GWJ bugs, feature requests, and updates

master0 wrote:

Weird bug where I was logged into another users account. It fixed itself fairly quickly. Was able to see their recent discussions and name. Once I clicked away it was fixed.

Uh, that sounds like a bad one.

Hey this seems like it might be urgent but i don't know where to post it.

I got alerted by chrome that my password for GWJ appeared in a data breach.... I don't think i use this password for anything but GWJ. any chance we need to make everyone change their PW and investigate if there was a breach in security?

I just checked my GWJ password against the Have I Been Pwned system, and it's coming back as being unhacked. However, my password here is strong-ish (not as strong as newer passwords, I should change it), so it might take a good long while for someone to crack it. If yours was weakish (8 characters or less, no special characters), then it would pop up in cracked lists much sooner if the encrypted GWJ password database had escaped.

We'd probably want some more people to check theirs. If we don't really see any sign of mass compromise, the problem might be a local hack on your machine. But if we get a few people saying, 'hey, wait a minute, this GWJ-unique password is cracked', then it could be a site problem.

weird, i just checked the "have i been pwnd" system as well and it says my PW is fine.... very strange. does chrome have different access to data breaches? What evidence should i check for on my local machine?

It might not be on Pwned yet, Google could be further ahead than them. I'd suggest changing it immediately, and then we'll have to wait for more feedback from other people. I changed mine already, and will probably have to change it again if it turns out that GWJ is indeed hacked in some way.

Malwarebytes is probably a good first scanner to check for obvious problems.

Is windows defender decent at this kind of thing or actually a joke? i see Malwarebytes costs about 50 a year.

Oh did they shift to paid? Crap, they used to be free.

Windows Defender isn't terrible, and running a full scan won't hurt a thing, but a negative result won't tell you anything, since pretty much any malware has to get past Defender in the first place. If, however, you get a positive result, you can trust that.

Beyond that, we should probably take this part of the discussion to another thread, but I don't see anything that's quite right.

edit: Malwarebytes looks like they still have a free version that will work for 14 days. That will at least give you a stronger idea of whether you're compromised.

FiveIron wrote:

Hey this seems like it might be urgent but i don't know where to post it.

I got alerted by chrome that my password for GWJ appeared in a data breach.... I don't think i use this password for anything but GWJ. any chance we need to make everyone change their PW and investigate if there was a breach in security?

Hey, thanks! I'll Check with Doogiemac to see if he has any more information. In the meantime, it can't hurt to update passwords.

We're not seeing any reports of breaches for gamerswithjobs.com in a few different sources (google, 1password's watchtower, and another identity monitoring tool Doogiemac uses). Unless we hear more reports, we're not going to be forcing a password change for everyone for now.

The best test would be people who used a unique, but weakish password on GWJ, which is probably a pretty small subset.

My old one hasn't showed up, but it was pretty strong, so it might take a good long while to crack.

fair enough, maybe it was just a glitch with google. i just checked pwnd again and my pw still hasn't shown up there.

thanks for checking!

nevermind. chrome forgot my new PW for some reason and i wrote my new one down wrong

FiveIron wrote:

Hey this seems like it might be urgent but i don't know where to post it.

I got alerted by chrome that my password for GWJ appeared in a data breach.... I don't think i use this password for anything but GWJ. any chance we need to make everyone change their PW and investigate if there was a breach in security?

Sounds like you got it sorted out.
Chrome just has a copy of all of the data breaches and can check your username/password against it.

When they added that feature, I had dozens of passwords fire off, as I've been using chrome for ages. I finally went through them all recently, and discovered that some of them were *old* saved passwords. Chrome doesn't actually know your current login info, so if you used to have a password that you have used elsewhere, that might be the one saved to your chrome profile. I've also seen chrome save multiple passwords for a web site, some of which may not have usernames attached to them. That's the easiest way to have an old password lying around for chrome to detect.

