karzilla: a green fist above the word SMASH! (Default)
Karzilla, Destroyer of Bugs ([staff profile] karzilla) wrote in [site community profile] dw_maintenance2017-04-30 08:48 pm
  • Add Memory
  • Share This Entry

Code push imminent!

We're about to pull the lever on tonight's code push! Many of the changes we are making to the site are under-the-hood improvements, but these are the ones you are more likely to notice:

  • New account setting option for RP accounts, for future feature development.
  • Many more sites upgraded to use HTTPS links instead of relying on our SSL proxy.
  • Moved the Manage Icons page to /manage/icons and modernized the underlying code.
  • Increased the size limit for icon descriptions from 120 to 300 characters.
  • Various requested fixes for the image upload/management pages.
  • Improved processing of emailed entries for changes to entry security.
  • Improved processing of emailed comments for removal of quoted text.
  • Reading page with date filter now has previous / next day links.
  • Banned users hidden by default on the Manage Circle page.
  • Most importer failure messages will now include the name of the journal being imported, for the benefit of users running multiple imports.
  • People who read the RSS/Atom feed of your journal will see correct entry links and embedded content.
  • Whitelist embeds from: coub.com, airtable.com, mixcloud.com
  • New <user> tag sites: medium.com, imzy.com, facebook.com, instagram.com
  • New "other site" fields on user profiles: Imzy, Instagram

Once the code push starts, you may notice that the site is slow to respond, but it should remain available to use unless something goes badly wrong.

I'll update this post when the code push is finished. Stay tuned!

Update: All done! Let us know if anything seems more wrong than usual!

Flat | Top-Level Comments Only
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-05-01 05:50 am (UTC)(link)

Tying accounts together/quick-switch between main/alt accounts like that has been On The List for a while, but every time we dig into it to start thinking about how to implement, we run into a bunch of "how should it work" scenarios that people disagree really hard on. It's not impossible, we just gotta have the extensive, exhaustive, knock-down-drag-out argument once and for all first. ;)

(Also, we have to be REALLY CAREFUL that we don't incentivize security risks -- like, if we allow an alt account to have access to certain paid features if the main account is paid, that motivates people to add their account as an alt to a friend's account to share certain features, etc.)

Edited 2017-05-01 05:52 (UTC)

[personal profile] motherboxes 2017-05-01 05:58 am (UTC)(link)
That is a good point. I know with the unofficial jugger/login, you need to type in the username and password initially when adding the account to your list to be able to switch between them. I wasn't even considering the idea of friends etc getting access either, just more per computer or something. I know not all of my accounts are paid and I'd never expect a perk like getting paids for every single account I have just because one or three out of my however many are paid.

...Yeah I can see how this might take some back and forth now. :la
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-05-01 06:06 am (UTC)(link)
Yep, it'd be super easy on the technical level to make it possible to quick-switch accounts with a drop-down (I mean, it's how people manage communities they're an admin of), but the devil's in the details, as the saying goes. Every time someone sits down to take a stab at a spec, we come up with more weird edge cases that wind up eventually devolving into "argh, we don't have the energy to fight this out right now", heh.

(I like to joke to Mark that he's in charge of spotting technical problems before they happen and I'm in charge of spotting social problems/bad incentives/how people will abuse a thing before it happens)
Edited 2017-05-01 06:07 (UTC)

[personal profile] motherboxes 2017-05-01 06:09 am (UTC)(link)
I was only thinking of quick-switch with drop down, that's all it is for lj login/juggler, honestly.

But even if this takes a while it is good that you are considering potential security measures around it! Even if that might also be frustrating and I'm sure you don't...want to have to sit there and think 'okay but here is how people can abuse this feature, guys!'
Edited 2017-05-01 06:10 (UTC)
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-05-01 06:27 am (UTC)(link)
Honestly, after 15 years of doing this shit, I don't even have to think about it very hard. When other sites release a new feature (*cough* I'm looking at you, Twitter *cough*) I usually have at least half a dozen "okay, this is how it's going to be a shitshow" things leap to mind immediately.

And, I mean, I say "argument", but it's less "argument" and more like just fifteen billion iterations of nitpicking the hell out of something to harden it against the immediately obvious abuse vectors until everyone's satisfied that we've thought of everything. It's not an unpleasant process! Just a loooooooot of work, heh.

[personal profile] motherboxes 2017-05-01 08:07 am (UTC)(link)
I don't use Twitter but I imagine that and Facebook at least....yeah.

But no, I get it! Really. Things often sound simple on paper and then you go into more detail/security stuff surrounding the idea and I imagine it ends up more than we might anticipate in actually doing it. I'm just glad to hear it is actually something you guys have been considering officially already. It means I'm not totally off the mark on this idea/suggestion even if we have a work around already, unofficially.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-05-01 08:11 am (UTC)(link)

It was actually one of the things I had on The List before we even launched DW! ...eight years ago, heh. 

[personal profile] motherboxes 2017-05-01 08:16 am (UTC)(link)
Hey, if it has been on the list that long, it's obviously something you still intend to do? You'll get there! I know something like this isn't necessarily as huge a priority with other bugs etc to deal with over time that come up. Honestly, I just like hearing each time on the improvements you guys do and that you take our suggestions into consideration and listen to us and what we think.
impossibilities: (Cheerful)

[personal profile] impossibilities 2017-05-01 01:19 pm (UTC)(link)
Linking to alt accounts of friends could be averted just by requiring the two accounts to have the same email address, but that'd mess up some of our rp gmail+character@gmail.com setups unless there's a way around that :|a

denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-05-02 01:40 pm (UTC)(link)

Yeah, our "do these two accounts have the same email" check already deals with +filtering, but the problem with just a plain same-email check is it encourages you (generic you!) to confirm your friend's email address on your account, thus making it horribly insecure (since any confirmed email can receive a password reset link) -- that's what I mean by "perverse incentives"...

Flat | Top-Level Comments Only