Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Arantor
3421
Off-topic / Re: Bitcointalk.org $11k bounty for new forum software
« on May 16th, 2012, 03:59 PM »
Also, http://www.theregister.co.uk/2012/05/15/bitcoinica_hack/
Yet another reason I'm not interested in anything related to Bitcoins.
Yet another reason I'm not interested in anything related to Bitcoins.
3422
Features / Re: Action buttons: positioning
« on May 16th, 2012, 02:51 PM »Do you mean the clear cache function doesn't clear non-file cache alternatives...?
However, there's the minor problem of what the text should say. Which is why I haven't tackled it yet...
(like icon) (empty) Like
Pressing Like.
(unlike icon) (1) Unlike
It sort of implies, "1 person unlikes this"...
So, it should say:
(like icon) (1) Like/Likes whatever you want that is positive...
And on hover, have the mini-menu open with a "(unlike icon) Unlike" link among other things.
Actually, I did notice it and I hate that kind of thing -- it can be fixed very easily by simply duplicating the link and adding a space in between...
* Arantor has nothing to add to the rest of the post...
3423
Other software / Re: Has SMF Gotten Slower?
« on May 16th, 2012, 02:47 PM »
Nope. It's very heavily used in LiveJournal, and with the fact we have blog support, I can imagine people would want it. Which is why I'm asking about it - I'm getting the feeling it's not a feature we actually *want* but that I'm pretty sure we'll be asked about, and it isn't particularly easy to do as a plugin (though it certainly should be if multi-avatars is already an option)
3424
The Pub / Re: Reminders, CAPTCHAs and registered users
« on May 16th, 2012, 02:46 PM »From my perspective, absolutely not! It could lead to account hijacking, something we've encountered several times on one of the sites I administer. In those cases, members were accessing the site from Internet Cafes and then forgetting to log-out.
You can't change password or email from the profile page - unless you can actually provide the password anyway. Not even admins can change their own password or email without knowing their current password. Now, I'm suggesting a button that essentially resends the password change email - it will only send it to that email, which is in practice no different to just going to action=reminder and filling in the name/email anyway. In both cases, the email goes out and in both cases it would be possible regardless of being logged in or not (since you can call for a forgotten password with the username, rather than the email address)
Re plugin, you could do some of it with CPF but you'd have to have the other stuff tied to it which is a source change (since I'm not sure on how much of a plugin that could be)...
The thing is, what if I register and answer (a) but then I hop on the forum from an internet cafe or similar? It needs something a bit more than that, actually.
3425
Features / Re: New revs
« on May 16th, 2012, 04:29 AM »
(3 files, 1KB)
Revision: 1583
Author: arantor
Date: 16 May 2012 03:28:51
Message:
! A variable doesn't suddenly change from being a string to a number... wrong variable perhaps? (Ajax.php)
! When liking or unliking something, send that information to a hook. (Like.php, ManagePlugins.php)
! When a thought is added, updated or deleted, send that to hooks. (Ajax.php, ManagePlugins.php)
----
Modified : /trunk/Sources/Ajax.php
Modified : /trunk/Sources/Like.php
Modified : /trunk/Sources/ManagePlugins.php
Revision: 1583
Author: arantor
Date: 16 May 2012 03:28:51
Message:
! A variable doesn't suddenly change from being a string to a number... wrong variable perhaps? (Ajax.php)
! When liking or unliking something, send that information to a hook. (Like.php, ManagePlugins.php)
! When a thought is added, updated or deleted, send that to hooks. (Ajax.php, ManagePlugins.php)
----
Modified : /trunk/Sources/Ajax.php
Modified : /trunk/Sources/Like.php
Modified : /trunk/Sources/ManagePlugins.php
3426
Plugins / Re: Crazy plugin-related idea I just had
« on May 16th, 2012, 01:19 AM »
Sure it is, though it does make life interesting for plugin authors - if it does get implemented I'd rather keep it as straightforward as possible for developers.
3427
Plugins / Re: Crazy plugin-related idea I just had
« on May 16th, 2012, 12:45 AM »
It's... interesting... trying to do that. I did originally plan on doing that actually in the package parser but I never got any useful error messages out of the RelaxNG parser that I could feed back to the user.
I could certainly apply more validation than is currently applied, though. There is already a certain amount of validation carried out just viewing the list, it wouldn't be harder to pull out a list of first level children and validate based on that at least, but it's not particularly easy to provide any useful error messages from that.
