Subtle changes, bugs and feedback

Posted on
Page
of 312
  • weird thing happened when I came to the site tonight, clicked on the bookmark (on chrome) and was taken to the microcosm.app page, and the bookmark changed.
    went to google and clicked on the link to regain normality, but weirdness for a moment there.

  • Temporary glitches in the matrix can occur... it happens when the host header is lost for a moment. I've no idea why that happens... but I know what the symptom of it happening is.

  • I've made a few changes to emails that are sent out.

    I'm curious to see if the emails are in any way valuable and whether people click on the links.

    A good chunk of all our costs are email, currently £80 per month for Mailgun outbound emails and rising steadily.

    The tracking code is in the form of query string values in the links of the email like: utm_source=notification&utm_method=email&utm_campaign=new_comment.

    That last bit tells me which email, the first two bits just say "email notifications".

    The tracking is anonymised of course, and I cannot see when you've read email... just when you click a link, and it's purely there to answer a question: Is spending money on email worth it?

    I think it is, but I don't want to spend donations on things that aren't proven to be valuable to you. Data helps prove that one way or the other.

  • Oh, and yesterday all Microcosm sites went fully HTTPS using HSTS.

    This means that every page we serve is now encrypted.

    The only exceptions are CNAME custom domains using Microcosm, where the custom domain isn't on CloudFlare.

    i.e. Islington Cycling Club is on CloudFlare and also HTTPS, but Rapha Cycling Club isn't on CloudFlare and isn't HTTPS.

    HTTPS is basically faster for everyone, because HTTP/2 demands HTTPS and by enabling HTTPS you get HTTP/2 multiplexing for free.

  • Using Firefox: Top left of the screen on most threads in LFGSS, including this one, show a green lock icon with hovertext of "verified by: COMODO CA Limited", but some, like the digital photography thread for example (https://www.lfgss.com/conversations/164646/?offset=13900#comment13097133), show a grey lock with a yellow triangle and hovertext of "this website does not supply identity information"

    Whats going on here? Just curious......

  • Some of the images that people have included in their comments come from HTTP sources and not HTTPS.

    This is called "mixed content warnings", and it's a pain in the arse.

    It will work, but the padlock will warn.

    It's possible to change the Firefox configuration to block such images (mixed content) to remain secure.

  • I see, thanks!

  • Would it be a good thing to have the following page not show replies and mentions by default, but to have a filter so that you could view just replies, or just mentions?

    I've noticed that if one interacts a lot, that the following page fills with those interactions and that makes it less useful for a "Show me things I'm following that have been updated".

  • Just the first two lines of a reply would be better...

  • Really hard to do safely.

    I can't use the raw input of a comment, as it could contain XSS or dodgy HTML.

    Once I've converted a comment to HTML, it's hard to safely chop it in half.

  • I've been making that point since the forum changed - the following page is useless if you are @ replied. Especially since you can end up with three notifications for one post; one that you've been replied to, one that the thread has a new post and a third if someone uses your name in their reply. An opt out from seeing them would make a huge difference to me and maybe to others.

  • It would be different from an opt-out... the default would be the stuff you're following, you'd need to click the filters to specifically see interactions.

  • If the effect is the same, whatever is easiest for you.

  • Having mentions and replies on the same page as followed threads is not something that bothers me, but perhaps separate links at the top for 'Mentions' and 'Replies' would be good?

    (The main change that I'd like to see would be to have only updated threads listed under 'Following', but as discussed recently, that seems to be difficult to do.)

  • The link is http://microcosm.app/out/euKgh and it works well. But it seems an older version of the comment exists which had a broken link,

    Here's another post with a microcosm.app link that doesn't work for me:

    https://www.lfgss.com/comments/13104836/

    Same as earlier--c&p-ing works, clicking the link doesn't. There was also another one a couple of weeks ago, but I can't remember where that was. Is this another one with two versions of a post?

    A little far left relief

    http://www.independent.co.uk/voic­es/jeremy-corbyns-supporters-are-so-dang­erous-they-took-over-labour-before-they-­were-even-born-a7136711.html

    Edit: Even odder, when I click the link in the original post, it doesn't work. When I click the link in this quote above, it does work.

  • That's because the link was a broken one... it had two http://http:// sections.

  • Just got a cloudflare 'checking browser' thing that mentioned DDoS (had it on desktop and mobile), is the forum being attacked?

  • I just got it to (both on mobile and PC), and noticed that it was down for a little bit last night

  • I think LFGSS is under attack and David is using Cloudfare tools to beat it away...

    https://twitter.com/buro9

  • The forum is being attacked.

    It's a layer 7 attack, meaning a web application attack.

    The requests look like this:

    2a02:c7f:624:3500:a889:f9e4:656f:6ccf - - [19/Jul/2016:05:52:12 +0000] "GET /today/?offset=25 HTTP/1.1" 499 0 "https://www.lfgss.com" "Mozilla/5.0 (Windows NT 6.0; rv:47.0) Gecko/20100101 Firefox/47.0"
    

    They nearly all originated from Sky broadband connections (which that IPv6 belongs to) and they have been reported to abuse@sky.com which is the abuse email for Sky http://bgp.he.net/ip/2a02:c7f:624:3500:a889:f9e4:656f:6ccf http://bgp.he.net/AS5607#_whois

    We received between 30-60 HTTP requests per second for /today/?offset=25 from just before midnight BST through to my turning on CloudFlare this morning.

    I'll be adding a rate limiter today to auto block such attacks in future, but in the meantime CloudFlare are handling it.

  • The forum is being attacked.

    Any idea why?

  • Look at us, who wouldn't attack?

  • From just one IP or many IPs in the same range?

    Just one IP and it could just be someone's misconfigured browser or even a buggy script.

  • I would, if I knew how.

  • The forum is being attacked.

    Any idea why?

    Someone wanting #rep back?

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Subtle changes, bugs and feedback

Posted by Avatar for Velocio @Velocio

Actions