14.05.2020 done:
* optimize icon loading even further (loading from cache takes miliseconds instead of hundreds of miliseconds)
* optimize item loading (again, miliseconds instead of hundreds of miliseconds)
* add missing template functionality (conditions and loops)
* finish rewriting recipe lists to templates
* start showing real data in the preview pages
- minor issues found, will need to redesign preview data format a bit
12.05.2020 done:
* finish HTML templates (https://github.com/pwmirage/ed…c1574/script/template.mjs)
* rewrite Recipe lists to those templates (https://github.com/pwmirage/ed…4b7207ec7/tpl/preview.tpl)
With the building blocks in place I should be able to pick up the pace on feature development now.
11.05.2020 done:
* struggle with HTML templates -> not much progress
10.05.2020 done:
* add recipe tooltips in recipe lists (on hover)
to do:
* implement a javascript template engine (so that HTML-like code can include variables)
* finish the recipe lists preview page -> complete with diffs
09.05.2020 done:
* finish rewriting DB.js to ES6
* publish DB.mjs at github: https://github.com/pwmirage/editor
* describe DB.mjs internals: https://github.com/pwmirage/editor/wiki/PW-database
08.05.2020 done:
* start rewriting DB.js into a javascript ES6 module usable natively both clientside and serverside
07.05.2020 done:
* Make recipe list an additional HTML element
* switch to HTML5 shadow roots for the preview page
06.05.2020 done:
* Added item icon caching -> opening a page for the first time should take seconds, then only miliseconds. This was crucial if we wanted to show item icons outside of editor on a regular page that's quickly switched.
* Added a skeleton of a project preview page
to do:
Make the project preview page functional -> make recipe lists showing correctly
05.05.2020 done:
* added the backend for generating small diffs for project previews
04.05.2020 done:
* mostly browsing the unfinished work
* fixed a few minor display glitches in project list
On Oct 29th we launched this site, started writing down ideas for the server and began working on the editor. In a blink of an eye it's been half a year already.
That's that's how the editor looked after 2 days of development, on Nov 1st:
No backend, no project management, no npcs, just a draggable map and some windows.
It's documented on here on the forums, but if I try to think back now it was probably designing the project database (New database format in the editor and its possible benefits) and figuring out PW quest format that took us most time. Each of those about a month. Integrating with the forum also took us a while. Then we had to make all the bugfixes in the patcher to make the changes display correctly.
Figuring out the quests took us a lot of time but didn't really contribute to the game so far. Maybe that's something we should have left for later. Other than that I think we've spent the time well. It was fun.
Huuge thank you to Zeva Escanor fallenknighte foxi aaaand Satine for making all of this work. 
And it's only going to get better!
This was suggested by ToastyMarshmallows . Let's create such list, but what do we put there? A few things off the top of my head:
- no tideborn or any newer races, we'll stay with the original 3 races, 6 classes
- no autopath, (ctrl+click on the map to move in a straight line - maybe, but no automatic navigation)
- no high rates. we stay as a low rate server
- no r9 or any other OP gear
- no packs or gambling
- no forced PvP mode. you can always stay blue-named
We did have an incident on the server yesterday. One of our players Gameruk started logging in on someone else accounts and transferred most of the gear and money to another character. He was also asking people in faction for more money, which he eventually got, so more than 1 person was affected. Was PW Mirage hacked? I doubt it.
PW server is indeed a black box. Even with the full source code leaked last year it's just too much code for anyone to wrap his head around. Nevertheless, there's a lot that can be done to protect a server. PW 1.3.6 came out over 10 years ago, and the server files appeared on the internet not much later. It's easiest to run those server files on the architecture that was normally used at that time, over 10 years ago. Software is always full of bugs though. Something that PW based on 10 years ago now has a list of known vulnerabilities on the internet just waiting for someone to exploit. Literally, right now there's a PW server around using Apache Tomcat 5.0.33 for hosting the GM web panel. This piece of software is over 8 years old and has its vulnerabilities listed e.g. here: https://tomcat.apache.org/security-5.html
Just pick one with high priority, google it, grab some exploit script from github, run it against that server and boom you're a great hacker.
On Mirage we use latest OS and software that's still supported and has security fixes applied as soon - or even sooner - as the vulnerability is made public. We still have a high risk of getting hacked though because of the PW server itself. It's old piece of software and some people may know a few exploits for it. PW might have fixed them in later versions, but we do want to stick with the old 1.3.6 to keep the 3 races and the old look&feel. And there's no list of PW vulnerabilities on the internet, so we need to get hacked in order to understand the issue and be able to fix it. The best we can do to protect user data is to do backups. Every 3 hours. If someone hacks us and affects someone else on the server we look at the logs and try to understand what and how that happened. When we finally introduce some mitigation for the vulnerability, we try to estimate how much impact an intruder has done, and in the worst case we pull out backups. We have them stored on the PW server machine itself as well as a separate machine which just pulls them periodically - in case the PW machine dies or all of the backups there get deleted by the intruder.
