| stays |

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

>>48-50
First of all, I don't believe it would make bumps more valuable in any way. People bump threads all the time with worthless replies since most don't even know what "sage" is or means or what it is good for. They will simply continue to do this, no matter whether the sage function is changed in this way.

Even at this stage, years after its introduction to a major western userbase, people are still clueless about the main basic functions of image- and discussionboards in the Futaba/0ch style. There are some signs of improvement, but they are rare.
I doubt people would be willing or eager to learn a new, different behaviour at this point in time.

The only real change is what >>50 points out (though I want to mention that even that point is mostly misunderstood: if people want to protest against a certain thread, they should post as many sage posts as it needs to get permasaged (although it's arguably counterproductive, considering the default prune behaviour of imgboards). If threads are still bumpable and trolls find that they have been flamed with a sage, they will just bump it once more). And I don't think that's enough to justify a pretty major function change.

Well, I don't want to have to read posts without highlighting. It's annoying. Just for that, I don't want leave it off.

On another topic, a vote: I could make the secure tripcodes and other parts of the script that use the SECRET more secure by some small changes, but this would make secure trips change when you install the new version.

Good idea, y/n?

>>153

http://en.wikipedia.org/wiki/Public_Domain

It means anyone can do whatever they want with it. They can't claim copyright, though, since they didn't create it in the first place. They can modify it an claim copyright on their modifications, at least as long as they're significant enough, but that doesn't affect existing works in the public domain.

> This is kinda what I had pushed for earlier in >>52. I think that separating the sage (aka, "don't bump"), fusianasan (aka, "show IP"), and ID:Heaven (aka, "no ID") functions from any particular post elements in the main scripts would be ideal for implementing Kareha in systems where inputting a certain string to trigger these functions is not intuitive (ie, every board outside of the 2ch/Futaba family). These trigger strings (S_DONTBUMP, S_SHOWIP, S_NOID) and their assignment to a certain form field input could be instead implemented individually in each template.

There's no obvious way to do this, since there has to be code that specifically checks a field and takes certain actions long before the template comes into play. It'd take some sort of plugin system to implement it, and I don't think that's quite called for.

Also >>154 is Kami.

>>313 Like lots of people use them anyway </sarcasm>. Yes, security is a good idea. What are the holes, anyway?

>>154
Kami! Nice ID.

>>294 Hey I like the new formatting bit. Should it collapse back down if you click away or if you click the "More options..." bit again, like the text box?

Just a thought. This setup is easier and more obvious than using the link field, with "AA" or "Wakabamark". BTW, I just realized that was a pun. Boo! Hiss! Not punny! :)

> They can modify it an claim copyright on their modifications, at least as long as they're significant enough, but that doesn't affect existing works in the public domain.

Devil's advocate: What if they make significant changes you would want to add yourself? before you do? Can they then tell you to stop if they license their work first?

>considering the default prune behaviour of imgboards

One of the parameters Kareha uses to determine pruning is MAX_POSTS, so even if you sage a thread under this new condition, you still add to the board's total postcount and speed up the process for pruning that thread, regardless of MAX_RES. The only flew is this assumes pruning is based on thread creation date, not popularity (because someone could easily bump a shitty thread and save it from deletion).

I also agree that enabling this functionality would further make threads vulnerable to intentional bumping by trolls. I was sorta envisioning it being used in a mature community where trolling is minimal and quickly weeded out by regulars.

Here's a new idea: how about trying this in reverse? Only "sage" posts are counted in MAX_RES, in which case saging can again be used either in protest or as a courtesy to others. The only problem is that people can then freely bump threads without consequence.

>>236
I mean, thread titles in <h2> and post headers in <h3>.

>>305

Shift-reload already! Also, most people are familiar with "More options..." links and know when and when not to click them. I might see about styling it, though.

>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.

Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.

I thought fusianasan was supposed to be a mod-only function to weed out bad posters. And what would be the difference between revealing the persons's IP and his ISP's domain?

>>99
I didn't mean to include Forcenick in there, sorry.
Adding to that, however, how about forced sage for specificed IPs? It'd make for a great slogan: Remember kids, tripcodes and aging are privileges, not rights!

