Jump to content



  • Posts

  • Joined

 Content Type 



IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog



Posts posted by ptprog

  1. When using a rule of type "Reaction is given", what is the meaning of the milestone?

    For example, if we set it to "It is their 10th reaction", will the rule be applied: When a specific post receives the 10th reaction?  When a user receives the 10th reaction considering all posts?  When a user gives the 10th reaction considering all posts? Other?

    In other words, is the milestone for the user giving the reaction, or for the receiving user?  And do we count the reactions on a specific post, or for all posts?  (I actually think all the variants should be supported, but for now I'm wondering which one is currently implemented.)

  2. I haven't looked in detail about how IPS uses cache (e.g. how expensive to compute are the values cached), but with the reduced number of options we have now, and assuming you have spare memory available, I expect Redis to be a safe bet.


    IPS can achieve very high cache hit ratios.  So, my expectation is that using cache will improve performance.  Since now using cache requires using Redis for data storage, I would be surprised if any other data storage option was better.  Again, I'm assuming you have spare memory in your server.

    Also, as @Thomas P mentioned above, using Elasticsearch for search may be a better change to start with.


    Out of curiosity, what is the current size of you DB?

  3. I usually put a lot of effort on website optimization, and I certainly would like to see IPS paying more attention to performance.

    But looking at results from other popular websites such as Youtube, Facebook or Amazon, the values are not that different.  I checked a few other landing pages from Google, with mostly static content, and the results were even worse.  So, I guess IPS is not that bad.

  4. If you are familiar with cache headers, you can just use Chrome developer tools (in the Network tab, you can see the headers of each, and check the expiration time, e.g. "expires: Sun, 07 Feb 2021 08:27:40 GMT" shows the cache expires in 1 month).

    You can also use Google Pagespeed (Serve static assets with an efficient cache policy) or www.webpagetest.org, for exemple, which provides higher-level details (as @Mopar1973Man also suggested).

    BTW, I'm wondering if some of those cache "issues" may be caused by Cloudflare, since the cache expiration sometimes of some images varies depending on the tool you use to test.  If this is the case, maybe it's due to some online optimization made by Cloudflare, and you may not be able to fix it.  I would still make sure that when you hit your server directly (bypassing Cloudflare), the resources have cache.

  5. Not sure if you already solved your issues, but it seems the initial server response time is huge (2 to 3s, whereas this value should be below 1s).

    Another issue you have is the cache expiration of static resources.  It seems the fontawesome-webfont.woff2 has no cache expiration set at all.  And the JS, CSS and images files have a cache expiration of 30 days.  Since these resources use cache busters, you should be fine setting a much longer cache time (6 months, or even 1 year).

  6. On 9/28/2020 at 1:26 PM, jellyhound said:

    We recently tried to comply with GDPR data deletion request for one of our clients and stumbled upon a major issue with Invision's anonymise attributions ability.

    As part of this process we must delete the users from the forum.
    We want to keep conversation flowing and so we want to anonymise attributions which is great and generally understood to be an acceptable GDPR approach/
    However, many users like to use their full names as usernames, this is Personal Identifiable Information.

    So you delete the user and the username is changed to guest, great!

    However, if anyone has "quoted" that user then the name still appears throughout the thread leaving a huge data task cleaning up all quote references.

    Do we really need to do anything about that?

    It would be like forbidding users to mention the other user name, which does not make sense to me.  I'm not a lawyer, but I have serious doubts the GDPR gives users this right.


  7. @Adlago if you replace the line you show with

    <link rel="manifest" href="{url='app=core&module=system&controller=metatags&do=manifest' seoTemplate='manifest'}" crossorigin="use-credentials">

    the new connection issue is solved.  (I tested this, and it solved the issue in my case.)


    BTW, after start using SSL and HTTP/2, my tests (using RUM) showed that the use of cookie-free domains was only slightly beneficial when I was using a CDN.  Otherwise it was degrading performance, despite most of the synthetic tests (like YSlow and Webpagetest) giving better results.

    This was before TLS 1.3 was available.  It is possible that with TLS 1.3 the results change.

  8. On 11/20/2019 at 5:10 PM, The Old Man said:

    Not sure why the IP removal tool doesn't seem to work though.

    Not sure what IP addresses you are referring to, but this is likely intended behavior.

    Not all IP addresses are removed, which makes sense as some IP addresses (such as the ones associated with newsletter opt-in, or privacy policy acceptance) can be seen as part of the proof of consent.  However, there are several other IP address that are not deleted, and for which we don't have good reasons to keep.  (To solve this issue, I checked the IPs that were not being removed, and I have a SQL script to periodically remove the ones I don't need to keep.)

