Weightweenies website update, Febuary 2018

News, announcements and discussions about Weight Weenies. (members, please do not start topics in here.)

Moderator: Moderator Team

Post Reply
User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

dmp wrote:
Sun Feb 18, 2018 5:56 am
I'm afraid that I must agree with all the complainers. The new pages are too bright (hard to read) and there is just so much wasted white space and screen real estate leading to much too much scrolling. It's too hard to read. Log in works fine for me, however.
Thanks again for the feedback!
... The new pages are too bright (hard to read) ...
What would you suggest to enhance the reading comfort? According to your opinion, would it be a reasonable approach to change the font color or/and size? As I doubt the white background is the reason; For example on Google there is a lot more of white color/background.
... and there is just so much wasted white space and screen real estate leading to much too much scrolling ...
You are referring to the use of the forum with a desktop computer right? What would you advise to do here? For example make the profile area on the left side smaller (less width)? Or probably/additionally less spacing/padding in the posting area on the right side?

User avatar
Klaster1
Posts: 270
Joined: Mon Aug 15, 2016 10:25 am
Location: Krasnoyarsk, Russia

by Klaster1

@nmx what's the deal with emojis served from CDN? If that's a polyfill, it makes little sense to me, all modern browsers support it. The 64x64 size also looks totally wrong and out of place.

by Weenie


Briscoelab
Posts: 1730
Joined: Thu Jan 26, 2006 6:01 pm

by Briscoelab

Agree the profile area on teh left is much too large. Lots of wasted space. Areas above and below posts are also too large, with excess white space (ie signature area).

dmp
Posts: 334
Joined: Fri May 08, 2009 8:31 pm
Location: Denver

by dmp

Hi NMX-
Yes, your replies were right on target. I think the post from briscoelab expressed it well- perhaps reducing the blank space above and below the posts and signature areas might help; the same for the profile space on the left. I think the font is fine, and is easy to read.

You are correct about the background on the Google home page, but once the search results are returned there is much more density of information. Tufte writes a lot about this in his polemics about (rather, against) Powerpoint. I think what people are seeing in the new template is that there was a greater density of content in the old one, resulting in much more scrolling. If some of the blank space were reduced, it could solve that. Not so much that things look overly compressed, of course, but retaining the esthetic while tightening up the use of screen real estate.

User avatar
Calnago
Posts: 6221
Joined: Sun Nov 07, 2010 9:14 pm

by Calnago

Really liking the update. And you're being super responsive to users feedback so far. Good job.
One thing that I've always looked for was a an auto sort thing in the "QuickLinks" drop menu that could be labelled "Timeline", like in Tapatalk. It basically just lists the posts in descending chronological order. Very useful if you've already read a post, so it's marked read, but want to find it again efficiently. Or maybe there is an easier way to do it, but I've just not figured it out yet.
Colnago C64 - The Naked Build; Colnago C60 - PR99; Trek Koppenberg - Where Emonda and Domane Meet;
Unlinked Builds (searchable): Colnago C59 - 5 Years Later; Trek Emonda SL Campagnolo SR; Special Colnago EPQ

User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

Okay now the profilefield on the left side is smaller and there is less padding on the right side (post side). Is it better now? Or do we have to reduce it even more? (please reload with CTRL+F5)

User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

Calnago wrote:
Mon Feb 19, 2018 12:37 am
One thing that I've always looked for was a an auto sort thing in the "QuickLinks" drop menu that could be labelled "Timeline", like in Tapatalk. It basically just lists the posts in descending chronological order. Very useful if you've already read a post, so it's marked read, but want to find it again efficiently. Or maybe there is an easier way to do it, but I've just not figured it out yet.
Hi Cal,

Please check this site and tell me wether this is what you are looking for. If yes, change/enhance it in any way? This link could easily be added to "Quick links" menu.

search.php?search_id=newposts&timeline= ... l&sr=posts

(Time period is currently -2 days)

User avatar
Calnago
Posts: 6221
Joined: Sun Nov 07, 2010 9:14 pm

by Calnago

Yes @nmx... that's exactly what I've often wanted sometimes to just find a recent post, that's already been marked read. While the formate you present is really good, I suppose it doesn't even need the few summary lines, and just a list of thread titles and the dates would suffice, since I "sort of" know what I'm looking for and seeing a title is usually all I need. Plus, with just the titles and dates of last post to the thread, you could fit much more on the thread and likely I'd be able to immediately find the thread I wanted to revisit on the first page. Mabye however, instead of just two days of history, you could give it a week, or even a month, just to be safe. Or a feature where you could just specify a date window for say, those times when I remember a thread that I want to see, but it's been dormant for maybe 6 months... I could just type in some date windows to help narrow it down. Either way, you guys are being really responsive to the requests here and I really like the updates.

