OpenBSD Journal

Request for testing: https://beta.undeadly.org/

Contributed by rueda on from the better-late-than-never or shut-up-and-code dept.

TL;DR - A modernised version of Undeadly is available for testing at <https://beta.undeadly.org/>. Broken features of the current site have been fixed, removed, or replaced. The new software supports - and, where appropriate, requires - HTTPS. Testing, contributions, and constructive feedback would be appreciated.


An effort to modernise the Undeadly software was initiated in response to the article Undeadly and HTTPS. This has resulted in substantially reworked software which is now available for public testing. Note that this is not the completely new system which is (arguably) needed.

Highlights of the changes include:

  • HTTPS is supported everywhere, and is mandatory for activities involving sensitive information.
  • (Deliberately simple) HTML5 and CSS2 are used.
  • Standard HTTP error codes are used. On error in form input, the client is returned to the form and an indication of the problem(s) is given.
  • Cryptography has been modernised. For example, HMAC-SHA256 (rather than SHA-1) is used for digests. An exception is the user password storage which, for backward compatibility, retains the legacy format (for now).
  • Coding security has been improved:
  • The broken search facility has been replaced by an archive/index and use of a search engine.
  • The errata display and RSS feed have been fixed.
  • Comment modes have been removed. Comments are now displayed as nested (ordered) lists [as nature intended].
  • With the exception of a few minor features needed during the transition, the CGI program is no longer Undeadly-specific. User groups and their rights are now defined in the run-time configuration file. Administrators have fine-grained control of the permitted actions for different classes of user.
  • Several changes have been made in an attempt to relieve the burden on readers and (especially) editors caused by comment and submitted article spam:
    • Articles are closed for comment after a suitable interval.
    • Article and comment contributions are accepted only from logged-in users. (If there is a legitimate need for anonymous contribution, please contact the Editors.)
    • The (widely abused) "moderation" system has been removed. In its place there is now a mechanism for reporting to the Editors comments which are spammy or otherwise inappropriate.
    • User contributions are parsed more strictly than previously to prevent JavaScript and style injection.
    Whilst the Editors appreciate that these changes may be unpopular with some, it is not by offers of assistance that the Editors find themselves overwhelmed.

What is Requested

  • Testing
  • Bug reports
  • Offers of assistance, particularly with:
    • CSS - General aesthetic appeal and, specifically, better behaviour on small-screen/mobile devices need to be addressed. (Hitherto, the emphasis has been on development/testing rather than appearance.)
    • Icons for article topics.
  • Reports of spam and otherwise inappropriate comments in front page articles.

What is Not Needed

  • Non-constructive criticism :-)
  • Reports of spam and otherwise inappropriate comments in old articles. The Editors are aware that there are many old articles riddled with comment spam, but there is little point in attempting to address this until the articles can be closed for further comment.

(Comments are closed)


Comments
  1. By rjc (rjc) rjc on

    Articles themselves looks much better on mobile - would be nice to get rid of/hide the right-side menu bar on the main page.

    Things you probably are aware of - logon, comments, search - do not work under beta.

    Other than that, I like it :^)

    Comments
    1. By rjc (rjc) on

      Nice that archive now works but, given that articles are displayed in reverse-chronological order, it seems intuitive (at least to me) to have the months ordered in the same fashion :^)

      Comments
      1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

        It's certainly up for discussion. Some of us find reversed months fairly odd-looking, but it's in the eye of the beholder. (Thanks for the feedback.)

        Comments
        1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

          Just to clarify my previous comment...

          Whilst reverse-chronological order certainly make good sense for the current year, it's less clear (to me) that it make sense for earlier years - and yet, consistency is desirable.

    2. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

      As stated in the article (-:

      • Those with CSS expertise are invited to help improve the appearance on small-screen devices.
      • Commenting is available only to logged-in users.

      Logon should be working. It certainly is for some of us!

      Search is now fixed. (It was just a copy-and-paste error in an HTML template.) Thanks for the report!

