:fa_bullhorn: The sound of AN ANNOUNCEMENT BEING MADE (or: Request for Comments: Comments)
-
Mine should be "maintaining a turd"
-
Ok, so as an added bonus for NodeBB, the permissions system works like this:
And you can give users ownership of groups without giving them admin. So, for example, the Mafia category could have a subcategory for the current active game that restricts posting to the living players.
Also, for some reason instead of making a group for global moderators the importer plugin sets them as moderators of every category individually. The permissions have to be re-added manually after the import anyway, but ugh.
I had to do the category colors for that screenshot manually, but I submitted a pull request that will fix that. The icons are still manual, but that's because Discourse's category icons are arbitrary images that are restricted to FontAwesome glyphs. Also, none of the posts from Discourse have an IP address associated with them, but Community Server posts do. I guess the flip-side is that Community Server doesn't keep last edit times anywhere, but a post that was made 10 years ago being edited 9.7 years ago doesn't really mean anything, so whatever.
By the way, the permissions system means a few interesting things - we can give guests posting privileges, or make a category invisible but still accessible, or have a real One Post category where only admins can reply. You can only grant permissions, though, so there's no way to deny topic starting to people in Belgium without making a "people who are not in Belgium" group.
The importer makes trust_level_{0..4} into groups, but there's no way to mark a group as "don't display this by default" in the importer. So that sucks.
Is this post long enough yet?
-
none of the posts from Discourse have an IP address associated with them
wat
Seriously, wat? I know Duscosaurus does so many fucktardidly tardish things on the front end-- and backend-- and on the server, and client, and in the database, and architecture, and how it is installed, maintained, upgraded and distributed--- but not recording the IP that a post was made from? FFS, I'm pretty sure the very first release of the very first forum ever to hit the World Wide Web recorded the IP address of posts made.
-
Well, to be fair, they do record your IP address when you post. It's just that they only store one copy of "latest IP address" per user.
Now, if you want to talk about storing the number of milliseconds you viewed a post, they're experts on that.
-
Now, if you want to talk about storing the number of milliseconds you viewed a post, they're experts on that.
Hmmm...
while(1) { foreach(DiscourseThread as t) { DoHTTP_Post("https://forums.thedailywtf.com/DiscourseSomeoneIsReadingThreadAPI", t.DiscourseThreadID, LorneUserID); } }
Do I get a badge for reading every single thread, forever?
-
@accalia did that once. I'm pretty sure she wouldn't recommend it.
-
https://what.thedailywtf.com/t/foxpro-is-ten-times-faster-than-mssql/54494/11?u=ben_lubar
What should I do about BBCode like
[quote]
?
-
[quote="ben_lubar, post:307, topic:54231"]
What should I do about BBCode like?
Option 1: Fick it and leave it
- Pro: Easy
- Con: Ugly
Option 2: Fuck it and strip it out - Pro: Looks pretty
- Con: Loses context, Hard to parse correctly
Option 3: Fuck it and convert (Prefix>
to lines) - Pro: Keeps context
- Con: Hard to parse correctly, Quotes lose "who is speaking" context
Option 4: Fuck it with a purple dildo - Pro: can be sold for money on the specialty fetish market
- Con: Ewww.........
-
If it's possible to fix it, please do so :)
-
Am i missing something ?
Unless it's hard/impossible i'd vastly prefer doing the right thing - being converting it to a node bb quote.
AccaliasOption 3: Fuck it and convert (Prefix > to lines)* Pro: Keeps context* Con: Hard to parse correctly, Quotes lose "who is speaking" context
Could also be viable, i don't care for pretty, just stick OP's name in the start of the quote.
-
Here's what the NodeBB quote button produces:
-
So we'll have to do without the post reference? I'll probably miss that feature, but if node bb doesn't do that, there isn't much we can do. Looks reasonable otherwise.
-
-
-
Have I mentioned lately how much it sucks that we're going from Markdown to more Markdown?
Who the FUCK decided that Markdown was this great and awesome thing, and how do I find their house so I can murder them for the good of computer users everywhere?
You know what I'd like to see, but never will because it doesn't exist? Some objectively measured evidence that Markdown is superior to, say, BBCode in LITERALLY ANY WAY AT ALL.
-
Some objectively measured evidence that Markdown is superior to, say, BBCode in LITERALLY ANY WAY AT ALL.
Markdown was originally intended to be an extremely lightweight way of turning human readable text documents (mostly notes, letter, and extremely simple blog posts) into simple, presentable, HTML documents. It is optimized, intentionally or otherwise, for the original author's somewhat esoteric textual notation. For this purpose Markdown is far superior to BBCode
BBCode was, and is, a markup notation for Bulletin Boards(the hint in in the title) and has a long history of service for that purpose. BBCode is FANTASTIC for what is designed for.
Outside these two designed realms, both BBCode and Markdown suffer in the extreme, although Markdown suffers more so as it is underspecified (it was a very informal spec from the beginning), and now suffers from multiple implementations, many of which produce different results when fed the same input text.
so there you go, there's ONE situation where Markdown is better than BBCode, the one it was designed for. Outside of that? depends on how you're using it. the closer you are to the original intention the better you'll do.
-
BBCode was, and is, a markup notation for Bulletin Boards
Why can't we just use HTML? That's supported with the setup in the Google doc I posted. Is it really that much better to use
[b]
to mean bold instead of<b>
? Plus, the only way to escape BBCode is to use HTML.
-
Why can't we just use HTML?
couple of reasons.
[
and]
are easier to type on en-US keyboard layouts than<
and>
- Allowing arbitrary HTML is insecure (see Signature Guy on community server, or jsF**K)
This insecurity can be mitigated but not elimiated if HTML is allowed. BBCode suffers no such insecurity - BBCode is easier to parse than HTML and so is easier for the server to convert into the display layer. This is less important than it used to be due to the improvements in processor power in the last five to ten years, but was a major design condireration when BBCode was first developed
-
[ and ] are easier to type on en-US keyboard layouts than < and >
On many other layouts, it's exactly the other way around.
-
yes, but en-US is the layout that the developers of BBCode had in front of them, and it's an unfortunate trend of monolingual developers, particularly those in a mainly monolingual country, to ignore the existence of other languages/keyboard layouts.
-
BBCode suffers no such insecurity
Actually, BBCode is exactly as difficult to get right as HTML.
-
Actually, BBCode is exactly as difficult to get right as HTML.
[red_herring.img]
unless you can show me a counter example, those are not XSS vunerabilities in bbcode, rather they are failures to properly escape user input, which in these cases allowed "BBCode" to inclide a regular HTML
<script>
tag,I'll give you the remote code execution one, that's a henious bug to be sure, but then it is PHP.
-
So it's apparently a bug in HTML when a forum doesn't escape user input properly, then?
-
So it's apparently a bug in HTML when a forum doesn't escape user input properly, then?
it's a bug in the forum software for not properly escaping.
or possibly in the BBCode implementation used by the forum, it is not a bug in the BBCode spec. as the BBCode spec does not allow
<script>
tags
-
Anyway, today's updates:
- Fixed avatars being pulled from the wrong table. Because Discourse has a user_avatars table that is absolutely fucking useless.
- Fixed a syntax error in the redirection plugin. Because apparently syntax errors don't stop things from running in NodeJS.
- Added user_avatars to the redirection plugin.
I'm not going to do another import with just the Discourse data because I have a meeting tomorrow and hopefully I can add the CS data as well.
-
Do we plan to do anything to fix the broken links where people used avatars as emoji?
-
Do we plan to do anything to fix the broken links where people used avatars as emoji?
should be easy enough to do.....
/user_avatar/what.thedailywtf.com/{username}/{numbers}/{something}.png redirects to {username}'s avatar
-
I literally just said I did that.
-
Anyway, today's updates:
- Community Server redirects:
/user/Profile.aspx?UserID=10543
/user/boomzilla
/forums/26.aspx
/category/14/funny-stuff
/forums/t/7593.aspx
/topic/5558/why-is-everybody-so-clueless-on-the-importance-of-desktop-search-to-the-masses
/forums/p/7593/141428.aspx
/topic/5558/why-is-everybody-so-clueless-on-the-importance-of-desktop-search-to-the-masses/13
/users/avatar.aspx?userid=8051&lastmodified=635144879079003906
(PJH's current avatar)
- Community Server redirects:
-
Is there any plan for handling all the weird shit we've done (HTML /md5)?
-
-
Hmm... There's no way I'm doing the MD5 stuff. Let me check HTML.
LGTM
-
BBCode suffers no such insecurity
I used to use the vulns in the TDWTF front page's implementation's BBCode handling to allow me to use arbitrary CSS. I never bothered with anything like fa-spin, but it was nice to be able to do all sorts of effects. (Never bothered on the Community Server side; that was just grossly insecure and no fun to hack.)
Guess which element was insecure…
-
I remember the community server censor list having a bunch of variations of javascript followed by a colon in it.
Also I remember the ability to post an image that logs out the user that views it.
Also I remember that one thread with the giant red and blue rectangle.
-
-
color
, right?
-
-
-
-
I have yet to see it. I'm not looking too hard, but MailChimp's is garbage, MeetUp.com's is a fuckpile. And those are basically the two websites with WYSIWYG I use.
I maintain a few Umbraco sites, and the WYSIWYG editor they use in the backoffice is pretty decent. I believe it's TinyMCE. We've used CKeditor in the past, and TinyMCE seems like a large improvement. I've not encountered any issues that I haven't been able to fix with configuration, and it plays nicely with all the browsers we've used it on.
I'm not saying it's prefect, but it is fit for purpose for us, and it doesn't suck.
-
I should design a captcha where users have to successfully play dwarf fortress for 5 minutes.
So, you want to make your site impossible to comment on?
-
-
22/2 21:44 [27] - warn: skipping posts from Community Server category #22: CodeSOD Editors
22/2 21:44 [27] - warn: skipping posts from Community Server category #23: OMG News & Updates
22/2 21:44 [27] - warn: skipping posts from Community Server category #24: Contest Discussion
22/2 21:44 [27] - warn: skipping posts from Community Server category #25: Entry Comments
22/2 21:44 [27] - warn: skipping posts from Community Server category #27: Questions closed elsewhere
22/2 21:44 [27] - warn: skipping posts from Community Server category #28: OMGWTF2 Contest DiscussionIs this okay with everybody? If not, the easiest way to fix it would be to create categories with the same names as the ones we want to keep and just set them to be invisible until the import.
/cc @boomzilla, @PJH, @abarker, @Yamikuronue, @aliceif
-
uuuh... yes?
-
Sorry, I just wanted to try out the new @mods thing.
-
Cool :)
I was all, why am I being asked, I have like, no clue what's in any of that.
-
Nah, it's entirely possible to play for 5 minutes.
Now, to accomplish anything... well...
-
@blakeyrat still has a mirror up, but it'd be neat to have it all in node bb.
-
The idea of the migration including Community Server was that it would take our forum count from 3 down to 1.
-
Hence my subtle arguing for doing it right the first time ;-)