Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Arantor
2491
Features / Re: $context['current_area']
« on November 6th, 2012, 03:56 AM »Oh shit, that was sarcasm, wasn't it...?
mmk. I just thought it was an oversight when there was action and sa in loadTheme but not area.
2492
Features / Re: $context['current_area']
« on November 6th, 2012, 03:41 AM »yes.
II want to use a context variable to determine if I'm in a certain area. In a plugin, so I don't have $menu_context available. I'm also not creating a menu.
Or, you could just use $_REQUEST['area'] like the rest of us would do.
2493
Features / Re: $context['current_area']
« on November 6th, 2012, 03:27 AM »
Because it's not generally needed, and if you do really really need it, $menu_context['current_area'] will generally have it anyway.
Besides, action and sa are actually more widely used than area, though you're expecting complete system-wide consistency from SMF?
Besides, action and sa are actually more widely used than area, though you're expecting complete system-wide consistency from SMF?
2494
The Pub / Re: Hardening admin security
« on November 6th, 2012, 02:13 AM »
No, it's not the same. Apart from the fact you have no idea whether he's referring to pages or entire sites or not, or his sample size - 99.7% of 1000 sites polled might reveal interesting results depending on what the 1000 sites were, assuming he even went to 1000 sites to collect that data.
I'm also pretty sure Google doesn't track me very well, because I value my privacy... Getting a little off topic but I'm willing to keep arguing about this if you are.Quote Or you could just not install this in the first place since there was precisely zero chance of it ever becoming core using Google, slim enough chance of even the lesser variety being a core feature, but I value a simpler life, so maybe someone else can implement this idea instead of me.
I'm also pretty sure Google doesn't track me very well, because I value my privacy... Getting a little off topic but I'm willing to keep arguing about this if you are.
If you're concerned about your data, you can switch back to "normal authentication". If you're already using some Google service and/or a smartphone with location services and/or adding your data to a website that use Adwords, Analytics and so on, it's not a big deal to tell google you're the admin if X forum.
2495
The Pub / Re: Hardening admin security
« on November 6th, 2012, 02:03 AM »
*shrug* I gave up worrying about this being in core earlier this thread when I realised the hassle it would actually cause, because if I make it core, it's going to screw users over who shouldn't be using it, and it's only going to lead to more of the above in this thread, namely 'Why don't you use <third party service>' which would send any sane administrator running for the hills.
2496
The Pub / Re: Hardening admin security
« on November 6th, 2012, 02:01 AM »
He said that '99.7% of all the websites are analysed', what does that even mean? It doesn't actually mean anything, because it's not about the sites, it's about the users...
And it's also not about what you think it is... so what if Google has my home address from my domain records? That's of no use unless you can validate that it is me browsing, or that the person browsing from a given IP address (or with relevant cookies) is a certain person, whose habits you already know and can serve up appropriate ads. What information you think you have and what you give Google is almost certainly not what you think.
If you genuinely understood the risks that Google poses to privacy, you wouldn't be recommending them at all.
And it's also not about what you think it is... so what if Google has my home address from my domain records? That's of no use unless you can validate that it is me browsing, or that the person browsing from a given IP address (or with relevant cookies) is a certain person, whose habits you already know and can serve up appropriate ads. What information you think you have and what you give Google is almost certainly not what you think.
If you genuinely understood the risks that Google poses to privacy, you wouldn't be recommending them at all.
2497
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:57 AM »
That assumes you can figure out the carrier from the phone number. Oh, and it doesn't work on all carriers. Mucho headache involved. (Been there, done this.)
2498
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:54 AM »
Of course a text would be cool. Let me know when you figure out how to send a text from off the shelf web hosting.
2499
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:50 AM »It's an open source project, they're not inserting any strange code (iframe, js or other).
On a similar note, Google Analytics isn't about advertising to you, it's about tracking you, watching where you go. If they know where you're going, what you're logging into (bearing in mind you're tying it to a Google account, no less), they're going to advertise to you more like that on their other services. Everything goes towards bolstering their profile of you.
2500
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:36 AM »
Aside from the fact I already said it would be disableable anyway (including by default), a forum that's running without email facilities is likely to be limited anyway...
Being honest, I get annoyed with this sort of suggestion, because it just makes me feel like I shouldn't try to have ideas because they all end up leading back to the fecking Google monster in some fashion. All I'm hearing is "Whatever your idea is, it's cute but it would be better with Google." Maybe I'm just taking it less than wonderfully but that's how I'm seeing it right now. It reminds me of the vBulletin vs XenForo video where the one side is reduced to saying "But we have Kier Darby" as an argument technique.
Can't be arsed to make this core because providing something like this in the core is going to cause more problems than it would save - Google tentacles notwithstanding.
Being honest, I get annoyed with this sort of suggestion, because it just makes me feel like I shouldn't try to have ideas because they all end up leading back to the fecking Google monster in some fashion. All I'm hearing is "Whatever your idea is, it's cute but it would be better with Google." Maybe I'm just taking it less than wonderfully but that's how I'm seeing it right now. It reminds me of the vBulletin vs XenForo video where the one side is reduced to saying "But we have Kier Darby" as an argument technique.
Can't be arsed to make this core because providing something like this in the core is going to cause more problems than it would save - Google tentacles notwithstanding.
2501
The Pub / Re: Rearranging the languages/ folder
« on November 6th, 2012, 01:28 AM »
If you're happy with it, I'll do the file moving tomorrow and fixing the relevant logic, it'll just take a few commits to get everything moved (while keeping history)
2502
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:24 AM »
How is it more comfortable to use than clicking on a link in an email?
2503
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:14 AM »
There would still have to be a manual method, in case of email troubles anyway. But this just seems to be including a whole level of extra stuff just for the sake of using "Google Authenticator" when 95% of the effect can be achieved for a fraction of the effort.
If you're running a forum, you already got email.
If you're running a forum, you already got email.
2504
Features / Re: Permissions UI
« on November 6th, 2012, 01:11 AM »
I'm assuming the comments in http://wedge.org/pub/bugs/7663/delete-member-does-not-delete-pm-rules/msg283026/#msg283026 were really meant for this thread.Quote That's one of the many myriad things that could actually be fixed by this logic. Only groups that have their own distinct permissions get shown.Quote I'm thinking that the core permissions stuff should be overhauled to include media permissions as well so there's one place for all kinds of permissions.Quote Well that depends on how thoroughly I overhaul this really - but whatever we decide, I'm happy enough to tackle. I've had first hand experience of developing then debugging a complex permissions system. (I'd note it's not perfect, but mostly because of the complicated way board access was handled. The underlying permissions are still fine.)
Which leads me to two remarks about permission copying:
- we should make it clearer in the permissions page what the difference between 'inherit' and 'base' is (I actually had to go through the source code to be sure I was going to 'copy' them from the Regular Members table!)
- when copying permissions from another membergroup, also copy their media profile permissions!!
i.e. go through all media permission profiles, get the original membergroup's permissions, and copy them for the new membergroup.
Do you think you can do it, Pete? I'm way too uncomfortable with permission code. But OTOH, here it's mostly media permissions, which you may not be as well versed into. My knowledge about them is not perfect either -- that feature was broken by Dragooon, and I had to learn how to use it first. And it was years ago...
2505
The Pub / Re: Hardening admin security
« on November 6th, 2012, 01:03 AM »
I *really* don't like that idea. Not just because I find Google increasingly creepy, but because I find the idea of turning admin control of a site over to a third party for 'authentication'.