Come for the politics, stay for the snark.

They think we are photo bombing their nice little lives.

Sadly, there is no cure for stupid.

There is no compromise when it comes to body autonomy. You either have it or you do not.

Hot air and ill-informed banter

Let’s delete this post and never speak of this again.

Anyone who bans teaching American history has no right to shape America’s future.

So many bastards, so little time.

When tyranny becomes law, rebellion becomes duty. ~Thomas Jefferson

Speaking of republicans, is there a way for a political party to declare intellectual bankruptcy?

Republicans don’t want a speaker to lead them; they want a hostage.

They are lying in pursuit of an agenda.

She burned that motherfucker down, and I am so here for it. Thank you, Caroline Kennedy.

Everybody saw this coming.

Disappointing to see gov. newsom with his finger to the wind.

Republicans want to make it harder to vote and easier for them to cheat.

Giving up is unforgivable.

After dobbs, women are no longer free.

The “burn-it-down” people are good with that until they become part of the kindling.

“Everybody’s entitled to be an idiot.”

JFC, are there no editors left at that goddamn rag?

If you voted for Trump, you don’t get to speak about ethics, morals, or rule of law.

It’s easy to sit in safety and prescribe what other people should be doing.

The next time the wall street journal editorial board speaks the truth will be the first.

If you still can’t see these things even now, maybe politics isn’t your forte and you should stop writing about it.

You are here: Home / Open Threads / Site Update News

Site Update News

by | 60 Comments

This post is in: ,

Reservoir Peeps (for 2007 Washington Post contest)

Just a note on what’s going on, although I’m sure I’ll accidentally omit your personal peeve/issue, so pre-omission apologies to all!

Due to an array of issues culminating with family in town, I had to cut short the final tweaks last week, and thus postponed the final test. I’m just getting back into gear after a nice holiday and should launch the final test tomorrow, Wednesday at the latest. The final test is anticipated to be the acceptance test, and so we’ll go live shortly after its conclusion. Should more than minor tweaks be necessary, it will take a bit more time.

The following list includes many details on what’s going on with the site design. Note that these changes are not in the live site you currently see, unless otherwise mentioned:

  1. The existing comment system is not going away. The new system was too radical a departure from what we’ve grown to love at Balloon Juice. Some of its features, including subscribing to a post’s comments, or to replies to your comment, were interesting to most testers, so I’ve enabled something like that in our current comment system.For some this is good, others no so good. One issue the new system was to address was FYWP eating comments (not moderation!) and the occasional duplication/triplication. So those choice aspects of Balloon Juice should endure for a while longer!
  2. Some other enhancements and some speedups regarding comments are also included.
  3. The “page number” function at the bottom of the page is fixed.
  4. The theme files have been updated to address a number of issues.  I am testing the most recent update, released Friday, so we’ll be good for site updates for a long time.
  5. We have instituted a git software repository for the site. This will allow us to immediately undo changes to the site such as updated theme files and plugins if they overwrite our customizations. This also means that the site’s backend is organized in a standard interface which will make it so much easier for others in the future to deal with it.
  6. Numerous styling issues solved.
  7. Right column is no longer acting weird.
  8. Left column of blank space is much narrower.
  9. The site is now resizing, etc. correctly.
  10. A number of plugins have been disabled and/or removed, making the site more secure, and load faster.
  11. The bad new: as of this time, the “back” function is not working on the test server. It’s an issue in the theme and I’m now in week 3 of dealing with their support folks and still nowhere. I am committed to getting this solved but it’s the theme maker taking their time giving us a solution.

Issues with the current live site

Last week a few issues happened and they might be related. We’re still investigating. Here are some current issues:

  1. The site was effectively down for a few hours. This was due to an HTML flood attack and was blocked once it was identified.
  2. One or more users saw some weird SSL certificate warnings (not related to identity, but about how our SSL certificate was for mail.google.com.
  3. One or more harassers came to visit. Working on that. Might be source of #1
  4. One or more commenters was having comments eaten – not put into moderation, but off into the aether, never to be seen.
  5. The “other things you might like” function at the bottom of posts with tags was incorrectly configured so it was disabled. It will return.
  6. Many users report an issue with the SSL certificate – it does not verify identity. This is correct for now; we’re using a free certificate and that’s what it is, it encrypts but doesn’t guarantee that www.balloon-juice.com is really Balloon Juice.If this were a company, you’d want to be sure that you were shopping at the real Amazon.com, for example, so it’s important for them to prove their identity.  I hope to enable the really cool Let’s Encrypr git and generate our own SSL certificates in the future, but for now, we’re using our current setup. Our main goal is achieved – the site’s traffic in encrypted between the Balloon Juice server and your web browser, so no one can directly snoop on what you’re reading or writing.

