Pages:
Author

Topic: RFC: new forum software specifications - page 3. (Read 16948 times)

legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
October 14, 2011, 09:06:54 AM
#74
The example didn't have anything at all do at all with MS's vulnerabilities.

Yes it has, because you gave WinXp as an example.
WinXP is not a good example of how to call something "supported" or not.

Microsofty-supported != generally-supported.
member
Activity: 84
Merit: 10
October 13, 2011, 03:32:07 AM
#73
The example didn't have anything at all do at all with MS's vulnerabilities.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
October 13, 2011, 02:58:33 AM
#72
You are wrong, SMF 1.x is still supported, so it was the latest version.

Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows.

To be precise, if something is supported, then that means all security vulnerabilities should be fixed.
So it is the latest, in the terms of being most patched, version from 1.x branch.

And Microsoft is a very bad example of how to fix security vulnerabilities, that company is fucked up beyond compare.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
October 12, 2011, 09:40:35 PM
#71
So we should add this to the spec for the new forum software:

  • No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
Didn't they fix the forum in not much more than a day or so?

Anyway, you can never know whether you don't have a zero-day or if you just haven't found it yet.
member
Activity: 84
Merit: 10
October 12, 2011, 09:27:12 PM
#70
You are wrong, SMF 1.x is still supported, so it was the latest version.

Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows.
member
Activity: 110
Merit: 10
October 12, 2011, 05:44:13 PM
#69
So we should add this to the spec for the new forum software:

  • No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
October 12, 2011, 12:02:57 PM
#68
How often do zeroday exploits get used to attack other forum backends and how fast are their developers at providing a fix after that?
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
October 12, 2011, 11:19:54 AM
#67
He said the latest version, the forum hadn't been updated when the compromise happened.

You are wrong, SMF 1.x is still supported, so it was the latest version.
hero member
Activity: 588
Merit: 500
October 12, 2011, 10:44:06 AM
#66
He said the latest version, the forum hadn't been updated when the compromise happened.

You realize that SMF put out an update fixing the vulnerability, only AFTER the hack?
full member
Activity: 126
Merit: 100
October 12, 2011, 07:16:35 AM
#65
He said the latest version, the forum hadn't been updated when the compromise happened.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
October 12, 2011, 06:18:40 AM
#64
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.

This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.

Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.

Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.

+1

In general speaking: the latest SMF is the most secure forum in existens.
I really don't want to know how many zero-day exploits are out there for other forums.

Of course you are not aware that Bitcoin Forums has been quite recently hacked, and it was SMF's fault ?

I wouldn't say that SMF is any more secure than other forums. I have had default PHPBB 2.x & 3.x installations on my sites for years, and guess what - no hacks at all.

So be careful when you post such bold claims next time.
full member
Activity: 228
Merit: 100
October 11, 2011, 07:23:42 PM
#63
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.

This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.

Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.

Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.

+1

In general speaking: the latest SMF is the most secure forum in existens.
I really don't want to know how many zero-day exploits are out there for other forums.

SMF itself is well written, has a lot of good features, not to much like other software.
And it's very easy to extend it via SSI.php.

I see no reason to switch to another forum.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
October 08, 2011, 07:57:38 PM
#62
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.

This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.

Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.

Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.
administrator
Activity: 5222
Merit: 13032
October 08, 2011, 04:02:20 AM
#61
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.

This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
member
Activity: 84
Merit: 10
October 08, 2011, 03:59:02 AM
#60
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
October 06, 2011, 08:40:25 AM
#59
I'm with ShadowOfHarbringer

Seriously guys, are you really trying to make a new forum from scratch??

Just take vbulletin or phpbb or something like that and you will be fine, this is just a forum, not the Stargate Command. You will spend much much much much less and you will have a much much better system with years of development and much safer

Safety is the real issue here, that forum got hacked already once, and if bitcoin become more important, you can expect more hacks, so using a SAFE forum is of the upmost importance
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
October 06, 2011, 05:53:45 AM
#58
What about the OTC?
member
Activity: 84
Merit: 10
October 06, 2011, 05:04:38 AM
#57
I just thought of this today to help out being buying and selling goods. Can we get a ranking system of trusted traders. After a trade a person will be able to give a + or a - showing that the trade worked or not. This way it will be easy to see good sellers from new sellers or scammers. We could have the total of the + and the - near the Name or Rank of the person. We would need to make rules that you can only get one vote per account even you if sell to them many times. Also we would need to make it so that a person who does vote had something like 50 hours logged in and 20 posts or something. How does this feature sound? Thanks.
hero member
Activity: 540
Merit: 500
The future begins today
October 03, 2011, 04:45:48 PM
#56
Don't change anything. It's not worth the effort, and if you lose all the old posts or make people re-register, they will leave.

Actually he can 'port' all the old accounts and posts and it's not that hard.

Well I would recommend to stick with SMF, it's not that bad. But it could have a decent template.
sr. member
Activity: 462
Merit: 250
It's all about the game, and how you play it
October 03, 2011, 04:41:56 PM
#55
This has feature-crept a bit too far for my taste, theymos. Have you considered separating out some of these feature sets into separate projects?
The first version of the code will be the best-written code because the programmer will be thinking about all of the required features. Everything after the first version will be messier and less stable. So I want to get as much done as possible in the first version.

I don't want to sound like an ass when I say this, but this is like the anti-rule of software development.

Actually you are quite right, it's the opposite.

After 14 years in software development I can be quite sure that the first version is practically never the best. Sorry, theymos.

I once heard a motto , release early release often ...
A forum software writen as discrete modules that could be easily replaced would probably be the best approach
Pages:
Jump to: