search

Rotonde / rotonde-client

Rotonde Base Client
https://client-neauoire.hashbase.io/
MIT License
227 stars 49 forks source link

Bug: Quotes can be altered #28

Open ljcooke opened 7 years ago

ljcooke commented 7 years ago

After quoting someone, the content of the quote can be changed by editing portal.json. For example:

    {
      "message": "wow if true",
      "timestamp": 1508357434029,
      "target": "dat://2f21e3c122ef0f2555d3a99497710cd875c7b0383f998a2d37c02c042d598485/",
      "ref": "62",
      "quote": {
        "message": "[something scandalous]",
        "timestamp": 1508356700224,
        "editstamp": 1508356739282
      }
    }
deamme commented 7 years ago

There's no easy fix for this. Even if you're looking into the specific dat and its portal.json file and find the correct message of the feed which has been quoted then another problem occurs.. because the message that you're quoting can be altered by the owner and then you've just quoted a message that could be whatever..

lsjroberts commented 7 years ago

We could make it show a little flag if the message differs from the owner's live one?

deamme commented 7 years ago

That would be a solution yes.. but the performance would be pretty bad if we are going to look up the dat of the quoted owner up every time. We should actually address the performance and complexity issue.. I wonder how far we can go without something like Redux and React or Inferno..

lsjroberts commented 7 years ago

performance would be pretty bad if we are going to look up the dat of the quoted owner up every time

That is a fair point. Though we do store the archives in memory, so it should be a cheap lookup if I'm not mistaken. And whenever the source dat changes it is piped into the stored archive as part of the Beaker api.

I wonder how far we can go without something like Redux and React or Inferno

Without wanting to get sidetracked, I don't think our performance would necessarily be improved significantly by using any of these. React isn't specifically aimed at improved performance, more an architectural approach that prevents badly performing code.

For the size of this app we should be able to achieve good performance with native apis.

But hopefully some of the alternative clients that people are building will help quantify this a bit.

deamme commented 7 years ago

You're right. As of now the project is pretty simple but the code is already looking a bit complex because we don't have a way to handle the UI or DOM manipulation properly. It's going to be a real mess every time a new feature is being implemented. I think we should consider some sort of UI framework which could be Redux + React or Redux + Inferno.

lsjroberts commented 7 years ago

As of now the project is pretty simple but the code is already looking a bit complex because we don't have a way to handle the UI or DOM manipulation properly.

I agree, and it's something I've been thinking about. There are ways to do this without using a framework and without simply recreating an entire framework locally.

I think we should consider some sort of UI framework which could be Redux + React or Redux + Inferno.

The direction from @neauoire has been not to have any external libraries in the base rotonde-client. One large reason for me is it presents a barrier to entry as not everyone will be comfortable working on whichever framework we happen to pick.

There are others working on implementations in different frameworks which they can run for their own site. But the "official" implementation I believe will always remain framework-less.

neauoire commented 7 years ago

You're welcome to build other clients that will serve the same data, but yes. I would very much like to keep the default client, plain css, html and a bit of JS. I would like for anyone to just fork and start hacking, learn the basics of git, the basics of html styling, without having to dive into a framework.

I can implement the quote validation code if you want, it'll be no more than 4-5 lines. But I don't think this issue alone is a reason enough to include redux into the client.

forresto commented 7 years ago

I think that "misquoting" somebody falls under the free speech / view source / hackable ideals of the web. (It is fine to design the app to prevent that happening accidentally.)

Same thing if somebody edits a post... I'd expect the words to stay what they were when I quoted them. Again, it is fine for the app to highlight that there is a newer version elsewhere.

deamme commented 7 years ago

There may be a solution after all. So you can look into the specific dat of the quoted message owner and find the specific revision of portal.json. I don't know if you can change the specific revision though.. Or perhaps it's the specific revision of the dat - correct me if I'm wrong.

hermes-diactoros commented 7 years ago

I second @forresto's point. Quoting should 1) store a verbatim copy of what is quoted at that exact point in time, and 2) link to the quoted user's post URL, so that quoting is flexible if the user wants to.

Plus, I think that using a very simple frontend framework would make code cleaner and more accessible, in fact. Something like doT.js, pure.js, Handlebars.js, choo...

neauoire commented 7 years ago

I'm against frameworks. But I'm all for adding a link to the UUID of the quoted entry.

0x0ade commented 6 years ago

As we moved to the Fritter-based format, Rotonde now stores:

Note that those URLs link to the post's .json and aren't exposed in any way. It currently is only used if no quote is given (temporarily displaying no quote until threadParent fetched).

We could fetch threadParent even if a copy of the quote is given (temporarily displaying the copy), but I'd prefer to start doing this after the current connection performance (stability and speed) has improved.