  9. On 1/4/2019 at 3:54 PM, ptprog said:

    Has anybody tried to use '<link rel="preload" ...>' to load fonts?  Any idea if this improves performance?

    Regarding performance, my experiments show a small degradation of performance (15% ~ 20%, measured with a RUM script) during the period I used the preload setting.

  10. 59 minutes ago, Jibeji said:

    It has been declared by the local regulator in France that keeping a name public on a forum is not a such necessity.

    Can you provide a source?  (I'm trying to understand to what extent that position applies.  It makes sense for the post metadata, but not for contents written by others.  We could say that quotes are metadata too. When we are talking about content directly written by other users, we would be constraining the freedom of expression of such users, though.)

  11. On 12/5/2018 at 4:35 PM, Jibeji said:

    [...] but the user can also request his name to be deleted everywhere it appears.

    That would mean you could forbid others from mentioning your name.  I don't think that GDPR requires that level of anonymization.

  12. It seems you are trying to backup the database directly on the filesystem.  That's not a good idea, as the backup may not get an atomic/consistent view of database (unless you shutdown the service).

    Take a look at MySQL/MariaDB documentation for a more reliable backup method for your database version.  (I have been using mysqldump --single-transaction with InnoDB tables, which works fine if the database is not too big.)

  13. On 7/4/2016 at 4:26 PM, Adriano Faria said:

    The account deletion itself is handled by the framework and has exactly the same behaviour when you delete an account on ACP. I won't change that.

    Does this means that we can choose between keeping the username or anonymizing member's content, as when we delete a member from AdminCP?

  14. 31 minutes ago, jair101 said:

    I am not really that knowledgeable in cryptography, but aren't there hashes that are virtually impossible to reverse?

    And you can hash all IPs, there is no reason for the new IPs to stay unhashed. I can't think of a use case where I need the actual IP. I guess some communities might need the geographical information coming with the IP, some might need the ISP data, but for the majority of admins IPs are simply used to track possible multiple accounts. 

    Hashes are not difficult to reverse when you have a small set of possible unhashed values (the number of IPv4 addresses is small enough that you can hash all of them quickly, to create a lookup table; for IPv6 may take a little longer, though).

    Also, actual IPs may be useful in proofs of consent (to prove somebody subscribed a newsletter, for example).

    In case you don't need actual IPs in any case, you can easily anonymize IPs adding a few lines of code your constants.php file, I believe.  (I had this kind of solution in place, until I realized I needed actual IPs in some cases.)

  15. This plugin seems to be adding some additional tag&prefix settings for blogs, which I'm trying to use.

    I want to override the "Minimum Tags Allowed" of a group blog in its "Blog Settings" (AdminCP).  I removed the check from the "Default" option, and put the value "1", for example, in the input field.  However, after saving and going again to the settings page, the value I set disappeared, and the "Default" option is checked again.

    So, it seems there is a bug preventing the changes made from being persisted.

  16. On 4/18/2018 at 3:24 PM, sudo said:

    Cookies are another issue, you cannot set cookies without a distinct opt in or at least a soft opt in (aka the first page hit sets no cookies with an alert but the 2nd page can set cookies, unlike now where you can set a cookie straight away with the notice)

    Then personal data includes ip addresses which could mean you need to remove the post ip after x time as well potentially.

    Depending on the cookies, you may be able to use legitimate interest as legal basis for storing and processing cookies.  In that case, GDPR does not require you to get users consent (as you are not using the consent legal basis).  Now, in my opinion, you still need to ask for consent due to the previous cookies laws, but those laws accept weaker forms of consent than GDPR (such as implicit consent, which is more or less what IPS cookie consent implements).

    Currently, even the ICO uses implicit consent on their site, although they provide an option to turn off cookies (which does not seem to prevent tracking third-party cookies from Twitter to be set).

    (Disclaimer: I'm not a lawyer, and I'm still waiting for official replies on whether the interpretation presented above is indeed correct.)

  17. 5 hours ago, Ryan Ashbrook said:

    Keep in mind it follows the moved topic logic, so if the Admin CP is configured to expire redirects after a certain amount of time, then it will do so for both merged and moved topics.

    In that case, I repeat what I said before:

    • With moved topics there is no URL invalidated, thus no broken links, even after you remove the redirect entry.
    • With merged topics one URL is not valid anymore, thus after you remove the redirection you get a broken link.

    Again, I disagree they should follow the same rules.

  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy