So, as Xee is almost done, and I'm mostly waiting for external contributions, I decided it was time to start working on the Legendary Next Update for Kareha and Wakaba.

Only problem is, it's been a long time, and I've forgotten most of what needs to be done. Most of it is mentioned SOMEWHERE on the board, though. So this is your chance to pipe up with your pet feature request, or if you're feeling really helpful, to dig out some old posts that mention things that need fixing.

Hop to it!

>>157
So the functions need to be hardcoded to a post element one way or another? If I wanted to, let's say, create a template for gazo-box or Shiichan (both use checkboxes for sage), I'd need to slightly modify kareha.pl to check that new checkbox input instead of the Link string input?

An interesting limitation. Thanks for explaining.

About permasaging/deleting after a certain thread filesize is reached: would this be the same as a limit on the total number of characters in a thread? Or would we also include WakabaMark formatting, hyperlinks (including navigation), name/date/title headers, reply boxes, and non-Unicode characters in the formula?

>>158
Chances are that most if not all major/fundamental changes made to Kareha's core scripts will clash with the philosophy of most people here (including WAHa), and they won't care for them anyway. There really aren't all that many big-bang end-user features left to be implemented in Kareha before it loses its minimalist charm.

P.S. Reminder for >>85

RENZOKU are the flood detection things... even if they are useless MAX_POSTS_PER_MINUTE makes a lot more sense than RENZOKU2

3) was about a string to trigger ID:Heaven, not a constant for the Heaven part (which is already configurable)

Re: email/link field

Just because it works one way on 2ch/whatever does not mean it is the best way. Having 'fusianasan' as the only way to trigger the effect is just narrow-minded. Functions should have descriptive names to the people using them; should we keep the field names in Japanese because the Japanese have them in Japanese? Having all of the applicable things configurable is something that makes sense, and you can easily have both 'fusianasan' and 'show_ip' that work at the same time. Frankly, the combinations of many things into unrelated fields is a design flaw. What if you want to use a name/trip and fusianasan? What if your email address contains the string 'sage'? What if you want to sage a thread, but have an ID still?
I think the confusion of existing users is worth reducing the learning curve and improving the intuitiveness.

I'm not saying that the default behaviour needs to change, but being able to easily configure the strings used allows for easier localization.

I probably misspelled fusianasan too, why should I have to remember something so foreign?

Well, there are some issues to consider here:

• Hardly anybody needs to ever use fusianasan. It's a gimmick. Design decisions should not be made around it.
• The strings may be strange, and combining fields isn't the best design possible, but this is a 0ch clone, after all. If I were designing something from scratch, I'd do things differently, but as it is, people are expecting 0ch behaviour, and it would confuse them if the script worked like 0ch in some ways but not others.
• I might consider adding additional strings that trigger sage and fusianasan, but I'm not sure what they should be.

In the end, people actually enjoy the 0ch quirkiness. I know I do. I know about designing good interfaces, but there's something fun about an interface that is a little bit quirky, as long as it doesn't get in your way, and these things don't.

> Frankly, the combinations of many things into unrelated fields is a design flaw.

I don't think so, not in these cases. What's the alternative? Having a different field for fusianasan, a new checkbox for sage, etc.? That's just cluttering up the interface.

> What if you want to use a name/trip and fusianasan?

Then just make one post with your name/trip and one with fusianasan and let your ID show up in both.
fusiansan is just intended for rare or special cases anyway, as is the whole subject of identification on anonymous message boards.

> What if your email address contains the string 'sage'?

Huh?

> What if you want to sage a thread, but have an ID still?

Then the board has to be configurated to just do that (it already can).

> why should I have to remember something so foreign?

It's rarely needed anyway. Also, these things are pretty easy to remember. "sage" and "fusianasan" is all there is, really.

>>161

>3) was about a string to trigger ID:Heaven, not a constant for the Heaven part (which is already configurable)

That's what I was referring to also in >>154 (S_NOID being the theoretical trigger string for ID:Heaven).

Concerning localization: there are certain compromises with input triggers that must be made in order to maintain interoperability with Japanese users coming from 2ch/Futaba. They're not going to care about a system where "sage" and "fusianasan" (in Roman too I'm guessing, can someone confirm this?) don't work in their respective fields. In effect, 2ch set a standard of usability that we need to follow if we want to build a bridge between both communities.

On the flipside, I think there should also be a secondary set of trigger strings that would be more coherent to Western users and universal to all Western boards. Making them configurable from site to site is really dumb, because it would create an unthinkable usability mess. With Shiichan's death, Kareha stands unrivaled, and setting these strings in stone would ingrain them in the culture like "sage" and "fusianasan" have been in Japan. Thinking very optimistically, if a Western BBS site should grow into something large enough for 2channers to strongly take notice of, they would pick up on these triggers and possibly make their own concessions to implement them in 0ch.

What they should be is yet to be determined. Unfortunately, they'll probably have to be pretty dull in comparison to the witty botanical references and word puns in 2ch and Futaba.

>>163

>I don't think so, not in these cases. What's the alternative? Having a different field for fusianasan, a new checkbox for sage, etc.? That's just cluttering up the interface.

Then why not simply boil it all down to the comment field, with trigger strings for inputting the name, e-mail, sage, ID:Heaven, and fusianasan? You can get a lot more minimal with the current interface.

>Huh?

He meant saging a thread just because a part of the actual e-mail address contains the word "sage."

> Huh?

You know, like [email protected].

Shiichan 2000 let you enter "down" to sage and "showip" for fusianasan, but it was mainly just a curiosity and was not used. There's no one English word that does the job of the pseudo-Japanese "sage". Better to have a tick-box and explain to people why it is useful. Or an option for it.

> Then the board has to be configurated to just do that (it already can).

No, 148 is referring to a user-end problem, not a server-end problem.

>>> In the end, people actually enjoy the 0ch quirkiness. I know I do. I know about designing good interfaces, but there's something fun about an interface that is a little bit quirky, as long as it doesn't get in your way, and these things don't.

It does get in your way though, I enumerated cases where this is the case (albeit edge cases).

>>>Then just make one post with your name/trip and one with fusianasan and let your ID show up in both.

fusiansan is just intended for rare or special cases anyway, as is the whole subject of identification on anonymous message boards.

You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).

>>>It's rarely needed anyway. Also, these things are pretty easy to remember. "sage" and "fusianasan" is all there is, really.

You spelled it fusiansan once.

Also, how is Kahera unrivaled when there are still large sites that are not running it? Shiichan is still on world4ch, Thorn on parts of wakachan for example.

http://wakaba.c3.cx/sup/kareha.pl/1127713568/l50 is also semi-relevant

Oh:

> Getting back to inconsequential nitpicking: I find the "___ image replies omitted" phrase to be a bit redundant, and for one it confuses me as to whether or not those image replies are separate from text-only replies. How about simply calling it "images"?

Yes, that's a great idea, which is why I've always done just that. You're thinking of 4chan.

> (albeit edge cases)

Which is the crux of the matter - it mostly doesn't matter to the vast majority of users.

> You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).

You can use fusianasan with a tripcode, at least on Kareha. I suspect you can on 0ch too, but I haven't checked.

How come this is now the by far biggest thread on this board?

Maybe it's because I'm posting useless replies like this one!

>>165

>There's no one English word that does the job of the pseudo-Japanese "sage".

How about "dontbump" or "nobump"? Using "down" is pretty misleading, since sage doesn't bump a thread up nor down; it just stays in its place until a thread below is bumped.

>>167 orz

In reference WAHa's post in http://wakaba.c3.cx/sup/kareha.pl/1127713568/l50

>It's been suggested to change the no-ID-on-email to no-ID-on-sage

That sounds good to me.

>>170
But my good man, sage means down.

> Also, how is Kahera unrivaled when there are still large sites that are not running it? Shiichan is still on world4ch, Thorn on parts of wakachan for example.

These are temporary problems because the webmasters of both sites are too stubborn to upgrade.

> Better to have a tick-box and explain to people why it is useful. Or an option for it.

Yes, an option. Because I think a tickbox is horrible.

This is a widely used system. There is a very low learning curve here. sage = does not bump thread when replying, that's all there is to know. People can then figure out why it is useful on their own.

And personally, I think sageing should be encouraged more (since the perceptions on it have been pretty much ruined by 4chan). So it helps that it stays in the E-Mail/Link field instead of being purged from the tickbox each time like Shiichan does (interestingly, 4chan's Futallaby does also purge "sage" if written in all minor letters).

> He meant saging a thread just because a part of the actual e-mail address contains the word "sage."
> You know, like [email protected].

Well, then you are out of luck, aren't you? So you want to enter your E-Mail but cannot because then the post wouldn't bump then? Solution: Write it in the comment field, problem fixed.
There is no reason to change well-known keywords for this or even turn this into a frustratingly unconvenient tickbox/checkbox.

> Making them configurable from site to site is really dumb, because it would create an unthinkable usability mess.

Why? Let people figure out things themselves, if they are so keen on changing their keywords. They can get together in their own webmaster threads and figure this out. I don't see why this should be solved here.
Of course I think this is a dumb idea in the first place. Nobody needs to know what fusianasan and sage are. Write a FAQ with two sentences about it and/or let your oldtime users tell newbies. Two frickin' words, and you people talk about it as if it were something like making up a new system of romanization!

> Then why not simply boil it all down to the comment field, with trigger strings for inputting the name, e-mail, sage, ID:Heaven, and fusianasan? You can get a lot more minimal with the current interface.

That's a bit too much. You want to talk about sage and fusianasan in the comment field, not trigger it with it.
I suspect you are joking here, though. Design is about what you can take away and still remain optimal conveniency/efficiency on the user part, not about taking as much away as you are technically capable of.

> You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).

You'd figure that people who know what fusianasan is will also know how to trigger IDs.

> You spelled it fusiansan once.

So I misspelled one word once.

Sue me!

> Also, how is Kahera unrivaled when there are still large sites that are not running it? Shiichan is still on world4ch, Thorn on parts of wakachan for example.

Neither world4ch nor Pichan are by any means "large". Also, yes, as Shii said, their webmasters are stubborn.

PS: I just tested fusianasan + tripcode on 2ch, it works fine.

What does Thorn have to do with Kareha? Thorn's counterpart is Wakaba.

Anyway, the version of Shiichan on world4ch is bust. It's not a case of feature versus feature here, Shiichan simply doesn't work. It's not worth comparing until it doesn't break regularly.

If Shii were still working on it might be different, but Shiichan is effectively a dead project which incidentally has a closed and broken version working on world4ch.

> and/or let your oldtime users tell newbies.

Like so? http://wakaba.c3.cx/soc/kareha.pl/1124991549/7

>>178
There will always be pranksters around. This is probably a good example on what matters to trust tripcoders more than anonymous contributors.

Trivia: Here is a list of 2ch kopipe to fool people into using fusianasan:
http://ansitu.xrea.jp/guidance/?fusianasan

>>180

The one with encoded Javascript that makes you post with fusianasan is cute.

>>174

>Let people figure out things themselves, if they are so keen on changing their keywords.

If you really want to use your own custom trigger strings, you can easily search kareha.pl for instances where "sage" and "fusianasan" are used in that context and either replace them with those custom strings or append them as secondary strings. It's not something that warrants additional config.pl parameters.

>>182
That's not what I meant. What I meant was: If people want to change keywords to something, let them figure out at appropriate places what this something should be. Whether it should be "down", "stay_down" or "stay_put" is not really a discussion belongs here, not at this point anyway.

>>183

No, that's just plain wrong. It is very much the job of the programmer to decide on such issues, and make sure they work consistently across boards.

>>184
If people are going to decide to use custom names for paramaters, then there isn't much you can do about it anyway, or is there?

No, but that's not the point.

Another topic: since dynamic pages eat up CPU in order to rebuild pages according to URL parameters, what would be the likelihood of the current dynamic thread subpages having a significantly adverse effect in this aspect if a board were to grow to 2ch-sized proportions? Should there be a consideration to make these pages as static as the front page?

Also, let's put out a partition to kill secure tripcodes (unless they originated from 0ch/Futaba) and captcha (until we find a way to implement similar functionality without requiring it in the form of a GIF/PNG image), and add functionality for multiple uploads in one post.

