jkap

CEO of posting

butch jewish dyke
part of @staff, cohost user #1
married to @kadybat

This user can say it
osu stats


🐘 mastodon
xoxo.zone/@jkap
🖼️ icon credit
twitter.com/osmoru
🐦 twitter
not anymore lol

staff
@staff

hey there! another week of mostly bug fixes and cleanup this week. here’s what’s changed:

  • added confirmation dialogs for a few different operations on the site that we’ve received reports of people accidentally activating and regretting having done so: publishing a draft, and unfollowing, silencing, and blocking pages.
    • we also fixed the bug where you would only get a confirmation dialog before discarding a post if you closed the post composer with the Escape key or clicking on the backdrop, rather than clicking on the X button.
    • the confirmation dialogs we had before were all originally implemented with different code, so adding more was also a good opportunity to get them all on the same codebase and make them all look slightly more presentable.
  • fixed the behavior of the “view temporarily” button on the profiles of pages which you have silenced or blocked.
    • previously, clicking the button would just show you an empty page. this originally broke as a side effect of fixing some more serious bugs in how blocks and silences worked a while ago. the fix was surprisingly complex and not many people seemed to use the button, so it took a while to get around to it.
  • external links no longer have rel="noreferrer" applied.
    • when you click a link on the Web, the Web browser tells the page to which you’re going the URL that you came from, using the “Referer” header.
    • by default, when you open a link offsite it opens in a new tab. more than 99% of cohost users use this default (but you can change it in the settings page if you want!). for users with the “open external links in a new tab” setting turned off, the Referer was already being passed along.
    • for historical reasons, in web browsers older than about 2016 it’s insecure to open links in a new tab without setting rel="noreferrer", so some of our “avoid making silly mistakes” tooling told us to set it and we listened. all of the browsers cohost supports are far newer and provide secure behavior with an alternate setting (rel="noopener") which doesn’t clear the Referer.
    • we’ve received feedback from some artists using analytics tools for their personal web sites, as well as the tools built into platforms like Itch, that they were incorrectly seeing a very small number of referrals from cohost. this change means that off-site analytics should correctly display traffic coming from cohost, giving an accurate sense of reach.
    • if you don’t want this information to be passed along, plugins like Referer Control for Chrome or Referer Modifier for Firefox will let you turn it off.

  • improved the performance of the bookmarked tags feed if you don’t have any tags bookmarked.
    • we’re not sure why this was so slow either, but we kept stumbling into it by accident and it was an easy fix.
  • some more small changes that aren’t particularly visible in day-to-day use:
    • made all of the paginated views (the dashboard, tagged posts page, drafts page, etc.) more robust to timestamps and “skip posts” arguments that aren’t numbers.
      • thanks to the anonymous netizen running a vulnerability scanner against us every morning. your SQL injection didn’t work the first 500 times you tried it, but maybe one of these days.
    • got rid of some code that we hadn’t been using in months. the title of the merge request had four question marks in it.

we’re working on a new feature that we’re pretty excited about that needed many of these fixes (as well as the fixes from last week) to actually work correctly. now that they’re done, it’ll hopefully be smooth sailing from here.

thanks, as always, for using cohost! :eggbug:


You must log in to comment.

in reply to @staff's post:

fixed the behavior of the “view temporarily” button on the profiles of pages which you have silenced or blocked.

that was something i noticed but didn't wanna report because it prevented my curiosity from ruining my day, but i appreciate your bugfixes all the same :eggbug: i will simply have to use my own strength of will now

thanks to the anonymous netizen running a vulnerability scanner against us every morning. your SQL injection didn’t work the first 500 times you tried it, but maybe one of these days.

were they at least nice enough to use an obvious user agent? i always liked dropping Jorgee into the dumpster

thanks to the anonymous netizen running a vulnerability scanner against us every morning. your SQL injection didn’t work the first 500 times you tried it, but maybe one of these days.

Yeah I have some anonymous friends like that too. Yes, please keep trying to hit /wp-admin.php on my Lisp webapp. Please keep trying to request /../../../../etc/passwd. Maybe some day, Dan Shodanscripts.