One question however... how secure is this site from hackers... reason I ask is that yesterday while posting to my C64 thread, my computer started doing all kinds of weird things, like it was possessed. I shut everything down, but was a bit unnerved by it all. I'm pretty careful about what I do on the internet, but I did download some pics from some of those bike review sites when they were reviewing the C64. That's as close to porn as I go on the internet. Lol. I hope I didn't inadvertently download some malware in the process. I'll be doing a full deep scan of my computer today.
Colnago C64 - The Naked Build; Colnago C60 - PR99; Trek Koppenberg - Where Emonda and Domane Meet;
Unlinked Builds (searchable): Colnago C59 - 5 Years Later; Trek Emonda SL Campagnolo SR; Special Colnago EPQ

User avatar
Klaster1
Posts: 270
Joined: Mon Aug 15, 2016 10:25 am
Location: Krasnoyarsk, Russia

by Klaster1

Calnago wrote:
Tue Feb 20, 2018 7:43 pm
how secure is this site from hackers
As I said earlier, without HTTPS the forum is totally insecure: because requests aren't encrypted at all, anyone can listen for those and steal your credentials. That won't allow arbitrary code execution on your computer (the incident probably had nothing to do with WW), but leakage of admin credentials might be part of attack vector. Honestly, if your forum login/password are unique I wouldn't bother about the rest.

User avatar
Calnago
Posts: 6221
Joined: Sun Nov 07, 2010 9:14 pm

by Calnago

Well it was your post, combined with the weirdness of my computer yesterday that got me looking into this a bit. I looked for the “s” after the “http” of some sites I visit. Some have it. Some don’t. Velonews seems to not have it, the same as WeightWeenies. I guess I just try to use common sense. Ran a full deep scan using Norton today, took hours, but came back with no threats detected so that was a bit reasssuring. And no weirdness today so maybe it fixed itself. Wish bikes did that.
Colnago C64 - The Naked Build; Colnago C60 - PR99; Trek Koppenberg - Where Emonda and Domane Meet;
Unlinked Builds (searchable): Colnago C59 - 5 Years Later; Trek Emonda SL Campagnolo SR; Special Colnago EPQ

User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Plus, with just the titles and dates of last post to the thread, you could fit much more on the thread and likely I'd be able to immediately find the thread I wanted to revisit on the first page.
Would you prefer a "thread view" compared to a "post view"? (currently it is post view)
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Or a feature where you could just specify a date window for say, those times when I remember a thread that I want to see, but it's been dormant for maybe 6 months... I could just type in some date windows to help narrow
Sorry a date selection is not possible in this case. Respectively it would be a significant effort to a comparetely small additional value I guess. Which time frame would you suggest then?

User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

Calnago wrote:
Wed Feb 21, 2018 3:40 am
Well it was your post, combined with the weirdness of my computer yesterday that got me looking into this a bit. I looked for the “s” after the “http” of some sites I visit. Some have it. Some don’t. Velonews seems to not have it, the same as WeightWeenies. I guess I just try to use common sense. Ran a full deep scan using Norton today, took hours, but came back with no threats detected so that was a bit reasssuring. And no weirdness today so maybe it fixed itself. Wish bikes did that.
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
One question however... how secure is this site from hackers... reason I ask is that yesterday while posting to my C64 thread, my computer started doing all kinds of weird things, like it was possessed. I shut everything down, but was a bit unnerved by it all. I'm pretty careful about what I do on the internet, but I did download some pics from some of those bike review sites when they were reviewing the C64. That's as close to porn as I go on the internet. Lol. I hope I didn't inadvertently download some malware in the process. I'll be doing a full deep scan of my computer today.
Klaster1 wrote:
Wed Feb 21, 2018 3:30 am
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
how secure is this site from hackers
As I said earlier, without HTTPS the forum is totally insecure: because requests aren't encrypted at all, anyone can listen for those and steal your credentials. That won't allow arbitrary code execution on your computer (the incident probably had nothing to do with WW), but leakage of admin credentials might be part of attack vector. Honestly, if your forum login/password are unique I wouldn't bother about the rest.
First, I am not a web security expert. However, I do have some basic knowledge.

Regarding SSL-encryption (https):
If your local computer is affected with any malware then it does not really matter wether the http requests are being sent encrypted or not. Attackers can listen on the machine before it is being encrypted and sent. When you log in to a non-ssl-encrypted website (like WW currently) and you do not have any malware on your computer, the only thing which could happen is that the NSA reads/listen to/saves the unencrypted https requests because they have access to many significant internet traffic hubs around the world and therefore are able to observe a lot of internet traffic.
When an admin with malware on the computer logs into the admin panel they cannot see/access the users passwords as passwords are always stored encrypted (md5/sha1/...). Only thing which they could probably get with a lot of effort are some email adresses for email-spam.

Sure - I do also not like any email spam. I would also prefer when WW was already fully transferred to SSL encrypted option. But the potential damage (which already requires a lot of effort and matching circumstances) is really manageable. You do furtherly log in to WW with username and password combination, that is also more secure like with email / password. As Klaster1 claimed, when your online-banking and PayPal credentials are not exactly the same like on WW there is absolutely no risk. And if they would match it is also extremely unlikely that anything happens.

We probably do convert WW to https prospectively but this must be a well planned event as WW is a really big project with a huge Google index and there is a lot which can go wrong when doing this. It is not trivial with such a large project. When doing something wrong we could face to lose a relavant count of Google organic visitors.

There are also some other hacking options, but also this is very unlikely that they will succeed for the attackers as we try to always keep the forums software on the latest update iteration. Most of the updates do only fix potential attacking weaknesses. Sure, everybody (also attackers) can look into the forums source code due it's open source nature, but there are also hell lot of users enhancing the code and make it more secure.

Some of those attacks could be:

SQL injections
I personally expect/guess the forum software to be safe here. Biggest potential damage for the user would be that attackers get access to the database which would mean to get email adresses and encrypted passwords (useless through encryption). (This does not have anything to do with SSL/https)

XSS scripting
I also guess that the forum is quite save as we use a widely used template (now :wink: ) and we do not have changed anything relevant (regarding this subject) but CSS. I would expect that the developers take care of secure forms/input fields etc.). Potential risk would be manageable as web browsers have generelly very limited options for attackers (there are a lot of security limitations for JavaScript for example). Potential risk: Credentials could be stolen (unencrypted). (This does not have anything to do with SSL/https)

Attachments
I will check the admin control panel about what users can upload exactly but I strongly expect that it is limited to pictures. Then I expect that there is no risk. (This does not have anything to do with SSL/https)

The biggest problem regarding likeability/occurence and potential damage - regardless WW - is when you (accidentially) click on a malware in a spam email or when you download something but images from the internet and execute this. Hackers can for example create a attack.exe file and rename it in NortonAntiVirus2018.exe. Also they adjust the file size accordingly and put in the same icon ;-)

When you click and do not have a anti-virus software than the machine is infected. It is always good to have some care when browsing the internet.

saibot
Posts: 70
Joined: Fri Dec 28, 2012 9:34 am

by saibot

Like the new Look, catching up with the time. Nice work!

For readability on PC I would personally bump the .content font size up from 1em to something like 1.2em or there abouts.
Not critical but for when there's a lot of text on a high-res screens it would help I think, especially with the browser in fullscreen mode.

User avatar
Calnago
Posts: 6221
Joined: Sun Nov 07, 2010 9:14 pm

by Calnago

nmx wrote:
Wed Feb 21, 2018 7:39 am
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Plus, with just the titles and dates of last post to the thread, you could fit much more on the thread and likely I'd be able to immediately find the thread I wanted to revisit on the first page.
Would you prefer a "thread view" compared to a "post view"? (currently it is post view)
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Or a feature where you could just specify a date window for say, those times when I remember a thread that I want to see, but it's been dormant for maybe 6 months... I could just type in some date windows to help narrow
Sorry a date selection is not possible in this case. Respectively it would be a significant effort to a comparetely small additional value I guess. Which time frame would you suggest then?
Not sure what you mean by thread view or post view? For sure I'd want the sort to be in descending order using "last post to the thread date" as the key field of sort... but I'd like the resulting display to be by thread title (one line per thread title) if that makes sense. I guess if your going to show a short preview, I'd rather see the first part of the last post as opposed to the first lines of the first post in the thread. And when you click on the thread you're looking for, the jump should be to the last post in the thread vs the beginning. Could certainly work it either way, but for me I figure the reason I'm looking for this thread in the first place is because I've already read it and now it's kind of become buried in the database and I can't easily find it. So once I find it, I'd like the first click to take me to where I last left off.

Re date selection... no worries, I can see that being a more major undertaking. Ideally, a sort of the entire database in descending order would be great, therefore the only limitation on finding what you're looking for would be how much time you want to spend going backwards. But it's usually stuff that's quite recent that I wanted to have another look at... would a month be too long a period to ask for if the entire database couldn't be sorted?

I should say that the reason I like this "Timeline" view is that often, even though I try the search feature, it does not come up with what I'm trying to find and I can't remember enough key words in the thread to make the search work. So, this is just kind of an easy browse as a last resort thing, but it's easy and understandable. Like looking through the pile of mail on your counter you've let accumulate for that one piece of important mail. You know it's there, you just have to go through the pile to find it.

One more thing... I notice there doesn't seem to be a "Cancel" button anymore when you're composing a post. For those times when you start something then think... nah, that's dumb... CANCEL. Or nah... that's just going to offend someone... SUBMIT!!

Oh, and thanks for the explanation on a lot of the security issues relating to the forum, and in general.

Cal
Colnago C64 - The Naked Build; Colnago C60 - PR99; Trek Koppenberg - Where Emonda and Domane Meet;
Unlinked Builds (searchable): Colnago C59 - 5 Years Later; Trek Emonda SL Campagnolo SR; Special Colnago EPQ

User avatar
nmx
Posts: 340
Joined: Wed Jul 04, 2012 4:48 pm

by nmx

Calnago wrote:
Wed Feb 21, 2018 8:32 pm
nmx wrote:
Wed Feb 21, 2018 7:39 am
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Plus, with just the titles and dates of last post to the thread, you could fit much more on the thread and likely I'd be able to immediately find the thread I wanted to revisit on the first page.
Would you prefer a "thread view" compared to a "post view"? (currently it is post view)
Calnago wrote:
Tue Feb 20, 2018 7:43 pm
Or a feature where you could just specify a date window for say, those times when I remember a thread that I want to see, but it's been dormant for maybe 6 months... I could just type in some date windows to help narrow
Sorry a date selection is not possible in this case. Respectively it would be a significant effort to a comparetely small additional value I guess. Which time frame would you suggest then?
Not sure what you mean by thread view or post view? For sure I'd want the sort to be in descending order using "last post to the thread date" as the key field of sort... but I'd like the resulting display to be by thread title (one line per thread title) if that makes sense. I guess if your going to show a short preview, I'd rather see the first part of the last post as opposed to the first lines of the first post in the thread. And when you click on the thread you're looking for, the jump should be to the last post in the thread vs the beginning. Could certainly work it either way, but for me I figure the reason I'm looking for this thread in the first place is because I've already read it and now it's kind of become buried in the database and I can't easily find it. So once I find it, I'd like the first click to take me to where I last left off.

Re date selection... no worries, I can see that being a more major undertaking. Ideally, a sort of the entire database in descending order would be great, therefore the only limitation on finding what you're looking for would be how much time you want to spend going backwards. But it's usually stuff that's quite recent that I wanted to have another look at... would a month be too long a period to ask for if the entire database couldn't be sorted?

I should say that the reason I like this "Timeline" view is that often, even though I try the search feature, it does not come up with what I'm trying to find and I can't remember enough key words in the thread to make the search work. So, this is just kind of an easy browse as a last resort thing, but it's easy and understandable. Like looking through the pile of mail on your counter you've let accumulate for that one piece of important mail. You know it's there, you just have to go through the pile to find it.

One more thing... I notice there doesn't seem to be a "Cancel" button anymore when you're composing a post. For those times when you start something then think... nah, that's dumb... CANCEL. Or nah... that's just going to offend someone... SUBMIT!!

Oh, and thanks for the explanation on a lot of the security issues relating to the forum, and in general.

Cal
Post view: (Postings list with descending post ID = chronological order)
search.php?search_id=newposts&timeline= ... l&sr=posts
Thread view: (Topics list with descending topic ID = chronological order)
search.php?search_id=newposts&timeline= ... &sr=topics

What do you think of both? Unfortunately we are very limited in actions like altering preview, date selection and so on as we strongly want to keep customization of the forums source code as small as possible as every update all the work could be causing errors or probably doesnt even work at all. Also the effort for processing updates rises and rises. Just some optiocal changes would probably be possible though.

by Weenie


Post Reply
  • Similar Topics
    Replies
    Views
    Last post