I could certainly apply more validation than is currently applied, though. There is already a certain amount of validation carried out just viewing the list, it wouldn't be harder to pull out a list of first level children and validate based on that at least, but it's not particularly easy to provide any useful error messages from that.
3428
The Pub / Reminders, CAPTCHAs and registered users
« on May 15th, 2012, 11:03 PM »
OK, so I thought about implementing a CAPTCHA for the reminder widget. It is a method of identifying email addresses - and it never gets trapped by the error handler anywhere - and ultimately something that's going to limit the points of intrusion can only be a good thing.
So I started looking at the code and something odd about action=reminder struck me: it still works for logged in members too. Now this is really weird because I'm not sure it isn't a bug, but I'm not sure it isn't intentional behaviour either.
Let me explain. If you hit up action=reminder, you get thrown into the reminder handler, which has a bunch of subactions. But if no subaction is given, it will actually load the 'please give us the username or email address' prompt, due to no specified subaction, the relevant template being loaded and then hitting up template_main from Reminder.template.php.
That part seems half like an oversight, but the more I play around with it, the more I'm not sure about it being one. It seems almost fortunate that it happens to fall into the main reminder template (as opposed to other places, i.e. almost everywhere, where it explicitly sets the subaction if no valid one was found or none was supplied), but I don't see any 'is_guest' checks.
Then it hit me. You can't change your own password if you don't know your current one - and there's no way in the profile area to change your own password directly if you have forgotten it, meaning if you did want to change anything, you'd have to go through the reminder section - and it would let you, though whether you should be able to do so is debatable.
So, there's the question: should you be able to call the reset-password stuff if you're logged in, and if not, how should you be able to reset it from inside the profile area, since you can't change your password if you can't remember your current one?
It's a tricky one, but something that occurs to me. (Of course, I could just ignore it, implement the CAPTCHA anyway, and just not bother if the user is a registered member at the point of filling in the form)
So I started looking at the code and something odd about action=reminder struck me: it still works for logged in members too. Now this is really weird because I'm not sure it isn't a bug, but I'm not sure it isn't intentional behaviour either.
Let me explain. If you hit up action=reminder, you get thrown into the reminder handler, which has a bunch of subactions. But if no subaction is given, it will actually load the 'please give us the username or email address' prompt, due to no specified subaction, the relevant template being loaded and then hitting up template_main from Reminder.template.php.
That part seems half like an oversight, but the more I play around with it, the more I'm not sure about it being one. It seems almost fortunate that it happens to fall into the main reminder template (as opposed to other places, i.e. almost everywhere, where it explicitly sets the subaction if no valid one was found or none was supplied), but I don't see any 'is_guest' checks.
Then it hit me. You can't change your own password if you don't know your current one - and there's no way in the profile area to change your own password directly if you have forgotten it, meaning if you did want to change anything, you'd have to go through the reminder section - and it would let you, though whether you should be able to do so is debatable.
So, there's the question: should you be able to call the reset-password stuff if you're logged in, and if not, how should you be able to reset it from inside the profile area, since you can't change your password if you can't remember your current one?
It's a tricky one, but something that occurs to me. (Of course, I could just ignore it, implement the CAPTCHA anyway, and just not bother if the user is a registered member at the point of filling in the form)
3429
Features / Re: Action buttons: positioning
« on May 15th, 2012, 10:42 PM »
Therein lies the problem, getting it to purge the cache does also imply having it able to purge other things, like when folks use memcache or whatever, which the current cache doesn't deal with either.
OK, just wanted to tackle something in this topic (back earlier on the original part of it)
I really think the whole 'number at the end of likes' structure would work better. As it stands you get the number before the Like wording and you get the extra space underlined when hovering because it's all part of the link.
Converting it to [icon] Like ( number ) means the thumb icon + wording can be the action itself with the number being the popup. The UI aspect gets covered, there's somewhere to put the popup invocation and it deals with the underlining that looks weird otherwise.
Posted: May 15th, 2012, 10:34 PM
OK, just wanted to tackle something in this topic (back earlier on the original part of it)
I really think the whole 'number at the end of likes' structure would work better. As it stands you get the number before the Like wording and you get the extra space underlined when hovering because it's all part of the link.
Converting it to [icon] Like ( number ) means the thumb icon + wording can be the action itself with the number being the popup. The UI aspect gets covered, there's somewhere to put the popup invocation and it deals with the underlining that looks weird otherwise.
