Give this person a prize (or at least an upvote)!!!

I've finally been able to use the forum title I initially wanted! :_)
Pity the return carriage doesn't keep words together though...

And look what I found. But perhaps I shouldn't point it out; gods know what hideous solution GOG might think of.

But nice catch. Pretty sure GOG didn't say anything as to not spoil the surprise. Or they think that every one of us is looking into and fiddling with that setting at least five times a day, so no way we'd miss the change.

Wonder how difficult it is to make the online/offline indicator's position relative to how much space the forum tag takes up, and move down accordingly, instead of placing it at the very bottom.

Yeah, that's the first thing that I sadly noticed. My poor bear is getting chopped off :(

I'm pretty sure that's it's just one line of code to fix this....

I wonder why a reply icon would be there (other than the obvious reason that I replied to you). I hope that means they’re going to implement last read posts.

Why is it even displaying things differently depending on the level of zoom? It seems weird to me. That being said, it’s also pretty funny—if you fully zoom out, it kinds of looks like Chinese since all characters are close to each other. :P

(Also, while testing zoom levels, I noticed that the icons are not vector‐based graphics, so they look really ugly at 500%.)

It's always placed in front of reply-posts, but one can see only the ones addressed to them, and only when logged in, of course. And if you're quoted multiple times in a reply-post, then it appears equal times.

If they're going to implement "go to last read post", this is not an indicator for it.

Huh? Are you using a user‐made extension? I’m not, and I’ve never experienced that behaviour.

I also always had that and just to make sure it was not because of one of the scripts, I disabled everything and I still have the reply icon in the post where someone replied to me. So maybe something on your side is blocking the icon?

Weird. I use Chrome, and I don’t have any extensions, except for the four pre‐existing, Google Docs–related ones. And I don’t think I’ve changed any meaningful settings. (I also think I used Firefox enough time to see the icon, but I never did.)

Anyway, it doesn’t seem very useful to me, so it’s not like I was missing out on an awesome feature. :P

Yeah true :D

A native GOG feature that doesn't work on Chrome as intended? Colour me surprised.

Security flaw in GOG login authentication:
The GOG website properties do not require you to enter the 4 digit validation code that they send to you via email in order to allow you access back into your account.

Details:
A few days ago I decided to change my password on GOG from within Galaxy client. The password change went ok and I remained logged into Galaxy and did not need to do anything special to continue using it. I then switched to my web browser running in Linux and I had been logged out of my account, which I consider a safe security measure when a password has changed. I then expected to have to manually log in to each browser and re-enter my new password and then to go through the 2FA 4 digit code verification process. My expectations were correct and GOG popped up the verification dialogue box awaiting for the 4 digit code that they claim to have just emailed me.

At this point - so far so good, everything working as expected.

Unfortunately due to reasons beyond my control, my email server was receiving email just fine but I was not able to log in to it due to a technical problem on the server end which I ended up having to wait for a day or so for someone else to resolve it. As a result I was unable to receive the verification email that GOG sent to me, nor see if I even received it. At this point there was nothing that I could do other than wait for the weekend to get over and hopefully contact the admin to get the email server problem resolved so I could then have GOG resend a fresh code to me via email and complete the verification process. As such, I went to bed.

The next day I woke up and when I got around to the computer and attempted to try logging into GOG again, whereas the previous time it required me to do 2 factor authentication and input the verification code - now it just silently let me log in without verifying anything at all. I had several different web browsers which all needed verification and GOG's login authentication conveniently let me bypass this 2FA step entirely on all of them. I'm typing this right now in one of the browsers that was not authenticated via 2FA verification.

I got my email problem sorted out later that day and discovered the codes GOG sent me however even if they weren't expired I didn't need to use them anyway because GOG let me log in without 2FA using my new password anyway.

In conclusion: GOG still has some major flaws in their authentication security with respect to 2FA. Hopefully they get it sorted out sometime.


(Note: I'm merely reporting this here so there is a record of it for others to see. Not looking for any advice/help/suggestions so no need for anyone to respond with things to try or other advice. If anyone was considering doing that, thanks for your kind thoughts but I'm good. :P )

Yeah that bothers my bear too! Not even a manually "<br>" does its job as you can see...*sigh*
@GOG: We won't ever get a perfect GOG, do we? ;-P

There seems to have been a caching server issue, since I did lose threads, replies to threads and even access to GOG website and RSS feed a few minutes ago, but everything seems to work now. So most likely an unexpected server restart.

GOG switched to https across the site quite a while back, but there are still some remaining http turds remaining in their website code. If you visit the forums they contain a URL embedded in the page that links to the same page you're on using a fully pathed http link even when you're on https. This page itself contains: (Not sure if the forum code will mangle any of that)

There are a variety of other URLs, offsite and on throughout the page that use http when https should be used. Both Google.com and mozilla.org for example have been https enabled for eons, so any URLs present should be https wherever possible whether on GOG or offsite where they officially support https.

On site, the best way to handle it is to not specify the URI, and write the URLs as:

//www.gog.com/whatever

Looking through the page I can see GOG is already using the non-specified URI syntax, however it isn't applied everywhere, leaving many hard coded http:// links to www.gog.com remaining. I discovered this because I use NoScript and everything works fine however I noticed in the "Recently Blocked" section of NoScript that "http://www.gog.com" was blocked. Since the site is supposed to be entirely https now I wondered why GOG would be attempting to load Javascript over http on www.gog.com at all.

If they're using HSTS, these would be upgraded to https, however they're still site bugs that should be fixed, as should the offsite links that are http where https is supported for a long time as well.