AO3 News

Highlights from Open Doors Chat

Published: 2013-02-08 13:03:40 -0500

As we reported early last month, due to delays in setting up the automated import for 852 Prospect, we are working to support authors who are interested in manually importing their stories into the Archive of Our Own.

A public chat, hosted by the Open Doors and Support committees, was held on Campfire (the online chat platform the OTW uses) on February 2. You can now read the highlights. The second chat will be on February 10 at 01:00UTC. (Click the link to see when the chat is being held in your timezone). You can access OTW’s public chatroom using this guest link.

If you have questions and are unable to make it to the chat or have additional questions after, you can always contact Open Doors for further information.


Site security (constant vigilance!)

Published: 2013-02-07 17:25:55 -0500

While developing the Archive of Our Own, site security is one of our top priorities. In the last couple of weeks, we've been reviewing our 'emergency plan', and wanted to give users a bit more information about how we work to protect the site. In particular, we wanted to make users aware that in the event of a security concern, we may opt to shut the site down in order to protect user data.


Last week we were alerted to a critical security issue in Ruby on Rails, the framework the Archive is built on. We (and the rest of the Rails community) had to work quickly to patch this hole: we did an emergency deploy to upgrade Rails and fix the issue.

As the recent security breach at Twitter demonstrated, all web frameworks are vulnerable to security breaches. As technology develops, new security weaknesses are discovered and exploited. This was a major factor in the Rails security issue we just patched, and it means that once a problem is identified, it's important to act fast.

Our security plans

If the potential for a security breach is identified on the site, and we cannot fix it immediately we will perform an emergency shutdown until we are able to address the problem. In some cases, completely shutting down the site is the only way to guarantee that site security can be maintained and user data is protected.

We have also taken steps for 'damage limitation' in the event that the site is compromised. We perform regular offsite backups of site data. These are kept isolated from the main servers and application (where any security breach could take place).

In order to ensure the site remains as secure as possible, we also adhere to the following:

  • Developers are subscribed to the Rails mailing list and stay abreast of security announcements
  • We regularly update Rails and the software we use on our servers, so that we don't fall behind the main development cycle and potentially fall afoul of old security problems
  • All new code is reviewed before being merged into our codebase, to help prevent us introducing security holes ourselves
  • All our servers are behind firewalls
  • All password data is encrypted

What you can do

The main purpose of this post is to let you know that security is a priority, and to give you a heads up that we may take the site down in an emergency situation. Because security problems tend to be discovered in batches, we anticipate that there is an increased risk of us needing to do this over the next month. In this case, we'll keep users informed on our AO3_Status Twitter, the OTW website and our other news outlets.

Overall site security is our responsibility and there is no immediate cause for concern. However, we recommend that you always use a unique username / password combination on each site you use. Using the same login details across many sites increases the chance that a security breach in one will give hackers access to your details on other sites (which may have more sensitive data).

We'd like to thank all the users who contacted us about the latest Rails issue. If you ever have questions or concerns, do contact Support.


Tiny Release Notes for Release 0.9.5 Redux

Published: 2013-02-04 13:10:09 -0500

After deploying version 0.9.5 of the Archive last weekend, we (along with the entire Ruby on Rails community) were alerted to a critical security issue that had to be fixed immediately. We had just upgraded to Rails 3.0.19 and were working on fixing an unexpected bug this upgrade had caused: work information in subscription emails had lost its line breaks and arrived in one hard-to-read blob.

We deployed the security patch, together with the updated work information code, last Monday, and are now working on the next regularly scheduled release. Many thanks to Elz, Jenn Calaelen, Lady Oscar, Sarken and Scott for their contributions to this code update! Some information about the current security concerns regarding Ruby on Rails, and the measures we take to protect our servers and users, will be posted later.

As always, you can find currently known issues (and some workarounds) on our Known Issues page, and you can always contact Support in case you run into problems or have any questions.

Release Details


  • Added a Tumblr button to the "Share" box available for all works: it will create a new Link post with work title, URL, and work information already filled in - you just have to add tags and push the button!

Bug Fixes

  • Upgraded Rails
  • Fixed the "Share" text to include HTML for line breaks, making it display correctly in email notifications as well as any blogging platform that accepts HTML-formatted text
  • Also added Additional Tags to the work information block; they had been missing previously


852 Prospect - Manual Import Support Chat Reminder

Published: 2013-02-01 13:02:57 -0500

As we reported early last month, due to delays in setting up the automated import for 852 Prospect, we are working to support authors who are interested in manually importing their stories into the Archive of Our Own.

