Announcements

Join the ongoing conversation on Discord: https://discord.gg/w6Tpkp2

To purchase your copy of the City of Titans Launcher, visit our store at https://store.missingworldsmedia.com/ A purchase of $50 or more will give you a link to download the Launcher for Windows or Mac based machines.

New Forums

44 posts / 0 new
Last post
warlocc
warlocc's picture
Offline
Last seen: 4 hours 41 min ago
Developerkickstarter
Joined: 09/20/2013 - 16:38
New Forums

I've read once or twice that there's going to be a new site and new forums at some point.

When it happens, we're absolutely going to need moderation and moderation tools such as blocking/ignoring other users.

Just wanted to make sure it's on the agenda somewhere.

[color=red]PR Team, Forum Moderator, Live Response Team[/color]

Impulse King
Offline
Last seen: 3 years 1 day ago
11th Anniversary Badge
Joined: 10/05/2013 - 18:55
I recall asking this some

I recall asking this some time ago and that a Dev responded. (Can't recall which Dev and I'm pretty sure it's been over a year.) The gist of it was THESE are the forums period.

Now I can understand some confusion here because it happened to me too. I based mine on the fact that CoH had 2 sets of forums. One before beta and another after. But for CoT the plan is these are the forums for the life of the game.

Unfortunately I didn't get any info to answer the rest of your question. But those sound like reasonable steps when the game goes live.

DesViper
DesViper's picture
Offline
Last seen: 2 years 11 months ago
Developer11th Anniversary Badge
Joined: 03/10/2014 - 00:55
There's definitely some

There's definitely some changes to the account system though, because the security on these is lacking

[hr]
[color=red]PR, Forum Moderator[/color]
[url=http://cityoftitans.com/forum/desvipers-creative-impulsivity]My Non-Canon Backstories[/url]
Avatar by MikeNovember

Interdictor
Interdictor's picture
Offline
Last seen: 5 years 1 month ago
11th Anniversary Badge
Joined: 08/22/2013 - 05:26
https://cityoftitans.com

https://cityoftitans.com/content/what-we-do-project-update

There is a new website incoming. As for the forums, it is possible to migrate them without losing the content, but weather the devs are planning on doing that I guess we will have to see (though they will probably want to keep the aesthetics consistent with the new and improved website).

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Yes, we need better

Yes, we need better moderation tools. Blocking or equivalent, too. Reporting posts is a near-term feature I hope to roll out soon. (It works on the internal beta web site, so it's a matter of writing and executing the migration plan to upgrade the live site.)

We've planned to make a "new" web site for two years now, but it kept getting pushed back and we've had to change plans for it several times due to show-stopping defects being discovered in the upgrade plan. e.g. "we're going to migrate the site to platform X" (two months later) "platform X doesn't support our private message system and can't migrate." Wash, rinse, [url=https://paragonwiki.com/wiki/Soldiers_of_Rularuu]Rularuu[/url].

It's my desire to write a script to migrate old posts to the new forums. Failing that, we'll try to preserve these forums somewhere in some form as read-only. Note: this is beyond the industry standard of simply shutting down old forums to launch new ones.

[i]Has anyone seen my mind? It was right here...[/i]

Riptide
Riptide's picture
Offline
Last seen: 3 months 3 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/09/2013 - 07:01
Probably a silly question but

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

"I don't think you understand the gravity of your situation."

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
Riptide wrote:
Riptide wrote:

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

Account information alone are in most cases much much easier to migrate than all the data from a whole forum. So I highly doubt we'll need to sign up again, at most I'd guess a password reset.

Kuraikari
Kuraikari's picture
Offline
Last seen: 1 year 1 week ago
Developer
Joined: 11/28/2018 - 12:59
blacke4dawn wrote:
blacke4dawn wrote:
Riptide wrote:

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

Account information alone are in most cases much much easier to migrate than all the data from a whole forum. So I highly doubt we'll need to sign up again, at most I'd guess a password reset.

As a general information, out of experience:
Databases and their entities are easy to export and import, both structure and data. But every CMS or system uses different structures for data handling, mainly backend.
The frontend, where most of our user data is, would be mostly the same. However, as they are adding security, there might changes be a possibility.
Though they will probably just add new columns etc..

