OffshoreCorpTalk Scheduled Upgrade and Maintenance on September 25th

[Forester]

The CSS isue you discussed here should have been fixed now.

Yes, this fixed also two other issues concerning rendering at the end of “the main page content”.
(@JohnLocke: the first one I mean was apparent on the screenshot related to the absence of Last Read Date and the second one concerned the bottom “navigation bar” with Nos of pages with threads/posts /not reported as I considered it minor and easy to workaround/.)

In general, just my 2 cents:
Correct rendering of a (relatively) complex page as Xenforo on such a wide variety of displays, resolutions, browsers, appearance settings, etc. is IMO really a difficult task, regardless of how responsive the page design is. We (I mean moderator team) performed quite a thorough testing, I think; but our equipment / working environments were definitely just a small subset of the reality...

 

[aniglo22]

Yes, this fixed also two other issues concerning rendering at the end of “the main page content”.
(@JohnLocke: the first one I mean was apparent on the screenshot related to the absence of Last Read Date and the second one concerned the bottom “navigation bar” with Nos of pages with threads/posts /not reported as I considered it minor and easy to workaround/.)

In general, just my 2 cents:
Correct rendering of a (relatively) complex page as Xenforo is on such a wide variety of displays, resolutions, browsers, appearance settings, etc. is IMO really a difficult task, regardless of how responsive the page design is. We (I mean moderator team) performed quite a thorough testing, I think; but our equipment / working environments were definitely just a small subset of the reality...

You could maybe use Browserstack or an alternative to further increase your testing sample size .

 

[mraleph]

OCT requires a public presence and to impose even scaled anonymity and privacy isn't feasible. Perhaps, every member may access it thru some universal VPN agreed with OCT and not being accessible otherwise. Maybe to consider that MG members post the content in private forums with PGP encryption. Or, create an OCT application that will locally generate certificates for members and allow that all member tiers post the content with encryption.

This isn't NATO COSMIC TOP SECRET or USG SAP resource. And certainly not a resource for petty or serious and organized crime - as some l'agents provocateurs are implying. But, when you chose not to disclose beneficiaries and manager, then the technical aspect is a logical sequence - for whatever the reasons may be.

A short remarks about comfort.
Still, there is no back button - like it had been present in previous version - in the down left side; bloody hard to navigate from an iPhone when the OCT is put on home screen.
Previously, you could click on a new post in any particular thread from the main forum page - now you're landed on that sub-forum main page when clicking from main forum page; loss of time.
Post merger should be enabled in time to come

A safety and reliability one as well. As @JohnLocke said, OCT isn't a hobby project (anymore).
Without commenting your choice for domain registrar and hosting provider (jurisdiction and quality wise), TLS certificates provider (transparency wise) and DNS provider (reliability wise), OCT should have at least two different DNS providers - beside Cloudflare a selection should be made from IBM NS1, Vercara/UltraDNS or even Amazon Route 53 for reliability. There were glitches in previous days when I tried accessing the OCT. DNSSEC is enabled which is a standard nowadays. With two different DNS providers, multi-signed DNSSEC must be enabled.
Perhaps, instead of Name.com a different domain registrar should be chosen - 101domain or EnCirca (at both, 2fa is TOTP via authenticator application ) or Hover (2fa is via mail).
As for hosting provider, no comment - what you don't share I don't comment. But, clustered container or virtual machine set-up within two different locations is probably the optimal option.
Well, nothing to comment for mail provider - Proton isn't secure and never was - only an appearance of it. For OCT use, Google would have been better selection. But, current configuration offers at least some security-thru-obscurity - mail forwarded via icloud.
Current selection at Cloudflare SSL/TLS settings de-anonymizes OCT's TLS certificate provider and mechanism and allows trace-back When using Cloudflare, there is a secondary benefit of displaying TLS certificates from Google Trust Services. Your developer(s) should understand this.
Web-site and associated forum is as I noted a public resource. Whether an implemented and advertised firewall will mean anything in relation to hosted location and other protected values is to be seen in time to come.

