theymos (OP)
Administrator
Legendary
Offline
Activity: 5362
Merit: 13339
|
|
October 08, 2011, 09:02:20 AM |
|
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 09, 2011, 12:57:38 AM |
|
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time. Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation. Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems.
|
|
|
|
talpan
|
|
October 12, 2011, 12:23:42 AM |
|
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time. Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation. Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems. +1 In general speaking: the latest SMF is the most secure forum in existens. I really don't want to know how many zero-day exploits are out there for other forums. SMF itself is well written, has a lot of good features, not to much like other software. And it's very easy to extend it via SSI.php. I see no reason to switch to another forum.
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 12, 2011, 11:18:40 AM |
|
theymos, other than the plug-ins and addons that are being used right now that wouldn't work with the update, is there any reason why the board hasn't been updated to the newest release? It has been out for over 3 weeks now and would at least be a hold over until a new system is made/chosen.
This version is still supported. 2.x is not more secure, so moving to it would be a waste of time. Theymos, I say stay with the SMF 1.x, hire a PHP security expert to harden it properly, and build on top of it. That maybe the fastest & most effective solution to current situation. Of course, PHPBB, vBulletin and IPB are much more powerful and have many more plugins avaiable, but this one is not that bad, if you fix all the security problems. Talking perfomance, using dedicated well-written caching you can probably achieve similiar speed in any of the forum systems. +1 In general speaking: the latest SMF is the most secure forum in existens. I really don't want to know how many zero-day exploits are out there for other forums. Of course you are not aware that Bitcoin Forums has been quite recently hacked, and it was SMF's fault ? I wouldn't say that SMF is any more secure than other forums. I have had default PHPBB 2.x & 3.x installations on my sites for years, and guess what - no hacks at all. So be careful when you post such bold claims next time.
|
|
|
|
Gerken
|
|
October 12, 2011, 12:16:35 PM |
|
He said the latest version, the forum hadn't been updated when the compromise happened.
|
|
|
|
error
|
|
October 12, 2011, 03:44:06 PM |
|
He said the latest version, the forum hadn't been updated when the compromise happened.
You realize that SMF put out an update fixing the vulnerability, only AFTER the hack?
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 12, 2011, 04:19:54 PM |
|
He said the latest version, the forum hadn't been updated when the compromise happened.
You are wrong, SMF 1.x is still supported, so it was the latest version.
|
|
|
|
TiagoTiago
|
|
October 12, 2011, 05:02:57 PM |
|
How often do zeroday exploits get used to attack other forum backends and how fast are their developers at providing a fix after that?
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
bosschair
Member
Offline
Activity: 110
Merit: 10
|
|
October 12, 2011, 10:44:13 PM |
|
So we should add this to the spec for the new forum software: - No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
|
|
|
|
cruikshank
Member
Offline
Activity: 84
Merit: 10
|
|
October 13, 2011, 02:27:12 AM |
|
You are wrong, SMF 1.x is still supported, so it was the latest version.
Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows.
|
1JvnFCbMXAyeooPggF9snLAeg3A2QVV8eh
|
|
|
TiagoTiago
|
|
October 13, 2011, 02:40:35 AM |
|
So we should add this to the spec for the new forum software: - No zero-day exploits and/or architecture which makes it easy and fast to patch such exploits
Didn't they fix the forum in not much more than a day or so? Anyway, you can never know whether you don't have a zero-day or if you just haven't found it yet.
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 13, 2011, 07:58:33 AM |
|
You are wrong, SMF 1.x is still supported, so it was the latest version.
Um, just because something is still supported, doesn't make it the latest version. That would be like calling XP the latest version of Windows. To be precise, if something is supported, then that means all security vulnerabilities should be fixed. So it is the latest, in the terms of being most patched, version from 1.x branch. And Microsoft is a very bad example of how to fix security vulnerabilities, that company is fucked up beyond compare.
|
|
|
|
cruikshank
Member
Offline
Activity: 84
Merit: 10
|
|
October 13, 2011, 08:32:07 AM |
|
The example didn't have anything at all do at all with MS's vulnerabilities.
|
1JvnFCbMXAyeooPggF9snLAeg3A2QVV8eh
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
October 14, 2011, 02:06:54 PM |
|
The example didn't have anything at all do at all with MS's vulnerabilities.
Yes it has, because you gave WinXp as an example. WinXP is not a good example of how to call something "supported" or not. Microsofty-supported != generally-supported.
|
|
|
|
TiagoTiago
|
|
October 14, 2011, 07:19:46 PM |
|
Just the other day i received like more than 10 security updates on my WinXP install...
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
October 14, 2011, 07:22:52 PM |
|
Just the other day i received like more than 10 security updates on my WinXP install...
How many times did you have to restart?
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
October 14, 2011, 07:37:41 PM |
|
This thread is pure lulz... 500BTC/$2000(at current prices) to develop a full fledged forum software... yeah, right... Or you get someone to do it and it will be utter crap. Why do people around here want to reinvent the wheel is something i always wondered. On the other hand, if what you want is end up with something like http://bitcoinweekly.com/ ok, code it from scratch...
|
|
|
|
bosschair
Member
Offline
Activity: 110
Merit: 10
|
|
October 14, 2011, 08:34:01 PM |
|
What's wrong with bitcoinweekly.com? Not enough bells and whistles for you? The only difference between that site and one you'd think was fabulously web-2.0 is a bit of CSS.
|
|
|
|
talpan
|
|
October 14, 2011, 10:58:22 PM |
|
Why do people around here want to reinvent the wheel is something i always wondered.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
October 15, 2011, 02:45:31 AM |
|
What's wrong with bitcoinweekly.com? Not enough bells and whistles for you? The only difference between that site and one you'd think was fabulously web-2.0 is a bit of CSS. No, I was talking in the sense of re-inventing the wheel... And don't say it's only CSS that's missing. For someone who tries to be a weekly "magazine" of some sort I'm sure that there are a lot of features missing in the backend and frontend.
|
|
|
|
|