Jump to content



  • Content Count

  • Joined

 Content Type 



IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog



Everything posted by ptprog

  1. I usually put a lot of effort on website optimization, and I certainly would like to see IPS paying more attention to performance. But looking at results from other popular websites such as Youtube, Facebook or Amazon, the values are not that different. I checked a few other landing pages from Google, with mostly static content, and the results were even worse. So, I guess IPS is not that bad.
  2. If you are familiar with cache headers, you can just use Chrome developer tools (in the Network tab, you can see the headers of each, and check the expiration time, e.g. "expires: Sun, 07 Feb 2021 08:27:40 GMT" shows the cache expires in 1 month). You can also use Google Pagespeed (Serve static assets with an efficient cache policy) or www.webpagetest.org, for exemple, which provides higher-level details (as @Mopar1973Man also suggested). BTW, I'm wondering if some of those cache "issues" may be caused by Cloudflare, since the cache expiration sometimes of some images varies dependin
  3. Any plans for adding solved content to leaderboards?
  4. Not sure if you already solved your issues, but it seems the initial server response time is huge (2 to 3s, whereas this value should be below 1s). Another issue you have is the cache expiration of static resources. It seems the fontawesome-webfont.woff2 has no cache expiration set at all. And the JS, CSS and images files have a cache expiration of 30 days. Since these resources use cache busters, you should be fine setting a much longer cache time (6 months, or even 1 year).
  5. Do we really need to do anything about that? It would be like forbidding users to mention the other user name, which does not make sense to me. I'm not a lawyer, but I have serious doubts the GDPR gives users this right.
  6. @Adlago if you replace the line you show with <link rel="manifest" href="{url='app=core&module=system&controller=metatags&do=manifest' seoTemplate='manifest'}" crossorigin="use-credentials"> the new connection issue is solved. (I tested this, and it solved the issue in my case.) BTW, after start using SSL and HTTP/2, my tests (using RUM) showed that the use of cookie-free domains was only slightly beneficial when I was using a CDN. Otherwise it was degrading performance, despite most of the synthetic tests (like YSlow and Webpagetest) giving better result
  7. Not sure what IP addresses you are referring to, but this is likely intended behavior. Not all IP addresses are removed, which makes sense as some IP addresses (such as the ones associated with newsletter opt-in, or privacy policy acceptance) can be seen as part of the proof of consent. However, there are several other IP address that are not deleted, and for which we don't have good reasons to keep. (To solve this issue, I checked the IPs that were not being removed, and I have a SQL script to periodically remove the ones I don't need to keep.)
  8. Regarding performance, my experiments show a small degradation of performance (15% ~ 20%, measured with a RUM script) during the period I used the preload setting.
    Very useful plugin. Despite some minor issues, it does its job very well. The plugin's author is also very helpful and open to suggestions for improvement.
  9. Has anybody tried to use '<link rel="preload" ...>' to load fonts? Any idea if this improves performance?
  10. That option is enabled. The problem is the primary group 🙂 Thanks!
  11. Aren't admins supposed to receive notifications when there is an account deletion request?
  12. Can you provide a source? (I'm trying to understand to what extent that position applies. It makes sense for the post metadata, but not for contents written by others. We could say that quotes are metadata too. When we are talking about content directly written by other users, we would be constraining the freedom of expression of such users, though.)
  13. That would mean you could forbid others from mentioning your name. I don't think that GDPR requires that level of anonymization.
  14. It seems you are trying to backup the database directly on the filesystem. That's not a good idea, as the backup may not get an atomic/consistent view of database (unless you shutdown the service). Take a look at MySQL/MariaDB documentation for a more reliable backup method for your database version. (I have been using mysqldump --single-transaction with InnoDB tables, which works fine if the database is not too big.)
  15. I was actually trying to see which members were promoted, so I was looking for a more global view of this info. But you reminded me that I can get such a view from the database table directly. Thanks!
  16. Does anybody knows if group promotions are logged somewhere? (Or if there is any other way to see recent group promotions.)
  17. Does this means that we can choose between keeping the username or anonymizing member's content, as when we delete a member from AdminCP?
  18. Hashes are not difficult to reverse when you have a small set of possible unhashed values (the number of IPv4 addresses is small enough that you can hash all of them quickly, to create a lookup table; for IPv6 may take a little longer, though). Also, actual IPs may be useful in proofs of consent (to prove somebody subscribed a newsletter, for example). In case you don't need actual IPs in any case, you can easily anonymize IPs adding a few lines of code your constants.php file, I believe. (I had this kind of solution in place, until I realized I needed actual IPs in some cases.)
  19. This plugin seems to be adding some additional tag&prefix settings for blogs, which I'm trying to use. I want to override the "Minimum Tags Allowed" of a group blog in its "Blog Settings" (AdminCP). I removed the check from the "Default" option, and put the value "1", for example, in the input field. However, after saving and going again to the settings page, the value I set disappeared, and the "Default" option is checked again. So, it seems there is a bug preventing the changes made from being persisted.
  20. For contact forms probably only Privacy Policy is relevant. For guest posts I believe both are important. (In general I agree with you that this is stupid, and it is unlikely anybody will have problems with this. But I wouldn't be surprised if this is indeed required.)
  21. As I mentioned in other post, at least in the European Court, the decision was favorable to the use of legitimate interest as a reason to store IP addresses, even though they were classified as personal information. But I agree when you say that storing IP addresses is risky,
  22. Note that you can use the contact form without agreeing to the ToS, I believe. Probably there are other guest forms in a similar situation. I'm checking European Commission websites to see how they are complying with GDPR, and their contact forms (or at least some) have the consent checkboxes. So, even though I'm not particularly concerned with this issue, I think it would be wise to add this to contact forms and some other guest forms (maybe put it in the same places where you may place a CAPTCHA for avoiding guest spam messages).
  23. My understanding of the European Court decision is that not only it decided that IP address are personal data, but also said the the German law limitations on storing personal data based on legitimate interest were not in accordance with the EU directive. https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-10/cp160112en.pdf This latter part has been interpreted by some as meaning you can store the IP addresses for some time based on legitimate interest. It is also my interpretation, but I'm not a lawyer. I agree. I was just stressing that the rules to keep pers
  24. The account history is actually a particular cases where we need to keep some IP addresses indefinitely (the ones that are associated with "consents"). I disagree that you need to completely disable IP address collection (or even anonymize all IP addresses before storing then). Recital 49 says: Storing IP addresses for a limited amount time (a few months) is a perfectly proportionate measure to be able to investigate a security incident or block brute force attempts, for example. This is something you cannot simply enable after the fact, so you need to collect them under
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy