Well that's good. It'd be pretty embarrassing if it showed you had -2,147,483,647 Mbps download speed.
Best posts made by julianlam
-
RE: Apparently I have good internet now
-
RE: :wtf: How can this be so wrong??? (AKA the Discopocalypse thread)
@tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@julianlam tell me that there's no such thing as "unable to delete user" in NodeBB...
Can't see the linked post, but from what I can gather from the replies here, I don't think NodeBB has the same issue. If you delete a user all the posts go along with it.
However, we also implemented this crazy idea where you can delete a user but also keep the posts. They're just orphaned, and considered posted by "guests"... kind of like GitHub's "ghost" user.
-
RE: How do I deal with people who throw away my work?
@The_Quiet_One outlines a set of best practices that we'd be wise to follow.
At NodeBB, we don't really tend to make wholesale changes to the entire codebase anymore. Some ambitious pull requests try, but then they conflict out in a matter of minutes, which really sucks for the author.
Internally, we try our best to ping each other when working on large refactors.
Hey, is anybody working on flags pages in core? I'm about to start making a lot of changes that might conflict
Serves a dual purpose:
- If someone has already started making changes to flags, they can shout out "yes, can you hold off for X hours while I wrap up?", and the other dev does something else for a bit. There are very few reasons for a developer to have to get his changes in ASAP.
- If someone is intending to make a change, albeit a small one, it's more courteous to wait for the large change to land and then merge your change in, as opposed to the other way around.
@Shoreline If you're running into repeated situations where your code is overwritten due to a bad merge, then it is indicative of a problem with the other developers not resolving merge conflicts properly. Education is the solution here.
... either that, or maybe they need more sleep. There was a week awhile back where I made successive bad merges over and over again, re-introducing bugs left, right, and center. Being aware of that and self-selecting the problem out is important too (in my case, I logged off and made sure to sleep more... after reverting my bad merges, of course)
-
RE: NodeBBBLINK
@tsaukpaetra said in NodeBBBLINK:
murdered it instead?
Guys did I stumble on some secret police interface for catching pedophiles? There's stuff here about demons and exceptions and terminating children!!!!!
-
Last year you had the red boob
Of course,
vertical-align
is giving me issues, so on Chromium, it looks like this: -
Whose responsibility is it to mitigate homograph attacks?
@sockpuppet7 said in that bitcoin thread:
@timebandit "Hackers used a homograph attack by registering a domain identical to binance.com, but spelled with Latin-lookalike Unicode characters. More particularly, hackers registered the bịnạnce.com domain —notice the tiny dots under the "i" and "a" characters."
Stupid Unicode has to infect everything
Later, @anotherusername said in that same thread:
No, they registered xn--bnnce-k11b2l.com.
Maybe the users who clicked on the link should've paid more attention to where they ended up.
I've received three emails from self-proclaimed "security researchers" with poor English, that NodeBB is vulnerable to homograph attacks. They all use ebay.com as the example, or more specifically, the un-punycoded
http://xn--eby-7cd.com/
, which sort of suggests that they're really just running my site against some automated checker and it spat out this vulnerability.Now, browsers (at least, Google and Mozilla?) actually handle this. If you hover over http://ebаy.com/, the punycode will show up in the browser status bar (and if you click it, the address bar as well), so I marked them all invalid.
However, am I right to rely on the user browser to protect the user? Namely -- users themselves have to check the url and see whether they're still on the right site, and so trusting the user to protect themselves is not exactly the best line of defense.
Should NodeBB be checking the user input to show punycode?
-
RE: How did you start hating opensource?
@ChrisH said in How did you start hating opensource?:
Also I hate OSS developers who justify their crappy, unfinished, bug-infested, works-for-me softwarez with the fact that they didn't get money for it. FUCK YOU.
@ChrisH didn't pay me a dime for NodeBB, therefore I can leave in as many bugs as I want. QED.
-
RE: NPM 5.7 recursively changing ownership of system directories when using sudo npm -g
@blakeyrat said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@julianlam said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Despite his negative attitude, I do feel for him.
You shouldn't. He broke a unknown number (but at last 4) of systems with this shitty, shoddy code that was never tested. The annoyance created to the owners of those systems is not somehow less important than the annoyance created to the developer.
The only lesson here is: don't release untested broken shit. But, of course, it's all OPEN SOURCEY to never test anything! RELEASE EARLY RELEASE OFTEN RELEASE BROKEN WHO CARES ABOUT USERS BREAK THEIR SHIT ALL THE TIME BROKEN BROKEN BROKEN!
Ugh. Should have went to barber school.
I mean on a personal level. On a professional level, of course, he deserves to be taken to task for something like this. I'm just saying I empathise with the fact that he's probably not having a very good day right now.
My empathy has limits though... if the devs don't roll this back and he instead spends the rest of the day arguing on Twitter, I take it back.
(People on Reddit are pointing out that he's not an npm dev, so perhaps some of our anger is misdirected)
-
RE: What do they talk about at the dealership sales manager's office anyway...
@Gribnit said in What do they talk about at the dealership sales manager's office anyway...:
@dangeRuss said in What do they talk about at the dealership sales manager's office anyway...:
@Gribnit said in What do they talk about at the dealership sales manager's office anyway...:
@dangeRuss said in What do they talk about at the dealership sales manager's office anyway...:
shortage of graphic cards
definitely a thing that affects automotive production. Are you Alex, drunk, wearing a pussy hat?
Graphic cards need chips, cars need chips.
they're not the same chips
If the speed of the infotainment system is any indication, they're probably the same chips they put in smart TVs
-
RE: A fool and his not-really-money are soon parted
@izzion The company's a week old? Man, am I in the wrong industry.
-
RE: So I tried Go the other day
@anonymous234 said in So I tried Go the other day:
I hate the "global variables are bad" meme. Global variables store global state. Global state is a thing that most programs, by necessity, have.
Fun fact: when I started working on NodeBB one of the first commits I made was to use the sessions handling code provided by express. I didn't really know what I was doing, so I saved the active UID as a global
That made for some fun times until I realised global really meant global.
-
RE: Discussion of NodeBB Updates
@anonymous234 said in Discussion of NodeBB Updates:
@julianlam said in Discussion of NodeBB Updates:
The red boob conundrum is still being bounced around internally...
Can't you at least change the symbol to "" ? It's the closest thing to "minimize" in my head.
That's a good one, I like it.
Certainly better than the minimize icon in font awesome, which looks like a fat hairy dash.
No offense meant to any fat hairy dashes.
-
RE: Cannot paste image into chat
@RaceProUK Perhaps we can rip out the chat backend altogether, and instead, when you start a new chat, it just creates a hidden topic somewhere.
Code reuse!
-
RE: On Jellypotato...
Will push more tweaks to the logic (actually a simplification, rather than throwing more code at this problem) tonight.
I forgot to push this morning from home
-
RE: The Official Status Thread
Status: Fuck this apartment I'm in, for being 30°C+ indoors even though it's 4°C outside... and fuck the positive pressure of the hallway ventilation, for opening a window does nothing and instead sucks the hot air in my apartment outside, so it can be replaced with even hotter air from the hallway.
-
RE: A fool and his not-really-money are soon parted
So you're saying there's a theoretical lower bound and upper bound where you're valued highly enough to give a shit, but not so much that you stop giving a shit?
brb, founding a new political ideology.
-
RE: :wtf: How can this be so wrong??? (AKA the Discopocalypse thread)
I liked
ON DELETE CASCADE
back when I was slingin' PHP... it just made sense... although I probably couldn't say the same for the people who came after me.If you don't know what the key relationships are, then deletion cascades are a lot of fun /s.
-
RE: An invalid or illegal string was specified
Fixed the use of
.includes
, but if you want it, you're gonna have to run latestmaster
... or you could just apply this patch by hand:
From 5302e79b564f057105be467f885e0018b0605c58 Mon Sep 17 00:00:00 2001 From: Julian Lam <julian@nodebb.org> Date: Fri, 26 Jan 2018 13:22:28 -0500 Subject: [PATCH] fixing accidental usage of .includes @benlubar --- public/src/utils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/src/utils.js b/public/src/utils.js index 2fcdfa8..d921573 100644 --- a/public/src/utils.js +++ b/public/src/utils.js @@ -550,7 +550,7 @@ value = value ? value.split(' ') : []; ['noopener', 'noreferrer'].forEach(function (property) { - if (!value.includes(property)) { + if (value.indexOf(property) === -1) { value.push(property); } }); -- 2.7.4
-
RE: FlightAware starts using :disco: :horse: Sadness ensues
Yes, there are HTML sanitization libraries, and we shouldn't shy away from features simply because they're hard, I get that. Let me be clear, I've been defending my use of Markdown for 5 years now, and each time the arguments get weaker and weaker because my list of excuses gets shorter. That's a good thing.
