Re: Discourse
I asked Alan the Ubuntu community manager if he had insights into their setup and security concerns, he said: In short, do what upstream supports. I setup a discourse recently which I did using digitialocean and the upstream install process, which indeed is inside docker ( I haven't read that thread yet, just voicing what I did recently ) If you want support when things break, it's best to install the way upstream recommend, which is docker Also, tiny tidbit, the Ubuntu Desktop team completely shutdown the ubuntu desktop mailing list and moved to discourse. We get so much more engagement with the community now. Especially as we use Ubuntu SSO for sign on.
Re: Discourse
I asked Greg from Fedora who has led their change away from mailing lists onto Discourse. gwmngilfen: over in KDE land the discussion about Discourse continues with queries about whether running in a Docker is a good idea (seems ideal to me but sysadmins disagree) and if there's any security concerns any insight? i'm largely with you it does make things very easy to manage with respect to rebuilding the app if needed, and i'm not sure what your security implications might be, assuming the box is appropriately secured (we only open 443, 22, and 25 to recieve mail) also if discourse itself is compromised, does it not follow that docker would be more secure, since you;d also have to escape the container? -*- gwmngilfen doesn't know that for certain but it seems logical
Re: Discourse
On Tue, Dec 4, 2018 at 1:31 PM Luca Beltrame wrote: > > Il giorno Tue, 4 Dec 2018 12:48:48 +0100 > Harald Sitter ha scritto: > > > OTOH I also don't understand how the current spam protection works. Do > > we maintain a list of blacklisted words? Because from what I > > understand discourse has that built in. Along with blocking by IP. > > Yeah, it works something like that. I don't know if it is connected to > stopforumspam (nor if stopforumspam actually exists anymore), but it > does "flag" messages on words, number of posts, etc. Moderators then > can inspect the flagged messages. > > The current nice thing (but that's to workaround a huge deficiency of > the UI in phpBB - perhaps it has changed in recent versions) is that it > also offers a one-click ban that bans the user and wipes all the posts > by the same user in one fell swoop. If there's nothing additional I think all of what we have currently is already supported out of the box in discourse: - filters - easy nuking; looks like this apparently: https://meta.discourse.org/t/new-user-deleted-for-spam-posts/53647/2 On top of that I also found something else: limited new user abilities through a trust level system; I would actually encourage forum staff to read up on this feature [1] as it sounds like something that could be super nice in practice. It also plays a part in the spam protection story. (also see wiki page for some info on that entire feature set [2]) [1] https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/ [2] https://community.kde.org/Infrastructure/Evaluation/Discourse#Anti-Spam HS
Re: Discourse
Il giorno Tue, 4 Dec 2018 12:48:48 +0100 Harald Sitter ha scritto: > OTOH I also don't understand how the current spam protection works. Do > we maintain a list of blacklisted words? Because from what I > understand discourse has that built in. Along with blocking by IP. Yeah, it works something like that. I don't know if it is connected to stopforumspam (nor if stopforumspam actually exists anymore), but it does "flag" messages on words, number of posts, etc. Moderators then can inspect the flagged messages. The current nice thing (but that's to workaround a huge deficiency of the UI in phpBB - perhaps it has changed in recent versions) is that it also offers a one-click ban that bans the user and wipes all the posts by the same user in one fell swoop. pgpRravQAkewA.pgp Description: Firma digitale OpenPGP
Re: Discourse
I've started a wiki page. I encourage people to chip in. https://community.kde.org/Infrastructure/Evaluation/Discourse HS
Re: Discourse
On Tue, Dec 4, 2018 at 12:03 PM Luca Beltrame wrote: > > Il giorno Tue, 4 Dec 2018 11:58:27 +0100 > Harald Sitter ha scritto: > > > > Is it Akismet in name, or uses the service? > > I am not sure what that means I am afraid. > > Akismet is a (non-Free) antispam service used originally by > Wordpress.com, optionally self-hosted WP, but now used also by other > software. It looks, from the name, that this plugin interrogates > Akismet. IIRC only "personal" usage used to be free (but I haven't been > checking in years, so this might be all wrong). Aha! "Akismet is a well known service that has an algorithm for detecting spam. Akismet is NOT free for commerical use, but can be for personal use. To use this plugin you will need an Akismet API key. You can get a key by starting out here." https://github.com/discourse/discourse-akismet So, yeah, no goody. OTOH I also don't understand how the current spam protection works. Do we maintain a list of blacklisted words? Because from what I understand discourse has that built in. Along with blocking by IP. HS
Re: Discourse
Il giorno Tue, 4 Dec 2018 11:58:27 +0100 Harald Sitter ha scritto: > > Is it Akismet in name, or uses the service? > I am not sure what that means I am afraid. Akismet is a (non-Free) antispam service used originally by Wordpress.com, optionally self-hosted WP, but now used also by other software. It looks, from the name, that this plugin interrogates Akismet. IIRC only "personal" usage used to be free (but I haven't been checking in years, so this might be all wrong). pgpuK2filTJe7.pgp Description: Firma digitale OpenPGP
Re: Discourse
On Thu, Nov 29, 2018 at 5:41 PM Luca Beltrame wrote: > > Can you describe these workflows a bit? > > There is this https://www.discourse.org/plugins/akismet.html not sure > > Is it Akismet in name, or uses the service? I am not sure what that means I am afraid. > > it's sufficient though. One could always opt to write custom plugins > > The idea would be, if possible, to prevent the mistake made in the past > and use custom stuff only if absolutely necessary (that's what got us > in the current mess in the first place). I think we can all agree on not wanting anymore unmaintained code :) HS