Meiko

Yay, mine looks much better now!

What is that beautiful system monitor on your desktop? My desktop is rather empty.

Server is up at the following IP right now: 173.72.158.156:27015 I'll be on soon.

Title mostly self-explanatory. I'm considering hosting a BZPower TF2 server. Anyone interested? It'd be on the east coast (Washington DC area), so for those a significant distance from there, be mindful that you wouldn't have the best ping. Some things I need to know: First of all, who is interested? Should I leave it running 24/7? I have no problem with doing so, just want to know though. Should it be password protected? Should there be occasional scheduled "events" that would be planned ahead of time? What kind of map cycle should there be? What maps do you like? Any SourceMod plugins that should be used? Also, if you aren't already, be sure to add me on Steam.

The script(s) I offered on the first page of this thread would back up all content on the site just as quickly. You wouldn't have to pick hot topics over others, as they'd all be contained in the same backup.

Alright, I already have everything it takes, all I have to do is run a simple terminal script and it'll be up. Hit me up in PM if you have any suggestions of map cycles or SourceMod plugins to use.

No, we got your point. It was "look at how much more awesome I am than the bzp admins because I back up my small forums few gave heard of up every day, and I'm sooooo angry they aren't as awesome as me! Please visit my forums."Also one of the admins working behind the scenes has been working in web design and Internet protocols longer than many here have been alive. Like has been said, you can have all the security in the world- it just takes one hole. Not to detract from your point, DeeVee, but I just want to say that retaliating against other people's comments if you deem them condescending might not be the best way to go about things, as it comes off just as rude as the comment you're replying to.

In the bottom left of each topic there's little icons, such as one to share a topic on Twitter. One looks like a little hard drive with a green arrow - this allows you to download a topic and its replies in their entirety to store locally on your own computer. I just tried that myself, but it didn't appear to do anything for me. It refreshed the page with a bunch of different URL parameters stacked onto it, but no download window appeared or anything. Same. ctrl+S will probably work though. That's only going to save one page, though, so you'd have to save them all seperately.-Gata Having the same issue with the print link now that I tried it as well. If someone can, put in a tracker ticket please. I can't because I'm on mobile at the moment. Thanks!

I don't blog enough I've been really inactive on BZPower lately My birthday is this month 20 days until Doctor Who 50th anniversary I got a job at Brickset as a news editor and database administrator today I left my position as administrator at Brickipedia for a while for various reasons I need a new phone (Nexus 5 pweaaaseee) I found this really catchy song by We Came As Romans I still don't understand why boys like My Little Pony Halloween was boring this year by the way Is it Christmas yet? If anyone wants me to, I'd be gladly willing and able to host a Team Fortress 2 server for BZPower Or a Minecraft server Or really any online game Leave your comments below please Thanks

Not to take the fun out of it all, like I did on Eurobricks, for the benefit of those who can't manage to unlock all of the rewards, here's links to them:Wallpapers: (one of the wallpaper links is identical to another when it isn't supposed to be. Once that error on the site is corrected, I'll add the link below)- http://cache.lego.co...2DC15556138.jpg- http://cache.lego.co...CF2C6B9F9CD.jpg- http://cache.lego.co...8D37577CE5C.jpgConcept Art:- http://cache.lego.co...53AB3ED0957.pdf- http://cache.lego.co...840E5FB3FBA.pdf- http://cache.lego.co...243745D23AB.pdf- http://cache.lego.co...4EDEF1FCEDC.pdf- http://cache.lego.co...0DAECD83788.pdfVideos:- http://cache.lego.co...F18BD14B2D8.mp4- http://cache.lego.co...8B90382D1AE.mp4

In the bottom left of each topic there's little icons, such as one to share a topic on Twitter. One looks like a little hard drive with a green arrow - this allows you to download a topic and its replies in their entirety to store locally on your own computer. I just tried that myself, but it didn't appear to do anything for me. It refreshed the page with a bunch of different URL parameters stacked onto it, but no download window appeared or anything.

My first set was 6525 Blaze Commander (not counting DUPLO sets I owned previously). I got it on no special occasion, just out of interest.

Hm... I think this topic should probably be locked sometime soon. The staff have said what they need to say, feedback has been given from the community, and everything else just seems to be complaints now. If people have actual feedback, they could PM the staff, where their message would be more direct and understandable than among all the complaints in this thread. The opinions could be saved for profile statuses or blogs. That's just my opinion.

Sweet, that's like 5 minutes from me. (I've known about this for months)

I do have to agree with this. Being a BZPower staff member means you assume responsibility for things like taking backups, and if those currently on the BZPower staff team can't fulfill that responsibility due to their other jobs, family or other implications, there needs to be someone added to the staff team who can be responsible for backups and keeping things up to date. By this I'm not saying the current BZPower staff are completely irresponsible, but that if they have such a busy schedule and have personal things getting between them and BZPower, there needs to be additions to the staff team to help lessen the workload of the current staff.

LEGO has announced that it will be releasing minifigure-scale Minecraft sets. Find more information in the video below: http://www.youtube.com/watch?v=bgNJ6tPi1tk You can give your advice on the products, such as answering questions like which Creeper do you like most?

