Fight about discourse here
-
@sockpuppet7 realistically, anyone with permissions to access the database and/or filesystem could read private messages between any of the users. Not many systems would even bother to try to prevent this by obfuscating the messages, because the admin could still manage to deobfuscate them with reasonably trivial effort, unless the user supplied some key that the admin wouldn't have -- a password -- and then, their messages would become permanently unreadable should they ever forget their password, because there'd be no way to decrypt them without it.
However, even though it can be done, there's a reasonable expectation that they don't.
-
If you don't trust the mods not to read your pm don't post on that forum
Or do what we did: strip the mod of his power; mock and ridicule him; and then finally ditch the entire forum software.
Yes, everyone knows admins CAN read pms. And yes, you need to trust that they won't (for non-admin reasons). Which is why when a admin DOES do it, it's a grossly negligent breach of trust that cannot be repaired, and proof that the admin isn't capable of carrying out his duties responsibly.
Jeff.
-
@anotherusername I wish he'd actually come into the garage.
-
@pie_flavor said in Fight about discourse here:
@anotherusername I wish he'd actually come into the garage.
You're a Discodev, so just move the post into a different topic without permission.
-
@lorne-kates said in Fight about discourse here:
As long as it annoys Pliable Flavor, it'll never get old
Save it for PMs then?
-
@pie_flavor said in Fight about discourse here:
@anotherusername I wish he'd actually come into the garage.
The Garage didn't exist at the time.
-
@heterodox That was in the present tense, not past. English is stupid.
-
@pie_flavor said in Fight about discourse here:
@karla It was relevant to the song..
I still don't get it. Can you ELI5? I mean I know the lyrics of the song but the image is chaotic (I don't have patience with chaos) with seemingly to me unrelated phrases.
Also, text too tiny too read easily...fuck you get off my lawn.
-
@Karla Some guy came across a post on 4chan that was about him. He has only one song in his iTunes library, and the original post said he had listened to it >30k times. He said that it was still the case, and someone else challenged him to prove it. So he posted a new screenshot of his iTunes library. It still has only that one song, and the "times played" count was nearing 65k. His reason was "I like the song."
-
@djls45 said in Fight about discourse here:
@Karla Some guy came across a post on 4chan that was about him. He has only one song in his iTunes library, and the original post said he had listened to it >30k times. He said that it was still the case, and someone else challenged him to prove it. So he posted a new screenshot of his iTunes library. It still has only that one song, and the "times played" count was nearing 65k. His reason was "I like the song."
And the relevance to @karla's post is that the song was In The End by Linkin Park
-
@anotherusername said in Fight about discourse here:
@sockpuppet7 said in Fight about discourse here:
@ben_lubar said in Fight about discourse here:
@topspin said in Fight about discourse here:
Just reading about "infiniscroll" makes me want to channel my inner blakey
I want someone to make a forum software that uses normal pages but supports "infiniscroll" in the sense that you can keep scrolling in the negative space on all four sides of the page indefinitely.
Like this?
Is it just me, or is pasting totally broken?
Must be you. I pasted an ASCII art boomzilla yesterday.
-
@anotherusername said in Fight about discourse here:
Not many systems would even bother to try to prevent
Yes, but Discourse puts your pm visible to mods in your profile, just as normal posts, and they are proud of that. There are mods complaining they accidentally saw things they didn't plan too, that's absurd.
It should at least be work to read PMs. That will be safe enough for forums were the staff avoid work.
-
@sockpuppet7 said in Fight about discourse here:
@anotherusername said in Fight about discourse here:
Not many systems would even bother to try to prevent
Yes, but Discourse puts your pm visible to mods in your profile, just as normal posts, and they are proud of that. There are mods complaining they accidentally saw things they didn't plan too, that's absurd.
It should at least be work to read PMs. That will be safe enough for forums were the staff avoid work.
What the actual fuck?!
There's a huge difference between "the admin has database access so it's physically impossible to prevent him reading PMs" (unless you implement some encryption) and "the mods actually do read your PMs, so make that available in the GUI". Just because you can abuse your users doesn't mean you should.