      Comments
      1. By rjc (rjc) on

        > As stated in the article (-:

        It's not working as described :^P, at least not for me :^)

        > Those with CSS expertise are invited to help improve the appearance on small-screen devices.

        My CSS "expertise" ended around 15 years ago (before modern "smart" devices) so I won't be much help here I'm afraid :^(

        > Commenting is available only to logged-in users.
        >
        > Logon should be working. It certainly is for some of us!

        Let me elaborate - after clicking on "Login", I'm being presented with "Username" and "Password" from and after entering my details, it "seems" to be working, i.e. it certainly produces an error when I enter details which are deliberately incorrect. However:

        - I still see the "Login" link.
        - "Logout" or "Preferences" links, like on the "old" (regular) site, are nowhere to be found.
        - I don't see any way to post a comment.

        > Search is now fixed. (It was just a copy-and-paste error in an HTML template.) Thanks for the report!

        Well, it may "work" but doesn't produce any results ;^)

        Thanks for breathing life back into it :^)

        Comments
        1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

          Are you accepting cookies from beta.undeadly.org?

          (As mentioned in a different reply, search engines shouldn't give results for the beta site because of robots.txt)

          Comments
          1. By d. c. (d.c.) dc@ucw.cz on

            > Are you accepting cookies from beta.undeadly.org?
            > (As mentioned in a different reply, search engines shouldn't
            > give results for the beta site because of robots.txt)
            The login function is somehow weird. I was able to log in without any problems. Then (after reading full discussion) I pressed Home and found out I was logged out. After next login it seemed to ignore the login request. A browser "reload page" was needed to login again. Am I clear?

            When I try to post a comment I sometimes get HTTP error 403.

            Comments
            1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

              > When I try to post a comment I sometimes get HTTP error 403.

              That seems to confirm my suspicion that there's a cookie validation bug somewhere - will look into it. If you find a reliably reproducible case, please let us know!

  2. By Edward Ahlsen-Girard (Ed) eagirard@cox.net on

    Looks purty. Also, I'm logged in right now, so that seems to have started working. Search uses my default engine but didn't find things.

    <b>bold</b><br>
    <i>italic</i><br>
    <em>em</em><br>
    <strong>strong</strong><br>

    didn't work in opreview

    Comments
    1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

      Search just redirects to DDG. Search engines shouldn't find anything on the beta site because of the robots.txt file.

      Will look into the HTML-checking issue - thanks.

  3. By Anonymous Coward (norrist) norrist@gmail.com on

    I like to see the article titles stand out more on the main page. I added " font-size: 200%;" to the h2 section of the css, which I thought looked great.

  4. By brynet (Brynet) on https://brynet.biz.tm/

    I saw a sneak peek of this, security improvements and working Archives are nice!

    Not sure if I like the yellows, but maybe it's just the Warning bar that's swaying my opinion. :-)

    Comments
    1. By brynet (Brynet) on https://brynet.biz.tm/

      > I saw a sneak peek of this, security improvements and working Archives are nice!
      >
      > Not sure if I like the yellows, but maybe it's just the Warning bar that's swaying my opinion. :-)

      Reply Subjects don't appear to get pre-populated like they do on the main site.

  5. By SuperH (70.71.108.62) on

    Will we retain the ability to switch between flattened and expanded views? That is the one feature I miss in all the other blogs out there.

    Will we have to create accounts to make comments, or will commenting work the same?

  6. By Anonymous Coward (24.113.18.65) on

    Preventing anonymous comments will help to ensure that there is group-think, and a healthy community is one that can tolerate criticism and suggestions. If you are unable to discuss anything with everyone, it will help encourage myopic focus.

    Comments
    1. By Anonymous Bastard (104.223.123.98) on

      "Preventing anonymous comments will help to ensure that there is group-think, and a healthy community is one that can tolerate criticism and suggestions. If you are unable to discuss anything with everyone, it will help encourage myopic focus."

