More site updates

This follows distantly from the old “more site updates” sticky thread, which I’m keeping sticky for now as a reference for future work.

Short version:

Significant downtime coming probably within the next 1-3 weeks, will announce a concrete date nearer the time.

Long version:

Over the last few weeks I’ve been unemployed, which sucks but at the same time it gave an opportunity to really push forward quickly on the background process of major site updates to the underlying frameworks.

The history of this: Our site is a collection of old apps that date back some 15 years. Some have become so outdated that it’s almost impossible to get a development environment to build in order to work on anything. Any modern integrations are largely out of the question. At least our server front-end is updated and patched, but the back-end is becoming a risk.

I’ve tried various approaches to this over the years, principally revolving around trying to upgrade to a newer version of the open source components where not abandoned, or just do a self-update to an old Rails application. I always run out of spare time and then a year goes by, at which point it’s all out of date again! This time around, with all other ideas tried, I decided to just create new, empty applications in the latest version of the framework we use, then copy old code file by file, updating code as required, changing away from abandoned library components to newer equivalents and so-on. My ex-employer had been running a 4-day week for a while so that gave me chances to work on this on my Fridays, but it was the employer failing in early December which made the big difference.

All of this was facilitated by our provider Arachsys bringing up a shiny new virtual server for us which itself has a far more modern set of subsystems, meaning I could build much newer supporting components directly (including the Ruby language itself). Thanks, Chris!

Initially you won’t see many new features and probably sadly will see a few new bugs, but the easy development platform is now in place. Improvements:

• Deeper monitoring with Sentry integration – I’ll know about crash bugs or very slow queries quickly.
• More robust server architecture – Hub remains critical, but individual applications can now fail without other site sections going down.
• Modernised CSS, ongoing work to keep performance good in NetSurf, extended use of NOSCRIPT where relevant.
• I’m going to risk bringing Hub sign-up back online and see how it goes.
• Faster, paginated bug tickets index and “sticky” filter panel to make it much easier to jump between filtered collections.
• Hopefully slightly faster overall; the new virtual server is similar but modern Ruby is much faster than 15 year old Ruby and our application code has been simplified with some efficiencies made in database work while I did the updates. Notable exception: The Wiki “recent” or “all pages” lists, which are (for now) not cached and will take a few seconds to render. I might improve that if and only if I see stats indicating that it’s used often.

Maintenance:

• CVS viewer will be gone. The CVS repo is wildly out of date; all source is in GitLab now.
• SVN viewer will be gone. Web site sources will migrate to GitLab (currently, they’re in GitHub but we want to unify). The “powered by” footer links will now take you to the app source, since ROOL has basically written its own custom trimmed-down versions of all site apps.
• SVN history will be available for those that care, but without source diff or other integrations; SVN seems to have fallen heavily out of favour in general over the last decade and I simply couldn’t get any of the required integration tools to build for the software we had. I could either spend significant time rewriting it completely to a totally different SVN API or just drop it, so elected to drop it.
• We have hidden the “Releases” menus, index column and per-ticket entry in the bug tracker. These related to CVS era work and are no longer relevant. Ticket change history data still describes release changes so we don’t lose sight of history, but with a little annotation added to remind the reader that the concept is historic and no longer in active use.
• Behind the scenes, log rotation and general maintenance don’t require server downtime and there aren’t the systemic framework and language bugs present that require the existing 5am full restart, so I could theoretically increase the Hub session cookie timeout to a longer value, though this might cause passwords to be forgotten. If anyone’s reading this far and has opinions on it, please let me know in replies here.

Longer term:

• Do the long-wanted “add a human moderation step to a first-time poster to combat spam” thing (big job across multiple apps but doable)
• I hope to make Markdown an option everywhere now that the stack is modern enough to parse via Commonmarker
• Get deep PayPal integration working in the bounty engine again in due course
• Other bits and pieces requested over the last few years as and when time allows

This long message is a warning that we will cut over in a week or three, and this will involve potentially lengthy downtime. I have a target date of “before February 19” as I have a surgery date then (minor and elective, but slow to heal and stops me being able to type) and will be out of action for a few weeks after. I’d rather get it all done while fresh in mind.

We will take the old site offline fully, manually transfer data over a secure pipe to the new server, load that all in, perform a series of migrations, bring up the main apps, run tests and then – well that’s it. From your perspective, you might need to force a reload if the site layout looks a bit odd due to some caching issue but otherwise it should just run as normal.

