News Archive

  • 192 weeks
    Downtime & Server Move

    Hi all. Firstly, apologies for the extended period of unexpected downtime. Obviously any kind of downtime is non ideal, but unexpected is more annoying all around.

    On Friday morning (GMT) we experienced a hardware failure on our database server. To our knowledge there is no data loss of any kind. We have fairly regular backups hosted off-site, regardless. The exact cause isn't entirely clear at this time, but instead of wrestling with trying to get the hardware sorted (it was a dedicated server) we decided that this was a good opportunity to make a server move we've been planning for a long time over to Digital Ocean.

    Read More

    236 comments · 15,250 views
  • 270 weeks
    BBCode updates

    Performance improvements

    Over the last few days I've been working on improving the performance of the BBCode parser. I've managed to implement a few major optimizations, reducing the run time in common cases to around 1/4th to 1/20th compared to the older version. This has reduced total server-side render times on some of the more complicated test pages I've been using to around 50ms–70ms, which should be a noticeable improvement.

    New features

    Opacity

    Read More

    49 comments · 4,823 views
  • 292 weeks
    Recent Changelog

    We've done various unannounced changes of the past few weeks so I thought I'd group up the things we've done so you guys know what's changed.

    • Added account linking page for Patreon / Twitter
    • Added ability to cross post stories, blogs and bookshelf additions to Twitter
    • Added twitter userpage module
    • Added account deletion page
    • Reorganised user toolbar dropdown to better fit more items
    • Added session management page to see logins and active sessions on your account
    • Added new articles system and moved some existing ones into it
    • Redesigned PM page a bit to be cleaner
    • Increased font size in major places across the site to improve readability
    • New cookie consent controls for EU users and updated privacy policy
    • Recommended groups list on groups page - WIP
    • Tooltips in many locations around the site with helpful tips

    Read More

    114 comments · 5,952 views
  • 293 weeks
    Help Articles

    Something I've worked on the last couple of days is adding the ability for us to add arbitrary "articles" to the site which we can use for various things. Sort of an extension on the manual articles we've added in the past like the bbcode page, writing guide, etc.

    So far I've added 3 guides:

    I'd love to know if you guys have any idea for articles that would have helped you out when starting out or anything else that comes to mind.

    65 comments · 5,131 views
  • 321 weeks
    Night Mode

    I've been working on it for ages but only really got the impetus to finish all of it off over the last few days. In the "settings" dropdown at the top on desktop, or the bottom of the slide out bar on mobile you'll find a toggle for night mode. Enjoy!

    Oh, and although I've tried to cover everything there is a 100% chance I've missed styling some things so apologies in advance for any funky pages.

    246 comments · 6,705 views
  • 322 weeks
    Additional Search Update

    Hey folks,

    Over the last few days I've added a few things to the new search system. A lot of people were unhappy with not being able to filter various things as quickly as they used to be able to. To that end, I've added a little filter dropdown to the right of the search box which effectively contains everything the old sidebar used to. It even has some niceties like quick word count filters and a highly rated filter.

    Read More

    132 comments · 5,230 views
  • 322 weeks
    December 2017 Update

    Hey guys, got a whole bunch of updates for you today.

    Tags

    This is a small but important step on our way to the tagging system I envision. The existing way we handled things like characters and genres has all been merged into a single tagging system. That won't result in much difference for you viewing and using the site but it makes it a lot easier to add new tags especially.

    We now have a couple of new tag types: series and warnings.

    The series tag is for identifying what series (franchise) your fanfiction contains. I've added a whole ton of various TV shows, movies, comics, books and games but clearly we will have to add a ton more in the coming future. Stories must also contain one of the four MLP tags which are FIM, EqG, Movie and Comic, as this is a pony fanfic site after all. Feel free to bug me on Discord if you have a requirement for a series to be added.

    Read More

    630 comments · 13,725 views
  • 322 weeks
    Math BBCode tag

    I've added [math] and [mathblock] BBCode tags, which can be used to display formatted math. We've had a few requests for this, particularly for group forum threads and blog posts. Most math-related TeX syntax is supported. (We are currently using MathJax to handle the layout.)

    The documentation from the BBCode guide is repeated below for your convenience.

    Read More

    84 comments · 4,349 views
  • 345 weeks
    Fimfiction API

    If you're not a developer you can probably ignore this post.

    It's been like 6 years, but hey, things take time. The API is currently very WIP still but it's ready for people to get working on in our development chat room.

    API documentation can be found at https://www.fimfiction.net/developers/api/v2/docs and you should join the Discord Chat and PM me to add you to the private API channel and I can help you get started. The functionality is very limited right now but I'm dedicating all my time to it at the moment and would love to have people add their input to the process.

    60 comments · 7,301 views
  • 350 weeks
    New BBCode Tags

    Hey guys,

    One of the features in this new update was reader-side paragraph formatting. This helps improve consistency for readers across the site, especially for those of us who can’t stand reading indented text on a computer screen.

    However, one thing that wasn’t accounted for was the legitimate need for specific indenting of passages and for certain blocks of text to have no paragraph formatting. Some examples would be lyrics and poetry.

    Taking this into account, we have come up with a couple of new tags that remedy this situation which are documented below (copied directly from the bbcode guide)


    [indent] Indent

    The indent tag can be used to, unsurprisingly, indent portions of your text.

    [indent]The indent tag can be used to, unsurprisingly, indent portions of your text.[/indent]

    It also support levels of indenting

    Read More

    168 comments · 6,348 views
Jun
12th
2015

Site Update » Multi Factor Authentication · 10:22pm Jun 12th, 2015

We've actually had this ready to go for like 2 weeks but kept forgetting to deploy it. Smart huh?

Anyway, the site now has multi factor authentication! yay! What does that mean I hear you ask? Well, you can now add an extra level of security to your account by adding an additional login step that requires use of a phone/tablet/other device. It's totally optional though.

The Multi Factor Authentication page explains it further (you can get to this page by going to edit your account and clicking the link on the right). You've probably seen it for things like MMOs, gmail and various other sites and we're delighted to offer it on Fimfiction now as well.

Comments ( 65 )

Sounds useful.

Great, I'm glad the website now has another useless feature MFA but not a way to search through stories in groups :ajbemused:

Not sure if I'd use this, but seems useful.

Well, you can now add an extra level of security to your account by adding an additional login step

You mean like when I have to log out and log in before I can post comments and repeat any time I close the tab? :trollestia:

Request Failed (0)
Signing Key not found, please log in again

EDIT

Xaquseg was able to determine that the BetterPrivacy addon was causing this issue. It apparently hasn't been updated since 2012. Disabling it fixed the problem immediately. I was recommended to try out Privacy Badge instead as it is currently maintained.

or maybe not.

Gotta keep them fanfics secure.

Welp... kind of useless for me, got meself a Window Phone

Nice addition! :twilightsmile:

Luz

noice

This is pretty great. But unfortunately this probably won't work well for me since I don't have a smartphone or a phone that uses "Apps"

Awesome. Rather than listing all the great tagging, grouping, recommendation features to tell people that fimfic is insanely high quality, we can just say "It has fucking two factor authentication. What other fan site has that?"

Impressive work, enabled on my account easy-peasy.

How difficult are the technical details of this to set up? I've been wondering for a while how hard it would be to hook into a 2-factor setup like the Google authenticator for a work-related purpose.

We talking something similar to what Blizzard does?

Edit: Huh, nifty. Alright then.

~Skeeter The Lurker

Fanfic is serious business. :twilightsheepish:

Comment posted by nightmare mist pony deleted Jun 13th, 2015
Xaquseg
Server Administrator

3143029
Quite easy, it's a standard called TOTP, see RFC 6238 for details. It only took us a couple hours to have a functional implementation of the server-side, so it's a nice mostly-free security improvement.

Xaquseg
Server Administrator

3142981
Microsoft Authenticator... although we have not tested this app's compatibility, it should be compatible. If not, please let us know and we'll look into it.

More security options are always welcome, but I'm rather curious about who this is actually useful for. Maybe some of the bigger authors, I suppose.

Xaquseg
Server Administrator

3143055
Bigger authors, site staff, anyone who is worried about keyloggers or other password guessing attacks, users who login on public computers, etc.

It's not a perfect solution but it makes it a lot harder for someone to steal your account, and it was very easy for us to implement, so we figured we might as well go ahead and implement it so the people who want to use it can. It required minimal changes on our end, the codes are easy to verify.

3143063
I didn't even consider site staff and I feel like an idiot for it.

Is this required?

Oh yes! I love me some extra security.

Xaquseg
Server Administrator

3143090
No it's a 100% optional feature for users who want to take advantage of it.

3143047
Forgot about that, well might as well be the gueane pig.

Xaquseg
Server Administrator

3143103
You have to enter a valid code to enable, so it should be hard to lock yourself out.

Speaking of security, how are passwords stored these days? Hopefully not salted MD5 (or worse)!

Not that it really matters much for me since my password is randomly generated.

Isn't that kind of excessive?

It's not like we're storing credit card info here.

I was going to enable this, but then I thought it over again, and decided not to mess with it. I like the way that I sign in just fine, so this will remain disabled on my account.

I'm happy about it for all of you who want to go through all the rigmarole of messing with, though. I'm not.

It's a good thing for those who want to, though, I guess.

3142966
Huh. I haven't logged out in months. :pinkiecrazy:

3143100
Thank you! I hate when I log into something and it bugs me about updating this or that extra security that I never use.

Xaquseg
Server Administrator

3143131
We use bcrypt with a salt generated using a proper cryptographic RNG.

Edit: I know you're likely to suggest scrypt, however scrypt is not significantly more secure than bcrypt due to a design flaw. Here's an example attack I found in a few minutes on google: http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html

Because the one thing we all truly want to do around here is give our phones more control over our lives.

...pass.

Also on the subject of security, if you've implemented MFA, have you also considered optional HTTPS?

3143185

Good to know that there's at least one site out there that bothers to use a decent hashing algorithm. I'll have to look up about scrypt's vulnerabilities, but it's nice to see a site that doesn't use MD5/SHA1, or god forbid stores passwords in plaintext.

Too bad I don't use a "smart" phone anymore.

Or a tablet. Or anything that qualifies as such, really.

that requires use of a phone/tablet/other device.

Due to rather limited computer access, I'm practically required to use a phone for Fimfiction anyway. :rainbowwild:

[/lamejoke]

Xaquseg
Server Administrator

3143187
https://www.fimfiction.net/

Logging in from SSL will also auto-lock your session to SSL incl. automatic redirects.

3143321

Neat, thanks for that. The more you know!

"Blah blah blah, I'm a nerd who knows how to computer! Look at me! Whoosh!"

Has stolen accounts ever been a problem? I can see a scriptkiddie dedicated to hating pony trying that, but I've never heard of it actually happening.

Has this been enough of a problem for it to be a thing? How often are accounts reported stolen? Why would anyone do that in the first place? What could they possibly be gaining?

Seems like a lot of effort for something like this site.

And now I can add my favorite fanfiction website onto the list of sites that have implemented multi-factor security before my bank.

Why does my bank suck?

knighty
Site Owner

3143421 it took us only a few hours so why not?

3143446 Well, okay then.

I misread this somehow and thought "multi author stories"? Awesome!

Not to say that additional security isn't awesome, either. I can't help but feel like where authorization might be needed is that an author can "lock" his stories from editing, even from his own account. I feel like that could be the best way of protecting someone's work from being deleted.

3143446

What about allowing us to personalise colour schemes again? After all, you can still do it with stories, and frankly the site's standard colour scheme is kind of drab...

I'd personally like to change it to something a bit darker, if I had the option.

3143109
Ok a bit tricky but it looks like it worked

3143494
Do you use Firefox? There's an extension you can get called 'Color That Site!' that basically lets you make your own color scheme for any website you want. I'm sure there's similar extensions for other browsers.

i.imgur.com/Rh6mh0h.png

I won't be using this, mostly cuz my password is unimaginably lame, and I don't have any fics behind my name. (rhyme unintentional)
But its nice to see that you care to keep everything secure.
I'm guessin' you spend at least 10-20% of your time into this site, yes?

Thanks for the awesomesauce btw, I would say that you won an internet, but it seems as if you already have one, a big one at that:twilightsmile:
it would be awesome if we could save blog posts, or fav them... just sayin'... sorry...

Login or register to comment