Stele wrote:

Not sure if this is a browser issue or site issue, but it's new behavior the last week(s).

After I make a post, the page loads, and it used to scroll right to my post. Now it scrolls back to the top of the page. If I click on the link above my comment, it scrolls directly to the comment, like it did before. But after posting it's not properly doing that.

Is Chrome causing this or did something change on the site?

Stele wrote:

Thanks, Amoebic. That's exactly how it works on mobile, and used to work on PC. But now my Chrome is funny.

Post, and the page goes to the top, even though the address bar has my comment in it.

Click on a thread with new posts and it properly goes to the first unread. But then if I refresh (F5), it goes to the top, instead of keeping my place on the page. Same with recent posts list, or any thread. F5 is scrolling to the top of the page instead of keeping my place. I tried this on other web sites that I had open and it doesn't do this. Expected behavior on refresh is to keep my scrolled to place, not go to top of page.

If I click the link on an individual post, it goes to that link the first time. But then if I refresh it goes to the top of the page again, instead of staying on that comment. I can hit enter in the address bar to reload too, and it stays at the top. I copy and paste that into a new tab and it still stays at the top. It makes no sense why it works once but never again.

EDIT: I did have one new extension for auto-refresh in Nov that I used for help getting a PS5, but I removed that earlier today just in case. Same behavior without it. Ad blockers, etc. are disabled for this site.

LeapingGnome wrote:

I think it is an issue on your end Stele. Try to disable all addons/plugins and see what happens? Clear cache?

merphle wrote:

I just tested: Click "new" on a thread brings me to the earliest unread post on the page. Clicking reload will reload the page and keep me at that same unread post. Holding shift while clicking reload (to ignore cache and REALLY reload the page from the server) will bring me to to the top of the page (presumably because the GWJ server knows that I've already read everything on the page, so doesn't print a #new anchor when spitting the page back at me).

TL;DR: I'd guess that some addon or config setting in Stele's browser is causing it to always ignore local cache, and always load pages from the server.

I know this was 3 months ago, but I forgot to follow up. Wanted to tell some of you that you were right. It indeed was browser extension causing the problem: Dark Mode

It never did affect when I clicked on "new" and would take me to the first unread post. But every time after I posted (where it usually loads right back to your comment), or when I refreshed a page, it would scroll to top every time. Very odd. But I went through extensions one by one and turned it off.

Just remembered because I was on the site on my phone, and the mobile browser has dark mode built in and works fine. But then went back to the site on my desktop and... eww.

So anybody got a dark mode for dekstop GWJ that doesn't screw up the browser? Or are we going to have an option at some point on the site itself?

Also WTF, why did I just get a captcha for posting on GWJ? That's never happened before.

Maybe a malicious extension that's harvesting your captcha solution to do something bad?

The structure of the site is so old that we would have to rebuild it entirely from scratch to have a dark/light mode toggle. This is actually a huge undertaking! I truly wish it wasn't, as I prefer dark mode.

If we were to continue with the site as is, site color is not something I can go into admin settings to change, it was brought to my attention that it would require seeking out each individual hexcode in the sitecode itself for each page element and manually editing each one. Since it wasn't really built for that, it would likely be a slow process that may be prone to breakage or issues. A change like this, either way, would be permanent.

Either of these options would require hiring additional folks and paying them to build, maintain, and improve the site in ways we would have to budget for.

Have you ever looked under the hood of an old car someone has managed to keep running well past it's expiry date, and seen the inventive and creative ways they've patchworked things together, patch-on-patch-on-patch to keep it running? It's very that.

Were we not in the middle of a global pangolin where many folks had to rightfully reallocate resources to necessities instead of game sites with staffing overhauls that has received mixed reviews, this may have been more viable option. One thing we also didn't account for was that both doogie and myself are now regularly working 40-50+ hours a week each due to switching to work-from-home long term. Employing either of these changes have been workable if only one of these things was the issue?

