Discussion of NodeBB Updates
-
@Rhywden Yo.
This is where I end up:
-
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Rhywden said in Discussion of NodeBB Updates:
up:
Wow. That's pretty darn far...
Actually, 'twas one of the smaller jumps. My record was 50.
-
@Rhywden said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Rhywden said in Discussion of NodeBB Updates:
up:
Wow. That's pretty darn far...
Actually, 'twas one of the smaller jumps. My record was 50.
It must have been @index posts up then... ;)
-
Did the forum just make a beep noise for anyone else?
-
@bb36e said in Discussion of NodeBB Updates:
Did the forum just make a beep noise for anyone else?
Welcome back! You might need to refresh, visit your settings page (which has a new notifications and sounds box) and hit save!
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@bb36e said in Discussion of NodeBB Updates:
Did the forum just make a beep noise for anyone else?
Welcome back! You might need to refresh, visit your settings page (which has a new notifications and sounds box) and hit save!
It actually doesn't, anymore, we just had a rollback.
-
@Rhywden said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@bb36e said in Discussion of NodeBB Updates:
Did the forum just make a beep noise for anyone else?
Welcome back! You might need to refresh, visit your settings page (which has a new notifications and sounds box) and hit save!
It actually doesn't, anymore, we just had a rollback.
ORLY?
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Rhywden said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@bb36e said in Discussion of NodeBB Updates:
Did the forum just make a beep noise for anyone else?
Welcome back! You might need to refresh, visit your settings page (which has a new notifications and sounds box) and hit save!
It actually doesn't, anymore, we just had a rollback.
ORLY?
That's not new :)
-
@Rhywden said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Rhywden said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@bb36e said in Discussion of NodeBB Updates:
Did the forum just make a beep noise for anyone else?
Welcome back! You might need to refresh, visit your settings page (which has a new notifications and sounds box) and hit save!
It actually doesn't, anymore, we just had a rollback.
ORLY?
That's not new :)
Wasn't my claim! :D :D :D
-
@ben_lubar said in Discussion of NodeBB Updates:
Rollback complete, and I even kept the emote.
Except I don't see
....did I do a bad? >.>
-
@Yamikuronue I don't see anything for either. Nothing in the autocomplete and no smilemojicon
-
@Yamikuronue no, there was a second rollback that worked after the first one. will come back next time we update.
-
@Yamikuronue said in Discussion of NodeBB Updates:
....did I do a bad? >.>
No. Poking around in the docker container,
wifom.svg
isn't in there. So...I guess @ben_lubar rolled back to the previous container we were using, not the version that has the new emoji.
-
from planet.qt.io
Published Tuesday August 30th, 2016
Last week we updated the Qt Forum to the latest version of NodeBB [...] as a bug that leaked user emails was found in the forum.linky http://blog.qt.io/blog/2016/08/30/new-forum-theme-and-security-notice/
ouch...
-
@cabrito said in Discussion of NodeBB Updates:
from planet.qt.io
Published Tuesday August 30th, 2016
Last week we updated the Qt Forum to the latest version of NodeBB [...] as a bug that leaked user emails was found in the forum.linky http://blog.qt.io/blog/2016/08/30/new-forum-theme-and-security-notice/
ouch...
From TFA:
As an example new feature we now have chat rooms instead of one-to-one chats on the forum. To create a room, you can start a chat, and from the chat window settings add other users. At least for the Forum regulars this is quite an improvement.
Which means they were on a version of NodeBB more than half a year old.
-
@ben_lubar thanks, that explains why nothing similar was visible in the last posts in our topic about nodeBB updates.
Maybe you should apply as admin for Qt forums ?
-
GOOD NEWS EVERYONE.jpg
I just tested NodeBB's latest changes locally and it's not 100% broken!
They added a new(?) 404 error tracker to the admin panel at some point, and there are 13036 hits for
/wp-login.php
. An admin will probably have to go in every so often and clear that out (there's a clear button with a confirmation prompt) if we want that page to show anything useful.Update at some point, but first I have to wade through these amazing commit messages and write up a description of what the update does (apart from not breaking everything): https://github.com/NodeBB/NodeBB/compare/6c8a34ae50ab02212ca43dad0e09e5bcc24518d1...c9c60ef8ed986c960a46ce0f5e49aa51bf51096d#diff-b9cfc7f2cdf78a7f4b91a753d10865a2
-
@ben_lubar said in Discussion of NodeBB Updates:
GOOD NEWS EVERYONE.jpg
The forum's fucked.
@ben_lubar said in Discussion of NodeBB Updates:
13036 hits for /wp-login.php
Insta-ban those IPs. Or at least if the IPs aren't anywhere else valid in the log and/or whitelisted.
For a website I maintain: when I took it over, it was on Droopy Paul. It was absolutely overrun by spam bots. Like, 100k+ users worth of them. Anyways, when I switched it, I noticed there were still a fuckton of hits to the Poop Paul user creation page and post-new-message pages. No legit user would ever hit that link. Ever. But there were still hundreds of requests per minute sucking up resources.
So I wrote a quick mock "drooppaul_login.php" page. All what's in there is "add this IP to a ban list". (Later I added code to whitelist verified crawlers).
About once a month I get a support email from someone who was false-positived by getting a dynamic IP that was banned. About once someone acknowledge they browse via a "VPN on a less than reputable throwaway host".
Junk traffic plummeted. The side sped up massively. Bandwidth was restored.
The moral: If someone is trying to access something no one should access, and only a bad actor would want to access-- they are a bad actor, and should be instantly banned.
-
@Lorne-Kates but then, what would happen if someone does this?
-
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates but then, what would happen if someone does this?
At least it's not like on Community Server (or the early days of Discourse) where you could embed the logout page as an image.
-
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates but then, what would happen if someone does this?
You ban the whole forum, as it should be.
There's ways to sanity check the ban before it occurs, fo-sure (check referrer, IPs with a history of posts, brand new IPs, etc).
It's not foolproof (or malicious proof), but as a one-fell-swoop deal, it might be good.
-
Ok, I know it came up a little before The Rollbackening, but cripes, the on-by-default nature of the sound notifications are annoying. Especially given that the drop down boxes on the profile page default to no sound selected, so it's pretty difficult to divine what needs to be done to disable them.
Was that ever escalated back upstream?
-
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
(by that I mean anus. A cactus up their anus. Their butt-region
-
@Lorne-Kates said in Discussion of NodeBB Updates:
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
Or, at the very very VERY least, have it default to "just don't unless asked about".
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Lorne-Kates said in Discussion of NodeBB Updates:
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
Or, at the very very VERY least, have it default to "just don't unless asked about".
LORNE'S RULE OF DESIGN NUMBER (I NEED TO SEE HOW MANY OF THESE I'VE CODIFIED + 1)
If you add an optional feature, you MUST default it's behavior to whatever the behavior was before the option was introduced.
-
@Lorne-Kates said in Discussion of NodeBB Updates:
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Lorne-Kates said in Discussion of NodeBB Updates:
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
Or, at the very very VERY least, have it default to "just don't unless asked about".
LORNE'S RULE OF DESIGN NUMBER (I NEED TO SEE HOW MANY OF THESE I'VE CODIFIED + 1)
If you add an optional feature, you MUST default it's behavior to whatever the behavior was before the option was introduced.
Sometimes the obvious just needs to be stated, just in case some idiot comes bumbling along that puts the concept of "there's no such thing as common sense" to heart.
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
Sometimes the obvious just needs to be stated, just in case some idiot comes bumbling along that puts the concept of "there's no such thing as common sense" to heart.
That's why I do what I do.
(That, and because there's a surplus of alive hookers)
-
@Lorne-Kates said in Discussion of NodeBB Updates:
(That, and because there's a surplus of alive hookers)
Well, if you ever find yourself too inundated, send one or two my way? It sounds a bit nicer than pizza, after all. I'd also like to eat something different, for a change...
-
@Lorne-Kates said in Discussion of NodeBB Updates:
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
(by that I mean anus. A cactus up their anus. Their butt-region
(wouldn't urethra be even more painful?
-
@aliceif said in Discussion of NodeBB Updates:
@Lorne-Kates said in Discussion of NodeBB Updates:
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Anyone who programs a site to emit notification sounds needs to have a cactus escalated back upstream.
(by that I mean anus. A cactus up their anus. Their butt-region
(wouldn't urethra be even more painful?
The word "urethra" isn't as fun to say as the word "butt".
-
@izzion said in Discussion of NodeBB Updates:
Was that ever escalated back upstream?
Yep, saw a post about it on meta.nodebb
-
-
@ben_lubar community.discourse
-
@ben_lubar said in Discussion of NodeBB Updates:
there are 13036 hits for /wp-login.php.
You should put the latest 0-day exploits on that URL.
-
@FrostCat said in Discussion of NodeBB Updates:
@ben_lubar said in Discussion of NodeBB Updates:
there are 13036 hits for /wp-login.php.
You should put the latest 0-day exploits on that URL.
-
@ben_lubar said in Discussion of NodeBB Updates:
@sloosecannon said in Discussion of NodeBB Updates:
meta.nodebb
don't compare NodeBB to Discourse!
It's hard when they're trying SO HARD to replicate the wtf-levels of Discourse bugs.
-
@Lorne-Kates said in Discussion of NodeBB Updates:
If you add an optional feature, you MUST default it's behavior to whatever the behavior was before the option was introduced.
But how will people know about my wonderful new feature if I don't enable it for them?
-
@ben_lubar said in Discussion of NodeBB Updates:
@sloosecannon said in Discussion of NodeBB Updates:
meta.nodebb
don't compare NodeBB to Discourse!
I do, Discourse was better
-
@Lorne-Kates said in Discussion of NodeBB Updates:
LORNE'S RULE OF DESIGN NUMBER (I NEED TO SEE HOW MANY OF THESE I'VE CODIFIED + 1)
there is an automatic counter, just type
@
index
-
Hey, @ben_lubar, I made some (styling) updates to the youtube plugin, but I don't remember how to push those into the tdwtf repo.
-
@boomzilla done.
-
@julianlam said in Discussion of NodeBB Updates:
If we wanted to extend this to the client side, then we would need to run the LESS pre-compilation for every single Bootswatch skin, and serve the proper one based on user skin selection (yikes).
Why not just use CSS Custom Properties (aka Variables)? Support is pretty good (they're even under development for Edge) and while it's not perfect (it won't work on Firefox 22, for example) it does get you a good part of the way there for (almost) free.
-
@svieira Go one step crazier and run LESS directly in the browser
-
-
@Lorne-Kates
overflow-x: scroll;
-
@boomzilla I saw that in my testing but figured it was less important than the bugs the update fixed.
-
@ben_lubar You know...I saw that when I was doing the image stuff but didn't dig into it.
fuckity fuck: https://github.com/NodeBB/nodebb-plugin-composer-default/commit/12668aeaab7fbd0bd92327dbc7212e3cc8d932b7
-
@Lorne-Kates said in Discussion of NodeBB Updates:
GXszGlDeVdtLWA5q2YiMP26ed21nLGx1l4GWiAEDh7U=
????
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Lorne-Kates said in Discussion of NodeBB Updates:
GXszGlDeVdtLWA5q2YiMP26ed21nLGx1l4GWiAEDh7U=
????
Blowfish/cbc
key: ff22