(I used to have 15 - 20 columns per row... So a lot of data)
I don't know how they are handling data, but I'm sure passwords aren't clear text, lol

[font=courier][color=#FF0000]Tech[/color][/font]

45 52 52 4F 52 3A 20 34 30 34 0D 0A 48 65 72 6F 20 6E 6F 74 20 66 6F 75 6E 64 21

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
Kuraikari wrote:
Kuraikari wrote:
blacke4dawn wrote:
Riptide wrote:

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

Account information alone are in most cases much much easier to migrate than all the data from a whole forum. So I highly doubt we'll need to sign up again, at most I'd guess a password reset.

As a general information, out of experience:
Databases and their entities are easy to export and import, both structure and data. But every CMS or system uses different structures for data handling, mainly backend.
The frontend, where most of our user data is, would be mostly the same. However, as they are adding security, there might changes be a possibility.
Though they will probably just add new columns etc..

Yes, that was what I was referring to. Just transferring data is easy, it's the "making usable" in the new system that is the hard part and that is a part of migrating data (otherwise, ime, it's just called transferring or copying).

Quote:

(I used to have 15 - 20 columns per row... So a lot of data)
I don't know how they are handling data, but I'm sure [b]passwords aren't clear text[/b], lol

I certainly hope not.
If they can use the same hashing algorithm, same salting routine, and such in the new forum then they could reuse the passwords, but I think it is safer to just tell everyone to reset them.

Regardless of how much of the old forum MWM ultimately does migrate I don't think that we as normal users will have to do more than a password reset before we can post on the new one.

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Riptide wrote:
Riptide wrote:

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

Yep. The usernames and password hashes are easy to copy. I've already got code for the new site that can read the old hashes. Technically, when you first login on the new site, it'll see that your account has an old hash, verify your password against that, and then generate a new (SHA-256, I think) hash, all without you noticing.

Posts are easy to copy, too... [i]raw.[/i] It's preserving the formatting (styles, images, quotes, etc.) that is the hard part.

Kuraikari wrote:

Databases and their entities are easy to export and import, both structure and data. But every CMS or system uses different structures for data handling, mainly backend.
The frontend, where most of our user data is, would be mostly the same. However, as they are adding security, there might changes be a possibility.
Though they will probably just add new columns etc..

LOL I wish. We're going to be importing post-by-post from the old database to the new, running things through a converter. I can't just cheat with a few ALTER TABLE statements.

Kuraikari wrote:

I don't know how they are handling data, but I'm sure passwords aren't clear text, lol

Oh hell no. Cleartext passwords make me violent. But then, the lack of cleartext passwords is why the hashes can't be updated to the new system until you login (the one moment that the user's password exists in cleartext), so there's a minor inconvenience factor on my end.

blacke4dawn wrote:

If they can use the same hashing algorithm, same salting routine, and such in the new forum then they could reuse the passwords, but I think it is safer to just tell everyone to reset them.

It's not that bad. There are prefixes on the password hashes (e.g. [code]$6$[/code]) to describe the hashing/salting algorithm. The site uses that to see which authentication backend to call.

Though I [i]could[/i] force a password reset on everyone if you really want me to...

TL;DR: Account migration is a [b]required[/b] feature; we won't bring the site live without it.

[i]Has anyone seen my mind? It was right here...[/i]

Kuraikari
Kuraikari's picture
Offline
Last seen: 1 year 1 week ago
Developer
Joined: 11/28/2018 - 12:59
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:
Riptide wrote:

Probably a silly question but, if the old forum can't be preserved, will our account information still be migrated or will we have to sign up again?

Yep. The usernames and password hashes are easy to copy. I've already got code for the new site that can read the old hashes. Technically, when you first login on the new site, it'll see that your account has an old hash, verify your password against that, and then generate a new (SHA-256, I think) hash, all without you noticing.

Posts are easy to copy, too... [i]raw.[/i] It's preserving the formatting (styles, images, quotes, etc.) that is the hard part.

Kuraikari wrote:

Databases and their entities are easy to export and import, both structure and data. But every CMS or system uses different structures for data handling, mainly backend.
The frontend, where most of our user data is, would be mostly the same. However, as they are adding security, there might changes be a possibility.
Though they will probably just add new columns etc..

LOL I wish. We're going to be importing post-by-post from the old database to the new, running things through a converter. I can't just cheat with a few ALTER TABLE statements.

