:fa_bullhorn: The sound of AN ANNOUNCEMENT BEING MADE (or: Request for Comments: Comments)
-
-
29/2 17:32 [232] - warn: NodeBB Setup Aborted. Error: schema-out-of-date ben@australium:~$ docker exec -ti wtdwtf-nodebb-1.0.0 ./nodebb upgrade 1. Bringing base dependencies up to date... OK 2. Updating NodeBB data store schema. 29/2 17:33 [262] - warn: You have no mongo password setup! 29/2 17:33 [262] - info: [database] Checking database indices. 29/2 17:33 [262] - info: Beginning database schema update 29/2 17:33 [262] - info: [2015/09/30] Converting default Gravatar image to default User Avatar skipped 29/2 17:33 [262] - info: [2015/11/06] Gravatar removal skipped 29/2 17:33 [262] - info: [2015/12/15] Upgrading chats 29/2 17:33 [262] - info: skipping chat message 1 29/2 17:33 [262] - info: adding message 2 to new roomID 1 29/2 17:33 [262] - info: adding message 3 to new roomID 2 29/2 17:33 [262] - info: [2015/12/15] Chats upgrade done! 29/2 17:33 [262] - info: [2015/12/23] Upgrading chat room hashes 29/2 17:33 [262] - info: [2015/12/23] Chats room hashes upgrade done! 29/2 17:33 [262] - info: [2015/12/23] Adding theme to active plugins sorted set 29/2 17:33 [262] - info: [2015/12/23] Adding theme to active plugins sorted set done! 29/2 17:33 [262] - info: [2016/01/14] Creating user best post sorted sets 29/2 17:33 [262] - info: processing pid: 797186 uid: 595 votes: 1 29/2 17:33 [262] - info: processing pid: 797189 uid: 595 votes: 1 29/2 17:33 [262] - info: processing pid: 797221 uid: 598 votes: 1 29/2 17:33 [262] - info: processing pid: 797254 uid: 289 votes: 5 29/2 17:33 [262] - info: processing pid: 4 uid: 1988 votes: 2 29/2 17:33 [262] - info: processing pid: 18946 uid: 2053 votes: 1 29/2 17:33 [262] - info: processing pid: 18947 uid: 4 votes: 1 29/2 17:33 [262] - info: processing pid: 18949 uid: 1964 votes: 1 29/2 17:33 [262] - info: processing pid: 18953 uid: 1931 votes: 1 [snip 800k lines of that]
-
-
Why would I need a mongodb password if it's only accessible from docker containers on the same host?
-
So you don't get warned about it? Obviously?!
Filed Under: Also, never expect anything to ONLY be accesible from certain targets... ever #security101
-
Also, never expect anything to ONLY be accesible from certain targets... ever #security101
Unless Docker is horribly broken, it's accessible to anything that can access the virtual network interface that Docker provides. Which is just the computer in the other room of my basement.
-
Unless Docker is horribly broken
Unless you can prove that Docker is not horribly broken, I'd say you should assume that it is broken in a way you don't even know!
Filed Under: Also: Discourse (mis)uses Docker... so there is that
-
Let's start with private messages. To the vim room!
Step 1: Design PMs so they aren't private, and can leak information all over the place
Step 2: do the opposite of that design.
-
-
Why are you missing the opportunity to use hunter2 as a password?
-
Can anyone think of any tags I missed?
I think most allowed tags should allow
title
, except maybe:hr
andbr
, because if anyone tried to put atitle
on one of those... TDEMSYRblockquote
,code
,pre
,tt
, and all thetable
-related tags, because it feels to havetitle
there
Ok, this is weird.
HTML sanitisation is hard.
If I was trying to do this in Javascript, I'd probably do something like this, to take care of unmatched tags, making the browser do the work:
// preliminary sanitize whatever is in htmlToSanitize... make sure there are no scripts in it var e = document.createElement("span"); e.innerHTML = htmlToSanitize; htmlToSanitize = e.innerHTML; // htmlToSanitize contains valid HTML now, so we can finish sanitizing it
or:
// preliminary sanitize whatever is in htmlToSanitize... make sure there are no scripts in it htmlToSanitize = (new DOMParser).parseFromString(htmlToSanitize, "text/html").body.innerHTML; // htmlToSanitize contains valid HTML now, so we can finish sanitizing it
Example:
Obviously you can't do it client-side, and if you're running on server then you don't have the browser, but there are DOM-parser modules for Node.js that I would imagine might do something similar.
This also may have the added benefit that anything "clever" that's done to try to confuse your sanitize will get dumbed down in the process:
-
var metaCid = db.objects.findOne({_key: '_imported:_categories', value: '3'}).score; db.objects.find({_key: 'categories:cid'}, {_id: 0, value: 1}).forEach(function(cid) { var cat = db.objects.findOne({_key: 'category:' + cid.value}); function icon(name) { db.objects.update({_key: cat._key}, {$set: {icon: name}}); } function disable() { icon('fa-trash'); db.objects.update({_key: cat._key}, {$set: {disabled: 1}}); onlyGroups([]); } function moveToMeta() { db.objects.remove({_key: 'cid:' + cat.parentCid + ':children', value: cid.value}); db.objects.update({_key: cat._key}, {$set: {parentCid: metaCid}}); db.objects.insert({_key: 'cid:' + metaCid + ':children', value: cid.value, score: +cid.value}); } function onlyGroups(names) { db.objects.remove({_key: 'group:cid:' + cid.value + ':privileges:groups:find:members', value: {$ne: 'administrators'}}); db.objects.remove({_key: 'group:cid:' + cid.value + ':privileges:groups:read:members', value: {$ne: 'administrators'}}); db.objects.remove({_key: 'group:cid:' + cid.value + ':privileges:groups:topics:create:members', value: {$ne: 'administrators'}}); db.objects.remove({_key: 'group:cid:' + cid.value + ':privileges:groups:topics:reply:members', value: {$ne: 'administrators'}}); names.forEach(function(name) { db.objects.insert({_key: 'group:cid:' + cid.value + ':privileges:groups:find:members', value: name, score: +new Date()}); db.objects.insert({_key: 'group:cid:' + cid.value + ':privileges:groups:read:members', value: name, score: +new Date()}); db.objects.insert({_key: 'group:cid:' + cid.value + ':privileges:groups:topics:create:members', value: name, score: +new Date()}); db.objects.insert({_key: 'group:cid:' + cid.value + ':privileges:groups:topics:reply:members', value: name, score: +new Date()}); }); } function noReply() { db.objects.remove({_key: 'group:cid:' + cid.value + ':privileges:groups:topics:reply:members', value: {$ne: 'administrators'}}); } switch (cat._imported_path) { case '/c/article': disable(); break; case '/c/article/authors-discussion': moveToMeta(); break; case '/c/coder-challenge': break; case '/c/funny-stuff': icon('fa-smile-o'); break; case '/c/games': icon('fa-gamepad'); break; case '/c/games/mafia': icon('fa-user-secret'); break; case '/c/general': icon('fa-coffee'); break; case '/c/general/look-at-me': break; case '/c/general-discussion': disable(); break; case '/c/general-help': break; case '/c/general-help/coding-help': icon('fa-medkit'); break; case '/c/meta': icon('fa-cogs'); break; case '/c/meta/bug': icon('fa-bug'); break; case '/c/meta/faqs': icon('fa-question-circle'); break; case '/c/meta/flags-badges': icon('fa-flag-checkered'); break; case '/c/meta/migration': break; case '/c/meta/one-post': noReply(); break; case '/c/meta/the-lounge': icon('fa-paper-plane'); onlyGroups(['trust_level_3', 'trust_level_4', 'Global Moderators']); break; case '/c/meta/turn-left': onlyGroups(['trust_level_4', 'Global Moderators']); break; case '/c/meta/staff': onlyGroups(['Global Moderators']); break; case '/c/programmers-testing': icon('fa-code'); onlyGroups(['programmers_testers', 'Global Moderators']); break; case '/c/programmers-testing/bot-testing': icon('fa-android'); onlyGroups(['programmers_testers', 'bots', 'Global Moderators']); break; case '/c/programmers-testing/tbd': icon('fa-code-fork'); onlyGroups(['programmers_testers', 'Global Moderators']); break; case '/c/rubbish': disable(); break; case '/c/side-bar-wtf': icon('fa-exclamation-triangle'); break; case '/c/side-bar-wtf/codesod': icon('fa-code'); break; case '/c/side-bar-wtf/errord': icon('fa-desktop'); break; case '/c/the-i-hate-oracle-club': icon('fa-database'); break; case '/c/uncategorized': disable(); break; } });
Anyone have any changes they'd like to make?
-
Anyone have any changes they'd like to make?
if (cat._author == "blakeyrat") { cat._title += ":fa_magic::moon::elephant:" + GetRandomEmoji(); }
-
I'm pretty sure there are no categories _authored by @blakeyrat.
-
You know how it's great when I make a funny joke and then humorless asshats like Lorne here just repeat it over and over and over again until I want to kill myself.
-
Ok, the poll plugin is completely broken. It doesn't support topics with more than one poll, polls can only have a poll in the first post, and it hooks into post editing instead of post rendering so you have to do a hard refresh to see changes and the imported polls won't render as anything at all.
-
-
You know how it's great when I make a funny joke and then humorless asshats like Lorne here just repeat it over and over and over again until I want to kill myself.
I'm still waiting for you to make a funny joke. :moon:
-
-
i read that as:
𝐃𝐈𝐒𝐂𝐎𝐔𝐑𝐒𝐄 𝐏𝐑𝐎𝐓𝐄𝐂𝐓
and was all:
-
Well, in XCOM 2, the enemy win condition is that progress bar filling up. So you are correct about reaction%20image.jpeg
-
If anyone is having trouble accessing the test forum, it's because I'm uploading 9 hours of Dwarf Fortress video. It should be back to normal in about half an hour.
-
polls can only have a poll in the first
postpollDidn't think you'd typed "Poll" enough in there
-
[poll]
- poll
- poll poll
- poll poll poll
- poll poll poll poll poll, poll poll poll
- poll poll, poll
- POLL!
[/poll]
-
Okay, this is going well, so let's open it up.
Everyone can now access https://discourse.local.lubar.me/
You'll have to reset your password before you log in as passwords are not part of the import.
See if you can find anything else broken, and I'll be watching the slow query log to make sure there's nothing insane in there.
Remember that posts on the testing forum will not be retained when the import happens.
-
orly?
-
Yeah, I got that; it worked second time around though
-
Bug report: I clicked on @aliceif's profile link and the forum didn't crash.
THIS BREAKS MY WORKFLOW! PLEASE FIX IMMEDIATELY!
-
E_INCORRECT_ACCOUNT
when resetting password I can only provide Email Address, this email address links to @Accalia_de_Elementia as well as @accalia due to import from CS. This means i'm effectively locked out of my proper account after the migration!
-
E_NOREPRO
@accalia's email address SHA1 = 1d74bc05f208e2924b638d8a9145ea11863c1b6e
@Accalia_de_Elementia's email address SHA1 = 0c84edea37ddce8bb4f431cf7f056aabffb52ad9
-
Changing the email for @Accalia_de_elementia to attempt to unmask @accalia also fails! it appears @accalia does not have an email address associated with the import!
-
did you take that just now? because i did just change it to test something?
-
Hint: they're on different domains
-
The password reset page isn't working for me - I get the page to enter an email address, enter my email, hit Reset Password, and nothing happens. I get a couple of JS errors loading the page:
nodebb.min.js?b602bfd8-896c-424e-853c-b2ab9d9d7503:9 Uncaught TypeError: RegExp.prototype.sticky getter called on non-RegExp object sounds.js?b602bfd8-896c-424e-853c-b2ab9d9d7503:11 Uncaught TypeError: Cannot read property 'on' of undefined
Running Windows Chrome 48.
No JS errors or AJAX requests from clicking the button, just nothing.
-
I can't reproduce that :/
-
Tried on IE11. For both my real email and several test emails like test@mailinator.com, I get a popup in the corner saying "ERROR: Invalid Email"
-
I just tried with your email address and it said it was successful.
-
Great work @ben_lubar! It looks good.
Thanks for putting the effort in to make the forum migration happen :-)
-
Oh huh, it does work in IE when I use the right email address. Still not working in Chrome though.
-
So this is what an old computer in my basement looks like when running NodeBB under moderate load.
-
That can't be right. A modern, JS-heavy, packed-with-shiny, infiniscrolling, live-updating, Web-2.0-ing forum package that doesn't bring a server to its knees?
-
live-updating
Is it? I had to refresh to see new posts in the topic I had open.
ETA: I also didn't get a reply notification. Those are still a thing, right?
-
That may have been because I was restarting it with a plugin that was requested installed.
-
Double huh, updated my Chome, and it works in there again. Weird JS gremlins maybe? I think this Chrome 49 update enabled some more ES6 stuff.
-
If anyone is having trouble accessing the test forum, it's because I'm uploading 9 hours of Dwarf Fortress video. It should be back to normal in about half an hour.
The Bad Ideas thread is ... or maybe I'm thinking of something else.
-
-
Well, so far, so good. I did hit a 503 at one point, any logs on that @ben_lubar? Don't have the exact timestamp, was within last hour I think, couldn't use main forums at the time to report.
-
OK, new posts and notifications are flying at me in real time now, thanks.
-
I have a log of a 503 response code at 07/Mar/2016:10:32:12 -0600
There's also a log of me rebooting the forum at Mon, 07 Mar 2016 16:31:32 GMT
-
Well, that would explain it, I guess.
Also, that's one weird way to log times.