|
|
|
This is definitely frustrating for me (I use links and formatting a lot). And it's not an oversight either; I don't have further info at this point but I'll be prompted for when we can turn it back on (and remove the announcement I made). Didn't want to leave you in silence, and I'm linking this internally too.
I wrote a greasemonkey script to handle BBCode.
http://userscripts.org/scripts/show/9651 Thanks Strife, Greasemonkey is really cool once you get into it, I use it with a number of fave websites.
I haven't forgotten about this and don't have an update at this time on when this will be fixed. Torley, your announcement was set to run for just one month, and it has disappeared now. You might want to put it up again so we can easily refer new people to it.
I would also suggest you edit it to include info about Strife's scripts, as well as a link to this JIRA ticket so people know to come and vote if it matters to them. Great ideas, Ava. I sure do – it's up again, and I've mentioned a link this way.
I don't have any further updates on this at the present. Updating priority since other than Torley who apparently has no ability to flip the one toggle box needed to enable vb code it is being ignored. It takes one little option to turn vbcode back on one would think that even LL would be able to handle that.
No offense meant to Torley I'm sure the best is being tried with the given tools. Moved priority back to Major per earlier internal discussions – also for context, this is not as important as some more pressing webdev & ops projects (incl. billing concerns relevant to many Residents) which have to be finished first.
Turning it back on of course isn't the difficult part here. I was really sad to see BBCode disappear from the forums.
I used it extensively to format my posts/FAQs, and frankly, no amount of : will ever replace the beauty of : Given that :
I know this isn't a major issue. I know LL probably has their reasons for turning this off. I mean heck, I disable the "COLOR" and "FONT" tags on my own (vBulletin-based!) forums. Thing is, you could at least let us use the bold, italic, and underline tags for formatting. Those are very useful! Any updates at all on this, Torley?
Surely someone at LL has to know why the BBC was turned off and what it'll take to be able to turn it back on again. Even tossing a bone to us as to why it has to be off would be nice to know, because it is annoying to not have it here. Point of fact :Just TRY to read Strife's reply post to yours on the "About this forum <----- Please Read" in the Resident Answers forum. With the BBC turned off, that's just a mess and is nearly impossible to read. And yeah, I know other things are needed fixed first Grins That's why I just want to know WHY it was turned off, not having a fit to have it back ^.~ ~Jessy I would appreciate something here, too. At least an explanation of what exactly the reason is. It's not like none of us have experience with vBulletin - and this makes the Classifieds almost entirely pointless, and simple threads a bit of a pain.
Also, BBCode hasn't been entirely turned off - [quote] tags still work, for a start. It's a major pain to deal with when the grid is down and everyone piles onto the only official channel of communication they have for their SL addiction, so any updates on when this is going to be turned back on?
If there isn't an ETA, then please, please, can we have it turned back on until they have the time to do the update? I'll ping webdev again today to see if there's anything else, because I don't know.
Haven't heard back yet... I'll be sure to post as soon as I get a reply.
You can use Strife's BBCode script in Opera. Copy the script to notepad and save it with whatever name but you must put this on the end ".user.js" so that you will end up with something like BBCode.user.js. Then just follow the directions on the page under "How to add scripts".
You do not need to do the extra step of editing the .ini file. Okay - come on - please, be serious with us. There is no indication of why this has happened, over a period of months. I started this issue in June and it is September now.
I could accept it if there was a reason. It is just that there has basically been absolutely nothing at all here. It is just as puzzling as it was in the first instance. I have never understood why it was stated that a pending upgrade statement was used instead of the real reason. An HTML Injection Vulnerability was discovered by someone from Fance. Please LL, we are not children, go ahead and make a blog post stating the real reason. BBCode was disabled because of a vulnerability.
"PHPBB URL BBCode HTML Injection Vulnerability
phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This issue is due to a lack of sufficient sanitization performed on user supplied URL BBCode tags. An attacker may exploit this issue to steal cookie-based authentication credentials; other attacks may also be possible." But I should also point out, fixes, not just workarounds have been released and other sites are using them.
It can't have been that one - the forums run on vBulletin, and the exploit mentioned there is for phpBB.
