:wtf: How can this be so wrong??? (AKA the Discopocalypse thread)
-
@abarker
I think my biggest kick is that the guy who did the cleanup is using a Simpsons avatar.And then I was like "where's the solidarity???"
-
@fbmac said in How can this be so wrong??? (AKA the Discopocalypse thread):
@JBert I usually recover my phone as soon as she grab it from my hands, before she does much
So you can delete the posts yourself?
-
WTDWTF memes live on meta.d1
1Some developer console usage required
-
@izzion
Nice categorization:
-
RegEx is hard, let's go shopping!
-
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
RegEx is hard, let's go shopping!
For the record:
WEBSITE_REGEXP = /(^$)|(^(http|https):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(([0-9]{1,5})?\/.*)?$)/ix
- Let's use the
x
flag but put everything on one line anyway. - Let's use
{1}
because it's really important to say it must be only one character over there. \.[a-z]{2,10}(([0-9]{1,5})?\/.*)?
... I don't even
- Let's use the
-
@Zecc Here's my proposed replacement regex*:
wget $url
.*OK, I admit it, it's not technically a regex. But it does have a funny character in it.
-
@RaceProUK
Oh, yes, let's fetch a web source using unsanitized user input. Totally no s in that concept.it!
-
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
\.[a-z]{2,10}(([0-9]{1,5})?\/.*)?
... I don't even
What are the rules for valid TLDs though?
"Whatever you can buy off IANA"?
-
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
What are the rules for valid TLDs though?
If you're checking anything more than 'at least two letters', you're
-
@RaceProUK said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
What are the rules for valid TLDs though?
If you're checking anything more than 'at least two letters', you're
Can't you just use a library?
-
@aliceif said in How can this be so wrong??? (AKA the Discopocalypse thread):
Can't you just use a library?
I guess I could, but it seems such a waste to walk all the way over there just to check a URL works when I have a PC in front of me already.
-
@aliceif said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion
Nice categorization:
To view the edit history and find out the butt that put it there.
-
@aliceif said in How can this be so wrong??? (AKA the Discopocalypse thread):
@RaceProUK said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
What are the rules for valid TLDs though?
If you're checking anything more than 'at least two letters', you're
Can't you just use a library?
The solution would be a TLD CDN.
-
@NedFodder but what's the TLD of the CDN?
-
@Jaloopa
Quick! We need to string together $200k inbribe moneyapplication fees for the .CDN tld. And then we can make a Discoransom reselling the true authoritative CDN services.
-
@izzion Only as long as the results of said services are based on TDWTF memes.
-
@abarker All-Mr.-Burns avatar CDN?
Awesome idea!
-
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@aliceif said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion
Nice categorization:
To view the edit history and find out the butt that put it there.
It was @spriteclad (the one with the simpsons avatar), back in 2015.
-
@Zecc and domains can have accents now, don't they?
-
Hey, I could register firstname.co in namecheap (considering my firstname has an accent)
-
@fbmac said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Zecc and domains can have accents now, don't they?
Only those where the TLD supports IDN
-
@Yamikuronue said in How can this be so wrong??? (AKA the Discopocalypse thread):
For almost a year now, we’ve been doing something that’s considered quite risky for an open source project: Paying contributors.
Le gasp! You mean, you'd consider sharing some of the money you get from selling a product with the people who contribute to it? How revolutionary! Next you'll be offering them paid vacation days!
: "It's fine to contribute by spreading the word about Discourse, it's also most excellent to contribute by running a real live Discourse community and providing feedback!"
: Oh really?
-
@DoctorJones To paraphrase something Henry Ford didn't say:
You can leave any feedback you like, as long as it's good.
-
@RaceProUK said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
What are the rules for valid TLDs though?
If you're checking anything more than 'at least two letters', you're
Well, you could download and parse http://data.iana.org/TLD/tlds-alpha-by-domain.txt
-
I wish there was a better way of finding whois behind a certain domain.
-
@RaceProUK said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
What are the rules for valid TLDs though?
If you're checking anything more than 'at least two letters', you're
If you're checking for "at least two letters", you're .
According to RFC 3696, any portion of a name (including a TLD) may be as short as a single character. RFCs 952, 1035, 1125, and 2181 indicate that names segments may consist of letters, numbers, and hyphens, as long as hyphens are neither the first nor the last character in a given portion of the name (it's even more complicated, but that's the basics). TLDs have only one additional condition that does not apply to other name portions: they may not be purely numeric. I think I also saw something indicating that the max length of a TLD was 24 characters, but that may be wrong.
-
@abarker I've yet to see a one-letter TLD, but I'll bear it in mind ;)
-
@RaceProUK said in How can this be so wrong??? (AKA the Discopocalypse thread):
@abarker I've yet to see a one-letter TLD, but I'll bear it in mind ;)
Just because none have yet been issued, doesn't mean that they can't be issued. :P
-
It's an administrative setting. Why even validate it? If the admin puts garbage there, they're the one who's going to end up with broken shit.
-
@Maciejasjmj said in How can this be so wrong??? (AKA the Discopocalypse thread):
It's an administrative setting. Why even validate it? If the admin puts garbage there, they're the one who's going to end up with broken shit.
Because the preferred Discosolution is always one which both stops the user entering invalid and valid information.
JeffCo™ know best.
-
This post is deleted!
-
This post is deleted!
-
@Maciejasjmj said in How can this be so wrong??? (AKA the Discopocalypse thread):
It's an administrative setting. Why even validate it? If the admin puts garbage there, they're the one who's going to end up with broken shit.
On the other hand, entering valid garbage might allow the administrator to run Discourse, and worse, the administrator's users to (try to) use Discourse. Ain't nobody deserves that.
-
This post is deleted!
-
@abarker said in How can this be so wrong??? (AKA the Discopocalypse thread):
According to RFC 3696, any portion of a name (including a TLD) may be as short as a single character.
I went to see what they said: https://tools.ietf.org/html/rfc3696#section-2
Any characters, or combination of bits (as octets), are permitted in DNS names.
However, there is a preferred form that is required by most applications. This preferred form has been the only one permitted in the names of top-level domains, or TLDs. In general, it is also the only form permitted in most second-level names registered in TLDs, although some names that are normally not seen by users obey other rules.
It derives from the original ARPANET rules for the naming of hosts (i.e., the "hostname" rule) and is perhaps better described as the "LDH rule", after the characters that it permits.The LDH rule, as updated, provides that the labels (words or strings separated by periods) that make up a domain name must consist of only the ASCII alphabetic and numeric characters, plus the hyphen.
No other symbols or punctuation characters are permitted, nor is blank space. If the hyphen is used, it is not permitted to appear at either the beginning or end of a label.
There is an additional rule that essentially requires that top-level domain names not be all-numeric.
^Added line breaks to increase legibility a bit.
-
Further down on that same section of RFC 3696 they say
There is a long history of applications moving beyond the "one or more periods" test in an attempt to verify that a valid TLD name is actually present. They have done this either by applying some heuristics to the form of the name or by consulting a local list of valid names. The historical heuristics are no longer effective. If one is to keep a local list, much more effort must be devoted to keeping it up-to-date than was the case several years ago.
It is likely that the better strategy has now become to make the "at least one period" test, to verify LDH conformance (including verification that the apparent TLD name is not all-numeric), and then to use the DNS to determine domain name validity, rather than trying to maintain a local list of valid TLD names.
So there you have it.
Also:
A DNS label may be no more than 63 octets long. This is in the form actually stored; if a non-ASCII label is converted to encoded "punycode" form (see Section 5), the length of that form may restrict the number of actual characters (in the original character set) that can be accommodated. A complete, fully-qualified, domain name must not exceed 255 octets.
Edit to add: In case it wasn't clear from the quotes in these two posts, LDH stands for "letters, digits, hyphens".
-
-
@Tsaukpaetra 1GB? Of disk space, maybe.
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra 1GB? Of disk space, maybe.
Yeah, it's hard enough to run an OS on that much RAM, let alone applications!
-
Support... at the speed of Discourse.
-
@izzion The classic "leave it a year and see if it magically fixed itself" fix.
-
@abarker said in How can this be so wrong??? (AKA the Discopocalypse thread):
I think I also saw something indicating that the max length of a TLD was 24 characters, but that may be wrong.
That might be an advisory limit, more related to the software that people used to use than anything critical. Expect it to be quietly got rid of in order to allow people to EMOJI ALL THE THINGS (or at least support non-western alphabets better). And punycode is just a terrible encoding scheme.
-
@dkf said in How can this be so wrong??? (AKA the Discopocalypse thread):
And punycode is just a terrible encoding scheme.
Oh, come on. It's not that bad.
Said nobody. Ever.
Filed Under: xn--discopdia-l3a.net
-
@izzion I might be missing something here... but why is that a PUT call?
-
@AlexMedia by suspending a user you are effectively changing an existing entity, not creating a new one.
-
https://meta.discourse.org/t/file-upload-permissions/58558
Discourse! Where we apply "screen door on an airlock" level protection to your data!
-
@izzion Same happens with NodeBB: images in the Lounge can be accessed without logging in.
I think the same issue applies to all forums, regardless of software package.
-
An oldie that's been re-opened and is still a
goodiebaddie. Apparently tokens and cookies are hard, so just goes logging. And accepting pretty much whatever cookie your browser feels like sending.