Kuraikari wrote:

I don't know how they are handling data, but I'm sure passwords aren't clear text, lol

Oh hell no. Cleartext passwords make me violent. But then, the lack of cleartext passwords is why the hashes can't be updated to the new system until you login (the one moment that the user's password exists in cleartext), so there's a minor inconvenience factor on my end.

blacke4dawn wrote:

If they can use the same hashing algorithm, same salting routine, and such in the new forum then they could reuse the passwords, but I think it is safer to just tell everyone to reset them.

It's not that bad. There are prefixes on the password hashes (e.g. [code]$6$[/code]) to describe the hashing/salting algorithm. The site uses that to see which authentication backend to call.

Though I [i]could[/i] force a password reset on everyone if you really want me to...

TL;DR: Account migration is a [b]required[/b] feature; we won't bring the site live without it.

I love you even more now :)

[font=courier][color=#FF0000]Tech[/color][/font]

45 52 52 4F 52 3A 20 34 30 34 0D 0A 48 65 72 6F 20 6E 6F 74 20 66 6F 75 6E 64 21

Lothic
Lothic's picture
Offline
Last seen: 5 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

TL;DR: Account migration is a [b]required[/b] feature; we won't bring the site live without it.

My main "thing" about having a new forum/website would be whether or not the DoD would let it pass.

For those who don't know (Lin Chiao Feng is already specifically aware of this issue) the DoD/Navy is incredibly picky about what "non-essential" websites they allow to pass over their unclass (NIPRNet) ISPs. Long story short the CoT website as it currently exists has been "blacklisted" for a couple of years now mostly due to some of the certificate problems it had at the time. Lin has looked into this (based on some PMs I sent regarding the issue) but there doesn't really appear to be anything that can be done ATM.

In a nutshell I'm hoping setting up a new website might be enough to "convince" the Navy's filters to let CoT through while I'm (or any sailor for that matter) is at sea.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

DariusWolfe
Offline
Last seen: 1 year 11 months ago
Joined: 09/19/2018 - 06:22
The main problem I see (on

The main problem I see (on Army and Air Force installations) is the site categorization, which usually has "Games". No DoD network I've been on yet has allowed that, because while personal use of government networks is allowed so long as it doesn't interfere with your or anyone else's work, they don't want you playing games on their computers; and they don't seem to differentiate between sites that focus on discussing games and sites they offer games to play. Case in point, I've seen game sites that are not categorized as such be allowed through, and even individual subreddits be blocked (though not this latter recently) for a Games categorization.

It seems to me that whatever indexing function that categorizing as a Games site serves may be more important to MWM than us poor beleaguered DoD employees... but if they can make it work, I'd be thrilled.

~ DariusWolfe
Errant, TNT, Vibrant and Fluxion on Liberty

Lothic
Lothic's picture
Offline
Last seen: 5 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
DariusWolfe wrote:
DariusWolfe wrote:

The main problem I see (on Army and Air Force installations) is the site categorization, which usually has "Games". No DoD network I've been on yet has allowed that, because while personal use of government networks is allowed so long as it doesn't interfere with your or anyone else's work, they don't want you playing games on their computers; and they don't seem to differentiate between sites that focus on discussing games and sites they offer games to play. Case in point, I've seen game sites that are not categorized as such be allowed through, and even individual subreddits be blocked (though not this latter recently) for a Games categorization.

It seems to me that whatever indexing function that categorizing as a Games site serves may be more important to MWM than us poor beleaguered DoD employees... but if they can make it work, I'd be thrilled.

I'm sure the fact that the CoT website is both a "non-essential" website as well as a "game oriented" website doesn't help its chances in this regard. For what it's worth I can still reach MWM's facebook page on our NIPRNet (piped through San Diego) so clearly the filtering in these cases is not being applied uniformly.

There was a time for several years where I could see the CoT website without a hitch. I was only during the brief period a couple of years ago where the certificates for the website got dropped/switched that it appears the site got "flagged" and has remained blocked ever since.

I've long since resigned myself to the reality that given MWM's current "grassroots" nature the chances of things getting fixed from their end is fairly slight. Saying that is not really a "knock" against MWM - I'm sure the DoD thing only affects a handful of us forum jockeys and even in my case I only get "burned" by the situation maybe 3 or 4 months per year (the rest of the time I'm home running on my commercial ISP).