For the yesterday's incident there weren't used any vulnerabilities on the PW server. Gameruk did get access to someone else forum account, from where he was able to see in-game account names and to reset their passwords. Forum is hosted on a yet another machine and the game server doesn't even know about it, so the scenario of using a PW vulnerability to get access to someone's account is very unlikely.
Supposedly gameruk was banned yesterday on PW Warzone server for sending out some of their account names to the public. I can't say how much of that is true and it's none of my concern, but I do see that gameruk did try a bunch of credentials both in the forum and the game on PW Mirage - not all of them worked. My guess is that he did find a vulnerability on PW Warzone, retrieved user account names and passwords there (PW keeps them in plaintext by default), then tried them on PW Mirage.
It's always the weakest pillar that fails - and in this case it was probably the passwords themselves. If there is something to be learned from this, please keep your passwords secure. Using a complicated password with numbers or symbols doesn't mean anything if you use the same password everywhere. My best recommendation - a long password that's easy to remember. A nonsense story that's crazy enough to always remember. A single number thrown there won't hurt either.
-- Edit
I talked with PW Warzone Admin and apparently no credentials were leaked from their server. It seems like Gameruk just guessed the password.
Messaging is incredibly important and I just realized that apart from occasional updates on discord I didn't give much info on where we're heading with the server / what's the plan / what I'm working on right now / etc. Let me fix that.
I keep saying this is a community-driven server. I hope it really is. The main feature here is the editor and ability to contribute to the server yourself, so that the growth isn't bottlenecked by a few privileged people (admins, GMs). I put my trust in this community and I hope the tools I make will make this server different from all the others which already went down. I think the concept is something completely new - nobody created such tools before. At least for PW - I didn't do research on other games.
The last two weeks were rather busy:
That last one... I'll get back to it later. There's also a few unresolved issues:
It is probably expected of me to deal with those issues quickly. Yet, I don't seem to be working on them - I don't. I know we'll have to fix those at some point, but an absolute top priority to me is getting the editor functional. We say it's a community-driven server, but we can't even preview the community-created content right now. Fixing those issues takes time that could be used to be fix our tools instead. Eventually, with the tools working it could be anyone to fix BH or prepare a questline for inventory stones. I know fixing the issues is important, but even with all of those fixed we're still just a standard PW server which will likely rot in the following weeks. We have to do better than that - focus on the community-driven aspect.
Nevertheless, we're in the middle of testing TW and have a solution for inventory stones ready, waiting on us, GMs to agree with the idea. We'll fix things that are critical or require not that much time, but everything else needs to wait.
Not all of the issues that need our attention can be made public immediately. That's why I stopped giving daily updates, but let me get back to it now.
I hope this makes our position a bit clearer. Thanks!
This is such a spoiler! 
The welcome message is actually sent by the server whenever somebody logs in. It could be customized, there could some message-of-the-day from your faction (as a replacement for the faction slogan, which is terrible in this PW version).
So I just added a rough version of customizable hotkeys here: PW Client Enhancements
I also explored some possibilities of modifying the client just to know what's realistically doable (by me). There's certainly a lot! Modifying the client isn't too difficult, just a bit time consuming.
Suggestions:
A stats page would be cool, stuff like number of accounts and characters and classes/gender, levels, number of factions, etc
That's a great suggestion. It should be in the works soon.
PW 1.3.6 certainly lacks some features we could try to add:
* Tab targetting
* Customizable hotkeys
* Remaining effect time (buffs,debuffs)
* Mob HP numbers
* and so on
I just finished implementing a rough proof of concept for customizable hotkeys, which leaves with the first two points somewhat done. The patcher below contains those changes. I posted it earlier today on discord [1]. It could use some testing before we publish it through an auto-update. I know it has a lot of rough corners, but any feedback is welcome.
[1]
QuoteThis is an experimental launcher with customizable hotkeys. You have to change them manually in a config file with a text editor of your choice. The file's at PWMirage/patcher/keymap.cfg. Please extract this archive in your game directory and run through patcher. I would be grateful for any feedback. This will eventually become a default Mirage patcher fetched through auto-update, but for now we're just experimenting.
Some additional food for discussion:
* Use PW-built-in version number for our patches and forbid outdated client to connect to the server
* Provide forum credentials in the patcher, select proper account, then login inside the game automatically
* Allow hotkeys for all skills (way more than 16)
* Show stacked buffs and their remaining time (like cleric's IH)
* Make mount call/stow instant - or at least much faster
Display MoreSuggestions:
Add a list of things that will never be added (such as tideborn)
[Beta]: that's a great idea. On it
Summer chipao please?
If possible, would love to have hairstyle fashion added
Make a dedicated fashion area with NPCs wearing the outfits, each one sells the outfit its wearing
No hyper xp ever please ._.
[Beta]: no hypers in here
Is it possible to adjust rates per level or is it global only? If level is possible, suggest starting at 1x for 20-30 and increase by .1 or .5 every 10 levels thereafter, so that it's still an achievement to level high, but not ridiculous
[Beta]: We're currently just multiplying xp,sp and coins from all quests and mobs by some modifiers. The modifier is constant atm, but we could make it depend on monster or quest lvl. Although I'm not quite sure what problem we are trying to solve here. You're saying it's too easy to lvl up on early levels?
Be able to change jump key
[Beta]: working on it atm
Add interact key, at least for NPCs
[Beta]: not a bad idea. it's doable
Achievements maybe? With small rewards, possibly an exclusive (or 'easy' acquisition) fashion?
[Beta]: it's an interesting concept. Could we do it with custom drops, recipes or custom quests?
Show quest title colour in the tracker
[Beta]: that would be cool, although realistically it's too low priority to be done anytime soon
Longer chat character limit
[Beta]: i'm afraid we can't do that. the chat is already glitchy with smileys and two-line messages and it would be only worse with 3-line messages
Will we have seasonal events, like the snowmen? Suggest to have as many as possible, to keep the game fresh in place of expansions
[Beta]: snowmen event or archo invasions are lame. We can do better
Bigger item stacks in inventory (for instance, herbs max at 100 in inventory but go higher in bank)
Enable all main city tele points by default (Winged Elf Hsi's quest that involves visiting Etherblade sucks without Ether's tele point)
Bugs/Issues:
Quest tracker turns off on login
Skill bar extensions turn off on login
[Beta]: I agree those two are annoying. I could actually try to auto-expand the skill bar, not sure about quest tracker
Can't right click to move items between bank/NPC/etc
When moving same item from inventory to bank, can't stack directly - have to move to empty space THEN stack in inventory
Can't sell water veno spawned with, can't drop it either
[Beta]: That's by design. It's the same water that you get with the original veno questline, isn't it?
Magic Shell seems to be wearing off faster than the rest of the cleric buffs
Used phoenix to kill Elder Tortoise - since it was at the top of the water and reachable by air, figured I'd try it. But it never hit back...
[Beta]: Yup. You can glitch multiple world bosses this way, not only those in water. I don't think I can do anything about it, unless somebody points me to a solution
Apparently a PW Boutique Agent wants to give us a quest, according to the Find Quest button
[Beta]: We'll get rid of those once the quest editor is out. We can't implement a proper list of available quests, so at least the Find Quest button should be reliable.
Please note:
NONE of this is meant to be a demand or anything like that! It's just ideas and things that I think would be good, but are generally not particularly important. I know I list a lot of stuff, it's just because I care about the server and want it to be the best
I'm happy to see posts like this. It means someone cares. Thank you!
That's a good content! See comments below
Display MorePosting here per Entei's instruction
Will be adding to post as I keep playing and think of/find things
Suggestions:
Add basic manual in-a-straight-line autopath (iirc it was alt+click on map)[Beta]: That's doable. This goes to backlog
Mark the level 1-19 quests as having been completed (this might've been done already but the find quest button suggested an NPC I'm fairly sure is from 1-19)[Beta]: Good idea, to be done after the quest editor is out.
Add find quest tab instead of the button[Beta]: Probably not doable with this PW version, sorry
Make quests such as gem merchant exchange, TW stuff, a different colour[Beta]: Agreed. We could try
Make starter mounts random statistically equal, for a bit of variety[Beta]: Agreed
Give small amount of pet food for mounts[Beta]: Okay
Increase hitbox size of NPCs (I keep missing and clicking to move behind them)[Beta]: Tbh I'm not sure if I want to spend a lot of time digging into that, but okay - let's put it in the backlog
Nerf herc/nix a bit - should be more powerful than average, but not massively so[Beta]: That's to be discussed with everyone. It would be a good idea to talk about it on discord, or to create a separate forum thread for this.
Add a pet skill trainer to class trainer areas[Beta]: Okay
Add ping check in game (iirc hover over settings button)[Beta]: Let's put in the backlog
Add mob HP number visibility[Beta]: Let's also put this into the backlog.
Would be easier if we could exchange mats etc for 'premium' currency and buy through boutique - that way it's all central and available everywhere[Beta]: To be discussed with everyone. Personally I don't like the boutique and being able to get some items immediately from the sky
Make a wikia for stuff for this server version (items, quests, etc - I'd be happy to work on this, though I don't have experience making one)
[Beta]: I think we need some time to settle with the content, but eventually a wiki would be great to have.
Add time remaining for status conditions
[Beta]: That goes to backlog as well
Make stats changed by gear a different colour or show +stat next to original number (was deeply confused as to how I had 6 vit despite not assigning any)
[Beta]: Backlog again. Unfortunately, realistically speaking, this is not going to happen
Bugs:
Player HP/MP/XP numbers aren't centred properly
Toggling individual quest tracking doesn't work
[Beta]: Interesting. I didn't have any problems so far. Maybe it's a specific quest that's broken?
Can't change hotkeys (K does nothing, clicking on it doesn't bring anything up either)
[Beta]: To be added.
When a player with a pet out is selected, the icon to switch to their pet doesn't work, and when the pet is selected, the icon to switch to their owner doesn't work either
[Beta] This shouldn't too hard too add, but it goes into the backlog again.
The changes which landed in the "backlog" might need some effort to implement and I probably won't start working on them within the next month or two. There's just a ton of other things to consider first. A lot of those suggestions don't require any changes server side, so I encourage the community to do it though. If anyone shares instructions how exactly to change something I'll be happy to add it.
