Tag: dnd

Posted on

I Got Hacked!

Hacked!

This was not a post I was expecting to write.

A few weeks back my build server got hacked by ransomware, this is why there has been a delay in releasing the External Resources functionality.

In terms of your customer data, there is no danger at all. I don’t store any customer data whatsoever – that’s what my publisher does.

In terms of Sojour, it crippled the automated development environment that has resulted in the loss the following systems:

Confluence: My Wiki. This had a lot of information on architecture and many How-To-Do articles written from the experience gained of writing Sojour & Ancient Armies.

The old Confluence Wiki

JIRA: Stories and Task Management. This stored all of my stories and tasks. In Sojour’s updates you would have seen these as RPG-XXXXX. These are now all gone and I will discuss the implications later.

The old JIRA system!

Team City: Automated Builds. This system ran Sojour’s automated builds. It carried out a lot of tasks fully autonomously. These tasks ranged from automatic versioning, running tests, code obfuscation and the production of Sojour’s installers.

Team City – the heart of the old build system!

Other ancillary development systems were hit too.

How did it happen?

Most people are probably thinking that I visited a dodgy web site, or that I clicked a dodgy link or perhaps that I clicked or opened something in a dodgy email. But, none of these things happened.

The root cause of the security breach was simply an out of date Windows 10 installation, a weak implementation of the RDP protocol, and vulnerabilities in older versions of my development tools.

RIP – the old build server!

I had basically gone to visit the parents over a weekend, came back, and then noticed that I couldn’t raise any of my development systems through the browser.

I then RDP’d into the build server and at that point I realised something was very wrong.

The services running the various systems had disappeared and within each critical directory I found readme files like this one:

The ransom note!

To re-iterate, I did nothing active to allow this hack. It was a lapse on my part with regard to keeping my systems up to date. In the case of the build server, it was a tiny computer that was out of sight and out of mind. It just worked, so I had no cause to ever visit it – until this incident that is.

The only real oddity is that LockBit don’t normally target small businesses like mine, they tend to go after the much larger corporate entities. I guess that when they see an easy target like this, they just go for it.

Obviously, this has massively impacted Sojour as a project. The only saving grace is that the source code and its history were untouched.

I’ve been spending the last few weeks trying to get a development environment up and running and re-securing all my current systems.

In the end, after many false starts, I decided to move everything into the Cloud using Microsoft’s Azure DevOps system. This provides me with a fully integrated development environment and a hopefully more secure one when compared to my home-based one.

Sojour is now in the cloud!

Getting Azure DevOps to perform everything that my previous system could do took a lot of time and effort. In fact, I had taken for granted just how much my previous system did for me, until this migration that is!

After a lot of time spent, I can now generate versioned installer releases much like with my previous system:

My first DevOps releases (pre-merge)

Every cloud has a silver lining. In this case, it’s the way that I have configured Azure DevOps. It provides me with a lot more power and flexibility over my previous system and as a bonus it allows me to work remotely.

There is still a little more tweaking to do, but the system is pretty much there, which means that I can soon get back to software development again!

In terms of implications going forward, the main issue is that I have now lost all my stories – this means that any feature requests will be lost. If you had any, please let me know and I will add them to the new development system (there is an email address at the front of the manual or alternatively use Sojour’s Discord).

The other more minor issue is that without my Wiki, I’m going to have to relearn many of my processes, such as ‘How do I create Sojour’s manual?’. This will slow things down, but as I rediscover my old processes, they will get re-documented within Azure DevOps.

Apologies for the hack – that was on me for not taking security seriously enough.

I guess that the morale of the story is that if you have unpatched operating systems, such as Windows 10 (which is now out of support), make sure you switch to a supported operating system and that you keep it up to date. Otherwise, this could easily happen to you too!

Have Fun!

RobP

Posted on

External Resources – Preview

Howdy Folk!

This is post to give you a preview for what’s coming to Sojour.

The screenshots and video are from a very early build and there is still much more to do, but, hopefully you good folk will see some value in it.

Firstly, what do I mean by external resource?

An external resource is any web based resource.

Right now the system is coded to deal with just web pages, but in the future it will support direct API communications for the more advanced users here.

I guess the next question is, what can I do with external resources?

At their most basic level you will be able to embed web pages into Sojour as an asset:

TravellerMap.com embedded within Sojour!

External resources have several advantages over using a web browser.

Firstly, the resource is easier to find and you don’t need yet-another-window open to use that resource.

Secondly, if the resource tab is left open and Sojour is closed down and restarted, it will reload that resource from exactly where you left off. In the above example it would remember your last map position.

Ok, we have established that we can embedded external resources into Sojour, but can it do anything else?

Yes. Yes it can!

Sojour’s external resources can have one or more triggers added to them. These triggers allow functionality within Sojour to be triggered based on various criteria from the external resource.

For example, if I wanted to integrate a third party dice roller, say DDDice, I could add a trigger to look out for when a dice is rolled in DDDice:

The trigger editor for external resources. This is DDDice being wired into Sojour!

More triggers can be added or the existing ones edited by using the assets browser:

The updated tree view.

Now that DDDice is wired in, I can roll dice in it and have them trigger table rolls in Sojour automatically!

DDDice fully integrated! Make the roll and see the result in Sojour!

Sojour will initially support two types of trigger: A table roll trigger and a journal injection trigger. There are plans for a further 6 trigger types, but the implementation of these is further off.

Obviously, DDDice is just an example. This system can be used to integrate any web resource that uses HTTP/S! 😎

You can see external resources in action by watching the You-Tube video below:

That’s it for this post!

Please bear in mind that it’s an early preview of a very early iteration of brand new functionality. This will only get better as we go down the road!

Have Fun!

RobP