_ck_ (@_ck_)

Forum Replies Created

Viewing 25 replies - 51 through 75 (of 2,186 total)
  • @_ck_

    Participant

    There is no need to minify PHP comments, they are dropped by opcode caches.

    However reducing query count is not going to be easy.

    I’ll do a 3rd party analysis on the queries (and file count) next week or so, I suspect there is going to be little that can be done to reduce the load because of how this is now being done. It is likely any bbPress plugin install is going to have to be heavily cached on any reasonably active site, just like WordPress now absolutely requires a complicated cache like W3 Total Cache.

    But what people don’t realize is you cannot cache an active forum like a blog, they work very differently. Blogs are write-once, read many times and then the comments can be isolated with periodic updates. But on a forum it’s write-many-times and constantly changing. So there will always be many cache misses and the mysql engine will get a huge workout.

    Try using WP3 these days on an active site where there are cache misses, the server will fall apart. You cannot rely on the miracle of caching and ultra-fast hardware to get around fundamental design problems.

    @_ck_

    Participant

    these popped up in my alerts:

    bbPress plugin project saw serious progress during Google Code-in

    2011: A New Kind of Forum Software is Born

    It’s a shame that topic split/merge had to wait until the plugin version to be done in the API and not in the previous few years for the standalone.

    Neither of the writeups mention the impact of database queries and the size of the codebase so I will have to explore that next week. I suspect they are high. It’s easy to pile on features but hard to make them efficient.

    ps. Gautam is only 15 ?! Wow, amazing work for such a young age.

    @_ck_

    Participant

    Looks like WP’s emergency update for esc_url should also be ported to bbpress.

    I am thinking we need to do a security update for 0.9 as well since many people (thousands) are locked into it.

    @_ck_

    Participant

    Looks like WP’s emergency update for esc_url should also be ported to bbpress.

    I am thinking we need to do a security update for 0.9 as well since many people (thousands) are locked into it.

    @_ck_

    Participant

    I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)

    But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.

    @_ck_

    Participant

    I am guessing but moving up esc_url only works because the vulnerable url fails the list of allowed protocols. This will break relative urls being passed (try using /forums/ for example without http)

    But since relative is a rare case (I use relative but via plugin) I guess it’s acceptable.

    @_ck_

    Participant

    Maybe I am getting rusty, but looking at the diff, I don’t see it.

    Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.

    Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?

    Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.

    Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.

    Maybe test your solution with a url that contains an ampersand, it probably will not work?

    Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).

    ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested

    Feel free to email me directly if that’s better.

    @_ck_

    Participant

    Maybe I am getting rusty, but looking at the diff, I don’t see it.

    Basically it’s the same thing, shuffled around a bit and the same esc_url and esc_attr is being used at the end, which is the same pattern as the existing 1.0/1.1 code.

    Are you sure the fix was not being caused by just having a more updated version of esc_url and esc_attr ?

    Or was it just being solved by moving those two sanitizers up higher before bb_safe_redirect could ever be called. Because that was definitely an oversight on someone’s part (not me). Based on the comments I’d guess they thought their functionality was for display filtering and not actually sanitization.

    Looking at esc_url though, its default is indeed meant for displaying urls by default, note the comment in the code “Replace ampersands and single quotes only when displaying.” and how the context is set by default to “display”.

    Maybe test your solution with a url that contains an ampersand, it probably will not work?

    Also, are you relying on the list of protocols to do the sanitization? Because that could be defeated too (and would prevent using relative urls that are legitimate).

    ps. very minor but you have confusing indentation indicating nesting with the code at line 18 – which actually is not nested

    Feel free to email me directly if that’s better.

    @_ck_

    Participant

    Thanks, I got the report.

    This is interesting.

    Do you find that WordPress fails this test too? Because it uses a very similar routine.

    I feel the problem should be addressed in function wp_sanitize_redirect which would solve it cross-platform.

    @_ck_

    Participant

    Thanks, I got the report.

    This is interesting.

    Do you find that WordPress fails this test too? Because it uses a very similar routine.

    I feel the problem should be addressed in function wp_sanitize_redirect which would solve it cross-platform.

    @_ck_

    Participant

    You can email me at the address on my donate page on my website.

    @_ck_

    Participant

    You can email me at the address on my donate page on my website.

    @_ck_

    Participant

    This is likely a permissions bug with 1.1 dealing with anonymous posts being edited by admin.

    Someone will have to look through the code (if the bug can be duplicated).

    @_ck_

    Participant

    This is likely a permissions bug with 1.1 dealing with anonymous posts being edited by admin.

    Someone will have to look through the code (if the bug can be duplicated).

    In reply to: hide ip address

    @_ck_

    Participant

    Actually I think IP can be seen in the admin area too by mods.

    It’s possible to remove IP viewing ability via capabilities though.

    In fact that sound very familiar, I think I made a mini-plugin for it awhile back.

    In reply to: hide ip address

    @_ck_

    Participant

    Actually I think IP can be seen in the admin area too by mods.

    It’s possible to remove IP viewing ability via capabilities though.

    In fact that sound very familiar, I think I made a mini-plugin for it awhile back.

    @_ck_

    Participant

    Some interesting statistics for the entire 10,000+ collection of all bbPress installations:

    bbPress Version Popularity

    1.1 : 1%
    1.0 : 48%
    0.9 : 36%
    0.8 : 15% (includes sites below 1.x that hide their version
    as 0.8 has no consistent way to be detected)

    PHP Popularity

    5.3 : 4%
    5.2 : 70%
    5.1 : 4%
    5.0 : 1%
    4.4 : 6%
    4.3 : 1%
    ?? : 15% (unknown)

    So PHP version 5 adoption has finally taken off in late 2010.

    Server Popularity

    Apache 	 	: 40%  	  (specific version unknown)
    Apache/2.2 : 35%
    Apache/2 : 10% (sub-version unknown)
    Apache/1.3 : 5%
    Nginx : 5%
    Microsoft-IIS : 3%
    Litespeed : 2%

    (and quite a few others/variations but below a single percent each)

    Downloads via bbPress.org as of October 2010

    bbPress 0.9 : 150,000+
    bbPress 1.0 : 129,000+
    _ck_ plugins: 102,000+ (total, all included)

    @_ck_

    Participant

    Some interesting statistics for the entire 10,000+ collection of all bbPress installations:

    bbPress Version Popularity

    1.1 : 1%
    1.0 : 48%
    0.9 : 36%
    0.8 : 15% (includes sites below 1.x that hide their version
    as 0.8 has no consistent way to be detected)

    PHP Popularity

    5.3 : 4%
    5.2 : 70%
    5.1 : 4%
    5.0 : 1%
    4.4 : 6%
    4.3 : 1%
    ?? : 15% (unknown)

    So PHP version 5 adoption has finally taken off in late 2010.

    Server Popularity

    Apache 	 	: 40%  	  (specific version unknown)
    Apache/2.2 : 35%
    Apache/2 : 10% (sub-version unknown)
    Apache/1.3 : 5%
    Nginx : 5%
    Microsoft-IIS : 3%
    Litespeed : 2%

    (and quite a few others/variations but below a single percent each)

    Downloads via bbPress.org as of October 2010

    bbPress 0.9 : 150,000+
    bbPress 1.0 : 129,000+
    _ck_ plugins: 102,000+ (total, all included)

    @_ck_

    Participant

    bbPress is now being used in over 100 countries/regions in over 50 languages!

    Here is a sample of the Top 50 countries/regions:

    United States
    Russia
    Germany
    United Kingdom
    Spain
    France
    Italy
    Turkey
    Poland
    Brazil
    Canada
    China
    Netherlands
    Sweden
    Japan
    Australia
    Denmark
    Romania
    Ukraine
    Switzerland
    Czech Republic
    Finland
    Norway
    Argentina
    Thailand
    Bulgaria
    South Africa
    Iran
    Hungary
    Austria
    Latvia
    Lithuania
    Belgium
    New Zealand
    Israel
    Indonesia
    Slovakia
    Portugal
    Tokelau
    Ireland
    Chile
    Mexico
    South Korea
    Serbia
    Taiwan
    Saudi Arabia
    Greece
    Malaysia
    Estonia
    Philippines

    Note that the targeted audience as indicated by the flags on the right of the list is more of an art than a science, so please do not be insulted if my algorithm got it wrong. It’s a combination of looking at the TLD and the declared language type being used on the page.

    For example a site may have a flag for Spain if Spanish is used but no other specific variation or TLD is used, etc.

    The most popular TLDs for bbPress forums are:

    .com (by 50% !)
    .org
    .net
    .ru
    .uk
    .de
    .it
    .info
    .ca (honourable mention as .ca has 50% less than .info
    however pl, fr, nl, se and au all have over 100 sites)

    @_ck_

    Participant

    bbPress is now being used in over 100 countries/regions in over 50 languages!

    Here is a sample of the Top 50 countries/regions:

    United States
    Russia
    Germany
    United Kingdom
    Spain
    France
    Italy
    Turkey
    Poland
    Brazil
    Canada
    China
    Netherlands
    Sweden
    Japan
    Australia
    Denmark
    Romania
    Ukraine
    Switzerland
    Czech Republic
    Finland
    Norway
    Argentina
    Thailand
    Bulgaria
    South Africa
    Iran
    Hungary
    Austria
    Latvia
    Lithuania
    Belgium
    New Zealand
    Israel
    Indonesia
    Slovakia
    Portugal
    Tokelau
    Ireland
    Chile
    Mexico
    South Korea
    Serbia
    Taiwan
    Saudi Arabia
    Greece
    Malaysia
    Estonia
    Philippines

    Note that the targeted audience as indicated by the flags on the right of the list is more of an art than a science, so please do not be insulted if my algorithm got it wrong. It’s a combination of looking at the TLD and the declared language type being used on the page.

    For example a site may have a flag for Spain if Spanish is used but no other specific variation or TLD is used, etc.

    The most popular TLDs for bbPress forums are:

    .com (by 50% !)
    .org
    .net
    .ru
    .uk
    .de
    .it
    .info
    .ca (honourable mention as .ca has 50% less than .info
    however pl, fr, nl, se and au all have over 100 sites)

    @_ck_

    Participant

    In October 2010, to make the Top 100 (out of 10,000+ installations) now requires over 50,000 posts!

    We have a new leader Singletrack Mountain Bike Magazine

    beating out the old champion Simon & Schuster (international book publisher).

    with nearly 1.8 MILLION posts. Absolutely incredible growth!

    There are five bbPress powered forums with over a million posts now!

    singletrackworld.com  http://www.singletrackworld.com/forum/
    simonandschuster.com http://forums.simonandschuster.com/
    wordpress.org https://wordpress.org/support/
    greedyorneedy.com http://www.greedyorneedy.com/forum/
    weddingbee.com http://boards.weddingbee.com/

    Nearly 300 more have over ten thousand posts,

    and nearly 1,000 have over one thousand posts.

    Over four dozen new bbPress powered forums are put online every week on average!

    @_ck_

    Participant

    In October 2010, to make the Top 100 (out of 10,000+ installations) now requires over 50,000 posts!

    We have a new leader Singletrack Mountain Bike Magazine

    beating out the old champion Simon & Schuster (international book publisher).

    with nearly 1.8 MILLION posts. Absolutely incredible growth!

    There are five bbPress powered forums with over a million posts now!

    singletrackworld.com  http://www.singletrackworld.com/forum/
    simonandschuster.com http://forums.simonandschuster.com/
    wordpress.org https://wordpress.org/support/
    greedyorneedy.com http://www.greedyorneedy.com/forum/
    weddingbee.com http://boards.weddingbee.com/

    Nearly 300 more have over ten thousand posts,

    and nearly 1,000 have over one thousand posts.

    Over four dozen new bbPress powered forums are put online every week on average!

    @_ck_

    Participant

    Unread Posts probably doesn’t work with 1.x, so deactivate it asap.

    In reply to: Mini stats

    @_ck_

    Participant

    In the installation instructions it tells you how to do custom placement.

    In reply to: Mini stats

    @_ck_

    Participant

    In the installation instructions it tells you how to do custom placement.

Viewing 25 replies - 51 through 75 (of 2,186 total)