Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - [Unknown]
16
Off-topic / Re: Unknown's thoughts on Wedge
« on June 28th, 2011, 05:25 AM »Anyway. I have more alcohol to drink right now, a hangover for the morning, followed by a 200 mile road trip, just so I can go to a family funeral tomorrow
Sorry to hear you've had drama. Hope things are okay.
But since it's become increasingly clear that I'm barking up another wrong tree, I might as well revert what I've done and go with my first plan of enhancing what's there and praying to $deity that my fears are baseless, except I know full well I'm right there.
I agree with your concern about porting of mods. IMHO, a way to solve that is to disable it for now, or except for specifically Wedge update packages perhaps. Then table re-enabling it for when necessary. Worst case, people could write a mod to add it back in, but that'd be possible anyway. And if it turns out you're right, remove it fully, just not right away.
(See, Unknown's someone I look up to and when he says in not so many words that he thinks I'm working off broken logic, I tend to agree with him. Then I remember that he's younger than me and still managed to achieve so much more than I have so far, and I quietly begin to question myself. I hear my beer calling.)
-[Unknown]
17
Off-topic / Re: Unknown's thoughts on Wedge
« on June 27th, 2011, 04:19 AM »
FWIW, I recalled I'd had a conversation about this sort of thing a while back re: SMF. A quick email search later, here's a copy/paste:Quote from "[Unknown This was actually in reply to Joseph Fung. I'd copy his message but I'd want to get permission first.
It's not like we thought it wasn't necessary, but there were license issues and it just got bogged down. 'Course we really liked to play around, e.g. smflib. I had been seriously considering creating a macro language for PHP and inlining it on release, although it was probably a bad idea.
-[Unknown]
, 2005-02-17"]
Actually, I've messed around with doing things like this several times. Some of the solutions I've come up with have involved reading files from a directory, serailizing the information gained from them together, and writing it to a cache (whether database, file, or otherwise.) That may seem roudabout, but I really can't like an idea if I know it's going to be slow and less-than scalable.
Using this system, a registry in the database isn't technically needed, although it could be useful. The gain of not having it in the database is that plugins can be loaded before the connection is made: and this would allow, as an example, plugins to mean other-database support.
But, obviously, a table has clear benefits (and makes it notably easier to upgrade plugins, which is something a lot of systems ignore!) The downside is that all of this information is going to be needed all the time, so everything is going to have to be loaded from the table (not just some.)
...
It would also mean essentially abstracting every internal function call. Imagine:
processFunction('db_query', 'load_settings', array("
SELECT variable, value
FROM {$db_prefix}settings", __FILE__, __LINE__));
Again, macros and such would make this better. Or even just an event system:
fire_event('loaded_settings');
Although you're right, the major problem there is that the function can't mess with the local scope. That's what I like about macros - I wish we could do this:
.. snip longish example that closures basically finally allow ...
And these could be automatically inlined during compilation, and then possibly optimized out if possible.
Anyway, I do agree that extensibility is one of the main things SMF needs to gain... I guess I'm just really hard-nosed about the common methods of doing it :P.
It's not like we thought it wasn't necessary, but there were license issues and it just got bogged down. 'Course we really liked to play around, e.g. smflib. I had been seriously considering creating a macro language for PHP and inlining it on release, although it was probably a bad idea.
-[Unknown]
18
Off-topic / Re: Unknown's thoughts on Wedge
« on June 27th, 2011, 12:19 AM »And that's because they still depend on version checking. My proposed method explicitly does NOT check for Wedge version.
It probably does, I haven't spent any time in their ecosystems. But given the mods submitted, the relative skill level of the coders and so on, the majority are certainly not contributed by veteran coders.
Joomla also has patches. For example, this one:
http://www.joomlatwork.com/products/free-downloads/seo-patch-joomla-15.html
Do you suppose this is a better alternative to automated file edits? Note that they take the path of least resistance: a zip file containing the modified files, to overwrite in your installation.
I'm suggesting that you will only make this type of modification more popular (in the case that mods exist that do more than tiny things at all, so hopefully) which seems like a worse disease than the original injury.
-[Unknown]
19
Off-topic / Re: Unknown's thoughts on Wedge
« on June 26th, 2011, 11:47 PM »but they will want more the things they can't imagine yet.
As I also mentioned on Blocweb, adding too many features in Wedge makes creating alternatives less desirable for others. Why create a gallery when theres one built-in?
Take Yourasoft, where a core was to replace SMF, with its forum as a module only(allowing others to also make other forum modules). It was from day one agreed that things should/could have alternatives.
In contrast, are there any mods that replace the moderating center in SMF2? In SMF11 there could have been more alternatives(was there more? I can't remember) but in SMF2 theres no reason to now. And that moderating center isn't a solution to all moderating needs..
The problem with features like that is they "bake" a specific idea into people's minds, such that it's harder to solve different ones.
For example, I use a callback-based HTTP system for some of my stuff. This means, I do something like this:
$http->queue_get($url, $headers, $callback, $curried_params);
$http->queue_get($url, $headers, $callback, $curried_params);
$http->queue_get($url, $headers, $callback, $curried_params);
$http->queue_get($url, $headers, $callback, $curried_params);
$http->process();
The library itself multiplexes the sockets and executes the HTTP requests simultaneously. It makes a number of requests, so these complete in a fraction of the time they would traditionally.
So, then, why is it that this model is so rare in PHP? Well, since I hate curl, I'll blame it. Since curl is an extension most people have in PHP, most people end up using it, not even the built in HTTP functionality of PHP. Yes, it has a lot of features and is stable and built out well... no, it doesn't have a good security track-record in PHP nor a great PHP interface.
I'm the type of person who likes alternatives, and likes to write them. Just because something exists doesn't mean it's the best. But it's hard to approach something that has an integrated thing, and replace it. For upgrade reasons, I would be more tempted to modify the existing feature, than to remove it and add my own.
if its part of what you set out to achieve then that won't matter lol.
-[Unknown]
20
Off-topic / Re: Unknown's thoughts on Wedge
« on June 26th, 2011, 11:30 PM »
WARNING: Haven't red Bloc's reply or Arantor's follow up yet. However they are quoting other things I haven't read either, so I'm a bit confused. I'm going to back up and re-read the whole topic, but I figured this reply still probably stands.Quote from Arantor on June 26th, 2011, 04:01 PM The kernel has patch sets. PHP has them too - even though PHP has defined extensions, which are more common.
Open source is all about the community producing bug fix packages, and having a way to "bake" a fix before it going into the core is a very good idea. Mozilla and other vendors do a lot to offer and maintain several concurrent branches to manage this - but since PHP is source based, the package manager is a much more natural method.
Certainly if the bugfixes are long lived, it's a problem. When I had my bug fix mods, they only lived for maybe < 1 week until YaBB SE 1.5.1, and then I think 1.5.2 came out. But people loved them nonetheless.
FWIW, one of the things I would do differently now - before, I would often post on support like this:
Open XYZ.php, search for:
Code: [Select]
Replace with / Add before / Add after:
Code: [Select]
[[How do I modify files?]]
Whereas nowadays I would probably do this instead:
$ svn diff -c 1234 | smf_diff2modxml | smf_package unknownbrackets:fix_1234 "Fix for XYZ" --versions=2.0 > fix_1234.zip
And just give that to them, with e.g. [[How do I use a bugfix package?]] which would note their removal during an upgrade.Quote from Arantor on June 26th, 2011, 04:01 PM Sure. But release schedules happen, and frankly unless it's high-priority, I wouldn't release a new version within 1 week of the other, so as to collect other bugfixes. Maybe, if some are really hard to fix, even 2 weeks. While people like software that works, they hate having to upgrade over and over, and there's a danger they will just skip the upgrades and wait a while if they're too frequent.Quote from Arantor on June 26th, 2011, 04:01 PM Realistically, large upgrades are hard, especially for some deployments, and also dangerous just because of surface area.
Look at for example, Gentoo or CentOS or anyone. They have slightly older versions of PHP/MySQL/OpenSSL/etc. But these all have backported fixes. Now, obviously, this is an annoyance... I'd rather everyone used the latest PHP. But there are stability questions, and a whole slew of reasons why people prefer to use backported fixes.
A package manager isn't going to change this (one way or another), and a policy against the concept may stifle commercial adoption.Quote from Arantor on June 26th, 2011, 04:01 PM Sure. My company also, for example, does customized Wordpress installs. Generally, we write these as plugins and template changes, which solves the problem most of the time, sure. But there have been times when we've done file edits, which certainly causes upgrade problems, and can even be hard to track since there's no management on top. Too often, these installs get left un-upgraded because the client doesn't want to pay for the effort to upgrade them, even when it needs to be done.
Wordpress also does more to "freeze" the template interface, which is a whole separate conversation, and probably another factor to why complex themes don't generally exist.
And the default avatar - implementing this using TOX-G seems natural to me. Assume for a moment:
Code: [Select]
This seems natural to me. It also means no problems like, say, accidentally setting someone's avatar to the default url when they edit their profile. To avoid potential problems, this is probably how I would approach such a mod.
