April 23

Hi everyone!

First of all, sorry for being late with updates, I’m going to try and get them back on schedule. A mixture of what I suspect is a nasty adverse reaction to recent Ritalin prescriptions, recent unpleasant events, and IRL stuff has made it difficult to get myself to do much. Hopefully I will recover from it sooner rather than later, but we'll see, I guess.

Anyway, long update today, since it’s been a while and there’s a lot of Deserted Chateau development to cover from the first twoish weeks of the month.

CORS fixes

When testing the site’s static assets hosted via CDN (instead of loaded from the local webserver), I realised I hadn’t set up the S3 buckets properly to allow things like fonts to be loaded that way. That’s fixed now, so it's one less thing to think about for launching the live site.

Tooltips improvements

Initially Deserted Chateau was using some relatively makeshift CSS tooltips. I stumbled across Tippy.js when looking for some decent frameworks for tooltips, and it does a very good job. Much nicer tooltips that display sensibly when the page changes size or the available space for a given element isn’t big on one side (e.g. a box at the right edge of the page will automatically display the tooltip on the left instead of going off to the right, that kind of thing).

Content categories

Finalising the design of categories (for NSFW art) is something of a challenge. I’ve mostly finished it now; there were a lot of considerations about how to structure it to avoid errors, and it meant changing various bits of gallery and detail pages code, so that users can see a placeholder or blurred picture when they want to have a warning for NSFW content. I still need to finalise the actual list of categories, and there’ll be some extra work to include those, but getting the design structure down first is more important.

Account settings now allow a user to specify behaviours for each category, e.g. “blur any artwork that contains heterosexual content” or “only show a placeholder for artworks with violence or gore”. The default for all NSFW art is placeholder unless the user sets otherwise, for safety and all that.

SSL - load balancer testing

I finally got around to testing how exactly to renew SSL/TLS certificates for each webserver when they’re behind a load balancer.

The normal method, where you use Let’s Encrypt to issue a TLS-ALPN-01 challenge, doesn’t work behind a load balancer because it can’t figure out the IP of the webserver in that process. It works via the DNS-01 challenge, but this means the webserver needs access to change the DNS records of the desertedchateau.com domain, and to avoid putting strain on Let’s Encrypt (which is a free resource) we should ideally only generate the new certificate once, then distribute it to each webserver.

I suspect it may just be best for me to do this manually. It’s not a difficult process, and it only needs to be done once per 2 months. I’ve documented the process for doing it, so now it’s just a manual task that I will need to put in my schedule.

Analytics investigations

The original idea for Deserted Chateau was not to have any analytics tools. However, I’ve come to realise that having *some* analytics information would be useful, and trying to do it myself is unlikely to be a smart decision.

I’m looking into Plausible.io as a decent provider. It’s very important to me that any analytics is GDPR compliant and isn’t used for other purposes, conditions which Plausible satisfies. It’s not free, but it’s also not especially expensive for smaller websites, so it should be fine to use. It only collects anonymised aggregate data, and only stores it in the EU for GDPR compliance, which is good.

It also has some features to allow for the full dashboard to be shown to users, which is nice, since it means we can show exactly what analytics data we have for transparency purposes.

HTTPD fixes and rate limits improvements

In the last update I talked about rate limits for the CDNs, to mitigate DDoS attacks. I’ve also implemented a rate limit on page frequency on the webservers themselves; e.g. a user trying to view 500 pages in two minutes is almost certainly not a human, and so we can direct them to a 429 page if they exceed a given limit, until the timer wears off.

I also made some fixes so that other parts of the httpd.conf file, like redirecting users to maintenance pages when needed, work properly as they were bugged before.

Error pages

There’s something of a trend (on some websites, at least) to make error-pages a bit less serious and more user friendly. I rather like the idea of amusing error pages, so I’ve implemented Deserted Chateau’s error pages to have a bit of fun to them.

Test environment restructuring investigations

In order to make Deserted Chateau as transparent as possible, I’ve been figuring out how to allow read access to the AWS console for test resources, so e.g. I can show people how it works and what it does.

There’s basically two ways to do this in AWS:

Have an IAM role that limits access to test environments/resources only
Use the Organisations feature, and have test resources in a separate AWS account within an organisation

I’ve tried to do it via IAM role, but it’s very tricky due to the sheer number of potential breaches and gotchas that can happen when making a permissions policy that complex. I need to do some more investigation to figure out exactly how this would work in Organisations - basically to understand how certain resources that are shared by all environments (such as email) would work.

It’s also likely there would be extra costs involved, as some things that can be shared by all environments in one account (like WAF rules) would probably need to be duplicated for a test account, which means paying twice. A lot of factors to consider… it’s possible I might just stick with an IAM role for this purpose, but I’ll have to make certain it is suitably restrictive and such for security reasons.

Front/home page layout

One of the big priorities I have with Deserted Chateau is promoting other good ethical art sites. After all, there are many functions I know Deserted Chateau will not fulfil or won’t be suitable for, so it will honestly be a good thing - both for the art community and for our users - to point to good art sites that can do those things. As part of that, I’ve started laying out the front page, with one half of it permanently dedicated to showing other good sites.

You can see a WIP draft here: https://i.imgur.com/Zxjbrt2.png

There will also be a slightly more detailed page laying out the advantages of each of those sites if people want to read it. I can’t find any brand assets for FA yet; I’ve asked them about it, but not heard back yet.

April 9

January 23

December 12

November 9

October 22

October 8

September 24

September 9

August 24

August 10

July 21

July 3

June 19

June 3

May 16

April 27

April 13

March 29

March 14

February 28

January 30

January 15

December 29

December 16

November 30

November 16

October 27

September 30

September 17

August 31

August 18

July 27

July 17

July 5

June 27

June 24

June 8

May 20

April 23

March 30

March 8

February 17

January 31

January 16

January 3

December 21

December 6

November 22

November 10

October 25

October 12

September 30

September 20

September 5

August 17

July 28

July 15

June 27

June 13

May 28

May 26

May 12

April 26

April 19

April 11

April 4

April 23

CORS fixes

Tooltips improvements

Content categories

SSL - load balancer testing

Analytics investigations

HTTPD fixes and rate limits improvements

Error pages

Test environment restructuring investigations

Front/home page layout