News Archive

  • 200 weeks
    Downtime & Server Move

    Hi all. Firstly, apologies for the extended period of unexpected downtime. Obviously any kind of downtime is non ideal, but unexpected is more annoying all around.

    On Friday morning (GMT) we experienced a hardware failure on our database server. To our knowledge there is no data loss of any kind. We have fairly regular backups hosted off-site, regardless. The exact cause isn't entirely clear at this time, but instead of wrestling with trying to get the hardware sorted (it was a dedicated server) we decided that this was a good opportunity to make a server move we've been planning for a long time over to Digital Ocean.

    Read More

    236 comments · 15,370 views

  • 278 weeks
    BBCode updates

    Performance improvements

    Over the last few days I've been working on improving the performance of the BBCode parser. I've managed to implement a few major optimizations, reducing the run time in common cases to around 1/4th to 1/20th compared to the older version. This has reduced total server-side render times on some of the more complicated test pages I've been using to around 50ms–70ms, which should be a noticeable improvement.

    New features

    Opacity

    Read More

    49 comments · 4,893 views

  • 300 weeks
    Recent Changelog

    We've done various unannounced changes of the past few weeks so I thought I'd group up the things we've done so you guys know what's changed.

    • Added account linking page for Patreon / Twitter
    • Added ability to cross post stories, blogs and bookshelf additions to Twitter
    • Added twitter userpage module
    • Added account deletion page
    • Reorganised user toolbar dropdown to better fit more items
    • Added session management page to see logins and active sessions on your account
    • Added new articles system and moved some existing ones into it
    • Redesigned PM page a bit to be cleaner
    • Increased font size in major places across the site to improve readability
    • New cookie consent controls for EU users and updated privacy policy
    • Recommended groups list on groups page - WIP
    • Tooltips in many locations around the site with helpful tips

    Read More

    114 comments · 6,019 views

  • 301 weeks
    Help Articles

    Something I've worked on the last couple of days is adding the ability for us to add arbitrary "articles" to the site which we can use for various things. Sort of an extension on the manual articles we've added in the past like the bbcode page, writing guide, etc.

    So far I've added 3 guides:

    I'd love to know if you guys have any idea for articles that would have helped you out when starting out or anything else that comes to mind.

    65 comments · 5,179 views

  • 329 weeks
    Night Mode

    I've been working on it for ages but only really got the impetus to finish all of it off over the last few days. In the "settings" dropdown at the top on desktop, or the bottom of the slide out bar on mobile you'll find a toggle for night mode. Enjoy!

    Oh, and although I've tried to cover everything there is a 100% chance I've missed styling some things so apologies in advance for any funky pages.

    246 comments · 6,794 views

  • 330 weeks
    Additional Search Update

    Hey folks,

    Over the last few days I've added a few things to the new search system. A lot of people were unhappy with not being able to filter various things as quickly as they used to be able to. To that end, I've added a little filter dropdown to the right of the search box which effectively contains everything the old sidebar used to. It even has some niceties like quick word count filters and a highly rated filter.

    Read More

    132 comments · 5,298 views

  • 330 weeks
    December 2017 Update

    Hey guys, got a whole bunch of updates for you today.

    Tags

    This is a small but important step on our way to the tagging system I envision. The existing way we handled things like characters and genres has all been merged into a single tagging system. That won't result in much difference for you viewing and using the site but it makes it a lot easier to add new tags especially.

    We now have a couple of new tag types: series and warnings.

    The series tag is for identifying what series (franchise) your fanfiction contains. I've added a whole ton of various TV shows, movies, comics, books and games but clearly we will have to add a ton more in the coming future. Stories must also contain one of the four MLP tags which are FIM, EqG, Movie and Comic, as this is a pony fanfic site after all. Feel free to bug me on Discord if you have a requirement for a series to be added.

    Read More

    630 comments · 13,770 views

  • 330 weeks
    Math BBCode tag

    I've added [math] and [mathblock] BBCode tags, which can be used to display formatted math. We've had a few requests for this, particularly for group forum threads and blog posts. Most math-related TeX syntax is supported. (We are currently using MathJax to handle the layout.)

    The documentation from the BBCode guide is repeated below for your convenience.

    Read More

    84 comments · 4,408 views

  • 353 weeks
    Fimfiction API

    If you're not a developer you can probably ignore this post.

