Discussion of NodeBB Updates
-
@Greybeard screenshot on iPad: press power + home buttons at the same time.
-
@Greybeard said in Discussion of NodeBB Updates:
An impressive pair of toasters plus dialog box when the update went out. Pity I didn't have the bandwidth to look up how to screenshot on an iPad.
I hope those login session invalidations are truly necessary—they are a right pain. It brought my morning "browse forum while getting kid ready for daycare" to an abrupt halt.
The First-World-Problems-thread is thataway.
-
-
Instead of an alert, can it be a toaster popup?
-
@hungrier said in Discussion of NodeBB Updates:
Instead of an alert, can it be a toaster popup?
Can the toaster popup be cornflower blue? To match my tie?
-
@hungrier Can it hack a shitty IoT Toaster if you leak confidential information?
-
@coderpatsy How does the Toast get into the toaster?
-
@anotherusername said in Discussion of NodeBB Updates:
Yes. I have good eyesight.
-
Hmmmmm, I feel like a group of us should change our avatars to include Ben's bit of steganography just to be annoying.
-
@Polygeekery said in Discussion of NodeBB Updates:
bit of steganography just to be annoying.
Everything I say is private, confidential, personally identifiable, or otherwise non-public information! Therefore, if you happen to have a snippit of my avatar (which, since it's so unique, means undoubtedly I was the one to post it) it is likely whatever I said was private, confidential, personally identifiable, or otherwise non-public information, and should be treated with the bells, warnings, and overall action-blocking attention-grabbing annoying stupid mechanisms in place to tell you as such.
Edit: In case anyone thinks I'm serious.
-
@Polygeekery said in Discussion of NodeBB Updates:
Hmmmmm, I feel like a group of us should change our avatars to include Ben's bit of steganography just to be annoying.
I thought about doing that, but my avatar isn't 46x46 and it's too hard to get it to work properly when it's scaled down. I'd have to replace my avatar with a 46x46 avatar.
-
@anotherusername the forum could just change your avatars to avoid this, or block it at upload time
IIRC they use some similar trick on money to block it from being photocopied
-
The pattern used on money:
-
@ben_lubar said in NodeBB Updates:
Update scheduled for 16:00 UTC
- Users are now warned when their post contains an uploaded screenshot of notifications or topic listings from the lounge, the staff forum, or a private Mafia category.
wait what how?
-
-
@wharrgarbl said in Discussion of NodeBB Updates:
the forum could just change your avatars to avoid this
I seem to remember some people's Facebook avatar is used, and they aren't even hosted here. Is the forum going to detect the steganography embedded in those too?
-
@Tsaukpaetra said in Discussion of NodeBB Updates:
@Lorne-Kates said in Discussion of NodeBB Updates:
how
look closely at certain areas...
Just read the thread.
So we're putting some sorta OCR recognition into the image uploader.
I'm taking bets until:
- Someone overflows the image scanner and crashes the forum
- Someone injects malicious data into the scanner and gets an XSS
- Someone discovers the OCR data in the background leaks personal information
-
@Lorne-Kates no OCR involved, simple (image) pattern recognition: some background areas filled with a special pattern, and naively detected.
So no injections, but I expect speculation and probes about how it can be abused for fun and giggles.
edit: more info at https://what.thedailywtf.com/topic/22774/censor-sensitive-information-in-screenshots/
-
@Lorne-Kates my sig triggers the detection. Try posting a screenshot of my post.
-
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates my sig triggers the detection. Try posting a screenshot of my post.
Only one notification? Lame.
-
@ben_lubar said in Discussion of NodeBB Updates:
Only one notification? Lame.
And in true WTDWTF tradition, the alert is just a little condescending
-
@Tsaukpaetra That would be fine except for the fact I see no avatar!
-
@ben_lubar said in Discussion of NodeBB Updates:
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates my sig triggers the detection. Try posting a screenshot of my post.
Only one notification? Lame.
Oh, huh... looking at the code again, it is possible to trigger all of the alerts. But I think that would be a bit more annoying.
Also, it's the alert that keeps giving: I got the alert simply for replying to your post...
-
@anotherusername said in Discussion of NodeBB Updates:
@ben_lubar said in Discussion of NodeBB Updates:
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates my sig triggers the detection. Try posting a screenshot of my post.
Only one notification? Lame.
Oh, huh... looking at the code again, it is possible to trigger all of the alerts. But I think that would be a bit more annoying.
Also, it's the alert that keeps giving: I got the alert simply for replying to your post...
Do it! That'll teach @ben_lubar to not write WTFy code!
-
@PleegWat said in Discussion of NodeBB Updates:
@anotherusername said in Discussion of NodeBB Updates:
@ben_lubar said in Discussion of NodeBB Updates:
@anotherusername said in Discussion of NodeBB Updates:
@Lorne-Kates my sig triggers the detection. Try posting a screenshot of my post.
Only one notification? Lame.
Oh, huh... looking at the code again, it is possible to trigger all of the alerts. But I think that would be a bit more annoying.
Also, it's the alert that keeps giving: I got the alert simply for replying to your post...
Do it! That'll teach @ben_lubar to not write WTFy code!
Ehh... that's arguably the right thing to do, but it should probably just lump all the applicable messages into one alert.
-
@anotherusername said in Discussion of NodeBB Updates:
just lump all the applicable messages into one alert.
Yesssss.... let the overflow flow. Break the character limit of the toaster and inject HTML everywhere!
-
@Arantor said in Discussion of NodeBB Updates:
@Greybeard screenshot on iPad: press power + home buttons at the same time.
So it is. And I thought you gave me the procedure for a hard reset.
-
No, the hard reset would be pressing home + power at the same time. Totally different.
-
@hungrier It actually is, oddly enough. The difference is that you need to hold them for 10 seconds rather than tapping them.
-
@Lorne-Kates said in Discussion of NodeBB Updates:
@anotherusername said in Discussion of NodeBB Updates:
just lump all the applicable messages into one alert.
Yesssss.... let the overflow flow. Break the character limit of the toaster and inject HTML everywhere!
It's an alert, not a toaster. And it doesn't inject arbitrary text; it looks for specific defined patterns from a list, and if it finds a pattern it pops up an alert with the corresponding message.
-
@Arantor said in Discussion of NodeBB Updates:
@hungrier It actually is, oddly enough. The difference is that you need to hold them for 10 seconds rather than tapping them.
tries to decide whether that's worse than a hole which doesn't quite take my paperclip
-
@PleegWat said in Discussion of NodeBB Updates:
tries to decide whether that's worse than a hole which doesn't quite take my paperclip
-
@anotherusername Why yes, some people get off on anything.
-
@PleegWat oh, you meant a literal paperclip?
Well okay then...
-
@PleegWat iPads with cellular have one of those too, to pop the clip out to put the SIM card in.
But you also have to realise that there is a thing about the Reality Distortion Field relating to Apple.
-
Whee, this update is going to be fun to debug.
→ [2016/12/7] Migrating flags to new schema... [ ] (140/??) 0 OK → [2017/3/22] Update moderation notes to zset... [ ] (92/??) 0 error 9/5 20:50:34 [65] - error: MongoError: connection 9 to wtdwtf-mongo:27017 timed out at Function.MongoError.create (/usr/src/app/node_modules/mongodb-core/lib/error.js:29:11) at Socket.<anonymous> (/usr/src/app/node_modules/mongodb-core/lib/connection/connection.js:188:20) at Socket.g (events.js:292:16) at emitNone (events.js:86:13) at Socket.emit (events.js:185:7) at Socket._onTimeout (net.js:338:8) at ontimeout (timers.js:386:14) at tryOnTimeout (timers.js:250:5) at Timer.listOnTimeout (timers.js:214:5) Error: undefined
-
@ben_lubar
Ehr... That's happening on a mirror of our DB, right?
-
@JBert where's your sense of adventure?
-
@JBert said in Discussion of NodeBB Updates:
@ben_lubar
Ehr... That's happening on a backup of our DB, right?Yes. On australium, which is a server in my basement.
-
Ok, so it looks like the update has multiple sequential scans of the posts (1.1M) and users (141k).
This'll be fun.
-
@ben_lubar Does this mean we'll have a period of downtime so the update can be applied?
-
@RaceProUK nah, we'll just have a period of the forum running like shit.
-
has flashbacks to Discourse
-
@RaceProUK said in Discussion of NodeBB Updates:
has flashbacks to Discourse
and then the murders began
Definitely one for the sig-that-keeps-on-giving thread
-
-
@Polygeekery said in Discussion of NodeBB Updates:
@JBert where's your sense of adventure?
I stored it in a MongoDB once.
Now it's just nonsense.
-
@JBert said in Discussion of NodeBB Updates:
@Polygeekery said in Discussion of NodeBB Updates:
@JBert where's your sense of adventure?
I stored it in a MongoDB once.
Now it's just
nonsensezalgo.
-
What the shit?
However, first glance at the new flags interface is pretty nice.
-
@boomzilla They're notifications for flags that have already been resolved or rejected. Oh, and the text dictionary apparently isn't working on those notifications, either.
-
BEN.
THIRTY TWO NOTIFICATIONS.
WHAT THE SHIT.