OpenNeo

Dress to Impress - Neopets wearables made easy

May 14

XSS vulnerability closed

Just a quick notice that Dress to Impress had an XSS vulnerability in the Infinite Closet section, which has since been resolved. We have no evidence of anyone abusing this vulnerability, nor would they would have been able to access sensitive account data, regardless.

If you’re interested, here’s the source code change that fixed the security issue. Short and sweet one-liner, escaping query output. Funny, because this is usually the first place I check when someone asks me to check their site for security issues xD I think I forgot that the Markdown interpolation doesn’t do escaping by default, like interpolation in most other spots in Rails 3.

TL;DR: Minor security hole fixed. It doesn’t look like anyone used it, nor would it have done them much good.

Thanks for using Dress to Impress!
Matchu 

Posted at 7:02 AM

May 2

FEATURE: Infinite Closet supports Baby, Maraquan, etc.

First off, sorry for the downtime. This quick feature is to make up for it :)

The Infinite Closet is our lovely wearables database, and it has a neat little feature for previewing items by species. However, that feature was flawed: some items only fit Baby, Maraquan, Mutant, 8-bit, etc., pets, some because they were just plain special (Baby Pajamas, Maraquan Dress, Elegant Mutant Cape) and some because they were paint brush items. The Infinite Closet would just try to stick these color-specific items on standard pets, and they wouldn’t fit, so it would claim that we’d never seen that combination before. It wasn’t very pretty.

So, fixed :) Now, all color-specific items show the right kind of pets at the bottom, so that the feature actually, ya know, works for those items. It’s the small stuff, right?

Thanks again for sticking with Dress to Impress. Y’all rock :D
Matchu 

Posted at 3:30 PM

Error Postmortem: Database write issues

Exciting things happened over the weekend. Namely, the beta server ran out of disk space. Oops. This caused any request that wrote to the database at all to just plain cut off.

Fortunately, the biggest offender wasn’t all those SWFs we downloaded (that’s at about 1.6GB right now) or even the MySQL database (nowhere near that). It was our server logs, that have been tracking each HTTP request we received since the server went live. It had hit about 5.5GB. Which is way too big.

So, we did something we should have done a while back: we now only keep access logs from the past 7 days. Protip: if you end up administering a web server, use logrotate from the beginning.

Anyway. Glad that was an easy fix. Last night we started pushing people to oldimpress by default, and are now pushing users back to newimpress. Yay!

Thanks for stickin’ with us through technical troubles. Y’all continue to be the best :)
—Matchu

Posted at 6:03 AM

May 1

ERROR: Database write issues

The server is having trouble writing to the database. Since I just got home from being out of town for, heh, days, I can’t investigate right now, but I bet we’re out of disk space. Looks like we’ll have to reevaluate our current strategy of downloading all the SWFs in order to handle cross-domain policy issues. We’ll be working on a fix very, very soon. Thanks!

Posted at 6:40 PM

Apr 22

Outfit saving all fixed :)

There was an issue with saving outfits in non-Chrome browsers. It has since been resolved.

It was kinda silly, really. I left in a line of code for debugging that tried to log a message to Chrome’s debug console every time an outfit saved. In browsers that didn’t support the console, the code would throw an error and never save the outfit.

This took me longer to resolve than most bugs, mostly because I was out of town last week, and spent much of this week recovering, catching up on work, etc. Thanks for keeping me up to date on the site’s issues even when I’m not around, and for understanding that DTI is a labor of love, and, therefore, working on it is subject to openings in my schedule. I’m happy to say that things seem to be looking up on that front, though :)

Thanks for using Dress to Impress! Show off them outfits!
Matchu 

Posted at 6:46 AM

Apr 2

Happy April Fool's!

Hope you enjoyed my superb acting skills. *takes a bow as Lilia, Avast, Suzie, Jerry, etc.*

I know absolutely nothing about how restocking actually works; I just threw together an algorithm, said it was the official one, and watched the show :) Here’s hoping you didn’t waste too many hours on getting those hundreds of Draik Eggs that “restocked” yesterday!

Anyway. Shop Warlock lives on for your personal amusement and showing your friends how hilarious it was. Feel free to pass that link around for as long as you like.

Now, back to fancy business with Dress to Impress. Since the beta app seems to have been serving us well over the past few days, it looks like full migration day is fast approaching. The old and new servers are on slightly different databases: everything before November is the same, and everything after is totally separate. (Some users noted that their points went down significantly after we started automatically pushing users to the new server. Their points earned on the old server still exist; the new server just doesn’t know about them.)

Merging the two databases looks like it’ll be a fun challenge. The ideal result would be a true merge: contributions on the old server and contributions on the new server would be all grouped together, then we would recalculate everyone’s worth-their-weight-in-some-kind-of-pride-I-guess points to take into account contributions on both servers. If that proves not to be feasible, scores from the old server will take precedence.

Oh, hey, a quick aside: I know that many of the illnesses and cures from Neopets’s April Fool’s gag are glitched, only showing their appearance on one particular pet species. Since absolutely none of those items have anything to do with real outfits anyone might ever make in the future, I’m okay with that. Just thought y’all should know :)

Anyway. Hope you enjoyed the Warlock, and I’m looking forward to working on legit stuff for y’all in Dress to Impress ;) Thanks!
Matchu

P.S. Mika C says hi from his lovely igloo home, and Lucie sends you all her formal invitation to continue to visit her shop regularly. 

Posted at 12:03 AM

Mar 31

[NEW PROJECT] Shop Warlock

OpenNeo now reveals its latest major project: Shop Warlock, an app that, by fancy mathematics—whoops, magic—can tell you when an item will restock before it even happens! Tired of wasting time restocking? Now you only need to press F5 like crazy juuuust before the Draik Egg is scheduled to wander in—though, as always, you’ll still need to be pretty darn fast to snatch it up, or, if you’re up against the best, even notice it at all ;)

Curious? Give it a try! Shop Warlock is ready to stand alongside Dress to Impress as OpenNeo’s latest open-source Neopets app, meaning that it will be actively updated and maintained for a loooong time. And will also be just as awesome.

Here’s hoping that you find Warlock helpful :) Tell your friends! Spread the word! This is going to be one of the coolest things y’all have ever seen.

Happy Friday, and thanks for using Dress to Impress…and Shop Warlock!
Matchu 

Posted at 9:03 PM 1 note

Mar 29

[All clear?] SunnyNeo was hacked

This is a safety announcement regarding a website that is totally unaffiliated with Dress to Impress. We just thought you should know.

Update: Sunnyneo seems to be back up, but the Twitter account is permanently lost to the hacker. Unfollow. Also, the question mark after “all clear” is due to the fact that, after SN’s first announcement that the problems were solved, the site was re-hacked, and though currently not redirecting to the malicious site, doesn’t seem totally stable at time of writing, indicating that the hacker may still have access. Even though nothing really seems dangerous yet, it would be wise to wait a little bit before returning.

SunnyNeo, one of the big wigs in the Neopets fan site business, has been successfully hacked. Their website now redirects to a Neopoint-selling website, and their Twitter account has been similarly hacked, too, tweeting links to the malicious site.

Though there is no clear evidence of a cookie grabber on the site in question, it would be wise not to visit and to change passwords and the like if you have. Safety first.

Here’s hoping that SunnyNeo can get back on their feet and protected as soon as possible :) Good luck, team! And please, SN, let me know if there’s anything I can do to help.

Thanks for Dressing to Impress and staying safe.
Matchu 

Posted at 3:14 PM

Mar 28

Quick feature: “Share outfit” for logged-in folk, too

Got a quick e-mail today asking about if logged-in users could have that quick-and-nifty Share Outfit button, too. Put it in. Awesome :)

I’m a bit worried about how it will interact with the existing Save Outfit button. Everything looks good and working as expected, but lemme know if something seems off.

Nifty, less-quick features in the works :) Thanks for using Dress to Impress!
Matchu 

Posted at 3:00 PM

Mar 23

Quick feature: Outfits page

So today Ataliah reminded me of a feature request from a while ago: a way to get straight to an outfit you’ve made rather than having to make a dummy outfit from the home page first. I was feeling in a particularly codey mood, so wrote it right up :) When logged in, you’ll now see a neat link up in the top right corner that says “Outfits,” pointing to a page that lists all the outfits you’ve created. Both easy and peasy.

It’s the little things that count :) Though there are some nice big things in the works, too ;)

Thanks, and enjoy!
Matchu 

Posted at 4:07 PM