    It's been like 6 years, but hey, things take time. The API is currently very WIP still but it's ready for people to get working on in our development chat room.

    API documentation can be found at https://www.fimfiction.net/developers/api/v2/docs and you should join the Discord Chat and PM me to add you to the private API channel and I can help you get started. The functionality is very limited right now but I'm dedicating all my time to it at the moment and would love to have people add their input to the process.

    60 comments · 7,397 views

  • 358 weeks
    New BBCode Tags

    Hey guys,

    One of the features in this new update was reader-side paragraph formatting. This helps improve consistency for readers across the site, especially for those of us who can’t stand reading indented text on a computer screen.

    However, one thing that wasn’t accounted for was the legitimate need for specific indenting of passages and for certain blocks of text to have no paragraph formatting. Some examples would be lyrics and poetry.

    Taking this into account, we have come up with a couple of new tags that remedy this situation which are documented below (copied directly from the bbcode guide)

    [indent] Indent

    The indent tag can be used to, unsurprisingly, indent portions of your text.

    [indent]The indent tag can be used to, unsurprisingly, indent portions of your text.[/indent]

    It also support levels of indenting

    Read More

    168 comments · 6,392 views
Jun
12th
2015

Site Update » Multi Factor Authentication · 10:22pm Jun 12th, 2015

We've actually had this ready to go for like 2 weeks but kept forgetting to deploy it. Smart huh?

Anyway, the site now has multi factor authentication! yay! What does that mean I hear you ask? Well, you can now add an extra level of security to your account by adding an additional login step that requires use of a phone/tablet/other device. It's totally optional though.

The Multi Factor Authentication page explains it further (you can get to this page by going to edit your account and clicking the link on the right). You've probably seen it for things like MMOs, gmail and various other sites and we're delighted to offer it on Fimfiction now as well.

Report knighty · 3,306 views · #mfa #multi factor authentication #security
Comments ( 65 )
Normal
Normal #2 · Jun 12th, 2015 · · ·
Reply

Sounds useful.

ForestPony
ForestPony #3 · Jun 12th, 2015 · · 27 ·
Reply

Great, I'm glad the website now has another useless feature MFA but not a way to search through stories in groups :ajbemused:

Sleepy Panda
Sleepy Panda #4 · Jun 12th, 2015 · · ·
Reply

Not sure if I'd use this, but seems useful.

Posted
Posted #5 · Jun 12th, 2015 · · ·
Reply

Well, you can now add an extra level of security to your account by adding an additional login step

You mean like when I have to log out and log in before I can post comments and repeat any time I close the tab? :trollestia:

Request Failed (0)
Signing Key not found, please log in again

EDIT

Xaquseg was able to determine that the BetterPrivacy addon was causing this issue. It apparently hasn't been updated since 2012. Disabling it fixed the problem immediately. I was recommended to try out Privacy Badge instead as it is currently maintained.

or maybe not.

Bottom Out
Bottom Out #6 · Jun 12th, 2015 · · ·
Reply

Gotta keep them fanfics secure.

Celestias Paladin
Celestias Paladin #9 · Jun 12th, 2015 · · ·
Reply

Welp... kind of useless for me, got meself a Window Phone

Magic Mixer
Magic Mixer #10 · Jun 12th, 2015 · · ·
Reply

Nice addition! :twilightsmile:

Luz
Luz #11 · Jun 12th, 2015 · · ·
Reply

noice

Chaotic Note
Chaotic Note #12 · Jun 12th, 2015 · · ·
Reply

This is pretty great. But unfortunately this probably won't work well for me since I don't have a smartphone or a phone that uses "Apps"

ponygrad
ponygrad #13 · Jun 12th, 2015 · · ·
Reply

Awesome. Rather than listing all the great tagging, grouping, recommendation features to tell people that fimfic is insanely high quality, we can just say "It has fucking two factor authentication. What other fan site has that?"

djthomp
djthomp #14 · Jun 12th, 2015 · · ·
Reply

Impressive work, enabled on my account easy-peasy.

How difficult are the technical details of this to set up? I've been wondering for a while how hard it would be to hook into a 2-factor setup like the Google authenticator for a work-related purpose.

Skeeter The Lurker
Skeeter The Lurker #15 · Jun 12th, 2015 · · ·
Reply

We talking something similar to what Blizzard does?

Edit: Huh, nifty. Alright then.

