Just a note on what’s going on, although I’m sure I’ll accidentally omit your personal peeve/issue, so pre-omission apologies to all!
Due to an array of issues culminating with family in town, I had to cut short the final tweaks last week, and thus postponed the final test. I’m just getting back into gear after a nice holiday and should launch the final test tomorrow, Wednesday at the latest. The final test is anticipated to be the acceptance test, and so we’ll go live shortly after its conclusion. Should more than minor tweaks be necessary, it will take a bit more time.
The following list includes many details on what’s going on with the site design. Note that these changes are not in the live site you currently see, unless otherwise mentioned:
- The existing comment system is not going away. The new system was too radical a departure from what we’ve grown to love at Balloon Juice. Some of its features, including subscribing to a post’s comments, or to replies to your comment, were interesting to most testers, so I’ve enabled something like that in our current comment system.For some this is good, others no so good. One issue the new system was to address was FYWP eating comments (not moderation!) and the occasional duplication/triplication. So those choice aspects of Balloon Juice should endure for a while longer!
- Some other enhancements and some speedups regarding comments are also included.
- The “page number” function at the bottom of the page is fixed.
- The theme files have been updated to address a number of issues. I am testing the most recent update, released Friday, so we’ll be good for site updates for a long time.
- We have instituted a git software repository for the site. This will allow us to immediately undo changes to the site such as updated theme files and plugins if they overwrite our customizations. This also means that the site’s backend is organized in a standard interface which will make it so much easier for others in the future to deal with it.
- Numerous styling issues solved.
- Right column is no longer acting weird.
- Left column of blank space is much narrower.
- The site is now resizing, etc. correctly.
- A number of plugins have been disabled and/or removed, making the site more secure, and load faster.
- The bad new: as of this time, the “back” function is not working on the test server. It’s an issue in the theme and I’m now in week 3 of dealing with their support folks and still nowhere. I am committed to getting this solved but it’s the theme maker taking their time giving us a solution.
Issues with the current live site
Last week a few issues happened and they might be related. We’re still investigating. Here are some current issues:
- The site was effectively down for a few hours. This was due to an HTML flood attack and was blocked once it was identified.
- One or more users saw some weird SSL certificate warnings (not related to identity, but about how our SSL certificate was for mail.google.com.
- One or more harassers came to visit. Working on that. Might be source of #1
- One or more commenters was having comments eaten – not put into moderation, but off into the aether, never to be seen.
- The “other things you might like” function at the bottom of posts with tags was incorrectly configured so it was disabled. It will return.
- Many users report an issue with the SSL certificate – it does not verify identity. This is correct for now; we’re using a free certificate and that’s what it is, it encrypts but doesn’t guarantee that www.balloon-juice.com is really Balloon Juice.If this were a company, you’d want to be sure that you were shopping at the real Amazon.com, for example, so it’s important for them to prove their identity. I hope to enable the really cool Let’s Encrypr git and generate our own SSL certificates in the future, but for now, we’re using our current setup. Our main goal is achieved – the site’s traffic in encrypted between the Balloon Juice server and your web browser, so no one can directly snoop on what you’re reading or writing.
Wordwide WordPress Issues
Over the past few weeks, a number of media and professional WordPress sites have been compromised.
One way into these sites is bad programming in plugins and themes that allows attacks.Recently, I’ve removed a number of “heritage” plugins that are ancient and not maintained, as well as plugins that we’re not using. Should we need them later, it’s easy to add them back in. The theme files are updated as new versions are released, which has been, but will not remain, an issue.
Many WordPress sites, some from well-known companies, as well as non-WordPress sites were co-opted by ads with nasty stuff in them. Ads that, when shown on certain computers running old browsers or operating systems, and without good anti-malware software, installed a number of nasty programs including ransomware that holds your files hostage until you send the makers bitcoins.
Balloon Juice runs ads from Google and one other company; we do not accept advertising from a number of other sources, and this policy serves you, the user, well. But be warned – should you be running Windows XP or a similarly outdated operating system/browser, plan to upgrade in the next few months. You’re a sitting duck and it’s hunting season; the further away we get from when those old workhorses had their final updates, the more likely it is that you’re being targeted.
And please make sure you are using some type of antivirus/malware software that is up-to-date. I have lost confidence in free anti-virus, and don’t believe in “no-name” security packages from discount stores, so buy quality. Some names to consider (not an endorsement): AVG, Avast, Kaspersky, McAfee, Norton, Webroot. Malware is becoming much more varied in the platforms that are targeted, so Mac users shouldn’t feel so smug. Plus, it’s tough to feel smug if you’re the vector by which a loved one’s Windows machine was infected!
Some basic tips:
- your ISP often has a free security software download for customers which is usually privately-branded McAfee or Norton. Did I mention it’s free? They want secure customers not clogging up their tubes with bad stuff, so it’s in their interest.
