:wtf: How can this be so wrong??? (AKA the Discopocalypse thread)
-
@loopback0 notice that it hasn't gone over 1,000.
-
@boomzilla I assumed that was a coincidence as there doesn't seem to be a Topic List Previews 2:Electric Boolagloo topic.
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
@loopback0 notice that it hasn't gone over 1,000.
Maybe they're ninja deleting earlier posts?
-
@PJH or staff whispers?
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
@PJH or staff whispers?
Ah, the bastard child of private messages, and public threads; I forgot about those.
-
-
@loopback0 said in How can this be so wrong??? (AKA the Discopocalypse thread):
I was slowly scrolling up (on mobile) and, yep, there's still jellypotato. Took me by surprise, since I was assured by @pie_flavor that didn't happen. I thought i mentally twitched and lost three seconds of memory there...
-
@loopback0 am I the only one cringing at replying to a 3 year old post, instead of starting a new one?
-
@swayde said in How can this be so wrong??? (AKA the Discopocalypse thread):
@loopback0 am I the only one cringing at replying to a 3 year old post, instead of starting a new one?
You weren't here for the Necro Games, were you?
-
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
I was slowly scrolling up
E_UNSUPPORTED_READING_DIRECTION
-
@Tsaukpaetra not the entirety. But we do cringy stuff ironically, not as a shitty patch to not-a-bugtracker.
-
@swayde said in How can this be so wrong??? (AKA the Discopocalypse thread):
@loopback0 am I the only one cringing at replying to a 3 year old post, instead of starting a new one?
Yes, Jeff.
-
@swayde said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra not the entirety. But we do cringy stuff ironically, not as a shitty patch to not-a-bugtracker.
I just like the "goddammit" message when I necro stuff
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
After opening up the network tab and pasting the json from the response I found this:
That's silly. All they need to send is the ID of the first post, the last post, and the first post of each page.
-
@Lorne-Kates said in How can this be so wrong??? (AKA the Discopocalypse thread):
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
After opening up the network tab and pasting the json from the response I found this:
That's silly. All they need to send is the ID of the first post, the last post, and the first post of each page.
... no? Why would it need the ID of a post on a page it's not currently on?
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Lorne-Kates said in How can this be so wrong??? (AKA the Discopocalypse thread):
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
After opening up the network tab and pasting the json from the response I found this:
That's silly. All they need to send is the ID of the first post, the last post, and the first post of each page.
... no? Why would it need the ID of a post on a page it's not currently on?
DID YOU SAY PAGE? NO LONGER WELCOME HERE
-
@izzion's autobox in How can this be so wrong??? (AKA the Discopocalypse thread):
i see transparent.png
Ummmm...........
-
Discourse 2.1 is out!
Featuring:
a big increase in performance for rare megatopics
LOL.
Following that link...
A few years ago we ran into a technical limitation where we send down a list of all the post IDs in the topic when you enter the topic. This starts to cause problems on the client – particularly older smartphones with less memory and CPU power – at around ~10,000 replies, so we created a site setting that automatically closes topics at 10,000 replies and defaulted it to on. It’s certainly possible to turn this setting down or off, but we believe in “safe by default” at Discourse, and extremely large topics were no longer safe, at least for some clients.
This was meant to be a temporary solution as it was a significant amount of engineering effort to create a solution where we sent down only a partial list of topic ids based on what you are viewing. We planned to revisit this later.SPOILER ALERT: They didn't revisit.
-
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
That's a fuckin' small screen. I don't have that problem because I don't zoom in 200% on the rare occasion I'm on landscape. NodeBB would probably break down if I set my resolution low enough too.
-
@pie_flavor
I can confirm that default settings on an iPhone 6S exhibits the behavior. No zoom, no custom browser, no custom keyboards, this is an out of the box iPhone, settings wise...Granted, under certain circumstances I'm able to scroll the composer page a little, and get rid of the address bar. But that's still pretty shitty UI-by-default.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@pie_flavor
I can confirm that default settings on an iPhone 6S exhibits the behavior. No zoom, no custom browser, no custom keyboards, this is an out of the box iPhone, settings wise...Granted, under certain circumstances I'm able to scroll the composer page a little, and get rid of the address bar. But that's still pretty shitty UI-by-default.
But if you cover almost all of the screen with the keyboard, how is that Discourse’s fault?
This is scrollable, of course.
-
@topspin
Yeah, I don’t disagree that this isn’t something Discourse (or NodeBB) can really do much about, unless the phone’s keyboard exposes some way to change how much space the keyboard takes up. But the response is a pure Jeffism. Rather than saying “yeah, you’re right, but unfortunately it’s out of our control”, he just goes “why the fuck are you even using landscape mode?”
-
@topspin said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@pie_flavor
I can confirm that default settings on an iPhone 6S exhibits the behavior. No zoom, no custom browser, no custom keyboards, this is an out of the box iPhone, settings wise...Granted, under certain circumstances I'm able to scroll the composer page a little, and get rid of the address bar. But that's still pretty shitty UI-by-default.
But if you cover almost all of the screen with the keyboard, how is that Discourse’s fault?
This is scrollable, of course.
I have no idea what you're talking about...
Edit: Granite, there's a lot more WTFs still there than the keyboard, but still...
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@topspin
Yeah, I don’t disagree that this isn’t something Discourse (or NodeBB) can really do much about, unless the phone’s keyboard exposes some way to change how much space the keyboard takes up. But the response is a pure Jeffism. Rather than saying “yeah, you’re right, but unfortunately it’s out of our control”, he just goes “why the fuck are you even using landscape mode?”It's a valid question. Landscape mode does this on virtually every forum. I would never use landscape mode unless I was in a juddery enough environment that I really needed the extra keyboard width.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
NodeBB does this as well. And portrait is annoying to use when lying down.
-
-
@PleegWat said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
NodeBB does this as well. And portrait is annoying to use when lying down.
For reasons unknown when running the site as an App (i.e. "Create shortcut on desktop") I actually can't get it to rotate to Landscape mode. Only when running in a normal browser tab does it "work". But enough about NodeBB.
-
@ben_lubar While on the subject of robot uprising:
-
@pie_flavor said in How can this be so wrong??? (AKA the Discopocalypse thread):
It's a valid question. Landscape mode does this on virtually every forum. I would never use landscape mode unless I was in a juddery enough environment that I really needed the extra keyboard width.
There's one forum I use where I need to turn my phone sideways to get it to bring the submit button out from under the text entry box… but that's neither Discourse nor NodeBB (and I don't care to investigate further because ).
-
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@PleegWat said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
NodeBB does this as well. And portrait is annoying to use when lying down.
For reasons unknown when running the site as an App (i.e. "Create shortcut on desktop") I actually can't get it to rotate to Landscape mode. Only when running in a normal browser tab does it "work". But enough about NodeBB.
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@PleegWat said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
https://meta.discourse.org/t/mobile-landscape-keyboard-hiding-input-text/98809
It's very difficult to make posts in landscape mode on mobile, the keyboard covers the entire composer
All people whose opinions I care about use exclusively portrait on mobile.Never change, Jeff. Never change.
NodeBB does this as well. And portrait is annoying to use when lying down.
For reasons unknown when running the site as an App (i.e. "Create shortcut on desktop") I actually can't get it to rotate to Landscape mode. Only when running in a normal browser tab does it "work". But enough about NodeBB.
-
@PleegWat said in How can this be so wrong??? (AKA the Discopocalypse thread):
And portrait is annoying to use when lying down.
"You're holding it wrong!"
-
@HardwareGeek said in How can this be so wrong??? (AKA the Discopocalypse thread):
@PleegWat said in How can this be so wrong??? (AKA the Discopocalypse thread):
And portrait is annoying to use when lying down.
"You're holding it wrong!"
That's what Jeff tells his wife
-
-
@ben_lubar
It appears Jeff got Jeffed from the picture
-
@Luhmann said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar
It appears Jeff got Jeffed from the pictureSee above SMBC comic for a depiction of that happening.
-
: Oooo, fun! Let's see what fresh WTFs will be created here!
: We would like to commission a plugin that enables private, encrypted messaging between end-users.
: So far so good, sounds pretty sane so far.
Keep in mind with this plugin it is technically impossible for you to read members private conversations provided they have a reasonably strong passphrase.
: Brilliant, Jeff will no longer be able to snoop around PM chains, and accidentally leave likes.
: Have the server store an encrypted private key and public key per user
: Have the server store an encrypted conversation key per participant in private messages (encrypted using end users private key)
: Erm, if all the private keys are on the server, I don't think it's as "technically impossible" as you think.
Filed under: "Private" message
-
@DoctorJones said in How can this be so wrong??? (AKA the Discopocalypse thread):
Erm, if all the private keys are on the server, I don't think it's as "technically impossible" as you think.
That's where the reasonably strong passphrase and method of encrypting the keys become important.
Granted, there will probably still be stuff the owner of the instance could do to capture that information.
-
@DoctorJones said in How can this be so wrong??? (AKA the Discopocalypse thread):
: Erm, if all the private keys are on the server, I don't think it's as "technically impossible" as you think.
Depends on whether the reasonably strong passphrases are also on the server as well.
Coat? It's the one with the bike-shed motif on the collar...
-
@DoctorJones You did forgot to mention the second paragraph. Here are both together:
Keep in mind with this plugin it is technically impossible for you to read members private conversations provided they have a reasonably strong passphrase.
They are encrypted in the database and only decrypted client side. You would have to add a code exploit to your server for you to be able to swing reading encrypted PMs. Longer term (in v3 / v4) this code exploit would result in a giant red flag on the screen for people who install the “confirm my encrypted discourse conversations have not been exploited” browser plugin.
Since it's a
browser pluginclient-side JavaScript running the crypto then the server will simply see three or more files pass by: the "user's private RSA key" blob which is encrypted on the client-side with the user's passphrase before transmission, the "encrypted thread" which is encrypted with a "thread encryption key" which is never known in plain-text by the server and then the "thread encryption key" encrypted using the user's public RSA key (which means only that user can decrypt the conversation using his RSA private key, you need one of these files for each user in the conversation).Now it could actually work to make the contents of your messages confidential, although it won't hide who is replying (after all the server still needs to exchange all data and will spot you receiving or adding a blob to the conversation) and will mostly be just overhead.
EDIT: I don't get how he would do the exploit detection thing though.
-
Yeah, currently voice services are MITM encrypted. Couldn't figure out how to get sodium working in a private/public key mode correctly so for the time being the server knows all your voice.
-
@JBert said in How can this be so wrong??? (AKA the Discopocalypse thread):
@DoctorJones You did forgot to mention the second paragraph. Here are both together:
Keep in mind with this plugin it is technically impossible for you to read members private conversations provided they have a reasonably strong passphrase.
They are encrypted in the database and only decrypted client side. You would have to add a code exploit to your server for you to be able to swing reading encrypted PMs. Longer term (in v3 / v4) this code exploit would result in a giant red flag on the screen for people who install the “confirm my encrypted discourse conversations have not been exploited” browser plugin.
Since it's a
browser pluginclient-side JavaScript running the crypto then the server will simply see three or more files pass by: the "user's private RSA key" blob which is encrypted on the client-side with the user's passphrase before transmission, the "encrypted thread" which is encrypted with a "thread encryption key" which is never known in plain-text by the server and then the "thread encryption key" encrypted using the user's public RSA key (which means only that user can decrypt the conversation using his RSA private key, you need one of these files for each user in the conversation).Now it could actually work to make the contents of your messages confidential, although it won't hide who is replying (after all the server still needs to exchange all data and will spot you receiving or adding a blob to the conversation) and will mostly be just overhead.
EDIT: I don't get how he would do the exploit detection thing though.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 If only there were some system that could do this transparently without needing to store the private keys on the server... But I guess we'll never know... -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.80 Comment: https://keybase.io/crypto wsFcBAABCgAGBQJbvjZwAAoJEAGLq0XbLSskzQEP/R8zGFfbbp7CVUt3SO4413/0 bRmf9MPMe59nVPgzd8zEgW5HNLcwKId3fCEe/TlMv7NcxuIUsEnC4BNa3KYezY+a /1ouQ9kYyp/BqKT7gbv9203XSh1td9Y8ulMrN26NxkiiF3Qy76hkwA6kGA/f/O5r /p1rAs8EsM1vC0qAYjx/4X4ubJE37ZfbjiUscLEidwY2Ze+iTl49Itj3hdWemuyB 2C3BB2VwDNMQ3ln2DnXicMhxBraSteeWXK/YLyKK945vxCIO2pBkSIX+Xz/9tWXY 1h5Bbu315Gd+pLExj1IoeeUzVAbTX7HM/SOVNntQkEkhqWMSuS1J9sMzBDVu3C9p PxEuazpG1ig7Aoi1g6c7E4OU4nb2ANP3Fxvobo+FLdfMonMeaW0Q/wdTPHIibWEI LNccs073qh58ke7wsyCL27IR64woEf+TpVjdeVG1Om+cLCypCovukCbQpTKljOt3 9+1LQ8zWbAUDuz/ZWUgZYESaeyyzNeLJWqJ8i1FFchXKjgP8Eiy1ZJHE1wsSr9S8 ImlnDuVBOdJs8FmWMwhYpTsy74cqz3Roxj2qgzy1RhHrDyRm6/58o3jYpVYFYO+A rgXLORksD8epOz1GM5CuBCWDkXljvE+LRPqdZvfFhAx+NKEOXIJOT3qm8rLCCcys AGS0qC1V2lYbM+QgVGu4 =zlcL -----END PGP SIGNATURE-----
-
-
@loopback0 Or unfulfilled expectations.
-
@ben_lubar
When PGP is too user-hostile for use in Discourse, you know it's in a bad spot as a technology.Also, my understanding is they're storing the password-encrypted PK server side so that the user can view their encrypted messages from any device without having to do a song and dance to copy the PK themselves, only having to provide the key decryption passphrase.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
Also, my understanding is they're storing the password-encrypted PK server side so that the user can view their encrypted messages from any device without having to do a song and dance to copy the PK themselves, only having to provide the key decryption passphrase.
And
keybase.io
is different because...?
-
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
You wouldn't download a #JEFF
502 OK
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
You wouldn't download a #JEFF
502 OK
TIL that IIS gives 404 errors if you upload a file that's too big.
Yes, that's right. "Not Found" is the error code it returns when you submit a Request Entity that is Too Large.
I can think of about 413 reasons that's wrong.