Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to Digital Man on Fri Sep 25 2020 09:24 pm

Re: Bullsh*t Bulletins - Support for msg?
By: Digital Man to echicken on Fri Sep 25 2020 10:19 am

Some other codes (MENU, TYPE, INCLUDE) could screw up the display as
well, while others (EXEC, JS) could be downright "dangerous".

Good point. @-codes in a user-supplied content are a security issue. And not a small one.

There's an interesting "silver lining" to what I found - the coding I copied over doesn't appear to be handling those codes properly. For example, the CLS did nothing, nor did the control code for "hit any key" that were in the .MSG files I copied over from the system default bulletins.

Yeah, I think that's just for technical reasons, not security. Frame.js is for a non-scrolling BBS experience, so CLS, PAUSE, and many other @-codes don't really make sense in that context.

That does raise an interesting question though - I'm assuming there is a layer of protection built into the default bulletin tool. What's the difference on that? Is it calling a different library?

BullsEye! bulletins only display files (not messages) and it assumes that the sysop either create the files or is in direct control of their content (and no one else is). BullsEye! calls the JS bbs.menu() function directly to display files - no intermediate JS library involved.

digital man

Synchronet/BBS Terminology Definition #19:
DM = Digital Man (Rob Swindell) or Dungeon Master
Norco, CA WX: 82.6�F, 45.0% humidity, 15 mph NE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Digital Man to Hatton on Fri Sep 25 2020 04:41 pm

Yeah, I think that's just for technical reasons, not security. Frame.js is for a non-scrolling BBS experience, so CLS, PAUSE, and many other @-codes don't really make sense in that context.

Fair point - I wonder if there should be an "exclude" list that filters out any dangerous commands. Actually...

BullsEye! bulletins only display files (not messages) and it assumes that the sysop either create the files or is in direct control of their content (and no one else is). BullsEye! calls the JS bbs.menu() function directly to display files - no intermediate JS library involved.

The way I had intended to use BS was by making use of the local message area that only SYSOP user(s) would have access to. That's how echicken has it set up in the docs. Those posts and the fixed files that I ported over from BullsEye!

I know I had initially floated the idea of setting up multiple message areas and pointing one to a network driven announcement area but I scrapped that concept on the very valid concerns that ec raised in that first reply.

At this point I haven't even *tried* to bring in the message base posts for the bulletins. That's the next step.

Hatton

... Curiosity killed the cat, but for a while I was a suspect.

---
� Synchronet � Three Corners and Beyond! http://3corners.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to Digital Man on Sat Sep 26 2020 04:03 am

Re: Bullsh*t Bulletins - Support for msg?
By: Digital Man to Hatton on Fri Sep 25 2020 04:41 pm

Yeah, I think that's just for technical reasons, not security. Frame.js is for a non-scrolling BBS experience, so CLS, PAUSE, and many other @-codes don't really make sense in that context.

Fair point - I wonder if there should be an "exclude" list that filters out any dangerous commands. Actually...

I think its best to consider all @-codes as "dangerous".

BullsEye! bulletins only display files (not messages) and it assumes that the sysop either create the files or is in direct control of their content (and no one else is). BullsEye! calls the JS bbs.menu() function directly to display files - no intermediate JS library involved.

The way I had intended to use BS was by making use of the local message area that only SYSOP user(s) would have access to. That's how echicken has it set up in the docs. Those posts and the fixed files that I ported over from BullsEye!

I know I had initially floated the idea of setting up multiple message areas and pointing one to a network driven announcement area but I scrapped that concept on the very valid concerns that ec raised in that first reply.

At this point I haven't even *tried* to bring in the message base posts for the bulletins. That's the next step.

Yeah, I think the way that BS is used, @-codes are likely safe. I think the "problem" that ec was trying to point out: frame.js is used by other modules where the parsing/expansion of @-codes might not actually be safe. So enabling it for *all* uses of frame.js is probably not a good idea.

digital man

This Is Spinal Tap quote #42:
What day the Lord created Spinal Tap and couldn't he have rested on that day? Norco, CA WX: 68.6�F, 76.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Digital Man to Hatton on Fri Sep 25 2020 09:16 pm

Yeah, I think the way that BS is used, @-codes are likely safe. I think the "problem" that ec was trying to point out: frame.js is used by other modules where the parsing/expansion of @-codes might not actually be safe. So enabling it for *all* uses of frame.js is probably not a good idea.

Makes complete sense, especially since frame.js could be considered a good use of "portable" code.

I think what happened was that I introduced a new use-case for BS. I don't want to present my users with two distinct bulletin systems (BullsEye! and BS). At the same time I like the dynamic content presentation concept of BullsEye! and the message-board driven aspect of BS.

If this were to push out to other SysOps, would this then warrant a different "split" of frame.js? Or am I the only one looking at this concept and saying, "hey, this is cool!"?

Also, please forgive the grammar - it's late and I've had a few drinks. Spellcheck can only go so far :)

Hatton

... Chuck Norris can have his cake and eat it too.

---
� Synchronet � Three Corners and Beyond! http://3corners.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to Digital Man on Sat Sep 26 2020 06:36 am

Re: Bullsh*t Bulletins - Support for msg?
By: Digital Man to Hatton on Fri Sep 25 2020 09:16 pm

Yeah, I think the way that BS is used, @-codes are likely safe. I think the "problem" that ec was trying to point out: frame.js is used by other modules where the parsing/expansion of @-codes might not actually be safe. So enabling it for *all* uses of frame.js is probably not a good idea.

Makes complete sense, especially since frame.js could be considered a good use of "portable" code.

I think what happened was that I introduced a new use-case for BS. I don't want to present my users with two distinct bulletin systems (BullsEye! and BS). At the same time I like the dynamic content presentation concept of BullsEye! and the message-board driven aspect of BS.

If this were to push out to other SysOps, would this then warrant a different "split" of frame.js? Or am I the only one looking at this concept and saying, "hey, this is cool!"?

It probably should just be a new method or argument flag in frame.js, so that other apps/consumers of the frame.js library don't automatically inherit this capability without understanding its risks.

Also, please forgive the grammar - it's late and I've had a few drinks. Spellcheck can only go so far :)

No problem!

digital man

Rush quote #32:
Begging hands and bleeding hearts will only cry out for more
Norco, CA WX: 64.6�F, 89.0% humidity, 1 mph SSE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to Digital Man on Sat Sep 26 2020 06:36:23

If this were to push out to other SysOps, would this then warrant a different "split" of frame.js?

No. It would require some new functionality in frame.js, but not another version. We'd just want to make sure it's handling certain @ codes properly, and probably make it disallow other ones altogether.

One of the problems is the integrity of the display. Frame needs to know what exists in each character cell on the screen at any one time, and (maybe) where the cursor currently is. Certain @ codes might pull
the rug out from under it, but that can be accounted for.

Say you load a .txt file which includes @exec:irc.js@. Frame has no idea that the entire contents of the screen have been obliterated by an IRC client and needs to be redrawn after that script exits.

Suppose it doesn't execute irc.js but some other script that potentially screws up your BBS.

So we need to filter out the 'exec' @-code and maybe others, or have a switch that disables them by default. It'll just take a bit of work.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: echicken to Hatton on Sat Sep 26 2020 02:56 pm

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to Digital Man on Sat Sep 26 2020 06:36:23

If this were to push out to other SysOps, would this then warrant a different "split" of frame.js?

No. It would require some new functionality in frame.js, but not another version. We'd just want to make sure it's handling certain @ codes properly, and probably make it disallow other ones altogether.

One of the problems is the integrity of the display. Frame needs to know what exists in each character cell on the screen at any one time, and (maybe) where the cursor currently is. Certain @ codes might pull
the rug out from under it, but that can be accounted for.

Say you load a .txt file which includes @exec:irc.js@. Frame has no idea that the entire contents of the screen have been obliterated by an IRC client and needs to be redrawn after that script exits.

Suppose it doesn't execute irc.js but some other script that potentially screws up your BBS.

So we need to filter out the 'exec' @-code and maybe others, or have a switch that disables them by default. It'll just take a bit of work.

Also, you wouldn't want all existing consumers of frame.js to suddenly grow the @-code expansion feature, for security reasons. It should be an opt-in for the application scripts.

digital man

Synchronet "Real Fact" #9:
The name "DOVE-Net" comes from: The Beast's DOmain / VErtrauen network.
Norco, CA WX: 84.5�F, 46.0% humidity, 8 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: echicken to Hatton on Tue Sep 22 2020 10:10 pm

Greetings,

Ive just installed bullshit, I followed the suggested setup instructions and it appears to run just fine. However the message area I associated with it doesnt seem to show up on the bullshit menu when i post a message in it.. Any thing I could look at to hunt the problem?

Nitro
--
Regards,

Nitro

Rick

... When a man brings his wife flowers for no reason - there's a reason.
--- SBBSecho 3.11-Linux
* Origin: The Wormhole II BBS --> wh2.abon.us:2321 (1:340/203)

Re: Bullsh*t Bulletins - Support for msg?
By: Nitro to echicken on Fri Oct 09 2020 21:11:22

Ive just installed bullshit, I followed the suggested setup instructions and it appears to run just
fine. However the message area I associated with it doesnt seem to show up on the bullshit menu when
i post a message in it.. Any thing I could look at to hunt the problem?

The message area itself shouldn't be listed anywhere, only the messages that it contains.

Someone else is complaining of a similar problem, so there's probably a bug. I'll have a look at it sometime in the next couple of days and see what I can do.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Greetings echicken!

Saturday October 10 2020 18:00, you wrote to Nitro about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Nitro to echicken on Fri Oct 09 2020 21:11:22

The message area itself shouldn't be listed anywhere, only the
messages that it contains.

Yes ok, I was only expecting to see the post..

Someone else is complaining of a similar problem, so there's probably
a bug. I'll have a look at it sometime in the next couple of days and
see what I can do.

One thing I did notice is after following your instructions is that in scfg message areas where I did the message area setup I called the intenal part as BULLSHIT like written, and when exiting out it displays it as Local-BULLSHIT is that a problem?



----
Regards,


Rick Smith (Nitro)

... Wildcat! is to BBSing what an Etch-a-sketch is to ART!
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sat Oct 10 2020 09:19 pm

Greetings echicken!

Saturday October 10 2020 18:00, you wrote to Nitro about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Nitro to echicken on Fri Oct 09 2020 21:11:22

The message area itself shouldn't be listed anywhere, only the
messages that it contains.

Yes ok, I was only expecting to see the post..

Someone else is complaining of a similar problem, so there's probably
a bug. I'll have a look at it sometime in the next couple of days and see what I can do.

One thing I did notice is after following your instructions is that in scfg message areas where I did the message area setup I called the intenal part as BULLSHIT like written, and when exiting out it displays it as Local-BULLSHIT is that a problem?

In that case, Local-BULLSHIT is the actual internal code of the message base and that is the string you'll need to put in the messageBase value of your bullshit/bullshit.ini file.

digital man

Sling Blade quote #10:
Morris: I stand on the hill, not for thrill, but for the breath of a fresh kill Norco, CA WX: 62.3�F, 88.0% humidity, 1 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sat Oct 10 2020 21:19:28

I made a change to bullshit yesterday which might help. Please try updating and let me know if it's fixed.

One thing I did notice is after following your instructions is that in scfg message areas where I
did the message area setup I called the intenal part as BULLSHIT like written, and when exiting out
it displays it as Local-BULLSHIT is that a problem?

The messageBase setting in bullshit.ini should be whatever shows up for Internal Code when looking at your bulletins Sub-Board in scfg. You can give the Sub-Board whatever name and Internal Code you want.

On my system, the "Bulletins" Sub-Board belongs to a Message Group called "Local", which has an Internal Code Prefix of "LOCAL_". Consequently, the Internal Code for my "Bulletins" Sub-Board is "LOCAL_BULLETIN", so in bullshit.ini I have:

messageBase = LOCAL_BULLETIN

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: echicken to Rick Smith on Sun Oct 11 2020 12:48 pm

On my system, the "Bulletins" Sub-Board belongs to a Message Group called "Local", which has an Internal Code Prefix of "LOCAL_". Consequently, the Internal Code for my "Bulletins" Sub-Board is "LOCAL_BULLETIN", so in bullshit.ini I have:

messageBase = LOCAL_BULLETIN

I couldn't get the message board portion of this working on my setup either.

Hatton

... The world looks as if it has been left in the custody of trolls.

---
� Synchronet � Three Corners and Beyond! http://3corners.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Greetings echicken!

Sunday October 11 2020 12:48, you wrote to me about an urgent matter!:

* Forwarded from area 'sync_sysops'
Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sat Oct 10 2020 21:19:28

I made a change to bullshit yesterday which might help. Please try updating and let me know if it's fixed.

The messageBase setting in bullshit.ini should be whatever shows up
for Internal Code when looking at your bulletins Sub-Board in scfg.
You can give the Sub-Board whatever name and Internal Code you want.

On my system, the "Bulletins" Sub-Board belongs to a Message Group
called "Local", which has an Internal Code Prefix of "LOCAL_". Consequently, the Internal Code for my "Bulletins" Sub-Board is "LOCAL_BULLETIN", so in bullshit.ini I have:

messageBase = LOCAL_BULLETIN

Thank you for your reply... I did try exactly that.. I even added some files as directed in the docs and they dont show up either a .txt file and a .msg although I see that is not supported as of yet.. but neither displayed.. I must have done something else wrong or missed something, Ill keep searching..


----
Regards,


Rick Smith (Nitro)

... Ura BBS addict when you consider BBSing better than coffee
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Greetings echicken!

Sunday October 11 2020 12:48, you wrote to me about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sat Oct 10 2020 21:19:28

The messageBase setting in bullshit.ini should be whatever shows up
for Internal Code when looking at your bulletins Sub-Board in scfg.
You can give the Sub-Board whatever name and Internal Code you want.

On my system, the "Bulletins" Sub-Board belongs to a Message Group
called "Local", which has an Internal Code Prefix of "LOCAL_". Consequently, the Internal Code for my "Bulletins" Sub-Board is "LOCAL_BULLETIN", so in bullshit.ini I have:

I was able to get files to show up in bullshit so that completely works.. I had to rework the dovenet txt from bullseye file in did some weird word wrap to the original document, but all is well there... Message base ive recheck and confirmed settings so that is still a mystery I guess.

Thank you for your help with this it is appreciated


----
Regards,


Rick Smith (Nitro)

... BBSing is fun, isn't it?
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sun Oct 11 2020 11:58 am

Thank you for your reply... I did try exactly that.. I even added some files as directed in the docs and they dont show up either a .txt file and a .msg although I see that is not supported as of yet.. but neither displayed.. I must have done something else wrong or missed something, Ill keep searching..

I've been able to get files to show on Final Zone, but I too have not at all been able to get a message group showing.
_____
Kurisu Yamato
www.xadara.com

---
� Synchronet � Final Zone BBS - finalzone.ddns.net - www.xadara.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to echicken on Sun Oct 11 2020 18:16:52

I couldn't get the message board portion of this working on my setup either.

It would probably work now if you updated and tried again. I fixed a pretty silly bug yesterday.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sun Oct 11 2020 11:58:22

I made a change to bullshit yesterday which might help. Please try
updating and let me know if it's fixed.

Thank you for your reply... I did try exactly that.. I even added some files as directed in the docs
and they dont show up either a .txt file and a .msg although I see that is not supported as of yet..
but neither displayed.. I must have done something else wrong or missed something, Ill keep
searching..

Did you try updating as suggested? I would expect it to list messages now.

I think .txt and .msg files should be supported as of a few weeks ago.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: echicken to Hatton on Sun Oct 11 2020 10:14 pm

It would probably work now if you updated and tried again. I fixed a pretty silly bug yesterday.

Going to run the update tonight, thanks!

Hatton

... Failure is a measurement that depends on the standard applied.

---
� Synchronet � Three Corners and Beyond! http://3corners.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Bullsh*t Bulletins - Support for msg?
By: Hatton to echicken on Mon Oct 12 2020 03:25 am

I ran the update and pulled in the new file. The Message base reading works now but I immediately noticed something odd.

I have 3 "static" (file-based) bulletins referenced in my INI file and then the message board.

When I enabled the "newOnly" flag, only the test bulletin message I posted appeared in the list of available bulletins. It appears that the flag impacts both the message based bulletins as well as the file based ones.

I'm not looking for a coding change on this, just to make sure I understand the expected operations. If the newOnly flag is set it seems that all bulletins would need to come from the message base.

Alternately if I wanted to mix files and messages I'd need to have the flag turned off and delete bulletin messages that are no longer relevant.

Am I seeing that right?

Thanks!
Hatton

... I got a new shadow. My last shadow wasn't doing what I was doing.

---
� Synchronet � Three Corners and Beyond! http://3corners.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Greetings echicken!

Sunday October 11 2020 22:17, you wrote to me about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Sun Oct 11 2020 11:58:22

Did you try updating as suggested? I would expect it to list messages
now.

I was not certain how to "update" so I downloaded the new version and just copied that new file into bullshit's directory and I am happy to report that it now sees messages written in the linked message area. Files work too, I have not tested .msg so I can not report on that.. But all is well here now... Thank you..


----
Regards,


Rick Smith (Nitro)

... BBSing is a Maalox Moment.
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Mon Oct 12 2020 06:16:36

message area. Files work too, I have not tested .msg so I can not report on that.. But all is well
here now... Thank you..

You'll need an up-to-date copy of exec/load/frame.js in order for .asc/.msg loading to work, otherwise you'll be limited to .ans or .txt files.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Greetings echicken!

Monday October 12 2020 13:09, you wrote to me about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Mon Oct 12 2020 06:16:36

message area. Files work too, I have not tested .msg so I can not
report on that.. But all is well here now... Thank you..

You'll need an up-to-date copy of exec/load/frame.js in order for .asc/.msg loading to work, otherwise you'll be limited to .ans or .txt files.

Can I ask a ? I probably already know? I assume there is a way to just pull all updates down?

----
Regards,


Rick Smith (Nitro)

... I don't do drugs...BBSing is my escape from reality
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Mon Oct 12 2020 12:01 pm

Greetings echicken!

Monday October 12 2020 13:09, you wrote to me about an urgent matter!:

Re: Bullsh*t Bulletins - Support for msg?
By: Rick Smith to echicken on Mon Oct 12 2020 06:16:36

message area. Files work too, I have not tested .msg so I can not
report on that.. But all is well here now... Thank you..

You'll need an up-to-date copy of exec/load/frame.js in order for .asc/.msg loading to work, otherwise you'll be limited to .ans or .txt files.

Can I ask a ? I probably already know? I assume there is a way to just pull all updates down?

http://wiki.synchro.net/install:dev

digital man

This Is Spinal Tap quote #30:
Big bottom, big bottom / Talk about mud flaps, my girl's got 'em!
Norco, CA WX: 96.2�F, 18.0% humidity, 4 mph SE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

didn't see this thread until now but a limited set of at codes are now officially supported, you'll need to pull down the latest version of frame.js and bullshit.js

---
￭ Synchronet ￭ Inner Realm BBS - Charlotte, NC - innerrealmbbs.us
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)