For those of you who don't know, Darat's the JREF admin. I'm surprised (hence the holy crap) and very pleased to see you here (hence the welcome thread). :yup: Welcome to FF.

:welcome2:

Hiya, Darat :welcome:

Thanks for the welcome. I've been lurking for a time and I thought it was time I de-lurked.

Compliments on the board's "infrastructure". It has to be one of the best customised vBulletin boards around.

For those of you who don't know, Darat's the JREF admin. I'm surprised (hence the holy crap) and very pleased to see you here (hence the welcome thread). :yup: Welcome to FF.

:welcome2:

Just re-read your post after I posted my reply - why surprised?

I think it's pretty cool that you were lurking in the first place. The de-cloaking makes it supercool.

Many thanks for the props on the board, Darat. Are y'all planning on hacking your vb 3 installation once you upgrade?

Edit: I was surprised because I barely post on JREF anymore, especially since we opened here. Besides, you've been on my mind for a few weeks as I've mulled over a monster JREF moderation restructure post, so seeing you pop up like Athena from Zeus' brain was quite gasp-worthy.

I think it's pretty cool that you were lurking in the first place. The de-cloaking makes it supercool.


Well I was interested in what the two of you <s>disruptive holigans</s> were up to. :) Especially found your threads on the ethos and principles behind this place and the practical implementations of them very interesting.


Many thanks for the props on the board, Darat. Are y'all planning on hacking your vb 3 installation once you upgrade?


Definitely some, but nothing as extensive as you have here or Pixy on his mu nu sites.



Edit: I was surprised because I barely post on JREF anymore, especially since we opened here. Besides, you've been on my mind for a few weeks as I've mulled over a monster JREF moderation restructure post, so seeing you pop up like Athena from Zeus' brain was quite gasp-worthy.

I'm always interested in reading other people's ideas for what can be done...

Compliments on the board's "infrastructure". It has to be one of the best customised vBulletin boards around.
Thanks, Darat. That's a really great compliment. :)

Btw HTML is disabled in posts, but we have a [strike] bbcode for that one. ;)

Well I was interested in what the two of you <s>disruptive holigans</s> were up to. :)

/me giggles
Hey! We didn't create the strike code for nothing, you know.

Especially found your threads on the ethos and principles behind this place and the practical implementations of them very interesting.

Thank you kindly; I am very glad to hear it. I'm going to start a thread on general moderation theory very shortly just for the forum geeks (and disruptive hooligans, of course) among us.

Definitely some, but nothing as extensive as you have here or Pixy on his mu nu sites.

Pixy is very much the expert that vm and I are not. His blog/forum combinations on mu.nu are particularly outstanding. Then again, who knows what we can accomplish when we lock JoeP and vm in a room with nothing but root server access, a nice, clean vB install, and possibly some kind of peephole for Minority Report to whisper into.

I'm always interested in reading other people's ideas for what can be done...

Oh dearie me. Now look what you've gone and done. :P

* livius drusus giggles
Hey! We didn't create the strike code for nothing, you know.

Hadn't noticed no HTML - did you decide on that for any particular reason, security etc?



Thank you kindly; I am very glad to hear it. I'm going to start a thread on general moderation theory very shortly just for the forum geeks (and disruptive hooligans, of course) among us.

I'll certainly keep a look-out for that one.

:yup:

Hadn't noticed no HTML - did you decide on that for any particular reason, security etc?
Yep, security is the reason. I'm not 100% clear on what all the risks are, but I've heard that site redirection, cookie theft, layout sabotage, etc. are all possible with HTML enabled. So since it's so easy to make custom bbcodes, we've just decided to stick with them.

From the vBulletin Manual:

This allows users to use HTML while posting. It is strongly recommended that you DO NOT turn this on as it can severely compromise security and/or severely mess up layout if users insert malformed HTML.

I think the problem is that it's essentially an all or nothing proposition with vBulletin. With phpBB you can specify which HTML tags to allow, with vB it's just HTML On/Off, so the only way to control which tags are available is to make them into bbcodes and disable HTML.

Yep, security is the reason. I'm not 100% clear on what all the risks are, but I've heard that site redirection, cookie theft, layout sabotage, etc. are all possible with HTML enabled. So since it's so easy to make custom bbcodes, we've just decided to stick with them.

From the vBulletin Manual:



I think the problem is that it's essentially an all or nothing proposition with vBulletin. With phpBB you can specify which HTML tags to allow, with vB it's just HTML On/Off, so the only way to control which tags are available is to make them into bbcodes and disable HTML.
The JREF was hit by someone using malformed code (just a break) to screw-up the display of threads so they are certainly right about that. The cookie and other stuff I hadn't heard about - thanks for the heads-up.

The JREF was hit by someone using malformed code (just a break) to screw-up the display of threads so they are certainly right about that. The cookie and other stuff I hadn't heard about - thanks for the heads-up.
My pleasure. I haven't found anything that states explicitly which tags are dangerous, but if I do I'll let you know.

Yep, security is the reason. I'm not 100% clear on what all the risks are, but I've heard that site redirection, cookie theft, layout sabotage, etc. are all possible with HTML enabled. So since it's so easy to make custom bbcodes, we've just decided to stick with them.

I think the problem is that it's essentially an all or nothing proposition with vBulletin. With phpBB you can specify which HTML tags to allow, with vB it's just HTML On/Off, so the only way to control which tags are available is to make them into bbcodes and disable HTML. My friend felt obliged to point out the cow-sized HTML security hole on another board. They wouldn't believe him, so with a bit of clever javascript he popped open convincing-looking 'You need to re-login for verification purposes' dialog boxes that fooled many people. It didn't actually do anything with the usernames and passwords, but easily could have.

The hardheaded admins there disabled HTML, then banned my friend for his bit of public service.