Author Topic: IMPORTANT: New Forum Alerts System  (Read 7795 times)

0 Members and 1 Guest are viewing this topic.

Offline bitseeker

  • Super Contributor
  • ***
  • Posts: 8534
  • Country: us
  • Lots of engineer-tweakable parts inside!
Re: IMPORTANT: New Forum Alerts System
« Reply #25 on: February 09, 2019, 10:38:03 pm »
It seems that this mod took the site down this morning. While the servers are far more powerful then before, this plugin is putting undue load on the database due to very poorly written database queries and the poor database design of SMF.

I was afraid of that when I saw the 502 this morning. Thanks for bringing us back, gnif!
I TEA.
 

Online TheSteve

  • Supporter
  • ****
  • Posts: 3132
  • Country: ca
  • Living the Dream
Re: IMPORTANT: New Forum Alerts System
« Reply #26 on: February 09, 2019, 11:05:51 pm »
It seems that this mod took the site down this morning. While the servers are far more powerful then before, this plugin is putting undue load on the database due to very poorly written database queries and the poor database design of SMF.

Can we leave the mod off please :)
VE7FM
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 18464
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: IMPORTANT: New Forum Alerts System
« Reply #27 on: February 09, 2019, 11:11:01 pm »
Yay, it's gone !  :clap:

Thanks Mods.
Avid Rabid Hobbyist
 

Online 2N3055

  • Super Contributor
  • ***
  • Posts: 2623
  • Country: hr
Re: IMPORTANT: New Forum Alerts System
« Reply #28 on: February 09, 2019, 11:22:24 pm »
Yeah, good work Gnif.
Thanks!
I also didn't find alerts useful.
Regards,
Sinisa
 

Offline wilfred

  • Frequent Contributor
  • **
  • Posts: 917
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #29 on: February 09, 2019, 11:36:33 pm »
It wasn't a direct benefit to me but it did have a useful side-effect for me though.  I was prompted as a result of a post in this thread to finally disable location request pop-ups on some other websites that had been irritating me.

So this has been kinda like a mutation that prompted an immune response. Yes I have just read a book about CRISPR.

If the majority of forum members like this feature then could setting the poll timer interval to 120 seconds or even 300 still give a sufficiently timely alert response and a suitable reduction in server load.
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10051
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #30 on: February 10, 2019, 04:35:32 am »
... this plugin is putting undue load on the database due to very poorly written database queries and the poor database design of SMF.

It's surprising (to me, anyway) how often poorly structured queries get left to run.  I came across one example where a single query caused a job to run for around 17 hours.  I rewrote it and it then took 17 seconds (it was a big database).

I am happy that the alerts have been turned off - and have little interest in them being turned on again.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31387
  • Country: au
    • EEVblog
Re: IMPORTANT: New Forum Alerts System
« Reply #31 on: February 10, 2019, 06:39:10 am »
Thanks Gnif, uninstalled, no point trying to polish a turd.
It seems that every plugin (and SMF itself) seems to have been written "poorly"!

Did this plugin write stuff to the database in the short time it was on might be a problem?
 

Offline blackdog

  • Frequent Contributor
  • **
  • Posts: 610
  • Country: nl
  • Please stop pushing bullshit...
Re: IMPORTANT: New Forum Alerts System
« Reply #32 on: February 10, 2019, 06:49:01 am »
Hi Dave,

I hope you learned from it, think about KISS here.  :-DD

Kind regards,
Bram
“Two things are infinite, the universe and human stupidity, and I am not yet completely sure about the universe.”
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1160
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #33 on: February 10, 2019, 07:33:44 am »
Thanks Gnif, uninstalled, no point trying to polish a turd.
It seems that every plugin (and SMF itself) seems to have been written "poorly"!

Some things for SMF are written well, but SMF itself was never built with addons/plugins in mind. While the admin area seem to have a nice plugin management interface, etc.. the plugins are literally code patches, there are no hooks other then templates for extending SMF. This makes it hard to write good code for SMF.

