Saturday, August 4, 2018

/v/scape BTFO (Port-Mortem)

tl;dr /v/scape server was compromised. Consider everything tied to /v/scape compromised. Your passwords were in plain text so if you have any accounts using that password, you should change them immediately. Your /v/scape account may be locked and you will need to contact a staff member to unlock the account. This is to protect your account.

On August 3 2018 at ~19:30 UTC our server was broken into. This was after a two week+ sustained attack. We were using a password login for the server with no alerts on failed login attempts (I am serious, unfortunately). This made it relatively easy for the attacker to gain access. On August 3 2018 at ~20:15 UTC we noticed what was happening and took action. The VPS provider was emailed and the server reinstall was complete on August 4 2018 at ~2:00 UTC. Our backups were recent so players should experience no data loss from this episode.

The attacker had access to everything related to /v/scape. Everything should be considered compromised at this point including, but not limited to, usernames, passwords, PINs, IPs, MACs, and email addresses from the Mantis. Any accounts that use your password from /v/scape should be changed immediately.

Ironically, we had been working on password hashing/salting and authentication recently. It was planned that we would roll that out in the next couple of days, but obviously that was too late. There were a number of things we should have done differently and they should have been done years ago, but we naively thought we wouldn't be targeted by anyone and maintained an extremely lax security posture. We have already taken steps to better protect ourselves in the future. Among them is hash the passwords instead of letting them sit in the player files in plain text. This is now implemented and your password will be stored as a hash once you have logged in and out of the server as of today (August 4 2018). Two-factor authentication for your accounts will be (optionally) available soon. We also will no longer be using password logins for the VPS. Much more has been done and will be done over the coming weeks.

If your account is locked, you will need to contact a staff member to have it unlocked for you. We are going to restore all accounts no matter how long that takes us. You can message us on Steam from the /v/scape Steam group or make a new account and message us in game.

Lastly, I want to apologize to all of you. This failure was entirely our own. We knew the weaknesses and took years to fix them. We ignored common sense and we knew better. There's nothing I can say here that can or should restore your trust in us (if you ever had any). All I can offer you is an apology and a promise that we are taking all steps we can to prevent this from ever happening again. I am personally taking a more active role in ensuring server security and I know the rest of the team is taking this much more seriously as well.


Monday, April 2, 2018

Vidyascape Q1 Update

Dear Shareholders,

I am writing this today to perhaps settle some of your minds regarding the future of the next couple of quarters of the Vidyascape fiscal year. We have had a slow first quarter which has closed at us as down 4.2 points in our index. Our two major prospects for Q1 have been delayed into Q2 including the "Anniversary" deal and the Easter merger. We are still working on finishing both of these and while late, it is better nonetheless to close while we still can.

To preface our delays I must divulge vital information to you to keep interest in our company alive. Starting late last quarter I, Pickles t. Frogman, took on responsibilities in a separate company which occupies 40 hours of my time each week. While detrimental to the steady progress of Vidyascape Inc., it was a decision that had to be made with regards to my own personal interests. We are currently still adapting to this loss of productivity.

Now, to explain the tardiness of our first quarter prospects I can offer some exciting news. While the Construction wing of our offices still needs a few polishing touches in some corners it seems to be working as an excellent addition to our company! We have remained silent about another similar expansion in order to expediently complete the work and close the deal properly. Our original intent was to create these offices with funds raised by Anniversary Holdings Et. Al but we have suffered financial setbacks to the completion date. Nonetheless, we are pleased to announce that our Hunter wing of offices will be completed by end of April!

The Hunter expansion to our company is largely the explanation to our recent decline in visible progression with our company. We have been working since Q4 of 2017 on this project and are excited to present the finished results to you all by end of month. However, our immediate concern is also finishing the merger with Easter Question Mark LLC. Dubbed the "Easter" merger internally and promised externally to be closed by April 1st we have obviously failed to meet this deadline. There are many reasons why this occurred but I will not waste your time with details; know it will be done at the latest by business close Friday, April 6th.

We at Vidyascape Inc. look forward to a productive second quarter and will keep you the shareholders up to date with the new projects and additions discussed above. With your continued support we can make 2018 great again.


Pickles t. Frogman
Vidyascape, Inc.

Tuesday, January 2, 2018

New year, address and client

Woah, we are slacking pretty hard on writing blog posts.  I've been wanting to do a 2017 recap post and explain the new client details so here we are.  First off, we bought, so our address is a bit nicer and it ended up being really cheap to do once we found the right place to make it happen.  The new client 5.9.5 is now updated to use this address and the same goes for the Vidyascape launcher v0.4. Version 0.3 will keep working for a short time as we still have registered, but eventually it will stop working so make sure you get the new one at some point!  There were a few small client fixes we've had ready for a while, moving the update/server message/private messages so they don't float in the middle of the screen in resize mode as well as better supporting Linux and *nix systems.  It just takes a while to have a reason to update the client as it's never a smooth transition.

I'm gonna work through the year backwards and make small comments on some of the larger things we achieved this year.

Pickles tossed together a Christmas event on Christmas Day, Saxi ran through it and checked it out quickly and I drove an hour home to go update the server... (grandma's house has really garbage internet now?).  We cut it pretty close but we rallied and got it out before the day was over (at least for North America).

A lot of people had a hand in getting Kingdom Management rolled out and working correctly.  We had a problem (payments and approval were going over 50k/100% and giving really large rewards), so we had to disable collection for a few days and work on it.  I personally spent a lot of time on it and made sure to fix it in a way that still gives people credit for the time it was disabled.  Herbs and seeds still need rewritten to work correctly, hopefully we get to that soon.

Benny added ducks to the fishing guild.

Halloween came and went with a nice event (by lead event developer Pickles) that allowed you to choose a reward from Halloweens past, something that will probably see a return with events in general.

Highscores was changed to show if you're looking at an ironman with a little icon next to their name on the list and now counts ironmen among other players in the rankings.  We chose to change herbs to have a "unid" appearance now,

Sheep herder was added and as anything involving npc movement, needed a couple patches.  Agility Pyramid which some thought we weren't going to be able to add to our server was implemented. The middle of the year mostly saw the standard quests and bugfixes, other than Easter and Fourth of July events.  Devious Minds, Wanted, Sea Slug, Between a Rock and Rag and Bone Man rounded out the year.

Oh and the most complex thing we've ever added, construction happened 364 days ago.

All in all it seemed like a quiet year, but looking at about 500 commits, hundreds of fixes and 7 quests I still feel proud of what everyone achieved.  We're well funded, we have players and we're making progress.

Happy (late) New Year everyone!

Tuesday, January 3, 2017

Construction (Beta)

Hello memes,

This is a special post because with it comes the release of a giant mene, the Construction skill. It's something I've been working on for just under 7 months with contributions from all of the other devs. It was kept a secret for almost the entirety of development to try and prevent bankrolling of the skill.

However, it's not entirely complete as of yet. It's a massive skill with more data than any other skill in the game (even skills not added like Hunter, etc). Thus we have elected to release it in a 'beta' testing phase.

What does beta mean? I-I'm not a b-beta!
It simply means that while a majority of the skill works, we will be keeping an eye out for bugs to continually fix and improve the skill until it is 100%. No amount of testing on our end can compare to the brute force of hundreds of autists (players). There will be no rollbacks or removal of exp except in the event of a fatal bug or exploit and even then that would be specific to your account.

Majority of the skill? It's not complete? ROOOOOOOOOO
Almost 95% of the non-dungeon component of the skill is working as intended (tm). Every object in the house can be built, but there are still some that do not have a function. Here's a short list of a few things we know of that have not been 'completed' yet:
  • 'Scry' on scrying pool in Portal Room non-functioning
  • Repair stands in house don't work for Barrows
  • Organ can't be played in Chapel
  • Most Game Room games non-functioning
  • Majority of dungeon rooms non-functioning
We've added a category to the Mantis bug-tracker specifically for Construction - you'll need to help us out and report issues with bugs there. We are mostly aware of things that explicitly do not function, so try and report only bugs you run into not any 'Nothing interesting happens.'.

What about muh favorite part of the skill _____??
Odds are if it isn't in the above list then it is working. Test it for yourself and for the love of frogs do NOT message me or any other dev asking about it.

In closing,
We hope the release doesn't go horribly wrong, although we do expect a few shitposts from something that is incredibly simple but got overlooked in the nearly 20k lines of code that makes up this meme skill. Like I said above, we'll be continuing to work on the skill for the following months to get it perfected. It'll be a process, like Farming, but once it's done we'll have a 100% functioning Construction skill which is quite the feat in the RSPS world.


Friday, December 16, 2016

Details about global drop fixes

Drops work in the following way:

1. Kill a monster
2. Roll for a single item from each chance table (common, uncommon, rare... etc)
3. Roll for each of those items
4. Pray to Pickles
5. Win a roll, get the item being rolled for

Previously there was a bug where it was rolling in the wrong order: from most common to most rare. This bug has been fixed so rare items are now rolled for first, thus balancing the drop rate on many items (Whips and such).

Friday, November 18, 2016

Full bug fixes 11/18

-Fixed shades / zombie randoms appearing at DKs
-Tele-tab crafting working again
-Leather gloves drop added to Edgeville
-Poison in PC now properly gives damage points
-Fixed a bug with The Grand Tree glider captain
-Can use material on Aggie to receive dye
-Fixed barricades in PC not being repairable
-Fixed a bug with poisoning thrown items on full inv.
-Nazastarool is now affected by Crumble Undead
-Fixed a bug where some rotten logs couldn't be blessed
-Fixed the bug with wrong level-up dialogue messages
-Fixed auto-retaliate messing with certain actions
-Berserker and Power amulet prayer bonuses fixed
-Can now drop a majority of untradable items properly
-Pet rock can now be used to open Waterbirth dun. doors
-Fliers added to imp and barbarian drops
-Blue dragons are no longer poison immune
-Various drop tweaks
-Desert Bandits now aggro to Sara / Zammy gear
-Added text to cannonball crafting
-Can now use Klank's Gauntlets to get Quicklime
-Fixed a bug with using bucket of water on bread

Thursday, September 1, 2016

September 1st, 2016 full patchnotes

Full list of fixes from this update:

-Farmers now accept noted payments
-Muddy chest now implemented
-Retribution / Redemption prayer bugs fixed
-Mole no longer retreats to the same burrow spot
-Seaweed nets now have a refresh timer
-Anti++ properly requires coconut milk
-Nightshade can be picked with gauntlets
-Ship to Waterbirth second-click option fixed
-Ladder at the end of Waterbirth dungeon working
-Bones to Peaches tablet fixed
-'Inspecting' crops now shows treatment status
-'Taking' from tomato compost bin fixed
-Fillables now properly usable on each other
-Ogre arrow flighting bug fixed
-Brimhaven moss giant ropeswing fixed
-Nature Amulet now has a 'check' right click option
-Can properly enchant less than 10 bolts
-Music and sound fx fixes / changes
-Run energy properly restores if leader is walking
-Random events no longer disable / drain prayer
-Rune / Adamant (g)/(t) skirts added to TT
-Dark cavalier added to TT
-Spam clicking continue no longer closes dialogue
-Loop button on the music interface now working
-Added pie tasks to the Cooking guild