"Just supply a PR"



  • Remember we are a native JS app using the Ember.js framework which a lot of developers complain about as exceedingly complex. On top of that, we have a very deep Ruby back end as well + Redis + Postgres and all the "magic" that goes with the Ruby/Rails pipeline. Many developers that approach our code can't get a handle on it and walk away due to its high level of overall complexity.

    Just leaving this here...


  • Winner of the 2016 Presidential Election

    Wait, is this an actual thing the Discourse-Team says?

    How are devs supposed to write plugins if nobody can handle the swag the codebase creates?

    Filed Under: I will doubt this is true until you provide a source / link

    Addendum:
    Google helped: https://meta.discourse.org/t/spambots-from-tor-exit-points-keep-taking-over-my-forum/17454/16



  • I saw this yesterday and was debating posting it here. Do you know what PR stands for as codinghorror used it?



  • @PJH said:

    Ember.js framework which a lot of developers complain

    Topic: Spambots taking over!
    Jeffs response: IT'S SECURE BECAUSE NOBODY CAN CODE FOR IT!

    (looks at OP again)

    I don't think a custom bot was made for discourse.


  • BINNED

    @Matches said:

    Do you know what PR stands for as codinghorror used it?

    Pull request, I'd imagine.

    Also, INB4 "This is Javascript. I know this!". Confirming Ember is confusing as shit after trying to reverse-engineer parts of Discourse on the JS front.



  • Query the last ~100 burned spammer email addresses, ordered by burn date. (We have to cap this in case the spam list gets huge, it might start rejecting real emails.)

    More sage advice from codinghorror, who things 100 spam email addresses is huge, and wouldn't be done by a single spammer in a single session.



  • @Onyx said:

    Pull request, I'd imagine.

    This.


  • SockDev

    And having a codebase that barely anyone understands is better how?


  • BINNED

    To parrot myself, more buzz! Words and otherwise. Just like I bitched about in the Atom thread.

    I don't condemn any of the technologies / frameworks per se. I don't necessarily condemn the products either. It just seems to me some of them were concocted by throwing together as much "cool shit" as possible.

    The use of each component might be valid in it's own right. But the complex web of stuff that connects them all is, IMHO, mostly there not because there's no other solution, but because the creators were adamant on using that specific framework, instead of choosing something more appropriate for their specific intent.


  • Winner of the 2016 Presidential Election

    [quote=sam]At the root though we are a simple JSON API, you don't need to look at any code to figure out how to spam us, just spend and afternoon looking at chrome dev tools and hacking a phantom js script together.[/quote]
    [quote=codinghorror]This is like saying "no problem, just fly your jet plane to the island and it is easy to get there."[/quote]

    Definitly my favourite analogy Jeff has shown so far.

    Filed Under: sigh | I did't even take these quotes out of context... they are just there in this order with nothing in between



  • @Arantor said:

    And having a codebase that barely anyone understands is better how?

    It's too complex for anybody to write a pagination plugin for, obviously!


  • SockDev

    Yes but Jeff is fucking proud of the abomination of spliced-together-ness.


  • :belt_onion:

    That whole topic is a bag of lol.
    Mind-boggling that he seriously thinks that only a human could ever spam his JS via the UI?



  • Wow. I always tried to avoid the "Jeff is TRWTF!" circlejerk, but every response he makes in that thread genuinely makes him look like a moron.

    • "Oh, the spammer is using similar emails? We'll block similar emails. I'm sure he'll never figure out how to bypass THAT! ''
    • "Whoa whoa whoa. What do you mean you can automate email retrieval?! ''
    • "How do we defend from bots then? I know! Add some extra javascript! That always fixes everything ''
    • "No really, spammers will never figure javascript out.''

    And then when everyone else tells him how there is ALREADY a free tool to automate javascript (that I assume takes 30 seconds for a shell script to automatically install on a new server) he basically calls them idiots, and the spammers too.

    Yes this is ancient, ancient news. 99.9% of bots can't do squat with JavaScript even though @ sam and @ eviltrout are constantly telling me how every spammer in the world is able to trivially run phantomjs to execute a browser now.

    (psst.. but they don't, because spammers are idiots. The ones that aren't are rarer than hen's teeth.)

    Nevermind that they actually do that for a living, they would never spend an afternoon learning a new way to spam.

    And the rest of the thread is basically people reinventing anti-spam methods. Detecting spam is one of the most difficult problems there are, why can't they just take another open-source product and see how it does it? Take each post, use bayesian filtering, make suspicious posts require mod approval, profit.



  • The amazing part PJH didn't even mention is that Atwood was providing that little blurb as a positive.

    He literally thinks it's a feature that nobody can work with his shitty code.

    Why the fuck does Alex like this guy? Jesus, Alex.



  • People who use Git assume everybody in the fucking universe uses Git. A PR is a "Pull Request."

    I can't tell you what a "Pull Request" is, since nobody's explained that to me and the GitHub website is about as clear as mud on the subject. All I know is that open source-y projects on Git use "Pull Requests" a lot. Because they're all shitty and horrible.



  • Ok, let's say I have to fart and you're nearby. I can request that you pull my finger to make it really funny.



  • I know what a pull request is, I've just never seen it referred to as a 'PR' in the wild with no context around it. It was among the unexpected, which seems to be par for the course.

    In general I try to avoid bashing Jeff (as a person) and stick strictly to bashing Jeff (stupid ideas) but it's hard when the two seem to be so strongly interlocked. I'm totally fine with overlooking a terrible developer when talking to them - when it relates to general discussion - but come on man!


  • BINNED

    @blakeyrat said:

    I can't tell you what a "Pull Request" is, since nobody's explained that to me and the GitHub website is about as clear as mud on the subject. All I know is that open source-y projects on Git use "Pull Requests" a lot. Because they're all shitty and horrible.

    Ok, with my basic knowledge of git I'm gonna provide my understanding of it. Corrections welcome:

    • copying a repository is called "cloning"
    • after that, you can "commit" changes you make in your local copy
    • you can then "push" changes to your main (usually remote) repository
    • since projects would prefer not having every clown pushing their shit into their code (or vice-versa), you commonly first "fork" the repository, and then "clone" your fork
    • you can "push" into your own fork of the repository, but you can't "push" to the main one
    • so, there's a reverse operation: you can "pull" stuff into the main repository from forks
    • hence, if I make a change and "push" it to my fork, and then want the authors to put it in their main repository, I make a "pull request". If they agree, they can "pull" those changes and now they are in the main repo

    I'm sure I fucked at least something up, but that's how I see it.



  • @Onyx said:

    you can then "push" changes to your main (usually remote) repository

    It's considered a "remote" repository even if it's on the same filesystem.


  • BINNED

    @ben_lubar said:

    It's considered a "remote" repository even if it's on the same filesystem.

    tomato-potato



  • Other fun commands include:

    • cherry-pick which pulls a single commit, possibly from the middle of a series of commits
    • rebase which re-applies your changes onto a different "base" commit
    • rebase -i which gives you an interactive rebase that can merge, edit, or get rid of intermediate commits
    • gc --aggressive which re-packs all of the internal data and gets rid of orphaned commits
    • merge which takes one or more branches and combines them into the current branch


  • @ben_lubar said:

    cherry-pick which pulls a single commit, possibly from the middle of a series of commits

    rebase which re-applies your changes onto a different "base" commit

    rebase -i which gives you an interactive rebase that can merge, edit, or get rid of intermediate commits

    gc --aggressive which re-packs all of the internal data and gets rid of orphaned commits

    By the point I start looking into these, I'm more or less at peace with nuking up everything and copying things manually into a fresh branch.



  • Oh, that reminds me

    • reset --hard if you want to nuke everything

  • SockDev

    The fact that Git seems to require drastic measures like rebasing does not endear me to its reliability.


  • Winner of the 2016 Presidential Election

    I always thought
    rm -rf /
    and
    format c:</code>
    were used to nuke everything. Stupid git and inventing its own things again.

    Filed Under: This is not to be taken seriously, thank you


  • SockDev

    rm -rf / won't nuke everything any more. There's actually an option that's now required if you want to try that. Or you use rm -rf /* instead.


  • :belt_onion:

    It is impossible to create a JS spam bot for dicsourse. So this is clearly not a js spam bot. I'm just a very patient, fast typing, real live human that will need some random #s to get past the lame similar post toaster: 0.9598702841904014


  • :belt_onion:

    It is impossible to create a JS spam bot for dicsourse. So this is clearly not a js spam bot. I'm just a very patient, fast typing, real live human that will need some random #s to get past the lame similar post toaster: 0.3494849894195795


  • :belt_onion:

    It is impossible to create a JS spam bot for dicsourse. So this is clearly not a js spam bot. I'm just a very patient, fast typing, real live human that will need some random #s to get past the lame similar post toaster: 0.6769584147259593


  • :belt_onion:

    Ok i think that's enough...


  • Winner of the 2016 Presidential Election


  • SockDev

    @darkmatter said:

    It is impossible to create a JS spam bot for dicsourse. So this is clearly not a js spam bot. I'm just a very patient, fast typing, real live human that will need some random #s to get past the lame similar post toaster: 0.9598702841904014

    Why does a bot have to do JS?

    I haven't dug into the UI or any of DC's code, and have no desire to, but I see absolutely no reason why the bots can't just send off POSTs simulating the usual requests made to the server. After all, the bots don't normally do anything complicated beyond that...


  • :belt_onion:

    @Arantor said:

    I haven't dug into the UI or any of DC's code, and have no desire to, but I see absolutely no reason why the bots can't just send off POSTs simulating the usual requests made to the server. After all, the bots don't normally do anything complicated beyond that...

    You could do that too.
    It's mainly to point out how ridiculously stupid Jeff's ITS ALL IN TEH JSES NOBODY CAN HAXOR THAT claim is.


  • SockDev

    If his premise weren't already completely retarded, which it is, it also presumes that mass-orchestrated JS spamming can't be a thing because there's no such thing as remote control or anything.



  • @Arantor said:

    The fact that Git seems to require drastic measures like rebasing does not endear me to its reliability.

    The only time I actually had to go nuclear was when I accidentally merged development branch into master and kept coding for another week or two before I found out. I tried all the Ben's fancy options, but in the end, I think I simply did reset --hard to the last good commit and then manually applied the last two weeks of work.


  • SockDev

    @cartman82 said:

    The only time I actually had to go nuclear was when I accidentally merged development branch into master and kept coding for another week or two before I found out. I tried all the Ben's fancy options, but in the end, I think I simply did reset --hard to the last good commit and then manually applied the last two weeks of work.

    This is precisely my point. I've never managed to break SVN anywhere near this badly



  • @Arantor said:

    This is precisely my point. I've never managed to break SVN anywhere near this badly

    True. On the other hand, it's easier to break a car than bike too. Doesn't mean you want to pedal your way through life.


  • SockDev

    @cartman82 said:

    True. On the other hand, it's easier to break a car than bike too. Doesn't mean you want to pedal your way through life.

    You can take my SVN repos off me when you can prise the relevant auth credentials from my cold dead hands.



  • @cartman82 said:

    True. On the other hand, it's easier to break a car than bike too.

    WTF kind of cars are you buying?

    My last car went 50,000 miles without any problem. I've never had a bike go more than 250 or so.



  • Because Jeff fucking Twatwood is "notable" enough to have a Wikipedia vanity page about him, and Alex thinks that's impressive? (As an aside, this would make the number of people thinking it's impressive 2, the other being JfT)

    Because JfT is (or was) a prolific tech blogger (as he will happily prove, by pulling out one of his own blog articles to back up what passes for his "reasoning") so surely he knows what he's talking about? Never mind that his blog is full of self-referential, clueless tripe - it's the quantity that matters, not the quality, after all.

    Because JfT told Alex that pissforce is the "future of civilised discourse on the internet" and Alex bought it, despite everyone telling him it was a flaming pile of unusable shit?

    Because Alex doesn't understand either forums, forum software, or the platforms they run on, and JfT has led him up the garden path?

    Because JfT is Alex's friend?

    Pick one, or more, of the above. Feel free to add your own.

    Let's be honest, though. Alex is so blinded by JfT's line of bullshit that he has either not noticed, or simply doesn't care, that many of the best "old time" posters here have fucked off. It ain't gonna get better.



  • I'm sensing discontent in you, @tufty.


  • :belt_onion:

    @blakeyrat said:

    I've never had a bike go more than 250 or so.

    250? 50,000?
    Both your bikes and your cars suck.
    250 miles is less than 1 month of biking for a moderate enthusiast. Hell, I have run more than 250 miles in a month.



  • @Keith said:

    I'm sensing discontent

    The force is strong with this one



  • @Arantor said:

    but I see absolutely no reason why the bots can't just send off POSTs simulating the usual requests made to the server. After all, the bots don't normally do anything complicated beyond that...

    Maybe the raw requests are so absurdly complicated that they're impossible to replicate? I haven't checked.

    I once wanted to make a bot to dump files on a Tinyboard site. I tried it in Python because I don't know shit about javascript. Every form seemed to have about 10 hidden fields with random values that get sent back to the server (to prevent spambots I assume). So I made it request a page, parse the <input>s, and POST everything back along with a spoofed user-agent. Then verified with Wireshark that all the headers were being sent identically to the browser (though not in the same order). Still didn't work. Eventually gave up.



  • @blakeyrat said:

    WTF kind of cars are you buying?

    My last car went 50,000 miles without any problem. I've never had a bike go more than 250 or so.

    You measure mileage on your bike? And you rode it more than 250 miles?
    --edit: yeah ok 250 miles is like a month if you commute to work.



  • My 14-year old is at more than 1000km since the start of May. His bike's currently at over 3000km in 2½ years, for one set of crank bearings, two sets of brake pads, three sets of tyres and a broken spoke.



  • Look, ignore the numbers, the point is bike reliability isn't even within an ORDER OF MAGNITUDE of car reliability.

    Sometimes people post stuff and you just gape and think, "does he really believe that???". That bike vs. cars statement was one of those things.



  • @cartman82 said:

    On the other hand, it's easier to break a car than bike too. Doesn't mean you want to pedal your way through life.

    @tufty said:

    My 14-year old is at more than 1000km since the start of May. His bike's currently at over 3000km in 2½ years, for one set of crank bearings, two sets of brake pads, three sets of tyres and a broken spoke.

    @blakeyrat said:

    Look, ignore the numbers, the point is bike reliability isn't even within an ORDER OF MAGNITUDE of car reliability.

    Sometimes people post stuff and you just gape and think, "does he really believe that???". That bike vs. cars statement was one of those things.

    ...

    On the other hand, it's easier to break a spaceship than a pogo stick. Doesn't mean your stick will launch you into orbit.

    CHECKMATE


  • Winner of the 2016 Presidential Election

    Calvin could probably do it

    Filed Under: Imagination once again solves all real world problems!


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.