You may have noticed a few weekends ago some spammers at Cafe were putting up entries which were redirecting you to their sites as soon as you landed on certain TPM pages. This kind of attack (called cross-site scripting) uses javascript to take command of the browser for malicious ends. To combat that, while we were developing a fix, we disabled self-registration and asked users to email us if they wanted to start an account. That way we could make sure bots weren't signing up and injecting harmful code into Cafe pages.

Last night we deployed a security fix that will prevent these kind of attacks by stripping out certain HTML tags from entries, such as the <script> tag. We're also stripping out the <style> tag, which can alter the legibility and structure of the site. These changes won't affect the majority of users, but please be advised if certain tags "disappear" from your entries on save, this is what is going on.

Another note -- we have elected to whitelist tags that allow embedding videos. Though this allows a high level of freedom (and a certain amount of risk), we felt that sharing videos was an integral part of TPMCafe discussion. If these tags are abused, however, we may have to reconsider.

Please let me know if you see anything funky by emailing me at al@ this domain. Thanks.

If you're interested, I have written a post on the ideas, process and technologies behind the recent TPM front page redesign.

If you're curious, I have written a post about the sausage factory behind the new TPMDC and Cafe feature sections.

We did some maintenance on rec lists yesterday, and we are investigating residual issues. Are you noticing anything out of the ordinary with rec lists?

Edit: I'm referring to master rec lists on EC/Muck/TV/Cafe, not personal rec lists. I think all should be fixed now, but I'm still on the lookout for weirdness.

Hi all,

We've been doing a bit of maintenance on the myTPM software in the past week, and have witnessed some unexpected behavior, especially in publishing entries. If you've seen anything funky lately, please comment-- I'd like to use this thread as a clearinghouse for any new bugs, glitches or concerns that have cropped up. Please be specific in reporting, and thanks in advance!

Today I'd like to discuss a couple changes that will both fix the last of the myTPM transition bugs, and add a whole new level of functionality to TPMCafe.

Today we are installing two new Movable Type plugins lovingly hand built for us that will make it much easier for content to flow back and forth from main blogs such as the TPMCafe home page and the main reader post page to individual reader and contributor blogs. The best result of the change is the reinstatement of a full master reader blog archive (which is being deployed right now). But, just as the plugin will pull posts from all reader blogs into a master blog, we'll also be using it to spin off individual blogs for Cafe contributors by pulling their posts from TPMCafe into their own personal blogs. So if you'd like to follow M.J. Rosenberg or Theda Skocpol, you'll now see their blogs populated with their latest posts.

More long term, I'm pretty excited about the possibilities of moving content around Cafe by pushing content up to the main blogs and back down to individual blogs, and I look forward to using this technology to further integrate reader-submitted content with contributor and edited content at TPMCafe.

We do have to go through and manually create all of these "contributor blogs," so you'll see more and more of them pop up soon. For now, only Reed Hundt's is fully functional

Moreover, I have been reading your comments and bug reports on threads on this and other blogs, and we are looking into the problems. At this point, if you're still having trouble with the YOUR BLOG link, try clearing your cache, deleting your cookies and restarting your browser. Thanks!

Late Update: Another new feature today-- I have added a "Report Abuse" button to every comment. If you click that, we'll get alerted that someone believes the comment violates our terms of use. It may take a while for the button to propagate throughout the blogs, so don't be alarmed if you don't see it on every post yet.

More good news today. We have just deployed the first of two rounds of bug fixes. We're kicking off a global rebuild of the site, so these fixes will gradually start showing up for all users over the next day or so.

The fixes:

• Replies: You will now get updates in your dashboard when someone who you are not following replies to one of your comments on your blog
• Comments and Recs pages on your blog should now instantly update
• The YOUR BLOG link in the top nav bar will now work if you have a two word username.

We're also going to roll out another set of bug fixes next week, and I'll talk more about them then.

Bwakfat and Clearthinker suggested that rather than simply collapsing comment links for posts with comments disabled by the author, we grey them out to avoid mistaken recommends.

I have done just that. Hopefully this is a good resolution to a rather thorny problem. Here's a screenshot of what it now looks like:


To make it clearer, I have also added a line of text to the comments area in entries with disabled comments to make it clear that closing comments was the user's decision and not a technical glitch.

I have added metadata to recent and recommended reader post lists throughout the site. Now, at a glance, you can see the number of comments and recs each post has before clicking through to it. I have also moved the rec lists up to the top of the sidebar on the TPMCafe homepage for greater visibility. Hopefully having these two metrics in the lists will allow you to gauge -- at a glance -- how the top TPMCafe posts are trending, and what is generating discussion and interest. Over the coming weeks and months, we're going to keep tweaking TPMCafe for better ways to highlight top reader content.

We've also heard you loud and clear on the remaining bugs-- we have two rounds of bug fixes in the pipeline, and I'll post more when they have been deployed.

I've put the 10 most recommended entries of the day into your dashboard sidebar. Enjoy!

There is a thread going here about the possibility of closing comments on your posts. This isn't a bug, it is part of the blogging software. You can choose to not accept comments on your posts by uncheking the Accept Comments checkbox under the categories box on the right side of the Create Entry page. Since the comment link won't show up on posts with closed comments, prospective commenters should be vigilant when browsing the site so as not to accidentally recommend a post if they actually want to comment on it.

There have been a few threads about myTPM problems. I'd like to use this post to share our official bug list with readers, and collect other issues you are experiencing. Most of what you telling us are already known issues. But if other bugs crop up, I'd like to hear about them. Here's what we're working on:

• The footer of the site sometimes floats up to the top when logged on IE7
• Layout and dashboard avatar grid problems with IE6
• Archives not updating on the All Reader Posts page (I can mitigate this somewhat by posting occasional archive rescue entries, but we're working on a real solution)
• YOUR BLOG button in the top nav bar not working if your username has spaces in it. (In the meantime, you can get to your blog with this url pattern: http://www.talkingpointsmemo.com/talk/blogs/your_username_with_spaces). We're working on making this automatic.
• Certain non-blog content showing up in dashboard e.g. headlines, polls, etc.
• HTML code showing up in the dashboard
• Comments and Recommends tabs on blogs not updating

All of these are known issues, which we are actively working to combat. If you're seeing other problems, please let me know in the comments.

Also - for the best user experience, I highly highly recommend using the latest version of Firefox or Safari. A few of these bugs (mostly style and layout issues) only affect Internet Explorer users, and using a modern browser will give you a much better web experience in general.

In a thread on a previous entry, people have mentioned a problem with their recommend page on their blogs not updating. Let me explain this. Better to do here, than in a comment which will soon be buried. Like many pages on the site, the recommends tab needs to be republished periodically. It is a static page that doesn't reflect immediate changes, but is republished in response to certain triggers. It is not random, and there isn't a "lag" on its updating. If one of these "triggers" isn't set off, the page won't update, and you're stuck with old comments. We're looking into optimizing the republishing of these pages so they will reflect the most recent information.

We have been working on a number of bug fixes and tweaks in the last day. We have fixed:

• A login issue with some versions of Safari that would automatically kick you to a login page if you're visiting the homepage
• A bug that would only show you information in your dashboard from the 20 people you most recently followed
• A bug with the All Reader Posts not updating in a timely manner

We're looking into a number of other issues, and I'm thrilled that our readers are loving and using the new tools. As always, I'm interested in hearing your comments.

Three staffers liveblogging, a TPMCafe open thread, and tons of readerbloggers pumping through myTPM. Love it!

Talk to me