- the renewal offer from most antivirus software companies are over-priced. I prefer to either buy a retail box every year, or buy it from Amazon and download it. Renewals are usually $59 or more; buying a new license is usually around $35 if you shop around. These days, that’s for up to 5 computers and includes mobile devices!
- NEVER download or install any free “fixer”, “helper”, “troubleshooter”, “computer speed-up”, “coupon”, etc. program. They are almost always scamware or jumk, and sometimes are trojan horses for very bad stuff to get onto your computer.
- When installing ANY software, make sure to read carefully – DO NOT LET THE INSTALLER CHANGE YOUR BROWSER SETTINGS AND UNCHECK ANY OTHER PROGRAM OR TOOL BESIDES THE SOFTWARE YOU ARE INSTALLING.This one thing will make your computer much more secure and less crapware-filled. Installers for such things as WinZip, Adobe Acrobat, and Java include “marketing partner” stuff and are one of the primary mechanisms that I’ve seen malware use to get onto people’s otherwise protected computers. They change your search engine, add in plugins or extensions or toolbars, and add “helper programs” and such that often will report problems that aren’t there and then force you to buy their software to be able to dismiss their problem reports.
The Plan
- Run security scan on live site to ensure nothing in the site is compromised. This may slow the site down a bit this afternoon.
- Finish tweaks and edits and approve new theme files.
- Get second test going, get feedback.
- Act on feedback, then launch; if necessary, go back for one more test.
- Finish back-end stuff and let MM do his magic to squeeze the best performance out of the system.
Reward For Reading So Much Or Skipping To The End
You can jump to the top or bottom of a webpage using the Home or End keyboard keys. Quicker than going for the mouse/scrollbar/pageup/pagedown. Excelsior!
ETA: Open Thread! I won’t be participating in these comments but will read them later.
You can always report issues that you encounter to [email protected]. Screenshots are helpful or copied and pasted error messages, etc. I don’t promise to fix everything, but I’d rather know of an issue so when I see other issues, I have more evidence to drive a correct conclusion and resolution.
ETAA: Good news, the theme developer support folks have forwarded the “back” issue to the top man, the boss/lead developer. So hopefully this will be an easy fix for him and we can get this wrapped up in the next few days!
Keith P.
You had me at “tweaks”. Well, not really. That’s just when I stopped reading ;)
Alain the site fixer
NotMax – when you see this, it looks like your commenting is working now. Please reply so I know that to be true. Also, feel free to email me should this happen again, I’d love to figure out what the issue is!
Peter Schledorn
Thanks for all the work you’ve put into this!
anadromy
“The “page number” function at the bottom of the page is fixed.”
Nope.
Major Major Major Major
I call mine “Linux”
a hip hop artist from Idaho (fka Bella Q)
I love peeps dioramas! Even violent ones. Otherwise I believe there is not reason for the existence of the brightly dyed marshmallow abominations.
Thanks for your site work, Alain.
Technocrat
Thanks for this update man, very thorough.
This is a Big Forking Deal.
Alain the site fixer
@Major Major Major Major:Don’t be too smug, there are some nasties out for Linux now too. And again, even if you’re immune, if you pass on something to someone else, you’re gonna feel bad!
Alain the site fixer
@anadromy: In the test it is, not on the live site. It will come, soon, and be glorious.
Major Major Major Major
And of course thanks for all your hard work, Alain.
Major Major Major Major
@Alain the site fixer: i know, part of my work is in security :P
Just being an asshole. I’m sure to I’ll be shocked to find that going on in this establishment.
Major Major Major Major
@Major Major Major Major: …you’ll. Won’t let me edit though.
Paul in KY
Alain, do you think the little numbers at bottom of page that are supposed to take you to page 2, 3, etc. will ever work?
Asking for a friend…
Edit: saw your answer to Anadromy above.
Felonius Monk
Thanks for the update, Alain.
Miss Bianca
Yes, yes, thank you for undertaking a sometimes all-too-thankless task!
Face
You forgot to address the most pressing question: are you pronounced like “Alan” or “A-layne”?
And if you’re really site fixing, I suggest formaldehyde.
imonlylurking
@a hip hop artist from Idaho (fka Bella Q): My roommate just did “Silence of the Peeps” for a work competition. She placed third. She was robbed.
imonlylurking
I’m really glad you mentioned upgrading from Windows XP and turning off all the crap that gets pushed along with a software purchase. I will tell you that my company will no longer use Norton or McAfee, and neither do I. I have the paid version of Malwarebytes. My company uses a combination of System Endpoint Protection from Microsoft and something called Bromium, which is a pain in my ass.
schrodinger's cat
@a hip hop artist from Idaho (fka Bella Q): How come you are so sane? My previously sane friend has become a total right wing nutcase after she moved to Idaho from back east.