Fingers firmly crossed!

Replying to myself to avoid bloating the main post with even more trivia: Stats indicate that the ROOL site had an all-time high of 22M page fetches in Jan 2025 using over half a terabyte of bandwidth. It turns out that a lot of that is robots crawling the CVS tree, which was itself a good reason to get rid of that (less traffic by robots means more CPU time for humans!).

The bug tracker index list is at the top of the most-fetched list, which is why I spent time optimising there and will do so a bit more in due course. The Hub login indication image was also in the top 5, so that’s now going to be plain HTML without an image fetch, using a little bit of inline JavaScript to keep updated even in the face of cached pages and the browser “back” button, but has a no-script fallback for e.g. NetSurf that uses the old image.

Sorry to hear about your situation, but it sounds like this work will lead to
some cool things :-)

I particularly like the idea of being able to use markdown everywhere on the
website!

I’m assuming the forum terms will be updated in line with the new Online Safety Act 2023, lots of forums are closing down because they dont want the hassle of having to change or implement the legal framework

Easy – just implement a tick box where everybody verifies that they are not UK resident prior to posting. ¹
https://heyrick.eu/blog/index.php?diary=20250206

And, yes, it’s pretty dreadful legislation, vague as hell and unlikely to do anything about CSAM.

¹ And if you are? Thank the Tories for helping to take away nice things.

the less said about that the better! but yes its dreadful!

Online Safety Act 2023

First I’ve heard of it – emigrated to NZ a long time ago and not looked back… Sounds like I’ll need to check on that. Thanks for the heads-up.

As I read it…

• It does apply to this forum
• Risk assessment – low risk; usual chance of bad actors, but this forum is technical and tends to have a significantly older user base given the history of RISC OS
• We have moderators who can report issues to webmaster@riscosopen.com as well as, in some trusted cases, having the ability to directly delete posts
• Since we expect no age-inappropriate content here at all, we have no need to try and implement any age access restriction measures
• We need to make terms of service more clear (i.e. an acceptable usage policy, which will need little more than “make sure what you post is legally safe for kids” or TL;DR, “no porn”)
• We need to make reporting more clear (i.e. e-mail webmaster@…)
• I will confirm with ROOL staff but otherwise appoint myself as Compliance Officer
• I am unsure what we’re supposed to do about publishing a deletion report since we have no audit for that; we don’t track our users and do not intend to start, but that means we don’t track deletions either

I think that covers the major points. Thoughts?

Sounds like the bunch we have now are heading towards China’s format – ie banning things they don’t like!

Rick has closed his site to us UK peasant’s.

Update – comments from UK peasant’s stopped unless they lie!

Sounds like the bunch we have now are heading towards China’s format

?? The legislation was written and passed by the previous governing party.

Sounds like the bunch we have now

Devised by the May government, made law by the Sunak government. It was the previous idiots that did this. The current idiots either don’t understand or are too scared of what the Daily Mail would say about removing a bad law that was intended to “think of the children”.

Rick has closed his site

Massive overstatement there. I now require that one ticks a “Not UK resident” checkbox prior to posting a comment on my blog; I’m sure you’ll agree that it’s better than geoblocking everything as others have done.

This isn’t an elective choice, it’s a response to an utterly stupid piece of legislation instituted by your government.

Covering my arse, if you prefer, because my site budget is time, not money, so I have no intention of even attempting to comply with a law that doesn’t logically apply to me anyway: you can’t create links, you can’t post pictures or videos, it’s simply text, and if anything needs to be edited/deleted it is simply a little bit of PHP that amends the underlying data so like here there’s no such thing as a deletion log (and to date I’ve only deleted a few spammy adverts).
It’s a legal and logistical hassle that’s simply not worth it for a one-person random-topic blog.

Ofcom, for example, thinks that a site with 15,000 members is “small”. They have absolutely no concept that sites like this one or individual blogs even exist. If only they cared as much about exempting non-commercial or hobbyist or whatever as they cared about exempting themselves, then this wouldn’t be a problem…

I don’t want to say “no Brits”, especially as they’re the majority of my readership. I don’t have a choice while this sort of legislation is a thing.

we don’t track our users and do not intend to start, but that means we don’t track deletions either

Somewhat picky, Andrew, but you do track to an extent.
Have a look at the user editable content in the Library, scroll down to near the bottom and look at the line:
“Revised on [date] [time] by [user name] [userID] [source IP] "
Older versions have “Revised from …”

I know it’s not the forums, but I suspect the ruling would be that “content is content” or words to that effect.