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future. why not both? Sure both can happen, but one needs to happen first, and security is more of a priority.

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.And for those who feel I'm being blunt, I am in good faith. While I know it isn't entirely the admin team's fault, I'm frustrated that this has slipped by once again. In good faith, I've given suggestions to the staff to hopefully increase security and make data backups easier. While some of you know I'm not much of an active poster anymore, I get frustrated seeing the loss of other people's posts, since they're useful content, and in some cases, have been cited on other references such as Brickipedia. Losing this content, while I myself have not lost much, does affect me and my work, so for any who do, please don't take my comments as hostile or rude, because I do know how you have too been affected by this latest incident.

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

I understand the basics behind how security works: namely, that it's always easier for someone to penetrate the system than it is for you to keep the system secure. To put it in terms of statistics, a black hat hacker / attacker only needs to be lucky once, but the site staff need to be lucky every time. It is always easier to break things than to keep them safe.So I understand that, of course, and I understand that you guys are hardly professional sysadmins doing this for a living, so I can sympathize with your position... but, with all due respect, none of that excuses things like:-Not keeping software up to date that runs the site-Having an automated system to make regular offline backupsFrom other comments in this thread, it sounds like you're not doing the former; from your own post, you don't have the latter.With an automated backup system, you would be able to spend those twenty hours a week doing other things (like keeping the site up to date?), because backups would be taken care of. Meiko already talked about this a bit, but let me add the following statement: you don't need to store years worth of backups if you don't have enough space, you just need to keep your backups isolated from the machine that the webserver is running on, so if the server gets penetrated the attacker does not have access to the backups. Automated, regular backups are more important than years worth of backups made irregularly over month-long intervals (assuming you can protect the automated ones).I'm sure you know this- after all, we recently suffered from the deletion of the old database precisely because there were no offsite backups. But I feel the need to say it anyway...Disclaimer: I'm a hobbyist programmer and university student. I rarely have time to work on any of my projects, so I completely understand the staff's position. I don't mean to lecture you guys on security, or try to take the moral high ground, or anything like that- other people have already done that in this thread. And I completely understand the impossible position that is maintaining the site against attack- people are going to be angry when something goes wrong, but it's unrealistic to expect that you can stop everything from going wrong.But I confess to being a little frustrated, perhaps even more so because I'm aware of some of the underlying technical issues- I don't expect perfect security but it honestly sounds like there are some fundamental things going wrong (if I believe all the comments in this thread, at least).Apologies if I've crossed a line. I'm grateful that the staff does keep BZP running- for fun, as you said- because I do still enjoy the site (after, what is it now, eight years?) but without new Bionicle content I now primarily see the site as a place to produce, showcase, and collaborate on content (RPGs, stories, etc- I'm not personally involved in art or other media or MOCs or anything like that, but all of that too), and whenever a significant amount of data is lost it means that content we worked on or showcased is (partly) lost, which is painful. Hence my frustration. For the keeping things up to date, that's certainly a problem. Even the most minimal check of things using curl through terminal shows that BZPower has out of date software running its server. Because you guys don't think the administration spends hours upon hours trying to patch things? I mean, seriously? If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders? Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response. I didn't say I didn't think that. I do the same thing as my hobby, in my spare time. On our team, when there's a security breach, we by no means take it for granted. We do what you do, we spend time patching it, but by no means do we let the same thing slip by 3 times in a year. I know it isn't as easy to do as it is to say, but there are precautions that could be done that haven't. Whether or not those precautions could prevent such an attack by hackers or not, it's a precaution to take either way. Keeping server software up to date is a key step to take in keeping the site secure. There's not a guarantee that anything will stop an attacker, but it's certainly a step that should have been taken by now in attempt to stop attackers.

Can I please be assured that measures have been taken to prevent this kind of thing in the future? And you should also take offline backups more often. If it'd help, I could write a Python or shell-based script to back up server directories and databases that you could just run semi-frequently so you have backups available. It's rather quick to make one. Also if I were you, I'd set chmod 733 /home/bzpower/public_html/newinc or something, or at least put an index.html file in http://www.bzpower.com/newinc/ since that directory has some things in it that probably shouldn't be publicly visible. Here's a backup script if you want: #!/bin/sh #dirs to back up, change as necessarybackup_files="/home /etc /root /boot /opt /var" #backup destinationdest="/mnt/backup"day=$(date +%A)hostname=$(hostname -s)archive_file="$hostname-$day.tgz"echo "Backing up $backup_files to $dest/$archive_file"dateecho#make tar backupstar czf $dest/$archive_file $backup_filesechoecho "Backup finished"date# listing of files in $dest to check file sizesls -lh $destAnd here's a database backup script if you want to use/modify it: https://github.com/Brickimedia/generalscripts/blob/master/content-backup.sh

I really need to go back to watching episodes with 9. The past year has been almost entirely watching episodes with 11, and occasionally ones with 10.

Now that I think about it more, the most I'd be okay with Bionicle coming back is in maybe 10 or so years have a collector's rerelease like they did with the classic minifigures packs. I'd be okay with that, but I certainly don't want an entire reintroduction of the theme.

I like how he's silly, it's humorous, and he does a good job being equally serious during moments where that's appropriate.