Site suggestions, the future and other stuff

Started by Qube, June 12, 2017, 01:40:18

Previous topic - Next topic

Henri

Hi,

not sure if this is something that can be revised, but it might be good to have a select-link on marked code block:


Print "Select me"


Code (blitzmax) Select

Print "select me"

'Comment

Rem
Comment block
EndRem


Also, Rem-blocks are not marked up properly.

-Henri
- Got 01100011 problems, but the bit ain't 00000001

Rick Nasher

@Qube
QuoteI will look into this before the weekend. If no new emoji's have popped up before the new year then please remind me :)
No biggy, just adds to the, well overall atmosphere? But if tricky to do then no prio.
_______________________________________
B3D + physics + shaders + X-platform = AGK!
:D ..ALIENBREED *LIVES* (thanks to Qube).. :D
_______________________________________

round157

Hi, Qube,

Thanks for your kind help. I notice that the name of the Blitz2D/3D sub-forum was changed to the new name.

This forum is becoming a very perfect forum. I believe that this forum will be famous worldwide under your effective and successful managament.

Thanks again!


Steve Elliott

#183
I agree, Qube is a very sensible guy...So it's a very smooth transition to come here - so invite others!   :)
Win11 64Gb 12th Gen Intel i9 12900K 3.2Ghz Nvidia RTX 3070Ti 8Gb
Win11 16Gb 12th Gen Intel i5 12450H 2Ghz Nvidia RTX 2050 8Gb
Win11  Pro 8Gb Celeron Intel UHD Graphics 600
Win10/Linux Mint 16Gb 4th Gen Intel i5 4570 3.2GHz, Nvidia GeForce GTX 1050 2Gb
macOS 32Gb Apple M2Max
pi5 8Gb
Spectrum Next 2Mb

Qube

QuoteI thought Gesih and highlightjs auto-detect languages if none is provided
Not on the plugin provided for SMF. The standard code tag doesn't auto recognise languages.

QuoteThe main culprit is that {code=BlitzMax}...{/code} has to be known to users.
This is true but there is a guide on this - The more I think about all this the more I'm aiming at writing our own forum software. It's a big task and something that I'd need to be able to allow time for. While I like the SMF forum there are many things I'd like to add the these forums whereby it'd be quicker in the long term to code my own forum as apposed to learning all the ins and outs of SMF.

Quote@ Colors
https://highlightjs.org/static/demo/
They offer 80+ styles which seem pretty consistent in itself.
Looks like a decent system and any code highlighting function I'd prefer not to have to manually configure each one. Perhaps when the time comes a member(s) of the community can handle that task?

Quotenot sure if this is something that can be revised, but it might be good to have a select-link on marked code block:
I did have a quick look about adding a "select" link to the geshi output but numerous attempts didn't work. Geshi is quite a big beast and a lot of it seems to override itself as changes you'd expect to be global just get ignored. Not quite sure if it's Geshi itself or the way it's integrated with SMF. Another reason to code our own forum software as then we'd have full control and functional upgradability.

QuoteNo biggy, just adds to the, well overall atmosphere? But if tricky to do then no prio.
I agree, the smilies need a little love. I'll aim to get some new ones added over the coming days.

QuoteThanks for your kind help. I notice that the name of the Blitz2D/3D sub-forum was changed to the new name.
Easy change to make it more obvious. Thanks for the recommendation :)

Quoteso invite others!
Absolutely, invite others :) - We're very scalable. What ever needs to be done, will be done ;D
Mac Studio M1 Max ( 10 core CPU - 24 core GPU ), 32GB LPDDR5, 512GB SSD,
Beelink SER7 Mini Gaming PC, Ryzen 7 7840HS 8-Core 16-Thread 5.1GHz Processor, 32G DDR5 RAM 1T PCIe 4.0 SSD
MSI MEG 342C 34" QD-OLED Monitor

Until the next time.

MikeHart

@qube: That is what i am doing atm for our move of CX. Writing my own forum/portal piece. I was fed up with how bloated and over complicated every other solution is. You only reach 80-90% and then hit a road block.

Derron

#186
Non-bloated (and maybe updated somewhen ....) fluxbb.org.

I would not write my own forum software as you _will_ create security flaws for sure.
- interaction needs csrf securement (hashes/ids for each interaction to avoid "re-send-spamming" etc)
- user profiles
- maybe PMs (they need to be secured too as they contain forms)
- admin control panels need to be secured but yet versatile (ban, lookups, prune, maintenance, ...)
- moderator panels (move, rename, mass move, split, join ,...)
- db table structures need to be optimized (this is pretty tough if you have no SQL experience or want to use some java backend for in-RAM-hosting of forum software for decent speed)
- write an importer handling all the important stuff (threads, post, PMs, user)
- handle security (password multi-hash algorithms)
- mail all users to change password (hash + salt based, so no "auto migration")
- ...
and this is just the backend for now!

frontend:
- mobile aware themes (responsive themes)
- multiple themes (backend affected too)
- jscriptifying stuff (eg endless scrollers, dynamic information like "warning new post came in meanwhile", ...) (affects backend too).


Writing your own forum means to sacrifice _a_lot_of_time, risk security of your users and to limit functionality. Better use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
Yes, you loose a bit of performance doing this but it is as with frameworks: you work with others - and stuff might even evolve further once you lost interest in coding your own forum.
Imagine you coded a big piece of the forum. It works and you migrated data (which needs to be done - see above) but suddenly you loose a bit interest in developing in further. A change here another change later in a month ... Meanwhile someone breaks into your forum (unrecognized), data gets phished...
On the other hand it is always a bit likely to install an attack vendor by using popular software (they just google who hosts forum version X.Y.Z).


Just wrote a bit too much about this subject so again in only some words: do not write your own forum software, 1-man-shows just loose way more life-time than required. Forum software is way bigger than BulletinBoard-software 20 years ago.



@ geshi / highlightjs
for highlightjs you do not need to alter the SMF source code - but the "theme templates". So a normal {code}thingy results in
<code class="bbc_code">the code
</code>
Idea is then to tell the highlight-js to initialize on "<code>"-tags. Highlight.js can use a given language to select a specific one instead of "automatic detection". The "code=language" thing passes "language" somehow - so this can be used to pass "language" as "class" to the code tag (above has two classes "bbc" and "code"). In this case it means you initialize highlight.js for all "<code>"-boxes containing class "code". And the defined language is "bbc".
Dunno if SMF allows for "code=language" without the highlighter-plugin (as there needs to be some regex-adjustments for the bbcode-parser of the forums - to read and pass the "language" part). So maybe it is needed to extract that functionality - and then just adjust the "styling" done by geshi.

Need to write the following in this box as somehow the html code gets interpreted (oh oh!! unsanitized?!)

Geshi transforms the "<pre>" (or "<code>") boxes to not contain preformatted text but
"<span class='keyword'>function</span> DrawMe()" and so on.
So each "to color" part gets wrapped into its own tag+class for proper styling. We need to
intercept here - so it does keep the pure "text".
But this way we would use the geshi-plugin to allow "{code=language}my code{/code}".

Of course geshi can get removed if you are able handle the adjusted bbcode on your own (the "language" part in the {code} tag).


bye
Ron

Qube

Quote from: MikeHart on December 19, 2018, 06:42:22
@qube: That is what i am doing atm for our move of CX. Writing my own forum/portal piece. I was fed up with how bloated and over complicated every other solution is. You only reach 80-90% and then hit a road block.
True, I find adding any features to a precooked forum a right chore and never exactly what you want / need. Sure it works but I'd like to do a lot more for the members to use / enjoy.

QuoteI would not write my own forum software as you _will_ create security flaws for sure.
So the same as every other forum software ever developed?. I can't think of one that hasn't had numerous security flaws over the years. A plus point of rolling your own is that a hacker would have to dedicate time to finding the flaws as apposed to 0day exploits used by script kiddies.

Also, I have over 15 years of PHP / MySQL and JavaScript knowledge. I would not be rushing it ( unlike the chat script which was rushed ) but would be a project done properly in my own time without a deadline.

QuoteBetter use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
But then you're still bound by *that* forum software and learning all bout *that* forum software. Then when updates are done they sometimes break the API and you have to redo things again.

QuoteImagine you coded a big piece of the forum. It works and you migrated data (which needs to be done - see above) but suddenly you loose a bit interest in developing in further. A change here another change later in a month ... Meanwhile someone breaks into your forum (unrecognized), data gets phished...
As a side note I've written many web / DB apps for companies and none have been hacked or compromised so I think I can code forum software that's pretty secure. Of course I'm not saying it'll be hack proof but I'm sure I can do as good a job as the current options.