The unfortunate reality is that there's a tradeoff: We either build a platform that can be easily extended (plugins can easily change raw markdown, or can change html content, depending on where it is loaded in relation to the markdown plugin), or one that in my humble opinion, makes development more difficult because you are forced to write regular expressions to parse HTML. I won't say I've been around the block as long as a whole bunch of you have (I bet), but I've done my fair share of HTML parsing and I don't want to do it again, nor do I want to maintain a system that forces people to have to do it. Does that make sense?
Out of curiosity, I looked up how to write a table in BBCode:
[table] [tr] [th][/th] [th][/th] [th][/th] [/tr] [tr] [td][/td] [td][/td] [td][/td] [/tr] [tr] [td][/td] [td][/td] [td][/td] [/tr] [/table]
That's no better than HTML. I don't expect someone unfamiliar with HTML to understand the logic to write that out (even if it is just replacing
<
with[
and>
with]
).That said, writing tables in Markdown blows too, so maybe that'll just be another problem we side step because it is too hard.
Did I trigger @blakeyrat yet?
-
RE: The most popular OS in the world
TFA said:
That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.
Why on this green Earth is there a web server in a hidden part of my CPU? WHY?
The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.
... just... no. Step away from the tinfoil hat.
-
RE: Google wants to make e-mail more "interactive" - what could possibley go wrong?
Don't forget features that exist purely for backwards compatibility purposes!
Did you know that if you
<input type="text" id="derp" />
,derp
becomes a global variable? Because raisins? -
RE: NPM 5.7 recursively changing ownership of system directories when using sudo npm -g
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Did they ever unpublish / roll back the thing?
I believe under npm's own rules, you can't
npm unpublish
after 24 hours.Of course, personally, the minute they introduced the business logic to limit
unpublish
to 24 hours, the command itself stopped working for me. Now even if I publish something and try to unpublish seconds later, I'll get a 403.I think maybe I figured out why they couldn't unpublish npm v5.7.0, because unpublishing just doesn't work :face_with_stuck-out_tongue:
-
RE: The Official Status Thread
@anonymous234 said in The Official Status Thread:
Game on Steam: 10€
I recently bought Age of Empires II's Rise of the Rajas expansion pack, and was surprised when the steam client didn't do any downloading or syncing of files after I bought it. When I ran the game, all the new content was immediately available.
I feel a tad gipped... I think I just paid $8 for a bit to be flipped.
-
RE: Where’s all my CPU and memory gone? The answer: Slack
@blakeyrat My brother went to a convention and bought a Voodoo3... I believe it melted under it's own power.
-
RE: Speaking of the forum freezing the browser, uploading an image does it too!
@alexmedia said in Speaking of the forum freezing the browser, uploading an image does it too!:
Slightly offtopic, but why is the filesystem path in the JSON returned by Node ?
-
RE: Discussion of NodeBB Updates
The red boob conundrum is still being bounced around internally... We also don't call it a red boob, I think our designer (who happens to be of the fairer sex) probably wouldn't appreciate it.
For now we added minimize to the chat and stopped the taskbar from showing up on chats and composers.
Filed under: Name suggestions welcome
-
RE: ‘Next Gen’ Ubuntu Installer - ELECTRON
- AppData\Roaming - it's for those program files that should move along with user from computer to computer, so config files, user keys etc., but not binaries (if I remember MS guidelines correctly)
That's nice, I'm worried about roaming charges though, so I'll pass.
-
RE: My web app died from performance bankruptcy
The one where any deviation from the norm is left as an exercise for the reader.
-
RE: The dots in Gmail addresses
Wait, so this guy finds a way a feature can be exploited...
Calls them out on it on his blog...
Explains why it can be exploited and can be considered bad practice...
Then provides a perfectly serviceable solution to this problem that isn't "stop allowing dot-insensitivity"?
Well done.
-
RE: [Fixed] Unable to login - CSRF invalid
I've been told I don't get enough fiber, so things aren't SPDY enough down south.
-
RE: Where did the giant punctuation go?
@hungrier said in Where did the giant punctuation go?:
Preview says no, looks like it doesn't. One step forward, two steps back with these updates
Such is progress... you can't improve without breaking a few things, but so long as we're trending upwards (or downwards, if your metric is bug count), then I'm happy. There may be a couple regressions with the new plugin-emoji (rewritten to replace emoji-extended), but this tends to happen when rewrites occur.
Paging @blakeyrat to tell me I'm a horrible person for not striving for absolute perfection.
-
RE: Discussion of NodeBB Updates
@polygeekery said in Discussion of NodeBB Updates:
@julianlam do it is all @ben_lubar's fault? I can believe that.
Turns out it was my fault
-
RE: Backslash escapes stars in posts, but not in PMs
Definitely unintentional. Post parsing and chat parsing should be identical, and my wild ass-theory is that chats have additional sanitization and protections built in because chat messages didn't used to be parsed like posts.
A great deal of it (if not all of it) can probably be removed now.
-
RE: Does anybody actually use this site on mobile :fire:
@pie_flavor Sorry, I seem to have tagged your Canuck cousin back there...
-
RE: Blakeyrat pointing out NodeBB problems
@darkmatter The notifications grouping was a fairly recent addition, so it's... a little rough around the edges. Sorry
Bugs filed against that would help... and hey, you guys will like this... I never tested the notification grouping on upvotes past 3... now you have 6 upvotes?
But yeah... the "so and so have upvoted your post" should be grouping on a per post level.. so you could have two posts inside this @blakeyrat topic that have been upvoted by separate people, and it is supposed to correctly show this:
- A and B have upvoted your post in Belgium (
onclick
goes totopics/123/belgium/6
) - B, C, and two others have upvoted your post in Belgium (
onclick
goes totopics/123/belgium/8
)
Obviously, it's a notification that sure seems like it ought to be collapsed, but they actually point to different posts...
Open to ideas on how to improve the UX for that particular problem too.
- A and B have upvoted your post in Belgium (
-
RE: :fa_bullhorn: The sound of AN ANNOUNCEMENT BEING MADE (or: Request for Comments: Comments)
well, that's certainly a first
Setting posts per page to an arbitrarily high limit is just asking for it, in my opinion...
-
RE: Discussion of NodeBB Updates
@lorne-kates I don't live in Toronto, goodness, forum software doesn't pay that well.
I live in Burlington.
-
RE: Discourse envy, anyone?
@ben_lubar Why just for updates?... and why just for Discourse?
Having an impartial third party maintain a site for all the new forums (us, discourse, flarum, etc) would keep us accountable and gaming the scaling process
Just record the average page load per day (tested once an hour maybe), and payload size of the main minified js file, and save historical data
Add some nice graphs and baby you've got a stew goin'
-
RE: CTRL+Z/undo in composer does not undo image data paste
Don't worry, I'm sure you'll get enough material out of my half-baked fixes anyhow.
Filed Under: Don't mix bold and italics, people.
-
RE: Discussion of NodeBB Updates
@blakeyrat I was referring to the header bar menu changes, which have been running fine for awhile.
The underscore and identifier issue was pushed late and didn't follow our rule of not pushing important changes in during a code freeze. I made the mistake, and I'll own up to it. It was a bad solution to a problem that was fixed much easier after the fact, and I'm sorry you guys were bitten by it. It shouldn't have been released with 1.7.2.
-
RE: Why are we not rolling back?
@izzion said in Why are we not rolling back?:
@DCoder
Ah. I blame javascript for my inability to read javascript code.Where's your sense of adventure
-
RE: Fuck!, or kt_ pointing out what's broken about this community
@MathNerdCNU I spent far too long waiting for that gif to loop.
-
RE: I converted NodeBB to use a PostgreSQL database. AMA.
@blakeyrat I'm glad to hear that your opinion of MongoDB has changed over the years. Almost gives me hope that one day you'll like NodeBB too.
-
RE: Discussion of NodeBB Updates
@ben_lubar said in Discussion of NodeBB Updates:
When it gets released, please add a database upgrade script so I can remove the plugin and not have two competing post diff systems.
But there's nothing to upgrade... did you want me to add one just for you?
module.exports = { name: 'Ben Lubar, you should disable your likely-superior post diffs plugin now', timestamp: Date.UTC(2018, 1, 20), method: function (callback) { console.log('fa-spin'); setImmediate(null, callback); }, };
-
RE: Discussion of NodeBB Updates
@zecc without... but if you do, they might respond to you in French... or you can be uncultured and pronounce the T like the rest of us anglophones. (Mon-tree-y'all)
@Lorne-Kates Pacific Mall parking is fun... the spots are narrower, so it's hard mode...
-
RE: My web app died from performance bankruptcy
Can we get back on topic now? I want to talk more about Chrome and passive event handlers.
Just kidding
-
RE: Paste Jacking
@PJH said in Paste Jacking:
@julianlam said in Paste Jacking:
There are still people piping curl to bash!
TRWTF is that later that hour I admitted to piping curl to bash to install nvm.
-
RE: The Official Status Thread
Status: This past weekend I installed two 2GB 800 MHz DDR2 memory sticks into my home theatre PC. I actually had to buy them from Amazon, my junk box only had DDR3 sticks
I can alt-tab without the computer spazzing out now! :smiling_face_with_open_mouth: