Hey, remember back in 2013 when I updated the password database to not use unsalted md5 for password hashing?

Wellll apparently that change broke password reset links with some regularity. (Occasionally a working password reset link would be sent out if you were persistent.) So if you've been trying to reset your password and it hasn't been working, try again! It should work every time now!

And remember: If you're having trouble logging in, or the site is broken for you in some way, please email me and let me know! I'm friendly and want to help and can definitely fix your problem!

Thanks to denson for the bug report that finally led me to track down and fix the issue.

GORY DETAILS:
I switched to using bcrypt for password hashing. But it turns out that the password reset link uses the password hashing function to generate its url, and bcrypted hashes can contain the "/" character. Which meant that if the hash happened to contain a "/", then during URL parsing only the part of the hash up to the first "/" would be checked, and of course it would decide that the hash didn't match and throw a cryptic error.

Beep Boop! Hi, it's Klik Bot.

~Tue, 11/03/2015 - 17:21 — SpindleyQ

ANYTHING IS A GAME IF YOU MAKE IT A GAME. Because this is Glorious Trainwrecks, making 100 games can be left to interpretation. This isn't an endurance test. You don't have to make 100 Metal Gear Solid V's. Maybe, think of this like gesture sketches in a drawing class where you can easily make 100 drawings in 20 minutes. You do not have to program or make your own assets. Maybe think what is a game? What is 100? You all are creative. Do whatever, who cares, this is Glorious Trainwrecks.

The Klik of the Month Klub usually meets right here on this very website on the third Saturday of every month at 4pm Pacific Time (taking daylight savings into consideration) for a two hour Klik & Play Showdown. Usually, everyone who participates gets two hours to create something from scratch in Klik & Play. This time it will be over the entire Thanksgiving Weekend. Abusing the stock objects is encouraged. If you really loathe Klik & Play you can use whatever game development platform you want. Two hours is a pretty tight time limit, though, so choose wisely!

This time we are doing something different.

100-games-per-person. Let's aim for 10,000 games.
The games don't need to be super long, polished, good, or "games". There just needs to be 100-per-person.

Also, collaboration is encouraged! Upload project files so people can easily edit your games!
Please cite your sources and give credit where credit is due!

Klik & Play is absolutely free to download, and learning it takes minutes, so everyone can get in on the action. In addition, there are tools like Multimedia Fusion 2, RPG Maker, Unity, Game Maker, and Twine. Some engines to help make very very short games are plingpling, flikgame, and tinychoice.

Want to talk to your fellow Klikwreckers? Join us on IRC -- server irc.freenode.net, channel #glorioustrainwrecks. We've also got a Mumble voice chat server -- just connect to glorioustrainwrecks.com using Mumble and you can talk to us like real human beings! Join the mayhem!

After you've made your game, you should upload it here!
Submit games 1 by 1. Let's flood Glorious Trainwrecks! If you don't meet 100 games it's fine. The thing that matters is that you're striving to make 100 games.

For more information, check out the KotM N00B FAQ.

Sign up using the "Sign Up" tab above if you want to get reminded by email the day before the klikkening begins!





Imposter alert!Imposter alert!Imposter alert!Imposter alert!

Also, any suggestions about the event, please post in the comments.

Q: OMG THERE ARE SO MANY GAMES HOW WILL I EVEN DOWNLOAD ALL THESE GAMES?

A: Try GloriousTrainwrecks.exe!

If you are reading this, Glorious Trainwrecks is up and running on a shiny new completely rootkit-free server that hopefully won't randomly lose internet access or freeze up!

I'm currently running a script to update all passwords to be encrypted with bcrypt, which is an excellent password hashing system that makes brute-force password guessing computationally unfeasible. So if we're hacked again, no one can figure out your password! Hooray for modern security practices! If there's anyone out there running Drupal 5 that wants to use actual password hashing instead of just md5 with no salt, GET IN TOUCH, I HAVE A PATCH FOR YOU.

THERE ARE LIKELY TO BE PROBLEMS. I am a fallible human and I forget things. Please post here about them! If you can't login to post about them for some reason, send me an email: .

That's it!

I'm not certain, but I think the server running Glorious Trainwrecks may have been hacked again recently.

IMMEDIATE ACTIONS YOU SHOULD TAKE:
- You should NOT YET change your password on this site, as if it has been hacked, the attacker could still have access.
- You SHOULD change your password on any websites that you're using that share a password with Glorious Trainwrecks.

WHAT I AM DOING TO FIX THIS:
- I am going to create a new, clean Linode instance and migrate the site to use it.
- I am going to modify Drupal to use a more secure password hashing mechanism.
- I will tell you when this is done so that you can change your passwords here, if you wish.

WHAT, EXACTLY, IS GOING ON:
(Warning: gory technical details)
After the last time the site was hacked, I installed a program called rkhunter, which runs daily and searches for changes to the running system that have security implications.

On the morning of March 17th, rkhunter started to send emails that flagged something I had never seen before. This message has persisted since. There is no possible way I accidentally did anything to the server in the 24 hours prior, as on March 16th I was travelling all day.

[blockquote]Warning: Network TCP port 47018 is being used by /usr/lib/libice.log. Possible rootkit: Possible Universal Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.[/blockquote]

According to ls, /usr/lib/libice.log does not exist. Neither 'lsof' nor 'netstat' show anything that has that port open. I can't connect to that port, either locally, or from an external machine. And rkhunter's mailing lists suggest that URK is very old and very unlikely to be seen in the wild.

It is possible that this is a weird false positive. If it doesn't go away after rebooting the server, then that seems very unlikely, since this is very dubious behaviour. I am being cautious.

One other thing happened that I find alarming: This morning, someone logged into my Facebook account from Taiwan. Facebook caught it, locked my account, and notified me. I had been under the belief that the password I was using was A) secure, and B) had yet to be leaked. Clearly it is now out there and associated with my email address, so I have a long slog of password changes ahead.

RE: password hashing, Drupal 5 performs by default an SHA-1 hash of your password with no salt. If you have a common password, this means that someone with access to our database could figure out your password literally by putting your password hash into Google. If you have an uncommon password, the work is slightly more complicated, but because there is no salt, it does not take an attacker much more time.

(I would love to do away with storing passwords entirely and switch to Mozilla Persona or something, but the chances of making that work with Drupal 5 are basically nil. I should be able to fairly easily switch to a bcrypted version of the SHA-1 hash of your password, which won't require a password reset and will bring us up to modern password hashing standards.)

Anyway, I'm sorry that this happened, and I'm hopeful that I can get us transferred over to a fresh, new, more secure server reasonably quickly.

So the Pirate Kart launchers are pretty cool, right? Makes browsing and playing games that little bit easier. It would be cool to have a launcher like that for every event or even one launcher that works for all Glorious Trainwrecks events! (well at least the ones since the new game submission system) I thought that'd be pretty rhinoceros! So I built it!

GLORIOUS TRAINWRECKS DOT EXE

If you see any weird issues or have ideas for improvements, let me know!

UPDATE 19 Feb 2013: Now should launch DosBox so you can play 16-bit EXEs on Win 64. Also some bugs got fixed.

Can you believe we have been making terrible 2-hour games for FIVE YEARS!? It's true! The very first pilot run of what would become the Klik of the Month Klub happened in June 2007. This stupid little jam has far surpassed my wildest expectations. Thank you all for making it amazing.

The Klik of the Month Klub meets right here on this very website on the third Saturday of every month at 4pm Pacific Time (taking daylight savings into consideration) for a two hour Klik & Play Showdown. Everyone who participates gets two hours to create something from scratch in Klik & Play. Abusing the stock objects is encouraged. If you really loathe Klik & Play you can use whatever game development platform you want. Two hours is a pretty tight time limit, though, so choose wisely!

Klik & Play is absolutely free to download, and learning it takes minutes, so everyone can get in on the action.

Want to talk to your fellow Klikwreckers? Join us on IRC -- server irc.freenode.net, channel #glorioustrainwrecks. Join the mayhem!

After you've made your game, you should upload it here!

For more information, check out the KotM N00B FAQ.

Sign up using the "Sign Up" tab above if you want to get reminded by email the day before the klikkening begins!

By the time GDC Play ended, we had 1005 games from 378 different contributors! And there have been more since then!

That's a lot of games! So here's a fancy-pants launcher to make browsing, downloading, and playing them easier!
download it!

Hello all,

I am Francois Lionet from Clickteam. You might know me indirectly, as I am, with Yves Lamoureux, the author of Klik'n Play , published by Europress software in the UK, and by Maxis in the US, in the 90s. I am also the author with Yves of The Games Factory and Multimedia Fusion.

I went to the glorious trainwrecks booth at the GDC, and liked what I saw.

OK, you are using a version of Knp that is supposed to be for schools only, but we dont mind. And it must be a pain to install on nowadays machines.

If someone from the association could contact me, that would be cool, I have some propositions to do.

Please keep up the good work, and most of all, keep having fun making games. Making games have become a serious business these last years, it is good to see people that do not take it so seriously.

Francois

Third from the top.

So this Saturday was SUPPOSED to be the Timezone Lottery Klik Jam. But who can think of jamming for only two hours on a separate event when GDC IS NEXT WEEK!?

SO LET'S USE THIS WEEKEND TO MAKE THE PIRATE KART EVEN MORE MASSIVE!!

Q. What is this?

We're making loads of awesome and/or terrible games and taking them to GDC to blow minds with them! Over the weekend of February 25th-26th, everyone is invited to make as many games as they can and submit them here! After the event is over, we will package the games up into a launcher like we did with previous Pirate Karts! And then this March we will be showing them off in a kiosk at the Game Developer's Conference!!!

The kiosk will even continue to download games while on the show floor!

Q. Who can participate?

ANYONE! EVERYONE! If you or anyone you know makes games, or even just has an interest in making games, we would love to have you all participate! If you've never made a game before, we think Klik & Play is pretty easy to learn! but any tool is allowed and there are lots of great ones out there!

Q. What are the rules? What kind of games are allowed?

The Pirate Kode has only one firm rule: If the rules are getting in the way of you making games, disregard them! To put it another way: Cheating is encouraged.
But we have some guidelines for you if you want some direction!

• Try to make each game in 2 hours or less! Don't worry if you go over, though. And feel free to prepare as much as you want ahead of time. Art, music, game ideas, even code!
• Unlike the recent IGF Pirate Kart, with this one we're looking for games made for this event specifically!
• It's a good idea to include what the controls are on the title screen! Unfortunately you can't really count on people actually reading the game description!
• It's also really nice if people can exit the games by hitting escape.
• If you don't stick to these guidelines, that's okay! WE WANT YOU AND YOUR GAMES ANYWAY!

Q. THIS IS AWESOME! HOW DO I PARTICIPATE?

Get yourself comfortable with some development environment, then when Pirate Kart Weekend arrives, MAKE GAMES LIKE CRAZY!!!

Q. I MADE A GAME(S)! HOW DO I SUBMIT IT/THEM?

SWEET! First, sign up for a Glorious Trainwrecks account if you haven't yet (you can do that here). Then click this, fill in the form, upload a game and a screenshot and submit and then YOUR GAME IS IN THE KART!

Q. Weren't you asking for money?

It got fully moneyed on Kickstarter!

Q. Where are the game ideas people gave as Kickstarter rewards?

Right here! There are THIRTY games that need to get made! If you could update that spreadsheet as you start working on them and with the link when you finish, we can hopefully avoid overlap and Mike will be able to contact folks when their games are made!

Q. I want to make a game, but can't code!

No prob! There is a lot of free tools for your game-making needs!

Klik n' Play is the classic. Outdated, limited, buggy and absolutely wonderful for churning masses games.
Construct 2 uses HTML5 and you can create a nifty on-line game.
Official Hamster Republic RPG Construction Engine
Scratch (converter to standalone exe files: http://chirp.scratchr.org/dl/ChirpCompiler-setup.exe
Stencyl Creates iOS and Flash games!
Oh! My! Game!
BYOND (simple programming language)
Novashell (script-based)
The Scrolling Game Development Kit
The Scrolling Game Development Kit 2
Adventure Game Studio
Game Maker Lite
Ray Game Designer II
ZGameEditor
Processing
MegaZeux
ZZT
Unity 3D

Making games isn't just for programmers!

Q. How can I hang out and chat with everybody?
We have an IRC channel! More info on that here!
You can also post right here on this event page! Or leave a comment on a game page!