:fa_bullhorn: The sound of AN ANNOUNCEMENT BEING MADE (or: Request for Comments: Comments)
-
reCAPTCHA is basically:
- Check a box that says "I'm not a robot".
- If it still thinks you're a robot, click on the pictures of turkeys or whatever it says to do. Or type in a 4 digit number that's on the side of someone's house.
- Congratulations, you are not a robot.
If you'd prefer to not have to solve a checkbox, you can log in with your forum account or (possibly) Google or Facebook account.
-
If you'd prefer to not have to solve a checkbox, you can log in with your forum account or (possibly) Google or Facebook account.
There should still be a minimum threshold of trust before bypassing the CAPTCHA. Someone can manually create a forum account, then give it over to a spambot. And I don't 100% trust Google or Facebook to not allow spammers to mass create accounts.
I dunno, if they post 5 CAPTCHA posts and aren't killed by a mod, then 24 hours after the 5th post they get "TL1 (no captcha)".
-
I'm pretty sure both Google and Facebook require some sort of captcha when creating an account, and the requirements include "mass delete comments made by user/ip", so having a bot running off an account is pretty simple to clean up after.
-
@Lorne_Kates said:
If you have a better system for spam-prevention, this is a RFC thread.
Use Dicsourse, of course. Not only is it impossible to write a spambot for Dicsourse, its endemic performance issues mean that it's also impossible to spam.
<belm />
-
We're not trying to make spam impossible. We're just trying to make it hard to do it automatically and easy to clean it up.
-
We're just trying to make it hard to do it automatically and easy to clean it up.
*cough* Akismet *cough*
-
You mean the thing that caused a bunch of valid TDWTF front page comments to have to be edited because they were "invalid"?
-
You mean the thing that caused a bunch of valid TDWTF front page comments to have to be edited because they were "invalid"?
aye, that's the thing.
You want it hard to spam, akismet is you r friend.
you want actuall discussion..... that's not akismet's problem
-
I'm not all that concerned with spam, since the comments have nofollow on every link and don't allow arbitrary HTML. The spambots aren't going to gain much apart from having their comments deleted.
-
I'm not all that concerned with spam,
then why captcha? that only serves to annoy real users and only serves to actually block the most stupid of bots. any targeted bot is going to waltz right through your captcha anyway
-
It's a checkbox. If you can't check a checkbox, you probably shouldn't be commenting on TDWTF. This isn't one of those captchas that look like someone tried to render the LaTeX logo with a corrupted font and then ran it through some clown vomit.
-
If you can't check a checkbox, you probably shouldn't be commenting on TDWTF.
this is not a customer focused attitude.
every barrier you put in front of posting, even if it is only a bloody checkbox, will cause annoyance you your users, it will cause at least some of them to go "fuck this!" and leave, it WILL degrade the user experience.
sometimes it's necessary, sometimes it isn't, but you should NEVER have the attitude "if they can't do this simple thing then the don't deserve my product" because that is not an attitude that will serve your clients, that is not an attitude that will foster an open community of discussion.
And not just because of this one little design decision, but because that attitude will leak into a thousand, tens of thousands of tiny little design decisions that will server to alienate and disenfranchise your users, eventually driving them away completely.
as a designer, as an architect, as a programmer in any capacity, you must think of the customer first, of their needs, of their wants, of their experience and optimize for them. How easy it is for you to work with as a developer or as an admin means nothing if the users won't come and use it. If you think of yourself first you will drive them away so all you have left is an echo chamber, if you think of the user first then you will serve their needs andbring them in.
even when you are designing something that will annoy the users, such as this captcha, you must weigh the benefits, against the negatives. Does the benefit of having the captcha outweigh the users annoyance witht eh captcha? is this especially true for the end users?
these are the sort of thoughts you shoould be having when making these decisions, not:
It's a checkbox. If you can't check a checkbox, you probably shouldn't be commenting on TDWTF. This isn't one of those captchas that look like someone tried to render the LaTeX logo with a corrupted font and then ran it through some clown vomit.
because thoughts like that will cause your project to fail your users.
-
every barrier you put in front of posting, even if it is only a bloody checkbox
The barrier was "create a Discourse account", now it's "click a checkbox". I think that's an improvement.
-
The barrier was "create a Discourse account", now it's "click a checkbox".
this is correct.It also completely misses my point.