So again if the updated website/forum setup somehow involved changing up how its certificates work then there's the chance the "problem" will solve itself. Obviously if that comes to pass I'll let Lin know either way.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
I'd like some features. Like

I'd like some features. Like being able to see who posted last in a thread and a spoiler box thing. It's something the GitP (Giant in the Playground) forum has. You can put a bunch of text in a box that one needs to click "show" to be able to see. Helps for very long posts and talking about spoiler-esque material.

"Let the past die. Kill it if you have to."

Foradain
Foradain's picture
Offline
Last seen: 1 week 2 days ago
kickstarter11th Anniversary Badge
Joined: 10/25/2013 - 21:06
One difference between most

One difference between most military installations and a ship at sea (or, presumably, a base on an island so small that there is no room for anything else, or the base at Guantanamo Bay) may be that the ship's internet connection is pretty much the only choice. Whether you're at a workstation or in your quarters, it still goes through that same feed. On most military bases, there may be a dedicated connection for the base, on which such restrictions might apply, but on all but the most isolated bases, I can't see restrictions on internet to the barracks as being desirable, and I can't see restrictions on smartphone access as being practical outdoors.

This is, however, only the opinion of a Marine who hasn't been on a military base other than as a guest since before The Wall came a-tumbling down, unless you count a certain stretch of I-5 between San Clemente and Oceanside. I was considering mainly bandwidth aspects, with the security of a naval vessel having the priority when its connection is the only internet available. It may be that security aspects on land bases are judged more important than I thought, in which case what is impractical becomes practical.

Foradain, Mage of Phoenix Rising.
[url=https://cityoftitans.com/forum/foradains-character-conclave]Foradain's Character Conclave[/url]
.
Avatar courtesy of [s]Satellite9[/s] [url=https://www.instagram.com/irezoomie/]Irezoomie[/url]

DariusWolfe
Offline
Last seen: 1 year 11 months ago
Joined: 09/19/2018 - 06:22
The bandwidth limitations for

The bandwidth limitations for a ship at sea is a factor I hadn't considered, so it's quite possible that there are additional restrictions. Barracks and other installation housing internet is commercially provided and paid for by the service-member, so there are no restrictions other than what the ISP may have.

Facebook on DoD networks is an odd beast, because the DoD made a blanket decision some time back (2008, I think?) to allow Facebook so that deployed servicemembers can keep in touch with their families, though it is closely monitored (or was; we were required to register our Facebook names with S2 before my first deployment). Reddit and YouTube are still allowed on every NIPR network I've used, aside from that brief time I mentioned before, so I'm still able to get in my gaming-related fixes, just certain sites like this one are blocked due to site category.

~ DariusWolfe
Errant, TNT, Vibrant and Fluxion on Liberty

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Lothic wrote:
Lothic wrote:

My main "thing" about having a new forum/website would be whether or not the DoD would let it pass.

Unfortunately, I don't see any way the new site won't get filtered the same as the current site. It'll have the same URL and be even more obviously a game site.

We have zero power over the DoD's determinations, and to my knowledge, we have never been contacted by them nor do we have a channel to the relevant DoD office.

Sorry, man.

Project_Hero wrote:

I'd like some features. Like being able to see who posted last in a thread and a spoiler box thing. It's something the GitP (Giant in the Playground) forum has. You can put a bunch of text in a box that one needs to click "show" to be able to see. Helps for very long posts and talking about spoiler-esque material.

Who posted last: That's on the topic list page right now. Last column on the right. Or did you mean something else?

Spoiler tags: People have been asking for that for a long time. The catch has been partly that there are many different "spoiler tags" out there and they work different, so I'm wondering which one's the best. Any recommendations for functionality? Click-to-show? Hover? (breaks on touch UIs) What works with accessibility?

[i]Has anyone seen my mind? It was right here...[/i]

Project_Hero
Project_Hero's picture
Offline
Last seen: 3 years 2 months ago
Joined: 10/09/2014 - 11:21
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:
Project_Hero wrote:

I'd like some features. Like being able to see who posted last in a thread and a spoiler box thing. It's something the GitP (Giant in the Playground) forum has. You can put a bunch of text in a box that one needs to click "show" to be able to see. Helps for very long posts and talking about spoiler-esque material.

Who posted last: That's on the topic list page right now. Last column on the right. Or did you mean something else?

Spoiler tags: People have been asking for that for a long time. The catch has been partly that there are many different "spoiler tags" out there and they work different, so I'm wondering which one's the best. Any recommendations for functionality? Click-to-show? Hover? (breaks on touch UIs) What works with accessibility?