3430
Plugins / Re: Crazy plugin-related idea I just had
« on May 15th, 2012, 10:37 PM »
The one problem is how I indicate from a 'child plugin' that it requires these features from a parent package, like in this case how we indicate that <arcade-game> block in a plugin is dependent on a given plugin being installed and enabled.
I suppose what could be done is if the plugin indicates it needs the handler function as part of the <required-functions> block?
I suppose what could be done is if the plugin indicates it needs the handler function as part of the <required-functions> block?
3431
Other software / Re: Aeva Blog
« on May 15th, 2012, 10:31 PM »
Well, it's not 'my' Aeva Media, but consider on the other hand that Nao was post-banned by the team for speaking his mind. It's only really been left there for their benefit.
Here's the thing, though, you're asking us to take a substantial amount of time out of working on Wedge (and due to personal stuff, I've not had a great amount of time for the last few months) to work on a rival to Wedge - and making that better, so it gets harder to make Wedge better as well. Not only that but we'll be expected to provide support for it (oh wait, Nao's post banned, I want nothing more to do with simplemachines.org and I REALLY don't want people here expecting SMF/Aeva support... Wedge exists because of SMF's ongoing failures and nothing more)
As I already said, Wedge already has blog support, it just needs to be made better and it already has the attach support for images (which is really just using the bbcode in the first place!!!) because it's really just using a board as a blog since really they're the same thing just with different presentation (both have topics, just in a slightly different order and putting more emphasis on the first post)
I guess I need to reiterate: THERE WILL NOT BE A BLOG PLUGIN BY US, FOR SMF OR WEDGE. We will not offer it for SMF, but it is already built into Wedge so it comes with the base package.
Here's the thing, though, you're asking us to take a substantial amount of time out of working on Wedge (and due to personal stuff, I've not had a great amount of time for the last few months) to work on a rival to Wedge - and making that better, so it gets harder to make Wedge better as well. Not only that but we'll be expected to provide support for it (oh wait, Nao's post banned, I want nothing more to do with simplemachines.org and I REALLY don't want people here expecting SMF/Aeva support... Wedge exists because of SMF's ongoing failures and nothing more)
As I already said, Wedge already has blog support, it just needs to be made better and it already has the attach support for images (which is really just using the bbcode in the first place!!!) because it's really just using a board as a blog since really they're the same thing just with different presentation (both have topics, just in a slightly different order and putting more emphasis on the first post)
I guess I need to reiterate: THERE WILL NOT BE A BLOG PLUGIN BY US, FOR SMF OR WEDGE. We will not offer it for SMF, but it is already built into Wedge so it comes with the base package.
3432
Other software / Re: Aeva Blog
« on May 15th, 2012, 10:05 PM »
Not a hope in hell of us writing anything for SMF, to be honest. Wedge has a blog function in it too though it needs more work yet, and the whole point of working on Wedge was to build on SMF, not to work on SMF itself, for us working on an SMF mod would be a backwards move.
Why can't you, for instance, upload items to media and just embed them in bbcode-written blog posts? All you're lacking, really, is convenience, not core functionality?
(And if I'm being cynical for a moment, $15 buys about 20 minutes consulting time, which isn't even close to building anything.)
I do get what you're asking but I hope you'll understand why we can't consider it realistically ourselves.
Why can't you, for instance, upload items to media and just embed them in bbcode-written blog posts? All you're lacking, really, is convenience, not core functionality?
(And if I'm being cynical for a moment, $15 buys about 20 minutes consulting time, which isn't even close to building anything.)
I do get what you're asking but I hope you'll understand why we can't consider it realistically ourselves.
3433
Other software / Re: Has SMF Gotten Slower?
« on May 15th, 2012, 05:49 PM »
That's why I referenced LiveJournal, because that does it, and I know some people do care about such - so I wondered what the feeling was for here.
3434
Other software / Re: Has SMF Gotten Slower?
« on May 15th, 2012, 04:29 PM »
Oh, sure, I just figured that it was a conversation worth having - and you KNOW we'll be asked about it.
3435
Features / Re : Rewriting the skin file parser...
« on May 15th, 2012, 04:28 PM »
Well, you're talking about caching it and having a button in order to clear that cache. I wasn't sure whether you were putting into the main data cache or somewhere else, especially as you were talking about having a separate way to clear that cache.
I figured we could use the main cache and then make it more prominent to clear the main cache (though that has other consequences on, say, accelerator-based caches)
I figured we could use the main cache and then make it more prominent to clear the main cache (though that has other consequences on, say, accelerator-based caches)