NodeBB-Version: v1.10.2 (GitHub master)
Docker: 18.09.0, build 4d60db4
Language: German (de-DE)
Installation directory: /usr/src/app
When building a NodeBB docker image, following warning appear. Maybe it would be good if NodeBB would update these:
npm WARN deprecated firstname.lastname@example.org: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated email@example.com: This version is no longer maintained. Please upgrade to the latest version.
npm WARN deprecated firstname.lastname@example.org: This version is no longer maintained. Please upgrade to the latest version.
npm WARN deprecated email@example.com: This version is no longer maintained. Please upgrade to the latest version.
npm WARN lifecycle firstname.lastname@example.org~install: cannot run in wd email@example.com neon build >> build.log 2>&1 || exit 0 (wd=/usr/src/app/node_modules/benchpressjs/rust/benchpress-rs)
npm notice created a lockfile as package-lock.json. You should commit this file.
I'm trying to use the Cash Mod on my forum, however, the coin1 image does not seem to be appearing, as seen in the image below.
When I inspect the element, Nodebb seems to be searching for this path:
Is there a possible solution for version 0.6.0? Thank you.
Meanwhile I got it fixed. Apparently I had some problems with my browser (I mostly use a Chromebook) not showing certain items on screen and sometimes not giving feedback about saves. Seems to work fine with the current code :).
Regarding my security certificate: that is perfectly fine. It is not the safest certificate (which is a self-signed certificate contrary to what vendors try to tell you), but a free from CACERT. Since my site will be geared towards white-hat hackers, it is some kind of inside joke while at the same time scares away some spammers. Bit off-topic to explain the inside joke, but:
According to group thinking, certificates need a trusted third party to proof that an identity (e.g. your email, or a URL of a server) belongs to a person or a server. Those trusted third parties are the certificate authorities. An organised man-in-the-middle in a security protocol! Crazy! Especially since none of these authorities really can be trusted: many of them have been hacked, most of them are US based, in this post-Snowden era you already know who else has the private keys of those CA ... They even invented the more expensive EV-SLL ("enhanced validation") certificates, in fact admitting that before they didn't really validate an identity as documented in their own procedures. I once worked for a company that owned 3 of those certificate authorities. We were not even using the certificates internally ...
It is even worse. Not you" decide which certificate authority to trust, the browser vendors maintain a list, that is even different between the browser vendors. If they have that CA listed in the browser, you won't even see a warning. It costs for a certificate vendor about 50.000 USD to be "trusted" by the browser companies. When I see at the "trusted" CA list I notice a lot of malicious organisations yet they are trusted by the browsers. And mal-ware writers even know how to modify the list. A broken security model, or at least the implementation, yes ...
Personally I think we can fix the model, but keep all browser vendors and certificate authorities outside the picture. The first problem is to trust that a specific public key belongs to a person/server. The problem was distribution. Really? I can send/publicize my certificate in hundreds of ways (We-chat attachment, Weibo posting, Facebook posting, tweet, ...). It unfeasible to intercept/modify all possible communications for any government or malicious organisation even if you control my ISP. Maybe we can have something like bit-coin transactions, certificate validated if X third parties agree ...
DO not even get me started about the current OpenSSL issues :).