Diversion: Friday night's follies

[Or, "a brief descent into an eldritch hell" ...]

sooo many cooks, maybe excerpt that By Friday afternoon most of our techs were "on-site", so to speak, although one or two of them seemed to be having trouble logging into the main con site.  I didn't think anyone needed the "early access" bit anymore, so this was somewhat mysterious...  With everyone chiming in with suggestions, David's comment was well-timed and priceless [and the wrench reaction is from me, tinted blue].  Getting fresh-baked cookies from a new login apparently counted for a lot.  But there may have been more to it, as backend changes and database pulls and the other ponderous mechanics of how the master site was going to run the con were grinding into motion for real.  This was it, we were live to the world, and the time to test and goof around and break stuff was over.

join-as-host monster link Well, maybe not entirely...  I was still super-curious how a website was going to convince my *not-logged-in* Zoom client to start a meeting or webinar under some user account I didn't even know.  The launch links were buried in multiple layers of javascript, but with a little hackery I managed to capture one of them and discovered that it was a monster.

In this massive, obscenely pulsating blob were many sub-elements, and when I donned my gasmask and seriously sliced it open to the squishy innards, it turned out that some of that foul plumbing was *triple* or more base64-encoded.  Here's what it looked like when laid out across the slab.

--
I feel the terrifying presence of the Great Old Ones very near now, I must avert my eyes...


hack: 'echo' spits out the huge link My pitifully primitive device to trap this entity was to intercept the browser's launch to the running Zoom app, by instead sending it through /bin/echo.  The resulting spew landed on the laboratory floor and lay quivering, and that's what you see above.  From that day forward the browser would always offer this choice, thus bearing this permanent stain of perversion!  If I instead slammed the door and sent this abomination back to the blue hell from which it had slithered, the sessions would launch normally.

  But lo, some other netherworld horror had stirred deep within the machine, because as this night progressed, even the good-faith efforts to get sessions rolling started to go awry.  The host launch links weren't showing up, or going to the wrong meeting ID, or something ... so then there was a mad scramble to generate launch links somehow and transmit them to the hosts, and frankly I wasn't fully sure what the workarounds entailed, since I was dealing more with Discord at the time.  Suffice to say that #tech-ops was a bit of a disturbed hornet nest for a few hours.

showing off --regmembercount which people dont even realize is the Dyno prefix In the meantime, I had enabled another one of Dyno's commands in the tech-chat area, as an easy way to keep track of how many people had joined the Discord.  [Yes, the actual command is "membercount", with the same prefix that still drove everything else.]  Once Ben realized that this was available he seized upon it, and started trying to remember to pop in and take hourly stats.  Hmm, I wonder if this could be automated into a time-based bot function...

teseracte-twitch Undaunted by the storm around the Zoom sessions, Teseracte simply streamed their shadowcasts to Twitch and that seemed to work fine.  The Twitch chat requires a Twitch account, of course, and as far as I know there's no direct linkage back to Discord, but we had our own #performance-hall channel which was also pretty lively.  The Mrs. Hawking runs on Youtube generated HUGE amounts of commentary there, making for a level of realtime player-to-audience interaction that would otherwise be impossible in a physical show.

A very different way of community participation, but people were diggin' it.


Kathi shows zoomlinks from logged-out To handle the rest of the night, Zoom links were pre-generated and then simply hardwired into the site schedule.  However, as several people noted, it was possible to see these on the schedule without being logged into the site at all, a potential security problem as this skipped the step where the login check was done.  Anybody could have c&p-ed these or clicked them and been right into the relevant sessions.  Fortunately, there weren't many more of them that evening.

friday night URL fuckup: only half link is clickable In some cases the links weren't even complete, and simply clicking this without realizing the ?pwd=... part was missing wouldn't transmit the meeting passcode.  We had to actually *tell* attendees out-of-band to copypasta the whole string to get in.  How's that for some security-through-obscurity?  Lacking that coaching, there's a sizeable sector of computer users who would be totally locked out by this.  No, it wasn't intended that way, the site was just not generating the right content.

Discord membercount as of Fri night But everyone got through it, and meanwhile the backend folks were frantically bug-hunting.  I fired up a Zoom and bopped into the con-suite social space for a while, and as things wound down for the night Ben's stats-taking continued.  The social channels had gotten quite active -- I hadn't had time to go catch up on them, and essentially never did in a lot of the Discord areas.  From Friday night forward, it was super-busy all over the place and it was enough just to keep up with the staff areas.

_H*   210203