Quoteor want to use some java backend for in-RAM-hosting of forum software for decent speed)
Couldn't think of a worse approach :P

Quotefor highlightjs you do not need to alter the SMF source code - but the "theme templates".
Have you tried SMF with the Geshi plugin?. Even having different backgrounds per language is a pain in the butt and I'm pretty fed up with learning / fighting with each plugin.

QuoteJust wrote a bit too much about this subject so again in only some words: do not write your own forum software, 1-man-shows just loose way more life-time than required. Forum software is way bigger than BulletinBoard-software 20 years ago.
As said, if I do decide to go ahead with doing our own it would be done properly and with no deadline pressure limits. I know it's a lot of work but I don't mind that but forum software is a lot a lot smaller than many of the apps I have written for real life work so that side doesn't bother me either.

But... I'm still 50/50 on the whole thing and I'd need to plan and work out the whole thing first if I did decide to go down that route.
Mac Studio M1 Max ( 10 core CPU - 24 core GPU ), 32GB LPDDR5, 512GB SSD,
Beelink SER7 Mini Gaming PC, Ryzen 7 7840HS 8-Core 16-Thread 5.1GHz Processor, 32G DDR5 RAM 1T PCIe 4.0 SSD
MSI MEG 342C 34" QD-OLED Monitor

Until the next time.

Derron

Quote from: Qube on December 19, 2018, 12:01:08
QuoteI would not write my own forum software as you _will_ create security flaws for sure.
So the same as every other forum software ever developed?. I can't think of one that hasn't had numerous security flaws over the years.
...The more popular the more it gets "checked" (by security audits - and by bad boys). The more features stuff contains, the more flawed it can become.


Quote from: Qube on December 19, 2018, 12:01:08
A plus point of rolling your own is that a hacker would have to dedicate time to finding the flaws as apposed to 0day exploits used by script kiddies.
Fuzzy tests. No need to "tinker". Why does this work? As most often the most obvious bugs get through unseen by the developer.


Quote from: Qube on December 19, 2018, 12:01:08
Also, I have over 15 years of PHP / MySQL and JavaScript knowledge.
And with 15+ years you should know that you might forget about special details in your software. It is a _scripted_ solution which means it is dependend on the environment it runs in. So once you upgrade PHP (so major version steps) you might run into unprepared problems. And you need to update from time to time because it contains security patches not backported to your then outdated PHP version.
I wrote my first PHP script before 2000 and it's these scripts which then from time to time are still running somewhere. The early 2000s scripts are which need big overhaul by me because they use "now" no longer secure approaches (think you know about the automatic $_GET/_POST/_REQUEST fills in the early days?).

I somehow think you think of a forum to be... smaller than you imagine. Just have a look of what dozens of files are provided by all these forums. Yes, some use a framework (laravel, cake...) to get rid of all the routing, acl, hashes, captchas, ... stuff. Still you need to do all the interaction and backend-data-processing stuff.


Quote from: Qube on December 19, 2018, 12:01:08
QuoteBetter use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
But then you're still bound by *that* forum software and learning all bout *that* forum software. Then when updates are done they sometimes break the API and you have to redo things again.
Yet they handle it for you - and if your plugins are cleanly "separated" then it is just a matter of adjusting stuff - instead of having to adjust your "former-plugin-now-inbuilt-inyour-forum"-stuff _and_ to update whatever needs to get updated in the plenty of files - and this without somebody warning you about security issues. This is ok if your daily job was web development and you are always "up to date".


Quote from: Qube on December 19, 2018, 12:01:08
As a side note I've written many web / DB apps for companies and none have been hacked or compromised so I think I can code forum software that's pretty secure.
None of the stuff I've written for others was compromised too ... . but most of the time this is just possible because there is "customer/user content" generated there. You can pretty easily secure stuff for "searches", "contact pages" - but once you have user generated content with a bit of "flexibility" you cannot strictly purge to-escape-stuff / escape html tags and so on. Most of the time they try to break your regex code to incept their stuff. Or they use security flaws in php uploads (accessing publically available tmp files, executing "myscript.jpg" ...). Getting rid of user content is a big increase for a softwares security. For forums ... this is not really possible ;-)


Quote from: Qube on December 19, 2018, 12:01:08
Have you tried SMF with the Geshi plugin?. Even having different backgrounds per language is a pain in the butt and I'm pretty fed up with learning / fighting with each plugin.
Nope, fluxbb user here (less functions, leightweight). If you want I could try to set it up locally and play with some functions? But as said - I think it's better to have the highlighting done on the client side (highlight.js).