There will be two public chats, hosted by the Open Doors and Support committees, on Campfire (the online chat platform the OTW uses). The first will be on February 2 at 22:00UTC. The second will be on February 10 at 01:00UTC. (Click the links to see when the chat is being held in your timezone). You can access OTW’s public chatroom using this guest link.

If you have questions and are unable to make it to the chat or have additional questions after, you can always contact Open Doors for further information.


Fandom Tags: Now with More Articles!

Published: 2013-01-27 13:52:21 -0500

Good news for users browsing fandoms on the AO3 -- alphabetizing titles by articles such as "the" or "das" or "los" is now a thing of the past!

With this latest AO3 release, the Fandom names on the media pages now will sort alphabetically regardless of articles. Previously, the code that generated pages like the Theater Fandoms page sorted by the first letter of the canonical fandom tag name. Because we wanted the tags to be sorted alphabetically, we had to remove articles from the names of the fandom, unless the fandom name was only two words or otherwise was confusing without the article. Needless to say, we've been seeking a solution to this for some time, but required something internationally compatible that wouldn't strain our servers.

This deploy gives wranglers the ability to set a "sort name" on canonical fandom tags that is separate from the "display name". So we can now have fandom names such as "The Crucible - Miller" display the article, but be sorted under "C".

The deploy also ran an automated process on our existing fandom tags that should have automatically changed the sort name for tags starting with: a, an, the, la, les, un, une, des, die, das, il, el, las, los, der, and den. In some cases, this auto-corrected some fandom names incorrectly ("Die Hard (1998)" sorting under "H", for example).

This still leaves a large number of tags that need to be manually adjusted, as they had an article removed to allow proper sorting under the old system. The Tag Wranglers are working through the fandom tags, restoring articles where the fandom name should have one, and fixing any incorrect changes. It will not be an instant process, given there are over 11,000 canonical fandom tags on the Archive, so we ask for your patience if it takes us a while to fix your particular fandom.

In the meantime, if you have questions you can ask here or send a question to our Support team, who'll pass it on to the Wranglers. The Tag Wrangling Committee also has a Twitter account at ao3_wranglers for all sorts of tag-related discussion.


Release Notes for Release 0.9.5

Published: 2013-01-26 09:43:05 -0500

Welcome to Release 0.9.5! Ariana, Elz, Enigel, Lal, Sarken, and Scott S contributed code to this release, which was tested by our awesome testing team: Ariana, Elz, Emilie K, Estirose, Jenn Calaelen, Kylie, Lady Oscar, Mark B, Sam J., Sarken, and Tai.

We're starting into the new year with a small collection of fixes and improvements, with a bigger release slated for the February/March deploy. As always, if you run into any problems or have any questions, please contact Support. If you want to know if a feature you'd like to propose has already been suggested, or has been approved by our coders for a future update, visit our Feature Requests board (see the Internal Tools FAQ for more information).


Ignoring articles when sorting fandoms

On each media subpage, such as for Movies or Video Games, fandom tags were listed alphabetically, leading to somewhat irregular results when looking for fandoms starting with "The" or other articles. We have now changed the sorting code to ignore articles (a, an, the, la, le, les, un, une, des, der, die, das, den, il, el, las, los), while also giving the tag wranglers an option to manually override the sorting for a given tag in case of clashes. (For example, the German article "die" would lead to "Die Hard" being sorted under H, which is undesirable.)

No more OpenID

We've finally gone ahead and removed all support for OpenID accounts - a system we could never fully support, as the infrastructure behind it isn't without its own problems and our invitation system meant you couldn't just go ahead and use your OpenID login to create an account to begin with. We might consider different ways of accessing the site in the future, but as little more than a password replacement OpenID has outlived its use.

Activity log for admins

In this and the next several code updates, we'd like to focus on tools and enhancements for the people "behind the scenes" - members of the Abuse team, Open Doors, Support, Tag Wranglers, and so on. We're starting with a more convenient overview of recent admin activity, collecting all changes made to works by Abuse personnel, such as tag changes or deletions of works that were found in violation of the TOS.

Most of these enhancements will be invisible to the casual user, but we're hoping to make our volunteers' lives a little easier and enable a smoother experience for everyone.

Known Issues

See our Known Issues page for current issues. This list is updated with each release, so please make sure to give it a glance before contacting Support - it might just offer you a temporary solution to your problem right away.

Release Details


  • Removed OpenID support
  • Added an activity log for Abuse admins
  • Made fandoms on media subpages ignore "the" and other articles when sorting alphabetically

Bug fixes and backend enhancements

  • The list of fandoms on a user's homepage was potentially breaking anonymity if the user had posted only anonymous works for a fandom, making it guessable which work in a collection belonged to them; this has been fixed to not display the fandom for anon works either in the list or the filters
  • Clicking "Edit Tags" from a work saved as a draft would take you to a form where your only option to save the tags would post the draft; this has been fixed
  • When marking a work for later, a success message would let you know it had been added to your history; it now helpfully links to your actual "Marked for Later" page
  • Accessing the "new comment" page attached to a restricted work would allow guests to leave comments on said work (without actually being able to see the work itself), this has been fixed to allow only logged-in users to comment
  • Fixed a problem with the caching on some collection fandom pages, where the works listing wasn't always updating properly
  • The notification emails for collection owners wouldn't be sent when someone added a work to a collection and also made it part of a series at the same time; this has been fixed
  • In preparation for the 852 Prospect archive import, we made some helpful changes to the page authors can access to claim their imported works
  • The page to change your username was quietly loading all usernames currently registered on the Archive, presumably in an attempt to make sure your choice hadn't been taken yet; this didn't actually work and was also a huge drain on the servers, so the code was changed
  • Changing your email would work even when the address given in the confirmation field didn't match your desired address; this has now been fixed
  • The Report Abuse form was behaving erratically; it now correctly sends a copy of the report if you enter an email address, and flashes an error if you request a copy but don't enter an address
  • A bug was preventing Abuse personnel from editing work tags and warnings on works that had been found to violate the guidelines for warnings; they can now follow through on procedure as laid out in the TOS
  • The invitation email was inviting you to join an "Organization of Transformative Works" project; the "of" has been silently replaced with the vastly more correct "for" now (oops)
  • On a user's Related Works page, their own translations were coded as an invalid mixture of tables and lists; this has now been fixed
  • Upgraded the version of Ruby on Rails our code runs on to make it easier to incorporate security updates and to pave the way for bigger upgrades in the next few months
  • We run a mirror version of the site that we use for testing, and it's now running in staging mode rather than production, which lets us customize and track things a little more easily


Farewell OpenID

Published: 2013-01-22 17:51:30 -0500

We announced quite a long while ago that we were phasing out the use of OpenID on the AO3. While the feature was convenient for some users, a very small percentage of accounts were using an OpenID login, and the amount of time spent on maintaining the feature outweighed the benefits of offering it as an option.

When we made the decision to phase out OpenID, we removed it as an option for new accounts. We're now removing the option completely, which means that existing accounts which are using OpenID logins will need to switch to logging in via a username and password combination. Only 57 users are currently logging in via OpenID, so this will not affect many people (we will be emailing all those users who do not currently have a password set up).

If you're currently using an OpenID login, you need to do the following:

1. Check your username (the default name for your account)
2. Log out of the Archive and choose the 'forgot password?' option next to 'Log in'.
3. Enter your username or email address to have a password emailed to you.
4. Log in using your username and the password which was sent to you.
5. Go to your profile to set a password of your choice.
6. Log in using your username and chosen password from now on.

We're sorry to those of you who did find the OpenID option useful. We'll continue to consider different login options going forward, but it's important to us to have something we can commit to maintaining fully. If you encounter any problems during the switch, please contact Support!


Scheduled downtime: firewall upgrade

Published: 2013-01-16 06:24:06 -0500

The Archive of Our Own will have some scheduled downtime on Thursday January 17 at 18.30 22:00 UTC (see what time this in in your timezone). We expect the downtime to last about 15 minutes.

This downtime is to allow us to make some changes to our firewall which will make it better able to cope under heavy loads. This will help with the kinds of connection issues we experienced last week: our colocation host has generously offered to help us out with this (thanks, Randy!).

As usual, we'll tweet from AO3_Status before we start and when we go back up, and we'll update there if anything unexpected happens.


Pages Navigation