topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 5:26 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: ServerFault.com  (Read 10795 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
ServerFault.com
« on: June 03, 2009, 01:42 AM »
For those of you who don't read CodingHorror (start NOW!), Joel Spolsky and Jeff Atwood have just released StackOverflow's sister site, ServerFault.com to the public. This site uses the same engine as StackOverflow, except it's geared toward sysadmins. Very awesome stuff. There is, of course, already a sysadmin jokes thread.

fault.jpg

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: ServerFault.com
« Reply #1 on: June 03, 2009, 01:50 AM »
For those of you who don't read CodingHorror (start NOW!)
Yeah, it's a great laugh seeing "Jeff discovers <X>, implementing it wrong" :Thmbsup:
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #2 on: June 03, 2009, 06:28 PM »
Anyway...

<RANT WARNING, RANT WARNING>

Typically I totally avoid web 2.0 completely, but ServerFault sounds like (and is) a really great site. Having said that, I've found a few things that piss me off about this site (and its attempt at being web 2.0) that I just can't keep to myself.

  • Forcing OpenID is just plain retarded, and massively out of touch. Surely any technically competent person knows this technology is going in exactly the wrong direction.
  • Using gravatar for avatars exclusively? Sucks!!
  • Reinventing bbcode for no apparent reason whatsoever? Made of suck!!
  • The number of restrictions and CAPTCHAs placed on new users? Made of lots of suck.
  • Using AJAX to update everything except the front page? Priceless.

Not only did I have to get an OpenID to join this site (until someone explains to me just how this shit is supposed to work, and just what is supposed to happen when your account is breached, I consider it a MASSIVE dickhead technology), but if I want my pic on the site, I need to sign up to another friggin site? One would think 3 ad blocks on every page would buy you some space on your server, especially considering your avatar is 32x32.

</RANT WARNING, RANT WARNING>

HOWEVER, I am very much enjoying contributing to the site. I managed to earn two badges and 100 rep in around 2 hours on the site, which makes me feel like my contribution is appreciated and brings me back to help out more. I do like the way they've made certain everyone understand what the site is for, and the question/answer model that would eventually crumble in a typical forum architecture. My vote is a yay, but only because the site is based on a well formed concept.

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: ServerFault.com
« Reply #3 on: June 03, 2009, 06:53 PM »
If more sites supported OpenID and gravatar, it would be a really nifty thing - I'm tired of maintaining passwords for a zillion sites (and damned if I use the same multiple sites, considering how many places use unsafe password storing practices!), and having to upload an avatar multiple places sucks as well. IMHO forcing these two isn't such a bad idea, and I wish more places would do so to get the technology spread.

But yeah, having to get an OpenID + gravatar account for just one site kinda sucks. And while OpenID single-signon is a really nice thing, I am also a bit concerned about the security implications. Definitely wouldn't use it for stuff like paypal or amazon to begin with.

And yup, reinventing bbcode is silly - especially because they (knowing Jeff's technical expertise) probably use regular expressions for parsing it ;)
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #4 on: June 03, 2009, 08:11 PM »
If more sites supported OpenID and gravatar, it would be a really nifty thing - I'm tired of maintaining passwords for a zillion sites (and damned if I use the same multiple sites, considering how many places use unsafe password storing practices!)
And here you are recommending the use of a single site to authenticate you on multiple sites.... I'm not sure being a bit concerned describes how I feel about it.

Still, I'm not saying this is all a bad idea, but forcing each of them on every single user is a little excessive IMHO.

Ehtyar.


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: ServerFault.com
« Reply #5 on: June 04, 2009, 01:14 AM »
If more sites supported OpenID and gravatar, it would be a really nifty thing - I'm tired of maintaining passwords for a zillion sites (and damned if I use the same multiple sites, considering how many places use unsafe password storing practices!)
And here you are recommending the use of a single site to authenticate you on multiple sites.... I'm not sure being a bit concerned describes how I feel about it.
:)

It's a bit of a double-edged sword. I'd be comfortable using it for non-critical stuff like forums and blogs, though. For anything more critical, I'd like some pretty specific details on how the OpenID vendor is keeping my information safe... and I'd want to read up closely on how the whole thing works.

Still, I'm not saying this is all a bad idea, but forcing each of them on every single user is a little excessive IMHO.
How else would you achieve 'market penetration'? :)
- carpe noctem

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #6 on: June 04, 2009, 06:33 PM »
Typically I totally avoid web 2.0 completely, but ServerFault sounds like (and is) a really great site. Having said that, I've found a few things that piss me off about this site (and its attempt at being web 2.0) that I just can't keep to myself.

  • Forcing OpenID is just plain retarded, and massively out of touch. Surely any technically competent person knows this technology is going in exactly the wrong direction.
  • Using gravatar for avatars exclusively? Sucks!!
  • Reinventing bbcode for no apparent reason whatsoever? Made of suck!!
  • The number of restrictions and CAPTCHAs placed on new users? Made of lots of suck.
  • Using AJAX to update everything except the front page? Priceless.

Answer: Jeff Atwood :P

On OpenID requirement:

The important thing to take away from this, if you're a programmer working on an application that stores user credentials, is to get the hell out of the business of storing user credentials! As we've seen today, the world is full of stupid users like me who do incredibly stupid things. Are you equipped and willing do everything necessary to protect idiots like me from myself? That's a key part of the promise of OpenID, and one of the reasons we chose it as the authentication system for Stack Overflow.

On Gravatar:

  Let someone else host the avatars :D. This collides with the concerns he expressed about depending on external services (Akismet), but whatever.

On BBCode:

With BBCode, if the user enters HTML you blow it away with extreme prejudice -- it's encoded, without exceptions. Easy. No thinking and barely any code required.

Since we use Markdown, we don't have that luxury. Like it or not, we are now in the nasty, brutish business of distinguishing "good" HTML markup from "evil" HTML markup. That's hard. Really hard. Dare and Jon are right to question the competency and maybe even the sanity of any developer who willingly decided to bite off that particular problem.

On restrictions and CAPTCHAs:

  IIRC, Jeff wasn't a big believer in CAPTCHA, but seeing how he removed the famous "orange" method and opted for reCAPTCHA, I suppose it's done to avoid system abuse.

And yup, reinventing bbcode is silly - especially because they (knowing Jeff's technical expertise) probably use regular expressions for parsing it ;)

And f0dder hits the jackpot!

Also, apparently everyone who can tell Mark Russinovich from a photo should be interested in the site. What's more, he/she must be a system administrator ;D

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #7 on: June 04, 2009, 06:54 PM »
I do have to say this was not intended personally. I listen to the StackOverflow podcast religiously, and I very much enjoy his work on that.
On OpenID requirement:

The important thing to take away from this, if you're a programmer working on an application that stores user credentials, is to get the hell out of the business of storing user credentials! As we've seen today, the world is full of stupid users like me who do incredibly stupid things. Are you equipped and willing do everything necessary to protect idiots like me from myself? That's a key part of the promise of OpenID, and one of the reasons we chose it as the authentication system for Stack Overflow.
While I do understand the point he makes with regard to storing user credentials, you cannot tell me there are not solid and well proven frameworks in just about every language under the sun for storing user credentials securely. Where people become unstuck is when they decide to roll their own and inevitably screw it up. Lazyness.

On Gravatar:

  Let someone else host the avatars :D. This collides with the concerns he expressed about depending on external services (Akismet), but whatever.
Spectacular lazyness, and cheapness. He's also having us sign up to yet another service, which is rather irresponsible/hypocritical given his standing on storing user credentials...

On BBCode:

With BBCode, if the user enters HTML you blow it away with extreme prejudice -- it's encoded, without exceptions. Easy. No thinking and barely any code required.

Since we use Markdown, we don't have that luxury. Like it or not, we are now in the nasty, brutish business of distinguishing "good" HTML markup from "evil" HTML markup. That's hard. Really hard. Dare and Jon are right to question the competency and maybe even the sanity of any developer who willingly decided to bite off that particular problem.
I'm not sure I followed this one correctly, but it sounds like he's saying BBCode is the only sane alternative to letting your users put html in their posts. That is most definately correct, but it does not explain, nor justify, his development of a completely new syntax for his BBCode. One that makes substantially less sense than the kind we're all familiar with, I might add.

On restrictions and CAPTCHAs:

IIRC, Jeff wasn't a big believer in CAPTCHA, but seeing how he removed the famous "orange" method and opted for reCAPTCHA, I suppose it's done to avoid system abuse.

And yup, reinventing bbcode is silly - especially because they (knowing Jeff's technical expertise) probably use regular expressions for parsing it ;)
Not sure of your point here Lash Man. CAPTCHAs are fine, but not when you have to fill one out for your first 10 comments and votes. Just silly. If they're having such massive SPAM problems, get more moderators on board.

Ehtyar.

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #8 on: June 04, 2009, 07:36 PM »
I do have to say this was not intended personally. I listen to the StackOverflow podcast religiously, and I very much enjoy his work on that.

Sure. I'm an avid reader of Coding Horror as well, partly because the guy is an skilled blogger, and partly because he usually talks about something interesting, but I thought some of the issues you point can be explained by certain Jeff's posts. That said, Stack Overflow is not only him, so that would explain the extreme contrast between things he said and how things were implemented in the site.

While I do understand the point he makes with regard to storing user credentials, you cannot tell me there are not solid and well proven frameworks in just about every language under the sun for storing user credentials securely. Where people become unstuck is when they decide to roll their own and inevitably screw it up. Lazyness.

Well, it also lines up nicely with his disdain for having several user credentials in the web. While it's the first site I have encountered to require OpenID, at least they have several providers to choose from. I'm not exactly sure about that wrong direction you say OpenID is going, but while the idea is certainly nice, the execution is weird to say the least, and I don't think that most users really care about the whole thing. Even now, that everyone and their dog is jumping on board, including (gasp!) Microsoft, it's becoming more irrelevant each passing day due to various reasons (browsers and passwords managers doing a "good" job storing different credentials, the vast majority of users not having that many passwords and logins to remember, etc.)

Spectacular lazyness, and cheapness. He's also having us sign up to yet another service, which is rather irresponsible/hypocritical given his standing on storing user credentials...

Perhaps they reached the conclusion that many people would already have a Gravatar account (giving how essential is for blogs and the like), who knows.

I'm not sure I followed this one correctly, but it sounds like he's saying BBCode is the only sane alternative to letting your users put html in their posts. That is most definately correct, but it does not explain, nor justify, his development of a completely new syntax for his BBCode. One that makes substantially less sense than the kind we're all familiar with, I might add.

Yup. I googled a bit about Markdown, which is another light markup language as BBCode as you may know, and it seems it does not offer XSS protection. Why they choose Markdown over BBCode? Dunno.

Not sure of your point here Lash Man. CAPTCHAs are fine, but not when you have to fill one out for your first 10 comments and votes. Just silly. If they're having such massive SPAM problems, get more moderators on board.

Ooops, sorry about that, looks like I mixed thoughts. Then it's also probably done to avoid sock puppetry, and avoid giving yourself some extra points. That said, it's not that CAPTCHAs would be such an effective dissuasive method.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: ServerFault.com
« Reply #9 on: June 30, 2009, 04:28 AM »
The reason they chose Markdown over BBCode is most likely because BBCode requires you to type like a coder, while Markdown requires you to type like a writer. There's a lot more people that can write than that can code.

And as things like avatar images are not essential it makes more sense to use a third party service.
« Last Edit: June 30, 2009, 04:40 AM by justice »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: ServerFault.com
« Reply #10 on: June 30, 2009, 10:19 AM »
The reason they chose Markdown over BBCode is most likely because BBCode requires you to type like a coder, while Markdown requires you to type like a writer. There's a lot more people that can write than that can code.
Pretty bad reason, imho.

StackOverflow and ServerFault both address pretty techy people. And besides, regular people don't seem to have much trouble learning bbcode (or using the "easy editors", like the smart little buttons SMF has).
- carpe noctem