Group Details Private

Community Representatives

Users helping the NodeBB team spread the word!

  • RE: May Docker Discussion

    @xenforum said in May Docker Discussion:

    I'll definitely be using nodeBB in Docker if I end up going with that.

    Like this, it would make dabbling with it more approachable for less technical users (not suggesting that @xenforum is less technical), but docker-compose up is much easier than, at minimum,

    • install node (from nodejs.org? nvm? apt-get? brew?)
    • clone NodeBB repo
    • install Mongo / redis / Postgres (again, multiple ways to do this)
    • run npm install (hopefully not with sudo)
    • run install script
    • (maybe even) install and configure nginx.

    The only thing running in docker makes more difficult is developing plugins. I can't house the plugin repo from within node_modules because for all intents and purposes, the stuff in node_modules is ephemeral, and you can't symlink from outside the NodeBB root because of the way Docker context works.

    posted in Feature Requests
  • RE: May Docker Discussion

    @julian said in May Docker Discussion:

    Case in point https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system

    Ouch...!

    This article is pure FUD; it's like saying that because a car thief can open your door right after you unlock it and before you get in, all of the locks and the car alarm are useless.

    From one of the paragraphs near the end:

    This scenario would only be possible if the container was already compromised and a user was using 'docker cp' to replicate the container files and occurred at the same time the copy was being made, a window that is only a few milliseconds.

    There were some other, more prominent articles describing root exploits by attaching the docker socket into the container, a scenario which is both unnecessary and uncommon (it would only be used if you're trying to run Docker in Docker).

    So while it's not bullet proof (I mean, what technology really is?), it's more secure than installing a random package from the internet with sudo npm install

    posted in Feature Requests
  • RE: May Docker Discussion

    @scottalanmiller said in May Docker Discussion:

    @Bri said in May Docker Discussion:

    But that’s what Docker brings to the table that no one else has done (as consumer friendly) yet: containerization on the desktop.

    Does it really do that? I can containerize with Snap, Flatpak, LXC, etc. on the desktop just the same, unless I am missing some feature. What does Docker do that I didn't already have?

    Yes, but I'm only coming from the perspective of development experience. Admittedly, I haven't tried any of the things you mentioned, but a cursory search shows that:

    • Snap doesn't work on windows yet
    • flatpak appears to only work on Linux distros
    • Docker is a high level abstraction of LXC, which again only works on Linux kernels

    So how much work do you think it would take to get this to work on both Windows (your preferred development machine) and macOS?

    You could just give a Linux VM image to devs, or make them dev on a Linux machine, but I've worked that way before (in a VM) and I hated it. Docker has by far been the most portable and reproducible solution for development work that I've experienced.

    posted in Feature Requests
  • RE: How to start a nodebb forum in production?

    It would be easiest (and cheapest) to host both on the same machine for starting out.

    posted in General Discussion
  • RE: nodebb Watchdog

    @scottalanmiller has done some great scaling of this platform, he may have some pointers

    posted in NodeBB Development
  • RE: DO's Firewalls

    @omega said in DO's Firewalls:

    Digitalocean offer firewall management. I am not sure how this compares to onboard,

    It's an additional protection, not an alternative protection. DO's firewall is the same as any normal LAN edge firewall.

    posted in Technical Support
  • RE: node process CPU usage rises to 100

    @Sandeep-Bhuiya said in node process CPU usage rises to 100:

    This is because probably you're in ddos attack, kindly opt for good ddos protection or use nginx and configure and block those ddos.

    This can't really be the issue. It has to be some process spinning trying to do some action for the dashboard.

    posted in Technical Support
  • RE: Reducing SPAM Posts, But Minimizing False Positives

    @Cookie said in Reducing SPAM Posts, But Minimizing False Positives:

    Disabled "About me" and "Signature" profile elements as the "Spam Be Gone" plugin does not check these

    This, I feel, will help us a lot. We have a lot of bots using this vector and really see essentially no legitimate usage of it.

    posted in General Discussion
  • RE: Reducing SPAM Posts, But Minimizing False Positives

    @crazycells said in Reducing SPAM Posts, But Minimizing False Positives:

    @scottalanmiller we have turned "post queue" on for this purpose.

    Settings > Post > New User Restrictions

    we have set the reputation threshold to 1 , so when a real person joins in we can just give him one upvote and he should be cleared. If not, then we either block or delete them.

    I have requested from @baris to add post queue option only for the first post of new users, I believe he already added to the next version. So, wait for it 🙂

    Additionally, we have Spam-Be-Gone plugin and using actively Re-Captcha by Google at the registration. This might also help to you.

    We also have "StopForumSpam" and "Honeypot" keys in Spam-Be-Gone plugin... but I cannot tell 100% if they are acting or not...

    Good luck!

    I like this idea, but because of the style forum that we are (technical peer review, which often means help in an emergency) we are very hesitant to add any form of delay as that could cause new members to turn away. My current stance is while spam sucks, losing new members sucks more. We clean up the spam very quickly and leave no trace, so the long term ramifications are pretty small.

    posted in General Discussion