Site Notes

New RTH Website

RTH looks mostly the same, but under the covers it's running an entirely new code base. We took advantage of the cutover to add some badly-needed features.

By Ryan McGreal
Published December 14, 2009

Well, it looks like the RTH website cutover was successful! Aside from a few minor hiccups (and thanks to the RTH readers who pointed them out to me), the site seems to be up and running on the new web server.

The site still looks pretty much the same, but it has some new features that I'd like to point out:

Comment Formatting

Registered RTH users can now employ Markdown syntax to format their comments. You can read our Guide to Comment Formatting for more details. (Markdown for RTH is provided by the Python-Markdown2 library.)

Edit/Delete Comments

A common problem in website commenting is to post a comment and then notice that it contains a typo or other error. For a five minute window after posting a comment on RTH, you can now edit or delete it. At the bottom of your comment next to the "Permalink", you will see an "Edit" and a "Delete" link.

Faster Comment Voting

Now, when you vote on a comment the vote is sent to the server and recorded without having to refresh the entire web page. It uses a javascript method called Ajax, provided using the awesome jQuery javascript library.

Note: if you have javascript disabled, comment voting still works the old-fashioned way, with a full page refresh.

Event Notice Formatting

For some time, RTH has allowed registered users to post upcoming events to our event listing. You can now format the event details using the same Markdown syntax as for comments. (See "Comment Formatting", above, for details.)

Edit Posted Events

A glaring omission in RTH event posting has been the inability to edit events after posting them. We've finally fixed this as part of the website cutover. Click on the page for your event, and you will see an "Edit this Event" link at the bottom. Note: you can only edit an event that you posted.

Improved User Login

When you visit the site, the menu under the header includes a username/password form for you to log in, or a Register link if you don't already have a user account. Once you log in, the login form is replaced with a Manage Profile link containing your username.

Note: the first time you visit the site after the cutover, you will likely be prompted to log in again.

From your Profile page, you can still update your user profile as before. The only change is that the change password function is now in a separate form. More on passwords in the next section.

Better Security

Your user account password is now encrypted (with a salted MD4 hash, if you're interested in that sort of thing). If someone manages to hack into the RTH database, it will be difficult to obtain user passwords in plain text.

Why this matters: Passwords are hard to remember, and website users are notorious for using the same password for several different user accounts - including, sometimes, sensitive accounts like webmail and even online banking. The obvious weakness here is that by cracking someone's user account on a 'weak' application, it becomes possible to obtain the same password used on a more important, critical application.

At the same time, the site uses SQLAlchemy to manage data access, so the database is protected against SQL injection attacks (obligatory link), like the attack that recently compromised RockYou.

Finally, user-input forms on the site are protected against cross-site scripting attacks, in which a user to inject arbitrary code (like client-side javascript) into a page to change its behaviour.

Comments Page Options

On the comments page, you can now view the highest voted comments and most commented articles from the past day, past 7 days, past 30 days or overall.

Old URLs Still Work

It's frustrating to re-visit a previously saved link only to see a message reading, "This site was recently redesigned and the link you followed no longer works." With the RTH site redesign, the old legacy URLs (e.g. "index.asp?id=200") should all still work (with an HTTP 301 permanent redirect to the new URL).

If you notice any problems with the new site or think of any other features you'd really like to see included, please feel free either to email me or post an issue on the RTH issue tracker. RTH reader Ryan Danks has kindly posted a guide to bug reporting so you have a better idea of what information to include.

Ryan McGreal, the editor of Raise the Hammer, lives in Hamilton with his family and works as a programmer, writer and consultant. Ryan volunteers with Hamilton Light Rail, a citizen group dedicated to bringing light rail transit to Hamilton. Ryan writes a city affairs column in Hamilton Magazine, and several of his articles have been published in the Hamilton Spectator. He also maintains a personal website and has been known to post passing thoughts on Twitter @RyanMcGreal. Recently, he took the plunge and finally joined Facebook.