 

Wordwide WordPress Issues

Over the past few weeks, a number of media and professional WordPress sites have been compromised.

One way into these sites is bad programming in plugins and themes that allows attacks.Recently, I’ve removed a number of “heritage” plugins that are ancient and not maintained, as well as plugins that we’re not using. Should we need them later, it’s easy to add them back in. The theme files are updated as new versions are released, which has been, but will not remain, an issue.

Many WordPress sites, some from well-known companies, as well as non-WordPress sites were co-opted by ads with nasty stuff in them. Ads that, when shown on certain computers running old browsers or operating systems, and without good anti-malware software, installed a number of nasty programs including ransomware that holds your files hostage until you send the makers bitcoins.

Balloon Juice runs ads from Google and one other company; we do not accept advertising from a number of other sources, and this policy serves you, the user, well. But be warned – should you be running Windows XP or a similarly outdated operating system/browser, plan to upgrade in the next few months. You’re a sitting duck and it’s hunting season; the further away we get from when those old workhorses had their final updates, the more likely it is that you’re being targeted.

And please make sure you are using some type of antivirus/malware software that is up-to-date. I have lost confidence in free anti-virus, and don’t believe in “no-name” security packages from discount stores, so buy quality. Some names to consider (not an endorsement): AVG, Avast, Kaspersky, McAfee, Norton, Webroot. Malware is becoming much more varied in the platforms that are targeted, so Mac users shouldn’t feel so smug. Plus, it’s tough to feel smug if you’re the vector by which a loved one’s Windows machine was infected!

Some basic tips:

  • your ISP  often has a free security software download for customers which is usually privately-branded McAfee or Norton. Did I mention it’s free? They want secure customers not clogging up their tubes with bad stuff, so it’s in their interest.
  • the renewal offer from most antivirus software companies are over-priced. I prefer to either buy a retail box every year, or buy it from Amazon and download it.  Renewals are usually $59 or more; buying a new license is usually around $35 if you shop around. These days, that’s for up to 5 computers and includes mobile devices!
  • NEVER download or install any free “fixer”, “helper”, “troubleshooter”, “computer speed-up”, “coupon”, etc. program. They are almost always scamware or jumk, and sometimes are trojan horses for very bad stuff to get onto your computer.
  • When installing ANY software, make sure to read carefully – DO NOT LET THE INSTALLER CHANGE YOUR BROWSER SETTINGS AND UNCHECK ANY OTHER PROGRAM OR TOOL BESIDES THE SOFTWARE YOU ARE INSTALLING.This one thing will make your computer much more secure and less crapware-filled. Installers for such things as WinZip, Adobe Acrobat, and Java include “marketing partner” stuff and are one of the primary mechanisms that I’ve seen malware use to get onto people’s otherwise protected computers. They change your search engine, add in plugins or extensions or toolbars, and add “helper programs” and such that often will report problems that aren’t there and then force you to buy their software to be able to dismiss their problem reports.

 

The Plan

  1. Run security scan on live site to ensure nothing in the site is compromised. This may slow the site down a bit this afternoon.
  2. Finish tweaks and edits and approve new theme files.
  3. Get second test going, get feedback.
  4. Act on feedback, then launch; if necessary, go back for one more test.
  5. Finish back-end stuff and let MM do his magic to squeeze the best performance out of the system.

 

Reward For Reading So Much Or Skipping To The End

You can jump to the top or bottom of a webpage using the Home or End keyboard keys. Quicker than going for the mouse/scrollbar/pageup/pagedown. Excelsior!

 

ETA: Open Thread! I won’t be participating in these comments but will read them later.

 

You can always report issues that you encounter to [email protected]. Screenshots are helpful or copied and pasted error messages, etc. I don’t promise to fix everything, but I’d rather know of an issue so when I see other issues, I have more evidence to drive a correct conclusion and resolution.

 

ETAA: Good news, the theme developer support folks have forwarded the “back” issue to the top man, the boss/lead developer. So hopefully this will be an easy fix for him and we can get this wrapped up in the next few days!

Reader Interactions

60Comments

  2. 2.

    Alain the site fixer

    NotMax – when you see this, it looks like your commenting is working now. Please reply so I know that to be true. Also, feel free to email me should this happen again, I’d love to figure out what the issue is!

  5. 5.

