1
seventhseal
Re: Slim or fat - Where is competition going?

It's been a while since I have been interested in commenting on a question - but I took this question to mean something different than the answers given thus far...if I am wrong, delete and move on!

If you look at what the commercial industry is doing in general with software development, they are moving towards the "appliance" phenomena - that means, tightly integrated software solutions that are small and fast. in many cases, can stand alone as a complete solution. When I saw "slim or fat" this was my thoughts behind the question. I am a developer and solutions provider for large banking and financial based commercial applications.

Slim can be looked at in a couple of ways - does it mean low on feature set? Small in footprint? Fast on execution? I think that if a "Slim" approach is the direction, you have to look at the overhead involved in the amount of code required to complete a task. Simply put, the number of iterations of code required to perform a task.

I am sure that if all code was reviewed in any solution, you might find complete blocks of code that are many years old and still performing a job. And over time those blocks have been modified, and to a certain extent bloated beyond original recognition. This is how code gets "fat." Developers are too lazy to rewrite - they just add on.

It's not a bad idea to simply throw away code from time to time, and recreate! This can be applied to a database table approach as well.

How many times does a module that relies on some database transaction get modified to the point that the original table structure is no longer recognizable or efficient? Database rewrites, although painful, can produce a "slimming" effect on code. By gaining efficiencies where table space is either no longer needed, or no longer being used in the way it was intended, you may find ways to maximize return on code.

The bottom line is, don't be concerned with what your competition may be doing, but rather concerned with how you can maximize the strengths of what you have or need to produce. In the case of many of these CMS's, you are relying on an interpreted code that relies on a compiled object based tied binarily to a specific O/S and chipset on a server of some sort. That in and of itself is inefficient. Sometimes "slim" does not equal fast, and "fat" does not equal inefficient...just continue to challenge the way development has been done and innovate!

Good Luck!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



2
seventhseal
Re: Is there a roadmap for the next XOOPS version?

You are on the right track - and call it what it is - a take over of XOOPS. There is nothing wrong with that on the surface. In other words, it's going to get forked anyway. It's bound to happen. There are too many who want XOOPS and continue to hang on to the various dramas that occur on a regular basis.

One suggestion - I do security for a living - don't put all your eggs in one Protector module basket. Protector is good, but not the final solution. Take a look at projects like mod_security for apache. That is a much better model for protection, and is easily implemented.

Looks great!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



3
seventhseal
Re:

Quote:

psaxtiri wrote:
Always the latest


maybe something wrong with the sql tables i don't know.


Contact me at xoops.ibdeeming.com - send me a "Contact Me" on how to reach you. I'll get you going. I am back working on a number of XOOPS updates. The site is going to move to xoops.velocitywebdev.com in the next week or so, but if you contact me right away, I'll help you out!

Off-topic - I am also looking at either taking over the GPL of Protector (not my first choice - don't like the mod) or writing a poor-man's mod_security for xoops. Either way, filling a gap that apparently folks are worried about!



BTW - XOOP-STATS is better than PHP-STATS only because it is built for XOOPS! And, I wrote it!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



4
seventhseal
Re: Smartsection module

yep - start by turning on your debug in the admin section. Then try again - you should get errors - report them, and we'll help from there.
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



5
seventhseal
Re: Xoops Hacked? Use your server file-dbbackup service!

If you are on a shared service - then the problem is probably bigger than the really good suggestions for just locking down XOOPS.

If files were actually modified, then look in your httpd access_log file or equivalent on a windows server. Inside, do a search for any
wget
type commands. Those might shed light on what really happened. You can also look for any redirects to ftp sites.

The real problem on large shared systems is that unless most of the obvious ports are locked down, and any firewall or BFD (brute force detection) system is in place, you are vulnerable. It's not XOOPS - but your server.

Another place to check is your secure log. Find out what attempts to gain access happened. You'll probably see lots of ftp or ssh access against accounts that may or may not exist on your server. Again, not much you can do if on a shared server, but you can forward to the provider for support.