And is there any practical way that Kareha can be modified to run multiple (even nested) boards in a single installation?

> partition to kill secure tripcodes

signed

> add functionality for multiple uploads in one post.

I think this was decided against before.

> Another topic: since dynamic pages eat up CPU in order to rebuild pages according to URL parameters, what would be the likelihood of the current dynamic thread subpages having a significantly adverse effect in this aspect if a board were to grow to 2ch-sized proportions?

The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.

The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.

> Also, let's put out a partition to kill secure tripcodes (unless they originated from 0ch/Futaba)

Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.

> captcha (until we find a way to implement similar functionality without requiring it in the form of a GIF/PNG image)

That's even more non-sensical. Nobody on the entire internet has figured out a reasonable way to implement captcha except by using images, and the only boards that use them are image boards where you have to load images anyway. And finally, they aren't just there to annoy you, people do actually try to flood boards, and they are stopped by the captcha.

> And is there any practical way that Kareha can be modified to run multiple (even nested) boards in a single installation?

Not without doing a lot of changes throughout the code, and not without breaking current installations.

Also, for multiple board installations, use symlinks to allow you to keep just one installation of the main code files.

> the only boards that use them are image boards where you have to load images anyway.

Correction: http://www.akatsukimanga.com/kareha/

> The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.

A better solution would be to use mod_rewrite to rewrite all /kareha.pl/$number/ links to /res/$number.html
It schould be a lot faster then running the script and the links stay the same.

>>Well, then you are out of luck, aren't you? So you want to enter your E-Mail but cannot because then the post wouldn't bump then? Solution: Write it in the comment field, problem fixed.

There is no reason to change well-known keywords for this or even turn this into a frustratingly unconvenient tickbox/checkbox.
Having a specific trigger to trigger ID would also work.

>discussion of only one comment box, then you couldn't talk about sage/fusianasan/whatever

You could only trigger the functions in a specific format, say

:link-sage
:name-blah#faggot

lol comment

I do not believe this was an actual request, but it is obviously possible and usable. Another way would be escaping keywords that you want to post.

> partition to kill secure tripcodes

Why? If you are going to get rid of secure tripcodes you should get rid of tripcodes by the same reasons. On another note, why have I seen partition instead of petition multiple times?

>So I misspelled one word once. Sue me!

My point was that it is unnesessarily obtuse, not nit-picking that you misspelled it.

>This is a widely used system. There is a very low learning curve here. sage = does not bump thread when replying, that's all there is to know. People can then figure out why it is useful on their own.

You would think there is a low learning curve, but that is not really the case. For example, on an imageboard, what effect do you have making a sage post (with no real content) with prune oldest and a permasage limit? What about prune oldest with a permasage limit that excludes sage replies?

>trigger replacements

I'm not sure what to replace sage with, if anything. Down certainly doesn't describe it (to me it implies the reverse of age, which is not the case). don't_bump or dont_bump? show_host or show_ip works for fusianasan imo... show_ID to trigger ID?

> Why?

I am not the user who initiated this parition but I find them to be triggered far too often.

> On another note, why have I seen partition instead of petition multiple times?

An old imageboard meme. Don't ask!

>>193

> For example,

Different boards having different settings does not at all touch the question whether the learning curve of sage="does not bump thread" is low or not. It's up to the admins to tell their users what a particular modification on their board implies for "sage" - hopefully in a more responsible way than on 4chan.

>>189

>The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.

How about a config.pl parameter to split up thread subpages into X posts per page? The navigation links already use 100 posts per page for practically everything except "Last 50 posts".

Hmm, I just remembered: >> links would not work at all with static pages. Not good.

>Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.

Right, I guess it was dumb to mention 0ch/Futaba in the first place. The point is, as you said yourself, tripcodes are a gimmick, and if someone wants to maintain a persistent identity across multiple boards and sites (ie, everyone here with a tripcode), they have no choice but to use ordinary tripcodes. Secure tripcodes are useless because they limit your identity to a single board, supposing each board/site's cipher key is different -- which it should be, since that's the point of having a secure tripcode in the first place. No one should be so paranoid about a tripcode that they'd need to have a different one per board/site.

>Not without doing a lot of changes throughout the code, and not without breaking current installations.

Shouldn't we sacrifice some backwards compatibility for a more robust and scalable design? It might even be possible to provide an upgrade.pl for old threads.

>>193

>You could only trigger the functions in a specific format, say...

That's a cool idea, though for now it would have to be left alone if we want to keep Kareha compatible with 2ch/Futaba conventions.

>>195
Exactly. The methods and the effects of saging a thread are separate subjects.

P.S. I recently discovered "rXX-XX" for threads in /soc/. How exactly does this work? From the sound of it, it's supposed to randomize the post order, but when I hit refresh I get the same order.

>>196
Actually, a solution to >> links with static pages is to simply make them reference a certain point on a certain page number for that thread (ie, http://wakaba.c3.cx/sup/1129153864/index2.html#197).

> but when I hit refresh I get the same order.

Browser cache. Try shift-refresh.

It doesn't take a specific range, just >>r30 for 30 random posts.

> Right, I guess it was dumb to mention 0ch/Futaba in the first place. The point is, as you said yourself, tripcodes are a gimmick, and if someone wants to maintain a persistent identity across multiple boards and sites (ie, everyone here with a tripcode), they have no choice but to use ordinary tripcodes. Secure tripcodes are useless because they limit your identity to a single board, supposing each board/site's cipher key is different -- which it should be, since that's the point of having a secure tripcode in the first place. No one should be so paranoid about a tripcode that they'd need to have a different one per board/site.

True, they're of limited usefulness, but people like admins might prefer to use them. And there are certain cases were you might use them temporarily for various purposes. I wrote the code already, so I might as well leave it in. It has some uses at least.

> Shouldn't we sacrifice some backwards compatibility for a more robust and scalable design? It might even be possible to provide an upgrade.pl for old threads.

I think I'm too lazy to do it. It's kind of hairy. Besides, as I said, you can remove a lot of the drawbacks of seprate installations by using symlinks.

>>191

Thanks for reminding me that I need to fix the CSS for the captcha!

> people like admins might prefer to use them

but they have capcodes now...

>>201

Yeah, no, maybe. Using secure trips for capcodes also adds extra protections against accidentially misspellingyour capcode and leaving it open to attack.

>>177

> It's not worth comparing until it doesn't break regularly.

The only problem with it is that it doesn't do paranoid file writes. The fact that the entire server occasionally breaks isn't related to how broken the script itself is.

> the entire server occasionally breaks

Occasionally?

Well, that might be it, except that on world4ch at least one board breaks every week, if not more. Incidentally, as of this writing, 4chan's /dis/ and /sug/ are also toast (third time this month?).

As it is, I can't recall ever seeing kareha break.

If we must discuss Shiichan's bug (which I believe we don't): I like the one where it sometimes turns an existing thread at the end of the All thread list into a thread with no subject, creation date set as 31 Dec 1969: 19:00 and then set to -1 posts (!) - and when you post in it, you 0GET and your IP appears as the subject.

It's a brilliant, better than fusianasan! Try it out: http://dis.4chan.org/read.php/dis/1121735647/

Congratulations to 82.94.251.206!
So the subject line will look like this:
[username]<><>[unix timestamp from now]<>[content of comment box]<> <>[IP]

From here on, this thread is about Kareha again:
↓

Recapping, here are the things I'd like to see in the final release:

• better configuration of date and time (with optional timezone offsets), parsing certain characters for individual elements (ie, yyyy/MM/dd(D) hh:mm:ss -5:00:00) and also accepting numerical inputs for fixed dates and times (Eternal September)
• config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached
• change the no-ID-on-email option to no-ID-on-sage
• no EMAIL_ID parameter (most if not everyone uses "Heaven" anyway, and if they really want to change it they can easily find the string in kareha.pl)

Some nitpicky template adjustments to mode_message in order to more closely resemble 0ch (see http://f17.aaa.livedoor.jp/~zerotest/jikken and http://0ch.mine.nu/jikken):

• multi-page links (1-, 101-, 201-, etc) at the top of subpages
• red, bold thread filesize indicator near the bottom of subpages
• "read all later posts" link just below the filesize indicator
• non-bolded post numbers
• colons before dates
• colons before names (thread subpages only)
• colons after thread position number in main page thread list
• smaller and (at least for Pseud0ch) black and bolded title in "Create new thread" box

More information on the all threads page, date of the last post? file size?

A quote button that puts >>n and puts the post prefixed by > in the reply box

Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

A trigger for turning wakabamark off and one for forcing a monospace font

> change the no-ID-on-email option to no-ID-on-sage
> multi-page links (1-, 101-, 201-, etc) at the top of subpages

Already implemented.

> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached

Isn't this essentially the same as saying "Please don't talk so much?"

> no EMAIL_ID parameter (most if not everyone uses "Heaven" anyway, and if they really want to change it they can easily find the string in kareha.pl)

The choice of this string is so weird and arbitary, I feel better keeping it as an option so that I can disclaim responsibility!

> better configuration of date and time (with optional timezone offsets), parsing certain characters for individual elements (ie, yyyy/MM/dd(D) hh:mm:ss -5:00:00) and also accepting numerical inputs for fixed dates and times (Eternal September)
> red, bold thread filesize indicator near the bottom of subpages

Pretty useless. I'd rather not waste work and code on something that has no actual use. (Timezone offsets would be useful, but this is such an incredibly hairy issue to get right, I don't want to even try. Just handling Daylight Savings Time would make my head explode, and I can't just leave it out, because then either the admin has to keep changing the offset, or the time will be wrong half the year anyway.)

> non-bolded post numbers
> colons before dates
> colons before names (thread subpages only)

what

>>210

monospace font? like this?

> More information on the all threads page, date of the last post? file size?

That might be somewhat useful, I suppose. I'll have a look at it.

> A quote button that puts >>n and puts the post prefixed by > in the reply box

There's already a way to put in >>n. However, quoting an entire post is seldom something you want to do anyway, so I don't think that's worth cluttering up the page with a million buttons for.

> Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

> A trigger for turning wakabamark off and one for forcing a monospace font

I've been trying to work out a more elegant solution for this.

>> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached

> Isn't this essentially the same as saying "Please don't talk so much?"

I am not >>208 but the first who suggested this here (long ago). I think it may be vital for future, actually popular boards to limit the filesize of a thread so that the board won't get hammered by repeated loads of whole threads without having to limit the size of posts themselves something fierce.

Whoops, sorry. I read "close" instead of "permasage".
Permasage on filesize seems pretty silly, yes.

>>208

> multi-page links (1-, 101-, 201-, etc) at the top of subpages

This is just implemented on some 0ch types. 2channel doesn't use it (at least on no board that I know of).

> More information on the all threads page [...] file size?

If (optional) closing on filesize should be implemented, this would probably be a good idea.

>>209

>> More information on the all threads page, date of the last post? file size?

Well, I had already proposed the filesize indicator in >>208, but optimally I would actually prefer that subback resemble the one in 0ch (ie, same as the main page thread list, but without CSS).

And single-post links don't include the thread's first post anyway, so there's no need for >>n. Quoting an entire post is not wise either.

>>211

>Isn't this essentially the same as saying "Please don't talk so much?"

In a sense, yes. Just like the postcount limit could be interpreted as "Please don't talk so long".

>what

main page -- 161 Name：◆WAHa.06x36：2005/10/21(Fri) 14:44 ID:Heaven
subpage -- 4 ：◆WAHa.06x36：2005/10/21 14:44 ID:Heaven

Question: does Kareha have a 1001th post message like "Name: 1001:Over 1000 Thread" for when a thread exceeds its postcount limit?

>>216
I remember at least one or two boards on 2ch that used it, though I can't remember which (moon language and such, you see).

I apologize for the dumb question I made at the end of >>218. I forgot that Kareha permasages (not closes) a thread after the limit is exceeded, so there's no need for a hypothetical 1001th post anyway! orz

Kareha can't use different layouts for posts on different pages, except by CSS trickery. I could add the second colon, though.

Also, I've implemented optional thread closing now, but there's no extra post. That would just be a total mess to implement, and would make re-opening threads annoying, if such a feature was requested. It replaces the posting form with a notice that the thread has been closed, instead.

>>214

Point taken. I'll add it as an autoclose option.

>>220
I meant only using the extra post for autoclose situations where the thread has exceeded the defined postcount limit in config.pl. As for the implementation, couldn't you just have Kareha use post_stuff() and (somehow) replace the timestamp with "Over XXXX Thread"?

I want a 1001th post! :(

A 1001th post would be a bother.

Okay then, for starters, how about the closing message to exactly look like a post (although it's sad it won't be accesable with >>1001)?

That would be a bother too.

>>226
(´・ω・`）

　　　∧∧
　　（　 ･ω･） 　 　It's late
　 ＿|　⊃／(＿＿_
／　└-(＿＿＿_／

　　　∧∧
　　（ ･ω･ ） 　 　Good night!
　 ＿|　⊃／(＿＿_
／　└-(＿＿＿_／

　 ＜⌒／ヽ-、_＿_
／＜_/＿＿＿＿／
￣￣

0ch-PHP had this nifty feature where if it was a certain "high bandwidth" time of day, then you couldn't view the whole thread.

Hm... that is kind of useless on a worldwide forum, huh?

But there should still be an option to keep people from viewing more than 100-200 posts, as an emergency way of saving bandwidth.

I think it'd be a better idea to have some kind of load-balancing/distributed server cluster approach, like what dmpk2k was working on for Wakaba.

How about adding a link to 2ch in footer.html called "2ch mode"?

>>231 What would it do?

>>232
Nothing! But since mode_image's footer.html includes a link to Futaba called "Futaba mode," I think mode_message should have the same.

requesting features:

• >>n and >>q and anything else that can be used in the url.

• a "catalog" page for wakaba, like some futaba boards have.

In mode_image: shouldn't the board title be in <h1>, and the post headers in <h2>?

>>236
I mean, thread titles in <h2> and post headers in <h3>.

>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.

Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.

>>236

mode_image copies the Futaba/Futallaby HTML style and uses the same CSS, so yeah, it should be, and no, it won't be.

>>238

This would need writing to yet another file, and it also makes it less obvious how to get the same secret on several boards.

Let's get to 1000 by "I want a pretty pony" only! ヽ(´ー｀)ノ

Here's a fun little game for you all!

I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.

Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!

http://wakaba.c3.cx/test/sanitize.pl

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

I don't know if this is a bug or not, but could you change the Futaba template so that hovering over/clicking on a post header doesn't count as doing the same to the deletion checkbox next to it? Same goes for the "[File Only]" area at the bottom with its checkbox.

Wow, >>243 sure looks like shit in Safari. What the hell? Looks right in Firefox, though.

>>244

Er, that's a feature, not a bug. That's how most GUIs act.

Why would there be any use in writing actual HTML in posts? Seems to me like it's just inviting abuse.

It's also more markup when even the existing one isn't working as well as it should.

>>247

Well, you have your chance to try and abuse it over on the test page. Although the list of allowed tags there doesn't exactly match what would be allowed here.

Also, the point is to make the type of markup selectable, so you can pick WakabaMark or HTML or none at all.

>>249 Then the default should be no markup.

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

Plus if you were to allow those tags in HTML, you should do the same for WakabaMark (which actually takes its cue from Markdown, so I don't see why it has a different name).

>>251

Again, the list of tags allowed on that page don't correspond to what would be allowed in Kareha. Of course <img> tags wouldn't be allowed, for instance. This is just for testing the actual cleanup engine.

Partition for renaming "WakabaMark" to "WAHaMARk"!

>>254

You'd be destroying the DUMB PUN!

>>255
By replacing it with AN EVEN DUMBER PUN!

Semantical nitpick: shouldn't the "Page top" link be called "Thread list"?

Maybe. I just picked something at random.

the text

c < d

causes a <d> tag to be opened, which is not on the list, and therefore all the text until the next tag will be deleted. a better behavior in this case would be to just convert that < to &lt;. you even ought to do this for

a < b

too, despite the fact that b is a valid tag, because who the hell leaves the closing angle bracket out of their HTML tag?

creating the correct regexes for this is an exercise left to the reader.