Blog

From PinWiki
Jump to navigation Jump to search

2/19/2020

Uploads are back online! This actually went active back on the 13th, however I wanted to hold off on the "announcement" side of things to see if anything nefarious came from it, but so far things are running smoothly. At this point, beyond continuous monitoring and keeping up on updates (both security and feature), PinWiki is considered 100% operational.

At this point, I kind of want to give an "editorial" type deal on this, and it may be more for myself than the community, but I feel like it needs to be typed out. So, if it turns into a bit of rambling, and less directly informational, please bear with me :)


I've said it at minimum, briefly below. There are many reasons we got to the point we did, there is no single item that caused my dis-focus on the issues we were having. PinWiki launched back in April 2011. As I type that, it feels like it was only a year or two ago, but if I actually run the math we are coming up on 9 years. And looking at where I was personally at 9 years ago is crazy. I was 16. Still in high school. The actual date the wiki was created (April 21) happened to be a day off of school. I have grown up in the web industry from an early age, my parents running web hosting and design businesses for as long as I can remember. Seemed like a natural fit for me to bring this online and get things going! What I can say, is that even since 2011, the web industry has made GREAT, massive changes. HTTPS was reserved for web purchasing, PHP was coming out with 5.4, and the core software that runs PinWiki (MediaWiki) was on version 1.15. Today, if you aren't HTTPS even as a regular website, Google drops your ranking and some browsers are beginning to throw up warning messages about non-secure websites, PHP 7.2 is the new industry standard (7.3 is not far behind), and MediaWiki is on 1.33 (at least the version we are running). As a side note, yes we are not on the NEWEST version of MediaWiki, however it is the most stable version we have found in testing, and it is still getting regular security updates. The pinball industry looked quite different at the time too. Stern was the only manufacturer you could buy a game from (Jersey Jack Pinball had been announced a few months prior, but took several years to get to a point where they were shipping games), our community was MUCH smaller, and RGP was still the common place for us pinheads to discuss everything.


The point being here with how much has changed since 2011, is that simply put, I had NO idea what PinWiki would grow to be. On its founding day, I honestly did not expect to see much growth for a very long time (if ever), figured I would be contributing most of the content, and just kinda hoping that we would get some people who enjoyed reading what would be here. Instead we hit the ground running. The community really pulled together, and today we have a ton of information available. Is it all perfect, and fully documented? No. But that is the beauty of the wiki. We don't simply have to stop writing the guides to "publish" the information, it's always a work in progress. From the front side of things (content) we have had some very great, significant contributors. I can't even begin to thank everyone, but know that even if you have simply contributed a grammar edit to the website or written entire pages of information, it is greatly valued and appreciated. Without these people we never would have gotten to being such a great place.


It hasn't been a 100% smooth ride in our growth. We have been to 3 different web hosts over the years, and we have begun to see us hit some upper ceiling limits with how the setup we are currently on. We had a spam user issue in the early years (quickly fixed with account approvals). We launched and folded up a forum in our first few months. There was a newsletter we used to run, but were not consistent on releasing content, and more. At the end of the day, PinWiki is (mostly) self funded. I'm not here to ask for money, when PinWiki began, I never expected to turn it into a business. This is a labor of love for pinball. We originally placed the donation information because we were getting asked "Can I send money in, and if so where?" and more so as an homage to the days where someone would put up a website and if you wanted to send "beer money" you could. Donations do not often roll in (when they do however, it is appreciated!), and we stated when we began that the information in PinWiki would never cost, and I took that as to never put ads on the Wiki part of the website (if we ever got sponsorships, they would only be seen on a specific page, or at the time if our forums had taken off we had considered running minimal ads on the forums). This still holds true today. The wiki will always be free, always be available (minus downtime for maintenance), and we even have plans in place in case I die tomorrow, on how the site can continue without me. The last thing I want to do is introduce annoying ads in the middle of good repair content.


The "upper ceiling" we are beginning to reach with PinWiki comes with the nature of MediaWiki in general. With now (almost) 9 years of data built up, thousands of edits, gigabytes of images, etc. there is only so much optimizing we can do to continue at our current hosting level. We have begun to explore expanding our server side to handle this, but it will come with a leap in operating costs. I am still planning to self fund it, and as I said, this is not a "please donate money" type deal. When this transition will happen is not currently known, and we are formulating this plan now because we still have not hit the ceiling, it is just coming. We are being proactive on this. Over the years a few people have offered to host the website for us, however at this point in time we are appreciative, but not interested in doing this for a number of factors.

I've seen some discussion on the actual numbers of visitors, bandwidth, etc that PinWiki draws. While we have zero obligation to share these numbers, and I'm not getting into specifics of these numbers, I would like to clarify that no one has actually come close to getting them right. Everyone has been way below what they really are. Some of our pages are more popular than others, and as a 3rd party there is no true way to get the full picture. With that said, I think based on our numbers we really do live up to our vision and goals.