-
https://tdwtf.local.lubar.me/articles/comments/Enter_The_Matrix/2#comment-26
Go ahead, leave a reply. See how simple it is to click the checkbox?
-
@NedFodder said:
The barrier was "create a Discourse account", now it's "click a checkbox".
this is correct.It also completely dismisses my point.
-
I should design a captcha where users have to successfully play dwarf fortress for 5 minutes.
-
See how simple it is to click the checkbox?
you don't get it, do you?
that ATTITUDE will not serve your users!
thinking "it's so simple" or "they can just" is a TRAP! If you design with these sorts of thoughts in your head then you are FAILING your users.
Is reCaptcha the correct solution? fuck if i know, what i do know is that attitude is wrong!
you design from the point of view of your users, you create authentication, antispam, filtering, even the damn layout from the point of view of your users!
you implement reCaptcha if it serves your users best, not because of "how simple it is to click the checkbox"!
-
you
implementupdate reCaptcha to the latest versionWe're already using it on all of the forms on thedailywtf.com:
-
This is only being applied to unauthenticated users. Having to read spam is likely more annoying to users than clicking a checkbox.
-
The spambots aren't going to gain much apart from having their comments deleted.
What's the mechanism for that?
-
Is reCaptcha the correct solution? fuck if i know, what i do know is that attitude is wrong!
It seems like you're completely ruling out any sort of a trade off. What I know is that attitude is wrong.
-
Checkboxes that support shift-click to select a range and a mass delete button, as well as pages for comments per user/IP/article.
-
Who does that? How do these get identified?
-
It's admin-only in the requirements. I don't see spam comments being a huge problem, but if they are, we can implement a "report" function or whatever.
-
It seems like you're completely ruling out any sort of a trade off.
when did i say that?
when i said this:
you implement reCaptcha if it serves your users best, not because of "how simple it is to click the checkbox"!
or this:
even when you are designing something that will annoy the users, such as this captcha, you must weigh the benefits, against the negatives. Does the benefit of having the captcha outweigh the users annoyance witht eh captcha? is this especially true for the end users?
because that does not give me the impression that compromise and trade offs are off the table
-
First impressions:
- The Reply button underneath a comment doesn't do anything
- DiscoNumbering: comment #1 is followed by comment #3. What happened to comment #2?
- After clicking the little #123 besides a comment, followed by scrolling down and entering something at the bottom of the page without checking the "I am not a robot" checkbox, I am jellypotatoed to the middle of the page.
- After re-submitting the comment (with the CAPTCHA checked), I am jellypotatoed to the comment I had selected before.
- Once a comment has been posted, no visual indication is given that my action succeeded. I would either expect to be navigated to my newly posted comment, or get some other visual feedback to indicate success.
- UI does not clearly state the purpose of the input fields, nor does it give any indication about which fields are required, or what emoji and/or markup is/are allowed (if any)
- The textarea should grow to accomodate user content
- I can't seem to get a preview of what I am posting, edit/delete functionality also seems to be missing?
- When browsing to page 2, the header reads "Article Comments (Viewing 8 of 28 comments)" yet the last comment is #29
- Pagination could use some serious UI improvements as it is now not obvious enough that there are more pages, see Bootstrap's pagination for an example.
-
1. The Reply button underneath a comment doesn't do anything
It actually does set the parent comment ID, but that's not displayed anywhere yet.2. DiscoNumbering: comment #1 is followed by comment #3. What happened to comment #2?
Comment #2 is on a different article. The comment IDs are global.3. After clicking the little #123 besides a comment, followed by scrolling down and entering something at the bottom of the page without checking the "I am not a robot" checkbox, I am jellypotatoed to the middle of the page.
Yeah, I need to fix that.4. After re-submitting the comment (with the CAPTCHA checked), I am jellypotatoed to the comment I had selected before.
Yeah, I need to fix that.5. Once a comment has been posted, no visual indication is given that my action succeeded. I would either expect to be navigated to my newly posted comment, or get some other visual feedback to indicate success.
Yeah, I need to fix that.6. UI does not clearly state the purpose of the input fields, nor does it give any indication about which fields are required, or what emoji and/or markup is/are allowed (if any)
I am not good designer.7. The textarea should grow to accomodate user content
Yeah, I need to fix that.8. I can't seem to get a preview of what I am posting, edit/delete functionality also seems to be missing?
