Extended Monday maintenance, Starting already Saturday 11th of July 2015


Advanced search

Message boards : Server backend and mirrors : Extended Monday maintenance, Starting already Saturday 11th of July 2015

1 · 2 · Next
Author Message
Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13920 - Posted: 10 Jul 2015, 16:24:20 UTC
Last modified: 11 Jul 2015, 18:04:56 UTC

Starting tomorrow morning at 08.00 (UTC) we will be performing general systems maintenance. Most of the time the site will be up but we're expecting at least some sporadic downtime during this weekend.

This maintenance consists of 3 stages:
1) Upgrade testing project + DB and port the old website layout to the new v0.4.0 beta code base
2) Perform tests on testing and then upgrade main BURP website to the new v0.4.0 code base
3) Perform general system maintenance

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13925 - Posted: 11 Jul 2015, 18:02:31 UTC - in response to Message 13920.
Last modified: 11 Jul 2015, 18:03:51 UTC

Stage 1 was just completed successfully.

[Edit: ] Only issue so far seems to be that I have lost my forum avatar in the process.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13927 - Posted: 12 Jul 2015, 10:11:34 UTC - in response to Message 13925.
Last modified: 12 Jul 2015, 10:14:24 UTC

Stage 2 has completed. Currently the following issues remain:


  • Some of the translations are a bit quirky - you can select your preferred site language here (for example if you like to keep English as the site language even though your browser asks for German).
  • The server status page has died, it will be revived when we figure out what the problem with it is. For now the BURP part of it has moved to Other Statistics.
  • The image cache is disabled for now because it will be cleared in stage 3 anyways - reduced performance may occur for image content
  • Browsing the task pages may be slow or fail entirely right now, we are looking into optimizing it.



There is quite a number of updates to the website because of the new code version. Please post back here if your find anything particularly nifty or if something isn't working as expected.

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13929 - Posted: 12 Jul 2015, 12:52:01 UTC

It is FAST. Very fast.

Obvious things to me seem to be font changes, a favicon addition and a much cleaner home page.

First issue: I browse via https and the bug where after you click login is still present (it forwards you to http). The problem now is I get an error.

I browsed to this thread via https, clicked reply so that I would log in, clicked log in and it forwarded me to "http://burp.renderfarming.net/forum_reply.php%3Fthread%3D2665"

Not Found
The requested URL /forum_reply.php?thread=2665 was not found on this server.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13930 - Posted: 12 Jul 2015, 13:38:05 UTC - in response to Message 13929.
Last modified: 12 Jul 2015, 13:45:41 UTC

You are right, fixed the URL redirect.
[Edit:] Whoops, turns out this is actually a bug in BOINC and not BURP. Will be sending them two patches for that.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13931 - Posted: 12 Jul 2015, 14:00:44 UTC - in response to Message 13930.

Stage 3 complete

[Edit:] And I got my avatar back too, yay!

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13933 - Posted: 12 Jul 2015, 15:29:55 UTC - in response to Message 13931.
Last modified: 12 Jul 2015, 15:32:25 UTC

Working now, will keep an eye out for other issues. Should we report visual issues also? e.g. the column width where the avatar is should be a bit wider so things like join date and credit aren't as easily truncated onto a second line.

edit: The URL button when making a post isn't working.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13935 - Posted: 12 Jul 2015, 16:47:05 UTC - in response to Message 13933.

Yup, fixed the BBCode script and column width.
Taking a break for now - been at this the whole weekend - the server status page will be back at some point during the week.

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13936 - Posted: 12 Jul 2015, 22:21:58 UTC - in response to Message 13935.
Last modified: 12 Jul 2015, 22:53:30 UTC

To me it looks like the column width is the same and the font has been shrunk instead? Rather it be the previous size.

The login screen could use the same love to prevent all the extra spacing.

Same with "other stats" needs bigger columns: http://burp.renderfarming.net/stats.php

EDIT: Hmm maybe I'm wrong about the font size. To be honest everything feels smaller in general.

EDIT2: URL button is broken when editing a post, fine when creating a new one.

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13937 - Posted: 12 Jul 2015, 22:50:16 UTC

Did a scan with SSL Labs, a few things to note from this link: https://www.ssllabs.com/ssltest/analyze.html?d=burp.renderfarming.net

You should disable camellia and seed cyphers. Everything prefers GCM/CBC and by allowing them you open the potential for downgrade attacks.

