Tavern 2.0 feedback thread

Would you be able to post a screenshot of where this was the default? In the UI I’ve checked the buttons should be disabled or removed. Edit: Ah nevermind, I think I’ve found it

These stats are still publicly visible in user profiles.
https://tavern.dcss.io/u/[USERNAME]/summary

Thanks for pointing that out; the discourse devs seem very into optimizing engagement. I so far haven’t found a way to hide those stats globally, but there’s a per user setting, “Hide my public profile and presence features”, under Preferences → Interface that should do this. (It may do a bit more, not sure… Edit: I think this hides your entire profile.)

I’ve also, for now, disabled user profiles from being visible without logging in. This might be overkill though.

Edit 2: I ended up hiding this in the default theme just by css; it isn’t really gone (people can use the “hide” feature for that still), but it would be hard to find at least. I don’t think it can otherwise be removed without some plugin work.

Not being able to edit posts past a day (?) is pretty annoying, i’m not sure if its intentional or default settings or?

This is the default setting for Discourse trust level 0 or 1, at trust level 2 the default setting is a month. I’m not opposed to changing this but what exactly is the use case for longer term editing (as opposed to just responding with an update, etc)?

The specific use case is for this post where there are things I want to fix. (not just things hellmonk wanted to mention, like death scarabs slowing)

There are also reasons to edit a post because you really want the OP to be edited. Like if you won/lost a CIP 2 days after you posted it, it would belong in the OP imo. There can also be cases like here where trunk updates a few days after and invalidates a post completely. (People are less likely to look below when reading, people read top to bottom)

I can’t think of much way to abuse the ability to edit for longer, at least not for something like here. Even default users can look at edit histories after all.

Alright, for now I’ve disabled editing time limits. I think the tl0/tl1 limit in particular is probably designed to curb certain kinds of spam, but this forum is too new to be getting that and also because it’s new most users are tl0/tl1, so I agree that a tight limit on that probably doesn’t make as much sense right now.

(If we do start getting some spam it could need to return in some form at least for low trust levels; this is the case where an innocuous-seeming comment from a new account is later stealth edited with a link, when it is less likely to be seen; old tavern did get this.)

Minor thing: when you scroll down in a thread such as this one, the “dungeon crawl stone soup” logo that usually takes you to the home page becomes is replaced by the thread title, which takes you to the top of the thread. So, to get back to the home page you have click the thread title, wait for it to scroll up/load (this takes longer if you haven’t loaded the entire thread yet), then click the logo. Is there a way to always display a “back to home” button?

If you click on the image of the soup logo instead of the title, it still takes you to the home page.

Thank you! It wasn’t clear to me that that was a separate button. I take it back then!

Also, for some reason on mobile (but not desktop) if you scroll up, it switches back to the non-title banner. But given that there is something clickable, I wouldn’t want to remove the thread title from there, it’s kind of useful.

In the long run, it might be good if the two logo styles for tavern, essentially big/wide and small (which I have just pulled directly from dcss assets) were more visually related, so that stuff like this went a bit smoother.

I love it so far. Only problems I’ve had have been related to 3rd party stuff (extensions, permissions, etc.)

I’ve added a dartboard category: Dart Board - Tavern 2.0

The default stickied post has a few links for various competitions that exist or have existed, the past few tournaments, etc.

I want to throw a good word here. Just before signing up to this forum a few minutes ago, I analyzed this domain (tavern.dcss.io) in Qualys’s SSL Labs test and you get A+ for security. Well done. I’ve noticed there’s many DCSS game servers that don’t have HTTPS, or that have HTTPS but are vulnerable to serious security vulnerabilities (e.g. crawl.xtahua.com as far as I remember, a few months ago, and it was vulnerable for a really long time up to a few days or weeks ago I think). And in any case playing SSH securely is impossible because I was completely unable to find the fingerprint of the SSH host key of any of the servers. (I’m not talking about the private user key that can be installed to log in through SSH more smoothly, I’m talking about the key that the server uses to identify to the user, not the other way around. SSH authenticates in both directions.)

EDIT: There is also a widespread false belief that online DCSS accounts are server-agnostic. I’ve also read posts (here, in the r/dcss subreddit, or elsewhere) where players use silly explanations to conceptualize how their account “is” one single thing instead of server-specific. This is mainly driven, I think, from the fact that the two major ranking websites (on crawl.akrasiac.org and on dcss-stats.vercel.app) conflate different accounts (on different servers) with the same username as if they’re the same. Now I saw someone complaining that the tournament page discarded their streak because someone made an account with the same name on a different server and lost. I also forgot: The DCSS wiki (which, thanks to the DCSS developers’ terrific work, is mostly unnecessary) also doesn’t use HTTPS at all, which is terrible, considering also that registration is required to edit articles (and I’ve definitely catched errors there). Just goes to show the lack of basic security that’s widespread in this game’s community. There’s no HTTPS, there’s offering of insecure SSH with a special key that misleads players to think it’s secure, the wiki is insecure, and the stats/reputation of players can be ruined both accidentally and maliciously by others.

Hi! This is an all volunteer community, and contributions that improve security are welcome. Also, please keep feedback in this thread to feedback about this forum specifically. Feel free to make a different post elsewhere if needed.

I think it’s less a matter of technicalities and more a matter of awareness, and it’s not specific to one server or one site. I don’t blame you or anyone though, people just want to play a game. There just needs to be more awareness of the importance of security, and everything else would come from that. Fortunately, it seems like this forum has good HTTPS security as I said (I wouldn’t have registered if not), so that’s well done. Although the r/dcss subreddit seems to be more popular than this forum (to raise awareness), I don’t want to make a Reddit account for now. Anyway, thank you for answering.

The “education course” for new member seems broken, as well as some site-wide hints. The bot didn’t recognize a link at all (I had to skip that lesson), asked me to press a non-existent “heart” button (it’s actually the thumbs-up button), asked me to use site-wide search to search in a post (had to use good ole ctrl+f instead). I also repeatedly got a hint telling me to click the ellipsis button under a post to see all the options (there’s no such button, the options were already shown on that page). And other smaller things that I didn’t remember.

Thanks for the feedback. Some of it I may be able to fix.

• Ellipsis: not sure what you mean, I see an ellipsis button under every post and comment (including when not logged in as an admin), to the left of the reply button. If this isn’t there, could you post a screenshot?

• Sitewide search: it’s in the upper right, to the right of “Report a bug”. When you open it from within a topic, it defaults to searching in that topic. Edit: this was wrong, it doesn’t default to it, but you have to click the “in this topic” button in the popup.

No matter where I initiate the search (this thread or the educational thread in the inbox), pressing enter always defaults to the wide search, there’s even a popup that says exactly that (I didn’t even notice the popup until now).

Perhaps the bot should just mention that.

Cannot reproduce anymore. I think I got a trust level upgrade in one tab, and switched topic in another tab. Privilege cache is always a reliable source of fun…

yes, what I said about searching within a post wasn’t quite right, you need to click on the “in this topic” option in the dropdown, and it defaults to site-wide search.

I’ve replaced the hearts in the tutorial message (the thumbsup is a tavern-specific customization). I ran through the tutorial myself and didn’t spot any other obvious issues.