them all (I’ve already bought Slam Bolt Scrappers and Swarm).

There were more there and of course there’s are a ton of small and indie developers who didn’t go to PAX. Blendo Games (Atom Zombie Smasher) is another small developer who I’ve recently supported via my gaming addiciton.

One company I have to single out is Dusty Monk’s Windstorm Studios. Their first game doesn’t have a (public) title yet, but what’s incredible here is Dusty’s transparency. Those of us who follow him on Twitter really get an inside peek at the day-to-day life of an indie developer. You are your only boss and it’s clear that you have to have a lot of inner strength to beat out some code when you’d rather be playing Rift like everyone else is.

I’m positive I wouldn’t have the willpower to do it and I’m kind of awed that all these companies have small teams that have to really behave as TEAMS with everyone pulling their weight and then some. These people bust their asses to produce games for us to play and let’s face it…very few of them are getting rich doing it. They make games because they love games. If they didn’t love games they could make a lot more money working on accounting systems or something.

I salute all of you ladies and gentlemen who’re working in teams small enough that there’s no hiding from the pressure or riding on another person’t coattails. Everyone has to give 110% every day in order to get your games to the market.

Your games are fresh and fun and awesome. Please keep up the good work, and I’ll keep buying them!

One last item: a special salute of admiration goes out to Werit, who is building a game by himself and seems to really be sticking to it. He is as indie as indie can be! I look forward to the day when he launches Stellar Fortune!

Rift and hacked accounts

Disclaimer: I am not a security expert.

I’ve been seeing a lot of talk about folks getting their Rift accounts hacked. Most often the #1 question is “How did this happen?” People go crazy examining their systems for key loggers or other malware that might be delivering their credentials to some hacker.

I have my own theory on what’s going on. Part of it is Trion’s fault, part of it is the internet’s fault. I don’t think we’re seeing a massive key logger issue here; at least not one on our home computers. That’s assuming the problem is as extensive as the community seems to think it is.

I think we’re seeing an organized, brute force hacking attempt across a multitude of accounts. If you’ve never read about rainbow hash cracking, now might be a good time to do so. Note the first line in that post: The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password “Fgpyyih804423” in 160 seconds. and the post is from 2007; you can imagine how much faster these cracking software packages work today.

[Update] Glad I put the disclaimer about not being a security expert in there. According to a friend on Twitter (who I won’t credit just so as not to put him in the spotlight) in order to use these rainbow tables, the hackers would first need to have access to Trion’s database of hashed (encrypted) passwords. Or, of course, a dump of any other database of passwords where you used the same password. So I may be off-base in my whole theory. [End Update]

So what can you do? Honestly, not very much. I think Trion stumbled when they limited password length to 16 characters. Coding Horror’s Jeff Atwood promotes the idea of pass phrases. So instead of “!ah84&nah3” as a password (which can be cracked pretty quickly using rainbow tables) your password might be “IreallyLove_Rift_(because)all(!)myhawtfriendsplay!” My understanding is (again, not a security expert) that a password that long is going to be hard to crack even with rainbow tables, because the size of the table it would require would be so freaking huge. There’s a little bit of “When a bear is chasing you, you only need to be faster than your friends” thing going on. A lengthy password takes you out of the “low hanging fruit” demographic.

For me, that long passphrase is also easier to remember and faster to type than !ah84&nah3, but maybe I’m just weird.

Anyway the point is moot since Trion limits us to 16 character passwords.

I’m also not sure about having to use your game login credentials to log into the forums and website. How many people log into the forums from public Wifi at a coffee shop or something? Since the site and forums use https:// to log in, they *should* be secure but I still feel uneasy about that.

Anyway, the good news is… well, there isn’t really any good news, except that if you get hacked don’t pull your hair out examining and re-examining your system looking for key loggers.

The best you can do at this point is using all 16 characters of your password and definitely mix in punctuation. But I suspect that the gold farming companies that are doing all this hacking are using rainbow tables that cover punctuation. Also make sure you’re using a unique password for Rift, not one you use on other sites.

Hopefully the Coin Lock feature will be the first step in putting an end to this outbreak of hacking (but I suspect the hackers will quickly start spoofing IP addresses to get around it), and I’m looking forward to Trion’s future anti-hacking techniques like authorization via emails/sms or smartphone authenticators.

Last thought: If you’re buying gold, you’re part of the problem. Remember that the gold you’re buying most likely originated from a hacked account. By creating demand, you’re encouraging hacking.