Making the right way easy is definitely a good thing. Perhaps show a message when the mod contains file changes:Quote It's good to warn people not to do things they probably don't want to do. I still think there is an established use case for it, just as long as people are careful.Quote from Arantor on June 26th, 2011, 04:01 PM I'm not sure this is a hard problem. Yes, the package manager still has bugs in this area, and since writing it I've changed my mind on some things. However, this goes back to another gripe I have... why isn't the webinstaller being pushed more?
Also, automatically restoring the permissions is something it should do, I thought it did. If it doesn't, I just consider that a bug.Quote from Arantor on June 26th, 2011, 04:01 PM Yes, they do. Look at extensions for Firefox, which don't do any "core edits." Chrome has this problem less, but also the extensions can do a lot less. And, for example, the latest "Page Speed" extension is broken in Chrome, and the latest Closure Inspector is broken in Firefox. Both of these use plugin models.Quote from Arantor on June 26th, 2011, 04:01 PM Making it less likely is great. Probably 80% of mods should never modify a file, and that could really help solve this problem. I'd guess that the places where mods normally conflict is e.g. mod settings and such, places that are clearly hook fodder.Quote from Arantor on June 26th, 2011, 04:01 PM Well, even in the worst case where they do modify a template, if things are more reused and base templates are inherited by themes and used, it's much less of a problem.
In general, I just feel like you are over-solving the problem. Even if mods still just edited themes (without using TOX-G overlays, which although I made them as simple as possible, still take some thinking to understand), a system of inheritance and a larger set of templates would solve a lot of these problems alone.Quote from Arantor on June 26th, 2011, 04:01 PM Well, frankly, I see these installer scripts as way too complicated. I think it's ironic that adding a core upgrade (to the upgrade SQL) seems to be easier and simpler than adding a table in a mod.Quote from Arantor on June 26th, 2011, 04:01 PM Yes, but you're building a solution around a single problem, not the whole set of potential problems. Given a specific mod, anyone could add the necessary hooks for it - but that's an unending problem.Quote from Arantor on June 26th, 2011, 04:01 PM If they were used more, there would be more feature requests, and this could be handled.Quote from Arantor on June 26th, 2011, 04:01 PM I don't forget that, it's the same with everything. Even the bugfix mods I wrote were really to manage them on my own site, and also share. Not just to be a philanthropist.Quote from Arantor on June 26th, 2011, 04:01 PM SMF's admin is confusing and overly complicated. I'd rather see the complicated things (including custom BBC and editor buttons and such) be left as mods with just configurable hooks. This is essentially what Wordpress does AFAICT and it's a win IMHO.Quote from Arantor on June 26th, 2011, 04:01 PM Why? You want to add another checkbox somewhere for whether to show the page number in the title? I'm sure some SEO people would go nuts about it, so it has to turn off. I don't see it as having a huge number of people who want it either.Quote from Arantor on June 26th, 2011, 04:01 PM And yet they are popular, and don't have some of the systemic problems SMF's mods have. I think this points to file edits not necessarily being the culprit as you suspect, because if they were they'd affect other software equally.Quote from Arantor on June 26th, 2011, 04:01 PM Why does this not affect other software? Are you proposing a different (more selfish) audience uses SMF than other forums?
I agree paid mods are a problem. While SMF hasn't made those easy, I'm not sure how it has made them hard. I think there's a lot to that problem as well.Quote from Arantor on June 26th, 2011, 04:01 PM I think hooks are used very heavily in Wordpress. Yet memory (and a cursory Google search) shows that patches and file edits are still used in their themes and plugins, often enough. I know I've installed off-the-shelf themes for friends and had to do file edits manually.Quote from Arantor on June 26th, 2011, 04:01 PM I'm not saying it will, I'm just saying people will go to manual file edits. I personally think (and have heard from many people) that SMF's managing these for you is still a good idea.Quote from Arantor on June 26th, 2011, 04:01 PM Certainly. That's a separate problem and a good problem to solve.Quote from Nao/Gilles on June 26th, 2011, 09:03 PM Okay.
-[Unknown]
1. If your community is producing bug fix packages, we have to ask the question why aren't being made part of the core product?
Open source is all about the community producing bug fix packages, and having a way to "bake" a fix before it going into the core is a very good idea. Mozilla and other vendors do a lot to offer and maintain several concurrent branches to manage this - but since PHP is source based, the package manager is a much more natural method.
Certainly if the bugfixes are long lived, it's a problem. When I had my bug fix mods, they only lived for maybe < 1 week until YaBB SE 1.5.1, and then I think 1.5.2 came out. But people loved them nonetheless.
