I'm not certain, but I think the server running Glorious Trainwrecks may have been hacked again recently.

IMMEDIATE ACTIONS YOU SHOULD TAKE:
- You should NOT YET change your password on this site, as if it has been hacked, the attacker could still have access.
- You SHOULD change your password on any websites that you're using that share a password with Glorious Trainwrecks.

WHAT I AM DOING TO FIX THIS:
- I am going to create a new, clean Linode instance and migrate the site to use it.
- I am going to modify Drupal to use a more secure password hashing mechanism.
- I will tell you when this is done so that you can change your passwords here, if you wish.

WHAT, EXACTLY, IS GOING ON:
(Warning: gory technical details)
After the last time the site was hacked, I installed a program called rkhunter, which runs daily and searches for changes to the running system that have security implications.

On the morning of March 17th, rkhunter started to send emails that flagged something I had never seen before. This message has persisted since. There is no possible way I accidentally did anything to the server in the 24 hours prior, as on March 16th I was travelling all day.

[blockquote]Warning: Network TCP port 47018 is being used by /usr/lib/libice.log. Possible rootkit: Possible Universal Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.[/blockquote]

According to ls, /usr/lib/libice.log does not exist. Neither 'lsof' nor 'netstat' show anything that has that port open. I can't connect to that port, either locally, or from an external machine. And rkhunter's mailing lists suggest that URK is very old and very unlikely to be seen in the wild.

It is possible that this is a weird false positive. If it doesn't go away after rebooting the server, then that seems very unlikely, since this is very dubious behaviour. I am being cautious.

One other thing happened that I find alarming: This morning, someone logged into my Facebook account from Taiwan. Facebook caught it, locked my account, and notified me. I had been under the belief that the password I was using was A) secure, and B) had yet to be leaked. Clearly it is now out there and associated with my email address, so I have a long slog of password changes ahead.

RE: password hashing, Drupal 5 performs by default an SHA-1 hash of your password with no salt. If you have a common password, this means that someone with access to our database could figure out your password literally by putting your password hash into Google. If you have an uncommon password, the work is slightly more complicated, but because there is no salt, it does not take an attacker much more time.

(I would love to do away with storing passwords entirely and switch to Mozilla Persona or something, but the chances of making that work with Drupal 5 are basically nil. I should be able to fairly easily switch to a bcrypted version of the SHA-1 hash of your password, which won't require a password reset and will bring us up to modern password hashing standards.)

Anyway, I'm sorry that this happened, and I'm hopeful that I can get us transferred over to a fresh, new, more secure server reasonably quickly.

So the Pirate Kart launchers are pretty cool, right? Makes browsing and playing games that little bit easier. It would be cool to have a launcher like that for every event or even one launcher that works for all Glorious Trainwrecks events! (well at least the ones since the new game submission system) I thought that'd be pretty rhinoceros! So I built it!

GLORIOUS TRAINWRECKS DOT EXE

If you see any weird issues or have ideas for improvements, let me know!

UPDATE 19 Feb 2013: Now should launch DosBox so you can play 16-bit EXEs on Win 64. Also some bugs got fixed.

Can you believe we have been making terrible 2-hour games for FIVE YEARS!? It's true! The very first pilot run of what would become the Klik of the Month Klub happened in June 2007. This stupid little jam has far surpassed my wildest expectations. Thank you all for making it amazing.

The Klik of the Month Klub meets right here on this very website on the third Saturday of every month at 4pm Pacific Time (taking daylight savings into consideration) for a two hour Klik & Play Showdown. Everyone who participates gets two hours to create something from scratch in Klik & Play. Abusing the stock objects is encouraged. If you really loathe Klik & Play you can use whatever game development platform you want. Two hours is a pretty tight time limit, though, so choose wisely!

Klik & Play is absolutely free to download, and learning it takes minutes, so everyone can get in on the action.

Want to talk to your fellow Klikwreckers? Join us on IRC -- server irc.freenode.net, channel #glorioustrainwrecks. Join the mayhem!

After you've made your game, you should upload it here!

For more information, check out the KotM N00B FAQ.

Sign up using the "Sign Up" tab above if you want to get reminded by email the day before the klikkening begins!

By the time GDC Play ended, we had 1005 games from 378 different contributors! And there have been more since then!

That's a lot of games! So here's a fancy-pants launcher to make browsing, downloading, and playing them easier!
download it!

Hello all,

I am Francois Lionet from Clickteam. You might know me indirectly, as I am, with Yves Lamoureux, the author of Klik'n Play , published by Europress software in the UK, and by Maxis in the US, in the 90s. I am also the author with Yves of The Games Factory and Multimedia Fusion.

I went to the glorious trainwrecks booth at the GDC, and liked what I saw.

OK, you are using a version of Knp that is supposed to be for schools only, but we dont mind. And it must be a pain to install on nowadays machines.

If someone from the association could contact me, that would be cool, I have some propositions to do.

Please keep up the good work, and most of all, keep having fun making games. Making games have become a serious business these last years, it is good to see people that do not take it so seriously.

Francois

Third from the top.

So this Saturday was SUPPOSED to be the Timezone Lottery Klik Jam. But who can think of jamming for only two hours on a separate event when GDC IS NEXT WEEK!?

