Update, 22:30: We've been done for about 30 minutes and haven't seen any issues, so please go ahead and let us know if you notice any problems!
Here's a partial list of changes that will go live with this push:
- Rename swaps will accept rename tokens purchased on either account.
- OpenID community maintainers will be able to edit tags on community entries.
- Adorable new mood theme called "angelikitten's Big Eyes".
- Username tag support for lj.rossia.org.
- Embedded content support for screen.yahoo.com and zippcast.com.
- Additional space on the user profile page to list your Github username.
And as usual, many tweaks, small bugfixes, and the occasional page source rewrite.
We'll update again to let you know when the code push is in progress!
I'll update this entry when we're back, and people can report issues here.
EDIT: New code is live! Please report any issues here.
We're currently having an issue with the image proxy for accessing the site via HTTPS -- images are currently failing to load. We'll have that fixed as soon as we can.
(We're particularly interested in issues with HTTPS browsing; we're getting closer to ironing out all the bugs, but we know it's still not perfect.)
EDIT: If you're not getting the inline reply form -- if you're getting redirected to another page to comment -- please clear your cache and then restart your browser.
PLEASE NOTE: If you're coming to report an entry in your journal not displaying properly, and there's a <table> in the entry (or you're reporting a problem with your journal displaying properly and there's an entry with a <table> somewhere visible on the page): please check the entry's source and make sure the HTML of the table is constructed properly. We've made a change to our HTML cleaner to be more strict about missing tags and tags that were closed in a different order than they were opened. Most of the display problems people have reported have been because a table in an entry was missing closing </td>/</tr>tags!
If the problem hasn't cleared up by tomorrow, then let us know and we'll look into it further!
This is a block at the system level, so there isn't anything you can do to work around it. It's not due to spam filters on your individual account, so whitelisting Dreamwidth in your mail application won't work to fix things this time: these providers are blocking all mail from us, across the board. When a provider makes that kind of block, they don't discuss the exact reasons that led to the blocking, but our best guess is that it's due to a combination of the amount of email we send out (especially email with highly similar subject lines and content, since -- for instance -- a notification of a new comment to an entry quotes the entry) and an uptick in the amount of spam sent to @dreamwidth.org forwarding email addresses, since that forwarded spam can look like we were the ones to send it.
We've gone through the process to request unblocking from the providers directly, but haven't seen any progress there yet. We are, however, actively working on alternate solutions that will reduce the risk of us being identified as spammers in the future -- we ran the first test yesterday and results are looking promising. We'll keep you posted on the progress.
This code push contains some rewrites/conversions of various pages on the site, so things will look a little different than what you're used to. The most obvious change will probably be to the Create Entry page -- it's not a redesign, and things will continue to behave the exact same way they have been, they'll just look a little bit different. Do not adjust the horizontal, do not adjust the vertical.
EDIT: Sorry, mark got started before I could update! We are in the middle of pushing now.
We'll update you again right before we're ready to get started.
We've fixed things, and we're contacting our captcha provider to make sure we don't run into this again in the future.
Thanks all for your patience! And lots of thanks to everyone who reported the issue and all our support people who made sure we developers knew something was up. If you notice any further weirdness, please open a support request and we'll look into it.
I'll be checking in with them and seeing what's up. Sorry about the inconvenience!
EDIT, 2:21PM EST: Payments should be fixed in half an hour to an hour. (Turns out we had to update some information about our payment processor with our payment gateway.) I'll update again when our payment gateway confirms that things are back to good.
EDIT, 3PM EST: Our payment gateway has confirmed that everything's back to normal now. Thanks for your patience, all! I'm sorry about the hassle.
Today another SSL vulnerability was announced. This one is named POODLE and is, while serious, much less serious than the Heartbleed event from some months ago.
Unfortunately, the only real way to fix the problem is to disable something called "SSLv3" entirely. Basically, this means that we instruct our servers that they are no longer allowed to speak version 3 of the SSL protocol (you can think of it as a language -- we ban this language from our servers). It turns out this is generally OK since most browsers don't actually speak using SSLv3 these days -- you actually use what's called TLS, which is a more modern, better way of protecting the stuff you send across the Internet.
The SSLv3 protocol is actually around 15 years old at this point, and TLS has been out so long that nearly every browser out there supports it. However, shutting off SSLv3 does mean that very old browsers -- IE6, for one -- can no longer talk to Dreamwidth using encryption. In this case, since the encryption wouldn't actually mean anything, we think it's better to not even pretend that it works.
I will be making this change sometime in the next hour or three. This really should impact almost none of you, but there might be one or two and, in that case, I'm sorry. We think it's better to do this so you know you're not actually secure than to let Dreamwidth pretend to be secure.
Edit: This has been deployed. SSLv3 is disabled on Dreamwidth.
Comments and questions welcome, as always!
We had a brief outage this morning. The cause was an (unexpected) policy change by our DNS provider, Dyn, deciding to shut us off. They had to roll back the change for unrelated reasons so we were back online, but it does mean that we need to migrate off of their service.
ETA: The policy change was that, for about 10 years now -- as long as I've been using Dyn! -- they had no usage/quota limits on their DNS service. Given that DNS requests are tiny and easy to serve, this made sense. They made a business decision recently to establish some (rather tiny) quotas. We're ... quite in excess of them (by some 15,000%) and we don't want to pay in excess of $500 USD/month for DNS service. Amazon's price is 10% of that. They probably tried to contact us, but I don't recall seeing any emails. Anyway, that's it; it's nothing particularly nefarious.
We will be moving our DNS service to Amazon's Route53 service. This kind of migration is fairly easy technically, but if there are problems it will probably mean Dreamwidth will be offline until they can be resolved. And, given the nature of how DNS works, it means that any outage will probably be measured in hours rather than minutes.
I've done my best to ensure that the changeover will go smoothly. If anything happens, though, we'll be on our dreamwidth account to keep everybody apprised of the progress.
The switch will be flipped around 3:30pm PDT / 2230 UTC today, this is in about 90 minutes.
EDIT: Code has been pushed. Let us know if you encounter any problems! A list of the (many) bugfixes included in this push will be forthcoming.
This push will almost entirely consist of a (very large!) number of fixes for the mobile-friendly styles project, and should fix most of the remaining outstanding issues people have reported.
(The site may be a bit sluggish for the next 20 minutes or so while the caches warm back up -- you don't have to tell us about that!)
An update was posted to dw_news slightly before 0830 EST (see in your time zone). Comment notifications may be delayed for up to an hour or two, due to the high volume of notifications generated by each news post. Please don't worry about missing notifications until at least 1030 EST.