~Skeeter The Lurker

Spectrumancer
Spectrumancer #16 · Jun 12th, 2015 · · ·
Reply

Fanfic is serious business. :twilightsheepish:

Comment posted by nightmare mist pony deleted Jun 13th, 2015
Xaquseg
Server Administrator
Xaquseg #18 · Jun 12th, 2015 · · ·
Reply

3143029
Quite easy, it's a standard called TOTP, see RFC 6238 for details. It only took us a couple hours to have a functional implementation of the server-side, so it's a nice mostly-free security improvement.

Xaquseg
Server Administrator
Xaquseg #19 · Jun 12th, 2015 · · ·
Reply

3142981
Microsoft Authenticator... although we have not tested this app's compatibility, it should be compatible. If not, please let us know and we'll look into it.

Signia
Signia #20 · Jun 12th, 2015 · · ·
Reply

More security options are always welcome, but I'm rather curious about who this is actually useful for. Maybe some of the bigger authors, I suppose.

Xaquseg
Server Administrator
Xaquseg #21 · Jun 12th, 2015 · · ·
Reply

3143055
Bigger authors, site staff, anyone who is worried about keyloggers or other password guessing attacks, users who login on public computers, etc.

It's not a perfect solution but it makes it a lot harder for someone to steal your account, and it was very easy for us to implement, so we figured we might as well go ahead and implement it so the people who want to use it can. It required minimal changes on our end, the codes are easy to verify.

Signia
Signia #22 · Jun 12th, 2015 · · ·
Reply

3143063
I didn't even consider site staff and I feel like an idiot for it.

Sonik
Sonik #23 · Jun 12th, 2015 · · ·
Reply

Is this required?

sunnypack
sunnypack #24 · Jun 12th, 2015 · · ·
Reply

Oh yes! I love me some extra security.

Xaquseg
Server Administrator
Xaquseg #25 · Jun 12th, 2015 · · ·
Reply

3143090
No it's a 100% optional feature for users who want to take advantage of it.

Celestias Paladin
Celestias Paladin #26 · Jun 12th, 2015 · · ·
Reply

3143047
Forgot about that, well might as well be the gueane pig.

Xaquseg
Server Administrator
Xaquseg #27 · Jun 12th, 2015 · · ·
Reply

3143103
You have to enter a valid code to enable, so it should be hard to lock yourself out.

Abstract Indigo
Abstract Indigo #29 · Jun 13th, 2015 · · ·
Reply

Speaking of security, how are passwords stored these days? Hopefully not salted MD5 (or worse)!

Not that it really matters much for me since my password is randomly generated.

CaptainPipsqueak
CaptainPipsqueak #30 · Jun 13th, 2015 · · ·
Reply

Isn't that kind of excessive?

It's not like we're storing credit card info here.

WhitewolfStormrunner
WhitewolfStormrunner #31 · Jun 13th, 2015 · · ·
Reply

I was going to enable this, but then I thought it over again, and decided not to mess with it. I like the way that I sign in just fine, so this will remain disabled on my account.

I'm happy about it for all of you who want to go through all the rigmarole of messing with, though. I'm not.

It's a good thing for those who want to, though, I guess.

Narrative Style
Narrative Style #32 · Jun 13th, 2015 · · ·
Reply

3142966
Huh. I haven't logged out in months. :pinkiecrazy:

3143100
Thank you! I hate when I log into something and it bugs me about updating this or that extra security that I never use.

Xaquseg
Server Administrator
Xaquseg #33 · Jun 13th, 2015 · · ·
Reply

3143131
We use bcrypt with a salt generated using a proper cryptographic RNG.

Edit: I know you're likely to suggest scrypt, however scrypt is not significantly more secure than bcrypt due to a design flaw. Here's an example attack I found in a few minutes on google: http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html

Estee
Estee #34 · Jun 13th, 2015 · · ·
Reply

Because the one thing we all truly want to do around here is give our phones more control over our lives.

...pass.

Abstract Indigo
Abstract Indigo #35 · Jun 13th, 2015 · · ·
Reply

Also on the subject of security, if you've implemented MFA, have you also considered optional HTTPS?

3143185

Good to know that there's at least one site out there that bothers to use a decent hashing algorithm. I'll have to look up about scrypt's vulnerabilities, but it's nice to see a site that doesn't use MD5/SHA1, or god forbid stores passwords in plaintext.

Taltharius
Taltharius #36 · Jun 13th, 2015 · · ·
Reply

Too bad I don't use a "smart" phone anymore.

Or a tablet. Or anything that qualifies as such, really.

gamexpert1990
gamexpert1990 #37 · Jun 13th, 2015 · · ·
Reply

that requires use of a phone/tablet/other device.

Due to rather limited computer access, I'm practically required to use a phone for Fimfiction anyway. :rainbowwild:

[/lamejoke]

Xaquseg
Server Administrator
Xaquseg #38 · Jun 13th, 2015 · · ·
Reply

3143187
https://www.fimfiction.net/

Logging in from SSL will also auto-lock your session to SSL incl. automatic redirects.

Abstract Indigo
Abstract Indigo #39 · Jun 13th, 2015 · · ·
Reply

3143321

Neat, thanks for that. The more you know!

I NO LONGER EXIST
I NO LONGER EXIST #40 · Jun 13th, 2015 · · 17 ·
Reply

"Blah blah blah, I'm a nerd who knows how to computer! Look at me! Whoosh!"

Dick McKickEm
Dick McKickEm #41 · Jun 13th, 2015 · · ·
Reply

Has stolen accounts ever been a problem? I can see a scriptkiddie dedicated to hating pony trying that, but I've never heard of it actually happening.

Fonypan
Fonypan #42 · Jun 13th, 2015 · · ·
Reply

Has this been enough of a problem for it to be a thing? How often are accounts reported stolen? Why would anyone do that in the first place? What could they possibly be gaining?

Seems like a lot of effort for something like this site.

Cedric Bale
Cedric Bale #43 · Jun 13th, 2015 · · ·
Reply

And now I can add my favorite fanfiction website onto the list of sites that have implemented multi-factor security before my bank.

Why does my bank suck?

knighty
Site Owner
knighty #44 · Jun 13th, 2015 · · ·
Reply

3143421 it took us only a few hours so why not?

Fonypan
Fonypan #45 · Jun 13th, 2015 · · ·
Reply

3143446 Well, okay then.

Octavia Harmony
Octavia Harmony #46 · Jun 13th, 2015 · · ·
Reply

I misread this somehow and thought "multi author stories"? Awesome!

Not to say that additional security isn't awesome, either. I can't help but feel like where authorization might be needed is that an author can "lock" his stories from editing, even from his own account. I feel like that could be the best way of protecting someone's work from being deleted.

CaptainPipsqueak
CaptainPipsqueak #47 · Jun 13th, 2015 · · ·
Reply

3143446

What about allowing us to personalise colour schemes again? After all, you can still do it with stories, and frankly the site's standard colour scheme is kind of drab...

I'd personally like to change it to something a bit darker, if I had the option.

Celestias Paladin
Celestias Paladin #48 · Jun 13th, 2015 · · ·
Reply

3143109
Ok a bit tricky but it looks like it worked

Cedric Bale
Cedric Bale #49 · Jun 13th, 2015 · · ·
Reply

3143494
Do you use Firefox? There's an extension you can get called 'Color That Site!' that basically lets you make your own color scheme for any website you want. I'm sure there's similar extensions for other browsers.

i.imgur.com/Rh6mh0h.png

Crimson Eon
Crimson Eon #50 · Jun 13th, 2015 · · ·
Reply

I won't be using this, mostly cuz my password is unimaginably lame, and I don't have any fics behind my name. (rhyme unintentional)
But its nice to see that you care to keep everything secure.
I'm guessin' you spend at least 10-20% of your time into this site, yes?

Thanks for the awesomesauce btw, I would say that you won an internet, but it seems as if you already have one, a big one at that:twilightsmile:
it would be awesome if we could save blog posts, or fav them... just sayin'... sorry...

Login or register to comment

Stats

Page generated in 0.057 seconds
Total duration
1,073 users online
1,880,101 hits today, 2,561,572 yesterday

• Site Statistics

FIMFiction

My Little Pony: Friendship is Magic Fanfiction
Designed and coded by knighty & Xaquseg - © 2011-2024

• Privacy
• Cookies
• Staff
• Licenses

Follow & Support Us

Support us
SubStar Chat!
Discord Follow us
Twitter

MLP: Friendship is Magic® - © 2024 Hasbro Inc.®
Fimfiction is in no way affiliated with or endorsed by Hasbro Inc.®