blog issueshttps://gitlab.torproject.org/tpo/web/blog/-/issues2020-06-27T14:30:10Zhttps://gitlab.torproject.org/tpo/web/blog/-/issues/22014Migrate urls so we won't have dead links2020-06-27T14:30:10ZHiroMigrate urls so we won't have dead linksThis task takes care of ensuring that permalinks for migrated posts are maintained.This task takes care of ensuring that permalinks for migrated posts are maintained.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/20158Comments on blog posts disappeared2020-06-27T14:30:10ZboklmComments on blog posts disappearedWe can still see them in the admin interface, under the list of published comments, so they are not completely lost, but they don't appear anymore under the blog posts.
Posting new comments is still working.
It could be related to the ...We can still see them in the admin interface, under the list of published comments, so they are not completely lost, but they don't appear anymore under the blog posts.
Posting new comments is still working.
It could be related to the reboot of the server hosting the blog today.https://gitlab.torproject.org/tpo/web/blog/-/issues/20156log.torproject.org is DOWN2020-06-27T14:30:11Zcypherpunkslog.torproject.org is DOWNhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13264integrate the new jekyll blog into the tor website homepage2020-06-27T14:30:11ZAndrew Lewmanintegrate the new jekyll blog into the tor website homepageintegrate the new jekyll blog into the tor website homepage.
With the new jekyll blog platform, we can integrate the latest posts into the index.wml which creates the home page on the main www.torproject.org site.integrate the new jekyll blog into the tor website homepage.
With the new jekyll blog platform, we can integrate the latest posts into the index.wml which creates the home page on the main www.torproject.org site.2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13263test migration of comments to juvia2020-06-27T14:30:11ZAndrew Lewmantest migration of comments to juviaTest a migration of blog comments to juviaTest a migration of blog comments to juvia2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13262test blog migration2020-06-27T14:30:11ZAndrew Lewmantest blog migrationTest a migration of the blog to the new jekyll systemTest a migration of the blog to the new jekyll system2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13118Design an updated look and feel for the comment system2020-06-27T14:30:11ZAndrew LewmanDesign an updated look and feel for the comment systemDesign an updated look and feel for the comment systemDesign an updated look and feel for the comment system2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10480Export comments from current blog2020-06-27T14:30:11ZAndrew LewmanExport comments from current blogExport comments from current blog in some sane format and some ability to import the threads, etc. into a new system.Export comments from current blog in some sane format and some ability to import the threads, etc. into a new system.2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10479Export blog posts from current blog2020-06-27T14:30:12ZAndrew LewmanExport blog posts from current blogExport everything in some sane format for future imports (html vs. markdown?)Export everything in some sane format for future imports (html vs. markdown?)2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10440Cross Site Scripting at TorProject Blog2020-06-27T14:30:12ZTracCross Site Scripting at TorProject BlogGET parameter incorrectly filter GET query which allows attackers to execute JavaScript code which is called Cross Site Scripting.
https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,
**Trac**:
**Username...GET parameter incorrectly filter GET query which allows attackers to execute JavaScript code which is called Cross Site Scripting.
https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,
**Trac**:
**Username**: patryk.bogdan@pentesters.plhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10022We need a new blogging system2020-06-27T14:30:12ZAndrew LewmanWe need a new blogging systemThe current blogging system is based on Drupal 5 and heavily hacked up to remove lots of surface area for classes of attacks. However, it doesn't work so much years later. The search functionality is broken. Lots of the admin functionali...The current blogging system is based on Drupal 5 and heavily hacked up to remove lots of surface area for classes of attacks. However, it doesn't work so much years later. The search functionality is broken. Lots of the admin functionality is broken as well. I've resorted to using raw SQL queries to manage the system. This is less than optimal.
Options I see are:
1. Do nothing and let the blog further degrade.
2. Migrate to a static blog generator like jekyll.
3. Migrate to modern drupal in the debian repos.
4. Use RedTeam's WordPress system for a more secure wordpress installation.
5. Host it somewhere else and let them worry about it, so long as we can get our data out daily.https://gitlab.torproject.org/tpo/web/blog/-/issues/22013Migrate blog.tpo2020-06-30T09:19:09ZHiroMigrate blog.tpoThis ticket will be used to track blog.tpo migration to a newer drupal installation.
Here is a list of still open tickets:
[[TicketQuery(status=accepted|assigned|needs_information|needs_review|needs_revision|new|reopened,parent=legacy/t...This ticket will be used to track blog.tpo migration to a newer drupal installation.
Here is a list of still open tickets:
[[TicketQuery(status=accepted|assigned|needs_information|needs_review|needs_revision|new|reopened,parent=legacy/trac#22013,order=priority,format=table,col=status|summary|reporter|priority)]]HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22388Put a favicon in place2020-06-30T09:19:37ZRoger DingledinePut a favicon in placeThe blog tab in my browser now has the little angry blue drupal guy as its icon.
That's fine for now, so no rush, but we can do better! :)The blog tab in my browser now has the little angry blue drupal guy as its icon.
