The example didn't have anything at all do at all with MS's vulnerabilities.
Yes it has, because you gave WinXp as an example.
WinXP is not a good example of how to call something "supported" or not.
Microsofty-supported != generally-supported.
Topic: RFC: new forum software specifications - page 3. (Read 16869 times)
Yes it has, because you gave WinXp as an example.
WinXP is not a good example of how to call something "supported" or not.
Microsofty-supported != generally-supported.
The example didn't have anything at all do at all with MS's vulnerabilities.
You are wrong, SMF 1.x is still supported, so it was the latest version.
Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows.
To be precise, if something is supported, then that means all security vulnerabilities should be fixed.
So it is the latest, in the terms of being most patched, version from 1.x branch.
And Microsoft is a very bad example of how to fix security vulnerabilities, that company is fucked up beyond compare.
So we should add this to the spec for the new forum software:
Didn't they fix the forum in not much more than a day or so?- No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
Anyway, you can never know whether you don't have a zero-day or if you just haven't found it yet.
You are wrong, SMF 1.x is still supported, so it was the latest version.
Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows.
So we should add this to the spec for the new forum software:
- No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
How often do zeroday exploits get used to attack other forum backends and how fast are their developers at providing a fix after that?
He said the latest version, the forum hadn't been updated when the compromise happened.
You are wrong, SMF 1.x is still supported, so it was the latest version.
He said the latest version, the forum hadn't been updated when the compromise happened.
You realize that SMF put out an update fixing the vulnerability, only AFTER the hack?
He said the latest version, the forum hadn't been updated when the compromise happened.
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.
Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.
+1
In general speaking: the latest SMF is the most secure forum in existens.
I really don't want to know how many zero-day exploits are out there for other forums.
Of course you are not aware that Bitcoin Forums has been quite recently hacked, and it was SMF's fault ?
I wouldn't say that SMF is any more secure than other forums. I have had default PHPBB 2.x & 3.x installations on my sites for years, and guess what - no hacks at all.
So be careful when you post such bold claims next time.
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.
Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.
+1
In general speaking: the latest SMF is the most secure forum in existens.
I really don't want to know how many zero-day exploits are out there for other forums.
SMF itself is well written, has a lot of good features, not to much like other software.
And it's very easy to extend it via SSI.php.
I see no reason to switch to another forum.
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation.
Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
I'm with ShadowOfHarbringer
Seriously guys, are you really trying to make a new forum from scratch??
Just take vbulletin or phpbb or something like that and you will be fine, this is just a forum, not the Stargate Command. You will spend much much much much less and you will have a much much better system with years of development and much safer
Safety is the real issue here, that forum got hacked already once, and if bitcoin become more important, you can expect more hacks, so using a SAFE forum is of the upmost importance
Seriously guys, are you really trying to make a new forum from scratch??
Just take vbulletin or phpbb or something like that and you will be fine, this is just a forum, not the Stargate Command. You will spend much much much much less and you will have a much much better system with years of development and much safer
Safety is the real issue here, that forum got hacked already once, and if bitcoin become more important, you can expect more hacks, so using a SAFE forum is of the upmost importance
What about the OTC?
I just thought of this today to help out being buying and selling goods. Can we get a ranking system of trusted traders. After a trade a person will be able to give a + or a - showing that the trade worked or not. This way it will be easy to see good sellers from new sellers or scammers. We could have the total of the + and the - near the Name or Rank of the person. We would need to make rules that you can only get one vote per account even you if sell to them many times. Also we would need to make it so that a person who does vote had something like 50 hours logged in and 20 posts or something. How does this feature sound? Thanks.
Don't change anything. It's not worth the effort, and if you lose all the old posts or make people re-register, they will leave.
Actually he can 'port' all the old accounts and posts and it's not that hard.
Well I would recommend to stick with SMF, it's not that bad. But it could have a decent template.
This has feature-crept a bit too far for my taste, theymos. Have you considered separating out some of these feature sets into separate projects?
The first version of the code will be the best-written code because the programmer will be thinking about all of the required features. Everything after the first version will be messier and less stable. So I want to get as much done as possible in the first version.I don't want to sound like an ass when I say this, but this is like the anti-rule of software development.
Actually you are quite right, it's the opposite.
After 14 years in software development I can be quite sure that the first version is practically never the best. Sorry, theymos.
I once heard a motto , release early release often ...
A forum software writen as discrete modules that could be easily replaced would probably be the best approach
Jump to: