Tell me more about these pre-compiled binaries. I thought that was impractical...I mean, instruction set differences and so on.
>>313 Like lots of people use them anyway </sarcasm>. Yes, security is a good idea. What are the holes, anyway?
I think it'd be a better idea to have some kind of load-balancing/distributed server cluster approach, like what dmpk2k was working on for Wakaba.
Here's a fun little game for you all!
I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.
Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!
Gah, I am totally confused about what to do about the admin interface. Separate script? Built-in? Javascript? How do I display the data? I have no idea!
>>236
I mean, thread titles in <h2> and post headers in <h3>.
> 2channel does not do this either by default. It can make browsing a bit more convenient (and I suspect dedicated 2channel browsers to insert & read these in some kind of standardized way) but I don't think that's reason enough to impose it on users by default.
whoops, I misread "postcount" as "posticon". Nevermind!
>database redesign
You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?
>prevent abuse
Are you only referring to flooding and spamming, or also trolls and flamewars?
Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?
Kareha can't use different layouts for posts on different pages, except by CSS trickery. I could add the second colon, though.
Also, I've implemented optional thread closing now, but there's no extra post. That would just be a total mess to implement, and would make re-opening threads annoying, if such a feature was requested. It replaces the posting form with a notice that the thread has been closed, instead.
> More information on the all threads page, date of the last post? file size?
That might be somewhat useful, I suppose. I'll have a look at it.
> A quote button that puts >>n and puts the post prefixed by > in the reply box
There's already a way to put in >>n. However, quoting an entire post is seldom something you want to do anyway, so I don't think that's worth cluttering up the page with a million buttons for.
> Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)
Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
> A trigger for turning wakabamark off and one for forcing a monospace font
I've been trying to work out a more elegant solution for this.
Why would there be any use in writing actual HTML in posts? Seems to me like it's just inviting abuse.
Okay then, for starters, how about the closing message to exactly look like a post (although it's sad it won't be accesable with >>1001)?
I'm not sure I want to make a ban system. I'd rather just make it easy to interface with a simple banning script that does whatever's needed for the server it's running on.
>>220
I meant only using the extra post for autoclose situations where the thread has exceeded the defined postcount limit in config.pl. As for the implementation, couldn't you just have Kareha use post_stuff() and (somehow) replace the timestamp with "Over XXXX Thread"?
Additionally, I'd like WakabaMark to be fixed somehow.
I don't know how, though. You know my resentments.
Finally, thanks for your fine work throughout all this time.
It is appreciated!
How about adding a link to 2ch in footer.html called "2ch mode"?
Hey, I just noticed this: where did the admin link go? Or are you working on a separate interface already? :D
> More information on the all threads page, date of the last post? file size?
That might be somewhat useful, I suppose. I'll have a look at it.
> A quote button that puts >>n and puts the post prefixed by > in the reply box
There's already a way to put in >>n. However, quoting an entire post is seldom something you want to do anyway, so I don't think that's worth cluttering up the page with a million buttons for.
> Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)
Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
> A trigger for turning wakabamark off and one for forcing a monospace font
I've been trying to work out a more elegant solution for this.
> Pruning set to furthest-back instead of oldest.
I don't like this one. You just have to continually age a topic (until it hits the permasage treshold) in order for it so survive a long time. Normal users might have good reason to ignore simply it, though...
> Size limit instead of post number limit, maybe?
Sounds good.
> I was thinking of setting the default behaviour to never permasage or close threads.
I guess I don't have a strong opinion on this one. As long as the values will be customizable, I don't really care, I suppose.
Also: I just noticed that "¦" in tripcodes will work correctly but turn into "�U" through the cookie on /soc/ but not on the sandbox.
What browser are you using? I think I've tracked down the problem, and it's most likely a browser bug. The ancient Firebird (not fox, even) version I tested at work had the same bug (character set issues in the escape() and unescape() functions). It looks like your browser also doesn't follow the spec for how they are supposed to work.
>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.
Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.
> 3) A specific string for ID:Heaven instead of anything in the email field
Isn't that already an option in the config?
> 5) Seperation of sage et al from the email field to something else...
Strong oppose! I am of the (strong! lol) opinion that the current situation is the one working the best and also that it is widely accepted on almost all similiar board scripts (save for Shiichan and one obscure Japanese discussion board script that I once stumbled upon).
Previous discussion of this can be found here:
http://wakaba.c3.cx/sup/kareha.pl/1102984488/