-v- Originally Posted by coupaholic -v-
"Don't Panic, They're Just Topping Up The Tanks With Awesome Sauce."
Vanilla Forum Migration Status Update 6/22/15
Comments
-
magenubbie wrote: »
In FF you'll have to allow vanilla (and arc) to place 3rd party cookies.. Disgusting, I agree, but that's probably why you can't visit here using FF.I needed to add arcgames.com and vanillaforums.com to my cookie exceptions in Chromium to get it to work.
Login on Firefox still doesn't work at all, seemingly due to Vanilla using deprecated crypto.
The forum is using the vanillaforums.com domain to issue forum cookies despite sitting on the arcgames.com domain.
Also, they really have to get away from RC4 encryption for login. Its labeled compromised and browsers will start blocking these connections by default. Hackers will discover this and start performing MITM attacks if they haven't already.These forums suck. ~Omega X0 -
The forum is using the vanillaforums.com domain to issue forum cookies despite sitting on the arcgames.com domain.
Also, they really have to get away from RC4 encryption for login. Its labeled compromised and browsers will start blocking these connections by default. Hackers will discover this and start performing MITM attacks if they haven't already.
They have SSL errors on arcgames.com and its subdomains. See the following bug reports:
http://perfectworld.vanillaforums.com/discussion/1190682/firefox-isnt-accepting-ssl-certificate-from-arcgames-com
http://perfectworld.vanillaforums.com/discussion/1190685/ssl-error-on-arcgames-com-ssl-error-no-cypher-overlap
Those problems would remain even if these forums didn't exist.I needed to add arcgames.com and vanillaforums.com to my cookie exceptions in Chromium to get it to work.
Login on Firefox still doesn't work at all, seemingly due to Vanilla using deprecated crypto.
I'm not sure how you're trying to log in. If you're seeing an SSL error in Firefox, I suspect it may have more to do with arcgames.com than perfectworld.vanillaforums.com. I don't think Firefox would even detect the cryptography that Vanilla is using for their SSO. You can read their documentation here:
http://blog.vanillaforums.com/help/vanilla-jsconnect-single-signon-on/
http://blog.vanillaforums.com/jsconnect-technical-documentation/
http://blog.vanillaforums.com/jsconnect-technical-documentation-for-embedded-sso/
By the way, their documentation on site-wide SSO kind of indicates that they don't know much about cryptography. I wrote about this elsewhere.While browsing Vanilla Forums' documentation on jsConnect, I discovered something strange. They distinguish between two kinds of SSO: site-wide SSO and embedded SSO.
http://blog.vanillaforums.com/help/vanilla-jsconnect-single-signon-on/
In their documentation on site-wide SSO, they construct a MAC by computing a SHA-1 hash of the message concatenated with the secret key.
http://blog.vanillaforums.com/jsconnect-technical-documentation/
if (hash(concat(timestamp, secret)) == signature)
// valid
else
// invalid
signature = sha1(concat(signature_string, secret));
I'm doubtful that this construction has a security proof. Why are they making up their own MAC instead of using a standard construction? It's especially strange because, in their documentation on embedded SSO, they use HMAC.
http://blog.vanillaforums.com/jsconnect-technical-documentation-for-embedded-sso/
signature = hmacsha1(signature_string + " " + timestamp, secret);
Why use a standard MAC in one place, but make up your own in another? Unless you are a cryptographer, you shouldn't be devising your own cryptographic schemes instead of using a standard library.Post edited by frtoaster on0 -
magenubbie wrote: »
In FF you'll have to allow vanilla (and arc) to place 3rd party cookies.. Disgusting, I agree, but that's probably why you can't visit here using FF.I needed to add arcgames.com and vanillaforums.com to my cookie exceptions in Chromium to get it to work.
Login on Firefox still doesn't work at all, seemingly due to Vanilla using deprecated crypto.
Nah, tried that already.0 -
OK. Found I can navigate back to the forums after logging in but it takes a few clicks which is really annoying.
After logging in while on the forums site I get sent to http://www.arcgames.com/en/games
To get back to the forums I have to click: Social>Forums>Forums for the game I want. But it doesn't take me to the forums hompage. So for players who want to go to the forums homepage there is 1 extra click. They need to click Home at the top of the forums page. So 3-4 clicks after logging in on the forums to get back to the forums.
0 -
The best thing to do to access the forums is just to bookmark perfectworld.vanillaforums.com, honestly. Trying to go through arc causes more problems than it is worth, atm.0
-
It just occurred to me. Aren't French and German speakers supposed to have their own STO forums? I only see "Swordsman" under "Forums francophones" and "Deutsches Forum".
At least the german Forsaken World forum isn't migrated because "unforeseen technical difficulties" arised. We still don't have an ETA when we will be migrated. Perhaps it's the same for other games...?Forsaken World - Server: Dyos - Kindred Fire Mage0 -
Absolute worse forum I have ever experienced in many years of gaming. Looks cheap and uninspired. Difficult to navigate or find content.....looks like a Middle School Science project by the smart, but lazy kid who sits in the back of the class, draws cars all day, and barely passes the class despite being brillant enough to ace it.0
-
My summary of the new forum: It's crap, but at least it remembers my login.
(I'd suggest replacing the mods but that would get me edited)0 -
looks like a Middle School Science project by the smart, but lazy kid who sits in the back of the class, draws cars all day, and barely passes the class despite being brillant enough to ace it.
You described my life back when I was in school. Except for the cars part, everything else is right on. How coincidental. You know there's a reason why we barely passed classes, right? We figured out that any way you look at it, as long as you get a C, you pass. So only turning in about half of the homework and getting A's on all of the tests is good enough to pass and get us out of the boredom. Of course in university that attitude has to be shifted away from sadly.
Also, when grown up they turn out to do great things, like fixing this forum.
If you use Asterelle's Tampermonkey/Greasemonkey extention or Stylish and directly insert my CSS files, you can alleviate some of the bad design choices for now. You'll find links to that stuff in my signature and a huge thread in "Suggestions" called "testing, bug-hunting, and finding exploits" where we have been discussing the changes and whatnot. GAME FORUMS (Direct Link & Arc Frame)Forum Enhancements and Visual Improvements(Greasemonkey/Tampermonkey and/or Stylish required)PWI vBulletin Forum Data Dumps and Backups0 -
I'm usually a fan of light text on darker backgrounds, but this current colour scheme hurts my eyes. I suggest possibly changing the white text to a light grey, or changing the backround colour to a slightly lighter grey.
There is very little branding which lets the user know for sure where they are, the Arc logo would be well placed in the top-left corner of every page, and perhaps a game logo for each seperate game forum.
Adding some new colour schemes in preferences would be most welcome.
Under my name it says I'm a Champions Online user, I've never played that game. Is this perhaps a placeholder for the old titles from the last forum? I used to have the Guardian title on Neverwinter forums for buying the founder's pack.0 -
championshewolf wrote: »going to have to be brutally honest; these forums are harsh on the eyes. Their format is going to induce eye strain badly, and the fact that it's difficult to tell when where the background ends and the forums begin only makes it worse, especially when trying to differentiate one poster from another.
That's my issue. My vision isn't the best and it's much more difficult to read the new forums. Trying to pin down the reason. Could be related to white text because posts such as mod posts with color text are much easier to read.
I can happily adapt to any format change except struggling to read it. Hopefully tweaking the text color is a customization they just haven't gotten around to yet.
0 -
There's a stylesheet someone made...right now too tired to chase down the link....
ROLL TIDE ROLL0 -
looks like a Middle School Science project by the smart, but lazy kid who sits in the back of the class, draws cars all day, and barely passes the class despite being brillant enough to ace it.
You described my life back when I was in school. Except for the cars part, everything else is right on. How coincidental. You know there's a reason why we barely passed classes, right? We figured out that any way you look at it, as long as you get a C, you pass. So only turning in about half of the homework and getting A's on all of the tests is good enough to pass and get us out of the boredom. Of course in university that attitude has to be shifted away from sadly.
Also, when grown up they turn out to do great things, like fixing this forum. If you use Asterelle's Tampermonkey/Greasemonkey extention or Stylish and directly insert my CSS files, you can alleviate some of the bad design choices for now. You'll find links to that stuff in my signature and a huge thread in "Suggestions" called "testing, bug-hunting, and finding exploits" where we have been discussing the changes and whatnot.
It also has the negative effect of setting a pattern that persists throughout a persons life. Most young people do not have the disipline to change when necessary. Take these forums for example...if we just accepted them for what they are , they wouldn't change, because it's easier for them.
Most educators try to identify these personalities as soon as possible, and work toward pushing them to achieve thier potential as early as possible, those left to thier own devices rarely end up doing nearly as well in life as those who recieved intervention.
this is simply a fact.
0 -
It also has the negative effect of setting a pattern that persists throughout a persons life. Most young people do not have the disipline to change when necessary. Take these forums for example...if we just accepted them for what they are , they wouldn't change, because it's easier for them.
Most educators try to identify these personalities as soon as possible, and work toward pushing them to achieve thier potential as early as possible, those left to thier own devices rarely end up doing nearly as well in life as those who recieved intervention.
this is simply a fact.
I disagree with this. Did you ever consider that they were doing other things so they did the bare minimum in school because they had other interests? I was programming almost entirely through my school life, so I had no incentive to do more than the bare minimum because I already had self-learned a trait and was focusing on learning it. I only went through school so I wouldn't have to listen to my parents go on-and-on about their false understanding of how the current job market now is. Whatever the case, this is all off-topic, which I didn't mean to start. I was honestly not expecting to get a response. Just thought it was incredibly close to how I actually was and found it interesting.lewstelamon01 wrote: »There's a stylesheet someone made...right now too tired to chase down the link....
Me (look at my signature). Right now I'm recommending Asterelle's editor addition which incorporates the themes loading in the correct order by itself (after you set it and refresh or change the page anyways).GAME FORUMS (Direct Link & Arc Frame)Forum Enhancements and Visual Improvements(Greasemonkey/Tampermonkey and/or Stylish required)PWI vBulletin Forum Data Dumps and Backups0 -
lewstelamon01 wrote: »There's a stylesheet someone made...right now too tired to chase down the link....
Me (look at my signature). Right now I'm recommending Asterelle's editor addition which incorporates the themes loading in the correct order by itself (after you set it and refresh or change the page anyways).
There's also my teal/blue background theme css changes: Vanilla Forum + Stylish = Readable0 -
You should add it to my files.json file in my repository so it can be added to Asterelle's editor addition.GAME FORUMS (Direct Link & Arc Frame)Forum Enhancements and Visual Improvements(Greasemonkey/Tampermonkey and/or Stylish required)PWI vBulletin Forum Data Dumps and Backups0
-
You should add it to my files.json file in my repository so it can be added to Asterelle's editor addition.
I'll try and clean it up and strip out the duplicated bits from global fixes and add it this weekend.
0 -
monkeybone13 wrote: »Edit: On the account page my join date shows up as 'June 12' instead of 'September 2012'.My join date says April 28 (and I suppose asking for at least a 'th' at the end of that would be too much) which was is the date I first visited this place, not when I joined neither STO forum or even just arc.
My join date is wrong too: it says "April 30" instead of whenever I joined in 2012. I suspect that anyone who logged in to these forums before the migration has the wrong join date.
And the Tribble and Redshirt forums are still invisible unless you are logged in.
http://perfectworld.vanillaforums.com/categories/test-servers
http://perfectworld.vanillaforums.com/categories/tribble
http://perfectworld.vanillaforums.com/categories/redshirt
Maybe, @pwlaughingtrendy can fix this for us.0 -
monkeybone13 wrote: »Edit: On the account page my join date shows up as 'June 12' instead of 'September 2012'.My join date says April 28 (and I suppose asking for at least a 'th' at the end of that would be too much) which was is the date I first visited this place, not when I joined neither STO forum or even just arc.
My join date is wrong too: it says "April 30" instead of whenever I joined in 2012. I suspect that anyone who logged in to these forums before the migration has the wrong join date.
Yeah I think so, my join date is listed as April 29th, yet I signed up to the initial forums back in 2010. It's just like the last transition to new forums where our join dates all got screwed up.<center>
Join date is wrong, I've actually been around since STO Beta.
True alters don't have a "main". Account wide unlocks for all unique event rewards!!
Check my GitHub for details on STO forum themes: https://github.com/khamseen/PWEVan
Get the Forums Enhancement Extension!</center>0 -
monkeybone13 wrote: »Edit: On the account page my join date shows up as 'June 12' instead of 'September 2012'.My join date says April 28 (and I suppose asking for at least a 'th' at the end of that would be too much) which was is the date I first visited this place, not when I joined neither STO forum or even just arc.
My join date is wrong too: it says "April 30" instead of whenever I joined in 2012. I suspect that anyone who logged in to these forums before the migration has the wrong join date.
And the Tribble and Redshirt forums are still invisible unless you are logged in.
http://perfectworld.vanillaforums.com/categories/test-servers
http://perfectworld.vanillaforums.com/categories/tribble
http://perfectworld.vanillaforums.com/categories/redshirt
Maybe, @pwlaughingtrendy can fix this for us.
@pwlaughingtrendy:
I also can't post in Tribble release note threads, though I can post in Redshirt release note threads. For example, see the threads below.
http://perfectworld.vanillaforums.com/discussion/1192055/tribble-maintenance-and-release-notes-june-26-2015
http://perfectworld.vanillaforums.com/discussion/1191472/red-shirt-maintenance-and-release-notes-june-24-2015
Is this intentional? We used to be able to comment in Tribble release note threads.
0 -
You should add it to my files.json file in my repository so it can be added to Asterelle's editor addition.
Done. (Proposed I think anyway)
0 -
@eldarth I pulled the patch-2 branch and set the base URL to your repository + patch-1 branch. So now when you make updates to your repository on that branch, it will reflect the changes to everyone. No need to have to make a pull request or have me update anything. It's automagical!
*Note that it will appear in Asterelle's extension within the next 4 hours, depending on its last check date.GAME FORUMS (Direct Link & Arc Frame)Forum Enhancements and Visual Improvements(Greasemonkey/Tampermonkey and/or Stylish required)PWI vBulletin Forum Data Dumps and Backups0 -
27 june
Can't log in to the forums with latest Firefox again today (posting this on Linux Box using Chrome) cause : An error occurred during a connection to www.arcgames.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
Yeah SSL3 is disabled in browser because it's broken and insecure and the whole of the internet knows this except apparently Perfect World.
On my Win 7 computer I don't even have permission to post even though I'm logged in.
Then there is the whole problem of being logged in on the forums upper tiers but as you follow links down to the post you want to post in, your not logged in there. Click sign in and your back where you started with another page header added under the still visible original header showing you logged in click your way back to post and you're STILL not logged in over and over and over and over and over again til you have a page full of headers saying you're logged in but you're not logged in at the reply to a post level.
It's quite frustrating.
-v- Originally Posted by coupaholic -v-0 -
I already reported the SSL error. I even quoted your post from before the forum migration about the issue. Still no response from PWE though.27 june
Can't log in to the forums with latest Firefox again today (posting this on Linux Box using Chrome) cause : An error occurred during a connection to www.arcgames.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
Yeah SSL3 is disabled in browser because it's broken and insecure and the whole of the internet knows this except apparently Perfect World.
On my Win 7 computer I don't even have permission to post even though I'm logged in.
Then there is the whole problem of being logged in on the forums upper tiers but as you follow links down to the post you want to post in, your not logged in there. Click sign in and your back where you started with another page header added under the still visible original header showing you logged in click your way back to post and you're STILL not logged in over and over and over and over and over again til you have a page full of headers saying you're logged in but you're not logged in at the reply to a post level.
It's quite frustrating.
http://perfectworld.vanillaforums.com/discussion/1190685/ssl-error-on-arcgames-com-ssl-error-no-cypher-overlap
0 -
Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.Post edited by monkeybone13 on0 -
monkeybone13 wrote: »Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.
There was actually a link to a post by Trendy on the main page of the forums which linked to a new set of forum rules, but it was only there for about 5 minutes and then it vanished again.<center>
Join date is wrong, I've actually been around since STO Beta.
True alters don't have a "main". Account wide unlocks for all unique event rewards!!
Check my GitHub for details on STO forum themes: https://github.com/khamseen/PWEVan
Get the Forums Enhancement Extension!</center>0 -
khamseenair wrote: »monkeybone13 wrote: »Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.
There was actually a link to a post by Trendy on the main page of the forums which linked to a new set of forum rules, but it was only there for about 5 minutes and then it vanished again.
Maybe they're still working out the details. Since I can't seem to find any specific forum rules posted, does that mean there are no rules yet? LoL. (I wouldn't take a chance though since the ToS specifically says they can ban your 'account(s)' for any reason, or no reason, and I'm assuming that includes the forums.)0 -
monkeybone13 wrote: »khamseenair wrote: »monkeybone13 wrote: »Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.
There was actually a link to a post by Trendy on the main page of the forums which linked to a new set of forum rules, but it was only there for about 5 minutes and then it vanished again.
Maybe they're still working out the details. Since I can't seem to find any specific forum rules posted, does that mean there are no rules yet? LoL. (I wouldn't take a chance though since the ToS specifically says they can ban your 'account(s)' for any reason, or no reason, and I'm assuming that includes the forums.)
Yeah I wouldn't run the risk haha. It was weird really, I'd been playing around with CSS edits and I happened to refresh the page and notice it was there directly under the news message about the transition to Vanilla. I clicked into it and read a little bit (more like skimmed really) and then when I backed out of it, the link was gone again.<center>
Join date is wrong, I've actually been around since STO Beta.
True alters don't have a "main". Account wide unlocks for all unique event rewards!!
Check my GitHub for details on STO forum themes: https://github.com/khamseen/PWEVan
Get the Forums Enhancement Extension!</center>0 -
monkeybone13 wrote: »Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.
There's a link to it in my sig. I'll post it here: http://perfectworld.vanillaforums.com/discussion/1191393/perfect-world-entertainment-community-rules-and-policies
ROLL TIDE ROLL0 -
lewstelamon01 wrote: »monkeybone13 wrote: »Where the forum rules at? I can't seem to find a link anywhere on the forums homepage or STO forums. Would be nice to know the rules, especially if anything has been changed.
Edit: I guess it's the 'Terms of Service' at the very bottom. Upon inspection of the ToS it seems to relate to the games. I'm not seeing anything specifically related to using the forums.
There's a link to it in my sig. I'll post it here: http://perfectworld.vanillaforums.com/discussion/1191393/perfect-world-entertainment-community-rules-and-policies
Thank you. I hope they can have a link to it at the top of every subforum section for the STO forums. I have no idea how to even find it.0