Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Arantor
7351
Off-topic / Re: Wedge support
« on May 28th, 2011, 12:21 PM »
Two things.

Firstly, it's being designed to generate less support issues. Add-ons won't need to be done through code hacking like SMF mods.

Secondly, you know I have ~43k posts on sm.org, right? Did I mention that that occurred across 2 years, of which a decent proportion of the second year I wasn't even posting...? I don't see it as being a problem to keep up with support assuming I can finish up the other stuff I'm supposed to be doing at the moment and get back to working on Wedge.
7352
Other software / Re: SMF 2.0 final THIS MONTH?
« on May 28th, 2011, 11:33 AM »
Yup, that was the plan.

You'll still get the sycophants who will cheer that the version has been bumped, but honestly, what are they cheering for? I pulled up the issue that a number of bugs have been deferred to 2.1 or later because they're minor bugs - even if they weren't introduced until 2.0 RC4 in one case...

I accept the position that all software has bugs, but to ship software as 'final' with dozens of known issues, that's ridiculous.
7353
Features: Security / Re: Dynamic CAPTCHAs
« on May 28th, 2011, 12:47 AM »
Quote
You hit the register page, the "Submit" button is grayed out with a timer counting down. It runs out and you join.
You go to post a message, same thing, the button is grayed out yada yada.. After x amount of posts, the timer is gone and you can post away.
Waste of time. All it does is actually inhibit genuine users, especially users who run with JS disabled (either because of security concerns, or simply they're using a screen reader).

That, and the fact that if you're relying on the browser to enforce something securely like that, you can take it out. Consider it: even on the user side, a significant minority have access to development tools either out of the box of with minimal effort (Firefox has Firebug, Chrome/Safari have the dev tools, Opera has Dragonfly) that can happily override this sort of thing.

A *human* spammer might see the form and be stopped by it, but a bot certainly won't be, it won't even see it.
Quote
It fills out the info, hits submit.. busted, rejected. xrumer shows a fail for that forum. (some will then remove the url others are to dumb)
So you implement that. And let's say for the sake of argument that we add this by default and that we become popular, at least that can be mentioned in the same sentence as other free forums without the phrase "unlike phpBB or MyBB" in there. As soon as it becomes even remotely commonplace, xrumer's devs will adapt.
Quote
But keep in mind, a timer would not be common like CAPTCHA is, and therefore spammers are not going to bother adjusting the posting speed for just a few hundred forums.
Yes, but if it proves successful it will be adopted by other systems. The security is, at best, through relative obscurity, not because it's actually secure by design.
Quote
But, it is something that doesn't require checking internal or external anti-spam databases, keeping it updated, adding stuff to the htaccess etc...
Adopt that mindset and you already lose the battle. It is an arms race, you must be vigilant and the only way to win in the long run is to be sufficiently unique that you're not worth the effort in breaking. Being adaptive means you are always mutating the methodology that has to be beaten.

You cannot create a single system that stands up long-term against malicious types, but you can make it harder; the CAPTCHA in Wedge is an order of magnitude better than SMF's - it's more readable whilst being deliberately difficult for bots. It's far from invulnerable, but it requires much more effort to do something with because instead of presenting multiple variations of a theme like the existing systems do, it presents multiple distinct styles, with inherited variations of those - you won't even guarantee that the next CAPTCHA you get will be in the same style as before...


I get what you're saying, but honestly, it is a mechanism that will cause more hassles than it will solve to implement. I've seen it done before, and it makes little or no difference in the long run.
7354
Features: Security / Re: Dynamic CAPTCHAs
« on May 27th, 2011, 04:48 PM »
Did you set the flood control in Admin > Posts and Topics > Post Settings? That would mitigate (not solve) posters posting more than once so quickly.

As for posting a 2600 character message within 3 seconds, what happens if I already prepared my message in another editor and simply copy/paste it?

Note that as soon as the bot authors realise what's going on, they will simply alter the code to pause, or set it to not come back quite so often. It still doesn't really solve the problem :(
7355
Features: Security / Re: Dynamic CAPTCHAs
« on May 27th, 2011, 11:37 AM »
That's the thing though, most bots these days are actually getting smart enough that they know not to hit it straight away...
7356
Features: Security / Re: Dynamic CAPTCHAs
« on May 27th, 2011, 09:24 AM »
Yeah, slowing them down doesn't make too much difference in the real world of things, actually - all it means is the difference between 1,000 and a couple of hundred spam messages - either way it's still a royal pain to deal with.

What is needed is more defence in depth; SMF (and to a lesser degree Wedge) are mostly hard-shell solutions, rather than defences that sit beyond just registration.
7357
Other software / Re: SMF 2.0 final THIS MONTH?
« on May 26th, 2011, 10:26 PM »
Quote from Makar on May 26th, 2011, 09:52 PM
I saw smf without copyright
clicking on the links  :lol: :lol: :lol:
It could be a bug but I doubt it, Robbo knows SMF well enough to know by now...

The question is whether the team will pursue it or not since in theory in the next 5 days we should be free to remove the copyright as we see fit -- IF you're using 2.0.
7358
Features / Re: request for something like this mod + datatables
« on May 24th, 2011, 06:18 PM »
Quote
In wedge any new javascript like from this mod is going to be automatically combined and added to existing javascript file?
More accurately, all the files referenced get combined and compressed before being sent to the user.
Quote
As admin i would very much apreciate the speed of that addon.
64KB minified? That's a massive extra weight to the page load. (jQuery plus the rest of the JS is already about 100KB - and that's minified and partially gzipped as well. 64KB added on is no small matter.)
Quote
I think its really great if you need big tables in your forum. You can add values in cells separated by a custom character, or use csv.
There are better solutions than using CSV. Like making the editor better and able to support decent tables, like making the table, tr, and td tags styleable and not brain-dead in how the semantic rules are enforced.
Posted: May 24th, 2011, 04:45 PM

This might make a really nice add-on, but it's the sort of thing I'd strongly suspect we wouldn't put in the core.
7359
Features: Miscellaneous / Re: Improvements to Hooks
« on May 23rd, 2011, 05:34 PM »
They really need to update that, all the hooks are described with the original limitations they had when they were in RC3... (back when I originally wrote it)
7360
Off-topic / Re: Doctor Who
« on May 23rd, 2011, 10:38 AM »
*nods* As per "Sir James Bond", aka David Niven, in the original Casino Royale film. You can see how many James Bonds there...
Quote
... vocationally devoted, sublimely disinterested. Hardly a description of that sexual acrobat who leaves a trail of dead beautiful women like so many blown roses behind him - that bounder to whom you gave my name and number.
I really must watch that again sometime. (David Niven, Peter Sellers, Woody Allen, Orson Welles and Ursula Undress Andress... what's not to like? :D)
7361
Off-topic / Re: Doctor Who
« on May 22nd, 2011, 11:24 PM »
There was an article I found... oh at least a decade ago, proclaiming that Bond was definitely a Time Lord, and goes on to explain it pretty convincingly; page is long since gone though.
7362
Features: Miscellaneous / Re: Improvements to Hooks
« on May 22nd, 2011, 08:21 PM »
Well, not *that* code - that's Wedge code.

In your case, you'll create your file, farjo_code_changes.php, and put it in Sources/

Then your package installer would contain:
Code: [Select]
$hooks = array(
'integrate_menu_buttons' => 'farjo_add_menu_items',
'integrate_pre_include' => '$boarddir/Sources/farjo_code_changes.php',
);

foreach ($hooks as $hook => $function)
add_integration_function($hook, $function);

But the principle's the same. Nao just streamlined what the add function did to avoid the complexity and hassle.
7363
The Pub / Re: Front Page  Something other than a board listing.
« on May 22nd, 2011, 07:13 PM »
-sigh-

A front page would not be the same as a portal. It would be a front page, and customisable but still JUST a front page...
7364
Features: Miscellaneous / Re: Improvements to Hooks
« on May 22nd, 2011, 06:36 PM »
Yes, basically.

Really, all a hook physically is, is just a setting in $modSettings that contains a 'to do' list. For the include hooks, it's a list of files to load, for the rest, it's a list of functions to call.

You'll see call_integration_hook() mentions throughout the main SMF source (we renamed the function and the hooks, more on this later), which say, "Get this list of functions, and run them" - and often passing information to the hooked functions, so you can manipulate them right there.
7365
Features: Miscellaneous / Re: Improvements to Hooks
« on May 22nd, 2011, 06:25 PM »
Yup. integrate_pre_include just contains a list of files to load on SMF startup, you set it in the installer and no file edit is required to have that file loaded later.