mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] dw_news2017-01-01 12:48 pm

Dreamwidth News: 1 January 2017

Well, we made it to 2017. Congratulations.

The holiday promotion has ended. Thank you to everybody who bought points or a paid account or something, you're really helping to keep Dreamwidth going. We wouldn't be here without your support. (Quite literally -- we don't serve advertisements and we don't sell recommendations or anything, every single dollar we use to host the site comes from ya'll.)

The main reason I wanted to post today was to acknowledge and welcome the large influx of people we've been seeing in the past 10 days or so. We've seen a huge increase in new accounts -- over 100,000! This has translated into a raw increase in Dreamwidth usage of about 25% (i.e., our traffic is up 25% compared to two weeks ago). This is pretty exciting. I love to see people using Dreamwidth and settling in, making themselves comfortable, etc. I hope that you will find yourself feeling at home here!

So, business #1:

With any large influx of traffic, there will be occasional bits of site slowness. It takes a little time for us to provision hardware to adjust to changes in load, but don't worry: we're nowhere near the limits. In other words, even if the site gets slow for a little while it won't be a long term thing. Most of the particular issues we've run up against have been fixed already and the team will continue to investigate and fix any other issues that arise.

If you're worried about Dreamwidth falling over or crashing because of the traffic, it's okay. We are quite far from any limitations on Dreamwidth's ability to scale. But, even still, I'm sorry for the spots of slowness we've had. We've had to make a few tweaks but things look like they're doing pretty well now and we'll keep an eye on things.

(Note: whenever there are issues, we will update our Twitter feed: [ profile] dreamwidth, so please follow us there if you use that service!)

Financially, we're doing fine. We did just get new hardware and that incurred a pretty big line-item expense, but we've still got a buffer of cash in the bank -- particularly since we just finished the holiday sale. Of course, we've had to provision extra hardware with the recent arrivals but it will take a few months to see how the budget shakes out. (So, we're not asking for money right now! Just the normal business is sustaining the site fine and if that changes we'll let you know.)

Business #2:

Welcome to Dreamwidth, all newcomers, we're happy to have you! Many of you are joining us from Russia and Ukraine, so: Привет, добро пожаловать! Привіт і ласкаво просимо!

Unfortunately, nobody presently on Dreamwidth staff or volunteer speaks these languages and Google Translate leaves a lot to be desired. We've had at least one support request come in which is not in English and we'd love to be able to help out. If anybody who speaks these languages has spare time and is interested in becoming part of our volunteer group to help out from time to time, can you please comment here and let us know? Thank you!

Edit: I've started [community profile] dw_translate which [personal profile] kaberett will be administrating. We'll use that community to post to when we have something we need help with! Please feel free to join if you want to make yourself available.

Business #3:

I want to personally say that Dreamwidth is committed to openness and protecting the privacy of our users and their data. While we must of course follow United States law, we take a very strong position on the protection of your data. We'll do everything we can to be the best we can in this area. In other words, see the Electronic Frontier Foundation's Who Has Your Back? 2015 report. While Dreamwidth is too small to be evaluated by the EFF, I am committing us to earning all 5 stars. Stay tuned for more on this from us in 2017.

I think that particularly in the current political climate of the United States (and the world) it is very important for people to take a stand for what they believe in. So: I believe that real, honest privacy and using an online service should not be incompatible goals -- and as much as it is within our power, Dreamwidth will be a place you can have real, honest privacy.

That's all I've got for now. Thanks for reading and I hope your New Year's Eve went as well as mine -- we had a pajama party with some good friends and some champagne at midnight. It was pretty relaxing ... until the Roomba woke us up at an unreasonable time to begin its morning rounds.

(PS, as with all news posts, this may cause a delay in comment notifications for an hour or two after this is posted. I am posting this at 12:30PM PST, convert to your timezone.)
premchaia_pre4: (akari)

[personal profile] premchaia_pre4 2017-01-02 03:41 pm (UTC)(link)

Thanks for all you've been doing so far!

My current main worry re privacy on Dreamwidth, for the record, is lack of consistent TLS. I don't have a way of forcing my session to all-HTTPS (and the link structure of the site isn't really set up in such a way as to make mere caution a reasonable substitute). The possibly more important flip side is that I don't have a way of forcing it for people reading my protected entries either (and I am not in a position to impose even the minor countermeasure of “no plain access via untrusted networks” on my friends). So I have to assume that anything I write may wind up traversing the Internet in the clear, and that the session cookies forming people's ability to continue reading such things may do the same, yes?

A lot of the Modern Sites tend to go all-HTTPS all-the-time, which I approve of but realize may be quite awkward in other ways (I remember seeing a post about the mixed content problem). Trying to do some kind of mixed policy that still allows for the above could be even more awkward. But the acceleration of attacks is pretty real (including many other attacks that this wouldn't protect against, but passive snooping is importantly hard to detect).

I don't really have a good solution to that one other than digging in, I'm afraid. xvx Just noting that it's one thing holding things back for me. Any better ideas?

alierak: (Default)

[personal profile] alierak 2017-01-02 04:10 pm (UTC)(link)
We're not that far off from all-HTTPS. Take any DW page and replace http:// with https:// and it should not only work, it should work without mixed-content warnings or sending you off to plain HTTP pages (at least for automatically generated links within the site; we're probably not going to be editing user-submitted links). If something doesn't work as I've described, that's a bug (like these).

Consider this a testing phase where we need to fix those sorts of bugs before switching to all-HTTPS.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2017-01-09 02:22 pm (UTC)(link)
In addition to what [personal profile] alierak already explained -- if you have the HTTPS Everywhere browser extension installed, the site will happily serve itself to you entirely via HTTPS without (much of an) issue. We're very close to being able to flip the switch to go all-HTTPS; there's just a few last lingering things that haven't been solved yet. I've been a guinea pig for accessing the site solely via HTTPS for about six months now and nearly everything is working!