June 18, 2019, 08:54:19 AM

Author Topic: Site suggestions, the future and other stuff  (Read 32539 times)

Offline Henri

  • Full Member
  • ***
  • Posts: 200
Re: Site suggestions, the future and other stuff
« Reply #180 on: December 18, 2018, 10:32:04 AM »
Hi,

not sure if this is something that can be revised, but it might be good to have a select-link on marked code block:

Code: [Select]
Print "Select me"

Code: BlitzMax
  1. Print "select me"
  2.  
  3. 'Comment
  4.  
  5. Rem
  6. Comment block
  7. EndRem
  8.  

Also, Rem-blocks are not marked up properly.

-Henri
- Got 01100011 problems, but the bit ain't 00000001

Offline Rick Nasher

  • Hero Member
  • *****
  • Posts: 707
Re: Site suggestions, the future and other stuff
« Reply #181 on: December 18, 2018, 06:00:49 PM »
@Qube
Quote
I will look into this before the weekend. If no new emoji's have popped up before the new year then please remind me :)
No biggy, just adds to the, well overall atmosphere? But if tricky to do then no prio.
_______________________________________
 B3D + physics + shaders + X-platform = AGK!
:D ..ALIENBREED *LIVES* (thanks to Qube).. :D
_______________________________________

Offline round157

  • Full Member
  • ***
  • Posts: 204
Re: Site suggestions, the future and other stuff
« Reply #182 on: December 18, 2018, 10:44:18 PM »
Hi, Qube,

Thanks for your kind help. I notice that the name of the Blitz2D/3D sub-forum was changed to the new name.

This forum is becoming a very perfect forum. I believe that this forum will be famous worldwide under your effective and successful managament.

Thanks again!


Online Steve Elliott

  • Hero Member
  • *****
  • Posts: 1802
Re: Site suggestions, the future and other stuff
« Reply #183 on: December 18, 2018, 10:48:48 PM »
I agree, Qube is a very sensible guy...So it's a very smooth transition to come here - so invite others!   :)
Windows 10, 64-bit, 16Gb RAM, CPU Intel i5, 3.2 GHz, Nvidia GeForce GTX 1050 (2Gb).
MacOS Mojave, 64-bit, 8Gb RAM, CPU Intel i5, 2.3 Ghz, Intel Iris Plus Graphics 640 1536 MB.
Linux Mint 19.1, 64-bit, 16Gb RAM, CPU Intel i5, 3.2 GHz, Nvidia GeForce GTX 1050 (2Gb).

Offline Qube

  • Administrator
  • Hero Member
  • *****
  • Posts: 1901
Re: Site suggestions, the future and other stuff
« Reply #184 on: December 19, 2018, 03:55:35 AM »
Quote
I thought Gesih and highlightjs auto-detect languages if none is provided
Not on the plugin provided for SMF. The standard code tag doesn't auto recognise languages.

Quote
The main culprit is that {code=BlitzMax}...{/code} has to be known to users.
This is true but there is a guide on this - The more I think about all this the more I'm aiming at writing our own forum software. It's a big task and something that I'd need to be able to allow time for. While I like the SMF forum there are many things I'd like to add the these forums whereby it'd be quicker in the long term to code my own forum as apposed to learning all the ins and outs of SMF.

Quote
@ Colors
https://highlightjs.org/static/demo/
They offer 80+ styles which seem pretty consistent in itself.
Looks like a decent system and any code highlighting function I'd prefer not to have to manually configure each one. Perhaps when the time comes a member(s) of the community can handle that task?

Quote
not sure if this is something that can be revised, but it might be good to have a select-link on marked code block:
I did have a quick look about adding a "select" link to the geshi output but numerous attempts didn't work. Geshi is quite a big beast and a lot of it seems to override itself as changes you'd expect to be global just get ignored. Not quite sure if it's Geshi itself or the way it's integrated with SMF. Another reason to code our own forum software as then we'd have full control and functional upgradability.

Quote
No biggy, just adds to the, well overall atmosphere? But if tricky to do then no prio.
I agree, the smilies need a little love. I'll aim to get some new ones added over the coming days.

Quote
Thanks for your kind help. I notice that the name of the Blitz2D/3D sub-forum was changed to the new name.
Easy change to make it more obvious. Thanks for the recommendation :)

Quote
so invite others!
Absolutely, invite others :) - We're very scalable. What ever needs to be done, will be done ;D
Until the next time...

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 585
  • Cerberus-X Dev Team
    • Cerberus X
Re: Site suggestions, the future and other stuff
« Reply #185 on: December 19, 2018, 06:42:22 AM »
@qube: That is what i am doing atm for our move of CX. Writing my own forum/portal piece. I was fed up with how bloated and over complicated every other solution is. You only reach 80-90% and then hit a road block.