-
@topspin Discourse has "click a single "impersonate" button in the user's profile and become that user including unfettered access to all of their PMs." The justification was that it made it easier to reproduce bugs; can't reproduce it on your own account, no problem. (Obviously, only admins can use this feature. And it's all logged, but you'd have to be another admin to view the activity log.)
Also, at the time at least, there was no way to un-impersonate someone -- you had to log off completely in order to stop being them.
Fun fact, when @end self-banned he actually used this impersonate feature to become a different admin. Discourse doesn't let you ban yourself. But while you're impersonating another admin, you can ban yourself.
-
@anotherusername Admins can also go into a user's profile and see their messages right there. And according to that link upthread, if a
PM somewhere has a link to a thread, that thread will have an incoming link icon from thePM
-
@anotherusername said in Fight about discourse here:
@topspin Discourse has "click a single "impersonate" button in the user's profile and become that user including unfettered access to all of their PMs." The justification was that it made it easier to reproduce bugs; can't reproduce it on your own account, no problem. (Obviously, only admins can use this feature. And it's all logged, but you'd have to be another admin to view the activity log.)
He said he doesn't need to impersonate you to read your PMs, it is shown for staff right there on your profile.
-
@jaloopa said in Fight about discourse here:
@djls45 said in Fight about discourse here:
@Karla Some guy came across a post on 4chan that was about him. He has only one song in his iTunes library, and the original post said he had listened to it >30k times. He said that it was still the case, and someone else challenged him to prove it. So he posted a new screenshot of his iTunes library. It still has only that one song, and the "times played" count was nearing 65k. His reason was "I like the song."
And the relevance to @karla's post is that the song was In The End by Linkin Park
Original TDWTF thread here:
https://what.thedailywtf.com/topic/13281/guy-plays-the-same-song-over-60-000-times-i-like-the-song
-
@sockpuppet7 said in Fight about discourse here:
@anotherusername said in Fight about discourse here:
Not many systems would even bother to try to prevent
Yes, but Discourse puts your pm visible to mods in your profile, just as normal posts, and they are proud of that. There are mods complaining they accidentally saw things they didn't plan too, that's absurd.
It should at least be work to read PMs. That will be safe enough for forums were the staff avoid work.
Fun discostory:
When you flag something on discourse it creates a PM (of course after the fracas above they removed the P since they weren't so private, but that's still what everyone calls them) between the flagger and the moderators. We had a lot of these. I also had "regular" PMs. In any case, I had a lot of PMs. Going to my PMs in my profile would regularly cause the server to time out trying to load them all. Some days I couldn't get in there at all.
-
@anotherusername said in Fight about discourse here:
Fun fact, when @end self-banned he actually used this impersonate feature to become a different admin.
Omg I so hope he impersonated Sam and Sam impersonated Jeff, and they were online with each other, fingers poised over the mouse button, all "okay, we do this together" all suicide-pact style.
-
@djls45 said in Fight about discourse here:
@Karla Some guy came across a post on 4chan that was about him. He has only one song in his iTunes library, and the original post said he had listened to it >30k times. He said that it was still the case, and someone else challenged him to prove it. So he posted a new screenshot of his iTunes library. It still has only that one song, and the "times played" count was nearing 65k. His reason was "I like the song."
Aaahh, my fault for looking for some meaningful connection.
INB4: YMBNH
-
@pie_flavor said in Fight about discourse here:
Wish NodeBB had infiniscroll that fucking worked at all, but it doesn't.
WOMM
There's still some jellypotato caused by images, but way less than it was on Discourse back in the day.
-
@anotherusername said in Fight about discourse here:
Also, at the time at least, there was no way to un-impersonate someone -- you had to log off completely in order to stop being them.
Maybe I'm mistaken, but didn't it also work that if an admin logged off while impersonating a user, it also disconnected that user?
-
@mott555 IIRC, it invalidated any active auth tickets that user had, i.e. it'd log you out of all of your devices, and you'd need to log into each of them again.
Fucking clown shoes.
-
@sockpuppet7 said in Fight about discourse here:
Someone uptopic commented about wood reading pms, here is something he said about it:
https://meta.discourse.org/t/impersonation-and-reading-private-messages/8485
The answers following that link are interesting. And he didn't ban the people that opposed him.
But he did admit that they only removed the UI feature for mods to read PMs and that they were still allowed to do so:
https://meta.discourse.org/t/impersonation-and-reading-private-messages/8485/34
User: "Really? As I’m fairly certain I can.
I just open one of my PMs, and then change the last 3 digits in the URL and I can get to other PMs (with some guessing)."
:@end: "Different issue. Via the UI, it is not possible."
Security by obscurity at its finest.
-
@anotherusername said in Fight about discourse here:
@sockpuppet7 realistically, anyone with permissions to access the database and/or filesystem could read private messages between any of the users. Not many systems would even bother to try to prevent this by obfuscating the messages, because the admin could still manage to deobfuscate them with reasonably trivial effort, unless the user supplied some key that the admin wouldn't have -- a password -- and then, their messages would become permanently unreadable should they ever forget their password, because there'd be no way to decrypt them without it.
However, even though it can be done, there's a reasonable expectation that they don't.
Yes, but you should not make it as easy as two clicks from the UI. On Discourse you go to a users profile and there is a Messages tab and you click on that and you can read all of their PMs. That is bad enough, but they do not tell users of that. It should be in the TOS when you sign up for a forum and it should be a toaster or modal dialog notification at least on the first PM that you send. I would also like to see some sort of notification to the user that an admin read the PM.
The way Discourse handles it is ludicrous.
-
@lorne-kates said in Fight about discourse here:
Yes, everyone knows admins CAN read pms. And yes, you need to trust that they won't (for non-admin reasons). Which is why when a admin DOES do it, it's a grossly negligent breach of trust that cannot be repaired, and proof that the admin isn't capable of carrying out his duties responsibly.
What about if they like posts in PMs they are not explicitly a party of?
-
@anotherusername said in Fight about discourse here:
Discourse has "click a single "impersonate" button in the user's profile and become that user including unfettered access to all of their PMs." The justification was that it made it easier to reproduce bugs; can't reproduce it on your own account, no problem. (Obviously, only admins can use this feature. And it's all logged, but you'd have to be another admin to view the activity log.)
That is not necessary for a Discourse admin to read a user's PMs. It is right in their profile without impersonation.
Also, unless something has changed then the reading of PMs and impersonation of users is not logged.
-
@polygeekery said in Fight about discourse here:
@lorne-kates said in Fight about discourse here:
Yes, everyone knows admins CAN read pms. And yes, you need to trust that they won't (for non-admin reasons). Which is why when a admin DOES do it, it's a grossly negligent breach of trust that cannot be repaired, and proof that the admin isn't capable of carrying out his duties responsibly.
What about if they like posts in PMs they are not explicitly a party of?
See: creepy trust breaking fuckturd
-
@polygeekery said in Fight about discourse here:
@lorne-kates said in Fight about discourse here:
Yes, everyone knows admins CAN read pms. And yes, you need to trust that they won't (for non-admin reasons). Which is why when a admin DOES do it, it's a grossly negligent breach of trust that cannot be repaired, and proof that the admin isn't capable of carrying out his duties responsibly.
What about if they like posts in PMs they are not explicitly a party of?
I'd file that under advanced trollery.
Much better than having @wood read your PMs without you knowing, he reads it and gives you a like "awe, look at you, thinking you're having a private conversation here ".
-
realistically, anyone with permissions to access the database and/or filesystem could read private messages between any of the users.
But that is the owner of the machine + sysadmin.
A mod is just someone who is given some ability to edit posts on a forum, they should not have the permission to view the database.
-
@polygeekery said in Fight about discourse here:
What about if they like posts in PMs they are not explicitly a party of?
IIRC, this is what happened to me on meta.d.
I'd check that it's not just my memory playing tricks on me, but I'm no longer welcome there...
-
@onyx I knew it happened to at least one person on here or on meta.d.
-
@lorne-kates said in Fight about discourse here:
@anotherusername said in Fight about discourse here:
Fun fact, when @end self-banned he actually used this impersonate feature to become a different admin.
Omg I so hope he impersonated Sam and Sam impersonated Jeff, and they were online with each other, fingers poised over the mouse button, all "okay, we do this together" all suicide-pact style.
The way I remembered it, Jeff impersonated Ben's account. But your way is fun too.
-
@anotherusername it was @Paula_Bean
-
@pie_flavor said in Fight about discourse here:
@anotherusername I wish he'd actually come into the garage.
"Highlander! I know you're in here! Show yourself!"
OTOH, he probably has good reason to want to avoid the virtual equivalent of a dark alley in a bad neighborhood that is the territory of a rival street gang.
https://www.youtube.com/watch?v=mWRuka6I7Ng
Filed Under: The better part of valor
-
Just imagine if we were all Jeff's alts instead of @boomzilla's.
Shudder.
-
@onyx said in Fight about discourse here:
@pie_flavor said in Fight about discourse here:
Wish NodeBB had infiniscroll that fucking worked at all, but it doesn't.
WOMM
There's still some jellypotato caused by images, but way less than it was on Discourse back in the day.
I don't know any back in the day. I know Discourse as it was pretty much right when you left it, and it has not even just an infiniscroll but a scroll in general that, when an image or onebox loads, does not get affected in any way. Unlike NodeBB, which when either of those things loads, picks a random direction to scroll in and does so. Discourse has never actually needed an option to load images before loading the page, but I have to keep mine disabled on NodeBB all the time, and that setting doesn't control i.imgur images which is torture.
-
@pie_flavor Discourse used to jellypotatoe out of control when you clicked on a user's avatar to bring up their user card. Or maybe if you clicked on the card. I don't remember exactly but it was
hilariousretarded.
-
@boomzilla Gee, I'd hate if there was jellypotato when a user's card was brought up.
https://i.imgur.com/RxrG9j4.png
And that doesn't happen anymore on Discourse, no.
-
@pie_flavor said in Fight about discourse here:
And that doesn't happen anymore on Discourse, no.
Yes, that was before they booted us for calling them on their nonsense.
-
-
@zecc said in Fight about discourse here:
@anotherusername said in Fight about discourse here:
@sockpuppet7 said in Fight about discourse here:
@ben_lubar said in Fight about discourse here:
@topspin said in Fight about discourse here:
Just reading about "infiniscroll" makes me want to channel my inner blakey
I want someone to make a forum software that uses normal pages but supports "infiniscroll" in the sense that you can keep scrolling in the negative space on all four sides of the page indefinitely.
Like this?
Is it just me, or is pasting totally broken?
Must be you. I pasted an ASCII art boomzilla yesterday.
I guess pasting isn't enabled on the main page.
I tried writing scripts. Apparently they don't like it if you try to write a 16x16 grid in a loop with no delay. Hopefully it's not a permanent ban, because that would be stupid...
edit: it's not permanent, I'm able to load it again. Must have just been a short-term rate limit thing with like a 30-minute cooldown period.
edit2: well a 100 ms delay wasn't enough, and now I'm banned again. I guess next time I'll use 500 ms.
edit3: 500 ms was painfully slow, and still resulted in a ban after ~20 or so characters written. The writes are working, but somehow it's not liking them and it's not actually doing anything until a number of them in a row. Maybe there's some other socket negotiation that's supposed to happen.
edit4: I have discovered a secret incantation to get it to actually accept fake keypresses, which works just so long as a reasonable inter-character timeout is used.
I have also discovered a secret incantation to make it scroll the window by a desired amount, but that one requires having access to a local variable in the code that you really shouldn't have access to, but which you can sneakily get access to by creating a breakpoint in the debugger and assigning the local variable to a global one while the script is stopped at the breakpoint. Because apparently that's something you can do.
-
@zecc said in Fight about discourse here:
Must be you. I pasted an ASCII art boomzilla yesterday.
For those who can't be arsed to go look for it...
-
@doctorjones I
canshould only claim credit for the avatar. The text below wasn't put by me.
-
I finally got a script that works, doesn't get banned, and isn't a PITA.
-
@anotherusername said in Fight about discourse here:
I finally got a script that works, doesn't get banned, and isn't a PITA.
-
I should really find something else to shitpost. Trump is getting boring.
-
@anotherusername said in Fight about discourse here:
I should really find something else to shitpost.
Here you go:
-
Our page was kinda bare.
-
Why are we fighting about Dicksores? Are we going back to it?