Of course, all of this is my humble expert opinion and doesn't bound the OCT owners and management and their developers to any action or lack of it

 

[Forester]

OCT requires a public presence and to impose even scaled anonymity and privacy isn't feasible. Perhaps, every member may access it thru some universal VPN agreed with OCT and not being accessible otherwise. Maybe to consider that MG members post the content in private forums with PGP encryption. Or, create an OCT application that will locally generate certificates for members and allow that all member tiers post the content with encryption.

This isn't NATO COSMIC TOP SECRET or USG SAP resource. And certainly not a resource for petty or serious and organized crime - as some l'agents provocateurs are implying. But, when you chose not to disclose beneficiaries and manager, then the technical aspect is a logical sequence - for whatever the reasons may be.

A short remarks about comfort.
Still, there is no back button - like it had been present in previous version - in the down left side; bloody hard to navigate from an iPhone when the OCT is put on home screen.
Previously, you could click on a new post in any particular thread from the main forum page - now you're landed on that sub-forum main page when clicking from main forum page; loss of time.
Post merger should be enabled in time to come

A safety and reliability one as well. As @JohnLocke said, OCT isn't a hobby project (anymore).
Without commenting your choice for domain registrar and hosting provider (jurisdiction and quality wise), TLS certificates provider (transparency wise) and DNS provider (reliability wise), OCT should have at least two different DNS providers - beside Cloudflare a selection should be made from IBM NS1, Vercara/UltraDNS or even Amazon Route 53 for reliability. There were glitches in previous days when I tried accessing the OCT. DNSSEC is enabled which is a standard nowadays. With two different DNS providers, multi-signed DNSSEC must be enabled.
Perhaps, instead of Name.com a different domain registrar should be chosen - (2fa is via mail).
As for hosting provider, no comment - what you don't share I don't comment. But, clustered container or virtual machine set-up within two different locations is probably the optimal option.
Well, nothing to comment for mail provider - Proton isn't secure and never was - only an appearance of it. For OCT use, Google would have been better selection. But, current configuration offers at least some security-thru-obscurity - mail forwarded via icloud.
Current selection at Cloudflare SSL/TLS settings de-anonymizes OCT's TLS certificate provider and mechanism and allows trace-back When using Cloudflare, there is a secondary benefit of displaying TLS certificates from Google Trust Services. Your developer(s) should understand this.
Web-site and associated forum is as I noted a public resource. Whether an implemented and advertised firewall will mean anything in relation to hosted location and other protected values is to be seen in time to come.

Of course, all of this is my humble expert opinion and doesn't bound the OCT owners and management and their developers to any action or lack of it

Thanks for the valuable input!

1) Would you mind commenting my opinion
( IBM NS1 | Vercara/UltraDNS | Amazon Route 53 ) -> Vercara/UltraDNS and ( 101domain | EnCirca | Hover ) -> Hover as choices, quite generally?

2)

Proton isn't secure and never was - only an appearance of it.

Could we eventually discuss this in private? I am in no way associated with Proton and having no related interests; but I am a little bit aware about the historical roots of all this and consequently wondering about some aspects which are probably not of a general public interest...

 

[mraleph]

Thanks for the valuable input!

1) Would you mind commenting my opinion
( IBM NS1 | Vercara/UltraDNS | Amazon Route 53 ) -> Vercara/UltraDNS and ( 101domain | EnCirca | Hover ) -> Hover as choices, quite generally?

2)

Could we eventually discuss this in private? I am in no way associated with Proton and having no related interests; but I am a little bit aware about the historical roots of all this and consequently wondering about some aspects which are probably not of a general public interest...

In our corporate set-up, we are using Vercara and IBM NS1 for critical DNS management. Cloudflare DNS management is used for some edge use cases though, but in set-up with some of previous two. Regarding Cloudflare, we are using enterprise plan, only because of quite specific perks they offer. We don't use Amazon, but some of our clients are and - it works I don't have sympathies for Microsoft, Google, Amazon, Apple and other behemoths but, under specific scenarios, even myself will use something from them.

There is no clear winner between Vercara and IBM NS1 - it depends on plethora of circumstantial factors. But, they are top notch

Hover's back-end for DNS management is Tucows and was previously under IBM ownership. It has a credible history and some of our contractual partners are using Hover from the IBM period till now. No quality drop after acquisition. Domain lock and privacy are default options. DNS panel is quite correct - and while not declared for corporate end users, I wouldn't personally write it off. Njala also uses Tucows as back-end for some domains - but I don't consider Njala as serious solution for any corporate or even SME set-up.

EnCirca (US) has a slight marginal advantage over 101domain (EU/Ireland), but we are using them both for a domain portfolio management. Domain privacy and transfer lock are paid addons.

Safenames - as EnCirca's and 101domain's direct competitor - as domain registrar and portfolio manager is not only over-priced but also have sub-optimal brand management and hosting at Tier 3 DC that they claim is better then other competitors'. Their clients are behemoths, such as DELL.

Any domain owner should always have domain registered at one business entity - instance - with privacy and transfer lock, host the content or any other Internet resource at another instance, perform DNS management at third instance and have the zones signed with DNSSEC and procure TLS certificates from a fourth instance (Let's encrypt is quite okay, but for SME and higher, Sectigo is a way to go as DigiCert and other behemoths are simply over-pricing any serious OV and EV certifications) - where all instances are different and non-affiliated, thus no bundles of any sort.

I couldn't agree more about Proton AG roots and requirement for not publicly discussing them and all implications. Will drop a DM somewhere next week as I'm not sedentary - reading good threads and replying where my brain lighted up on this lovely Friday night.

 

[Forester]

In our corporate set-up, we are using Vercara and IBM NS1 for critical DNS management. Cloudflare DNS management is used for some edge use cases though, but in set-up with some of previous two. Regarding Cloudflare, we are using enterprise plan, only because of quite specific perks they offer. We don't use Amazon, but some of our clients are and - it works I don't have sympathies for Microsoft, Google, Amazon, Apple and other behemoths but, under specific scenarios, even myself will use something from them.

There is no clear winner between Vercara and IBM NS1 - it depends on plethora of circumstantial factors. But, they are top notch

Hover's back-end for DNS management is Tucows and was previously under IBM ownership. It has a credible history and some of our contractual partners are using Hover from the IBM period till now. No quality drop after acquisition. Domain lock and privacy are default options. DNS panel is quite correct - and while not declared for corporate end users, I wouldn't personally write it off. Njala also uses Tucows as back-end for some domains - but I don't consider Njala it as serious solution for any corporate or even SME set-up.

EnCirca (US) has a slight marginal advantage over 101domain (EU/Ireland), but we are using them both for a domain portfolio management. Domain privacy and transfer lock are addons.

Safenames - as EnCirca's and 101domain direct competitor - as domain registrar and portfolio manager is not only over-priced but also have sub-optimal brand management and hosting at Tier 3 DC that they claim is better then other competitors'.

Any domain owner should always have domain registered at one instance - with privacy and transfer lock, host the content or any other Internet resource at another instance, perform DNS management at third instance and have the zones signed with DNSSEC and procure TLS certificates from a fourth instance (Let's encrypt is quite okay, but for SME and higher, Sectigo is a way to go as DigiCert and other behemoths are simply over-pricing any serious OV and EV certifications) - where all instances are different and non-affiliated, thus no bundles of any sort.

A very clear and valuable explanation. Thanks!

I couldn't agree more about Proton AG roots and requirement for not publicly discussing them and all implications. Will drop a DM somewhere next week as I'm not sedentary - reading good threads and replying where my brain lighted up on this lovely Friday night.

OK

 

[JohnLocke]

Still, there is no back button - like it had been present in previous version - in the down left side; bloody hard to navigate from an iPhone when the OCT is put on home screen.
Previously, you could click on a new post in any particular thread from the main forum page - now you're landed on that sub-forum main page when clicking from main forum page; loss of time.
Post merger should be enabled in time to come

can you check if it works now for oyu ?

 

[mraleph]

can you check if it works now for oyu ?

The back button is back
Now, I can click on a user and a thread name, but still not particular post from the main forum page.
Can't check post merger.

 

[JohnLocke]

Can't check post merger.

Forget the post merger, once it is available we will announce it here in the thread