Just a note on what’s going on, although I’m sure I’ll accidentally omit your personal peeve/issue, so pre-omission apologies to all!
Due to an array of issues culminating with family in town, I had to cut short the final tweaks last week, and thus postponed the final test. I’m just getting back into gear after a nice holiday and should launch the final test tomorrow, Wednesday at the latest. The final test is anticipated to be the acceptance test, and so we’ll go live shortly after its conclusion. Should more than minor tweaks be necessary, it will take a bit more time.
The following list includes many details on what’s going on with the site design. Note that these changes are not in the live site you currently see, unless otherwise mentioned:
- The existing comment system is not going away. The new system was too radical a departure from what we’ve grown to love at Balloon Juice. Some of its features, including subscribing to a post’s comments, or to replies to your comment, were interesting to most testers, so I’ve enabled something like that in our current comment system.For some this is good, others no so good. One issue the new system was to address was FYWP eating comments (not moderation!) and the occasional duplication/triplication. So those choice aspects of Balloon Juice should endure for a while longer!
- Some other enhancements and some speedups regarding comments are also included.
- The “page number” function at the bottom of the page is fixed.
- The theme files have been updated to address a number of issues. I am testing the most recent update, released Friday, so we’ll be good for site updates for a long time.
- We have instituted a git software repository for the site. This will allow us to immediately undo changes to the site such as updated theme files and plugins if they overwrite our customizations. This also means that the site’s backend is organized in a standard interface which will make it so much easier for others in the future to deal with it.
- Numerous styling issues solved.
- Right column is no longer acting weird.
- Left column of blank space is much narrower.
- The site is now resizing, etc. correctly.
- A number of plugins have been disabled and/or removed, making the site more secure, and load faster.
- The bad new: as of this time, the “back” function is not working on the test server. It’s an issue in the theme and I’m now in week 3 of dealing with their support folks and still nowhere. I am committed to getting this solved but it’s the theme maker taking their time giving us a solution.
Issues with the current live site
Last week a few issues happened and they might be related. We’re still investigating. Here are some current issues:
- The site was effectively down for a few hours. This was due to an HTML flood attack and was blocked once it was identified.
- One or more users saw some weird SSL certificate warnings (not related to identity, but about how our SSL certificate was for mail.google.com.
- One or more harassers came to visit. Working on that. Might be source of #1
- One or more commenters was having comments eaten – not put into moderation, but off into the aether, never to be seen.
- The “other things you might like” function at the bottom of posts with tags was incorrectly configured so it was disabled. It will return.
- Many users report an issue with the SSL certificate – it does not verify identity. This is correct for now; we’re using a free certificate and that’s what it is, it encrypts but doesn’t guarantee that www.balloon-juice.com is really Balloon Juice.If this were a company, you’d want to be sure that you were shopping at the real Amazon.com, for example, so it’s important for them to prove their identity. I hope to enable the really cool Let’s Encrypr git and generate our own SSL certificates in the future, but for now, we’re using our current setup. Our main goal is achieved – the site’s traffic in encrypted between the Balloon Juice server and your web browser, so no one can directly snoop on what you’re reading or writing.
Wordwide WordPress Issues
Over the past few weeks, a number of media and professional WordPress sites have been compromised.
One way into these sites is bad programming in plugins and themes that allows attacks.Recently, I’ve removed a number of “heritage” plugins that are ancient and not maintained, as well as plugins that we’re not using. Should we need them later, it’s easy to add them back in. The theme files are updated as new versions are released, which has been, but will not remain, an issue.
Many WordPress sites, some from well-known companies, as well as non-WordPress sites were co-opted by ads with nasty stuff in them. Ads that, when shown on certain computers running old browsers or operating systems, and without good anti-malware software, installed a number of nasty programs including ransomware that holds your files hostage until you send the makers bitcoins.
Balloon Juice runs ads from Google and one other company; we do not accept advertising from a number of other sources, and this policy serves you, the user, well. But be warned – should you be running Windows XP or a similarly outdated operating system/browser, plan to upgrade in the next few months. You’re a sitting duck and it’s hunting season; the further away we get from when those old workhorses had their final updates, the more likely it is that you’re being targeted.
And please make sure you are using some type of antivirus/malware software that is up-to-date. I have lost confidence in free anti-virus, and don’t believe in “no-name” security packages from discount stores, so buy quality. Some names to consider (not an endorsement): AVG, Avast, Kaspersky, McAfee, Norton, Webroot. Malware is becoming much more varied in the platforms that are targeted, so Mac users shouldn’t feel so smug. Plus, it’s tough to feel smug if you’re the vector by which a loved one’s Windows machine was infected!
Some basic tips:
- your ISP often has a free security software download for customers which is usually privately-branded McAfee or Norton. Did I mention it’s free? They want secure customers not clogging up their tubes with bad stuff, so it’s in their interest.
- the renewal offer from most antivirus software companies are over-priced. I prefer to either buy a retail box every year, or buy it from Amazon and download it. Renewals are usually $59 or more; buying a new license is usually around $35 if you shop around. These days, that’s for up to 5 computers and includes mobile devices!
- NEVER download or install any free “fixer”, “helper”, “troubleshooter”, “computer speed-up”, “coupon”, etc. program. They are almost always scamware or jumk, and sometimes are trojan horses for very bad stuff to get onto your computer.
- When installing ANY software, make sure to read carefully – DO NOT LET THE INSTALLER CHANGE YOUR BROWSER SETTINGS AND UNCHECK ANY OTHER PROGRAM OR TOOL BESIDES THE SOFTWARE YOU ARE INSTALLING.This one thing will make your computer much more secure and less crapware-filled. Installers for such things as WinZip, Adobe Acrobat, and Java include “marketing partner” stuff and are one of the primary mechanisms that I’ve seen malware use to get onto people’s otherwise protected computers. They change your search engine, add in plugins or extensions or toolbars, and add “helper programs” and such that often will report problems that aren’t there and then force you to buy their software to be able to dismiss their problem reports.
- Run security scan on live site to ensure nothing in the site is compromised. This may slow the site down a bit this afternoon.
- Finish tweaks and edits and approve new theme files.
- Get second test going, get feedback.
- Act on feedback, then launch; if necessary, go back for one more test.
- Finish back-end stuff and let MM do his magic to squeeze the best performance out of the system.
Reward For Reading So Much Or Skipping To The End
You can jump to the top or bottom of a webpage using the Home or End keyboard keys. Quicker than going for the mouse/scrollbar/pageup/pagedown. Excelsior!
ETA: Open Thread! I won’t be participating in these comments but will read them later.
You can always report issues that you encounter to [email protected]. Screenshots are helpful or copied and pasted error messages, etc. I don’t promise to fix everything, but I’d rather know of an issue so when I see other issues, I have more evidence to drive a correct conclusion and resolution.
ETAA: Good news, the theme developer support folks have forwarded the “back” issue to the top man, the boss/lead developer. So hopefully this will be an easy fix for him and we can get this wrapped up in the next few days!