Yeah, my bad! If you look at the source when you are in a forum page, you will notice it is VBulletin 3.05:
https://my.controlscan.com/threats/details.cgi?id=16280 Think that is why LL is sooooo quite on this. Our authentication cookies had been vulnerable for more then a year with a known, published vulnerability. That vulnerability was published on 1/31/05 I think Jesse has likely found the real reason for this. It makes a whole lot more sense to think they've disabled BBCode due to a vulnerability in VBulletin, and haven't come up with a fix for it yet, or the fix brings with it more problems they haven't been able to deal with so far. I do wish though they LL would be up front and honest, and just say "Folks, we regret to say we've discovered a problem and have to disable BBCode indefinitely. We'll have it back as soon as we can get a fix in place, but we don't know when that will be at this point." We understand vulnerabilities and fixes, and it makes it a whole lot easier to deal with these things if we know what the real reason is behind the action taken. We don't need to know the details, just the reasoning.
As maintainer of a phpbb forum with some modifications, I know that updating can be less than trivial. LOL! I meant to say "Updating can be far from trivial". I just hope they can get to it soon, it is a major bother!
I'm not in a position to speculate but again, I apologize I don't have more info about this, but that we haven't forgotten. (You know how damn candid I am when I DO know about stuff!
 ) I agree it is maddeningly frustrating. It is, and for the moment I have decided to cease giving scripting examples on the forums because of it, not of course because I wish to deny anyone but simply because any examples that I do post are utterly incomprehensible without [PHP] or [CODE] tags being available.
Ah, looks like Strife's 2nd link above:
http://forums.secondlife.com/showthread.php?t=188596 now references an unrelated forum thread in the Property Sales and Rentals section. According to a search of the forums using 'greasemonkey', the correct forum thread is now: http://forums.secondlife.com/showthread.php?t=188445 I discovered this when I went to setup Firefox after a re-install. I can only assume that LL are trying to persuade people to leave the forums like they've so obviously wanted for so long. There's no other explanation that I can think of for the current situation, nearly 2 months after Jesse exposed the real reason and pointed out that genuine fixes are available.
As Ordinal says, trying to help out in the scripting forum is near-impossible. We have plans for upgrading the forums. Unfortunately, compared to some of our other priorities, it is frankly not as high. The reason why we haven't said anything is simply because despite Torley's constantly pinging, there isn't a lot of time to post updates or even investigate who should be posting updates.
As far as I know, BBCode will remain disabled until we upgrade the forums. I've just posted a copy of this to the sldev mailing list and also to the forums:
On 5/22/07 bbcode was turned off in the forums. The only reason given was that the forums were pending an upgrade. Since that time, no further explanations have been given. Well, we know why bbcode was disabled. On Monday, January 31, 2005 a cross site scripting vulnerability was discovered in all versions of vBulletin prior to v3.06. The forums are using vBulletin v 3.05, so that for nearly a year and a hlf, we were vulnerable to someone stealing our authentication cookies. The exact same authentication used for our SL accounts. But even with an upgrade to a newer version of vBulletin we would still probably be vulnerable under the present login scheme. Historically But............................................ What I do not understand is why a complete and full explanation has never been given and why we end up with remarks like this in the jira entry concerning bbcode: https://jira.secondlife.com/browse/WEB-156 "Jeff Linden - 26/Oct/07 06:34 PM As far as I know, BBCode will remain disabled until we upgrade the forums." Well, excuse my language but this is bullshit. Evidently to the lindens, the forums are nothing more then the the old "General" or present "Resident Answers" sections. I would suggest that ALL of the lindens scroll down the page to the content creation forums and start reading there. You will find that many residents have spent hundreds if not thousands of hours w/o any compensation creating applications for other residents to use and then many more hours helping noobs learn to use them. Then you have many other residents, some with full time succesful businesses, who spends thousands of hours every year helping noobs by answering questions. After all of this time we have not asked for anything back, we do it so that others can learn scripting, texturing and building. Well actually there is one thing we have asked and that is for bbcode to be reenabled and yet the officail linden response is that "Sorry, we don't have 5 minutes to answer that question." with utter contempt, It would not be unreasonable to assume that Linden Labs could, I don't know.. turn ON the BBCode until they're honestly ready to update it? 6 months waiting for the update is ridiculous and proves that LL can't be bothered with their communications with their customers.