SO LET'S USE THIS WEEKEND TO MAKE THE PIRATE KART EVEN MORE MASSIVE!!

Q. What is this?

We're making loads of awesome and/or terrible games and taking them to GDC to blow minds with them! Over the weekend of February 25th-26th, everyone is invited to make as many games as they can and submit them here! After the event is over, we will package the games up into a launcher like we did with previous Pirate Karts! And then this March we will be showing them off in a kiosk at the Game Developer's Conference!!!

The kiosk will even continue to download games while on the show floor!

Q. Who can participate?

ANYONE! EVERYONE! If you or anyone you know makes games, or even just has an interest in making games, we would love to have you all participate! If you've never made a game before, we think Klik & Play is pretty easy to learn! but any tool is allowed and there are lots of great ones out there!

Q. What are the rules? What kind of games are allowed?

The Pirate Kode has only one firm rule: If the rules are getting in the way of you making games, disregard them! To put it another way: Cheating is encouraged.
But we have some guidelines for you if you want some direction!

• Try to make each game in 2 hours or less! Don't worry if you go over, though. And feel free to prepare as much as you want ahead of time. Art, music, game ideas, even code!
• Unlike the recent IGF Pirate Kart, with this one we're looking for games made for this event specifically!
• It's a good idea to include what the controls are on the title screen! Unfortunately you can't really count on people actually reading the game description!
• It's also really nice if people can exit the games by hitting escape.
• If you don't stick to these guidelines, that's okay! WE WANT YOU AND YOUR GAMES ANYWAY!

Q. THIS IS AWESOME! HOW DO I PARTICIPATE?

Get yourself comfortable with some development environment, then when Pirate Kart Weekend arrives, MAKE GAMES LIKE CRAZY!!!

Q. I MADE A GAME(S)! HOW DO I SUBMIT IT/THEM?

SWEET! First, sign up for a Glorious Trainwrecks account if you haven't yet (you can do that here). Then click this, fill in the form, upload a game and a screenshot and submit and then YOUR GAME IS IN THE KART!

Q. Weren't you asking for money?

It got fully moneyed on Kickstarter!

Q. Where are the game ideas people gave as Kickstarter rewards?

Right here! There are THIRTY games that need to get made! If you could update that spreadsheet as you start working on them and with the link when you finish, we can hopefully avoid overlap and Mike will be able to contact folks when their games are made!

Q. I want to make a game, but can't code!

No prob! There is a lot of free tools for your game-making needs!

Klik n' Play is the classic. Outdated, limited, buggy and absolutely wonderful for churning masses games.
Construct 2 uses HTML5 and you can create a nifty on-line game.
Official Hamster Republic RPG Construction Engine
Scratch (converter to standalone exe files: http://chirp.scratchr.org/dl/ChirpCompiler-setup.exe
Stencyl Creates iOS and Flash games!
Oh! My! Game!
BYOND (simple programming language)
Novashell (script-based)
The Scrolling Game Development Kit
The Scrolling Game Development Kit 2
Adventure Game Studio
Game Maker Lite
Ray Game Designer II
ZGameEditor
Processing
MegaZeux
ZZT
Unity 3D

Making games isn't just for programmers!

Q. How can I hang out and chat with everybody?
We have an IRC channel! More info on that here!
You can also post right here on this event page! Or leave a comment on a game page!

So uh Twitter is exploding right now with the suggestion that some sort of pirate kart-like compilation be thrown together at the last possible second to enter the IGF.

If you want in on that, email games to mike at meyermike dot com. The IGF deadline is this Sunday at like midnight PST or something. I presume ExciteMike will need time to throw games in. I dunno. Perhaps he'll post.

THIS IS YOUR CHANCE TO ENTER THE IGF!!! MAKE YOUR DREAMS COME TRUE <3

HOLY SHIT WE'VE BEEN KLIKKING FOR FIFTY MONTHS! WOOOOOOOOOOO PARTYYYY

The Klik of the Month Klub meets right here on this very website on the third Saturday of every month at 4pm Pacific Time (taking daylight savings into consideration) for a two hour Klik & Play Showdown. Everyone who participates gets two hours to create something from scratch in Klik & Play. Abusing the stock objects is encouraged. If you really loathe Klik & Play you can use whatever game development platform you want. Two hours is a pretty tight time limit, though, so choose wisely!

Klik & Play is absolutely free to download, and learning it takes minutes, so everyone can get in on the action.

Want to talk to your fellow Klikwreckers? Join us on IRC -- server irc.freenode.net, channel #glorioustrainwrecks. We've also got a Mumble voice chat server -- just connect to glorioustrainwrecks.com using Mumble and you can talk to us like real human beings! Join the mayhem!

After you've made your game, you should upload it here!

For more information, check out the KotM N00B FAQ.

Sign up below if you want to get reminded by email the day before the klikkening begins!

Hi everyone,
If you tried to sign up for a new Glorious Trainwrecks account in the past few months and didn't get a confirmation email, I have good news for you! Email is now working again. Register with impunity!

I'm really, really sorry to have left such an important part of the site broken for so long.

Yours,