Hi! This is an all volunteer community, and contributions that improve security are welcome. Also, please keep feedback in this thread to feedback about this forum specifically. Feel free to make a different post elsewhere if needed.
1 Thank
I think itās less a matter of technicalities and more a matter of awareness, and itās not specific to one server or one site. I donāt blame you or anyone though, people just want to play a game. There just needs to be more awareness of the importance of security, and everything else would come from that. Fortunately, it seems like this forum has good HTTPS security as I said (I wouldnāt have registered if not), so thatās well done. Although the r/dcss subreddit seems to be more popular than this forum (to raise awareness), I donāt want to make a Reddit account for now. Anyway, thank you for answering.
The āeducation courseā for new member seems broken, as well as some site-wide hints. The bot didnāt recognize a link at all (I had to skip that lesson), asked me to press a non-existent āheartā button (itās actually the thumbs-up button), asked me to use site-wide search to search in a post (had to use good ole ctrl+f instead). I also repeatedly got a hint telling me to click the ellipsis button under a post to see all the options (thereās no such button, the options were already shown on that page). And other smaller things that I didnāt remember.
Thanks for the feedback. Some of it I may be able to fix.
-
Ellipsis: not sure what you mean, I see an ellipsis button under every post and comment (including when not logged in as an admin), to the left of the reply button. If this isnāt there, could you post a screenshot?
-
Sitewide search: itās in the upper right, to the right of āReport a bugā. When you open it from within a topic, it defaults to searching in that topic. Edit: this was wrong, it doesnāt default to it, but you have to click the āin this topicā button in the popup.
No matter where I initiate the search (this thread or the educational thread in the inbox), pressing enter always defaults to the wide search, thereās even a popup that says exactly that (I didnāt even notice the popup until now).
Perhaps the bot should just mention that.
Cannot reproduce anymore. I think I got a trust level upgrade in one tab, and switched topic in another tab. Privilege cache is always a reliable source of funā¦
yes, what I said about searching within a post wasnāt quite right, you need to click on the āin this topicā option in the dropdown, and it defaults to site-wide search.
Iāve replaced the hearts in the tutorial message (the thumbsup is a tavern-specific customization). I ran through the tutorial myself and didnāt spot any other obvious issues.
FR: Remove CAO Scoring link from site
Better security practice to provide https than http links, most links seem to be https, but this one http link sticks out.
1 Thank
Sorry, I donāt get it ā is the suggestion that cao scoring shouldnāt be linked because itās not https? Itās the official scoring site and itās quite popular. Itās also a completely static site. Better to advocate for cao getting SSL.
Sure, cao getting SSL works as well. Could show https://dcss-stats.vercel.app/ meanwhile as placeholder scoring site until cao gets their SSL. Another alternative idea that popped to my head is putting some warning label besides CAO Scoring link until they get their SSL. For example āYour connection wonāt be encrypted if you visit this site!ā
HTTPS provides security beyond just encryption/confidentiality. Actually, Iād say encryption is a minor benefit most of the time; more important than that is integrity and authenticity.
1 Thank
CAO scoring now supports https, so Iāve updated the link accordingly.
3 Thanks