Triaxiansilk.com

I've delivered a couple of reviews yesterday and stumbled on two bugs.

1. Wrongly referenced comments

An example is Transwarp's "Commissioning" (story-id 595) which has the comments to one of Misplaced's MU stories. Looks like there's a wonky foreign key in the comments table, somewhere.

2. Unsolvable Captcha's

I know that the Captcha is generated on an external server and I'd strongly suggest that a different provider would be the better solution, because :

• The 'words' are quite often unreadable, even to someone with unimpaired eyesight
• I had 3 instances yesterday, where I was prompted captcha's involving non-latin characters. Twice it contained greek letters, once even Chinese pictograms. In that case even the sound-option is useless
• The way the captcha is integrated into the site is the biggest security-hole I've seen in a long time. It unconditionally loads and executes code from an external site, which then generates 'crypted' code (btw the most ridiculously inept attempt I've ever seen) that again loads and executes code unconditionally, which then displays the captcha. Thats two instances, where external code is loaded with no security measures whatsoever, so if anyone on that external site, substitutes one of the two scripts for a malicious one or api.recaptcha.net get's hacked and someone else tinkers with the scripts, we're caught with our pants down at our ankles. None of this is your fault, the method that the guys at api.recaptcha.net offer is just incredibly unsafe.

EDIT: Found another one

The files
./fancreations/ktr/season1.php
./fancreations/ktr/season2.php
./fancreations/ktr/season3.php
./fancreations/ktr/season4.php

seem to be missing or unaccessible

Quoting thyself is fun

Slow day at work, so I'll dive a bit deeper into the security thing about the captcha:



That's a call to an external site delivering executable code. That's problematic, because you did include it in the <script>-tags, so whatever the external site sends us, it'll be executed without giving us a chance to make sure that it is, what it should be. So if the script http://api.recaptcha.net/challenge instead sends something like:



we'll end up making a very unintended statement.

that's what it actually sends:


Take a look at the last line. That's the silliest attempt at "cryptography" that I've ever seen

Anyways, this one introduces the same security problem that we've had in the first place. it generates the following code:



That's the same conundrum as the first one. An external script is loaded and immediately called without any chance to know if it is what it's supposed to be.

Recently, I read several complaints about difficulties of commenting on stories. I also had this once: I wrote a review, typed the code and pushed the submit button. Normally the pushing the submit button only cost about 2 seconds, before your review shows. But now it froze and no review was shown. I tried again and then it worked.

Because fan fic reading and commenting is the core business of this site, could some one have a look to see what is causing this problem?

Yes, that's the same problem I've had. The second try gets it, but no author wants to think someone has to work that hard to leave a review. The capchas already are challenging enough for some of us the first time...

I don't know if perhaps that "freeze" is the way the site has of giving us a second chance when our captcha fails? However, I usually have to cut and reload and paste to get it to do anything. It would be helpful to get a message like "Sorry, try again with a fresh page."

Whilst the world is thinking about this, wouldn't it be *great* if the system would email authors when people have added comments to their stories? I know that positive feedback is a big motivator and it seems unlikely that many authors will bother to keep looking back at old stories to see if any new comments have been added.

I still cannot get the damned thing to accept my comments and put them up. I do everything right (although that crap of typing in those two words seems a little stupid to me) I push add comment and nothing happens. I push it again, nothing, again, nothing, again, nothiing.

Why in Hell do we have to type in those two words to add the comment. Who is trying to prove what? How much people can be annoyed before they start complaining?

It doesn't stop anyone from putting in a comment. Not evern an Alien Cow. so hat is its purpose.

Come to that why doesn't the comment simply have a submit button on the bottom like when one posts in a thread or submits a PM. Easy, no problems.

It is all a mystery to me.

SB

Another problem I have: I click on a story on the front page and I am completly thrown out the site. I had this problem many times, especially when I use IE. So I have to try another time just to read the story. Maybe this has something to do with my computer, but if more people are facing the same problem, maybe it's good to let it know.

panyasan wrote:Another problem I have: I click on a story on the front page and I am completly thrown out the site. I had this problem many times, especially when I use IE. So I have to try another time just to read the story. Maybe this has something to do with my computer, but if more people are facing the same problem, maybe it's good to let it know.

I don't get that problem. What URL does the link take you to? Most browsers will show you the URL if you put the cursor over the link, and you should see the same URL in the address field after you have clicked on the link. For example, the top story on the home page right now shows http://www.triaxiansilk.com/index.php?p ... &chapter=2

Problably has to do with some links. I clicked on the fan fiction button at the forum, get the general page and click on a story. And whoops! I am thrown out IE.

But better forget about it. It seems that I am the only one with this problem and I think it's better to concentrate on the problems with commenting.

Not infrequently I have the same problems Siverbullet has, in regard to the comments.

panyasan wrote:whoops! I am thrown out IE.

If you're saying the IE window goes away and you have to start again, it sounds as if you are crashing IE. That is something that should never happen, and probably implies that you have a misbehaving browser plugin of some sort. I don't know which version of IE you're using, but for example IE8 has a friendly feature where it will automatically re-open the tab if it closes because the process crashed. I see that happen quite often with buggy browser helper objects. Browser choice can be a touchy subject for some people, but if you're using IE out of inertia then I recommend you try out Firefox.

Silverbullet wrote:I still cannot get the damned thing to accept my comments and put them up. I do everything right (although that crap of typing in those two words seems a little stupid to me) I push add comment and nothing happens. I push it again, nothing, again, nothing, again, nothiing.

Why in Hell do we have to type in those two words to add the comment. Who is trying to prove what? How much people can be annoyed before they start complaining?

It doesn't stop anyone from putting in a comment. Not evern an Alien Cow. so hat is its purpose.

Come to that why doesn't the comment simply have a submit button on the bottom like when one posts in a thread or submits a PM. Easy, no problems.

It is all a mystery to me.

SB

The captcha code is intended to prevent spambots from posting advertisements in our story comment threads. When you put in the code you're proving you're a human being and not a program. Without it we'd be reading ads for things like male enhancement supplements in between our story comments. I'm not a fan of that idea. It would be nice if they were easier, though. I sometimes have trouble with them and my glasses work fine. Is there a way to make the codes easier for the visually impaired among us? Anybody know?

Distracted, I too am visualy impared. One eye that works fairly well. Those codes drive me bonkers at times.

I didn't know about hte spammers. I am surprised they haven't found a way around those codes yet.

SB

panyasan wrote:Recently, I read several complaints about difficulties of commenting on stories. I also had this once: I wrote a review, typed the code and pushed the submit button. Normally the pushing the submit button only cost about 2 seconds, before your review shows. But now it froze and no review was shown. I tried again and then it worked.

Because fan fic reading and commenting is the core business of this site, could some one have a look to see what is causing this problem?

I got an answer from mjimeyg:

Unfortunately there is nothing we can do about this with regards to the server.

The problem lies with the browser/computer of the user. This is evidenced by the fact that you are able to post sometimes, if it was an issue on our end it would be more likely that no one could post at any time.