Oolite Bulletins

timer wrote: ↑Wed Oct 11, 2023 7:45 am

hiran wrote: ↑Wed Oct 11, 2023 7:32 am

However I do not believe it will become easier with the admin panel. It seems to me PHKB updates expansions by overwriting the online files.
In that case there is not even the need to go to an admin panel to enter the new version number.

I agree, but only if rescanning happens quite often and it is fast.

I want to clarify about the admin panel - I believe that its main purpose is to allow everyone to add their own extensions.
1) register on the site
2) add your URL
3) manage your URLs

IMHO this is difficult to do only through GitHub - we cannot give everyone write rights.

hiran wrote: ↑Wed Oct 11, 2023 8:06 am

How about we watch for some time and see how much traffic we get? If it is too much we can still decide for the admin panel.

hiran wrote: ↑Wed Oct 11, 2023 7:11 am

But as the scanner is not just triggered on repo changes but also regularly, sooner or later the scanner will access the expansion. Metadata is extracted and put into the catalog, and the Last-Modified header is taken as the upload_date.

phkb wrote: ↑Wed Oct 11, 2023 8:35 am

I just tried using the download manager in Oolite, which was able to download a catalog (although it did say, briefly, that the file size was something ridiculous - a detail that didn't prevent the catalog downloading). Everything looks ok-ish (there obviously a lot of missing info URL's), but the "Asteroid Tweaks" OXP is flagged on my system as "Installed but no longer available for download". It's the only one flagged this way. OoliteStarter, however, says it's Online and Installable. I checked the download URL in the and the file is at the designated location. So not sure what is going on here. Unless we are not confident that the Oolite Expansion Manager is working at the moment.

phkb wrote: ↑Wed Oct 11, 2023 8:35 am

I'm also still confused by the upload_date. You said:

hiran wrote: ↑Wed Oct 11, 2023 7:11 am

But as the scanner is not just triggered on repo changes but also regularly, sooner or later the scanner will access the expansion. Metadata is extracted and put into the catalog, and the Last-Modified header is taken as the upload_date.

With the Manual Witchspace Alignment OXP, it is still showing as 1/1/1970 (ie no upload date), although it was picked up as a changed file in index.html. Or is another process at work that will update the upload date?

$ curl -v -X HEAD http://wiki.alioth.net/img_auth.php/8/8b/ManualWitchspaceAlignment.oxz
Warning: Setting custom HTTP method to HEAD with -X/--request may not work the 
Warning: way you want. Consider using -I/--head instead.
*   Trying 109.70.41.29:80...
* Connected to wiki.alioth.net (109.70.41.29) port 80 (#0)
> HEAD /img_auth.php/8/8b/ManualWitchspaceAlignment.oxz HTTP/1.1
> Host: wiki.alioth.net
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.22.1
< Date: Wed, 11 Oct 2023 08:46:01 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
< Location: https://wiki.alioth.net/img_auth.php/8/8b/ManualWitchspaceAlignment.oxz
< 

$ curl -v -X HEAD https://wiki.alioth.net/img_auth.php/8/8b/ManualWitchspaceAlignment.oxz
Warning: Setting custom HTTP method to HEAD with -X/--request may not work the 
Warning: way you want. Consider using -I/--head instead.
*   Trying 109.70.41.29:443...
* Connected to wiki.alioth.net (109.70.41.29) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=wiki.alioth.net
*  start date: Aug 21 07:09:41 2023 GMT
*  expire date: Nov 19 07:09:40 2023 GMT
*  subjectAltName: host "wiki.alioth.net" matched cert's "wiki.alioth.net"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> HEAD /img_auth.php/8/8b/ManualWitchspaceAlignment.oxz HTTP/1.1
> Host: wiki.alioth.net
> User-Agent: curl/7.81.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.22.1
< Date: Wed, 11 Oct 2023 08:47:59 GMT
< Content-Type: application/zip
< Content-Length: 336249
< Connection: keep-alive
< X-Content-Type-Options: nosniff
< Last-Modified: Wed, 11 Oct 2023 05:14:33 GMT
< 

hiran wrote: ↑Wed Oct 11, 2023 8:51 am

Asteroid Tweaks as OXP or Asteroid Tweaks as OXZ

hiran wrote: ↑Wed Oct 11, 2023 8:51 am

And there you go: The expansion was uploaded at Wed, 11 Oct 2023 05:14:33 GMT

hiran wrote: ↑Wed Oct 11, 2023 7:17 am

... please look at my edit in previous post.

timer wrote: ↑Wed Oct 11, 2023 8:11 am

we are in no hurry ))

phkb wrote: ↑Wed Oct 11, 2023 9:14 am

hiran wrote: ↑Wed Oct 11, 2023 8:51 am

Asteroid Tweaks as OXP or Asteroid Tweaks as OXZ

A slip on my part. However, OXZ could have been assumed, as I was in the Expansion Manager screen, which by default means OXZ.

Anyway, if I remove the OXZ, it will show as available to download. When I put it back, it switches back to "blue" and has the message "Installed but no longer available for download". What happens for you when you install this one? Via the in-game Expansion Manager, I mean.

phkb wrote: ↑Wed Oct 11, 2023 9:14 am

hiran wrote: ↑Wed Oct 11, 2023 8:51 am

And there you go: The expansion was uploaded at Wed, 11 Oct 2023 05:14:33 GMT

So, the problem is really that the wiki, at some point in recent past, moved to https, and all the expansions that were created beforehand have the http reference, which means they are all being redirected.

phkb wrote: ↑Wed Oct 11, 2023 9:14 am

It might be worth doing a global search/replace for "http://wiki.alioth" and replace it with "https://wiki.alioth". Unless, for those OXZ's with the actual download_url in the manifest, that would create other problems. What do you think?

hiran wrote: ↑Wed Oct 11, 2023 10:52 am

What if some URL is not just forwarded to the https version of itself but to something entirely different? In that case, by just introducing the 's' we'd create an invalid URL. OoliteAddonScanner does not bother - it will simply process the remainder of the list and emit a result successfully. But that one expansion would no longer be listed. And that would be hard to spot.

Potentially loosing one because of such a quick action makes me update them one by one manually.

phkb wrote: ↑Wed Oct 11, 2023 1:10 pm

hiran wrote: ↑Wed Oct 11, 2023 10:52 am

What if some URL is not just forwarded to the https version of itself but to something entirely different? In that case, by just introducing the 's' we'd create an invalid URL. OoliteAddonScanner does not bother - it will simply process the remainder of the list and emit a result successfully. But that one expansion would no longer be listed. And that would be hard to spot.

Potentially loosing one because of such a quick action makes me update them one by one manually.

I just coded a quick automated test: I got all the "http://wiki.alioth" URL's, changed them to "https" and tried downloading each of them. There are 654 URLs with this format, and I got 654 downloaded files. I think we can do a global search/replace whenever you're ready!

phkb wrote: ↑Wed Oct 11, 2023 7:06 am

hiran wrote: ↑Wed Oct 11, 2023 6:56 am

Here you can see whereever we updated the URL the upload_date would become valid.

So, I would have to change the download URL each time in order to get the system to change the upload date? For reference, for my OXP's I keep the same URL no matter what version is being released. I find that keeps it simple from a management point of view.

timer wrote: ↑Tue Oct 10, 2023 12:51 pm

hiran wrote: ↑Tue Oct 10, 2023 12:05 pm

timer wrote: ↑Tue Oct 10, 2023 7:25 am

please, figure out where to post this on the site?
In which section (create a new one)?
On what page?
What should I name the link?

We could stick with the name 'Index of Artifacts'. Where you think it fits is not even important: we can still rename or move it around.

I was more asking for a directory to push the files in. Maybe I will just create something.

IMHO here:
https://github.com/OoliteProject/oolite ... /root/html

in the end, you can do everything yourself - if I don’t like something, we’ll discuss it and change it

another_commander wrote: ↑Fri Oct 13, 2023 8:31 am

Guys, we have a report that the new website triggers certain antivirus countermeasures. No additional details though.

https://spacesimcentral.com/community/postid/63533/

another_commander wrote: ↑Fri Oct 13, 2023 8:31 am

Guys, we have a report that the new website triggers certain antivirus countermeasures. No additional details though.

https://spacesimcentral.com/community/postid/63533/

timer wrote: ↑Fri Oct 13, 2023 5:57 pm

our site is a pure mixture of html + css + js (at this moment) and all the site files are publicly available on GitHub. And CloudFlare and GitHub acts as a web-servers... there is nothing dangerous there )