Write.as Development @writeas_dev@abunchtell.com

Next:

- Update templated pages with the instance's configured name instead of "Write.as" and its metadata
- Removing template exceptions for an "official blog" (i.e. https://write.as/blog/)
- Adding a setup process

Was thinking about leaving a nice setup process out of v1.0, but it'll be easy to add and make onboarding / installation much nicer.

On Write Freely again, removing code for handling sites across custom domains, subdomains, and paths. On a technical level, our blog lookup calls are now dependent on whether the blog is configured to be single- or multi-user.

(it's currently built for MySQL)

A big reason for the database code refactoring is that, besides making everything cleaner / clearer, the self-hosted version will also support different database backends, like SQLite. It won't be completely ready for that when the code is released, but the groundwork will be there.

Unofficially I might finish it this month :)

Good progress on Write.as open source today -- got the endpoints moved over and 2500 lines of database code migrated from global functions to struct methods. Left out all the API v1 stuff and removed paywall code.

Past 8 hours have been spent copying code, using tons of Vim macros to update everything, and build, fix errors, repeat. Now that it's compiling again, time to strip out more Write.as(the service)-specific functionality.

It's my day off, so despite the list of higher priorities, I'm going to do something relaxing: continue refactoring the web app into components.

This is a crucial step in open sourcing the platform, as it'll make the entire codebase more maintainable, and allow both the hosted and self-hosted platforms to share crucial code. It also makes the components reusable in other platforms we build, like @snap_as.

All those changes are happening now on the `develop` branch: https://github.com/writeas/web-core/tree/develop

I've been spending all my time over the past few days fending these guys off (apparently I've been talking in my sleep about it). But it's all worth it because it means: no CAPTCHA or email verification when signing up (two things I detest), and keeping anonymous posting open to everyone (besides spammers).

I'm fighting two strains of SEO spammers right now -- one repeatedly publishing anonymous posts (without signing up), and another publishing anonymous posts after creating an account.

The former is the hardest to fight -- IPs are all over the place, and no tracking means I can't mark individuals as spammers. Hence stricter spam rules.

The latter is easier. Essentially I can turn suspicious accounts into honeypots, which then waste spammers' time as they repeatedly try to publish.

Reduced the daily post volume by 75% (down to 500) with some pretty heavy-handed spam checks. They were set up so anyone familiar with Write.as wouldn't get caught up in the filter, but 2 legitimate users did. So I've relaxed it for logged-in users.

Some of these changes also involved improvements to the admin interface for deleting problematic users. (It always blows my mind that Mastodon doesn't allow this, but) the self-hosted version of Write.as will now include these kind of admin controls for users.

Okay, I'm finally slowing the influx of users and spam posts just by automatically marking people that use certain email domains as spammers.

Funnily enough, they don't seem to be noticing their posts are being blocked -- I'm returning a post ID that leads to a page that mercilessly trolls them for spamming the system, but they're not seeing it.

Anyway I'm pretty happy about this, as it's saving a lot of database space from being consumed with junk.

Needless to say this is the kind of junk I'd like to keep off the platform. So today has been about investigating all the crypto scams people try to spread via Write.as!

It's always been interesting seeing what people end up using the platform for.

Today someone asked me if I offer free bitcoin, because they saw an anonymous Write.as post shared on Facebook that contained just a link to this scammy site that alleges to "exploit the blockchain" to get you free BTC.

Of course, once it runs through some pre-programmed messages equivalent to "hacking... h4ck1ng m0r3..." it says you just need to send 0.001 BTC to some address to "verify" yourself.

Also, this desktop app stuff is going to be a regular thing for other products in the suite.

I can see @snap_as being a great desktop app, and I already wanted to make native @jot_as apps -- especially since it can build off the existing Write.as app.

Got the desktop app packaged up for the #elementary #AppCenter, just trying to see if things are going to work with the CLI with the way everything is set up right now.

Luckily most spammers follow similar patterns, and aren't very persistent. So every few months I get an influx and have to take a scalpel the points in the app where we accept data (posts or users), and gently block them without affecting thousands of normal users.

Again, not too difficult because spammers (especially pastebin spammers) also don't put a lot of effort into their spam. They usually have a signature.

Last month we saw over 6,000 new users!

Unfortunately, a huge change like that doesn't usually mean we're suddenly immensely popular and successful with everyone, but rather with spammers. Spending some time putting in more prevention measures.

@timapple Someone just did today, btw: https://github.com/writeas/writeas-gtk/issues/1#issuecomment-425938697

@elementary

@timapple Hmm, the desktop app page, or blog post?

If it was the blog post, it might've been a little slow to load since it was getting pounded by all the Masto instances fetching it.

@matt