There were some big milestones this week. The introduction of user reputations and post/comment scores means all users now have the same permissions, and we're now relying on CAPTCHAs, rate limiting, and The Algorithm™️ (currently just a simple prototype) to keep things from going completely off the rails.

• Introduced user reputations as a float in range [0, 1] (inclusive). Your reputation is currently based on your role, the age of your account, whether or not you have a verified email address, and whether or not you bothered to customize your profile. User reputations are visible on profiles.
• Introduced “Top” post and comment sort types that work on post and comment scores. Scores are displayed next to posts and comments.
  • The post score is currently just a combination of the author’s reputation and the age of the post, and it uses a classic decay algorithm similar to inferior shitposting platforms like Reddit, Hacker News, etc.
  • The comment score is currently based on the author’s reputation.
• Introduced rate limits.
  • Global IP-based rate limits via nginx and ngx_http_limit_req_module
  • User-based post and comment limits via Flask Limiter
• Simplified deployments to make it easier to try out different WSGI/ASGI servers in the future.
• The number of invalid automated requests is slowly decreasing.
  • Spent a bunch of time tuning the fail2ban filters. Almost every scan get stopped after just two requests now.
  • The front page now returns a 404 status when using query string parameters that return zero posts. Since I always used to return 200s for everything, many search engines were still requesting pages from fifteen+ years ago!
• Misc. frontend updates