You should generate unique DH params. According to this website, you can do that using OpenSSL. See "Generating a Unique DH Group".

Following that should upgrade your "grade".

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13939 - Posted: 16 Jul 2015, 18:12:15 UTC - in response to Message 13929.
Last modified: 16 Jul 2015, 18:22:52 UTC

It is FAST. Very fast.

Obvious things to me seem to be font changes, a favicon addition and a much cleaner home page.

Yup, there's actually a whole lot more under the hood. Too many changes to list. But mostly I kinda like that we finally got rid of the Flash video player and switched to HTML5; the new progress bars with multiple colours for rendered, rendering and not rendered states (and the new compact WU overview page); as well as a personal favourite: live and testing is now using the same version of all the different libraries etc., so it is going to be a lot more easy to maintain.
The only thing that was not rolled out was the experimental re-layout from testing. It still needs more work.

Same with "other stats" needs bigger columns

That is a temporary thing, once the server status page is back the session list will be available from there instead (and with proper layout).

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13947 - Posted: 19 Jul 2015, 17:35:30 UTC

The server status page is alive again and the session progress display has also been moved back to it.

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13949 - Posted: 19 Jul 2015, 20:07:58 UTC

The columns still aren't wide enough. Session, Limits, Frames & Progress all crop onto a 2nd line.

Clicking "reply" when browsing the forums via https now forwards to an insecure login page. This was fine earlier in the week.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13950 - Posted: 20 Jul 2015, 7:19:09 UTC - in response to Message 13949.

Columns: That is actually intentional. Working on getting some icons in there and making the columns fit across the different categories.

HTTPS reply link: Where exactly?

Aurel
Send message
Joined: 24 Feb 13
Posts: 39
Credit: 40,722
RAC: 0
Message 13956 - Posted: 21 Jul 2015, 17:42:13 UTC - in response to Message 13950.

Can´t connect with manager. :( "Failed to add project"

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13958 - Posted: 21 Jul 2015, 19:17:17 UTC - in response to Message 13956.

Can´t connect with manager. :( "Failed to add project"


As with other projects that are upgrading their TLS connections, you will need to update your BOINC client to be compatible. If you're using an ancient Linux distro, update it or use a static install.

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13959 - Posted: 21 Jul 2015, 19:17:43 UTC - in response to Message 13950.

Columns: That is actually intentional. Working on getting some icons in there and making the columns fit across the different categories.

HTTPS reply link: Where exactly?


I don't see why, looks ugly as hell.

Regarding HTTPS, I cannot reproduce it... :(

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13967 - Posted: 21 Jul 2015, 23:31:27 UTC
Last modified: 21 Jul 2015, 23:37:07 UTC

Is there anything we can do about avatars causing "Mixed content" issues? Force host them locally?

I've always found allowing remote avatars to be a bit of a privacy (tracking) issue anyway especially with things like gravatar.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4461
Credit: 2,094,806
RAC: 0
Message 13972 - Posted: 22 Jul 2015, 18:21:13 UTC - in response to Message 13967.

Is there anything we can do about avatars causing "Mixed content" issues? Force host them locally?

Which ones? Gravatar? They have HTTPS support. Is it not being used? Do you have an example thread?

I've always found allowing remote avatars to be a bit of a privacy (tracking) issue anyway especially with things like gravatar.

Yes

It is not just the avatars, it's also the signature images etc. The only option available from BOINC is to hide them and display images as links. We aren't going to run an anonymizing proxy. Sorry.

One other issue is that our CDN for images is not currently HTTPS-aware. That is something which is being worked upon.

@Aurel: Did you get it to work?

funkydude
Send message
Joined: 23 Dec 13
Posts: 275
Credit: 2,478,281
RAC: 0
Message 13975 - Posted: 22 Jul 2015, 20:16:28 UTC

https://burp.renderfarming.net/forum_thread.php?id=2591
loads insecure gravatar links.

Regarding signatures, sensible forum software disables signature viewing unless you're logged in. This keeps a "privacy by default" approach.

Unlike signatures, avatars can be completely controlled by forcing local hosting.

1 · 2 · Next
Post to thread

Message boards : Server backend and mirrors : Extended Monday maintenance, Starting already Saturday 11th of July 2015