Show Likes

This section allows you to view all posts where this member received or gave a like to.

1
Features / Re: Admin upload facilities
Arantor « on March 17th, 2012, 03:41 PM »
SMF is not in itself insecure. It's only insecure when people don't care about security and leave things in place.

If it were up to me, I wouldn't give you any upload facilities whatsoever, and have it ALL done via FTP (much like XenForo, I'll note) but I recognise that that approach isn't very friendly.
2
Features / [Idea] Re: Badges related
Arantor « on March 17th, 2012, 02:44 PM »
Also note that having an admin upload facility is a significant security risk unless I can manage to implement the strange mythical FTP crap that I've been thinking about.
3
Features / Re: Admin upload facilities
MultiformeIngegno « on March 17th, 2012, 03:15 PM »
Some time ago I read this, now I'm a bit confused.. :P
4
Features / Admin upload facilities
Arantor « on March 17th, 2012, 02:51 PM »
OK, since this has been asked, I'm going to explain this in a lot more detail.

The simple version: having any kind of ability where the admin uploads something for the forum itself, e.g. themes, plugins, smiley images, badges/rank images... this is a security risk. So too is media and attachments and avatars, but specific things can be done to mitigate those.

But anything that requires touching any of the core files is a serious security risk. Why? Because it requires opening up the core folders and files to higher permissions than they should have. This means making things writable by ANY USER on a shared host. Can we say 'hackable'? YES WE CAN!

The obvious answer is 'put permissions back again afterwards' but the thing is, people don't. They leave permissions set open for their own convenience later on, which is how come so many SMF installations get hacked at some time or another.[1]

Now, I have proposed a solution for this elsewhere but it's not a brilliant one. Specifically, it would require you (as the admin) to put in your FTP password periodically to upload things like plugins. Certain magic can be worked so that FTP (or SFTP) can be used to perform this kind of work, without making a security hole.

Before anyone asks, what are the chances of me giving you an admin upload facility that doesn't use FTP/SFTP and works solely by you changing permissions yourself? ZERO. There is ABSOLUTELY NO WAY IN HELL I will give you that ability. The idea is that you shouldn't be screwing around with it, and especially not screwing around with setting core files/folders to 777. And if you do, that's YOUR responsibility. My responsibility is in making a decision whether I give you a gun to shoot yourself with, or giving you an air rifle that probably won't kill you, you can guess where I'm going with this.
 1. Though I stress, it really isn't only SMF, it's just that's what I know for certain.
5
Features / Re: Badges and the displaying thereof
spoogs « on March 17th, 2012, 02:47 PM »
Ok... So I've always wanted a better way to manage badges and have had many thoughts on what I thought I wanted some seemed logical others panned out to be overly complex. Here is where I am now:

I'd like to see a badge management system more like an award system. I like others do not like the idea of creating a ton load of groups just to display the badges. Being able to create a badge and assign to users (maybe it can be optional to assign to an existing group) with the option to display in addition to or in place of primary membergroup badge. Additional options to display below the info in the user area, above signature, or in user profile might be useful as well. I'd also go for being able to set a badge to expire in x days.

If a member is in more than one group that has a badge, maybe display their primary badge as usual and have secondary badges displayed below the info in user area or in their signature.... maybe a setting that a a max of 3 badges can be displayed above the user avatar and all other subsequently displayed in signature on be the info in the user area.

One setting I would love if no other is to hide the group name/title when a badge is available... ie: There is a badge for Moderator so I wouldn't need/want the name of the group displayed as well.

If any of that makes any sense.
6
Features / [Idea] Re: Badges related
Arantor « on March 17th, 2012, 12:40 PM »
Ah, but they ARE a special membergroup. You cannot change them the way you can others, because they're a catch-all group that only exists if you don't put them in another group, and if you notice, it's never displayed.

Here for instance, your primary group is regular member - but it doesn't show, because there's no badge for it or anything and we have post count badges turned off (which would otherwise be displayed instead)

There's all sorts of odd behaviour in the depths of SMF that we've inherited for these groups.
7
Archived fixes / [Bug] Re: Unable to reply a post
Arantor « on March 17th, 2012, 12:45 PM »
That's interesting, because it shouldn't work like that. Stuff on Tapatalk has to be listed in their big ol' database, and Wedge isn't (I checked)
So that's an interesting result really.
8
Archived fixes / [Bug] Re: Unable to reply a post
Nao « on March 17th, 2012, 11:37 AM »
Addendum: the error only occurs if you press Reply or Quote on one of your own PMs... The Preview works otherwise. But if it's a PM of yours -- error message.

@willemjan> False positive means that Bad Behavior is telling Wedge that you're doing a potentially 'suspect' action, and thus is attempting to restrict your movements. But it seems that generating the error forces Wedge to call loadPermissions() which in turns tries to load a board ID but it hasn't been filled in yet, so it generates an error for that problem, rather than for the original problem.

Anyway, that's for Pete to fix now...

BTW, what the HELL are these HTTP requests for wedge.org/mobiquo/tapatalkdetect.js?!
Wedge is not compatible with Tapatalk. If I'm getting one of these failed requests once more, I'll mailbomb them!
Well, maybe not, but it's been a long time since I've seen the word mailbomb, wanted to use it!
9
Features: Posts & Topics / Likes
Nao « on May 11th, 2011, 03:40 PM »
Area: Miscellaneous
Feature: Reactions (Likes)
Developer: Arantor & Nao
Target: users
Status: 95% (core functionality implemented for posts and thoughts)
Comment:

We never liked karma in SMF. We don't like the idea that people get thumbs down on the basis of a message, but they never get to know which posts got them that reputation. Plus -- it's a bit of an ego trip.

Implementing 'like' buttons on posts/topics is a better way of actually guiding people through a user's best posts. We're hoping to implement the feature in every possible feature, such as media items.

The structure already implemented allows for liking any structure in theory - even plugin-added ones, and there's already the foundation for even doing it through AJAX, just more UI work needs to be done; most of the core was added in enough time to get it on wedge.org with more to follow ;)

:edit: October 2014: added support for multiple like types; renamed to 'Reactions'.
10
Features / Brave new world
Nao « on March 16th, 2012, 12:43 AM »
So... A thing happened, and then another, and my plans to publish Wedge today were scrapped. So, I uploaded the website to a temp folder, installed it, fixed a few other bugs, then left it aside for now because it's unrealistic to expect the Wedge team to upgrade Wedge.org to Wedge precisely before going to bed, ah ah. We need to make sure it works for everyone.

It will STILL make it on March 15... Just that it will be March 15, *Hawaii time* :P

Ah well. If you just can't wait anymore, here's a little something to help you wait until next morning (if you're in Europe like us.) A small screenshot of the new default skin, Weaving. And yes, this is the first time it's made public.

Hope you like it! I'm off to bed. Deserved a good (but short) night's sleep.