>>182
That's not what I meant. What I meant was: If people want to change keywords to something, let them figure out at appropriate places what this something should be. Whether it should be "down", "stay_down" or "stay_put" is not really a discussion belongs here, not at this point anyway.

>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.

Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

>>191

Thanks for reminding me that I need to fix the CSS for the captcha!

>>161

>3) was about a string to trigger ID:Heaven, not a constant for the Heaven part (which is already configurable)

That's what I was referring to also in >>154 (S_NOID being the theoretical trigger string for ID:Heaven).

Concerning localization: there are certain compromises with input triggers that must be made in order to maintain interoperability with Japanese users coming from 2ch/Futaba. They're not going to care about a system where "sage" and "fusianasan" (in Roman too I'm guessing, can someone confirm this?) don't work in their respective fields. In effect, 2ch set a standard of usability that we need to follow if we want to build a bridge between both communities.

On the flipside, I think there should also be a secondary set of trigger strings that would be more coherent to Western users and universal to all Western boards. Making them configurable from site to site is really dumb, because it would create an unthinkable usability mess. With Shiichan's death, Kareha stands unrivaled, and setting these strings in stone would ingrain them in the culture like "sage" and "fusianasan" have been in Japan. Thinking very optimistically, if a Western BBS site should grow into something large enough for 2channers to strongly take notice of, they would pick up on these triggers and possibly make their own concessions to implement them in 0ch.

What they should be is yet to be determined. Unfortunately, they'll probably have to be pretty dull in comparison to the witty botanical references and word puns in 2ch and Futaba.

>>163

>I don't think so, not in these cases. What's the alternative? Having a different field for fusianasan, a new checkbox for sage, etc.? That's just cluttering up the interface.

Then why not simply boil it all down to the comment field, with trigger strings for inputting the name, e-mail, sage, ID:Heaven, and fusianasan? You can get a lot more minimal with the current interface.

>Huh?

He meant saging a thread just because a part of the actual e-mail address contains the word "sage."

You may want to consider releasing Kareha & Wakaba under some sort of license at this point, just to make sure that the scripts always stay free for people to use.

http://en.wikipedia.org/wiki/Free_software_license
http://en.wikipedia.org/wiki/Software_License_Types#Free_software_licenses
http://en.wikipedia.org/wiki/Copyleft

Tell me more about these pre-compiled binaries. I thought that was impractical...I mean, instruction set differences and so on.

Ah, there was an XHTML error in the cutesy capcode, and of Safari won't handle XHTML correctly and die on errors. Gah. Fixed.

> Put the Entire thread link on the top of the thread, not the bottom.

Well, since the current update has removed almost all links to entire threads, I won't do THAT, but I guess a Last 50 link could be snuck in somewhere... Maybe the thread title should be an l50 link?

ugh "More options..."

too much clickable elements! and it doesn't even do anything (Firefox 1.0.7 here)!

out! out!

>>360
Doesn't mean we can't have separate releases for special scripts. :)

> The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.

A better solution would be to use mod_rewrite to rewrite all /kareha.pl/$number/ links to /res/$number.html
It schould be a lot faster then running the script and the links stay the same.

>>48-50
First of all, I don't believe it would make bumps more valuable in any way. People bump threads all the time with worthless replies since most don't even know what "sage" is or means or what it is good for. They will simply continue to do this, no matter whether the sage function is changed in this way.

Even at this stage, years after its introduction to a major western userbase, people are still clueless about the main basic functions of image- and discussionboards in the Futaba/0ch style. There are some signs of improvement, but they are rare.
I doubt people would be willing or eager to learn a new, different behaviour at this point in time.

The only real change is what >>50 points out (though I want to mention that even that point is mostly misunderstood: if people want to protest against a certain thread, they should post as many sage posts as it needs to get permasaged (although it's arguably counterproductive, considering the default prune behaviour of imgboards). If threads are still bumpable and trolls find that they have been flamed with a sage, they will just bump it once more). And I don't think that's enough to justify a pretty major function change.