AWS issues
-
@sloosecannon said in AWS issues:
@Yamikuronue said in AWS issues:
Also I dunno what you think I can do about that, you want @administrators
So in other words...
@ben_lubar !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If I got a notification for that, it was lost while I was reading the 20+ upvote notifications I got in this thread while I was asleep.
-
@ben_lubar will get a notification for this
-
@sloosecannon nope. did you get one for this?
-
-
@ben_lubar said in AWS issues:
@sloosecannon said in AWS issues:
@Yamikuronue said in AWS issues:
Also I dunno what you think I can do about that, you want @administrators
So in other words...
@ben_lubar !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If I got a notification for that, it was lost while I was reading the 20+ upvote notifications I got in this thread while I was asleep.
Why are you reading upvote notifications while you're asleep?
-
@Yamikuronue said in AWS issues:
If I was doing it, I'd probably only ship the raw and let the client-side script bake it.
I'd use a WYSWIG editor like CKEditor that doesn't require any baking because the raw is already valid HTML. You could even set it up so that the editor can be switched to raw mode for the users who want that kind of control. But that's me.
Of course, I wouldn't use a non-relational DB like Mongo either …
-
@accalia said in AWS issues:
pin our processor's balls to the wall
-
@abarker said in AWS issues:
because the raw is already valid HTML
</div>
was a valid post in Community Server. You have to do at least a little processing.
-
@ben_lubar said in AWS issues:
@abarker said in AWS issues:
because the raw is already valid HTML
</div>
was a valid post in Community Server. You have to do at least a little processing.'d me...
-
I know I'm late to the party, but this is insane. I run two dedicated boxes with 4 cores, unlimited bandwidth, 64 GB RAM and 2x250 GB SSDs each for about half what AWS charges "us".
https://www.hetzner.de/us/hosting/produktmatrix/rootserver-produktmatrix-exPlease go dedicated as soon as possible. I'd be willing to chip in as well.
-
@ben_lubar said in AWS issues:
@abarker said in AWS issues:
because the raw is already valid HTML
</div>
was a valid post in Community Server. You have to do at least a little processing.A WYSIWYG editor (even if it lets you go into raw mode) shouldn't allow you to post that, though.
And the post should be sanitized on the server too, naturally. (Probably even log inconsistencies somewhere, since those should either indicate the front-end's broken or the user's trying to hack it to submit something that it shouldn't let them submit.)
-
@error 'd:
@anotherusername said in AWS issues:
Socket.io already has built-in logging, which you can enable by setting a flag in
localStorage
, but that also required a refresh to start/stop logging.
-
@ben_lubar said in AWS issues:
@abarker said in AWS issues:
because the raw is already valid HTML
</div>
was a valid post in Community Server. You have to do at least a little processing.Yes, if you were to use something like the CKEditor, you would need to verify that there was actual content. Fortunately, the .NET version of CKEditor has multiple ways of reading the text content, including with and without the HTML markup. I haven't looked at the other versions of the control, but I would be surprised if similar capabilities were absent from them. Since you can look at the text without the HTML markup, you can then test to see if the text is just whitespace characters or if it is a 0 length string, in which case you reject the post.
If you also offer a raw editor, then you could set it up so that the user has to switch back to the WYSIWYG editor before they can submit the post. Since that editor can be screened for actual content, the problem of checking for actual content is already solved.
-
@abarker said in AWS issues:
@ben_lubar said in AWS issues:
@abarker said in AWS issues:
because the raw is already valid HTML
</div>
was a valid post in Community Server. You have to do at least a little processing.Yes, if you were to use something like the CKEditor, you would need to verify that there was actual content. Fortunately, the .NET version of CKEditor has multiple ways of reading the text content, including with and without the HTML markup. I haven't looked at the other versions of the control, but I would be surprised if similar capabilities were absent from them. Since you can look at the text without the HTML markup, you can then test to see if the text is just whitespace characters or if it is a 0 length string, in which case you reject the post.
If you also offer a raw editor, then you could set it up so that the user has to switch back to the WYSIWYG editor before they can submit the post. Since that editor can be screened for actual content, the problem of checking for actual content is already solved.
Alright, how about
lol</div></div></div>
? And what about users without JavaScript or who manipulate the editor in the developer console? Never trust the client.
-
@ben_lubar Did I say anything about trusting the client? I was just outlining basic checks that could be easily set up. More advanced stuff could be added on top.
-
@abarker said in AWS issues:
@ben_lubar Did I say anything about trusting the client? I was just outlining basic checks that could be easily set up. More advanced stuff could be added on top.
To be clear, my original post wasn't saying anything about the server trusting the client, but rather the client trusting the server, which is kind of how the web works anyway.
-
So, this is the company I'm using for my inky-dink server. That being said, their SLA is "send in a ticket for a refund" so not the best option there really. I barely log in to my server, so I can't really say how well they perform under usage, nor their stability.
From my understanding they're a reseller of Wholesale Internet's machines, and WI's second link in Google is a Krebs on Security post (suggesting they weren't listening to SpamHaus nor Shadowserver reports), so take that as you will as well.
$59/month for 2x Xeon E5-2670, 32GB DDR3, 240GB SSD, 33TB of transfer 1Gb line. $10 more for an extra 240GB SSD.
CentOS 7 / Deb Jessie / Ubuntu 15.04 16.04 16.10
I'm throwing this out there, even if it is unlikely we use it.
-
@ben_lubar said in AWS issues:
If I got a notification for that, it was lost while I was reading the 20+ upvote notifications I got in this thread while I was asleep.
You should stop trying to read the forum while asleep.
-
@abarker said in AWS issues:
Since you can look at the text without the HTML markup, you can then test to see if the text is just whitespace characters or if it is a 0 length string, in which case you reject the post.
Post cannot be empty!
-
@sloosecannon said in AWS issues:
@masonwheeler said in AWS issues:
@sloosecannon Because obviously there's no possible way for that information to be available already, included in the page somehow...
I mean, it will ~double the amount of data tracked per post, and ~double the amount of data transferred. It's an option you can choose, but... I'm not sure it's the best one.
No, it really won't. The bandwidth that the post bodies eat is minimal compared to the images you load on almost every page, and the raw posts are almost guaranteed to be smaller than the baked.
-
@ChrisH said in AWS issues:
Please go dedicated as soon as possible. I'd be willing to chip in as well.
we already did. that's what fixed the cooties.
-
@anotherusername said in AWS issues:
@error 'd:
Sure, but I also showed a) which flag to set, and b) what kind of data you'd see.
Filed under: Still no emojis in quotes, I see.
-
@ben_lubar said in AWS issues:
Never trust the client.
That's what I always tell my managers but the sales guy keeps bringing them in.
-
@anotherusername said in AWS issues:
the user's trying to hack it to submit something that it shouldn't let them submit.
No worries. Nobody here would ever do that.
-
@abarker said in AWS issues:
Since you can look at the text without the HTML markup, you can then test to see if the text is just whitespace characters or if it is a 0 length string, in which case you reject the post.
But, but... What about
<!-- Witty content here. -->
?
-
@HardwareGeek NO EMPTY POST FOR YOU!
-
What are the specs of the box we're on now? What does it cost, and how does it compare against AWS?
-
-
@accalia said in AWS issues:
@abarker said in AWS issues:
@HardwareGeek NO EMPTY POST FOR YOU!
BOOOOO! HISSSS!
Look out! It's a ghost snake!
Filed under: Or is it a snake ghost?
-
@AlexMedia said in AWS issues:
What are the specs of the box we're on now? What does it cost, and how does it compare against AWS?
Some sort of dedicated Intel processor with like 10% load and 32GB of RAM for the mon god to wallow in, if I remember @ben_lubar's
top
screenshot correctly… Hosted in OVH's datacenter.
-
@pydsigner said in AWS issues:
@AlexMedia said in AWS issues:
What are the specs of the box we're on now? What does it cost, and how does it compare against AWS?
Some sort of dedicated Intel processor with like 10% load and 32GB of RAM for the mon god to wallow in, if I remember @ben_lubar's
top
screenshot correctly… Hosted in OVH's datacenter.It's the $ one: https://www.ovh.com/us/dedicated-servers/details-servers-range-HOST-id-2016-HOST-32L.xml
-
Those are pretty decent specs.
It's good to see the range of vertical axis of the response times graph on servercooties.com go from 0.0s to 0.8s, instead of 0s - 15s. :D
-
-
@ChrisH said in AWS issues:
@accalia said in AWS issues:
we already did. that's what fixed the cooties.
Excellent.
Great response, considering your current Avatar.