      Says "Anonymous Coward" ;)

  7. By Simon Lundstrom (simmel) simmel@soy.se on

    The font on mobile really needs to be bigger.

    Atleast the scrolling is gone like on the old page.

    Should subjects really be required on comments?
    Anything but ASCII is not valid in the name, not even 8bit ASCII like åäö.
    Two newlines in plain text mode should equal to a new paragraph.
    Great improvement!

  8. By Stéphane Aulery (lkppo) lkppo@free.fr on

    You could check your HTML/CSS code with the w3c validators :

    - https://validator.w3.org/
    - https://jigsaw.w3.org/css-validator/

    There are yet some mistakes.

    Since the DOCTYPE is HTML5, it's better to drop the "/" in single elements, because it's not an XML dialect.

    Some url aren't well escaped, e.g. :

    http://undeadly.org/cgi?action=article&sid=20170613041706&mode=expanded&count=18

    have to be :

    http://undeadly.org/cgi?action=article&amp;sid=20170613041706&amp;mode=expanded&amp;count=18

    You can also include the css style sheet in the head element and minify it (https://cssminifier.com/), and convert icons for article topics. to base64 and include them in HTML/CSS.

    With those last changes, the browser will send only one HTTP request. Since you use almost always the same icons, it will be really fast (2x quicker).

    You can see an sample there : http://saulery.free.fr/undeadly/modified.htm

    I could help a little for aesthetic but I'm not webdesigner nor mobile expert.

    Comments
    1. By rueda (rueda) on http://www.openbsdfoundation.org/donations.html

      > Some url aren't well escaped, e.g. :

      We know :-( Programmatically-generated ones should all be OK, but manually-specified ones are problematic.

      On the plus side, thanks to kcgi, we can now use: cgi?action=article;sid=20170613041706
      (The other name-value pairs are dropped in this example because beta does not support comment modes.)

  9. By Blake (78.192.104.249) on l33.fr

    Thank you!

  10. By Anonymous Coward (109.163.234.2) on

    Well, I'm with @lkppo , I'm not good with coding, but I could help with aesthetics, if needed.

    Assuming that your goal is to get a pretty looking website, here's some points:
    1. The readability of the website is bad.
    1.1. Lines should be between 60-80 CPL.
    1.2. The font should be geometric sans-serif (I'd suggest Proxima Nova or something similar).
    1.3. The size should be at least 16px.
    1.4. The spacing between lines should be 1.4.
    1.5. Background should probably not be #FFFFFF. There's some studies from W3C showing that people read better on websites with less contrast. Suggestion: bg #EEEEEE and fg #333333

    2. There's no color palette. If you establish colors you can keep the visual homogeneous. I'd suggest: Primary #FFC153 , Secondary #2c3e50

    3. The icons are bad. I could work on this, if needed. Most of the people today are use SVG icons, for responsiveness on mobile and big screens. If you don't want to use SVG because of compatibility issues, try to optimize the PNG icons with pngquant and ECT, to load faster.

    4. Simplify the information as much as possible. I have my critics about this point, but, for accessibility, it's a good move to simplify the content using some things like Readability Formulas em these tips:
    http://www.dhhs.tas.gov.au/publichealth/about_us/health_literacy/health_literacy_toolkit/suitability_assessment_of_material_score_sheet

    Comments
    1. By Damien Couderc (91.135.188.215) on

      I agree on the bad readability. IMHO the actual theme is more readable mainly on the article's titles and as another people said the flatten/expand was a great feature.

  11. By Aaron Bieber (qbit) deftly@gmail.com on http://www.bolddaemon.com

    Is there a process we should follow to submit changes? Excited to see new stuff here!!

    Comments
  12. By ux designer (84.47.154.6) df@g.pl on

    I can see you focused mainly on improvements of the code, but please, involve some UX designer to create a nice front-end. The new UI is no different than the old UI. And remember that UX is not UI

    I DO realize that the content of the articles and the code of the website have bigger priority than appearance, but it's no longer 1997, and very often we use 27-inch screens, and reading such website on a modern equipment is not very convenient - for example the lines of text are too long, typography could be better etc.

    Good design can still be simple, minimalistic, convenient and elegant - all at the same time.

    And... this is my first comment, and I've been reading you guys for a very long time, when "undeadly" was "deadly" - I love this community, I never complained about anything, but since now you're creating an opportunity to test the new website and express opinion, I'd like to throw in few words from myself on UX perspective.

  13. By Salvador Fandino (salva) sfandino@yahoo.com on

    1) The "Show Thread" button and functionality, is it really needed?

    2) In the "Home" section, "Read more ..." and "View" links point to the same places, one of them could (should?) be removed.

    3) I find the colors picked for the buttons (green or white text over a black background) too hard, visually stressing and distracting. Maybe a style similar to that of the upper main-sections menu could be used instead.

    4) In the Login page it is not possible to recover the password.

    5) When posting comments using plain text, empty lines should be converted to paragraph breaks.

    6) When trying to post this comment as HTML, I got the following error: "The value(s) given for the following field(s) were invalid: article/comment content". All I was doing was using some "<p>" tags.

    Comments
    1. By Salvador Fandino (salva) sfandino@yahoo.com on

      > 5) When posting comments using plain text, empty lines should be converted to paragraph breaks.

      On the preview page. Because once the comment is posted it renders correctly.

      And 7) Comment subjects should be optional.

      Comments
  14. By Anonymous Coward (178.175.138.99) on

    I used to admin a forum with a few dozen members a few years ago, so I can comment on spammer behavior somewhat.

    "Articles are closed for comment after a suitable interval."
    This will definitely help. Would be better to keep comments open until some time after a new article is posted, given Undeadly's history of infrequent postings.

    "Article and comment contributions are accepted only from logged-in users. (If there is a legitimate need for anonymous contribution, please contact the Editors.)"
    Disallowing anonymous comments will stiffle discussion significantly, given most commenters are anonymous. Anonymity helps to give people a voice where they may be afraid of persecution/isolation/segregation or accumulating disapproval just because of their opinions.
    Disabling anonymous comments may not reduce the spam. I have seen many situations where spammers will register for an account and then go mad with the spam, even using many different accounts (helps bypass the CAPTCHA requirement). Unless you have good control over account registration, the restriction will just add to your administrative headache, as you have to delete the spam accounts.
    Disallowing anonymous users to make articles is a different situation though, as it generally tends not to be the focus of a journal site like this.

    "The (widely abused) "moderation" system has been removed. In its place there is now a mechanism for reporting to the Editors comments which are spammy or otherwise inappropriate."
    Good change. You could replace it with a like/dislike system, but this may introduce a herd mentality in the comments section where people post just to seek approval from other users.

    "User contributions are parsed more strictly than previously to prevent JavaScript and style injection."
    A basic BBCode parser, or even just allowing some font-related HTML tags, and disallowing URL tags and other HTML, will help. Disallowing <a> links or disabling automatic URL-to-link conversion (if present) will help immensely. Genuine links will rarely be obscured in the form of <a> tags. Almost every spammer is out there to post a link to the website that they are paid to advertise, and I have found that removing the ability for them to post links such as "<a href="http://spamtastic.site/">cheap puffer fish disguises<a>" is very likely to reduce your spam problem.

    You'll never stop spammers completely, but this will go a long way to help with the problem. Nobody in their right mind will copy and paste a spammy link in their browser, and many spammers rely on the "click-to-browse" style to get users onto their sites.

    Comments
    1. By Anonymous Coward (178.175.138.99) on

      Also, the "Web page (optional)" and "Email address (optional) fields should be eliminated for anonymous commenters as these fields also encourage spam.

    2. By Edward Ahlsen-Girard (Ed) on


      > "Article and comment contributions are accepted only from logged-in users. (If there is a legitimate need for anonymous contribution, please contact the Editors.)"

