It is currently Thu Oct 19, 2017 3:49 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 80 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject:
PostPosted: Tue Oct 07, 2008 7:42 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 1517
Location: Fukuoka, Japan
Memblers wrote:
OK, the link-fixed version of index.html is up. Anyone want to volunteer to expand it?


Good job in updating the front page, this is already a good start!

Right now I cannot volunteer to expend it but I would like to give a few suggestion and hope other people of the community will do the same. Then we can apply the best suggestions.

I would suggest that the main page be split into multiple sections. This page is too huge and hard to browse. If you split it, this would allow you to delegate a specific section to a volunteer. That way, no more clash if more than one people edit the main page.

Then I would suggest that the main page be as minimalist as possible. You should only show what is new about the community, link to other sites related to this page (bbs, wiki etc) and link to the information that have been splits by categories.

By doing this, this should help make the maintenance of this site easier.

People of the nesdev community, it's time to give your suggestion! ;)


Top
 Profile  
 
 Post subject:
PostPosted: Wed Oct 08, 2008 9:12 am 
Offline
User avatar

Joined: Tue Sep 21, 2004 12:11 am
Posts: 377
Location: Karlshamn (Sweden)
Nice to see a little update on the front page :)


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 5:24 am 
Offline
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 3943
Okay, I'm sick of all that damn spam everywhere.
My board gets very little spam. I am using two things to stop it:
* Fake textarea located above the real one, hidden by CSS. It's also using the field names of the real textarea to suggest that it's the real thing, but all posts with something put in there are rejected. Of course, this requires modifying all field names.
* Newly registered users or guests can not post URLs or Links in their first post. I haven't done it yet, but this rule could be modified by adding a Recapcha for anyone whose first post would legitimately contain links. Yes, spammers are catching on to this one, and posting nonsensical posts before their link barrage, but the fake textarea trick still stops most of them.

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 6:14 am 
Offline
User avatar

Joined: Fri Nov 12, 2004 2:49 pm
Posts: 7230
Location: Chexbres, VD, Switzerland
Sounds like a never ending cat and mouse play. Smammers developp new programms to bypass people's anti-spam measures, and people developp new measures to bypass spambots. I wonder how far it'll go.

_________________
Life is complex: it has both real and imaginary components.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 9:44 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Let's not forget that there are actual companies you can hire (some in India are confirmed) who will have human beings sit around and create accounts on forums + post whatever content you desire.

And CAPTCHAs are worthless, not to mention downright annoying, and waste server/system resources.

The donut/whirlpool forum here on Parodius had a problem with spammers. They tried all sorts of things, and the entire time I kept telling them the only way to solve the problem was to make the board user/password protected (using HTTP authentication) and if someone wants an account, have someone manually add it (e.g. you had to request an account via Email to the board owner). There was no automatic process. All Emails were reviewed by a person.

Ultimately they went with this, and from that day forward got absolutely no spam. Welcome to 2009.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 11:18 am 
Offline

Joined: Mon Apr 16, 2007 10:07 am
Posts: 106
We had a similar style of spamming over on the Minimig forums. After discovering that all the spam was coming from a particular IP range then it was a simple matter to block access from that IP range. Had the side affect of blocking a (probably) large number of users form a particular ISP in a particular country (it escapes me as to which it was) but the admin decided that the risk of blocking any legit users from said ISP and country was far outweighed by the relief of blocking the spam.

Can't say that would be a suitable tactic here tho, considering the greater global presence of NESDev ^_^

_________________
Insert witty sig. here...


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 2:40 pm 
Offline
Site Admin
User avatar

Joined: Mon Sep 20, 2004 6:04 am
Posts: 3470
Location: Indianapolis
I kinda miss the days when anonymous posting was allowed. When the forum first started, I don't think it would have gone anywhere without it (or at least would've been much slower to grow).

Considering that the user registration page already has a custom-added question on it, and won't let you register without answering it correctly, I'd think there has to be a human in the loop somewhere (to at least config their bot for this forum). So I don't see what else could possibly work, besides changing that question very often or taking the very drastic measures that were just mentioned.. Seems like even a completely coded-from-scratch forum would still get spammed eventually.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 7:01 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 1517
Location: Fukuoka, Japan
koitsu wrote:
The donut/whirlpool forum here on Parodius had a problem with spammers. They tried all sorts of things, and the entire time I kept telling them the only way to solve the problem was to make the board user/password protected (using HTTP authentication) and if someone wants an account, have someone manually add it (e.g. you had to request an account via Email to the board owner). There was no automatic process. All Emails were reviewed by a person.

Ultimately they went with this, and from that day forward got absolutely no spam. Welcome to 2009.


With today's spam tactics, you cannot have a public forum and hope that it will not be spammed in some way. I think I reported recently many links to Tepples by pm since they seems to post at night (for the US) and for me it's during the day so I see them while posting..

Since Nesdev is a very niche topic I think the only solution is to go with an invite only like Koitsu say. I know it sucks compared to 1999 but where not in that era anymore. Time change, so should nesdev. It just who will do the job of creating the account and reviewing them? We could always separate the job between a few users to relief Memblers pain. I don't mind to review some account request when I have time.

I don't say to make the forum private. The content should stay public. But the automatic creation of account.. I think that era is over.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 8:56 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 1517
Location: Fukuoka, Japan
Sorry double post. Someone just registered (aamaomao) and spammed right away. This is a new wave of spam this week. Either we change the registration system or we have to make it manually like explained above. The later is maybe the better but the most annoying to take care of.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 9:56 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19099
Location: NE Indiana, USA (NTSC)
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 10:08 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
tepples wrote:
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?


The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).

How users got added: there was a notice at the top of the board stating that if you wanted the ability to post, send an Email to {address} and request a username/password. {address} happened to be an alias which went to 3 or 4 Email addresses (all board maintainers). The admins would then receive an Email from someone requesting post access, and they'd review it + discuss it (or whatever -- I wasn't one of the maintainers), and choose to add the user to .htpasswd.

The same sort of methodology could be applied without Email (e.g. requests for account additions could go into a queue and show up as forum posts in an admin-only forum), but Email was the easiest way for the admins of the board.

Sure, they got standard Email spam to it on occasion, but that's what spam filters are for.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 10:16 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19099
Location: NE Indiana, USA (NTSC)
That sounds like what's done on some other boards: New accounts may post only in the "Introductions" forum. If an administrator or global moderator finds a user's first post coherent, the administrator or global moderator puts the user in a group that can post almost anywhere.

But then this raises the question of what happens should moderators become unavailable for extended periods. We don't want another Atarimike situation.

(Bug report: The 401 error page at http://donut.parodius.com/ isn't helpful. If / is restricted access, the 401 page SHOULD explain why.)


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 10:26 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
tepples wrote:
(Bug report: The 401 error page at http://donut.parodius.com/ isn't helpful. If / is restricted access, the 401 page SHOULD explain why.)


I think that's because their entire site has been offline for a couple years now. The maintainers lost interest / lacked time due to real life jobs, but one of them has been occasionally (every few months) working on something new, so the entire site is password protected at this point.

I'm sure if they cared enough to change the default 401 message they would have. :-)


Top
 Profile  
 
 Post subject:
PostPosted: Thu Aug 20, 2009 10:50 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 1517
Location: Fukuoka, Japan
tepples wrote:
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?


I think I chose the wrong word for it. If we have an invite like you said, this would reduce the people that can create an account and I find this wrong. What I meant is a user will have to send a request to get is account approved. It could be a form with the requested username and the user could talk a little bit about his interest/goal about nesdev etc. If it's a bot, the message would make no sense anyway. But it would make judging if an account is valid hard if the bots get smarter. But in that case, it would mean the spammer are directly targeting nesdev for some strange reason.

koitsu wrote:
The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).


But does this mean that on every post you will need to write the password or the authentication is only done once? My guess is this is a one time action until the session is over.

tepples wrote:
But then this raises the question of what happens should moderators become unavailable for extended periods. We don't want another Atarimike situation.


In the case of the previous wiki, we only had 1 administrator which was not easily reachable. Now we have me, you, Memblers and in the worst case scenario Koitsu can help on the subject. If we are concerned about this, we just add more admins to avoid the problem. It should be people that post here often. If someone cannot cover his position for a certain time, he should get in touch with the other moderators. I don't mind to help once in a while since I did it already for the wiki and can cover night requests.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Aug 21, 2009 12:52 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Banshaku wrote:
koitsu wrote:
The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).


But does this mean that on every post you will need to write the password or the authentication is only done once? My guess is this is a one time action until the session is over.


Present-day browsers (IE, Firefox, Opera, Safari, Konqueror, and many others) all support saving the username/password used for authentication at a specific URL. If you use Firefox, I'm sure you've seen the bar at the top of the browser pop up asking you if you want to save this password for future use.

All that happens when you post is that you get a username/password box, which has the fields already populated, and you just hit Enter/OK.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 80 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group