User loginNavigation |
Site DiscussionDelay in postingAccessing the site in Safari I'm seeing a very long (5s+) delay after pressing the post button with no visual feedback. It looks like no input has been recognised, but pressing post again results in a double post. Is anybody else seeing this behaviour? HTTPS and logins to LtU.With the new hosting solution I'm observing that we don't have HTTPS connections on the page where people are logging in. This exposes LtU logins to HTTP eavesdroppers. Given that lots of people use the same password across multiple sites (even though everybody already knows they oughtn't) this probably also exposes a number of users' ALT, Amazon, Ashley Madison, Banking, BeNaughty, Bing, BoingBoing, Buddybang, Craigslist, DeviantArt, Diaspora, Digg, Discord, Douyen, Ebay, EstablishedMen, Facebook, Fark, Fetlife, Flicker, Foursquare, Friendica, Gab, Glee, GnuSocial, Google, Grindr, Imgur, Instagram, Limewire, LinkedIn, LINE, LiveJournal, Mastodon, Meetup, MySpace, OKCupid, Patreon, Parler, Pinterest, PlosOne, Reddit, QQ, Qzone, Quora, ResearchGate, SecondLife, Seeking, Slack, SocialCast, Snapchat, SomethingAwful, SoundCloud, Stack Overflow, Sharesome, Steam, Telegram, Tiktok, Tinder, Truth social, Tumblr, TV Tropes, Twitch, Twitter, Vimeo, WeChat, Weibo, Viber, WattPad, WhatsApp, Wikipedia, WordPress, Yahoo, Yammer, Yelp, and Youtube passwords. Though probably not all of them for any one person. Just sayin, this ought to be corrected. The hidden cost of exception handlingI've just published a blog article about the hidden cost of exception handling that may interest some of the readers here. During a meeting today, a colleague of mine shared the belief that exception handling had no impact on optimizations in modern C++. While we did everything we could 20+ years ago to ensure that all kinds of optimizations were possible, there is a residual cost that you can trigger. In this post, I show cases where there is zero cost for exception handling in the primary execution path, but also build a few pathological cases where the compiler cannot preserve that property, and where just enabling exceptions markedly changes the primary code path, for reasons that may be related more to correctness than to optimizations, in other words, where it may not ever be possible to fully optimize without violating C++ semantics. By Christophe de Dinechin at 2022-05-10 06:23 | Site Discussion | 1 comment | other blogs | 2395 reads
Major problems with accessI recently have major problem with accessing the site. Posting comments fails randomly with no data, some request returns no data at all. Reloading page fails 1/3 of time. And so on. This happen in different browsers and with and without VPN, so I'm quite sure that the problem is on LtU server side. The problem happens whether I logged in or not. The problem started to happen relatively recently. Few month ago everything was ok. Does anyone else have such problems? I suspect there is a problem is with hosting provider, or some "optimization" is involved like turning off VM when there is a little traffic. POLA Would Have Prevented the Event-Stream IncidentPOLA Would Have Prevented the Event-Stream Incident by Kate Sills
This npm / event-stream debacle is the perfect teaching moment for POLA (Principle of Least Authority), and for the need to support least authority for JavaScript libraries. My talk Securing EcmaScript, presentation to Node Security explained many of these issues prior to this particular incident. For LtU, my best explanation of POLA is Verify What? Navigating the Attack Surface given to the "Formal Methods Meets JavaScript" workshop at Imperial College. By MarkM at 2018-12-06 03:55 | LtU Forum | Site Discussion | login or register to post comments | other blogs | 2903 reads
ADMIN: You NEED to set up HTTPS soonChromium has already started to report this site as "insecure" in its title bar. Firefox will do in the next release, I think. It's already a chore to even sign in because the browsers require extra confirmation for filling in forms (passwords) for anything non-HTTPS nowadays. I have no idea about the hosting details of LtU, but good hosting providers already offer some sort of Let's Encrypt intregration these days, so please opt in to that, if you can. If you're self-hosting I think there should be a reasonably approachable solution to this issue. Feel free to contact me privately (you have my e-mail!) and I'll try to connect you with someone who knows exactly what to do. EDIT: I had a brief look around for relevant admin email adresses on the site and didn't find any. Hence my post. (Plus formatting.) Site migrationUpdate: The migration of LtU to new servers is complete. If you notice any issues with the site, please post in this thread (if you can), or email me at antonvs8 at (gmail domain). Original announcement appears below:
By Anton van Straaten at 2018-02-04 20:03 | Site Discussion | 11 comments | other blogs | 35175 reads
Markdown support?Currently LtU offers the input options "Plain Text + HTML" and "HTML". I have grown to find them rather irritating for several reasons: - having to manually use HTML escape codes for < and > makes some things almost unusable for me (this comes a lot in the current Frank discussion). It is painful to write, and painful to read back when editing a post. (some form of) Markdown has gathered consensus among websites that expect user comments, for example Github and Reddit. I would be very happy if we could have a Markdown input option in LtU. Because it does "the right thing" with text by default, and also supports raw HTML fragments, I think this option should be the default. P.S.: Ehud, in 2010 you were of the opinion that technical information on the website platform are off-topic, even in the "Site operations discussions" forum. Is it still the case? I started by looking for technical information on where the site's source could be found, to see if I could consider contributing Markdown support myself (or at least evaluate the effort that would be involved), but was unable to find any information. Would you consider sharing a bit of information on the site's internals to encourage people to lend a hand from times to times? server life expectancy?It looked like LtU was down a bit today at least. Anything we can do to help? Should we all throw money at somebody to get a revamped server or anything? Exporting the databaseI'm interested in playing around with ways to render large discussions, to see what is readable / easy to navigate. This is motivated by part in the 500-comment+ discussions that span indented posts across multiple pages. I've already hacked together something that parses the html on the site (Drupal generates really nicely structured html) and rebuilds the comment database, but it seemed a bit rude to spider the whole site. My first question is do you mind people pulling off copies of the site to experiment with, maybe building a tool to render the site in a different format? Which may then lead to technical questions such as:
|
Browse archives
Active forum topics |
Recent comments
26 weeks 5 days ago
26 weeks 6 days ago
26 weeks 6 days ago
49 weeks 6 hours ago
1 year 1 week ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 5 weeks ago
1 year 10 weeks ago
1 year 10 weeks ago