It's been a long while since we posted updates about site development, but you can rest assured that work has continued at a rapid pace and updates are being applied to the live site regularly.
We haven't had the time until now to collate all the data on the changes and write them up into a journal.
There's actually so much to list that we'll be splitting it up in to several journals. In this first journal we will describe all the general changes and updates to the site. It covers two major release versions, 68 and 69.
Many of these changes have been applied to the live site over the last three months, while some will not be applied until the latest site update is run, which will occur in less than 24 hours. (Edit: update done!)
Future journals will detail the extensive database optimisations that GreenReaper has been working on in the past several months, and more information about our new support for Perfect Forward Secrecy in the site's SSL cyphers.
Oh and did you know it's our 4th birthday? That also needs a journal of its own! More to come soon.
Changed/Added: We are now using SSL encryption cyphers that support Perfect Forward Secrecy. No connection security or encryption method is perfect, but this new method gives Inkbunny an A+ rating from SSL Labs: https://t.co/ZHdiwlj1Y3
Changed: To help get the A+ rating from SSL Labs, we have changed our Strict Transport Security (HSTS) header value to 2 years. This forces all browsers connecting to our site to use HTTPS mode for any subsequent requests they make, even if someone clicks on an HTTP link to the site. This also helps prevent some forms of connection hijacking attacks.
Changed: We have obtained a new SSL certificate and updated the trusted authorities notice on our security page. (This was in response to the Heartbleed vulnerability that affected a huge number of sites worldwide, that we reported on previously).
Added: Search page now allows sorting search results by number of Favorites (this is now in addition to being able to sort by number of Views).
Added: You can now set/unset multiple submissions as Friends-only via the Gallery view (see the “Choose Action...” dropdown at the top of your submissions gallery view).
Added: Added Weasyl as a contact type for user profiles.
Added: Added BBCode quick links for Weasyl accounts (w! and [w] [/w]) eg: w! username (without the space) or [w]username[/w].
Added: Added BBCode quick links for deviantART accounts (da! and [da] [/da]) eg: da! username (without the space) or [da]username[/da].
Fixed: Fixed GIF animation bug that was causing some animated images to appear broken if they had a colored background.
Changed: “Customer Service – Support Tickets” link in page footer now just says “Support Tickets” and is a bit larger.
Changed: Made “Open New Support Ticket” link at top of Tickets page extra bold, as some people couldn't find that link.
Changed: Our Twitter username is now @ Inkbunny (was @ Inkbunny_news). Updated various links on the site to reflect this.
Changed: Changed all Twitter links to direct users to HTTPS version of Twitter, not just HTTP.
Added: ImageMagick update instructions added to upgrade process documentation.
Fixed: Fixed minor formatting issues on Account Settings page.
Fixed: Fixed a layout bug in gallery view when in widescreen mode.
Fixed: Internal scripts now always report their IP as coming from localhost rather than blank IP. This makes them compatible with the “inet” column type we are now using to track IPs, which doesn't like null values.
Fixed: Minor bugfix for the account auto removal feature, ensuring it resets the removal flag on the account once the process is complete. Also ran a hotfix to ensure accounts that have been auto removed by their owners before this fix have the flag reset.
Fixed: Support ticket system now won't try to send email copies of support ticket replies to deleted users.
Added: Added a suggestion to the default Error page that says clearing cache and cookies may help fix issues with logging in where it's dumping users to the error screen right after.
Fixed: Added extra sanity check to prevent users commenting on deleted journals.
Fixed: Fixed a bug that was causing image pools “last updated time” to never be updated when new submissions were added to the pool. This time is used when sorting pools by the ones with stuff added most recently.
Fixed: Various page minor HTML formatting tweaks here and there.
Added: Various updates to our internal documentation that covers site installation and upgrade processes.
Fixed: Some tweaks to the API to prevent it logging benign internal warnings when there are no search results found for a particular search query from the user.
Fixed: Lots of minor typo fixes on various pages.
Fixed: Improvements to some SQL statements to stop benign warnings in our logs about not explicitly setting column types that create temporary merge tables.
Changed: Made various changes to the database roles system in line with new requirements in the latest version of Postgres we are using.
Optimised: Check for the existence of any blocked keywords and/or artists before querying for them.
Optimised: Cache the query string of data for a particular user_id per page load.
Optimised: Remove accidental duplicate checks against keyword/artist/etc blocking filters created by another earlier optimisation.
Added: S.M.A.R.T drive status monitoring and instant live reporting to detect and warn us about impending drive failures.
Changed: Now using a parallel version of XZ for database backup compression, as it's a bit more efficient than Gzip for our purposes and a lot faster.
Fixed: A few minor code fixes to stop PHP throwing benign warnings in our internal logs such as when it tries to check for unset/non-existant keys in arrays.
Fixed: Fixed proper capitalisation and spaces in names where we display them like deviantART, Fur Affinity, LiveJournal.
Added: Username now appears in the hover text when hovering mouse over quick linked external account names.
Changed: Now using HTTPS where possible when generating links in Contact Details for user profiles.
Added: Allow schemes in BBCode URLs (while filtering for evil ones). This means you can now use things like mailto:email@example.com or bitcoin:..., secondlife:.., drawpile:... etc in URLS you add via the BBCode link button.
Changed: We now allow external search engines/bots like Google to access all public content. Previously we limited it to Submissions only. Search engines are still forbidden from no-guests and friends-only content. Hiding user pages from search engines in particular was a significant issue for search engine performance because they are our most-linked pages and link to all other content. The boost to site traffic (and therefore the number of people finding and seeing your content) has been significant!