FWIW, one of the things I would do differently now - before, I would often post on support like this:
Open XYZ.php, search for:
abcReplace with / Add before / Add after:
xyz[[How do I modify files?]]
Whereas nowadays I would probably do this instead:
$ svn diff -c 1234 | smf_diff2modxml | smf_package unknownbrackets:fix_1234 "Fix for XYZ" --versions=2.0 > fix_1234.zip
And just give that to them, with e.g. [[How do I use a bugfix package?]] which would note their removal during an upgrade.
I cannot see any justification for *not* patching it.
2. It discourages people from upgrading. To me, an upgrade shouldn't just be about fixing problems, it should be an overall iteration on what was there before, so improvements (not necessarily new features, but improving existing ones) as well as fixing bugs.
Look at for example, Gentoo or CentOS or anyone. They have slightly older versions of PHP/MySQL/OpenSSL/etc. But these all have backported fixes. Now, obviously, this is an annoyance... I'd rather everyone used the latest PHP. But there are stability questions, and a whole slew of reasons why people prefer to use backported fixes.
A package manager isn't going to change this (one way or another), and a policy against the concept may stifle commercial adoption.
Most of the mod authors are not strong programmers, and invariably look for the easiest route to implement something, which means template edits in the first line of attack, source edits in the second, and almost never taking advantage of the resources actually in SMF to pull some of it off.
Wordpress also does more to "freeze" the template interface, which is a whole separate conversation, and probably another factor to why complex themes don't generally exist.
And the default avatar - implementing this using TOX-G seems natural to me. Assume for a moment:
Themes/default/basic.tox:
<tpl:template name="we:avatar" requires="url">
<tpl:if test="!empty({$url})"><img src="{$url}" alt="" /></tpl:if>
</tpl:template>
Themes/cooltheme/basic.tox:
<tpl:template name="we:avatar" requires="url">
<tpl:if test="!empty({$url})"><div class="avatar-box"><img src="{$url}" alt="" /><div></tpl:if>
</tpl:template>
Packages/defaultavatar/overlay.tox:
<tpl:alter match="we:avatar" position="before">
<tpl:if test="empty({$url})">
<tpl:set var="{$url}" value="{$settings.defaultavatar.url}" />
</tpl:if>
</tpl:alter>
This seems natural to me. It also means no problems like, say, accidentally setting someone's avatar to the default url when they edit their profile. To avoid potential problems, this is probably how I would approach such a mod.
Making the right way easy is definitely a good thing. Perhaps show a message when the mod contains file changes:
Warning: This package modifies core functionality of Wedge, and may need to be uninstalled prior to an upgrade.
When you upgrade, the package manager will automatically uninstall this package for you if it conflicts, and it may need to be reinstalled or even rewritten at that time.
* File permissions, and making files writable to PHP, is one of the single most asked questions on the support boards -> can we make mods that don't need to make the core files writable?
Also, automatically restoring the permissions is something it should do, I thought it did. If it doesn't, I just consider that a bug.
* Mods only working on certain versions, people asking whether mods will be updated -> does a mod expressly have to ask for a version, or can it attempt to determine if all the features it needs are available?
* Mods searching for code and not finding it, because the original code has been modified (either by a later version, wherein even the comments get modified sometimes, or by another mod) -> can we make mods that either don't need to modify the files, or can better manage to sort themselves out without having to trip over each other?
* Mods that need to modify templates -> why do they need to modify templates? Does it always have to be a template edit, or is it about the data the templates output? Can content be injected into a template in some other fashion?
In general, I just feel like you are over-solving the problem. Even if mods still just edited themes (without using TOX-G overlays, which although I made them as simple as possible, still take some thinking to understand), a system of inheritance and a larger set of templates would solve a lot of these problems alone.
making an installer script, but the more we talked about it, the more I felt comfortable abandoning file edits in the base.
It does come up regularly enough. I'm not sure what you couldn't do with strategic insertion of hooks, it doesn't need to be insane.
It's not that hard to figure out. But premium sites can't use it because by definition everything in a package server has to be accessible by a simple GET and as far as I can tell, without any authentication handling.
The thing most people seem to forget is that the bulk of mod authors aren't people just writing stuff to give away - they tend to write it for themselves and their site, then share.
Or better IMO, make the editor buttons configurable to the admin, so if they want to add them, they can. But yes, this could be achieved with hooks (even in SMF) and I don't think it is.
Well, I'd personally debate that it should be a core feature rather than a mod.
But I've seen even large-scale phpBB mods done, well, as lists of file editing, which says to me either there aren't hooks, or they're not really in use much.