On mobile (android and google browser) the last column only says what time/date the last post was, not who posted. Or at least this is the case on my phone (LG 6) and my last phone.

And I like the style of spoiler tag that GitP uses. That's a click to show kind, easy to use with mobile, and you can't accidently activate it.

"Let the past die. Kill it if you have to."

DesViper
DesViper's picture
Offline
Last seen: 2 years 11 months ago
Developer11th Anniversary Badge
Joined: 03/10/2014 - 00:55
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Spoiler tags: People have been asking for that for a long time. The catch has been partly that there are many different "spoiler tags" out there and they work different, so I'm wondering which one's the best. Any recommendations for functionality? Click-to-show? Hover? (breaks on touch UIs) What works with accessibility?

I vote click-to-show: better for touchscreens, and is harder to accidentally click and see the unseeable ;)

[hr]
[color=red]PR, Forum Moderator[/color]
[url=http://cityoftitans.com/forum/desvipers-creative-impulsivity]My Non-Canon Backstories[/url]
Avatar by MikeNovember

Cyclops
Cyclops's picture
Offline
Last seen: 2 years 4 months ago
11th Anniversary Badge
Joined: 04/10/2015 - 17:24
One advantage to a new Forum.

One advantage to a new Forum. I can make, "Caption THIS!" posts using real screenshots from the game.

[img]https://s15.postimg.cc/z9bk1znkb/Black_Falcon_Sig_in_Progess.jpg[/img]

Lothic
Lothic's picture
Offline
Last seen: 5 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Foradain wrote:
Foradain wrote:

One difference between most military installations and a ship at sea (or, presumably, a base on an island so small that there is no room for anything else, or the base at Guantanamo Bay) may be that the ship's internet connection is pretty much the only choice. Whether you're at a workstation or in your quarters, it still goes through that same feed. On most military bases, there may be a dedicated connection for the base, on which such restrictions might apply, but on all but the most isolated bases, I can't see restrictions on internet to the barracks as being desirable, and I can't see restrictions on smartphone access as being practical outdoors.

DariusWolfe wrote:

The bandwidth limitations for a ship at sea is a factor I hadn't considered, so it's quite possible that there are additional restrictions. Barracks and other installation housing internet is commercially provided and paid for by the service-member, so there are no restrictions other than what the ISP may have.

Facebook on DoD networks is an odd beast, because the DoD made a blanket decision some time back (2008, I think?) to allow Facebook so that deployed servicemembers can keep in touch with their families, though it is closely monitored (or was; we were required to register our Facebook names with S2 before my first deployment). Reddit and YouTube are still allowed on every NIPR network I've used, aside from that brief time I mentioned before, so I'm still able to get in my gaming-related fixes, just certain sites like this one are blocked due to site category.

On our USNS ships once we're far enough from land to lose commerical cell service (roughly 10 miles or so) we're stuck with the satelitite based NIPR/SIPR ISP provided through the Navy. Not only do we suffer from all the military restrictions/flitering based on content but we're also severely limited in terms of bandwidth.

We have dedicated large, high speed circuits for critical mission data, but the lines set aside for what amounts to our "non-essential" crew Internet is basically like sharing a single dial-up among several dozen people. So this means we are technically prohibited from streaming vids and the like as well. Even the workstations directly connected to the networks that lead off the ships are heavily admin controlled and monitored by comms so the idea of something like playing a game like CoT out here would be unthinkably laughable for multiple reasons - you couldn't even really get away with installing it on a machine much less having the decent enough bandwidth to play.

Lin Chiao Feng wrote:
Lothic wrote:

My main "thing" about having a new forum/website would be whether or not the DoD would let it pass.

Unfortunately, I don't see any way the new site won't get filtered the same as the current site. It'll have the same URL and be even more obviously a game site.

We have zero power over the DoD's determinations, and to my knowledge, we have never been contacted by them nor do we have a channel to the relevant DoD office.

Sorry, man.

Again the main reason CoT seems to get filtered out here is not technically because it's a "game" site. As I've explained to you before it fails because it doesn't like CoT's certificate situation. CoT worked perfectly fine out here until you switched around your certificates. This is why I figured there might be a slim chance the "status quo" will change if you change the way your certificates work with the new site.

Don't worry about it otherwise. I doubt you'd ever be contacted by the DoD about it given the fact that they block like 75% of the entire Internet regardless - it's not anything uniquely personal against CoT.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 2 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Any recommendations for functionality? Click-to-show?

Click to Show.

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

StellarAgent
Offline
Last seen: 3 months 3 weeks ago
kickstarter11th Anniversary Badge
Joined: 09/25/2013 - 13:48
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Any recommendations for functionality? Click-to-show?

Click to Show.

McJigg
McJigg's picture
Offline
Last seen: 2 years 8 months ago
kickstarter
Joined: 07/06/2016 - 05:14
I'll vote for click to show,

I'll vote for click to show, that way it needs to be deliberate. Hover can cause slight issues based on where the mouse is........ I guess also mobile reasons.... *shudder*

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
Add another vote for click-to

Add another vote for click-to-show style spoiler tags. As far as I can tell they don't need to be "adapted" to touch screens, and it is very hard to accidentally "activate" them. All around they seem to be the better option in terms of functionality.

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Lothic wrote:
Lothic wrote:

As I've explained to you before it fails because it doesn't like CoT's certificate situation. CoT worked perfectly fine out here until you switched around your certificates. This is why I figured there might be a slim chance the "status quo" will change if you change the way your certificates work with the new site.

Unless something changes, I doubt our certificate setup will change [i]at all[/i] with the new site. We get free certificates from Let's Encrypt automatically renewed about every two months. That's a mostly-independent process from the web site; the web server is configured to know where to get the current certificates on the disk, and the web site code itself doesn't touch them at all.

Let's Encrypt chains back to a root certificate from Internet Security Research Group (certificate name is "ISRG Root X1" and it has a SHA1 fingerprint of CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8) and ships with the major browsers. If they're blocking that, I can't help you, but you might ask them to review it.

[i]Has anyone seen my mind? It was right here...[/i]

Lothic
Lothic's picture
Offline
Last seen: 5 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:
Lothic wrote:

As I've explained to you before it fails because it doesn't like CoT's certificate situation. CoT worked perfectly fine out here until you switched around your certificates. This is why I figured there might be a slim chance the "status quo" will change if you change the way your certificates work with the new site.

Unless something changes, I doubt our certificate setup will change [i]at all[/i] with the new site. We get free certificates from Let's Encrypt automatically renewed about every two months. That's a mostly-independent process from the web site; the web server is configured to know where to get the current certificates on the disk, and the web site code itself doesn't touch them at all.

Let's Encrypt chains back to a root certificate from Internet Security Research Group (certificate name is "ISRG Root X1" and it has a SHA1 fingerprint of CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8) and ships with the major browsers. If they're blocking that, I can't help you, but you might ask them to review it.

Again we've actually already been through all this when I brought this issue up with you months ago. I'm just holding out some random vague hope that with a "new website" something about the whole situation might change for the better. In the long run based on what you just said it looks like CoT will be effectively banned by the DoD as long as you continue to use certificates they apparently don't trust. Again as I told you if the situation ever does change I'll let you know. Thanks anyway.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

warlocc
warlocc's picture
Offline
Last seen: 4 hours 41 min ago
Developerkickstarter
Joined: 09/20/2013 - 16:38
To be fair, the site does

To be fair, the site [I]does[/I] show as "Not Secure" on most web browsers. Apparently something is up with the certificate.

[color=red]PR Team, Forum Moderator, Live Response Team[/color]

blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 8 months ago
Joined: 03/28/2015 - 03:02
warlocc wrote:
warlocc wrote:

To be fair, the site [I]does[/I] show as "Not Secure" on most web browsers. Apparently something is up with the certificate.

For me it says "not [b]fully[/b] secure", and mentions images explicitly. Though those images are most likely in posts (like the sig-pics) since when posting a comment (quoting) it shows as fully secure. Using Chrome here.

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
The "not secure" is because

The "not secure" shows up when there's user content on our pages that have HTTP URLs instead of HTTPS. I decided a while back not to hassle everyone over it, however, it does make writing a proper [url=https://en.wikipedia.org/wiki/Content_Security_Policy]Content Security Policy[/url] for the site problematic at best.

This thread, by contrast, is (so far) fully secure. Whatevs.

If you're curious, you can see exactly what on a page isn't secure using a tool like [url=https://www.whynopadlock.com/]Why No Padlock[/url].

[i]Has anyone seen my mind? It was right here...[/i]

DesViper
DesViper's picture
Offline
Last seen: 2 years 11 months ago
Developer11th Anniversary Badge
Joined: 03/10/2014 - 00:55
Giving "not secure" on chrome

Giving "not secure" on chrome here

[hr]
[color=red]PR, Forum Moderator[/color]
[url=http://cityoftitans.com/forum/desvipers-creative-impulsivity]My Non-Canon Backstories[/url]
Avatar by MikeNovember

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Yeah, whoops. The broken URLs

Yeah, whoops. The broken URLs are:
[list][*]http://i57.tinypic.com/qs5aip.jpg (Lothic's signature image)
[*]http://i.imgur.com/LcCKduA.gif (Redlynne's signature image)
[/list]

Redlynne's can be fixed by changing http to https. Lothic's can't because apparently tinypic.com isn't running an https server.

Signatures are usually where these breakages are.

[i]Has anyone seen my mind? It was right here...[/i]

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
There used to be one of those

There used to be one of those "gamer ID image" services running, I think in conjunction with AMD, that went under a few years back. Then their domain got bought by someone who started trying to do injection attacks via those "images" or something, and we had to go through everyone's signatures and remove them. Luckily they were only on five accounts, four of which were idle.

[i]Has anyone seen my mind? It was right here...[/i]

DesViper
DesViper's picture
Offline
Last seen: 2 years 11 months ago
Developer11th Anniversary Badge
Joined: 03/10/2014 - 00:55
Yeah, the site outside forums

Yeah, the site outside forums and unanswered topics are secure

[hr]
[color=red]PR, Forum Moderator[/color]
[url=http://cityoftitans.com/forum/desvipers-creative-impulsivity]My Non-Canon Backstories[/url]
Avatar by MikeNovember

ivanhedgehog
Offline
Last seen: 4 months 1 day ago
kickstarter
Joined: 11/04/2013 - 12:46
DariusWolfe wrote:
DariusWolfe wrote:

The bandwidth limitations for a ship at sea is a factor I hadn't considered, so it's quite possible that there are additional restrictions. Barracks and other installation housing internet is commercially provided and paid for by the service-member, so there are no restrictions other than what the ISP may have.

Facebook on DoD networks is an odd beast, because the DoD made a blanket decision some time back (2008, I think?) to allow Facebook so that deployed servicemembers can keep in touch with their families, though it is closely monitored (or was; we were required to register our Facebook names with S2 before my first deployment). Reddit and YouTube are still allowed on every NIPR network I've used, aside from that brief time I mentioned before, so I'm still able to get in my gaming-related fixes, just certain sites like this one are blocked due to site category.

Does it say how old I am that the last time I lived in barracks there was no such thing as the internet?

Lothic
Lothic's picture
Offline
Last seen: 5 months 1 week ago
kickstarter11th Anniversary Badge
Joined: 10/02/2013 - 00:27
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Yeah, whoops. The broken URLs are:
[list][*]http://i57.tinypic.com/qs5aip.jpg (Lothic's signature image)
[*]http://i.imgur.com/LcCKduA.gif (Redlynne's signature image)
[/list]

Redlynne's can be fixed by changing http to https. Lothic's can't because apparently tinypic.com isn't running an https server.

Signatures are usually where these breakages are.

Eh, I've been using that tinypic pic here for 5+ years and honestly didn't give it much thought from the security point of view. It's actually just a pic I photo shopped and loaded up to tinypic so I never really worried about it. Probably didn't think I'd still be using it for 5+ years in the first place. If you eventually want everyone to "upgrade" I will but we're about to ship out again and don't really have time to mess with it right now.

Perhaps if it truly is a concern you can make it so that the new webpage will only accept "secure" links in signatures, attachments, etc. assuming that's reasonably doable. Who knows... that might even help with the DoD blacklist issue.

CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]

Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 months 1 week ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
Lothic wrote:
Lothic wrote:

Perhaps if it truly is a concern you can make it so that the new webpage will only accept "secure" links in signatures, attachments, etc. assuming that's reasonably doable.

We'll just put in a CSP that bans HTTP URLs and watch all those images turn into the busted-link icon.

Or maybe we'll allow image uploads and host things here. There'll be size caps and such for that, though.

[i]Waaayyy[/i] down on our priority list, though, since there are no known exploit vectors on this site's software created by HTTP-delivered images.