Futher to that, most PHP developers learn just enough to be dangerous, writing good SQL is a skill in itself which is why good DBAs can charge as much as they do.

Did this plugin write stuff to the database in the short time it was on might be a problem?

There is possibly junk there, but at worst it will just sit there idle. Since it's not in use it wont be cached or even read off disk.
HostFission - Full Server Monitoring and Management Solutions.
https://hostfission.com/
https://twitter.com/HostFission

Note: I am NOT a moderator or arbiter of disputes, my Admin level of access is so that I can perform management of the server on behalf of Dave. Do not contact me over such issues
 

Offline beanflying

  • Super Contributor
  • ***
  • Posts: 5179
  • Country: au
  • Toys so very many Toys.
Re: IMPORTANT: New Forum Alerts System
« Reply #34 on: February 10, 2019, 07:45:43 am »
Some of SMF's issues go way back to when they ported from Version 1 to 2 that was a dog to upgrade. One of the benefits of using SMF's mod site is you can look at the code of any mod so see what it actually does to the operations of the database before adding it and look at the generally attached forum thread to see if it has issues.

Will be interesting to see what 2.1 looks like in the flesh.



Did this plugin write stuff to the database in the short time it was on might be a problem?

There is possibly junk there, but at worst it will just sit there idle. Since it's not in use it wont be cached or even read off disk.

Might pay to check and clear the error logs?
Coffee, Food, R/C and electronics nerd in no particular order. Also CNC wannabe, 3D printer and Laser Cutter Junkie and just don't mention my TEA addiction....
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10051
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #35 on: February 10, 2019, 07:53:24 am »
I'm with Gnif.  Whatever, if anything, is left behind will quite likely be completely ignorable.  You might create more problems trying to clean it out.
 

Offline beanflying

  • Super Contributor
  • ***
  • Posts: 5179
  • Country: au
  • Toys so very many Toys.
Re: IMPORTANT: New Forum Alerts System
« Reply #36 on: February 10, 2019, 08:00:58 am »
The Error logs are separate to the main database and don't do anything to it they only come from it. In the case of a major issue they can bog the system down if not cleared.

They are actually a good way to debug SMF issues providing you can sort out what error actually caused the log (not always straightforward)
Coffee, Food, R/C and electronics nerd in no particular order. Also CNC wannabe, 3D printer and Laser Cutter Junkie and just don't mention my TEA addiction....
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10051
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #37 on: February 10, 2019, 08:43:13 am »
Sorry.  Error logs.

Yeah, check them and clean them up - but I'm sure Gnif already has that as a regular maintenance activity.
 

Offline taydin

  • Frequent Contributor
  • **
  • Posts: 514
  • Country: tr
Re: IMPORTANT: New Forum Alerts System
« Reply #38 on: February 10, 2019, 08:49:10 am »
It would be very useful to have a plugin that takes a remote image URL, downloads the image and attaches it, all in one step. This way, I don't need to download the image to my harddisk, and then attach it, which is two steps. I know, not a huge gain, but still :)

I am looking for such a plugin for my own forum as well.
Real programmers use machine code!

My hobby projects http://mekatronik.org/forum
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1160
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #39 on: February 10, 2019, 08:54:07 am »
It would be very useful to have a plugin that takes a remote image URL, downloads the image and attaches it, all in one step. This way, I don't need to download the image to my harddisk, and then attach it, which is two steps. I know, not a huge gain, but still :)

I am looking for such a plugin for my own forum as well.

This is a major security risk, not only to your website but it could potentially allow your website to be used to DoS attack another server.
HostFission - Full Server Monitoring and Management Solutions.
https://hostfission.com/
https://twitter.com/HostFission

Note: I am NOT a moderator or arbiter of disputes, my Admin level of access is so that I can perform management of the server on behalf of Dave. Do not contact me over such issues
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 18464
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: IMPORTANT: New Forum Alerts System
« Reply #40 on: February 10, 2019, 08:59:32 am »
It would be very useful to have a plugin that takes a remote image URL, downloads the image and attaches it, all in one step. This way, I don't need to download the image to my harddisk, and then attach it, which is two steps. I know, not a huge gain, but still :)
:-//
I do this ^ all the time, just place the image URL between Insert Image [ img ] image URL [/img ] flags.

