Maxforlive.com August 2012 Update

by Clint on August 23rd 2012

There have been lots of small updates and enhancements to Maxforlive.com since my last blog update on the new URL format. I thought I'd take some time to document them all in one shot. Generally the enhancements in the past few months have been in two key areas: Usability and Resiliency

Usability


The site was slightly redesigned in May and I've continued tweeking it. Things were brightened up and links were given a higher contrast color. Maybe it's just me but things were hard to read that were pretty important. Form buttons were grey on a grey background, for example. Much easier to use now with the new design I think. Let me know below if you disagree.

The design tweaks also resulted in less ads. There's only one column of ads left on the main page. I don't make any money for hosting the site and I've put countless hours into building and maintaining it. It hasn't been so bad as I've been hosting it in my house on a home cable modem connection for years.

I fixed up ratings. Due to a ridiculous choice I made in designing the backend database, the queries that listed the highest rated devices didn't work right at all. It would show a device with only two reviews and a 4, higher than a device with 20 reviews and a 4. I fixed that and now the list should more accurately reflect which devices have the highest ratings taking the number of ratings into account. I still wish more people would rate them though. We have over 14,000 users right now and the highest rated device has less than 30 rates. :/

Featured Device versus Devices. The original intent of the featured devices page was to maintain a full list of the most impressive devices as selected by the Ableton Live Sound Design team. With over 900 devices this is quite a chore. In working with Ableton we decided to switch it to a program where one device (or set by the same author) is featured and we'll change it each month. Once a month Ableton tells me which device in the library they'd like to feature that month. The only real requirement I have is that the device itself must be available on maxforlive.com (no references) and the device must be free (no charge, hence available directly from maxforlive.com). So far this is working well and I think users are appreciating the single featured device that's udated more frequently.

New Twitter for New Device Feed. Safari 6 removed the RSS reading feature which is how I used to stay on top of new devices getting posted. In looking for a better solution I implemented a feature I've always wanted for the site. I created a twitter account that gets automatically updated whenever there's a new device. I can just follow @maxforlive_com on twitter and my phones twitter app notifies me of ever new tweet. If you're a twitter user this is pretty awesome. It's an automated post though so please continue to follow @synnack for normal updates and discussion of Maxforlive.com but now you can never miss out on a new device by following the feed as well.

Follow the creator and host of maxfolive.com for regular updates and information about the site itself.

Follow this account to be notified whenever a new device is posted to the library

Resiliency and Security



HOSTING! Until recently, maxforlive.com was hosted on a Pentium 550MHz desktop computer with 256MB of RAM on a home cable connection complete with dynamic IP. Not kidding. (picture included!) It's really quite shocking it ever worked at all. In this configuration the site supported over 14,000 users and over 800 devices. There was a bit of downtime, but for the most part ppl are shocked to learn what it was running on. I moved the site to a decicated server in a real datacenter. Now the server is a proper 1U Intel Dual Core 2.0GHz E2180 with 1GB DDR2 SDRAM and a 160GB SATA2 HD. (It still runs on OpenBSD). Every night a script runs that replicates anything that changed from the prior night back to my house on the old machine. If for some reason that hosting company blows up, I can be back up with the latest version of the site (well 24 hours ago version) in the amount of time it would take for the DNS records to update. Right now I'm paying for hosting out of my own pocket minus any spare change the remaining google ads generate. I have a plan on how to completely get rid of ads and fund the site. More on that in a future blog post. (here's a hint!)

Spammers hit the site. I think there were 10 device entries in the library at one point that were pure spam. As a result, html is strictly forbidden in comments and descriptions, when someone tries it, it gets logged and enforced.

Example log entry: 07/29/2012 02:32:55PM: ERROR: Invalid description submitted from 61.160.232.10 using a href="http://www.havereplicawatches.com/a-lange-sohne-watches-c-567.html "copy A. Lange & Sohne watches

Something tells me that's not a valid Max for Live device...

The log gets emailed to me as an alert and I immediately take action when I see this sort of thing. Banning the users IP, email address, and username, and deleting any comments and devices they may have posted. (I check first to see that it wasn't a legit user error)

The site was vulnerable to CSRF attacks. "Cross Site Request Forgeries" are serious issues. A user could, for example, create a link and post it as a comment to your device that, when clicked by you, deleted your device. Technical details are out of scope for this post but I implemented "CSRF Tokens" in the forms which should prevent this from posibility. If you are interested in the technical aspects of this vulnerability or how to prevent it, feel free to engage in comments below.

Bunch of enhancements and features planned for the next 6 months but OMG look how long this post is already! Will wait for a later time...

Did you like this post? subscribe to this blog or follow me on twitter or facebook for updates when new posts are made.

blog comments powered by Disqus

Copyright © 2021 synnack All Rights Reserved.