Farcical. Jeff, do you realise just how badly this reflects on LL? Vague messages about BBCode being disabled pending an update (when the real reason is a security issue, already fixed), lies about when it will be fixed, silence for a while, then a tacit acknowledgement that it wont be fixed any time soon, because it's not a priority.
And telling us that was out of the question too, because telling us is also not a priority. Oh, and deciding whose job it actually is to tell us, well that's not a priority either. Sadly though, this is exactly how most residents now expect certain parts of LL to work. The fact that Torley was similarly unable to get anything out of anybody says a lot though. On the other hand, the ludicrous Auth scheme that was pretty much universally rejected by the community is still going ahead... I sympathize with your frustration, and as much as I do not appreciate the hostile tone, I can understand. I appreciate that the several of you who ARE posting are passionate about Second Life enough to post with such emotion, even if it is mostly non-constructive.
BBCode is indeed turned off due to a security issue; the correct fix is to install the upgrade, rather than spend precious man-hours (did I mention we're hiring?) figuring out how to fit the upgrade into our existing system infrastructures. I wish I could say that it is as simple as downloading some code, dumping the MySQL data, copying over the existing code on a server somewhere and then re-importing the data, but it will be a bit more involved than that. I had thought it was pretty obvious from the above posts that the reason has already been figured out by some of the Residents here, and I was simply trying to explain why the Residents had to figure it out in the first place, instead of one of us telling "the world" somehow what the reason was. Again, I'll apologize if it will make you feel better. Thanks for bearing with me/us. Well get over the hostile tone and live with it. I have been in business for 30 years and after 6 months of my customers waiting, I had made an announcement like yours, I would have been called to the carpet for it. But you still haven't announced anything. If you want to, you can say I announced it. "instead of one of us telling "the world" somehow". LL decided that the only way to announce anything anymore was through the blog. We do not have access to create posts there, only Lindens. Now there are another million or so people waiting to here this announcement and I would suggest that would be the place to make it.
Don't try crying about not having enough time. In just a few sentences I have said more then LL ever did pertaining to this ongoing problem and yet I have a full time job. Write a few sentences during lunch or break or night or something and release the news. Yes you are hiring but you are also pissing off one hell of a valuable volunteer force that are all working full time or going to school with heavy schedules. And yet SOMEHOW we still have time to help others. What is non-constructive or your two posts to date. Make a constructive blog annoncement and figure out who is going to do the announcing from now on. Well, you might not appreciate us being hostile and non-constructive, but people like Jesse, Ordinal et al spent 5 months being constructive and it got us nowhere. The only Linden to even reply was Torley, who spent the 5 months asking about updates and similarly getting absolute silence.
We've tried voting for this as an issue. It's now the most popular issue in the Web subproject (even other Lindens have voted for it) and yet we still got silence. How does that encourage people to be constructive? The only way we can get any input is to press the same buttons that always seem to work, then post it to sl-dev. It really shouldn't be that way, I don't want to spend my time being "hostile" (I'd say I was harsh, not hostile) but if it's the only way that works then seriously - what do you expect? The worst part of it is that many of the most vocal people posting in this issue are here because we want to help others in the scripting forum, and it's almost impossible to do at the moment. Maybe that's unconstructive and hostile? Thanks for putting a more realistic message in the forum sticky. However, it seems to imply that there will be no further news on this until the end of the year.
LL seems unaware that the scripting forum is an incredibly valuable component of its customer support. Scripting is a key part of LL's value prop as part of the 3D web story, and LL's abandonment of users who are shouldering the burden of LSL support is unfathomable. Not having BBCode enabled is crippling those efforts. I appreciate that you personally can do little to fix this - it is clearly a prioritization issue. To whom should we speak in order to get the priority elevated? Evidently it has been a mistake for the scripting community to permit its feelings on this to be carried by Ordinal, Jesse and Stephen. Would you prefer that every scripter who wants BBCode enabled post a comment here? These three people are not cranks - they are leaders. You can hear from ALL the followers as well if you wish. We're sorry that the messaging on this wasn't as clear as everyone would like. We haven't taken this off of our list of things to do, and we realize this is important to everyone, but we've got a LARGE list of things to do, with lots of SCARY and really important things to keep the lights on here at Linden Lab. LARGE list. SCARY things. Have I said "LARGE" and "SCARY" enough yet? LARGE! SCARY!
What does that mean for this discussion? Well, let me reiterate: we know this is important. We know it's really important. This is a matter of choosing between really important things, and this is lower on the list. We're sorry. Thank you Rob and Jeff for answering. It may not be exactly the news we wanted to hear as in "it will be done tomorrow", but it still gives hope. Now I can go back to gently reminding LL of the continued usefullness of the Content Creation forums and hopefully override the lindens that wish to disband the forums completely
Rob, what's really LARGE AND SCARY is the way your prioritize things. Installing Windlight or adding voice and putting in sculpties are not the priorities of most residents – most don't even know these were issues that they should comment. If given a choice, they might well prefer overall stability and a working forums. In fact, I don't doubt that if you were to publish your LARGE AND SCARY list, many of us would say, hey, take that thing right off your shoulders this minute as it is NOT important to us, and only important to a handful of your coders and a handful of resident coders, and not significant to the community at large.
Jesse, there is absolutely no need to artificially counterpose the old forums, the rump of the old forums in Resident Answers, the the creative content sections – as if the forums should only survive if they survive in the forum of content creation only. The classifieds ads are just as important to business; the open comments one can still shoehorn into Resident Answers are vital to some sort of meaning and cohesion to the very fractured and black-box experience of Second Life. The Lindens should just outsource the forums completely and thereby reopen the sections General, Political Science, Land and Economy, etc. Let some company that does forums for a living like Stratics take this off your hands. Stop being a dog in the manger with our forums. Woah. THAT Large and Scary!?! So that faint feeling that SL is permanently about five minutes away from a massive database and / or network outage is in fact not creeping paranoia as I was happy thinking!? Dude I'm going to need Prozac now as I wander SL expecting the sky to fall at any second!!! Or is this more a "the coffee machine has run out of filters" kind of scary? Believe me. I get really spooked when that happens at work. Everything else goes out the window till I've fabricated something capable of filtering coffee out of a sheet of A4 and a compass I keep in my draw. [I believe a smiley is customary at this point]
Ok, so I'll accept that unnamed large and scary things are stopping this from happening. But. Um. Cough. Asking politely in a sincere voice. Could we have an ETA for a fix? Roughly? Maybe? I mean you know, just to the nearest quarter. 2Q08? Perhaps? Ish? OK... 3Q08? WOOHOO! Good news scripters!
Come to find out we don't even need php tags in the scripting forum. Look at this thread for more details: http://forums.secondlife.com/showthread.php?t=226867 The condensed version is that even if code doesn't have php tags and shows as not formatted, if you hit the "QUOTE" button the the code is properly formatted in the reply window! You can just copy and paste from there, then just cancel the reply. ah heck
 Works for FF or Opera, not IE. There are scripters who use IE?
It works in Safari too, but whilst it is a useful thing to know about, it must be said that any code posted to the forums is still illegible, and in general people looking for scripting examples will not know about this.... Works now for IE.
Yes I do agree it isn't the most optimal, which, of course is upgrading forums and enabling php tags. But looks as if that is not going to happen anytime soon, if at all. Before anyone takes offence at "if at all". LL has demonstrated no interest in the forums including naming new resmods. Strife has turned in his notice and will be leaving soon. LL has a list of potential candidates and still refuses to make any kind of a general announcement guaranteeing the future of the forums. I'm guessing the Lindens don't comprehend the "community" aspect of the forums. Some of us, drudge the forms for information. I'm one who is spending more time lurking through the forms looking for information on scripting and modeling. I have also been trying to point individuals to JIRA for specific issues that are brought up in the forms, but not linked to a JIRA issue.
For the average user, JIRA is intimidating and most would give up before searching and/or adding an issue/feature request. In short, the forums must be upgraded to include basic things like:
This would allow the forums to self-run, like any other popular forum. Seriously, the forums are running 3.0.7 vBullitin. v3.6.8pl2 is the current release. Changing back to Critical, I know that the priority button shouldn't be used as a bludgeoning stick but this is starting to get really ridiculous when we go months at a time without a word from LL on a simple web upgrade. Even with all the stuff that takes higher priority upgrading a simple piece of forum software should take no more than half an hour.