    Major Major Major Major

    And please make sure you are using some type of antivirus/malware software that is up-to-date. I have lost confidence in free anti-virus, and don’t believe in “no-name” security packages from discount stores, so buy quality. Some names to consider (not an endorsement): AVG, Avast, Kaspersky, McAfee, Norton, Webroot.

    I call mine “Linux”

  6. 6.

    a hip hop artist from Idaho (fka Bella Q)

    I love peeps dioramas! Even violent ones. Otherwise I believe there is not reason for the existence of the brightly dyed marshmallow abominations.

    Thanks for your site work, Alain.

  7. 7.

    Technocrat

    Thanks for this update man, very thorough.

    We have instituted a git software repository for the site

    This is a Big Forking Deal.

  8. 8.

    Alain the site fixer

    @Major Major Major Major:Don’t be too smug, there are some nasties out for Linux now too. And again, even if you’re immune, if you pass on something to someone else, you’re gonna feel bad!

  13. 13.

    Paul in KY

    Alain, do you think the little numbers at bottom of page that are supposed to take you to page 2, 3, etc. will ever work?

    Asking for a friend…

    Edit: saw your answer to Anadromy above.

  16. 16.

    Face

    You forgot to address the most pressing question: are you pronounced like “Alan” or “A-layne”?

    And if you’re really site fixing, I suggest formaldehyde.

  18. 18.

    imonlylurking

    I’m really glad you mentioned upgrading from Windows XP and turning off all the crap that gets pushed along with a software purchase. I will tell you that my company will no longer use Norton or McAfee, and neither do I. I have the paid version of Malwarebytes. My company uses a combination of System Endpoint Protection from Microsoft and something called Bromium, which is a pain in my ass.

  20. 20.

    Gindy51

    I use Microsoft Security Essentials and love it. Runs quietly in the back ground and work like a charm for me. I follow this guy’s advice o all things computer and he has never give me bad advice. http://www.askwoody.com/

  26. 26.

    Sister Rail Gun of Warm Humanitarianism

    @Alain the site fixer: Comment Editing hasn’t been working for me for a while.

    An edit box opens in another tab. I can do anything I want in the box, click the button, and nothing happens.

  31. 31.

    Dork

    @JCJ: I always heard that competitive eaters merely vomit up all that shit as soon as the contest is over. They’re not really eating, as much as stuffing things (food) in a bag (stomach) as fast as possible, then removing them from the bag before they have to purchase (digest) all that crapola.

    Maybe I’m wrong, but I’m guessing nobody would want to actually process 200 peeps (or ~65 hot dogs) in one day.

  32. 32.

    elmo

    @Dork: I’m not usually a judgy type, but those competitive eating things, and those old reality-TV things that covered contestants in Jello or ketchup or whatever, really really REALLY REALLY offend me. Beyond all reason.

    Food is food. Food is not competition or toys or TV stunts or whatthehellever else. Some food is going to be wasted in this big world, and we waste far too much food at restaurants and grocery stores for aesthetic reasons (ugly fruit!), but for God’s sake, don’t throw away fucking truckloads of food for no damn reason at all.

  33. 33.

    Keith G

    Are they truly Peeps if they look like bunnies?

    Well they do taste like peeps when you bite off their widdle heads.

    Alain, I would feel most blessed if the mobile site had a ‘return to the top’ button as well as “previous” and “next” buttons at the end of a comment thread.

  35. 35.

    Ruckus

    @elmo:
    It’s not beyond all reason.
    That type of TV show or just throwing away truckloads of food, on a planet that many people go to sleep hungry on is easily one of the stupidest things humans do.

  37. 37.

    Ahasuerus

    Alain –

    A question about script blockers in general and NoScript in particular; which (if any) sites should be whitelisted to enable full site functionality?

    Thanks in advance,
    A

  39. 39.

    laura

    How do you add a photo to a comment? I’ve seen others-dogs, kittehs and food, yet I haven’t mastered the task.

  41. 41.

    Adam L Silverman

    @a hip hop artist from Idaho (fka Bella Q): @LAO: I’m branching out to push new product, so this batch is free, but in the future it’ll be normal pricing:
    http://www.mlive.com/entertainment/index.ssf/2016/03/peeps_diorama_contest_get_your.html
    https://www.washingtonpost.com/lifestyle/magazine/peeps/
    http://www.kansas.com/entertainment/arts-culture/article68063662.html
    http://www.sikids.com/si-kids/2016/03/28/peep-these-fantastic-sports-dioramas
    http://offbeat.topix.com/slideshow/11588
    http://www.nydailynews.com/life-style/2015-peeps-diorama-contest-entries-gallery-1.2173438
    And a personal favorite:
    https://www.youtube.com/watch?v=BJD_3eKcIRQ

  45. 45.