_IF_ you want to write your own forum, consider doing it on github / as FOSS - just because I think it is much time you would put into something only working on "one" website.


bye
Ron

MikeHart

Oh joy. No matter what someone posts on this forum, Derron shows up and tells you how it should be done. I hope you live a happy life will all that nickpicking you to other people on the net. Do you do the same in real life?


Btw you state that "of the shelf" forums are more secure than an inhouse one. Did you tell that toUnity, TGC, YYG, old BRL and many others which use inhouse solutions too?
And your beloved FluxBB, when was the last stable release? Somewhere in 2016? Wow, it must have been been so super stable that it didn't need another release.


Really you know it all, so thank you for your thoughts. If i ever knew how much work it is, I would have taken on gardening instead.

Derron

I do not tell what Qube has to do - I just write my opinion about the plan to such things.

@ BRL forums
You know about the hacks done to it? you know about all the "internal errors" you could achieve by posting certain stuff? you know about all the security flaws which existed in the blitzmax-website/forum? I had a look at it (got access) and found stuff which should not be "there".


@ fluxbb
Yes, it has a successor (flarum) which I do not like - but the original developer is still doing stuff.  And if there is a security flaw reported it gets fixed asap. As said: if your forum has less features, then there is not much to maintain except for PHP-compatibilities (as with PHP 7 as the big "step" of the PHP-development-cycle of the last years).



You can create your forum, do it if you like doing that instead of concentrating on development of cerberus-x/other-language-thingy. It just takes time and if you have plenty of time, then go, do it!
Maybe you better write your own Browser too - get rid of all that nasty stuff you do not need and which makes it hard to extend. See it? There is a reason for people to reuse already invented wheels instead. Sure there are exceptions (browser's monoculture for example) but still the main contra argument is: you invest your time.


@ nitpicking
This is not nitpicking if you talk about security flaws. People just do not want their (and others) "PMs" to be downloadable as a .zip file.
I will repeat my self again: todays "bots" are no longer needed to get adjustments for each forum (and if, then it is not a biggie for the human coder to "assist/guide").


@ when to do your own forum
I can accept that people write their stuff if they deeply integrate user accounts into their billing systems etc. (which is imho a no-go ... separate concerns!). Or they want to have special areas for paying customers. Stuff which could mostly be done via "plugins" to existing forums. Might seem to not be accomplishable for many forums but I think there are forums outwhere allowing it - just depends on your needs and the creativity to work around given "restrictions/rules".


Again: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.

bye
Ron

Henri

Nothing ventured, nothing gained.

My opinion is somewhere between 50/50. If you invest your time in it, then it means that you have time to invest, and you gain both knowledge and experience. Surely not a bad thing ? And if not, then existing solutions can be utilized.

I've thought about writing forum software sometimes for fun and educational purposes, as I did something similar in school. But time is always the issue, and of course, you need inspiration  :-)

-Henri
- Got 01100011 problems, but the bit ain't 00000001

Qube

QuoteAgain: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.
If we get hacked then there won't be a forum to post "I told you so!" :P
Mac Studio M1 Max ( 10 core CPU - 24 core GPU ), 32GB LPDDR5, 512GB SSD,
Beelink SER7 Mini Gaming PC, Ryzen 7 7840HS 8-Core 16-Thread 5.1GHz Processor, 32G DDR5 RAM 1T PCIe 4.0 SSD
MSI MEG 342C 34" QD-OLED Monitor

Until the next time.

MikeHart

Quote from: Qube on December 21, 2018, 03:50:16
QuoteAgain: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.
If we get hacked then there won't be a forum to post "I told you so!" :P


If there is a will, there is a way. :D

NoNameHere

Don't know if it has been pointed out before, but the site appears to be blocking Russian IPs. I think it started a few months ago: one day I decided to check in and was greeted by "You are banned, this ban is not set to expire" message. I instantly thought this was happening because of my Russian IP - I already had that happen with os2museum.com - their anti-spam thingy on the server just gives the 403 error to Russian IPs. Sure enough, through a VPN I can login here just fine. I didn't report that earlier because I don't really visit too often and had just kind of hoped that it may resolve itself at some point.