Gindy51
I use Microsoft Security Essentials and love it. Runs quietly in the back ground and work like a charm for me. I follow this guy’s advice o all things computer and he has never give me bad advice. http://www.askwoody.com/
LAO
@schrodinger’s cat: Word on the street is Bella Q doesn’t really live in Idaho.
@a hip hop artist from Idaho (fka Bella Q): Peep dioramas are the best, Especially those based on Reservoir Dogs.
ETA: Thanks Alain
Matt McIrvin
Are they truly Peeps if they look like bunnies?
Sister Rail Gun of Warm Humanitarianism
@imonlylurking: Seconding this. Norton and McAfee are hogs. Malwarebytes FTW.
JCJ
@a hip hop artist from Idaho (fka Bella Q):
Did you see that some guy ate 200 peeps in a little over 14 minutes? I cannot imagine his pancreas is capable of producing enough insulin to handle that much sugar. Int he video he says it is 5600 calories and something over 1000g of sugar. I get queasy just thinking about it.
Here is the video
Alain the site fixer
@Major Major Major Major: You’ll, I’ll. I heard you.Did you just miss the deadline to edit, or is Comment Editing not working at all for you?
Sister Rail Gun of Warm Humanitarianism
@Alain the site fixer: Comment Editing hasn’t been working for me for a while.
An edit box opens in another tab. I can do anything I want in the box, click the button, and nothing happens.
Roger Moore
@Major Major Major Major:
Seconded. I’ve been running Linux for 17 years, and I’ve never once had a problem with malware.
Paul in KY
@Matt McIrvin: That’s the kind of philosophical question that keeps me coming back here!
Paul in KY
@JCJ: He’s probably taken a year off his life by doing that.
Mike J
@Sister Rail Gun of Warm Humanitarianism: I thought it was just me. This is one of the rare places I allow to run javaascript, and I have popups allowed for this site.
Dork
@JCJ: I always heard that competitive eaters merely vomit up all that shit as soon as the contest is over. They’re not really eating, as much as stuffing things (food) in a bag (stomach) as fast as possible, then removing them from the bag before they have to purchase (digest) all that crapola.
Maybe I’m wrong, but I’m guessing nobody would want to actually process 200 peeps (or ~65 hot dogs) in one day.
elmo
@Dork: I’m not usually a judgy type, but those competitive eating things, and those old reality-TV things that covered contestants in Jello or ketchup or whatever, really really REALLY REALLY offend me. Beyond all reason.
Food is food. Food is not competition or toys or TV stunts or whatthehellever else. Some food is going to be wasted in this big world, and we waste far too much food at restaurants and grocery stores for aesthetic reasons (ugly fruit!), but for God’s sake, don’t throw away fucking truckloads of food for no damn reason at all.
Keith G
Well they do taste like peeps when you bite off their widdle heads.
Alain, I would feel most blessed if the mobile site had a ‘return to the top’ button as well as “previous” and “next” buttons at the end of a comment thread.
Ruckus
@Alain the site fixer:
I see you have a stalker on the test site.
Someone you know?
Ruckus
@elmo:
It’s not beyond all reason.
That type of TV show or just throwing away truckloads of food, on a planet that many people go to sleep hungry on is easily one of the stupidest things humans do.
The Dangerman
Reservoir Peeps? ROFLAPMP
Thanks, badly needed belly laugh…..
Ahasuerus
Alain –
A question about script blockers in general and NoScript in particular; which (if any) sites should be whitelisted to enable full site functionality?
Thanks in advance,
A
Major Major Major Major
@Alain the site fixer: Just that comment. Was weird.
laura
How do you add a photo to a comment? I’ve seen others-dogs, kittehs and food, yet I haven’t mastered the task.
schrodinger's cat
@laura: You can link to a photo but can’t embed it unless you are FPer.
Adam L Silverman
@a hip hop artist from Idaho (fka Bella Q): @LAO: I’m branching out to push new product, so this batch is free, but in the future it’ll be normal pricing:
http://www.mlive.com/entertainment/index.ssf/2016/03/peeps_diorama_contest_get_your.html
https://www.washingtonpost.com/lifestyle/magazine/peeps/
http://www.kansas.com/entertainment/arts-culture/article68063662.html
http://www.sikids.com/si-kids/2016/03/28/peep-these-fantastic-sports-dioramas
http://offbeat.topix.com/slideshow/11588
http://www.nydailynews.com/life-style/2015-peeps-diorama-contest-entries-gallery-1.2173438
And a personal favorite:
https://www.youtube.com/watch?v=BJD_3eKcIRQ
Adam L Silverman
@Sister Rail Gun of Warm Humanitarianism: I was a big fan of TrendMicro before I switched to Macs.
Adam L Silverman
@schrodinger’s cat: I can’t embed it in a comment either and I’m an FPer. In comments all I can do is link to it.
LAO
@Adam L Silverman: Between the Kardashian peep and the execution of Easter candy — I’m feeling pretty satisfied. Thanks.
Gavin
FYI, your pagination system is broken..
On the front page, if you scroll to the bottom and hit “next page,” you are taken back to page 1 but “2” is highlighted. Then, hit “next page” again and the “3” is highlighted.. but you’re still on page 1. Et cetera.
Adam L Silverman
@LAO: De nada.
Steeplejack
@Gavin:
This has been mentioned before. A workaround is to enter the date, e.g.:
https://balloon-juice.com/2016/03/28/
You can enter any date. That will get you a navigable list of that day’s posts.
Alain the site fixer
@Sister Rail Gun of Warm Humanitarianism: Please email me. I’d like to learn more as it should work. I played with it extensively last week and it all seemed to be smooth as silk.
Alain the site fixer
@Adam L Silverman: Use the Add Media button (you can upload what you own or link to something elsewhere). It will show up as a pic – my peeps is a link to the Flickr gallery where I found it. Or call and I’ll walk you through it! :)
Alain the site fixer
@laura: The problem with allowing you to post a pic included in the comment is that we don’t require registration, so anyone can make a comment. I’ve seen enough Goatse to last me a lifetime, not to mention spam visual advertising.
Sorry, at first I suggested it strongly, but realized that it would hurt, not help, our community!
NotMax
@Alain the site fixer
Seems to have vanished as quickly as it appeared. Was a tres bizarre glitch.
Now, on to screen shots.
Note the difference in display of font sizes between the same content as it appears on front page (left) versus appearance at top of comment page (right) in this example just now put together quickly. Both screenshots unaltered in any way, placed side by side in a panorama setting for easier comparison.
NotMax
Oh, one more thing. Tried visiting the site using Firefox on an Android-running tablet. Although the option to change from mobile view to standard view was there (at the bottom of the comments page), it does not work.
chris
@Alain the site fixer: Linux Mint here. Great but not bombproof.
Couple weeks ago I clicked an ad in the Guardian (!) and Boom! Got a BSOD with audio telling me my computer was compromised and to call the number on the screen. And it was bulletproof, couldn’t close the browser, take a screenshot or open a terminal. Ended up doing a hard reset (shut down). Dog knows what it would have done to a windows machine.
Pleased to tell you that the folks at the Guardian were on it within a few hours and sent an email to say thanks.
chris
Nice work, Alain. Thank you.
J R in WV
@Keith G:
Try pressing the “Home” button while you’re down in a page sometime. It always takes me to the top of whatever Web page I’m on. The “End” button usually goes to the bottom.
YMMV
ETA: These buttons are, on my laptop, up on the upper right corner of my keyboard. “Home” is just above the “Backspace” button, and “End” is the right most button on the top row, next to the on/off button.
J R in WV
Question,
I’m using Linux, specifically Ubuntu 14.04. We have a couple of laptops and workstations connected to a wireless router. One laptop can’t manage the wireless card with Linux mounted, so I have a cable running over to the router.
Any recommendations for malware detection/protection on Linux? We’ve never had any issues so far.
Thanks!
Alain the site fixer
This is a comment edit test. I should be able to edit this comment.
I successfully edited this so if you get a blank screen when editing a comment, you’re blocking something. I’m using Edge.
NotMax
@Alain the site fixer
Have never ever been able to edit a comment (or make use of the Reply thingy, for that matter), but am aware that is a consequence of my chosen, preferred digital configuration.
casey
Why not use a WordPress hosting service like WP-Engine that can handle a lot of the security for you? WordPress is a nightmare to secure. I’m a systems engineer at a large internet company. I’ve done this shit for a living for 15 years, and I would not run a high-volume WP blog with a bunch of plugins of dubious quality/origin on my own platform under any circumstances. I’m not sure I’d even run a dinky one that nobody cared about.
Putting your site behind CloudFlare’s free tier protection would be way better than nothing, as far as preventing future DDoS attacks.
There are places where you can get SSL certificates for like 50 bucks. It’s so amateurish – why would you not have a signed one?
Take this from a pro: you want to make security someone else’s problem. Trying to DIY this is just crazy and I’m surprised something worse hasn’t happened already.
I don’t know how to be gentle about this, so I won’t. (And this is directed at the proprietor as much as “the site fixer”.) Now is not the time for some cheap-ass bullshit. Telling users they should upgrade their antivirus is a total cop-out. The problem here is that the whole site could get nuked. That commenters could get outed by their IP addresses, passwords could get stolen, or the database blown away all together. Do you have an offsite backup of the database somewhere?
Paul in KY
@elmo: Feel basically the same way.