Site/Off-Topic Discussion Thread 3

Electric Boogaloo

Quote# 123678

Let's talk about the site and other things!

Post feedback, issues, random comments, death threats, etc. here like in the other Site/Off-Topic discussion threads.

Site/Off-Topic Discussion Thread 3, Brought to you by Mookitty 116 Comments [1/16/2017 8:31:37 AM]
Fundie Index: 0
Submitted By: shy
WTF?! || meh
Username:
Comment:



1 2 3 4 5
shy

@Moose-Kun (from earlier thread): He went byebye again. Bloody Mabus 2.0, that jackass.

1/16/2017 8:46:01 AM



I submitted a few quotes from a Tumblr user, but I've since talked to her and she's really a good person. One quote in particular was from a few years ago and she has since changed her mind on the subject. The other one is really not FSTDT worthy because she's perplaxed at people calling her brave and she doesn't think being Christian makes her brave. She doesn't deserve to be grouped in with all the other crazy people on the site. Please remove the quotes...

http://www.fstdt.com/QuoteComment.aspx?QID=123008
http://www.fstdt.com/QuoteComment.aspx?QID=123080

Thank you

1/16/2017 11:44:30 AM

shy

@#2008805: I don't delete quotes except in, well, very exceptional circumstances, sorry. I am willing to add something to the effect of "the original poster has since changed her mind on the subject," however.

1/16/2017 1:17:42 PM

Anon-e-moose

http://www.fstdt.net/QuoteComment.aspx?QID=123292&Page=2#2008945

The Croat Scroat, He Who Must Not Be Named has returned.

1/16/2017 8:35:01 PM

Into the Unknown

I have to says the quotes are being approved at a much faster rate. The ones I submitted were done in the morning, and I saw them here that same evening. I used to have to wait a couple of days for that. Keep up the good work!

1/17/2017 1:33:54 AM

shy

@Into the Unknown: Thanks! There are actually three of us approving quotes now, not just one.

1/17/2017 3:04:08 AM

shy

@Moose-Kun: He also went byebye again.

1/17/2017 5:31:46 AM

Uilleam

Pepe apparently finds the concept of shy building a weapon capable of permanently removing him laughable. It seems the ability to use a basic IP spoofer has convinced the guy he's a programming God who can outwit a professional code-twiddler - unsurprising, given his bloated ego. Let's hope we can give the Amphibian a nasty shock very soon, eh, Shy?

1/17/2017 7:37:18 AM

shy

@Uilleam: Child needs a life. I’ve been testing the code on a private “play” version of the site on my computer. Right now, it’s turning up too many false positives for me to employ it. Unfortunately, the spring semester has started, so I don't have nearly as much time to tinker with it right now. But the results do show that this is quite possibly a feasible solution.* I hope I can eventually tune things so that it catches ban-evaders most of the time and lets legit people through so I can go live with it.

For the time being, nobody respond to anything he says. Report it here, and a mod will summarily delete it, ban the IP, and not respond to him. Your responses are his troll-oxygen. Silent delete-and-bans are taking that away from him. Same applies to сaаmіb.**



1/17/2017 5:25:34 PM

dxdydz

@shy

[redacted top secret informashunz]


I'm glad you said this because it reminds me of something I was playing with on the site a week or two ago. I've sent an email about it to the admin account because if it's actually a problem then it shouldn't be made public.

1/17/2017 8:58:11 PM

shy

@dxdydz: Thank you for saying something about the email! I'm sorry I haven't read read it or replied yet. I actually haven't checked the admin email in a while (because it's been entirely auto-mailed stack traces from errors—nearly all of them triggered by me on purpose to get debugging information and ensure my bug fixes 'stuck'). I'll read your message right now and set up a filter so the crash dumps go in a separate folder and pay better attention to the account from now on.

Edit: Haven't gotten anything in the inbox. Did you send it to admin@fstdt.org? Send it there again. Mail for admin@fstdt.net and admin@fstdt.com may be being weird. I'm almost certain it's some bizarre Apple Mail bug when working with nearly identical email addresses. (The macOS 10.12.2 update actually vaguely says it has a fix for something that sounds suspiciously similar, but I haven't applied it yet.) If all else fails, send a line to spikedee@openmailbox.org, and I'll definitely get it.

1/17/2017 9:11:07 PM

dxdydz

@shy

I have re-sent it to the last email you listed.

1/17/2017 10:27:07 PM

shy

@dxdydz: Got it. Thank you for bringing this to my attention! You've got a very astute eye. I was actually almost certain this was possible when I had my first peek at the database, and a gander at the site's source code confirmed it (since it doesn't consider what you're talking about as a possibility). I've got a hacked-together fix ready, though, and the only thing that's stopped me from employing it is my own laziness.

I doubt a troll would be bright enough to realize this potential exploit, though I'm sure one would totally abuse it if I made this public knowledge, so I'm being sketchy on the details here, but I'm cool discussing it in more detail with you if you've got a non-throwaway e-mail, Skype, AIM, etc. I would love to blow off some steam about this because it's some pretty epic incompetence.

1/17/2017 10:39:04 PM

dxdydz

@shy

I'm about to turn in for the night but I can send you a non-throwaway email tomorrow containing the same signature.

Edit 1: Damn, I'm too slow. I was going to edit the

[REDACTED]


to be

[REDACTED] — O5 clearance needed


Neat: ∫0⌊t⌋/t3dt=π2/12

I like this character tag.

1/17/2017 10:44:16 PM

shy

@dxdydz: What is really infuriating and frustratingly incompetent is that user names are stored in two-byte NVARCHAR fields, meaning they don't need a special 'hack' to enter any Unicode character. That's a very, very special kind of fail given the lovely little 'bug' we discussed earlier together with the fact that the contents of comment and submission boxes are stored as regular one-byte VARCHAR fields that don't accept anything except basic Latin characters used to write Western European languages (i.e. no fancy spacing or alignment characters, and no lookalike characters in other alphabets). Why???? If anything, it should be the opposite: comments and submissions getting all the fancy Unicode characters and usernames being restricted to a more limited repertoire. (And I think I have just disclosed enough that I will be employing that fix today.)

All signs indicate that the FSTDT database schema / design is very old and pre-Distind. The old-ass SQL Server script for creating the FSTDT database wreaks of automagically generated click-and-drool* Visual Studio garbage. I wish I could get in touch with Distind's predecessor Yahweh and bop her on the head for this (or her predecessor if they were the one responsible). Yahweh may have been learning by trial-and-error as she wrote the FSTDT backend, but her being able to do that and create something that actually worked makes it pretty damn clear she's a smart gal with an aptitude for coding. She would know better than this. What she needs a good head-bopping for is trusting the 'WYSIWYG' design-mode SQL Server code generated by Visual Studio (or for that matter, trusting any such code without giving it a good lookover—though Visual Studio's database code is especially, extravagantly awful sometimes). I might find it difficult to believe that Visual Studio would decide on these data types for this, but I find it much harder to believe that a flesh-and-blood programmer would even do this by mistake, much less on purpose.



[/rant]

1/18/2017 2:59:29 AM

shy

Speaking of that little project, I've added some more patterns to observe to PiègeÀTrolls.vb, and I'm about to connect it to the FSTDT database and give it a little table to store its stuff instead of using a plaintext file. I'll probably be hooking it back up to the Submit Comment button in observation mode either today or tomorrow (meaning it'll just be chilling and listening, not being used to actually piéger any trolls).

Both the original code and the current code don't do anything as baroquely complicated as I originally envisioned (e.g. benchmarks, which can be easily foiled by disabling JavaScript anyway), but it probably won't be necessary. I got some interesting information on both trolls du jour last time without it. I don't mean anything in incriminating by that :p just things that make identifying them easier regardless of IP. Thing is, I don't have anything unique enough to prevent false positives, and they can just change their usernames, so I'm not going live with that. I am still patiently waiting and hoping a certain HTTP header will 'accidentally' slip through and be an instant game over, at least for that proxy and others that include that one header...

