Xaquseg is the system administrator for FIMFiction, as well as various misc. development, especially related to security. Non-technical problems are probably best asked to other staff members.
Hi all. Firstly, apologies for the extended period of unexpected downtime. Obviously any kind of downtime is non ideal, but unexpected is more annoying all around.
On Friday morning (GMT) we experienced a hardware failure on our database server. To our knowledge there is no data loss of any kind. We have fairly regular backups hosted off-site, regardless. The exact cause isn't entirely clear at this time, but instead of wrestling with trying to get the hardware sorted (it was a dedicated server) we decided that this was a good opportunity to make a server move we've been planning for a long time over to Digital Ocean.
Over the last few days I've been working on improving the performance of the BBCode parser. I've managed to implement a few major optimizations, reducing the run time in common cases to around 1/4th to 1/20th compared to the older version. This has reduced total server-side render times on some of the more complicated test pages I've been using to around 50ms–70ms, which should be a noticeable improvement.
We've done various unannounced changes of the past few weeks so I thought I'd group up the things we've done so you guys know what's changed.
Something I've worked on the last couple of days is adding the ability for us to add arbitrary "articles" to the site which we can use for various things. Sort of an extension on the manual articles we've added in the past like the bbcode page, writing guide, etc.
So far I've added 3 guides:
I'd love to know if you guys have any idea for articles that would have helped you out when starting out or anything else that comes to mind.
I've been working on it for ages but only really got the impetus to finish all of it off over the last few days. In the "settings" dropdown at the top on desktop, or the bottom of the slide out bar on mobile you'll find a toggle for night mode. Enjoy!
Oh, and although I've tried to cover everything there is a 100% chance I've missed styling some things so apologies in advance for any funky pages.
Hey folks,
Over the last few days I've added a few things to the new search system. A lot of people were unhappy with not being able to filter various things as quickly as they used to be able to. To that end, I've added a little filter dropdown to the right of the search box which effectively contains everything the old sidebar used to. It even has some niceties like quick word count filters and a highly rated filter.
Hey guys, got a whole bunch of updates for you today.
This is a small but important step on our way to the tagging system I envision. The existing way we handled things like characters and genres has all been merged into a single tagging system. That won't result in much difference for you viewing and using the site but it makes it a lot easier to add new tags especially.
We now have a couple of new tag types: series and warnings.
The series tag is for identifying what series (franchise) your fanfiction contains. I've added a whole ton of various TV shows, movies, comics, books and games but clearly we will have to add a ton more in the coming future. Stories must also contain one of the four MLP tags which are FIM, EqG, Movie and Comic, as this is a pony fanfic site after all. Feel free to bug me on Discord if you have a requirement for a series to be added.
I've added [math]
and [mathblock]
BBCode tags, which can be used to display formatted math. We've had a few requests for this, particularly for group forum threads and blog posts. Most math-related TeX syntax is supported. (We are currently using MathJax to handle the layout.)
The documentation from the BBCode guide is repeated below for your convenience.
If you're not a developer you can probably ignore this post.
It's been like 6 years, but hey, things take time. The API is currently very WIP still but it's ready for people to get working on in our development chat room.
API documentation can be found at https://www.fimfiction.net/developers/api/v2/docs and you should join the Discord Chat and PM me to add you to the private API channel and I can help you get started. The functionality is very limited right now but I'm dedicating all my time to it at the moment and would love to have people add their input to the process.
Hey guys,
One of the features in this new update was reader-side paragraph formatting. This helps improve consistency for readers across the site, especially for those of us who can’t stand reading indented text on a computer screen.
However, one thing that wasn’t accounted for was the legitimate need for specific indenting of passages and for certain blocks of text to have no paragraph formatting. Some examples would be lyrics and poetry.
Taking this into account, we have come up with a couple of new tags that remedy this situation which are documented below (copied directly from the bbcode guide)
[indent]
IndentThe indent tag can be used to, unsurprisingly, indent portions of your text.
[indent]The indent tag can be used to, unsurprisingly, indent portions of your text.[/indent]
It also support levels of indenting
Page generated in 0.083 seconds
Total duration
790 users online
1,218,582 hits today, 2,054,621 yesterday
My Little Pony: Friendship is Magic Fanfiction
Designed and coded by knighty & Xaquseg - © 2011-2024
Support us
SubStar
Chat!
Discord
Follow us
Twitter
MLP: Friendship is Magic® - © 2024 Hasbro Inc.®
Fimfiction is in no way affiliated with or endorsed by Hasbro Inc.®
Wooo!
More secure!
~Skeeter The Lurker
Sweet!
cool! I'll say that to hide the fact I have idea what this does.
Nice.
Excellent.
And could you explain that to those of us that are not tech savvy, please? lol
Tell it like you're trying to explain it to a Neanderthal or a Marine
...Could someone who actually understands this explain what it means, please?
4466953
Before only some users were using encryption to access the site, now all users are using encryption to access the site.
Wow, thanks for the update... I'm surprised I didn't notice the switch. :\
But that's cool. It should make things better all around, security wise. ^^
what does it mean please
4466962
So, in short: Encryption went from 'optional', to 'mandatory', correct?
4466970
4466972 i know what does that mean i'm sorry if i'm not getting it
4466973
Basically means the site has less of a chance of being taken down by illegal means.
4466962 I'll confess that I was among the some who were not using encryption access (using http instead of https), mostly out of a habit of leaving a bunch of tabs open and not wanting to go through the effort of re-finding all of them under the encrypted version of the site.
But now I've just noticed that every time I try to go an http page, it automatically redirects me to the https version. In other words, all the tabs I have open can now be switched over to the encrypted version simply by refreshing the pages, so that'll make this change a lot easier for me to deal with.
4466974 oh okay thanks i needed to know thats good i guess
I'm secure in the knowledge that the level of security on this site can lay all my insecurities to rest.
Yay. More security.
orig01.deviantart.net/df40/f/2012/004/0/9/rarity_is_watching_you_by_ppppppppp22-d4lcbz7.png
4466980 oh my god
I've been using HTTPS from the beginning, I'm surprised it took this long for it to be automatic.
I have no idea what the hell that means, BUT IT MAKES ME FEEL 20% SAFER!!!!
derpicdn.net/img/2016/6/14/1178409/thumb.png
....It wasn't before?
(HTTPS Everywhere woohoo!)
4466976 Security protocol meaning initial log on between your computer and the website has an individual encryption coding put on all back and forth data. The idea being no-one can eavesdrop or tamper with it in between. Notice the url title on this page now starts with https instead of http. Mainly this is to protect your name and other private details from being taken for identity theft. So it's a good move.
4467005 thanks for explaining
Great change.
Anyone else still unsure this is the page for Firefox explaining it in more detail for their browser but the basics should hold true for all browsers.
mixed content for Firefox
4466994 Just spotted you here, just a heads up for interest.
Nice! Thanks, site staff!
lithl.info/images/partially-secure.jpg
Time for an SSL image proxy next! (He says while linking to a non-secure static file host.)
4466953
4466960
4466961
4466970
4466994
It provides reasonable protection against an actor from reading the information you're transmitting (eg, your account password), or from hijacking your connection to the website and serving you something different.
It doesn't even necessarily have to be technically malicious. For example, some wireless networks will attempt to hijack your connection in order to insert their own ads on the pages you visit. They can't do that on HTTPS.
However, HTTPS does not prevent someone from getting the IP of the website you go to, and that can be trivially matched to the website itself. So bad guys can still know you're reading horsewords, they just don't know which ones and can't steal your account info over the network.
Neat.
4467039 Thanks!
This does not mean we can change passes to 123456 now or the what not, it just means https everywhere is not nessiceary.
When you realize that before this change somebody could potentially see what clopfics you were reading
It didn't work. I'm still insecure.
Righto. Thanks, lads. But it does not say I am secure, unlike before.
Jolly Good.
'kay.
Nice! It's always good to see better security features implemented.
Well, that explains the random crash last night.
Hrm. Firefox is claiming now that parts of the site are not secure.
We do have plans to resolve the mixed content warnings caused by images over http, but those don't create very many security risks, so it's not a large enough issue to delay this change.
I've always wondered what the difference between Http and Https was
Hopefully it turns out for the better.
At least It should. It's important and nothing too major just some harmless coding updates.
That or FimFic Skynet happens.
4467132
https://www.instantssl.com/ssl-certificate-products/https.html
when everyone is a https... no one is.
vignette2.wikia.nocookie.net/villains/images/2/26/PDVD_093.png/revision/latest?cb=20120411225423
4467119 Maybe it doesn't create too much of a security risk, but privacy...
Anyway, thanks for doing this; I couldn't tell you how many times I'd be on this site and realize I forgot to type https!
4467187
It's only a privacy risk vs. not having mixed content. This change does not reduce user privacy, there's just more we can do to improve it.
4467119
Comments like those are just daring someone to launch something like a CSRF attack.
I linked to an image on lithl.info earlier. I have root on lithl.info, and I could easily reconfigure it from serving static content to serving dynamic content, then write a malicious script and have the previously linked image execute that script any time someone views the image. It helps that the image isn't actually being added to the DOM until someone clicks the URL, but that just means the malicious image won't execute on page load, and it doesn't stop a malicious image in a blog post or story chapter.
It's one thing to allow mixed content on your page. Publicly dismissing the danger of mixed content is something else entirely.
4467193
<img> tags cannot execute client-side code, anything that is not an image is rejected by the browser. Additionally, images are the only resource the browser will allow a https: page to load off an http: domain.
What you are describing is the danger of cross-site resource inclusion, which is an entirely different problem. Additionally, you are describing XSS, not CSRF.
The two things you can do with the image included over http that wouldn't be possible if it was https are:
1. Observe the image being loaded if you can passively snoop on the user's internet connection, possibly identifying which page they loaded based on the URL of the image requested.
2. Replace the image with another image if you can actively modify the user's internet traffic.
4467191
I may have phrased that badly; I didn't mean to imply that you'd somehow created a privacy risk, sorry for making it sound like I was