E_NOT_YET_IMPLEMENTED9. When browsing to page 2, the header reads "Article Comments (Viewing 8 of 28 comments)" yet the last comment is #29
There are 28 comments on this article and one other comment on another article that was made before the last comment on this article. See also: #21 above.10. Pagination could use some serious UI improvements as it is now not obvious enough that there are more pages, see Bootstrap's pagination for an example.
Yeah, I need to fix that.
I am not good designer.
-
@AlexMedia said:
1. The Reply button underneath a comment doesn't do anything
It actually does set the parent comment ID, but that's not displayed anywhere yet.
Ah, good. So work in progress.How do you imagine this showing up in the UI in the end? Threaded convo's, or like how Discourse does it?
@ben_lubar said:@AlexMedia said:
2. DiscoNumbering: comment #1 is followed by comment #3. What happened to comment #2?
Comment #2 is on a different article. The comment IDs are global.
That makes no sense from an end-user point of view.@AlexMedia said:
3. After clicking the little #123 besides a comment, followed by scrolling down and entering something at the bottom of the page without checking the "I am not a robot" checkbox, I am jellypotatoed to the middle of the page.
Yeah, I need to fix that.4. After re-submitting the comment (with the CAPTCHA checked), I am jellypotatoed to the comment I had selected before.
Yeah, I need to fix that.5. Once a comment has been posted, no visual indication is given that my action succeeded. I would either expect to be navigated to my newly posted comment, or get some other visual feedback to indicate success.
Yeah, I need to fix that.
Alright
@AlexMedia said:
6. UI does not clearly state the purpose of the input fields, nor does it give any indication about which fields are required, or what emoji and/or markup is/are allowed (if any)
I am not good designer.
In that case, you could take a look at how the folks of Bootstrap worked this out.
@ben_lubar said:@AlexMedia said:
7. The textarea should grow to accomodate user content
Yeah, I need to fix that.8. I can't seem to get a preview of what I am posting, edit/delete functionality also seems to be missing?
E_NOT_YET_IMPLEMENTED
Ok
@ben_lubar said:@AlexMedia said:
9. When browsing to page 2, the header reads "Article Comments (Viewing 8 of 28 comments)" yet the last comment is #29
There are 28 comments on this article and one other comment on another article that was made before the last comment on this article. See also: #21 above.
See also my response.
@ben_lubar said:@AlexMedia said:
10. Pagination could use some serious UI improvements as it is now not obvious enough that there are more pages, see Bootstrap's pagination for an example.
Yeah, I need to fix that.
I am not good designer.That's okay, neither am I. That's why Bootstrap (or similar tools) can make for a good start. People who are designers have given those topics some thought.
Also: Fuck DiscoMarkdown not continuing the numbering sequence.
Also 2: Fuck DiscoMarkBbCodeDownHtml for not dealing with nested quotes well...
-
@Lorne_Kates said:
.Net tends to completely shit itself when using anything wysiwyg.
Whaaa?
You mean when you're submitting HTML snippets to a server? Yeah, that's on purpose. It's a security feature.
@Lorne_Kates said:
Maybe .Net 4+ is better at detecting actually "potentially dangerous" requests.
I doubt the algorithm has changed.
-
It's a security feature.
I can totally see how you'd need a "security feature" that prevents you from posting text with less than and greater than in it on a system that has automatic HTML encoding of strings.
-
Fun fact, the PHP implementation of reCaptcha is a bloated warthog mess and I replaced it when implementing it in our platform with a class I made that does everything (output the thing, validate the thing) in about 100 lines of PHP.
-
I can totally see how you'd need a "security feature" that prevents you from posting text with less than and greater than in it on a system that has automatic HTML encoding of strings.
Then good news: if you don't want it, you can turn it off and stop whining about it.
-
100 lines? The C# implementation I made is a quarter of that.
-
I already turned it off. Can I keep whining, though?
-
There's platform specific boilerplate and documentation on my methods too.
-
WtfWebApp/TheDailyWtf/Common/WtfControllerBase.cs at 515303cfffaa4b95d94150586d072a5a18c8629e ยท tdwtf/WtfWebApp
The Daily WTF Website. Contribute to tdwtf/WtfWebApp development by creating an account on GitHub.
-
Can I keep whining
Sure ... but would you mind starting a new topic so that I can mute it?
-
I can't just post mine, it would require some rewriting to anonymise it. Besides it's not my intellectual property.
Oh, and it does more than yours, as it also deals with displaying the widget in the right place too.
-
A potentially dangerous Request.Form value was detected from the client (body="<div class="fa-spin"...").
Oh hey, I'm in the logs! Hi mom!
A div with a class is "dangerous" enough to throw a 500, though?
-
If you'd prefer to not have to solve a checkbox, you can log in with your forum account or (possibly) Google or Facebook account.
But - what about GitHub, or Twitter? Yahoo?
-
https://tdwtf.local.lubar.me/articles/comments/Enter_The_Matrix/2#comment-26
Go ahead, leave a reply. See how simple it is to click the checkbox?
What, if anything, is supposed to visually happen when I click on these Reply buttons?
Edit: Ignore this - see it was answered later on..
-
Nothing visually happens right now, but it does get saved in the database. I'm planning to do something like how Community Server had "in reply to" in the upper right corner of posts.
Edit: Ignore this
-
If the StackOverflow answer I found is to be believed, just
<dis enough to set off the alarms. Heck, just&#is enough. And this is on a system that automatically escapes HTML that you print from a string.
-
@ben_lubar said:
@AlexMedia said:
1. The Reply button underneath a comment doesn't do anything
It actually does set the parent comment ID, but that's not displayed anywhere yet.
Ah, good. So work in progress.How do you imagine this showing up in the UI in the end? Threaded convo's, or like how Discourse does it?
Something similar to the old system.
@ben_lubar said:
@AlexMedia said:
2. DiscoNumbering: comment #1 is followed by comment #3. What happened to comment #2?
Comment #2 is on a different article. The comment IDs are global.
That makes no sense from an end-user point of view.
It'll be easier once there are a lot of articles. Or should I get rid of the comment number and make the timestamp a link?@ben_lubar said:
@AlexMedia said:
6. UI does not clearly state the purpose of the input fields, nor does it give any indication about which fields are required, or what emoji and/or markup is/are allowed (if any)
I am not good designer.
In that case, you could take a look at how the folks of Bootstrap worked this out.
Inedo employs at least one designer, so I'll ask him after I get the basic features working.@ben_lubar said:
@AlexMedia said:
9. When browsing to page 2, the header reads "Article Comments (Viewing 8 of 28 comments)" yet the last comment is #29
There are 28 comments on this article and one other comment on another article that was made before the last comment on this article. See also: #21 above.
See also my response.
See also my response.@ben_lubar said:
@AlexMedia said:
10. Pagination could use some serious UI improvements as it is now not obvious enough that there are more pages, see Bootstrap's pagination for an example.
Yeah, I need to fix that.
I am not good designer.That's okay, neither am I. That's why Bootstrap (or similar tools) can make for a good start. People who are designers have given those topics some thought.
Also: Fuck DiscoMarkdown not continuing the numbering sequence.
Also 2: Fuck DiscoMarkBbCodeDownHtml for not dealing with nested quotes well...
Discourse wasn't made to be used.
-
It'll be easier once there are a lot of articles. Or should I get rid of the comment number and make the timestamp a link?
That would only make it worse as the comment ID would not relate to the article whatsoever. Either print the logical number ("this is comment 4 of 7", but then you'll have to figure out a way to handle deletes without breaking references) or print the timestamp instead.
-
The comment ID should be globally unique and not tied directly to any useful information like timestamp or relative position on the page.
If Discourse used the comment ID correctly, then maybe things like notifications would actually work if your comment wasn't in the same thread as it was when the notification was generated.
-
The comment ID should be globally unique and not tied directly to any useful information like timestamp or relative position on the page.
The comment ID is already globally unique. Attaching it to the timestamp was just a UI idea, similar to what GitHub does on issue comments.
-
I know there's a unique comment ID, because the database probably requires it to be so. My point is, that unique ID should be used everywhere that you might need to uniquely identify it.
The UI can display timestamps or whatever, but the anchor (and links) should refer to it by its ID.
Ideally, the system should be able to figure out which thread a comment belongs to and redirect you so that disco-style broken links don't happen. Assuming that comments can move, and depending on the user's ability to see the topic it's in afterward.
-
I know there's a unique comment ID, because the database probably requires it to be so. My point is, that unique ID should be used everywhere that you might need to uniquely identify it.
The UI can display timestamps or whatever, but the anchor (and links) should refer to it by its ID.
Exactly. Don't show internal IDs to end users if they don't make sense.