    Gavin

    FYI, your pagination system is broken..

    On the front page, if you scroll to the bottom and hit “next page,” you are taken back to page 1 but “2” is highlighted. Then, hit “next page” again and the “3” is highlighted.. but you’re still on page 1. Et cetera.

  47. 47.

    Steeplejack

    @Gavin:

    This has been mentioned before. A workaround is to enter the date, e.g.:

    https://balloon-juice.com/2016/03/28/

    You can enter any date. That will get you a navigable list of that day’s posts.

  49. 49.

    Alain the site fixer

    @Adam L Silverman: Use the Add Media button (you can upload what you own or link to something elsewhere). It will show up as a pic – my peeps is a link to the Flickr gallery where I found it. Or call and I’ll walk you through it! :)

  50. 50.

    Alain the site fixer

    @laura: The problem with allowing you to post a pic included in the comment is that we don’t require registration, so anyone can make a comment. I’ve seen enough Goatse to last me a lifetime, not to mention spam visual advertising.

    Sorry, at first I suggested it strongly, but realized that it would hurt, not help, our community!

  51. 51.

    NotMax

    @Alain the site fixer

    Seems to have vanished as quickly as it appeared. Was a tres bizarre glitch.

    Now, on to screen shots.

    Note the difference in display of font sizes between the same content as it appears on front page (left) versus appearance at top of comment page (right) in this example just now put together quickly. Both screenshots unaltered in any way, placed side by side in a panorama setting for easier comparison.

  52. 52.

    NotMax

    Oh, one more thing. Tried visiting the site using Firefox on an Android-running tablet. Although the option to change from mobile view to standard view was there (at the bottom of the comments page), it does not work.

  53. 53.

    chris

    @Alain the site fixer: Linux Mint here. Great but not bombproof.

    Couple weeks ago I clicked an ad in the Guardian (!) and Boom! Got a BSOD with audio telling me my computer was compromised and to call the number on the screen. And it was bulletproof, couldn’t close the browser, take a screenshot or open a terminal. Ended up doing a hard reset (shut down). Dog knows what it would have done to a windows machine.

    Pleased to tell you that the folks at the Guardian were on it within a few hours and sent an email to say thanks.

  55. 55.

    J R in WV

    @Keith G:

    Try pressing the “Home” button while you’re down in a page sometime. It always takes me to the top of whatever Web page I’m on. The “End” button usually goes to the bottom.

    YMMV

    ETA: These buttons are, on my laptop, up on the upper right corner of my keyboard. “Home” is just above the “Backspace” button, and “End” is the right most button on the top row, next to the on/off button.

  56. 56.

    J R in WV

    Question,

    I’m using Linux, specifically Ubuntu 14.04. We have a couple of laptops and workstations connected to a wireless router. One laptop can’t manage the wireless card with Linux mounted, so I have a cable running over to the router.

    Any recommendations for malware detection/protection on Linux? We’ve never had any issues so far.

    Thanks!

  57. 57.

    Alain the site fixer

    This is a comment edit test. I should be able to edit this comment.

    I successfully edited this so if you get a blank screen when editing a comment, you’re blocking something. I’m using Edge.

  58. 58.

    NotMax

    @Alain the site fixer

    Have never ever been able to edit a comment (or make use of the Reply thingy, for that matter), but am aware that is a consequence of my chosen, preferred digital configuration.

  59. 59.

    casey

    Why not use a WordPress hosting service like WP-Engine that can handle a lot of the security for you? WordPress is a nightmare to secure. I’m a systems engineer at a large internet company. I’ve done this shit for a living for 15 years, and I would not run a high-volume WP blog with a bunch of plugins of dubious quality/origin on my own platform under any circumstances. I’m not sure I’d even run a dinky one that nobody cared about.

    Putting your site behind CloudFlare’s free tier protection would be way better than nothing, as far as preventing future DDoS attacks.

    There are places where you can get SSL certificates for like 50 bucks. It’s so amateurish – why would you not have a signed one?

    Take this from a pro: you want to make security someone else’s problem. Trying to DIY this is just crazy and I’m surprised something worse hasn’t happened already.

    I don’t know how to be gentle about this, so I won’t. (And this is directed at the proprietor as much as “the site fixer”.) Now is not the time for some cheap-ass bullshit. Telling users they should upgrade their antivirus is a total cop-out. The problem here is that the whole site could get nuked. That commenters could get outed by their IP addresses, passwords could get stolen, or the database blown away all together. Do you have an offsite backup of the database somewhere?

Comments are closed.