To be honest, the pandemic has increased site activity and traffic (both good and bad, we spend a lot of time modding site activity as well as deleting bots, but also seen users return <3 that haven't been on since work firewalls kicked our asses for having "gamer" in our url) but also decreased resources and availability.

(By the way, thank you to everyone who reports bot posts! It really, really helps! They're just the tip of the iceberg, the site does catch and reject most of them, however some of them still get through).

My biggest concern is that a lot of folks already don't like me, don't like where I'm taking the site and the show, or don't like change or new things in general. There's a reason so many folks stuck around an entity that remained mostly unchanged for 18+ years, so introducing new changes is always fraught with a decent amount of abandonment, backlash and lamentation.

I don't fault people for that; I knew that coming in, and I understand why that is. I was brought in because the higher-ups needed and wanted the change, but that doesn't mean the community or audiences will be happy with it. The review bombing, content reporting, rude emails/pms, and hurtful comments on show threads has thankfully slowed down, however any new changes to show, site, or function always brings a few more out of the fold and I've reached a point in the global panini that I'm...extremely hesitant to strive towards bold changes and err on the side of caution.

I know it doesn't seem like a major change on the surface, and seems like a simple request. There's an incredible amount of unseen work, restructuring of finances, and calculating of risks that needs to go into any kind of major structural change, and I need to sit down with a few key folks to really discuss the feasibility of that. I appreciate the kick in the pants towards this direction.

Malor wrote:

Maybe a malicious extension that's harvesting your captcha solution to do something bad?

It was my understanding that if you're trying to create a post that contains certain types of links, you may be asked to enter a captcha from cloudflare if it meets certain thresholds. Certain VPN locations, posting from a non-north-american country, posting from an ip that has been flagged for lots of bad bot activity elsewhere(??beyond my scope of understanding, I could be 100% wrong about this and misunderstanding what was said about our trackers), linking to a page or site that google has determined to be unsafe, or using an outdated browser were some of what may have caused some of it in the past.

Maybe it might be time to just port the forum to something new? That might actually be easier than trying to monkeypatch stuff into an ancient code base. That would be more work up front than any individual monkeying around, but then you'd get a whole raft of improvements for no additional effort.

Thinking about it, didn't this site do that once already? I have a vague memory that there was a new implementation running in parallel for awhile for bug testing, and then everything got dragged over to the new site. That went quite well, might have been doogiemac doing the port. I don't remember anyone being uptight about the upgrade, so whoever it was did an excellent job.

Amoebic wrote:

The structure of the site is so old that we would have to rebuild it entirely from scratch to have a dark/light mode toggle. This is actually a huge undertaking! I truly wish it wasn't, as I prefer dark mode.
...

Whoa. I was hoping it would be something like updating the Drupal version would have a dark/light mode built in. Which I know is still a huge deal, but thought maybe was on the roadmap or something. Site looks great on mobile Chrome dark mode.

Sorry about all the other stuff. People suck. Most of us love you.

Amoebic wrote:
Malor wrote:

Maybe a malicious extension that's harvesting your captcha solution to do something bad?

It was my understanding that if you're trying to create a post that contains certain types of links, you may be asked to enter a captcha from cloudflare if it meets certain thresholds. Certain VPN locations, posting from a non-north-american country, posting from an ip that has been flagged for lots of bad bot activity elsewhere(??beyond my scope of understanding, I could be 100% wrong about this and misunderstanding what was said about our trackers), linking to a page or site that google has determined to be unsafe, or using an outdated browser were some of what may have caused some of it in the past.

Yeah it did say Cloudflare on the captcha page, so I thought it might be legit. And then when I posted the next comment asking about it, didn't get one.

It was me posting that chain of quotes... maybe it didn't like all those bracket quote tags?

Malor wrote:

Maybe it might be time to just...

My limited experience in the tech world is that if a solution seems obvious / simple enough to merit the modifier "just," and yet has remained unimplemented, there is always some barrier to its implementation that I am not seeing.