That all said, I'm willing to bet that part of the problem is simply that most mods are contributed by people in their spare time, without any interest or desire in writing big and complex mods
I agree paid mods are a problem. While SMF hasn't made those easy, I'm not sure how it has made them hard. I think there's a lot to that problem as well.
I agree, to a point. The thing is, apart from the fact that it doesn't seem to have hurt MyBB or WordPress (and especially WordPress)
I'm not convinced it will restrict to large or tiny mods.
That's really what we have to do: just expanding hooks on its own won't be enough. We have to make everything else be more open to extension too, and upon doing that, almost anything should be possible.
We aren't focusing on Stylings. I just offer them as an easy alternative for non modders who want to have different themes for their users without making it a hassle to maintain.
-[Unknown]
21
Off-topic / Re: Unknown's thoughts on Wedge
« on June 26th, 2011, 02:09 PM »Your iPhone app raised my eyebrow, mostly because I need to do something similar. Are the HTML5 apps made to be accessed by the browser, made using something like Sencha Touch, jQuery Mobile or jQTouch, or are they bundled into something like Phonegap to be treated like native apps?
The review process isn't horrible, and we actually like it internally - because they can give us good feedback. But it's a danger for the client, because it means timeline and even scope can be affected by another entity. And since that's what they're paying us for, that's why we need to make the recommendation.
Still, what this ends up doing is making the client pull back on their wants for the app. Even larger clients, they phase it out a lot. So the apps are smaller.
Apps on Facebook are a bit more "healthy" IMHO. They come in a better gradient of sizes (even though they still are often cheesy.) There's no enforced review process, but if you break the rules, you'll get reported. In fact, they're much harsher than Apple, as Apple is more willing to work with you, and Facebook will toss you to the curb (and then maybe talk to you.)
Of course, neither platform is really "unhealthy" and Facebook has its own set of problems for sure. And they both have some of the traditional problems of centralized application repos. There are also a ton of other things that may be more responsible for their differences, not the least of which are things like screen real estate.
-[Unknown]
22
Off-topic / Re: Unknown's thoughts on Wedge
« on June 26th, 2011, 01:22 PM »In absence of anything else, the package manager means mod authors have to do direct edits to achieve things, rather than making use of facilities available. The main consequence of this is mods doing template edits which cause support issues because they then don't appear on some custom themes, or at least not the way they were intended. Adding to that, any theme that does do anything creative invariably fails, which is why so many themes are basically Curve knock-offs as opposed to anything more daring. (Yes, there were designers who do more daring things, but the vast bulk of the time the theme is just recoloured.)
It's kinda like if PHP had say, "ah, PHP 4 classes suck, so no one uses them. Got it - let's just remove them in PHP 5." Who knows what might have happened to PHP had they done that. Would it have been the right move? Honestly, can't say, I've heard good things about aspect based programming.
And while there are some huge mods out there (Nao and Dragooon's Aeva Media, SimpleDesk by me and a couple of others, plus the portal mods)
You can build hooks for any feature, but too many hooks, and the system is confusing and the documentation is miles long. I know early on we discussed hooking (in PHP 4) manually every function before/after, and there were a lot of concerns, including performance, which can matter a lot to people with huge forums like e.g. Ben_S.
they're still generally not that different, because he knows the reality of how many mods don't work on custom themes, and the support boards are full of it.
That said, you'll always get some similarly. That's just UX. You can't build a completely different interface and expect people to understand it. But you can build a snazzy one that builds on the concepts users know and have used elsewhere.
The lack of premium ecosystem for SMF also tells me there's a problem.
As for mods, the situation there is marginally healthier, indicating that people generally would rather have new features than themes (at least, there is more effort put into mods than there is in themes, in general)
For example, just glance through the last submitted mods to the mod site:
* adding a user's birthday to their profile summary (in addition to the date which is there)
* specifying an alternative email address for outgoing mail, so that the admin's email isn't used for notifications
* a bugfix for the IE8 jumping text box problem, because obviously that couldn't have been added to 1.1.14/1.1.15 or similar
* two different mods for adding the Google +1 button, one for per-topic, one for per-post
* a nice FAQ mod
* a mod to replace the stats area at the bottom of the board index with a jQuery-based tab solution (which means adding jQuery, and will fail on any other theme/mod that already added jQuery)
* a mod to add several symbols as editor buttons (like 1/2, 1/4)
* putting the page number in the title of the page
1. I don't see why this shouldn't be a "mod", if you will, just one that applies equally to all themes (if the theme has a facility for showing that type of user information.) This is the sort of problem I tried to fix with TOX-G.
2. This seems like a good candidate for a core feature. Ideally, it should be built to that standard (I'd always wanted to see features "baked" as mods before going into the core, not sure if that ever happened.)
3. Bugfix mods make sense IMHO. Easy to remove and then install the official update later. Hard for hooks to do this.
4. See #1.
5. This definitely seems like hook territory. I assume it's got its own area and doesn't touch other sections.
6. This is a harder problem, but if it uses jQuery.noConflict it shouldn't cause issues even if there's a separate version of jQuery on the page. That said, a consistent js framework is a good idea.
7. Sounds like hook territory.
8. Sounds like a fairly basic mod that has no theme problems.
Over the three months I was on the Cust team, reviewing mods, the vast bulk of what came in were certainly in the 'small tweaks' category.
Now, at work we build iPhone apps. Not the main thing we do, but one of the things. We've made a handful of them.
Generally, we tell our clients: don't make an iPhone app. Make a mobile HTML5 app. They are better. You don't have to deal with Apple's review processes. They will slow you down, and possibly reject your app for even business reasons. Don't fight that battle, just make an HTML5 app.
I think the reason for small tweaks being the most common kind of mod is that the whole review thing scares away mid-sized mods. From your description, and what I've seen, there are "large" mods (which are really almost separate projects glued into the forum), and tiny mods. Where's the mid-sized ones, which seem (or seemed in the past) abundant with vBulletin and phpBB, where you have to follow manual file editing instructions? Why do those softwares have them, but not SMF? Is it because SMF doesn't have enough hooks?
Caveat: I haven't really looked at vBulletin / phpBB mods in a while. The company I work for will sometimes use them (or write custom ones for a client), but the developers decide that and I've never had to get involved.
That means if a particular mod and a particular theme don't play nicely, it's not related to the systemic issues currently in SMF and its environment, but it's that the theme does something the mod didn't expect, or vice versa - but it means that it can be dealt with on an individual basis. (Even WP has issues in this direction, I would note)
And I find it ironic that a while ago someone was complaining that SMF banned bugfix mods, which clearly would not be possible with hooks (how does one fix, for example, a hook not firing when it should by way of hooks?)
* "[Unknown "]takes a moment to say he did not intentionally hijack this topic.
-[Unknown]
23
Off-topic / Re: Unknown's thoughts on Wedge
« on June 26th, 2011, 10:35 AM »Hmm, it has 4 and 8? I probably need to look at it again. Sounds like it has improved.
Find and mark looks like a nice feature, though.
-[Unknown]
24
Off-topic / Unknown's thoughts on Wedge
« on June 26th, 2011, 10:11 AM »FWIW, Notepad++ offers 1, 2, some of 3 (there's a popup display for the selection of tabs, much like Alt-Tab does but no jump-to-specific-tab-by-number), 4, 5 if you want, not sure about 6, 7 - well, it doesn't fail on 60MB SQL dumps but it doesn't like it much, 9, 11 and 12.
It has 8 too (clone view in tab context menu).
It's not the uber-IDE but I've found it to be a very nice and capable tool, I certainly haven't found it wanting - except possibly for lack of an SVN plugin that doesn't require the SVN command line tools.
Heh, the GUIs bug me mainly because they make their own (different) choices than the developers of Subversion itself. Example: TortoiseSVN iirc commits externals by default, whereas svn commit doesn't. The correct way is what svn commit does, and I basically have to not use externals at work because everyone else uses the wrong and breaks them if I do (because they use TortoiseSVN.)
Meanwhile svn has excellent help, clean cli UI, and beats msysgit out of the part on Windows. What more could I ask for?
And what do you think of our work from what you've seen so far? :unsure:
Likely, I'm sure some people thought "my secret project" was bloated, what with its child boards and templates for each section (rather than just one global), etc. So I'm certain I'm biased.
Anyway, staying away from the details, looking at the code (whether the new Wedge stuff or old) just makes me want to clean it up. I don't know if you know, but I had a policy of re-reviewing files, periodically (on top of reviewing all incoming commits) which I did by marking files every X weeks and going through them line by line and making sure the code still jived together.
Are you guys doing code review at all yet?
Also, having managed sites that actually had multiple and seasonal themes, and enjoyed it and themes like the Comic theme, the direction I see those going saddens me. Having written large scale modifications (which if I did it over again, I'd just make it take .diff files directly, in addition to a reasonable set of hooks, but then, the realities of PHP 4 got in the way of many things), and supported people who had very customized versions of SMF and YaBB SE, the direction that's going also greatly saddens me.
FWIW, if you wonder why I like the package manager, just so you know - the reason I joined the YaBB SE dev team was to improve the package manager and put it into Trinity (YaBB SE 2.0.) Otherwise I would've never joined. I like the concept of diff updates and being able to keep records of your changes (not that I don't like and desire plugins additionally, e.g. TOX-G is designed specifically with plugins in mind.)
And there I speak about SMF and Wedge, although in different ways. I realize the "mods are only minor things" and "all themes are just colors changes of the default one" concepts come from somewhere. Seems like a... not catch 22, whatever it's called when you assume a problem doesn't exist, because you don't have it, but really you don't have it for other reasons. Seems like one of those whatever-they're-calleds to me, but that's just my opinion.
By the way, I suggest completely replacing setup_fatal_error_context() type operations with exceptions, since if you're requiring PHP 5, this will make integration much easier. This was one of the big problems with SMF back in the day because of the PHP 4 requirement. It's why lines like these exist:
trigger_error('Hacking attempt...', E_USER_ERROR);Because I was working so hard to stop people from neutering their own forum's security measures.
Ah... just memory lane, mostly, for me. Doesn't look different enough, just has stuff like PayPal all over it, which certainly makes the calendar look as much like a core feature as the "Reply" button.
-[Unknown]
25
Off-topic / Re: PHP IDE for windows
« on June 25th, 2011, 09:57 PM »Actually, so does Notepad++ ;)
1. Have multi-file, regular expression, search and replace.
2. When I press Home, go alternatively to the gutter or first non-white char (using another key, like ⌘ Command - ←.)
3. Support Ctrl-Tab and Ctrl-# to switch tabs (like Firefox, Chrome, DOS edit.com, etc.)
4. Allow line bookmarks that I can easily cycle through (good for marking areas of work and then toggling through.)
5. Color constructs, functions, variables, operators, strings, and numbers each differently.
6. Not interfere with my indentation if I don't want it to (e.g. Visual Studio may insert them, but if I still type them, it doesn't get two... some editors have no option to disable this.)
7. Large file editing (xml, txt, etc.) of 20 MB+.
8. Multiple tabs referencing the same file (concurrent editing, split view or not) with proper undo support.
9. Support/highlighter for JS, CSS, D, PHP, C/C++, XML, HTML.
10. Support for Ctrl-Insert, Shift-Insert, Shift-Delete since I still use them.
11. Pluggable tools (such as jslint) and/or "build" events with direct click on error message -> go to line.
12. Doesn't require me to learn a new meta language (hello, vim.)
The main thing I'm missing from Visual Studio is breakpoints, since I don't actually use Phalanger. Meh.
Anyway, somehow, I've been unable to find an editor other than Visual Studio that meets my expectations, including any editor on Linux. I think BBEdit for Mac was reasonably close.
I love argument assist in IDEs, only because I keep forgetting them.
Btw unknown, did Pete give you svn access yet?
-[Unknown]
26
Off-topic / Re: PHP IDE for windows
« on June 25th, 2011, 11:25 AM »I'm looking for a new PHP IDE for windows, preferably native(Java ones don't work as beautifully), I've been using phpDesigner but am thinking of moving on. What would you guys suggest?
There's also 2010 Shell and a new Phalanger, haven't bothered myself to install yet. I actually use Visual Studio (C++, etc.) whereas Shell is the free, trimmed down version. I have no need for 2010 as yet.
I can't live without function assist :o.
"Super Text Search" for multi-file searches.
Visual Studio also has multi-file regular expression replace. That's how I always changed the copyright statements in every file back in the day, actually. Ah, good times. I can't even remember if it ended up with /**/, //, or ## anymore...
-[Unknown]
27
Features / Re: Optimize release images
« on June 22nd, 2011, 03:09 AM »Unknown, PNG8 works by setting a 1-bit alpha for IE6... no optimization process will be able to determine the best threshold value for the alpha bit.
I'm only suggesting using lossless optimizations.
A lossless optimization performed upon a PNG will not change whether it uses partial transparency or full transparency. It might change its bit depth to PNG-8 from a PNG-24, but maintain the partial transparency. Or it might compress the data with a more efficient algorithm than zlib as standard. But it does so without affecting IE6 compatibility.
I'm only talking about free optimizations: the best kind. All one has to do is partake of them.
By the way, the avatars could also be optimized losslessly (read: no additional artifacts, no pixel changes) as well, but it would only save 5KB.
-[Unknown]
28
Off-topic / Re: Post-XSS scenarios and database driven sessions
« on June 21st, 2011, 07:31 PM »But then you can't really prevent an iframe fooling people, now can you? It's all up to people to properly look out for that. Session tokens might restrict them to the point where blind images won't screw but if a person does get the entire site in his iframe, he has almost endless control.
Try putting http://www.facebook.com/ in an iframe in a test.html file or something. You'll see how it refuses to load.
-[Unknown]
29
Off-topic / Re: htmlspecialchars while inserting into DB
« on June 21st, 2011, 07:22 PM »Oh? Well, I never went as far back as YaBB or YaBBSE, so I'm looking at it all from SMF 1.1 and later's perspective, and what I've seen said. My understanding was that SMF 1.0 did bbc parsing through regexp, on display, but that a vicious ReDoS could take it out because it wasn't protected against that, hence it was doing through string parsing and done on a regurgitation basis, and that security was one of the major factors.
It also had tons of bugs. If you put tags in the wrong order, all sorts of nasty things could happen, and you couldn't quote my name (I see people have seen fit to bring that bug back, though.) Autolinking was a constant source of issues too, and you'd often get HTML in your post because of it conflicting with the bbc regexps.
And I'm sure it was vulnerable to ReDoS (and would've had to be to workaround IE's horribleness.)
Given my experience with that, I'll never ever write a bbc parsing system that uses regexps. If I did, I would be almost certain it was insecure no matter how much I tested it.
Funny you should mention that, that's exactly what the WYSIWYG editor tries to do, badly. So much so that it doesn't bother converting anything other than simpler HTML.
No argument. Interesting comment there, there were plans to rewrite the bbc parser in C under the banner of smflib. (Not sure if that was after your time or not) but it never really went anywhere. It's still in SMF's SVN, untouched in pretty much forever.
I think whatever happens, we can't really afford to leave PHP, it's not like we can just conjure up a parser in C, and even if we could and did, I'd honestly not want the hassle of support for something like that.
if a post takes over a certain length of time to parse
This sounds like a good idea to me. I'm not sure offhand how we'd do it, but it seems more reasonable than just bulk throwing things at cache.
I really need to get properly familiar with TOX-G's innards. Is there anything specific you're thinking about how it operates that you'd do differently?
So either storing them in an array, and join afterward, or maybe the right way would may even be to write to a php://memory stream, and then convert that to a variable, or just use ob_start and just echo. Both of these *should* use better buffers.
Basically, and this is without profiling mind you, but I'm fairly sure the thing that makes parse_bbc slow is the number of mallocs. Any string concatenation operation is gonna be slow.
But these are just guesses, I wouldn't do anything without profiling it and being able to compare.
*nods* It does need to be done properly. I never seem to find the time to do this though :/
So, then, if we were to htmlspecialchars it on output, presumably we wouldn't do it on saving the data in the first place? Or would we unsanitise it before resanitising it?
I'd really rather not give them any more ways to make it easier to make them insecure.
Right now the calendar is seemingly used by the relative minority. A small but vocal group use it for events, and a larger group turn it on because of birthdays.
Even if both were official options, I see them as official mods.
I look at WordPress and I see they have it. Different horses for different courses but they have a calendar in the core, enabled by default. Because it suits them to do so.
The reason for my hate toward the calendar is because I consider it to be its own package on its own right. Google did it right; Google Calendar isn't just "part of Gmail", it's a separate app, and it has a lot to it.
-[Unknown]
30
Off-topic / Re: Post-XSS scenarios and database driven sessions
« on June 21st, 2011, 05:09 PM »What is clickjacking? When someone makes an image leading to a private url?
Imagine I show you your bank's webpage, inside an iframe. Imagine they show you a "site seal" or some such, with a picture. Because it's in an iframe, this works fine, and they show you exactly what you expect.
But now, I create an absolute positioned div. I place this on top of the iframe, right where the login textbox and button normally are. I carefully design it to look exactly like you're used to.
Now, sure, hopefully you check the domain name... but, after all, you see your site seal, don't you? All is well. Just your browser isn't autofilling the password. Darn buggy browser. And then you retype it. Victory for me, the hacker.
This technique can be applied to endless scenarios.
Here's another. Suppose I want you to delete a post, but you don't want to delete it. I create an interesting page with a button you can click to start playing an exciting game I created.
Next, I place an iframe on top of my game, but I set it to opacity: 0. Then I absolute position and use the zoom css property, such that the "delete" button is exactly on top of the "start playing" button.
Now all I have to do is get you to try my game. You'll tell me it doesn't work (ah, sorry, bug fixed, thanks for testing.) And now you'll have done the administration I wanted you to without even knowing it. Thanks a bunch.
Also, doesn't httponly contain a few security problems of its own? Even cPanel recommends cookie instead of httponly.
And SSL mostly protects against traffic sniffing correct? I'm mostly trying to figure out what is the significance of each security measure out there.
-[Unknown]