So December 22nd has come and gone, Torley's announcement on the forums no longer exists, and the implied suspension of BBCode until the 22nd hasn't been lifted yet???
The list must be VERY large and Scary... another 3 months have passed...
I'm sorry, but being a field technician, after having been an in-house technician for the last 10 years, I do not buy that it cannot be done because it isn't simple - and doesn't fall high on the priority list.
This is a job that one person could do over a two to three day period - and that is allowing for full integration and reconstruction on a system of this size. Normally I could - deport / install / update / recode / import / implement - the bulletin board in a matter of 24 hours with hiccups. The fact that this is a seemingly incredibly huge network or a custom environment is not a valid excuse for this kind of update / upgrade to take place. There is no way that this has not been accomplished for any other reason than someone just doesn't want to mess with it and could care less what people are going through, or the entire support / site team are actually so inept they have no-one that knows how to do it. Which I find very hard to believe. You're hiring eh? Well I've applied a couple of times and at this point I don't know if you all really need new people that know what they are doing already, or if you all are falling into the same rigamaroe of hiring industry noobs because it's cheaper and the only drawback is... stuff like this. Nothing gets done. I'm not directly attacking you Jeff, nor Torley, however someone is really droping the ball on something so simple. Yes - I said simple. No matter how hard you'd like to make it out to be, it's not if you have the right kind of people on your staff. It could have been taken care of months ago with one or two people setting up a VN and doing the upgrade, running the in-house test, and then going live with it. Hell, I did my last update of this size on two machines using VMWare for a major corporate system. Took me two days by myself, having a couple of people test it for me every so often until I was sure security was setup lock-tite (as much as that can possibly be), and published it. I've never heard anything about it since, and this was an environment which is to this day probably more hacker-prone than SL ever dreamed of being, as high as it might be. Sorry, but whether you want to listen to my history or not, the point is, at this point the excuses given for not being done as of *FEBRUARY 2008* are no longer applicable and originally questionable. [/rant]
Consider outsourcing forum development and migration to someone like http://www.topcoder.com/
 We now know finally what this SCARY item was.... The login page was too 'complicated'....
I have an idea. Why not make that "Automatically parse links in text" box unchecked by default. That way, the url's would be easier to see, easier to copy and paste, and we won't have to wait for LL for a fix that's been promised for nearly a year.
I'm sorry, but I am no longer willing to entertain the idea that this issue is not being fixed for any practical reason. There is absolutely no possible excuse that it could have persisted since June 2007 (and it happened before that, that was just the time when I posted this JIRA issue).
There is only one explanation, and that is that LL has made a deliberate decision not to fix the situation - because it fits to have a crippled discussion board that is useless for scripting posts, for some reason, or because absolutely zero time is being allocated to website issues now, or, well, something else. But I could have taught myself PHP and written my own bulletin board software in this time. Please, a Linden of some sort, confirm that this is the case and we can all go home, rather than making us out to be idiots. Or, even better, fix the board please. If people really want me to I'll port my GM script to IE7Pro so IE users can benefit from it.
That is very kind of you, Strife, and if it would help anyone I would say that it would be useful, but in the end it is just sticking-plaster (and in any case many of us do not use either Firefox or IE).
I confess that I am not completely familiar with the workings of the JIRA - is there a status corresponding in some way to "said will deal with, person technically assigned, but actually not even the slightest effort being made over a year" that I can set here? I found someone with the same problem, who posted their solution.
Taken from http://www.vbulletin.com/forum/showpost.php?p=1675293&postcount=3
I assume they'd want to take files from 3.0.5 instead, going by the version number at the bottom of the forums, if this was indeed the problem. Celierra it's somewhat a moot point now anyway since the Lindens have said that they'll be scrapping the current software soon (eventually?) to sell it to a bumbling idiotic outsider company that will essentially kill it off and that the majority of the residens who have commented on this and oppose it can take their opinions and leave or get shoved under the bus with everyone else.
If any Lindens are still reading this issue cut out the bullshit and just close this issue as won't finish since otherwise you're just lying to us.... again. I wish there were a way to make a link that says:
Completely Unlike: VWR-11118 Ctrl+Alt+Shift+H doesn't say "hippos!" anymore I have raised this issue once more today and it was closed as resolved for being duplicate.
This is hardly resolved as here we are nearly 2 years have passed and nothing has been done about such a simple issue. Who suffers? Content creators who are trying to post their new releases and give customers easy access to their SLURLs, websites and photos. Most people who read forums would not copy and paste which they have to do now to see what was in the notice. This is loss of business to us, less money we earn less money you get from us so it should concern you as it will effect fickle economy. It is small frustrations like these that give bad press to LL and make us less tolerant and forgiving when big issues happen. So, when are the forums going to get some of the attention that LL occasionaly claims will happen?
Created: 09/Jun/07 01:01 PM And please withhold the claims of "bigger and scarier" bugaboos. It's been two years. No-one can spare a couple of days upgrading forum software? I am reluctant to expose this, but perhaps the time has come - Ms Warburton, I have been taken aside in confidence since my last comment on this subject, and given quite detailed explanation as to how the ability to post PHP code on a forum is in fact, quite literally, Communism. And bad Communism, not like the Swedish sort or anything like that.
Obviously I am unable to say quite how this is the case in a public forum, as I am sure you will understand, but please be assured that it is definitely Bad. We would not wish to encourage Communism after all; Communism is Death. I'm sure that actually makes NO sense at all. Certainly not to me
We don't do comments that are easy to understand any more I guess?
I thought that it was quite comprehensible. Which parts are causing confusion?
I'd like to call Rachel Maddow's corollary to Godwin's law
. Also, I'm wondering whether Ordinal's account has been hijacked by a troll. Ordinal, how does Communism have ANYTHING to do with the ability to use BBCode? And why bring up PHP posting? Who asked to post PHP? Are you stoned?
Please refer to earlier comments - this is non-reproducible in public.
(PHP, by the way, refers to the fact that the ability to post code was in terms of BBCode PHP tags, the syntax highlighting of which approximates to LSL.) Ordinal, I'm a PHP coder by trade, I'm aware of the difference between PHP tags and BBCode. They are nothing alike so I'm still confused as to why we'd need to post PHP code. I appreciate that scripters use the [PHP] or [CODE] tags to 'highlight' their scripts, and format them for easier reading, but that is not posting PHP code
I cannot understand why simple BBCode tags cannot be enabled, nor can I understand how enabling them would have anything to do with Communism either. Explain! The thing is, when I initially posted this thread on the subject, and during all of my previous posts, I had not been informed of the true reasons that LL had not seen fit to fix the forums. It appeared to be a random detail that nobody in the Laboratory was prepared to spend half an afternoon addressing. An uneducated observer might have thought that it was something that had carried on for two years without being addressed despite several explicit statements that it would be.
I now have. though, and the matter involves Communism. Unfortunately, that Communism is not reproducible - or rather, it is endlessly reproducible, as all Communism is. However, for reasons of safety, it should not reproducible here in public. I think it's creeping anti-socialism.
Come on, this is ridiculous guys. I try to post a new product on the forums and get error after error. First, I can't post what I want to post because 'newpost.php' and 'editpost.php' don't exist on the server. After losing my post several times I finally got it to work by shortening the text so much that it no longer conveyed the same amount of detail I originally intended. Now, even though the post went through - none of the images or links I put into it work. After spending just short of an hour trying over and over again to find a way to get this post to work correctly I decided to enter a JIRA report. LO AND BEHOLD - the very same issue I experienced today was reported over TWO years ago. No matter the amount of work that is being done behind the scenes this sure looks like mega procrastination. Put it off until they forget about it right? Or, the better idea - tell everyone that the forums will be deleted so they don't need to worry about it. ... ugh.. what a mess.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Open
Critical
BBCode not working on official SL Forums
A firefox add on named linkification. Get it at: https://addons.mozilla.org/en-US/firefox/addon/190
I don't know of any similar thing for IE, though. Switch to firefox anyways.. It's far better.