[i]Has anyone seen my mind? It was right here...[/i]

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 2 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Lin Chiao Feng wrote:
Lin Chiao Feng wrote:

Yeah, whoops. The broken URLs are:
[list][*]http://i.imgur.com/LcCKduA.gif (Redlynne's signature image)[/list]

Redlynne's can be fixed by changing http to https.

Done.

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

Seschat
Seschat's picture
Offline
Last seen: 2 years 1 week ago
Joined: 11/18/2018 - 09:08
So who is that tiny dancing

So who [u]is[/u] that tiny dancing person, Redlynne? I've been wondering for months.

Native of Triumph - Victory - Protector - Gladden - Dwarrowdelf - Tribble
Broad spectrum geek and Shadowy Advisor
Yes, my [u][url=https://www.deviantart.com/revanantmorituri]art gallery[/url][/u] is almost entirely screen captures. Tough.

Redlynne
Redlynne's picture
Offline
Last seen: 4 months 2 weeks ago
kickstarter11th Anniversary Badge
Joined: 10/28/2013 - 21:15
Seschat wrote:
Seschat wrote:

So who [u]is[/u] that tiny dancing person, Redlynne? I've been wondering for months.

It's a gif I stumbled across about 25 years ago (so 1993 time frame-ish), saved a copy for my own use ... and have been using ever since. I never saw an attribution for the gif at the time, or since.

I just like the way she moves ... as do a lot of other people, apparently. @.@

[center][img=44x100]https://i.imgur.com/sMUQ928.gif[/img]
[i]Verbogeny is one of many pleasurettes afforded a creatific thinkerizer.[/i][/center]

Adrenalin
Adrenalin's picture
Offline
Last seen: 5 years 1 month ago
kickstarter
Joined: 10/19/2013 - 19:25
Lothic wrote:
Lothic wrote:

Long story short the CoT website as it currently exists has been "blacklisted" for a couple of years now mostly due to some of the certificate problems it had at the time.

Sorry, just had to mention that this gave me a chuckle. As someone who has had to navigate DoD websites for years in the civilian world, I long ago ran out of fingers and toes while counting the number of times my system complained because there was something wrong with a DoD certificate. Occasionally it's even been so bad that it required me to unblock a site in order to access it. Gotta love government "do as I say, not as I do" rules. ;)

chase
chase's picture
Offline
Last seen: 5 years 1 month ago
kickstarter11th Anniversary Badge
Joined: 10/23/2013 - 11:11
Adrenalin wrote:
Adrenalin wrote:
Lothic wrote:

Long story short the CoT website as it currently exists has been "blacklisted" for a couple of years now mostly due to some of the certificate problems it had at the time.

Sorry, just had to mention that this gave me a chuckle. As someone who has had to navigate DoD websites for years in the civilian world, I long ago ran out of fingers and toes while counting the number of times my system complained because there was something wrong with a DoD certificate. Occasionally it's even been so bad that it required me to unblock a site in order to access it. Gotta love government "do as I say, not as I do" rules. ;)

Once upon a time, saying, "I'm used to a DoD level of security" was taken to mean "I'm used to more cybersecurity paranoia than most." Now, the response is more "Oh, so, ....none... then?"

Adrenalin
Adrenalin's picture
Offline
Last seen: 5 years 1 month ago
kickstarter
Joined: 10/19/2013 - 19:25
chase wrote:
chase wrote:
Adrenalin wrote:
Lothic wrote:

Long story short the CoT website as it currently exists has been "blacklisted" for a couple of years now mostly due to some of the certificate problems it had at the time.

Sorry, just had to mention that this gave me a chuckle. As someone who has had to navigate DoD websites for years in the civilian world, I long ago ran out of fingers and toes while counting the number of times my system complained because there was something wrong with a DoD certificate. Occasionally it's even been so bad that it required me to unblock a site in order to access it. Gotta love government "do as I say, not as I do" rules. ;)

Once upon a time, saying, "I'm used to a DoD level of security" was taken to mean "I'm used to more cybersecurity paranoia than most." Now, the response is more "Oh, so, ....none... then?"

*Nods* and then there's their on base idea of technical support, which is sending them an email about the problem you're having with your computer. Hubs' constant reply? "If I could use my email, I wouldn't need your help." The man is mere inches away from being a technophobe and it was kind of like poking a bear with a dull stick.