      I am not an editor, but I suspect one reason most comments are anonymous is people not bothering to log in.

  15. By Anonymous Coward (73.219.58.225) on


    Has IPv6 access been disabled on both the old and the beta sites?

    I can only access the two sites via IPv4.


    I like the new look and functionality. Thanks!

    Comments
    1. Comments
      1. By Anonymous Coward (73.219.58.225) on

        > Unfortunately, there have been IPv6 problems
        > outside our control recently.
        > They just happened to coincide with the beta announcement :-(

        Thanks for the reply.

        If the IPv6 problems are ongoing for a while, maybe remove the AAAA records from DNS?

      2. By Anonymous Coward (2601:186:4403:45dc:3c5c:5627:29b2:9001) on

        > Unfortunately, there have been IPv6 problems
        > outside our control recently.
        > They just happened to coincide with the beta announcement :-(

        Looks like IPv6 is working again. :)



  16. By Anonymous Coward (85.191.188.210) on

    I don't think the title placement really works for the articles. It's a bit weird that the "OpenBSD Journal" title from the front page disappears and is replaced with the article title. It took me a very long time to find the article title. I would expect the title to be right above the article. Moving the title down to the article would also make more room for the search box, right now it's almost invisible.

    Everything is a little too close together, adding a little more white space around things would really help the look.

    The article text perhaps should be so close to the edge of the browser window, give it a few percent margin on each side.

    The grey bar over and under the Home, Archives, About, Login and Create Account navigation isn't needed. The navigation it self could go higher up on the page, but that's personal preference.

    This is for the "desktop" version", I haven't looked on mobile, nor do I particularly care how it looks there.

  17. By David Clymer (208.76.203.180) on www.zettazebra.com

    I'm no designer, but I've found that use of even the most basic CSS framework gets me a HUGE leg up in the "looks good" department. I personally like Skeleton, which is as the name implies intended to be as bare bones as possible, while still providing visual goodies: http://getskeleton.com/

    Comments
    1. By Anonymous Coward (73.219.58.225) on

      > ... I personally like Skeleton, which is as the name implies intended to be as bare bones as possible, ...


      The Skeleton framework has too many calls to google for my tastes.

      Comments
      1. By David Clymer (208.76.203.180) on https://www.zettazebra.com

        > > ... I personally like Skeleton, which is as the name implies intended to be as bare bones as possible, ...
        >
        >
        > The Skeleton framework has too many calls to google for my tastes.

        Umm...do you even know what I'm talking about? It's CSS, and self contained. There are no references to google except for one in the *example* index.html.

        Feel free to actually go look at it yourself, if you prefer.

        Comments
        1. By Will Backman (24.198.212.248) on

          > > > ... I personally like Skeleton, which is as the name implies intended to be as bare bones as possible, ...
          > >
          > >
          > > The Skeleton framework has too many calls to google for my tastes.
          >
          > Umm...do you even know what I'm talking about? It's CSS, and self contained. There are no references to google except for one in the *example* index.html.
          >
          > Feel free to actually go look at it yourself, if you prefer.

          I had the same first impression after looking at the example. Jquery and calls to google. Thanks for straightening me out. I'll have to give it a closer look.

        2. By Anonymous Coward (2601:186:4403:45dc:f45f:1385:b77d:b1b0) on

          > There are no references to google except for one in the *example* index.html.

          Thanks. I'll look again. Yes, the example page was the one where I saw google api and other references.

  18. By Anonymous Coward (cnst) on http://cm.su/

    > The (widely abused) "moderation" system has been removed. In its place there is now a mechanism for reporting to the Editors comments which are spammy or otherwise inappropriate.

    How exactly was it widely abused? Are you talking about some of the old comments with a 0/30 vote? That's because there used to be no restriction from robots visiting these rating links at one point, so, all of them were auto-voted both up and down, left and right.

    BTW, would be great to have the current source code in GIT so that folks can fork and contribute easily, especially as you claim that the code is now generic enough.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]