Lastly, I think there are 2 people above all else that do deserve some recognition. Chris Hibler and Jim Palson. When we were created, there was no one else other than me involved in the initial launch of the site. Quickly realizing how quickly the site was growing and that help getting initial information in and making decisions needed some outside help. At the time we grew into more or less an unofficial committee of about 10 of us. Over the years most all of these guys have drifted away for various reasons (new hobbies, health issues, etc.), but Chris and Jim have stuck around. Simply put we would not still exist without these 2 guys. I feel forever indebted to these gentlemen for the help and support they have given. If you see these guys in person, shake their hand. Chris has been our unofficial ambassador for years, as I simply don't get the time in the community that I used to get. Jim has contributed a ton of info that otherwise would have never made it here and helped facilitate our agreement with Gottlieb that has even allowed us to put up the information we have.


I am going to keep the blog post stuff at the top of the website for now, but am looking for where we will move this to later. Our next major communication is planned to be discussion of the coming plans for PinWiki. The wiki is going to continue to exist exactly as it is. Free, open, accessible, but we have discussed the potential for a video channel, maybe bringing back a newsletter, developing our history section a lot more, and so on.

Over and out!

Casey


2/12/2020

This will be a short one, as I am preparing a more thorough "Going Forward: the next 10 years of the wiki" type post.

All uploads have been vetted and brought back online, this includes all archived uploads (the beauty of MediaWiki is that both uploads and page edits keep a history, so any time an upload has been changed (original was blurry, too small size, etc) the original gets archived in case of accidental removal, something malicious, etc.

With that said, uploads are still temporarily disabled, and are still going to be until some time later this week so that we can verify a few more security settings and configuration items. This will still adhere to the 2/16 timeline originally placed on it.

With the rebuild of the website, caching of pages has been temporarily disabled to flush some things through the system. What this means for you is that page loading speed may be impacted, however within the next day or two it will pick back up.


Casey


2/8/2020:

All,

PinWiki has had some issues for several months now, and they are currently getting fixed. I do appreciate everyone's patience on this matter. With that said I wanted to give an update on everything, in mostly an FAQ format.

1) Why has this taken so long to get taken care of???

I wish there was a simple answer to this. It's a multifaceted, complex answer on that. PinWiki is not my full time job. 9 years ago when PinWiki launched, I had never expected the growth we have had over the years. We have had many upgrades over the years both on server side as well as the actual mediawiki software to keep things running smoothly. Part of these upgrades occur for security sake to help keep the wiki running without malware tied to it. With that said, I have run into some temporary personal affairs that had pulled me away from taking care of the issues at hand in a timely fashion. Things have slowed down for me finally and are expected to keep that way. This is going to allow me to be more actively involved again on keeping things going.

2) So what is going to change? We have lost faith in things!?!?!

Well, first and foremost, I am making myself more available with more scheduled time set aside specifically to reviewing, growing, and maintaining both front and back end sides of PinWiki. Chris Hibler has been basically an ambassador for the wiki since day 1. Previously he had only had minimal ways to contact me. Going forward, he now has both my cell and work phone number to be able to reach out to me in the event of any issues, questions, comments, etc. On top of this I have added a contact page on the home page of PinWiki so that I can be more easily reached. Secondly, I have put together a small team of people I trust and are local, who are in the field (various computing fields), to be able to step in and take care of things in the event I am not available on an immediate basis. While this team is not pinball focused (and will not be working on adding content), they are a technical team of people I see on an almost daily basis, and along with my experience, they bring a new level to our team. Reviews of performance, security, potential new features, etc. will all now be monitored so we can continue to keep PinWiki around for the community for years to come.

3) How did we end up in this situation?

An older version of MediaWiki that we used to run had an exploit in it that was used to hijack the website. When we upgraded MediaWiki to a newer version that fixed this exploit, we had missed a corrupt file in the uploads (this was not uploaded maliciously, the exploit used the uploads folder to hide itself). This file was still being used to continue to replicate and re-infected the website. We have now stripped and rebuilt the website from the ground up so that this is not an issue again.

4) Where are we at right now? Why are no images loading? Why can't I upload new images?

The wiki is back online, sans media. Both myself and someone who is directly in web security have been involved in this recovery effort. As stated above, with some prep work, we stripped the site down and have done a full rebuild with new file copies. This was done to prevent the unintentional re-upload of the exploit. The one piece of this we can't just upload as new is our media content (images, videos, etc.). Instead, we will need to review each and every file one by one and step by step bring media content back. With 9 years of uploads and revisions of files, this equates to a LOT of work and very time consuming. We will be working on restoring this content as quickly as possible. We are expecting that by the end of next weekend (2/16/20) to have all content restored. Until then, we will be restoring files gradually, and you may see some (or all depending on the page) media missing, and uploads will not be currently available. Once all files have been reviewed we will be bringing uploads back so that you may add your content as needed.


I appreciate everyone's patience with this. I know it has been incredibly frustrating to get redirected to spam websites and not be able to access your pinball info that you expected. We are well on our way to getting past this mess and moving forward with continuing to be THE place for everything pinball. Once we get through the final file review and close up this issue, we are going to next provide our "next 10 year" plan. Thank you for everyone who has ever contributed to the website. We would be nothing without the community. I also want to thank those who have offered to help get things fixed, I was able to get someone in person that is a security expert to assist and review things. I have my strengths and weaknesses in web technology, and was able to fill in the gaps. They are also going to be part of the "team" that is continuing to monitor and assist in improvements.


With everything said, look for another update sometime next week(end) on where things are at.

- Casey (Pinball Wizard) Founder

Retrieved from "https://www.pinwiki.com/wiki/index.php?title=Blog&oldid=19602"