Discussion of NodeBB Updates
-
@pjh Anyone who can get a fix out for security issues within 24 hours of them being reported deserves respect for actually taking that shit seriously.
-
@pjh said in Discussion of NodeBB Updates:
I'm guessing, from the response from the NodeBB team, that we're the only ones running master, seriously, in production.
We're also the only ones who ever test anything of theirs before it's been released.
I remember ages ago they had some bug that erased read markers, I can't remember, and I complained about the lack of testing, and they were like "well your board pulls directly from master, so that's why it's not tested", and then I asked what process is in-place to ensure that functionality gets tested before a point release is made and (crickets), natch there is none.
Fucking useless developers.
Kudos on finding the security problem BTW, too bad they're also broke and have no bounty program. ;)
-
@pjh said in Discussion of NodeBB Updates:
Only on master which most sites shouldn't be using in production anyway
And why the fuck we do that?
-
@wharrgarbl said in Discussion of NodeBB Updates:
@pjh said in Discussion of NodeBB Updates:
Only on master which most sites shouldn't be using in production anyway
And why the fuck we do that?
What website do you think you're on?
-
@polygeekery said in Discussion of NodeBB Updates:
@pjh at least they responded
TBH, I was totally surprised at how quickly - may have been a time-zone issue however; but given the whole thing was sorted within 21 hrs...
@wharrgarbl said in Discussion of NodeBB Updates:
@pjh said in Discussion of NodeBB Updates:
Only on master which most sites shouldn't be using in production anyway
And why the fuck we do that?
I have another idea for another Mafia game...
Anyway.
In serious answer, because that's what we started off with Discourse as - as a voluntary QA. that was actually explicit in the beginning IIRC.
Which went sour because of raisins. Which have already been alluded to.
Doing so with the NodeBB lot seems a lot more stress free on both sides.
Because (again - 2nd attempt lucky?) we knew we would be actually testing forum software rather than expecting it to be stable, and work for another 40 years like the stuff were were using before Telligent became Telligent.
Or, last time when we offered to be testers for an egotistic's dream for software for the next 10 years (when does that 10 years start btw. Oh - I know: )
Look - if you want a stable platform to do ██████ and █████. And possibly play Ludo as █████(play by post)██████ or ████ and █████, I'm sure there are other forums to ████ on and maybe ███. Or possibly █████.
But that's enough about another category.
I'm team Wear Wolves. Wolves. I wear them.
</pub>
-
@ben_lubar said in Discussion of NodeBB Updates:
What website do you think you're on?
That, and it's not like we can wait 5.6 picoseconds for a proper release. Quite a few users here demand fixes instantly.
-
@swayde said in Discussion of NodeBB Updates:
@ben_lubar said in Discussion of NodeBB Updates:
What website do you think you're on?
That, and it's not like we can wait 5.6 picoseconds for a proper release. Quite a few users here demand fixes instantly.
If we didn't get the broken version and make them fix it, everybody would get the broken version.
-
@swayde said in Discussion of NodeBB Updates:
Quite a few users here demand fixes instantly.
And, given the issue at hand - we basically got it.
-
@pjh said in Discussion of NodeBB Updates:
@swayde said in Discussion of NodeBB Updates:
Quite a few users here demand fixes instantly.
And, given the issue at hand - we basically got it.
I wasn't complaining, just noting the general opinion. NodeBBs rection was great.
I meant in relation to non critical bugs and new features. "We" as a group is quite trigger happy, and we complain when we get bitten. SOME of the bugs we get for being early might have gotten caught in regular testing, or by coincidence by the devs.
With all the customizations we have it also makes sense to stay as close to master as possible. I'm still in awe about thestegonographykjndwkjndwnkljdnlkjljkjh @ben_lubar implemented. That's proper magic.
-
@swayde said in Discussion of NodeBB Updates:
stegonography
steganography.
stegonography is pornography of stegosauruses.
-
@pjh said in Discussion of NodeBB Updates:
In serious answer, because that's what we started off with Discourse as - as a voluntary QA. that was actually explicit in the beginning IIRC.
Serious question: how many members here are actually aware we're NodeBB's QA team?
-
@ben_lubar said in Discussion of NodeBB Updates:
@swayde said in Discussion of NodeBB Updates:
stegonography
steganography.
stegonography is pornography of stegosauruses.
Fuck everything about the english language.
-
@swayde said in Discussion of NodeBB Updates:
@ben_lubar said in Discussion of NodeBB Updates:
@swayde said in Discussion of NodeBB Updates:
stegonography
steganography.
stegonography is pornography of stegosauruses.
Fuck everything about the english language.
The stenographer used steganography to hide stegonagraphy in plain sight.
-
@ben_lubar said in Discussion of NodeBB Updates:
@wharrgarbl said in Discussion of NodeBB Updates:
@pjh said in Discussion of NodeBB Updates:
Only on master which most sites shouldn't be using in production anyway
And why the fuck we do that?
What website do you think you're on?
Dev, obviously.
-
@raceprouk said in Discussion of NodeBB Updates:
@pjh said in Discussion of NodeBB Updates:
In serious answer, because that's what we started off with Discourse as - as a voluntary QA. that was actually explicit in the beginning IIRC.
Serious question: how many members here are actually aware we're NodeBB's QA team?
Including the inactive accounts? Practically none.
-
@raceprouk said in Discussion of NodeBB Updates:
Serious question: how many members here are actually aware we're NodeBB's QA team?
Yes.
Seriously - all the (active) ones still in use from Community Server, and most of the (still active) ones who started turning up at Discourse.
IMBW but I place you at the 2nd half of that game...
Oh - and anyone who posted in any thread in the "which forum should we choose" category.
-
@pjh Now for my follow-up question: how many of those are happy with the situation?
-
I wouldn't mind being their testers if they made even a SMALL effort to do SOME kind of QA process or code review or basically adopted even ONE good development practice.
-
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
Humans are never happy with the situation. it's a defining trait, I've found...
-
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
None but the ones in control it would appear. And even they weren't. But...
[sad, drunken story elided. Can't believe I spent 1½ hour typing what I've just deleted]
-
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
@blakeyrat isn't. That much we can be certain of.
-
@pjh said in Discussion of NodeBB Updates:
[sad, drunken story elided. Can't believe I spent 1½ hour typing what I've just deleted]
In case anyone's wondering (still drunk btw), @boomzilla was introduced in chapter 4. Got an update in ch. 19 and promoted in ch. 31.
@dhromed was chapter 16 (until about ch.34 where he went AWOL)
@MasterPlanSoftware was more or less there from the start but got killed off around ch. 13.
</more vodka>
I really don't have it me to do a fan-fic or slash story... anyone want to help. Else - of ourse.
-
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
I like having some bugs to complain, but sometimes it's annoying
-
@wharrgarbl said in Discussion of NodeBB Updates:
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
I like having some bugs to complain, but sometimes it's annoying
If bugs weren't annoying, they wouldn't be called bugs, would they?
-
@pjh said in Discussion of NodeBB Updates:
@raceprouk said in Discussion of NodeBB Updates:
@pjh Now for my follow-up question: how many of those are happy with the situation?
None but the ones in control it would appear. And even they weren't.
-
@blakeyrat said in Discussion of NodeBB Updates:
I wouldn't mind being their testers if they made even a SMALL effort to do SOME kind of QA process or code review or basically adopted even ONE good development practice.
We adopted some new-fangled concept called "source control". Will you give us some more QA now? Five or six units should suffice.
-
@julianlam keep giving blakey shit and I will keep liking you.
-
Now I'm wondering who the downboaters are. For kicks...
-
@tsaukpaetra said in Discussion of NodeBB Updates:
Now I'm wondering who the downboaters are. For kicks...
I'm sure they'd delete the post if they could.
-
@ben_lubar said in Discussion of NodeBB Updates:
@tsaukpaetra said in Discussion of NodeBB Updates:
Now I'm wondering who the downboaters are. For kicks...
I'm sure they'd delete the post if they could.
Shirley there's a script that could visually accomplish that effect? ;)
-
Right. Remember if anybody says you should actually take pride in your work and not just shit out broken products, point and laugh at them because they are stupid and wrong. Natch.
You may all pile on and tell me how stupid I am as I mute this thread.
-
@blakeyrat said in Discussion of NodeBB Updates:
You may all pile on and tell me how stupid I am as I mute this thread.
Your pram appears to have lost some toys - here, let me pick them up for you....
-
That's the one curse with OSS, it's hard to get good QA, especially for something security related because fewer people understand it.
But getting a fix out in 24 hours for an OSS project where people aren't paid to work on it, that's pretty good going indeed.
-
@arantor said in Discussion of NodeBB Updates:
That's the one curse with
OSSsoftware, it's hard to get good QA, especially for something security related because fewer people understand it.FTFY
-
@raceprouk true but companies theoretically could pay for a QA person, OSS usually can't.
-
@pjh said in Discussion of NodeBB Updates:
I really don't have it me to do a fan-fic or slash story... anyone want to help. Else - of ourse.
I'd read that on a stream!
Dibs on reading boomzilla !
Filed under: INB4 I'm all the characters anyway, #injokes
-
@blakeyrat said in Discussion of NodeBB Updates:
Right. Remember if anybody says you should actually take pride in your work and not just shit out broken products, point and laugh at them because they are stupid and wrong. Natch.
Just because people take pride in their work and do their best doesn't mean they're infallible.
How do you unit test security leaks?It's as if you are unaware of how complex software development can be. Which I know you're not.
Edit: wrote "infallible" correctly the first time around, but confused "they're" and "their". Amazing.
-
@zecc said in Discussion of NodeBB Updates:
How do you unit test security leaks?
You don't: that's what penetration testing is for. Thing is, that's expensive, and usually totally out of reach of OSS projects.
-
@raceprouk even Qualys and its automated scans are unaffordable expensive for most projects.
-
@raceprouk said in Discussion of NodeBB Updates:
that's what penetration testing is for
And fuzzing!
-
@yamikuronue said in Discussion of NodeBB Updates:
@raceprouk said in Discussion of NodeBB Updates:
that's what penetration testing is for
And fuzzing!
AKA The Likes Thread
-
@arantor said in Discussion of NodeBB Updates:
an OSS project where people aren't paid to work on it,
Someone's making money, who the fuck's getting paid then?
Maybe that's the new open source model. Have optimistic suckers like Ben L do all the hard work for you, don't give them any of the moneys. The "open sucker" development methodology. All you need is idealistic suckers.
-
@zecc said in Discussion of NodeBB Updates:
Just because people take pride in their work and do their best doesn't mean they're infallible.
They haven't even fixed the very first bug I saw in this piece of crap.
-
@blakeyrat ok, that I didn't know about and take it back in this case. However, most OSS projects don't do this.
-
@blakeyrat said in Discussion of NodeBB Updates:
You may all pile on and tell me how stupid I am as I mute this thread.
How many threads do we have to go before your unread is entirely blanked?
Asking for a friend.
-
@polygeekery this shouldn't be funny and I shouldn't encourage it, but somehow it is kinda funny.
-
@arantor said in Discussion of NodeBB Updates:
@blakeyrat ok, that I didn't know about and take it back in this case. However, most OSS projects don't do this.
Do you have data to back this? If you discard unpopular shit nobody is using, there is plenty of OSS with paid developers.
-
@wharrgarbl except you can't discard unpopular shit.
There is plenty of OSS that people get paid to work on. However, vastly vastly more OSS is written that doesn't get paid for. And using an arbitrary definition for something like "popularity" doesn't work unless you're setting up for straw men.
-
@arantor said in Discussion of NodeBB Updates:
@wharrgarbl except you can't discard unpopular shit.
There is plenty of OSS that people get paid to work on. However, vastly vastly more OSS is written that doesn't get paid for. And using an arbitrary definition for something like "popularity" doesn't work unless you're setting up for straw men.
Show me the data. And a cutting point on popularity is needed, or your research will be flooded by single-developer broken libraries with less than 100 lines of code.
-
@arantor said in Discussion of NodeBB Updates:
@polygeekery this shouldn't be funny and I shouldn't encourage it, but somehow it is kinda funny.
A man needs goals. Most of mine are stupid and petty.