Of course, we do have the general user stance that considers x86 code to be “inappropriate content” so the ‘content’ this legislation seeks to control is fiery pits of hell level for our user base, who will no doubt edit out what can be edited.

What is a child – someone under 18?

How do you stop kids looking at a Phone in a locked room – and doing daft things?

What is a child – someone under 18?

In the UK context, basically yes as defined by law. In Scotland it may be lower – the definition of a child varies in different legal contexts. Stick to 18 and you’re good.

As long as the rules are clear and include that the forum complies with the new legislation and signup’s and moderation of content is proactive, there is not an issue. as Andrew stated in his previous message.

Followed up in Aldershot.

@ Andrew Hodgkinson

As a side note, Ofcom is hosting an on-line session for Small, Low-Risk Community Sites on the 12 of February (12:30pm – 2:00pm GMT), link here:

https://lu.ma/qijpvfnl?tk=5AGDw1

Somewhat picky, Andrew, but you do track to an extent [ Wiki example ]

Good point. The news section is “provider content” – we write the articles – so that’s (rather curiously) exempt, no matter what someone might post in comments. The bug tracker, Wiki and forum all allow end users to post content, so all of those become troublesome.

I have no interest in anybody’s IP address and even back in ~2008 or so, that was a pretty useless concept given most people had dynamic IPs anyway. When I find time – though I don’t want to delay the site rollout with never-ending features or tweaks etc., “perfect is the enemy of done” and all that – I’ll strip that out. I’d rather not have any IP addresses recorded, so I’ll remove the feature and drop the relevant database column(s).

I note the following article has some useful clarifications in the “updated to add” parts at the end (the rest of the article is just best summarised as “the law is confusing” and doesn’t really need to be read in full IMHO).

https://www.theregister.com/2025/02/06/uk_online_safety_act_bloggers/

That only applies to Bloggers which consists of a single page and comments after, Forum’s are not blogs and this website as a whole is mostly user to user service, so sadly no escape from the legislation plus ROOL is also registered as a company so it will 100% apply.

Are you legally trained? If so, thanks for the free legal advice, but we do need at least one other opinion I’m sure.
I do know a KC, but we normally talk about beer, weird food combos etc. rather than IT and law.

That only applies to Bloggers which consists of a single page and comments after

And even then, only so long as the comments remain exactly relevant to the topic of the blog – effectively requiring me to be liable and potentially censor for what other people might say.
The problem is, that then falls under the scope of active moderation, which then makes me liable for everything other people might say.

Meanwhile, the big international sites that are the problem will carry on adapting their algorithms to push inadvisable content to impressionable people…

mostly user to user service

So, apparently, is a blog that allows commenting. Whoever wrote that legislation clearly has no idea what happens in reality – there’s a huge difference between comments on a blog (or shopping site, for that matter) where the user provided content is usually some sort of feedback to what was being said, and things like fora where the entire point is user to user communication.
And as for all that guff about search engines…..

No, I’m not a lawyer.
I read the stuff, got confused, read the responses from Ofcom, got even more confused, and decided just to implement a “I’m not in the UK” tickbox instead of disabling comments because why should the rest of the world suffer?

I also, in yesterday’s entry, went through the “17 harms”. Some are logical, some… well… ;)

I often contemplated joining this forum as Risc OS has a history of not welcoming new users to the fold, which essentially is why the community remains small, essentially any thing constructive that is posted or helpful is shot down by the die hard conservative seniors of the Risc OS world, which is probably why i’ve never invested much time or money into it, I suggested looking at the legislation because its the law and ROOL is a registered UK entity and will have to comply like every other UK registered business to the new rules regardless if people and myself think its stupid. its there to protect the company, the welfare of users, and its moderators against legal action and fines. it doesn’t take a legal mind to see that its just common sense, no matter the topic of conversation (Beer or IT) But judging by the limited amount of users that actually contribute on this forum i wouldn’t worry to much, @Steve Revill Welcoming new users i thought was the soul focus at drawing attention to Risc OS, sadly this forum has other ideas.

sadly this forum has other ideas.

My main idea was to let ROOL look at the Ofcom advisory info. My only advice would be to look at the Ofcom info, and possibly consult elsewhere, my KC friend might give additional informed advice.
One thing I would not do is give legal advice, like he doesn’t do IT advice.

Of course, but i doubt if it wasnt mentioned it probably would of gone unnoticed