Also, Tor doesn't make you as 'anonymous' as you think it does. I can't determine who you are or your real IP, but if I were determined enough, I could determine the relative probability that someone on a particular end node is you (PDF). That citation's just there to show I ain't talking shit, even if I probably ain't gonna do said shit. (It's also there to show that this issue's been known since 2005, and AFAIK, it still hasn't been addressed. But correct me if I'm wrong.) Even without that article's 'corrupt' man-in-the-middle, I can ascertain who a particular Tor user most likely is using other collected information, so long as the number of Tor users using the site stays relatively insignificant, and the user doesn't have Tor in hyper-paranoid mode with extra precautions on top of that. Frankly, though, the Tor troll I have in mind ain't that bright.

For the love of God, though, at least make sure your HTTP headers and JavaScript are reporting the same information. The first comments I'm probably going to start blocking or at least screening across the board are going to be the ones whose HTTP headers and JavaScript report grossly different information about the UA, language, time, etc. Funny how I'm basically explaining how to not be pathetically obvious, and I'll probably still be able to piéger un troll with my little toy if I gather the motivation to be more serious about it now that I don't have nearly as much free time (but the more I or my mods have to clean up after you, the more motivation I muster). Also, iPhones running Opera "like Gecko like Webkit like Safari like KHTML" on "Windows NT 10.0" aren't a thing, but I'm 99.99% sure that was some random spambot passing by last time because it failed to "Check here" like 200 times on 50 different quotes. That's 2007-level spambot fail.

Another word of advice to keep in mind if you don't run a proxy or VPN yourself: I wound up in charge of this place by being the opposite of socially retarded. I'm quite the social engineer and information extractor and a very effective manipulator when I want to be. People tend to forget that because I'm more often than not friendly and benevolent to a fault. Guess you're lucky about that and the fact I usually don't do the whole revenge thing. People tend to underestimate the power of a little social engineering. Guess you're also lucky I don't give a fuck about whether people believe what I say or about proving myself. I'm only interested in making you go away because you're annoying. I don't understand how someone could get amusement or satisfaction out of that, but whatever.

Edit: Reread this a few hours later. I was pretty pissed off (over something else, believe it or not) and venting steam when I wrote it, and it gets pretty obvious, enough to make me cringe. I fixed a few typos and confusing turns of phrase, but I'm otherwise gonna just let this stand as it is. I'm not gonna try to pretend I don't posture, have hissy fits, or be a condescending ass sometimes.

1/18/2017 8:48:14 AM



@Shy
You're all talk.

1/18/2017 9:10:24 AM

shy

lol k

1/18/2017 11:10:52 AM

dxdydz

@shy

If anything, it should be the opposite: comments and submissions getting all the fancy Unicode characters and usernames being restricted to a more limited repertoire.


Indeed. I find it quite strange that the comments are so limited in characters but the user names are not.

Could you further elucidate the issues being caused by writing with Visual Studio? I have written in C using Visual Studio before, but that was a few years ago so I'm pretty rusty when it comes to that. And I don't know a whole lot of computer science (just enough to get by with creating small processors and other digital logic things), so there's that too.

1/18/2017 3:59:53 PM

shy

@dxdydz: This is a bit long, but I hope it helps you get a general idea of how working with databases works in Visual Studio / .NET.

When you're doing regular C/C++ development, you aren't really exposed to Visual Studio's database tools. They're a .NET thing. Open Visual Studio and create a .NET project in your poison of choice— C#, VB.NET, F#, whatever—and you will have a ton of database classes, frameworks, and built-in designers, etc. at your fingertips. Aside from the basic System.Data classes, all of them are more or less designed with abstracting away from the database (or at least 'raw' SQL) in mind and making working with the database more like working with code in the language you're using.

To make things easier to understand without having to practically learn a whole new language, I won't go into buzzwords, specific technology names, or details too much. With all these shiny tools, it is actually very much possible to create a database and all the necessary code to interact with it: retrieving, inserting, and modifying data, altering the schema (the 'design' or 'structure' if you will), exporting and importing data en masse, etc. without actually writing a single line of database code. The quality of the end result depends on the person using them, their motivation for using them, their expectations, and which of the tools they're using.

Anyway, with this 'abstracted' database approach, you mostly use various 'high-level' database classes (auto-generated or available out-of-the-box) to work with the data instead of fiddling with connections, SQL queries, parameters, etc. by hand. There's a good, a bad, and an ugly to this. LINQ is the good, the graphical SQL tools the bad, and "Code First" the ugly. (You can Google LINQ and Code First and briefly skim over the results to get an idea of what they are. Normally I hate people who say "You can Google," but it's actually a good idea and can give you a better idea than I can, and you can be familiar with these things in less than 5 minutes.)

Whether all of this a good thing or a bad thing generally speaking depends on how far you go with it. If you're reasonably familiar with the basics of database design and administration, you can use these conveniences as tools without using them as crutches. That's good, and you can create databases just as good as ones hand-coded in SQL in a lot less time and with considerably less effort. If you're all "I ain't care bout no databases let this here Visual Studio do all that," that's bad, and you are seriously a Visual Studio and/or anti-database fundie.

The graphical SQL tools that just do database design and other database tasks without being a part of .NET are the bad. This is the click-and-drool garbage I mentioned in my earlier post. It includes most database stuff in the Visual Studio Tools menu and any SQL auto-generated by basically anything (or at least the SQL auto-generated and output in a form you can look at). Especially bad is the auto-generated SQL in the Server Explorer's design mode. The FSTDT database was probably built from an exported SQL file using the Server Explorer's design mode and wizards, which are still pretty bad. (Visual Studio's database tools and language features were not as polished then as they are now, but I haven't played around with an old version of Visual Studio from that era of FSTDT to see just exactly what the situation was.) Either way, the whole VARCHAR/NVARCHAR fail was most likely a product of the click-and-drool database tools that deal with SQL and not the click-and-rule ones that are a part of the languages or integrate with them.

Code First is more of a paradigm / disease than an actual feature or tool, though it does generate databases for you from code that is written as if the database didn't even exist and you're retrieving and inserting data from thin air. (Who thought this was a good idea??) Unlike their other recent database stuff, I think "Code First" is an affront to all reason and could probably write a thesis on why it's fail. It's the ugly.

TL;DR: If it's a part of the .NET languages or integrates with them, it's good. If it's a graphical tool that's not part of them and deals with pure SQL only, it's bad. If it's Code First, it's ugly.

If this wasn't very useful or you have any more questions, I'm here :)

1/18/2017 10:04:15 PM

Pharaoh Bastethotep

@shy:
Report it here, and a mod will summarily delete it, ban the IP, and not respond to him. Your responses are his troll-oxygen. Silent delete-and-bans are taking that away from him.

Unfortunately, Pepe seems to draw validation from the deletions, believing them to be evidence that they are removed because our fragile worldviews are threatened by the inconvenient truthes contained within. He even goes so far as to save posts of his on back-up text files so he can repost them when they get deleted.

1/19/2017 4:25:34 AM

Uilleam

Funny we should restart discussion of Pepe, because here he is now, just as brain-dead as ever.

1/19/2017 5:08:33 AM

shy

Joker is fucking Mabus-crazy.

Also for some reason I am amused by how his last few IPs have been from AOL.

1/19/2017 5:50:34 AM

Anon-e-moose

@Pharaoh Bastethotep

Pepe seems to draw validation from the deletions


...and we can deny him his 'validation' by not caring about his posts being deleted.

Shy will eventually deny him his lulz: thus we ultimately gain our lulz by doing so.

Every time that retard tries, he sets himself up for his own downfall.

Ironic, is it not...?!

1/19/2017 7:43:36 AM

dxdydz

@shy

I found that to be very useful as I've never worked with databases before.

The graphical SQL tools that just do database design and other database tasks without being a part of .NET are the bad. This is the click-and-drool garbage I mentioned in my earlier post.


I'm looking at the interface for this right now and I'd imagine you're bound to lose something when you simplify working with a complex structure that much.

Also, on the subject of the site's database, what is being used to search through it in the site's search page? I know it's not something you'd find employed by Google, but it still seems slow to me. Although I may not have a good idea of how much muscle it takes to churn through all the text stored here.

1/19/2017 9:08:36 AM
1 2 3 4 5