That's fine for now, so no rush, but we can do better! :)HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22774Figure out how much of each blog post to display on the index (front) page2020-06-30T09:22:11ZRoger DingledineFigure out how much of each blog post to display on the index (front) pageOn the old blog, we put the entirety of each blog post on the index pages. It was a conscious design choice -- it meant fewer posts got listed per index page, but you could actually read the posts by reading the index pages.
Now we have...On the old blog, we put the entirety of each blog post on the index pages. It was a conscious design choice -- it meant fewer posts got listed per index page, but you could actually read the posts by reading the index pages.
Now we have some subset of each post, and sometimes it's just a few lines, and sometimes it's "just" the first 35 bullet points of the changelog we're announcing.
We should figure out if we want to put all of each post, or just a teaser. And if we choose teaser, we should build code or policy that makes us more uniform in how much teaser we pick.
I'm including keyword ux-team because this is another one where they'd be helpful.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22947Possible Security Issue (Information Disclosure) with Drupal on blog.torproje...2020-06-30T09:22:52ZcypherpunksPossible Security Issue (Information Disclosure) with Drupal on blog.torproject.orgWhen loading https://blog.torproject.org/blog/tor-0312-alpha-out-notes-about-0311-alpha, a Drupal warning appeared at the top of the page that looked something like:
Warning: Drupal mkdir() failed directory already exists, etc. etc.
En...When loading https://blog.torproject.org/blog/tor-0312-alpha-out-notes-about-0311-alpha, a Drupal warning appeared at the top of the page that looked something like:
Warning: Drupal mkdir() failed directory already exists, etc. etc.
Encountered around 06:00-06:10 UTC. I apologize for the vague wording, but I was an idiot and forgot to take a screenshot. The error appeared after the tab was reloaded from a previous Firefox session, and disappeared after I refreshed the page. The warning message contained directory/path names that appeared at least slightly sensitive. I don't think that displaying server-side error messages to a client is intended behavior, either...
Apologies if this is the wrong channel for reporting this. I looked for an email address for security issues, but the Contact page says to "email the respective maintainer" (???). I'm not familiar with who maintains the blog, and it doesn't seem very high-risk or reproducible, so I'll leave a comment on the blog directing someone here.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22846Please don't make me click "save and publish" in order to configure my blog p...2020-06-30T09:23:33ZRoger DingledinePlease don't make me click "save and publish" in order to configure my blog post draft to be unpublishedI want to make a blog post draft, but not publish it yet. That way other Tor people can read it first and give me feedback.
I look all over the page for the option -- especially looking at the column on the right which has phrases like ...I want to make a blog post draft, but not publish it yet. That way other Tor people can read it first and give me feedback.
I look all over the page for the option -- especially looking at the column on the right which has phrases like "promotion options" -- but I find nothing. The one thing I stay totally away from is the big blue "save and publish" button, because I definitely do not want to do that.
Apparently what I wanted is a tiny little blue arrow that is part of the "Save and publish" button. So if I click the tiny blue arrow, I get to change it to "Save as unpublished". And if I click the wrong part of the arrow, I accidentally publish my blog post draft to the world.
This little blue arrow has got to be violating every user interface guideline in Linda's book.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/23395Every blog post had its comments set back to 'open'?2020-06-30T09:25:32ZRoger DingledineEvery blog post had its comments set back to 'open'?I notice that we're getting blog comments on blog posts from 2012 where I had previously set the comments to closed.
Looking at those posts now, the comments are set to open.
Did all of the posts get reset sometime recently? We should ...I notice that we're getting blog comments on blog posts from 2012 where I had previously set the comments to closed.
Looking at those posts now, the comments are set to open.
Did all of the posts get reset sometime recently? We should close them.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/23857Search box isn't properly aligned with the search button2020-06-30T09:28:11ZcypherpunksSearch box isn't properly aligned with the search buttonHere's what I'm thinking about:
![screenshot.png](uploads/screenshot.png)Here's what I'm thinking about:
![screenshot.png](uploads/screenshot.png)HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/23394"hardening android": if the script doesn't work maybe someone should publish ...2020-06-30T10:28:40ZTrac"hardening android": if the script doesn't work maybe someone should publish a notice for the general publicafter hours of trying to get it work i had to give it up: the "hardening android" script doesn't seem to work on debian 9 or fedora 24. if the script doesn't work anymore maybe someone should publish a notice for the general public?
**T...after hours of trying to get it work i had to give it up: the "hardening android" script doesn't seem to work on debian 9 or fedora 24. if the script doesn't work anymore maybe someone should publish a notice for the general public?
**Trac**:
**Username**: missionimpossible@grr.laHiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/23992Allow email subscription to blog2020-06-30T10:32:06ZArthur EdelsteinAllow email subscription to blogI think it would be very good for user engagement if we can offer a way for users to subscribe to our blog.torproject.org posts via email. I think Drupal has some modules that can make this possible.I think it would be very good for user engagement if we can offer a way for users to subscribe to our blog.torproject.org posts via email. I think Drupal has some modules that can make this possible.HiroHiro