Offline Derron

  • Hero Member
  • *****
  • Posts: 2154
Re: Site suggestions, the future and other stuff
« Reply #186 on: December 19, 2018, 07:09:49 AM »
Non-bloated (and maybe updated somewhen ....) fluxbb.org.

I would not write my own forum software as you _will_ create security flaws for sure.
- interaction needs csrf securement (hashes/ids for each interaction to avoid "re-send-spamming" etc)
- user profiles
- maybe PMs (they need to be secured too as they contain forms)
- admin control panels need to be secured but yet versatile (ban, lookups, prune, maintenance, ...)
- moderator panels (move, rename, mass move, split, join ,...)
- db table structures need to be optimized (this is pretty tough if you have no SQL experience or want to use some java backend for in-RAM-hosting of forum software for decent speed)
- write an importer handling all the important stuff (threads, post, PMs, user)
- handle security (password multi-hash algorithms)
- mail all users to change password (hash + salt based, so no "auto migration")
- ...
and this is just the backend for now!

frontend:
- mobile aware themes (responsive themes)
- multiple themes (backend affected too)
- jscriptifying stuff (eg endless scrollers, dynamic information like "warning new post came in meanwhile", ...) (affects backend too).


Writing your own forum means to sacrifice _a_lot_of_time, risk security of your users and to limit functionality. Better use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
Yes, you loose a bit of performance doing this but it is as with frameworks: you work with others - and stuff might even evolve further once you lost interest in coding your own forum.
Imagine you coded a big piece of the forum. It works and you migrated data (which needs to be done - see above) but suddenly you loose a bit interest in developing in further. A change here another change later in a month ... Meanwhile someone breaks into your forum (unrecognized), data gets phished...
On the other hand it is always a bit likely to install an attack vendor by using popular software (they just google who hosts forum version X.Y.Z).


Just wrote a bit too much about this subject so again in only some words: do not write your own forum software, 1-man-shows just loose way more life-time than required. Forum software is way bigger than BulletinBoard-software 20 years ago.



@ geshi / highlightjs
for highlightjs you do not need to alter the SMF source code - but the "theme templates". So a normal {code}thingy results in
<code class="bbc_code">the code
</code>
Idea is then to tell the highlight-js to initialize on "<code>"-tags. Highlight.js can use a given language to select a specific one instead of "automatic detection". The "code=language" thing passes "language" somehow - so this can be used to pass "language" as "class" to the code tag (above has two classes "bbc" and "code"). In this case it means you initialize highlight.js for all "<code>"-boxes containing class "code". And the defined language is "bbc".
Dunno if SMF allows for "code=language" without the highlighter-plugin (as there needs to be some regex-adjustments for the bbcode-parser of the forums - to read and pass the "language" part). So maybe it is needed to extract that functionality - and then just adjust the "styling" done by geshi.

Need to write the following in this box as somehow the html code gets interpreted (oh oh!! unsanitized?!)
Code: [Select]
Geshi transforms the "<pre>" (or "<code>") boxes to not contain preformatted text but
"<span class='keyword'>function</span> DrawMe()" and so on.
So each "to color" part gets wrapped into its own tag+class for proper styling. We need to
intercept here - so it does keep the pure "text".
But this way we would use the geshi-plugin to allow "{code=language}my code{/code}".
Of course geshi can get removed if you are able handle the adjusted bbcode on your own (the "language" part in the {code} tag).


bye
Ron
 

Offline Qube

  • Administrator
  • Hero Member
  • *****
  • Posts: 1901
Re: Site suggestions, the future and other stuff
« Reply #187 on: December 19, 2018, 12:01:08 PM »
@qube: That is what i am doing atm for our move of CX. Writing my own forum/portal piece. I was fed up with how bloated and over complicated every other solution is. You only reach 80-90% and then hit a road block.
True, I find adding any features to a precooked forum a right chore and never exactly what you want / need. Sure it works but I'd like to do a lot more for the members to use / enjoy.

Quote
I would not write my own forum software as you _will_ create security flaws for sure.
So the same as every other forum software ever developed?. I can't think of one that hasn't had numerous security flaws over the years. A plus point of rolling your own is that a hacker would have to dedicate time to finding the flaws as apposed to 0day exploits used by script kiddies.

Also, I have over 15 years of PHP / MySQL and JavaScript knowledge. I would not be rushing it ( unlike the chat script which was rushed ) but would be a project done properly in my own time without a deadline.

Quote
Better use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
But then you're still bound by *that* forum software and learning all bout *that* forum software. Then when updates are done they sometimes break the API and you have to redo things again.

Quote
Imagine you coded a big piece of the forum. It works and you migrated data (which needs to be done - see above) but suddenly you loose a bit interest in developing in further. A change here another change later in a month ... Meanwhile someone breaks into your forum (unrecognized), data gets phished...
As a side note I've written many web / DB apps for companies and none have been hacked or compromised so I think I can code forum software that's pretty secure. Of course I'm not saying it'll be hack proof but I'm sure I can do as good a job as the current options.

Quote
or want to use some java backend for in-RAM-hosting of forum software for decent speed)
Couldn't think of a worse approach :P

Quote
for highlightjs you do not need to alter the SMF source code - but the "theme templates".
Have you tried SMF with the Geshi plugin?. Even having different backgrounds per language is a pain in the butt and I'm pretty fed up with learning / fighting with each plugin.

Quote
Just wrote a bit too much about this subject so again in only some words: do not write your own forum software, 1-man-shows just loose way more life-time than required. Forum software is way bigger than BulletinBoard-software 20 years ago.
As said, if I do decide to go ahead with doing our own it would be done properly and with no deadline pressure limits. I know it's a lot of work but I don't mind that but forum software is a lot a lot smaller than many of the apps I have written for real life work so that side doesn't bother me either.

But... I'm still 50/50 on the whole thing and I'd need to plan and work out the whole thing first if I did decide to go down that route.
Until the next time...

Offline Derron

  • Hero Member
  • *****
  • Posts: 2154
Re: Site suggestions, the future and other stuff
« Reply #188 on: December 19, 2018, 12:59:08 PM »
Quote
I would not write my own forum software as you _will_ create security flaws for sure.
So the same as every other forum software ever developed?. I can't think of one that hasn't had numerous security flaws over the years.
...The more popular the more it gets "checked" (by security audits - and by bad boys). The more features stuff contains, the more flawed it can become.


A plus point of rolling your own is that a hacker would have to dedicate time to finding the flaws as apposed to 0day exploits used by script kiddies.
Fuzzy tests. No need to "tinker". Why does this work? As most often the most obvious bugs get through unseen by the developer.


Also, I have over 15 years of PHP / MySQL and JavaScript knowledge.
And with 15+ years you should know that you might forget about special details in your software. It is a _scripted_ solution which means it is dependend on the environment it runs in. So once you upgrade PHP (so major version steps) you might run into unprepared problems. And you need to update from time to time because it contains security patches not backported to your then outdated PHP version.
I wrote my first PHP script before 2000 and it's these scripts which then from time to time are still running somewhere. The early 2000s scripts are which need big overhaul by me because they use "now" no longer secure approaches (think you know about the automatic $_GET/_POST/_REQUEST fills in the early days?).

I somehow think you think of a forum to be... smaller than you imagine. Just have a look of what dozens of files are provided by all these forums. Yes, some use a framework (laravel, cake...) to get rid of all the routing, acl, hashes, captchas, ... stuff. Still you need to do all the interaction and backend-data-processing stuff.
 

Quote
Better use a forum offering "hooks" (or a similar system) for all this stuff. Learn the inners of the forum "hook system" on a weekend and extend from there.
But then you're still bound by *that* forum software and learning all bout *that* forum software. Then when updates are done they sometimes break the API and you have to redo things again.
Yet they handle it for you - and if your plugins are cleanly "separated" then it is just a matter of adjusting stuff - instead of having to adjust your "former-plugin-now-inbuilt-inyour-forum"-stuff _and_ to update whatever needs to get updated in the plenty of files - and this without somebody warning you about security issues. This is ok if your daily job was web development and you are always "up to date".


As a side note I've written many web / DB apps for companies and none have been hacked or compromised so I think I can code forum software that's pretty secure.
None of the stuff I've written for others was compromised too ... . but most of the time this is just possible because there is "customer/user content" generated there. You can pretty easily secure stuff for "searches", "contact pages" - but once you have user generated content with a bit of "flexibility" you cannot strictly purge to-escape-stuff / escape html tags and so on. Most of the time they try to break your regex code to incept their stuff. Or they use security flaws in php uploads (accessing publically available tmp files, executing "myscript.jpg" ...). Getting rid of user content is a big increase for a softwares security. For forums ... this is not really possible ;-)


Have you tried SMF with the Geshi plugin?. Even having different backgrounds per language is a pain in the butt and I'm pretty fed up with learning / fighting with each plugin.
Nope, fluxbb user here (less functions, leightweight). If you want I could try to set it up locally and play with some functions? But as said - I think it's better to have the highlighting done on the client side (highlight.js).