24 Comments

View Comments: Nested | Flat

Read Comments

[ - ]

By Wiccan (anonymous) | Posted December 14, 2009 at 13:20:58

Comments with a score below -5 are hidden by default.

You can change or disable this comment score threshold by registering an RTH user account.

Permalink | Context

[ - ]

By z jones (registered) | Posted December 14, 2009 at 13:38:27

^^ BUG REPORT: I still see comments below my comment cutoff threshold.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 14, 2009 at 15:26:39

z jones wrote:

I still see comments below my comment cutoff threshold.

Thanks for pointing this out. I've added it to the issue tracker.

Permalink | Context

[ - ]

By six pack (anonymous) | Posted December 14, 2009 at 16:24:15

Comments with a score below -5 are hidden by default.

You can change or disable this comment score threshold by registering an RTH user account.

Permalink | Context

[ - ]

By z jones (registered) | Posted December 14, 2009 at 16:27:43

Re comments^^ it's like the site suddenly got indexed by googlasshole or something.

Permalink | Context

[ - ]

By Happychance (anonymous) | Posted December 14, 2009 at 18:05:28

Comments with a score below -5 are hidden by default.

You can change or disable this comment score threshold by registering an RTH user account.

Permalink | Context

[ - ]

By six pack (anonymous) | Posted December 14, 2009 at 20:35:44

Comments with a score below -5 are hidden by default.

You can change or disable this comment score threshold by registering an RTH user account.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 14, 2009 at 22:08:12

Okay, I just fixed some small bugs:

  • Anonymous comments were full of unescaped ampersands, causing the W3C HTML Validator to choke. That's fixed now.

  • Long hyperlinked URLs in registered comments were deforming the size of the comment box in older browsers (I'm looking at you, IE6). Now the formatting code truncates the displayed URL to 40 characters while retaining the full URL in the actual link.

  • The path to the RSS icon was broken, so each page load included a hidden 404 page as well. The path is now fixed, and page size is down to an average of 50-100K for first load and about 15-25K for subsequent loads (with caching).

  • Speaking of which, the 404 Not Found page was returning an HTTP 200 status code, which is known as a "soft 404". It's bad because search engines don't realize they're hitting a 404 error message and they end up indexing your 404 page. Now the RTH 404 page actually returns an HTTP 404 response code as well.

I'm still working on the comment hiding function, which seems to have gone missing during the cutover. :/ I'll post an update soonish.

[Comment edited by Ryan on 2009-12-14 21:27:57]

Permalink | Context

[ - ]

By WRCU2 (registered) | Posted December 14, 2009 at 22:21:40

Great work Ryan and Team RTH!

I am sorry to see so many sandpaper people posting useless information but I am glad there is an option to remove them from view as a registered user.

Ryan, if you don't mind my asking, why don't you ban specific IP addresses or whole IP blocks of addresses that have proven themselves to be incidental irritants?

I am not familiar with nginx or Microsoft IIS6.0 but I'm sure there is a way to deny these 40 grit through the server's access control list or in an .htaccess file if not at the network perimeter.

Your site is gonna lose too much value if you don't do something about it soon.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 14, 2009 at 22:26:48

Hi WRCU2,

The site runs on nginx and apache. I could ban IP addresses, but so many people are a) on dynamic IP addresses and b) on shared IP addresses that a ban would be a highly inaccurate filter.

Comment voting seems to be doing its job in general, mainly because it allows more legitimate site users to express their disapproval without having to post a reply.

Over the past couple of months, the amount of trolling on the site has declined tremendously (the comments above notwithstanding). I believe that community moderation is the best long-term solution to trolling.

Permalink | Context

[ - ]

By WRCU2 (registered) | Posted December 14, 2009 at 22:36:21

Thanks for the reply Ryan. Too bad you aren't using a nix with iptables netfilter. I've work out some interesting solutions for trolls.

In any event, I trust you know what you're doing.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 14, 2009 at 22:50:24

WRCU2, the site runs in shared hosting on a CentOS server. I'm actually not sure whether I have access to netfilter/iptables in that context.

I trust you know what you're doing.

Don't make that assumption! One of the reasons I'm planning to open-source the code is that it will almost surely benefit from more than one set of eyes on it. :)

Permalink | Context

[ - ]

By Michelle Martin (registered) - website | Posted December 14, 2009 at 23:05:56

Wow. I am looking forward to the day when I can also insert a table of contents: get working, Ryan!

Kidding aside-- thanks for the time and trouble you take to keep civilized discussion going, and to help us say what we mean to say clearly.

Speaking of civilized:

RTH = Real Tit-Heads

Can't you do better than that? Why not aim a little higher?

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 14, 2009 at 23:25:54

Can't you do better than that? Why not aim a little higher?

That's too much work for the trolls. I wrote a page that generates Elizabethan insults automatically.

[Comment edited by Ryan on 2009-12-14 22:32:30]

Permalink | Context

[ - ]

By brodiec (registered) | Posted December 15, 2009 at 14:17:41

Wow I know this is probably a lot of work! Thanks so much.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 15, 2009 at 15:24:34

I still see comments below my comment cutoff threshold.

This is half-fixed. Now comments with scores below your threshold will be hidden, but I still have to implement the code to display individual such a comment on request.

Permalink | Context

[ - ]

By getalife (anonymous) | Posted December 15, 2009 at 20:05:39

Hey six pack – So you actually take the time to make bets on the response you might receive to insults on community blogs? That’s really, really, really pathetic. Did you make the bet with yourself as well?

Permalink | Context

[ - ]

By synxer (registered) | Posted December 15, 2009 at 21:44:04

Ryan,

RTH rocks, but rocks even more now.

Thanks for your dedication to community content and taking time to make a great experience greater.

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 16, 2009 at 23:56:20

I still see comments below my comment cutoff threshold.

This should be completely fixed now. If you have the comment score threshold enabled in your profile settings, you will see the following message on comments with scores below your threshold:

You have set your preferences to hide comments with a score below -2.

[Unhide this Comment]

You can change or disable your comment score threshold on your profile page.

The button in between the two statements unhides the comment. If you have javascript enabled, the comment is revealed without a full page refresh (via Ajaxy goodness); but if you have javascript turned off or are using a browser without it, the function will still work, albeit with a full page refresh.

Comment edited by administrator Ryan on 2010-01-15 09:07:55

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 17, 2009 at 00:24:28

Two more fixes:

  1. Beefed up caching and gzip so pages should load more quickly. In any case, YSlow now gives me straight As on the "Small Site or Blog" rule set.

  2. When you post a comment, the page automatically loads straight to the comment. No more "Click here to jump to your comment" at the top.

Permalink | Context

[ - ]

By seancb (registered) - website | Posted December 17, 2009 at 10:24:41

One more request - a "mark as spam" button next to the voting buttons?

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 17, 2009 at 10:44:18

a "mark as spam" button

Good idea. I've added it to the site's issue tracker.

Permalink | Context

[ - ]

By Locke (registered) | Posted December 18, 2009 at 10:15:27

Great work Ryan. Great use of jQuery, thanks for adding comment/event editing (I really needed that, and just had to try it out) and for the added security. But most of all, thanks for your dedication to this community!

[Comment edited by Locke on 2009-12-18 09:16:39]

Permalink | Context

[ - ]

By Ryan (registered) - website | Posted December 18, 2009 at 11:08:51

I just feel bad that it took so long from the time I decided that the site needed an overhaul until it actually went live. For a long time, the rebuild was just vapourware in my mind - that kind of thing can become enervating if you don't act on it.

I finally got serious about the rebuild in October and broke it down into a long list of small individual items. In fact, something like a third of the code was actually written during lunchtime on a netbook using the wifi at Pam's, northwest corner of King and James (just inside JS). The unfailingly friendly staff there definitely deserve a shizzout-out.

[Comment edited by Ryan on 2009-12-18 10:12:38]

Permalink | Context

View Comments: Nested | Flat

Post a Comment

You must be logged in to comment.

Events Calendar

Recent Articles

Article Archives

Blog Archives

Site Tools

Feeds