Thanks for the great feedback. Didn’t know about these S3 security features. Maybe Google Cloud storage has those features too. I will explore more.
Regarding HTTPS, I started out with HTTPS (The first day of my soft launch). I am using CloudFlare which directs the traffic to Digital Ocean servers. CloudFlare provides a default HTTPS service which secures the traffic from Browser to CloudFlare. (This is only half secure since the traffic from CloudFlare to your own server is still insecure. Having said that, the traffic is secure enough for a small start-up.)
When on the first day, I opened the site on Chrome, I got the dreaded Google message that “… The website might be malicious … Go back to safety…” etc. That sank my heart. Who would go to a new unknown website after such a message. After I removed HTTPS, that message from Google went away. Go figure - Google is penalizing you when you secure your website.
Anyway, I would love to get my site back on HTTPS and I would appreciate if anyone can help me with my current setup - Cloudflare DNS, Digital Ocean server, MUP for installation, and Meterohacks:cluster for load balancing.
Your set-up is definitely a lot more bigger and complicated than mine. I am using three Digital Ocean servers ($10/month, 1GB RAM), MeteroHacks:Cluster for load balancing and Cloudflare for security and to prevent any DDOS attacks, Mongo Atlas for database.
@juho, Regarding security, One redeeming feature that I have is the use of Mongo Atlas (rather expensive service though). I have chosen the “Secure” option where all data traffic from MongoDB server is encrypted. Also, all “Data at Rest” in MongoDB is encrypted too. So, if anyone were to ever hack the database server, all they will see is gibberish unless they can figure out the encryption key.
Regarding HTTPS using MUP, I’m using mupx-letsencrypt quite successfully, free SSL certificates from LetsEncrypt, automatically installed and renewed - sweet! @tsepelev has been very helpful on that thread I linked. Depending on which version of MUP you’re using, switching to that fork shouldn’t be too difficult. I’m using Amazon EC2 with Cloudfront CDN and mupx-letsencrypt at https://www.virtualinout.com/.
Good luck with OneFamily, it looks quite impressive!
Thanks for the info. I will try it out. My problem is that I am routing all the traffic through CloudFlare (works as CDN and also prevents any DDOS attacks) so I am limited to using their security certificate - and that gave me the Google error. I will try different options and see what helps.
Great work and congratulation on the launch . Can I ask how you went about prototyping the site? Did you use any paid tools or did you stick to free stuff such as Inkscape or Pencil? What CSS framework are you using?
hey I would love to register and use you new tool however when I place my cursor in sign form elements my browser warns me that "This connection is not secure. Logins entered here could be compromised"
Please could you inform us all once resolve this.
@timebandit, I did not use anything for prototyping. The design just evolved as I was coding. The three column design was inspired from one of the bootstrap templates.
It’s mostly custom CSS. I started out with MaterializeCSS but I found it buggy. I downloaded a local copy of it, debugged and changed some JS. Currently, I use their CSS just for Form elements, buttons and one dropdown menu. I am slowly phasing it out.
I use Flexbox for grid layout, placement of cards, and photoalbums. It’s great and it’s responsive. Open the website, login and change the size of the browser all the way down to a phone size. The entire layout magic happens because of Flexbox.
Thanks for letting me know this. The latest Chrome Build 56 that started rolling out this week is causing it. Basically, if the website is not HTTPS, Chrome 56 gives this message.
I just read this news yesterday and didn’t give it a second thought. But my signups yesterday went down by half and I was wondering what happened. Now I know. Google is scaring people.
Thanks for the feedback. I will leave everything else and focus on making the site HTTPS first. It’s really costing me users now. A WARNING to all new start-ups. With Chrome Build 56, HTTPS should be an integral part of your strategy and not an afterthought.
@warehouseman, I am aware of My Heritage. I think this is how my site differs from others -
They create Family Tree. We create Family Map. Family Tree grows vertically while Family Map fans out.
OneFamily has a Social network aspect to it which other sites lack.
Vision is not to copy Ancestry or MyHeritage but to create a social network of Families. Say, you create your family map and add your parents, your brothers & sisters and your spouse. They, each in turn, add their kids, their spouses, your spouse adds his/her parents. Your in-laws add their family and so on. Your parents add their siblings. Your uncles and aunts add their kids and spouses. The chain goes on. You can see pretty soon you can have hundreds of members in your family map. The whole structure fans out like LinkedIn.
Usually, one person in a family gets interested in genealogy. That person researches, and saves information in a shoebox. The shoebox goes into an attic. There is no sharing of information. OneFamily has that sharing built in automatically.
OneFamily doesn’t compete with Ancestry or MyHeritage. It complements them. Find your data there and save it in OneFamily.
OneFamily enables research through collaboration and sharing.
As the user base grows, OneFamily can discover your currently living distant relatives through profile matching of your ancestors. (My main quest to find my own family history and distant relatives that inspired the idea of OneFamily)
There are a lot of features planned around the Social aspect of OneFamily that will be released slowly.
@avalanche1, I am advertising through Google AdWords and the response has been phenomenal. I tried Facebook too but it was a waste of money. Google knows what you want because you search for that “key word”.
Once I get done with programming (still adding features), I will try to get some media attention. I don’t know how. Will figure it out later. I am taking life one step at a time.
Monetizing strategy - Sell ad space. Charge for some premium features (that are still to come)
Congrats! Awesome work for a pet project! But 4MB script size seems too big even for Meteor. I feel like there is quite a room for at least script size reduction (I’d keep “no bigger than 2MB” as a rule of thumb).
@barbatus Good observation but you’re proposing reduction in size by half which is significant. Can you provide some tips or point to reference materials on how to achieve such a reduction?
Thanks @barbatus, good starting point. Also I’m looking forward for the ability to split the client code, I think this will make all the different in the initial load time.
Yes I found Material UI buggy too, plus the way they have named their classes seemed cumbersome to me. I find that a lot of the build in elements in Semantic are pretty good but if you are going to build you own CSS definitions It’s cool too,