If possible, try to get the provider to install mod_security with the latest rules. This will take care of a lot of the access issues. Along with that, see if you can get them to force SSH only with version 2 DSA keys. These are easy to create and manage, and will at least allow you to lock out any password attempts. You could also try getting them to create a whitelist for ssh.

As you can see, there are many options. But I wouldn't assume off the bat that it's just because of XOOPS php code that you got hacked.

Good luck!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



6
seventhseal
Re: A virus on my xoops.!!!! Help please!

I'll have to make a couple of assumptions here -

1. I assume you are using templates. When you generated the templates, did you do some from an IE browser? If so, does that browser have a bunch of tools hooked to it - like goole search, etc?

2. Did you design the theme for your site? Look at this validation for your site. You will see a number of errors that should be corrected.

3. I noticed, and have seen this before, look at line 156 - outside of your
</body>
block - there is a hidden iFrame pointing to an IP address. Unless you actually have that in your theme - where is that going?

According to IP lookup - the IP
81.95.145.240
belongs to the RIPE network - which I like to blacklist on a regular basis...anyway, the
index.php
that it points your users to is probably the culprit.

So, what to do...first, make sure your IE or Firefox is clean. Next, delete your templates and regenerate. If the problem persists, you need to do some deep scanning of your personal system.

Hope this evaluation helps!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



7
seventhseal
Re: Project Leader: Catzwolf

I smell fear...

Just some observations - I am a rouge - and have been in the code of the many CMS's that people like to use as examples of "new" or "advanced" technology over XOOPS. They have some good code, and they have some sh***ty code...I have seen folks create modules in XOOPS that were directly taken from PHPNuke - crap in = crap out. I have seen folks try to retro flashy interfaces because other CMS's themes have them - so what?

At the end of the day, what is the stability of the core of the code? What is the reason for the need to make changes? What is broken that requires fixing?

I think the leadership in general makes many valid points - and I love to pick on Nuke, because it's a great example of totalitarian development. Don't allow one to control, but also don't allow procedural minutia to stunt growth!

Leaders don't ask to lead, they do. By their examples, they become what it is they seek. So, for all the conversational bites on leader - I don't care. The real leaders will be evident.

Communication is the only thing that will set XOOPS apart from other CMS's. My customers don't give a rats behind what CMS might be used for thier requirements - all they care about is will it work, and is it secure? As long as I deliver, I succeed. XOOPS has been instrumental in that, and yes, I have made my own changes to core code. But nothing that has been earth shattering, or horribly in error.

For the most part, those that can lend to the effort, do so. Those that can be a part of the team, do so. Your leadership skills will be evident.
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



8
seventhseal
Re: To Admin - Spammer Targeting Xoops sites

First off - if they are bots, that's easy - use my XOOP-Stats and block the bots.

However, I have been monitoring traffic by placing my servers nic in promiscuous mode and running snort. I ran snort because they can't spoof their connection. I then placed all comments in admin approval for my XOOPS site, and waited. Sure enough, crap starting coming in with spoofed IP's. I then went to my snort logs and matched all of the posts to the IP detected by snort. Voila - 203.79.69.91 - now, remember, you can't block this in xoops, because the IP the XOOPS sees will be spoofed. You must block at the firewall if you have control. I blocked the range 203.79.69.0/24

Good luck!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



9
seventhseal
Re: thanks a lot

I'm glad you like it! a.k.a - CreepingDeath
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design



10
seventhseal
Re: Contact module ??

In my humble (okay - not!) opinion, this contact module has all of the features being discussed, and quite a few customizations for the contact form built in as options. Give it a try.
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design




TopTop
(1) 2 3 4 ... 9 »



Login

Who's Online

177 user(s) are online (114 user(s) are browsing Support Forums)


Members: 0


Guests: 177


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits