Beginners and Beyond

RA Office Hours (Read 1083 times)

xor


    Sorry if this was addressed already, but I can't seem to get a photo to show up in my profile.  Any tips?

     

    The pic that is in your profile is uploaded in the My Profile section.  Your avatar (seen here) is uploaded in My Forum Preferences.

     

    For folks to see your profile, set it to public.

     

    MrNamtor


       Someone a RW made the mistake of answering this question and shortly thereafter, all spam broke out.

       haha, that's a good point. Then someone who knows what they are doing can just look at the source code of the site and glean a lot from that alone.

      MrNamtor


        Back in July, RA was in a similar situation as RW, although the bots never got to spam the forum.  I wrote about the experience here.  Someone asked why I broadcast what I did to combat the situation.  My feeling was that the spammers are much more crafty than people give them credit for.

         

        I think the primary problem with RW's situation is that their registration page doesn't have a CAPTCHA.  That would at least slow the spammers down.  Maybe they don't know that they didn't enable it?

         

        The entire site is written in C#.  There are some off the shelf components such as Google Maps, WYSIWYG text editor and other stuff provided by Microsoft.  I'm working on removing the MS tools (e.g. the drag and drop training log summary page) and using something that I rolled and working much better.  I do use MS's Visual Studio though because a compiler based languages such as C, C++, C# and Java are so much easier to maintain than PHP.  Visual Studio's debugging facility also reduces development time too.

         

        Here in chicago everyone LOVES ruby on rails as their server-side development platform of choice. It's supposed to blow the .net stuff away (and definitely PHP), but i wouldn't know first hand.  If i were a server-side developer though, I'd do anything i could to get away from microsoft. lol. Have you ever worked with ROR?

         

        And yeah, about the CAPTCHA, i always wondered about that myself.  Most of the spam on RW is now coming from  multiple user accounts which makes banning those accounts ineffective as a way to combat the problem.

        LRB


          Back in July, RA was in a similar situation as RW, although the bots never got to spam the forum.  I wrote about the experience here.

           

          That was an enlightening read!  I always wondered why in the hell I could barely read/see those codes!

           

          You are obviously proactive in how you operate.  I know it does not mean much coming from an average runner, but I am thoroughly impressed!

           

          SRL warned me that I would be. 

           

          He is right more than he is wrong, and I hate him for it.

          crazyrunninglady


          Warrior Princess

            I like you.  That is all.

            eric :)


              Thanks for the sweet log/forum Eric.  

               

              Just a quick Q about GPS.  I'm thinking about getting one soon and was wondering if I can upload workouts from Timex GPS watches here.  I've read a few reviews of them and they come/expect the user to use an "upgraded" but still free version of trainingpeaks on Timex's own website.  I've checked out training peaks and would prefer to stay with this log on RA for obvious reasons.  At any rate, I could always just let it log itself to Timex's site and then manually enter the run data here and have a back up.

               

               

              Oops.  I missed this one.

               

              Right now, RA does not support direct data import for Timex the way it does for Garmin.  This is because Garmin provided tools for third party developers to access the data, and they also make their documentation public.  Timex partnered with Training Peaks (probably another kick back scenario similar to RW) so you can only do direct import to their site.  You can upload the Timex data files individually to RA, although I imagine that gets tiring after a while.

              eric :)


                Here in chicago everyone LOVES ruby on rails as their server-side development platform of choice. It's supposed to blow the .net stuff away (and definitely PHP), but i wouldn't know first hand.  If i were a server-side developer though, I'd do anything i could to get away from microsoft. lol. Have you ever worked with ROR?

                 

                And yeah, about the CAPTCHA, i always wondered about that myself.  Most of the spam on RW is now coming from  multiple user accounts which makes banning those accounts ineffective as a way to combat the problem.

                 

                People don't want MS because they don't want to be locked into a proprietary technology.  It is true that there are more web development tools for Java than .Net and sometimes I wish .Net has a certain tool, such as Java to JavaScript compiler.  I would do anything to avoid using runtime based languages such as PHP, JavaScript, and Rails.

                 

                The first version of RA was written in PHP.  I rewrote the entire thing because I can't deal with not having a compiler.  I don't have any experience with Rails but I heard a lot of good things on it.  It's supposed to be easy to learn and great for development.  The last time I checked, which was years ago, it also has the worst performance of any language, even worse than PHP.  I spent most of my programming life working with enterprise client/server and database applications so I like everything to be optimized.

                 

                Since the spam accounts are created by bots, they all have a pattern to their email addresses.  It shouldn't be hard to write a regex to find them and lock them out.  To avoid locking out real users, RW can invalidate just the passwords and force them to do a password recovery.  Bots won't be smart enough to check the emails so that would be a quick way to preventing existing bot accounts to post.


                Chairman

                  People don't want MS because they don't want to be locked into a proprietary technology.  It is true that there are more web development tools for Java than .Net and sometimes I wish .Net has a certain tool, such as Java to JavaScript compiler.  I would do anything to avoid using runtime based languages such as PHP, JavaScript, and Rails.

                   

                  The first version of RA was written in PHP.  I rewrote the entire thing because I can't deal with not having a compiler.  I don't have any experience with Rails but I heard a lot of good things on it.  It's supposed to be easy to learn and great for development.  The last time I checked, which was years ago, it also has the worst performance of any language, even worse than PHP.  I spent most of my programming life working with enterprise client/server and database applications so I like everything to be optimized.

                   

                  Since the spam accounts are created by bots, they all have a pattern to their email addresses.  It shouldn't be hard to write a regex to find them and lock them out.  To avoid locking out real users, RW can invalidate just the passwords and force them to do a password recovery.  Bots won't be smart enough to check the emails so that would be a quick way to preventing existing bot accounts to post.

                   

                  So what do you use to store all this training log and message board data you are accumulating? 

                   

                  I've been locked into an all Microsoft platform for some time now where I work. I can't complain too much. For the most part their products integrate painlessly with each other, and the development tools are pretty good.  Running SQL Server and .NET on Windows Server is a whole lot more painless than running Oracle on some variant of Unix with a 3rd party application server. 

                  Coalition for a Free and Independent New Jersey

                  MrNamtor


                    So what do you use to store all this training log and message board data you are accumulating? 

                     

                    I've been locked into an all Microsoft platform for some time now where I work. I can't complain too much. For the most part their products integrate painlessly with each other, and the development tools are pretty good.  Running SQL Server and .NET on Windows Server is a whole lot more painless than running Oracle on some variant of Unix with a 3rd party application server. 

                    eric :)


                      I use MySQL as the db because when I launched RA, it was hosted somewhere.  Like all hosting services, I have the options of MySQL or SQL Server.  The weird thing is I am only allowed 10 MB of space for SQL Server.  I still don't know what that means (file size or data size)?  I knew 10 MB is not enough from the start so I went with MySQL.

                       

                      Sometimes I wonder if I would have been better off with SQL Server (in terms of performance) but there's no looking back now.  One good thing about MySQL is the simple query constructs.  SQL Server added support for results paging in 2008, I think, but the syntax is so cludgy.  Given that MySQL has paging since so long ago that I can't remember, I don't know why MS didn't just copy that syntax.

                       

                      There are things that SQL Server is better than MySQL.  For now, the database server is holding up nicely.  All the performance numbers indicate only a 2% load increase.

                      eric :)


                        Just as long as you're (eric is) not embedding  SQL server database pws in php scripts, you're OK. Otherwise a 12 year old could hack the site (at least get user ID's and passwords, maybe).

                         

                        There's none of that.  Another reason I scrapped the PHP version of the site was it didn't have parameter binding.  User data as part of the query string is an invitation for hacking.

                        MrNamtor


                          There's none of that.  Another reason I scrapped the PHP version of the site was it didn't have parameter binding.  User data as part of the query string is an invitation for hacking.

                           haha, i deleted that bc i had second thoughts about posting/leaving that on here. You're too quick though!

                          aponi


                          never runs the tangents

                            Is there a spellcheck that I'm not seeing?

                            It's just that I majored in math and it shows when I'm forced to communicate in standard written English.

                            “Do what I do. Hold tight and pretend it’s a plan!” Doctor Who

                            LRB


                              Is there a spellcheck that I'm not seeing?

                              It's just that I majored in math and it shows when I'm forced to communicate in standard written English.

                              I have it when I log in with firefox.  I do not have when I log in with internet explorer.

                                Eric (or someone else) answered in some other thread or maybe earlier in this one Big grin - that there is no built in spell check but that some browsers come equipped with one as LRB alluded to.   

                                 

                                Chrome does for me, IE does not.   

                                You can call me Anna