Still, for fear of a broken link or the source server going down it's better to upload any files onto Dave's server while being considerate of their size.
« Last Edit: February 10, 2019, 09:01:58 am by tautech »
Avid Rabid Hobbyist
 

Offline wilfred

  • Frequent Contributor
  • **
  • Posts: 917
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #41 on: February 10, 2019, 09:01:35 am »
Whilst plugins can do useful things (or not) there is something to be said for less is more. When it comes time to upgrade to a new release of SMF all plugins have to be checked for compatibility and upgraded if necessary. If there is no upgraded plugin then you have to decide how you proceed. Go on without it or wait or make your own patches. A simple plain Vanilla system is not very exciting but that can be a good thing too.

Without knowing the internals of this plugin I initially thought it might be offset by reduced refresh requests from users wanting to see if their post has been responded to.

 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 18464
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: IMPORTANT: New Forum Alerts System
« Reply #42 on: February 10, 2019, 09:16:06 am »
On the subject of SMF functionality, another forum I frequent changed from SMF a couple of years back to XenForo and while there was a few howls of protest that quickly calmed down, I've come to think it's a better package.

As a member your PC does poll it's server and offers a momentary Alert flag while browsing and your Alert tab shows a red flag that indicates how many you have......no need for Unread Replies.
While posting in a thread a bar lights should there be another post made but the bit I like is, should you go back immediately after posting you get back into the thread, not your finished post !

Just what upload file formats it supports I dunno which would be important for the many that are used here on EEVblog.
Avid Rabid Hobbyist
 

Offline beanflying

  • Super Contributor
  • ***
  • Posts: 5179
  • Country: au
  • Toys so very many Toys.
Re: IMPORTANT: New Forum Alerts System
« Reply #43 on: February 10, 2019, 09:27:26 am »
For open source and zero cost SMF is still hard to go past. Add ons and hard coded mods always need to be considered a weak point in particular when a version change in imminent.

I have seen some commercial forum abominations too. Limited/no upgrade options due to the code being closed source unless you shell out more $ for 'enhanced functionality'.

Either way it is still Dave's bottom line and since the server change the forum has been running pretty smoothly from the front end at least.  :-+

Re Picture and file enhancement upload mods, don't do it and not recommended in anyway they modify the database for most I have looked at and security on these is just asking for a hack as they are not part of the core.
Coffee, Food, R/C and electronics nerd in no particular order. Also CNC wannabe, 3D printer and Laser Cutter Junkie and just don't mention my TEA addiction....
 

Offline taydin

  • Frequent Contributor
  • **
  • Posts: 514
  • Country: tr
Re: IMPORTANT: New Forum Alerts System
« Reply #44 on: February 10, 2019, 09:56:02 am »
This is a major security risk, not only to your website but it could potentially allow your website to be used to DoS attack another server.

I can understand that this could be used by others to DoS my server by mass uploading images, but they would first have to MANUALLY create an account. Most spammers don't do manual, they do automated, and those tend to fail to create accounts automatically.

But I don't understand how MY SERVER can DoS another one with this plugin  :-// Care to elaborate?
Real programmers use machine code!

My hobby projects http://mekatronik.org/forum
 

Offline taydin

  • Frequent Contributor
  • **
  • Posts: 514
  • Country: tr
Re: IMPORTANT: New Forum Alerts System
« Reply #45 on: February 10, 2019, 09:58:12 am »
I do this ^ all the time, just place the image URL between Insert Image [ img ] image URL [/img ] flags.

Still, for fear of a broken link or the source server going down it's better to upload any files onto Dave's server while being considerate of their size.

I know that [IMG] bbcode can be used to embed remote images. The whole point of this plugin would be precisely to avoid loss as a result of the remote image going away.
Real programmers use machine code!

My hobby projects http://mekatronik.org/forum
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1160
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #46 on: February 10, 2019, 10:10:53 am »
This is a major security risk, not only to your website but it could potentially allow your website to be used to DoS attack another server.

I can understand that this could be used by others to DoS my server by mass uploading images, but they would first have to MANUALLY create an account. Most spammers don't do manual, they do automated, and those tend to fail to create accounts automatically.

But I don't understand how MY SERVER can DoS another one with this plugin  :-// Care to elaborate?

Please note I am not talking about spammers, I am talking about a real security issue that would be performed by a human, or if simple enough, a script.

Ok, think about this. Your server likely has a nice fast internet connection, and you're letting someone input a URL to an image to download and store on your server. If someone scripted something to make your server fetch say 100 images at once from a remote server, your nice fast internet connected server would end up performing a DoS attack. This is known as an amplification attack, the attacker could perform this attack using a dial up connection at little expense to themselves.

The other danger is you need to verify the file being fetched is actually an image. What is stopping someone from plugging in a URL to an "image" that is really an malicious file with 100GB of data appended to the end of the image data? Your website would have no way of knowing it's fetching a ton of useless data unless you write the code to parse the image header and determine if the downloaded data is going to exceed the actual image size. An attacker could use this to make your server DoS itself, again with very little effort or bandwidth. They could even just request a single file and fill up your HDD crashing out other critical services like MySQL.

Please be aware that I daily see websites attacked by other servers that have been compromised or have these exact issues I am describing here. It is a very common occurrence, and because these other website owners or developers never think of the security implications, the do not keep logs of who is triggering the upload/download making it near impossible to trace and filter. HTTP logs are not enough in these instances, I am talking actual application logging.
« Last Edit: February 10, 2019, 10:16:59 am by gnif »
HostFission - Full Server Monitoring and Management Solutions.
https://hostfission.com/
https://twitter.com/HostFission

Note: I am NOT a moderator or arbiter of disputes, my Admin level of access is so that I can perform management of the server on behalf of Dave. Do not contact me over such issues
 
The following users thanked this post: EEVblog, Ian.M, Jacon

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 8619
Re: IMPORTANT: New Forum Alerts System
« Reply #47 on: February 10, 2019, 10:32:34 am »
... and then there's image copyright issues.   Install a mod that rips 3rd party images from the internet and as you as the server admin have chosen to do so automatically, (without seeking a copyright release), you immediately loose all goodwill from copyright owners and it rapidly escalates to DCMA takedown notices served on your hosting provider, who, with proof of repeated automatic copyright violations, will take your whole site offline till the legal issues are resolved.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31387
  • Country: au
    • EEVblog
Re: IMPORTANT: New Forum Alerts System
« Reply #48 on: February 10, 2019, 11:17:02 am »
On the subject of SMF functionality, another forum I frequent changed from SMF a couple of years back to XenForo and while there was a few howls of protest that quickly calmed down, I've come to think it's a better package.

I'm on another ZenForo based forum and I do really like it, the ability to simply Ctrl-V images into the post box is amazing. I wish SMF had something like that.
 

Offline Muttley Snickers

  • Supporter
  • ****
  • Posts: 2117
  • Country: au
Re: IMPORTANT: New Forum Alerts System
« Reply #49 on: February 10, 2019, 11:47:50 am »
I was going to post this elsewhere but because it may be related to the recent events I figured it probably belongs here.

Since the restart the first dozen or so entries in the who's online list display as "Unknown Action", this was not the case prior and neither were the clash of time stamps, previously it was very rare to see coincidental time stamp entries.

I can jump on another computer and post an image capture if required, here is a link below but be sure to select members only in the show box on the right hand side.
 
https://www.eevblog.com/forum/who/   
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf