Jeff Atwood on security (blog post)
-
He explicitly talked about security researchers, which doesn't really fit my perception of the people reporting stuff from here
Yeah, if he were talking about us, he'd have called the people in his story, "Security Trollers"
-
Well you're the user, so your choices are "reporting bugs to have a memepic and insult to your site/userbase thrown in your face and not get them fixed" or "not reporting bugs and not getting them fixed".
FTFY
-
The CSS - if you can inline it in the header, you'll increase your PS score.
and make baby jesus cry :(
-
People report that "the Google PageSpeed score is slow, it says 'remove render-blocking JavaScript'."
eh... that's because dischorse is entirely intentionally a render-blocking javascript app....
What if I'm using a JavaScript framework to construct the page? If the content of the page is constructed by client-side JavaScript, then you should investigate inlining the relevant JavaScript modules to avoid extra network roundtrips. Similarly, leveraging server-side rendering can significantly improve first page load performance: render JavaScript templates on the server to deliver fast first render, and then use client-side templating once the page is loaded. For more information on server-side rendering, see http://youtu.be/VKTWdaupft0?t=14m28s.
That sounds brutally painful, emulating ember-like renderings to output from the server so you can serve a completed page for SpeedScoreforuminternetpointzzzzzzz™ and then have ember to hook into the result on the client-side. But I'm no ember guru, maybe they have something for that?Also, where's my money for compiling freely available garbage from the internet (ie, clicking the first link google gave me when I right-click+searched the phrase in your post, then pasting the relevant section into a quote tag).
-
was all of this? The mental hoops that @blakeyrat had to jump through to defend his lack of a point was dumbfounding. I have seen more coherent shit in a diaper.
-
That sounds brutally painful, emulating ember-like renderings to output from the server so you can serve a completed page for SpeedScoreforuminternetpointzzzzzzz™ and then have ember to hook into the result on the client-side. But I'm no ember guru, maybe they have something for that?
That's literally what they're working on right now :P
-
From reading Meta... pretty damn sure it isn't about TDWTF.
But... but... damn it, it's not fun any more now!
That's literally what they're working on right now
Just port Ember to Node.js, and compile the current Ruby code to Node code as well. What could possibly go wrong?
-
There's nothing wrong with his business model (aside from maybe the markup on the VMs, not sure what the actual price/markup model is).
The packages aren't directly comparable, but official hosting is around 2.5 to 5 times the price. Overall, it's probably not too bad when you consider that they need to recoup the initial investment.
Also, I somewhat agree with @blakeyrat. The Discourse people are taking quite a lot of money from paying customers, and really owe it to those customers to have more robust QA. If it weren't for TDWTF, the stable installations would be littered with exploits, and those paying customers would be suffering as a result.
Okay, you might argue that it's open source and that the customers should be more careful about the software they use. I would speculate that many of Discourse's customers are not tech savvy and are buying into Discourse solely because of Jeff's reputation and his stated ambitions for the product. If I was buying services from someone with a big reputation, known for writing blog posts on software quality and security, I might assume that those traits would feature in the products they created. In the case of Discourse, I would be quite wrong.
All that said, I personally am quite happy with Discourse. I doubt that I would ever have joined in with the community were it not for the switch, and it's not costing me anything other than occasional frustration when browsing on mobile.
-
I just quoted your post. From a phone
IIRC, your phone is Linux hardware, not Windows hardware, which blakey's is.
-
-
eh... that's because dischorse is entirely intentionally a render-blocking javascript app....
I think what you're saying is that Discourse is Doing It Wrong.
-
I just quoted your post. From a phone.
Quoting from Android or iPhone may work, but quoting from Windows Phone is more broken than a broken thing that's been broken
-
From a phone.
but what phone?
as i recall blakey has a windows phone. and as we all know a thing has to have 80% market penetration to be worth developing for
Filed under: No it doesn't, but then JDGI hanzo'd by my love
-
Selective quotes don't work on android at minimum, you have to full post quote
FWIW i reported this bug ages ago on meta.d and provided screenshots, Jeff banned me for arguing it was a problem
-
Selective quotes don't work on android at minimum
they do work.... kind of.
they're twitchy as hell though. basically they only work after you move the selection endpoint once, and you have to pick the right side (not the left) and you must move it later in the text you cant move it earlier because then you're moving the left side...
yeah. it's not pretty.
-
No. On mine the quote dialog will never show up. Ever. I've tried, it doesn't work.
-
odd.... what device?