_IF_ you want to write your own forum, consider doing it on github / as FOSS - just because I think it is much time you would put into something only working on "one" website.


bye
Ron

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 585
  • Cerberus-X Dev Team
    • Cerberus X
Re: Site suggestions, the future and other stuff
« Reply #189 on: December 19, 2018, 01:29:23 PM »
Oh joy. No matter what someone posts on this forum, Derron shows up and tells you how it should be done. I hope you live a happy life will all that nickpicking you to other people on the net. Do you do the same in real life?


Btw you state that "of the shelf" forums are more secure than an inhouse one. Did you tell that toUnity, TGC, YYG, old BRL and many others which use inhouse solutions too?
And your beloved FluxBB, when was the last stable release? Somewhere in 2016? Wow, it must have been been so super stable that it didn't need another release.


Really you know it all, so thank you for your thoughts. If i ever knew how much work it is, I would have taken on gardening instead.

Offline Derron

  • Hero Member
  • *****
  • Posts: 2154
Re: Site suggestions, the future and other stuff
« Reply #190 on: December 19, 2018, 01:44:15 PM »
I do not tell what Qube has to do - I just write my opinion about the plan to such things.

@ BRL forums
You know about the hacks done to it? you know about all the "internal errors" you could achieve by posting certain stuff? you know about all the security flaws which existed in the blitzmax-website/forum? I had a look at it (got access) and found stuff which should not be "there".


@ fluxbb
Yes, it has a successor (flarum) which I do not like - but the original developer is still doing stuff.  And if there is a security flaw reported it gets fixed asap. As said: if your forum has less features, then there is not much to maintain except for PHP-compatibilities (as with PHP 7 as the big "step" of the PHP-development-cycle of the last years).



You can create your forum, do it if you like doing that instead of concentrating on development of cerberus-x/other-language-thingy. It just takes time and if you have plenty of time, then go, do it!
Maybe you better write your own Browser too - get rid of all that nasty stuff you do not need and which makes it hard to extend. See it? There is a reason for people to reuse already invented wheels instead. Sure there are exceptions (browser's monoculture for example) but still the main contra argument is: you invest your time.


@ nitpicking
This is not nitpicking if you talk about security flaws. People just do not want their (and others) "PMs" to be downloadable as a .zip file.
I will repeat my self again: todays "bots" are no longer needed to get adjustments for each forum (and if, then it is not a biggie for the human coder to "assist/guide").


@ when to do your own forum
I can accept that people write their stuff if they deeply integrate user accounts into their billing systems etc. (which is imho a no-go ... separate concerns!). Or they want to have special areas for paying customers. Stuff which could mostly be done via "plugins" to existing forums. Might seem to not be accomplishable for many forums but I think there are forums outwhere allowing it - just depends on your needs and the creativity to work around given "restrictions/rules".


Again: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.

bye
Ron

Offline Henri

  • Full Member
  • ***
  • Posts: 200
Re: Site suggestions, the future and other stuff
« Reply #191 on: December 19, 2018, 03:09:58 PM »
Nothing ventured, nothing gained.

My opinion is somewhere between 50/50. If you invest your time in it, then it means that you have time to invest, and you gain both knowledge and experience. Surely not a bad thing ? And if not, then existing solutions can be utilized.

I've thought about writing forum software sometimes for fun and educational purposes, as I did something similar in school. But time is always the issue, and of course, you need inspiration  :-)

-Henri
- Got 01100011 problems, but the bit ain't 00000001

Offline Qube

  • Administrator
  • Hero Member
  • *****
  • Posts: 1901
Re: Site suggestions, the future and other stuff
« Reply #192 on: December 21, 2018, 03:50:16 AM »
Quote
Again: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.
If we get hacked then there won't be a forum to post "I told you so!" :P
Until the next time...

Offline MikeHart

  • Hero Member
  • *****
  • Posts: 585
  • Cerberus-X Dev Team
    • Cerberus X
Re: Site suggestions, the future and other stuff
« Reply #193 on: December 21, 2018, 06:40:33 AM »
Quote
Again: do what you want but _if_ you encounter issues (as described above) then do not yell that nobody warned before.
If we get hacked then there won't be a forum to post "I told you so!" :P


If there is a will, there is a way. :D

Offline NoNameHere

  • Jr. Member
  • **
  • Posts: 5
Re: Site suggestions, the future and other stuff
« Reply #194 on: January 28, 2019, 03:04:10 PM »
Don't know if it has been pointed out before, but the site appears to be blocking Russian IPs. I think it started a few months ago: one day I decided to check in and was greeted by "You are banned, this ban is not set to expire" message. I instantly thought this was happening because of my Russian IP - I already had that happen with os2museum.com - their anti-spam thingy on the server just gives the 403 error to Russian IPs. Sure enough, through a VPN I can login here just fine. I didn't report that earlier because I don't really visit too often and had just kind of hoped that it may resolve itself at some point.