Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - PantsManUK
31
Plugins / Re: Plugins I refuse to do
« on April 27th, 2012, 11:49 AM »
Would a word-based arithmetic sum be any better Pete ("five minus eight" with the answer expressed as a number)? Combines what I see as being the best bits of both mechanisms... Having said that, it suffers the same drawbacks (simple to mechanically break once it's been taught to OCR the problems) Ignore me. :whistle:
32
The Pub / Re: Number of 'online users'
« on April 25th, 2012, 06:37 PM »
Thanks for the explanation. Makes sense that it's used for other things than who's on the site right this second...
33
The Pub / Re: Number of 'online users'
« on April 25th, 2012, 06:30 PM »
Personally? Drop the session for guests, it doesn't hurt me in the least... I have GA and Awstats, I get far better info from them than I do from Who's Online (which on SMF at least is "stale" from the moment it's displayed...)

Out of interest, and somewhat OT, could the associated DB table for Who's Online be treated as a "pipe" (max of say 10 rows, when number 11 arrives, it pushes number 1 off the table)? I would think that doing so, possibly using triggers/stored procedures, would give performance benefits, especially on forums with large user populations.
34
Features / Re: Multiple default skins?
« on April 25th, 2012, 12:08 PM »
Working on Android ICS (CyanogenMod 4 on SGS II, default browser and Sleipnir tested).
35
Off-topic / Re: QapTcha
« on April 20th, 2012, 10:18 PM »
I understand (really, I do). The point I was/am trying to make is, don't be afraid to discuss a small part of your security, even in detail. :)
36
Off-topic / Re: Extract images with a certain tag from Instagram
« on April 20th, 2012, 05:02 PM »
Quote from Nao on April 19th, 2012, 06:18 PM
How come I never heard about Amstamgram before they got gobbled up by Facebook? :P
TBH, it was a niche app at best before they released the Mandroid version (and got bought by Facebook).
37
Off-topic / Re: QapTcha
« on April 20th, 2012, 04:51 PM »
Quote from Arantor on April 20th, 2012, 01:45 PM
It does, yes, but it's not as if it's a measure that I'm overly bothered with hiding. A certain pragmatism in me says that the bad guys will go looking for it anyway, and there's no point in hiding this knowledge from white hats when the black hats will find it anyway.
Someone (might have been Bruce Schneier) said (and I'm paraphrasing) "if you aren't prepared to have your security tested in public, you've not got any security at all" - if you publish your entire security mechanism and it stays secure, it's secure...
38
The Pub / Re: The Cookie Law (in the UK at least)
« on April 20th, 2012, 11:49 AM »
Quote from Arantor on April 19th, 2012, 07:05 PM
Oh, I'm pretty sure that it is just for show, but until it's actually tested in a complaint, we have to assume that it isn't. Bear in mind that it is only to be used in the case of people complaining, rather than doled out by machine.
"We" could force the issue - find a UK-based website with an SMF (or any other) forum that doesn't mention cookies at all, and have a mass complaint by anyone in the EU. We'd soon see how the ICO deal with it. :niark:

TBH, I'm in the "this will all fade away eventually" camp too. They'll U-turn: just very, very slowly so no-one notices.

On a side-note - cookie lifetimes. For logged on folks ("paid up" members), it's easy in most cases because you ask them how long they want to be logged in for; just be explicit that a cookie is used to store that information and I would hope that the ICO view that as a "good faith" attempt at compliance. For "anonymous" guests, I'd like to see any cookies lasting for as short a time as can be managed - to the extent of potentially having cookies expire while anonymous users are still browsing. With more and more people leaving their browser running 24x7, you can't really rely on "End of session" cookies any more (this is a browser issue in my book - but I can't think of an easy fix...). Just my 2p...
39
The Pub / Re: The Cookie Law (in the UK at least)
« on April 16th, 2012, 05:12 PM »
Quote from Nao on April 16th, 2012, 03:13 PM
I guess it makes sense that it is -- except that I've never even heard about it being planned to be done in France...
Well, you Frenchies have strange data protection laws as it is :eheh:

Can't find the actual directive listed anywhere in the UK law, but the law itself is PECR - "Privacy and Electronic Communications (EC Directive) Regulations". I'm kinda hoping the rest of the EU shouts it down and the UK is left as Billy Nomates... About the only way I see it being repealed/changed in the UK.
40
The Pub / Re: The Cookie Law (in the UK at least)
« on April 16th, 2012, 01:51 PM »
Quote from Nao on April 16th, 2012, 12:47 PM
Quote from Arantor on April 15th, 2012, 11:11 PM
It might not, but there is always the possibility that it *does*.
In the UK only, then. We'll just ban them from using our sites, because what have the British ever done for us, anyway? :lol:
Except it's an EU directive, so all of y'all will be coerced into enacting it eventually, the UK just happened to have done it "early".
41
The Pub / Re: The Cookie Law (in the UK at least)
« on April 16th, 2012, 12:04 PM »
On my UK hosted blog, I have a script that requests opt-in for the GA cookies, and a page explaining what all the cookies sent are for and when they expire (and that if you don't like cookies, disable them in your browser because the cookie law won't fix the problem)... Hope that'll keep ICO happy for now.
42
Plugins / Re: Plugins I refuse to do
« on April 13th, 2012, 12:36 PM »
Quote from Arantor on April 13th, 2012, 12:24 PM
The only problem is that you're still putting a lot of trust in a third party, especially one that has not really had - IMHO - sufficient reason to be trusted in the past.

The reason that you see less from the plugin is that it queries with a certain threshold, rather than completely, and if that service goes down, you're still at risk - as opposed to other measures that protect you all the time for free (namely questions, CAPTCHA, in that order, heh)
All true, hence why we also have questions and a CAPTCHA :eheh:

There is no "one-size blocks all" solution to the problem, and I personally don't think there ever will be. Defence in depth is the best we've currently got, cloud-source solutions have a part to play, but more importantly admins need to keep up with the research, because (a) the people that *could* stop the bot-farms and spammers won't (the dodgy ISPs will never change their ways...), and (2) the defence measures are up against very determined attackers.
43
Bug reports / Re: SMF bug 4834 (no way to disable PM body being sent in notifications)
« on April 13th, 2012, 12:20 PM »
If a quick read of what's above will suffice; make it a user opt-in to have the body in the notification, off per default (least information leakage that way...)

As for edit/delete, I personally see no conflict whether the body is included in the notification or not. If I send you a PM, then retract it (whether before or after you are notified), a message at the time of retraction (be it by editing or deleting) to say that the recipient has already been notified of the original should serve as sufficient warning to the sender. Stupid people will always be stupid, and no amount of helper code will stop that :)
44
Plugins / Re: Plugins I refuse to do
« on April 13th, 2012, 12:15 PM »
Quote from Arantor on November 2nd, 2011, 04:08 PM
Stop Forum Spam

Although it's gotten better in recent times, it's still somewhat unreliable as far as submitting data goes, and it's still too easy to get unvalidated "I just thought it was a spammer" entries in there. There are better methods of keeping spammers out, it just requires a little more effort on the admin's part (like spending 30 seconds writing a question and answer)
I'm a big fan of SFS, but I'm fully aware that it's not a "fire and forget" solution; as an admin you have to do some work on each and every thing it flags as suspicious (number of times I've manually checked things on the website and found way more spam reported than the SMF plugin indicates... that's my only complaint about the plugin, in fact)
45
Archived fixes / Re: SMF bug 4859 (Text limit not necessarily enforced properly)
« on April 13th, 2012, 11:51 AM »
Don't forget option 3, do nothing...

For my "money", option 1, an extra byte per row, has least impact.

I prefer option 2, but that means work that you may not be able to afford at this time. Least upsetting might be 1 as a stop-gap measure until 2 can be implemented (i.e., do it right eventually).