-
Samsung s4, latest android (though it's always been broken)
-
hmm... have you tried different browsers?
i know they all use the same rendering engine behind the scenes but some of the ones in the app store do really silly things that discourse could be barfing on.
-
Accalia.
The problem is ON MOBILE PHONE SELECTED QUOTE DOES NOT WORK for Android Samsung phones. It works on desktop. Don't be Jeff.
For the record, it doesn't work on chromium or stock google play chrome either.
But that shouldn't matter. HOW DO YOU DICK UP SELECTION QUOTES
-
.... i was just trying to get more information about the issue...
:'(
I accept that it's an issue for you and i wanted more information so i could get a proper bug report built.
i'm trying to help, not trying to argue it isn't an issue....
-
What if I'm using a JavaScript framework to construct the page?If the content of the page is constructed by client-side JavaScript, then you should investigate
inlining the relevant JavaScript modules to avoid extra network roundtripsthe cause of your apparent brain damage.Post can't be empty
-
The problem is ON MOBILE PHONE SELECTED QUOTE DOES NOT WORK for Android Samsung phones. It works on desktop. Don't be Jeff.
Note to self: don't bother asking @Matches for more bug repro info
-
Go look up my issue report on metad from about 10 months ago. There's about 40 posts back and forth with Jeff before he banned me and said it's not a bug. you're welcome to see the several hours of testing i already did.
-
it's an issue for you
It's also an issue for me, on a Motorola Android phone in Chrome. The Quote Reply button only ever shows up after clicking the regular Reply button, when the selection is cleared.
-
Mine doesn't even allow that. It's full quote or bust.
-
Note to self: don't bother asking @Matches for more bug repro info
Note to everybody: stop giving free QA services to Atwood.
-
I feel like i should have a pretty good track record of testing, breaking, and reporting things. And considering i already reported it over at meta.d, and the rest of my posts, i feel like the questions being asked are ridiculous. Not only that, but this issue is probably reported on discoursebugs.com, it's been that long.
-
Wow, how do they have it so messed up that it works differently between devices running the same OS (unless Samsung and/or Motorola futzed with Android at that level)?
Then again, it took them 6 months to fix only one positioning issue with text editing with iOS 8.2, but not any others, just in time for iOS 8.3 to come out.
-
Motorola either has its own flavor of chrome or is using stock. Samsung uses its own flavor of chrome, but on a whole it remains true to standard Web coding. I have developed and used some advanced dynamic loading and checking, it works flawlessly. It's only discourse that has issues.
-
There's about 40 posts back and forth with Jeff before he banned me and said it's not a bug.
i found this one in support: https://meta.discourse.org/t/selection-quote-reply-is-broken-on-samsung-galaxy-s4/21041
and this one: https://meta.discourse.org/t/show-more-editor-buttons-on-mobile-including-fullquote/17843
those are the only two relevant topics i see with user particiaption from @matches on meta.d
was it either one of those or do i have the wrong username?
-
I am not questioning your ability to break things. What I am questioning is why, instead of answering a question, you resorted to assuming everyone already knows all the details. I would say 'Don't be Blakey', but a) I'm trying hard not to be like that any more, and b) I'm not sure that'd be fair on either you or Blakey anyway.
-
The first one is the most relevant, there was at least one more topic made when the blue cursors came back instead of the purple ones
-
Jeff's reputation and his stated ambitions for the product. If I was buying services from someone with a big reputation, known for writing blog posts on software quality and security, I might assume that those traits would feature in the products they created. In the case of Discourse, I would be quite wrong.
THIS.
And knowing this, if you review his blogging, it dawns on you that while it appears he's writing about making quality software... he really writing about writing about making a successful software-based business.
To people that dream of quality software (e.g. the TDWTF ) forum) this feels like bait-and-switch.
-
Because your first instinct when i say 'it's broken on x operating system' (not x browser) should be 'you know, he actually knows how to test things. He also says he reported it somewhere, it sounds like maybe this has history behind it. Huh. Blakey reported it too? And others also see the issue?'
Oh. Have you tested using another browser?
Fuck off.
-
ah. thanks. i'll add stopping by T-Mobile or Verizon on my list of things to do so i can try it on a bunch of their devices in store and get some screenshots.
-
Dude, chill for fuck's sake; no need to go biting people's heads off just because they asked you a fucking question.
Plus
@RaceProUK said:I am not questioning your ability to break things.
-
Accalia, looks like a lot of discussion and screenshots in that first link got Jeffd
-
The problem is ON MOBILE PHONE SELECTED QUOTE DOES NOT WORK for Android Samsung phones.
Samsung Galaxy S5, running latest Android. No repro.
It is a pain in the dick to do it, but selective quoting can be done on Android Samsung phones.
-
you know, he actually knows how to test things
i'll agree happily with that,
He also says he reported it somewhere
right, but there was no linkage to the bug report so i asked clarifying questions, and then spent ten minutes scrolling through your posts on meta.d trying to find the relevant topic.
Blakey reported it too?
yes he has, but when i asked for more details so i could become more informed i got abuse instead.
And others also see the issue?
yes we do. but again i wanted details to triage the issue for myself.... so far very few have been forthcoming
Have you tested using another browser?
yes i asked. because i wanted to find out information on whether it was the manufacturer overlay or the particular web browser you were using. if it failed on dolphin but worked on chrome on the same phone that would indicate an issue with the dolphin browser and not the OS. if it failed in both but worked on a different phone on the "same" version of android that would imply the manufacturer overlay was to blame.
I still don't have that information, and it does not appear to be forthcoming so i plan an excursion to a place with a bunch of phones that i can use to test various permutations of things on to try and narrow down the issue.
I understand you are upset with the issue, but i would appreciate it if we could try to remain civil so i can get the most possible information to effect a resolution.
-
yes we do. but again i wanted details to triage the issue for myself....
Well why don't you pay me money for QA services.
-
Well why don't you pay me money for QA services.
i'm spending my own time triaging your issue so I can try and get an issue resolved that while i recognize is an issue is not personally impacting me. I'd say that quid pro quo would have me pay for your QA effort with my QA effort.
unless you consider your time spent helping me assist your esperience with this forum massively more valuable than mine?
-
It's only valuable to Atwood, which is why you and all the other idiots helping him for free are suckers.
I was more amazed at the pure gall to just ask for free work from someone as if you were entitled to it.
-
So you might wait up to a year to report anything
This sentence is just silly. Why would you wait to get paid if the company is offering a bounty?
If they aren't you have two choices that make sense: Either you go black hat and sell the exploit / exploit it yourself (which is why these programs exist in the first place, give you a little more incentive to not sell it) or you report it to the company through regular reporting mechanisms and if they don't respond or fix the bug in a certain length of time you release the details into the wild.
-
-
the pure gall to just ask for free work from someone as if you were entitled to it.
you reported a bug, i had insufficient information from your report to reproduce it and so asked for more information.
I'm of course not entitled to that information but I think i was reasonable in my assumption that you would be interested in providing that information in order to resolve your reported issue.
I'm sorry if you feel differently and will avoid asking clarifying questions in future.
-
I'm sorry if you feel differently and will avoid asking clarifying questions in future.
He hates clarifying questions. You're supposed to glean all the important information from the provided morsels. Being wrong about that is almost as bad as asking clarification.
Some people just want to complain.
-
Normally there's also an option of "make a campaign for your admin to change that shitty piece of software to phpBB", but we're handicapped in that one.
I would donate to a such a campaign. Maybe a kickstarter to upgrade to phpBB?
-
Post can't be empty
don't quote quotes inside my post as if I said that stupidity myself!
-
Bug report: Selecting stuff on Windows Phone 7, 7.1, 7.5, 7.8, 8, and 8.1 is broken. Specifically, the end selection handle can only be extended, and only once, and it does so in a jerky, unintuitive fashion. The start selection handle sometimes jumps to the start of the paragraph; otherwise it is locked into place and unusable.
Bug report: Composing a reply to a topic in a read-restricted category on Windows Phone 7, 7.1, 7.5, 7.8, 8, and 8.1 is broken. Specifically, at every character press, the Javascript that realigns the category background (which isn't
background-attachment: fixedfor some reason) and the progress bar also realigns the reply pane, but does so to lie just above the viewport, rather than at the bottom of the viewport. IE Mobile then scrolls up to keep the reply pane in view, but as soon as another key is pressed, the process repeats, all the way to the beginning of the thread.Reported by: @Blakeyrat, @Keith, @TwelveBaud, @Buddy, @Magus, @Spencer, @Jaming, @RaceProUK, @Gaska, and Jeff himself. (Similar problems exist on several Android devices, reported by a hell of a lot of people.)
Jeff's response: *faaaaaaaaaaaaart* insufficient market share. Also you're lying and wrong.
See why we're no longer interested in providing sufficient information? Cost vs. Reward just isn't in our favor, and our assumptions that good still exists in the world were mercilessly slaughtered.
Remove Render-Blocking JavaScript | PageSpeed Insights | Google for Developers