That doesn't always mean that the suggestion is a bad one or that the barrier is insuperable, but my hackles are always raised by the implications of that word, "just."

I overuse that word, in this case meaning something that's conceptually simple, even if the implementation would be difficult. I probably shouldn't have used it there. But the fundamental process seems doable, at least in the sense of exporting and importing boards, threads and users, which are common features in all forum packages I'm aware of.

It would be much harder than implementing any one (or probably any five) features individually, but since they'd get a whole package as a result, there might be software out there with a sufficiently attractive feature set to be worth the extra work.

Might not, too. Everything out there might suck. I haven't done any homework.

edit: I'm not unhappy with this software, btw. It works fine for me. But with the pain of implementing new features, and an apparent demand for some, a change might be in order. I'm not saying to definitely do that, but at least thinking about it might be good.

hbi2k wrote:
Malor wrote:

Maybe it might be time to just...

My limited experience in the tech world is that if a solution seems obvious / simple enough to merit the modifier "just," and yet has remained unimplemented, there is always some barrier to its implementation that I am not seeing.

That doesn't always mean that the suggestion is a bad one or that the barrier is insuperable, but my hackles are always raised by the implications of that word, "just."

This is not just a tech world thing, but a life thing in general and I want to put emphasis on this. Malor I know you're tech enough to know this, so I understand the shorthand but also appreciate this clarification.

As far as a new site, that's def a conversation I'd have to wrastle Shawn and Doogie for, for sure. Doogie and I have been rescheduling the same meeting back and forth for months, so we can get it together on a day without schedule conflicts and discuss. I'll own lagging on pinning that down, sorry folks.

A new site would resolve a lot of existing issues, by replacing them with an entirely different set of ones! That will need to be assessed. Thanks for the feedback, folks <3

I mean
<.<
>.>

...look at all this space where we don't put ads. We could put so many other things there that aren't ads but are still good and fun. There are many good reasons, but they all need to be accounted for.

Amoebic wrote:

in the middle of a global pangolin

This typo/autocorrect made me smile.

IMAGE(https://i.imgur.com/VBTbTtS.jpg)

Amoebic wrote:

A new site would resolve a lot of existing issues, by replacing them with an entirely different set of ones! That will need to be assessed. Thanks for the feedback, folks <3

It's worth reiterating that the kind folks who maintain this site do it on a generally volunteer/unpaid basis, I believe.

On that note, have there been any thoughts put towards hiring a contractor for 3-6 months, with a fixed goal of upgrading the site to a more modern & maintainable architecture?

Mantid wrote:
Amoebic wrote:

in the middle of a global pangolin

This typo/autocorrect made me smile.

IMAGE(https://i.imgur.com/VBTbTtS.jpg)

That's not a typo, I also called it a Panini.

Amoebic wrote:

That's not a typo, I also called it a Panini.

Oh. I take it all back than.

merphle wrote:
Amoebic wrote:

A new site would resolve a lot of existing issues, by replacing them with an entirely different set of ones! That will need to be assessed. Thanks for the feedback, folks <3

It's worth reiterating that the kind folks who maintain this site do it on a generally volunteer/unpaid basis, I believe.

On that note, have there been any thoughts put towards hiring a contractor for 3-6 months, with a fixed goal of upgrading the site to a more modern & maintainable architecture?

Thoughts, yes! It has been mentioned to look into having someone contracted that doogie can oversee, but nothing hammered down. We would want to discuss project details, scope, and what tools/knowledge are required based on what we'll decide we want. I want to have a pretty clear direction and end goal with some of the pie-in-the-sky-wants grounded in reality before seeking out skillsets so we can avoid job creep as much as possible.

I'd like to post a tentative feedback survey for users regarding a site/ui wish list, with a clear understanding that it's not a guarantee that all suggestions will make the cut. I'm interested in collecting info that reveals trends and issues that a site change can resolve or implement as a whole.