21
Burning
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/3 15:42

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


Sorry... I don't really understand why two posts have the same contents. But Davidl2 have explained me the reason by MP.

So... I believe that I have to return and stand to frxoops : only in french, it's better for me

Bye
Still learning CSS and... english

22
smart2
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/3 18:37

  • smart2

  • Not too shy to talk

  • Posts: 129

  • Since: 2007/1/19


[sorry for poor english]

Many thanks to Hervé to try to make things move and to work hard trying to improve this branch of Xoops.

A part of my activity is to sell service around XOOPS and to promote it to entreprises and administrations.

I must say that since some weeks, I'm wondering if I'm giving good advices to those by making them choose XOOPS for their business websites.

I have got the feeling that the voices of people like me who are trying to help XOOPS to develop in professionnal sphere, as much as they can are not heard.

I have some modules projets which are now on standby, just because I can't see clearly where XOOPS is going.

From now I'm waiting for the XOOPS project team to inform us clearly about what is happening. I can really understand that this is not easy ... the only thing I can't understand is why people who work hard to make XOOPS get better are ignored.

Why don't you consider such contributions? From my point of view they help xoops.

If I'm wrong could you explain me why.

[/sorry for poor english]

23
giba
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/3 22:57

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Hi smart2, you not error, you is correct.
This is my point too in dev sf.

sorry my poor english too

24
instantzero
Re: Xoops 2.0.17 released (Unofficial version) by Hervé

jmorris, vaughan,

You belong to the worst things which arrived to xoops. You are in the top 10.
Do you know what users can see ?
Two doggies trying to create doggies fight to compensate the complete lack of changes in Xoops.

And you are accusing the others to create flaming posts ....
We can just see one thing, you are trying to make the valuable users and contributors to go out.


Concerning the new server and the new repository ... who cares ?
Do you believe that's what users are waiting for ?
Hey men, I bought a new pants last week ...

It will be useful for what ? For your business, that's all.
You're going to write an article, or you will be part of an article, when this new server will be visible (if people can see it one day) and after ???
Does it change anything to XOOPS ?
No !

The proof, nobody can't give an answer to smart2 or to the community.

Concerning the version which is "discussed" (denigrate is the exact word) in this thread, strange that one thing made by one person can't be done by a "team", the "official" team

This version, that's true, "breaks the compatibility" with the "official" XOOPS version.
But at the last news, the "official" version is 8 months old and does not include any of the patches who were proposed by the community

Now, SHA 256 or Whirlpool hash, it does not change anything because it will be break one day.

FYI, this version hashes passwords in SHA256 AND in MD5. The goal is not to bring a total security (this does not exist on Internet) but to slow down the hackers. If you can't
understand it, we can't do anything for you...

You are denigrating the others and their work but you do not come with any answer.
For example to the one I asked here. Your forums are full of this :

Quote:

Post removed by moderator
Please Note: The original text of this post was posted by someone else then the apparent author.


WHY ?


Things are changing but you can't even see them :
http://www.frxoops.org/modules/news/article.php?storyid=1336

You do not deserve any answer and this is the last you will have.

25
winsion
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 14:37

  • winsion

  • Just popping in

  • Posts: 55

  • Since: 2003/11/23


thank you hervé for this release...
...

26
vaughan
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 17:45

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


Quote:

FYI, this version hashes passwords in SHA256 AND in MD5. The goal is not to bring a total security (this does not exist on Internet) but to slow down the hackers. If you can't
understand it, we can't do anything for you...


i know your version hashes the password like that, i never questioned that fact. I do understand why you did it, but you did not understand me! see my reply below this 1.


Quote:

For example to the one I asked here. Your forums are full of this :

Post removed by moderator
Please Note: The original text of this post was posted by someone else then the apparent author.


WHY! - because the account was being used by somebody else like the text says!

we know xoops.org has vulnerabilities both maybe in the core and the modules it uses (because they are not up to date) we also know who was using those accounts as i'm pretty sure you know too, and you also know how those accounts were obtained.

so now to ask you a further question. If you know how they were obtained, Is it better to keep rehashing the passwords or is it better to FIX HOW they obtained them in the first place to stop that happening again. IF security is tightened down and the holes are FIXED, there would be no reason to have the extreme method of hashing that you suggest. Your method is not preventing them gaining entry is it? yes it might slow them down, but if they have got that far as to be able to retrieve the hashed password in the first place, then i'm afraid that to me is a bigger issue at hand!! That is what I am saying which you so completely misunderstood again.

to put it in a different analogy: Close the doors & windows securely and your jewellery can't be stolen, not as easily anyway.

to put it bluntly, what would be stopping me taking a password hash from the version of XOOPS you have released, then setting up your version on a server & brute forcing the password? just because your hash is hashed with sha256 & md5, doesn't mean that it still can't be bruteforced to find keymatches. If a user has a password 'drowssap' and it's bruteforced, it doesn't matter what hash it has. passwords are only as difficult to crack as the complexity of the password itself.

but PREVENTION is still better than cure!!

27
smart2
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 18:09

  • smart2

  • Not too shy to talk

  • Posts: 129

  • Since: 2007/1/19


Quote:
PREVENTION is still better than cure!!


Everybody will agree on that point with you vaughan.

Anyway, cure is better than NOTHING...

I'm not the ony one who worries about XOOPS future.

I can't understand such a lack of communication from the project "manager" and its team.

I'm a great XOOPS supporter and I try since I use it to promote it and to contribute as much as I can, but I must say you that professional uses of XOOPS need the XOOPS team a more professional way to consider its contributors and supporters.

Do we deserve some consideration or not?

Thousands of users, contributors, members of foreigns support site are asking the same question, don't it make you think you're on the wrong way?

Will you publish an article for us to know if we can trust XOOPS team or not, and if we can support XOOPS for professional uses?

If not just tell me.

Is Skalpa still here or has he left, because we can't see him answer to those serious questions anywhere.

I must say that if the project manager is invisible for more than a few days, a lot of professional users of XOOPS will be forced to leave the project as they have responsabilitie for their clients and can't make them choose XOOPS in such conditions.


Foreign communities have taken their responsabilities by explaining their point of view officially, will xoops.org do the same or continue to act as everything was fine?

Still hoping XOOPS is going to go back on the road.

28
debianus
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 18:33

  • debianus

  • Not too shy to talk

  • Posts: 179

  • Since: 2006/12/17


There is a problem, look

29
riosoft
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 18:41

  • riosoft

  • Not too shy to talk

  • Posts: 191

  • Since: 2003/11/8


Quote:

Is Skalpa still here or has he left, because we can't see him answer to those serious questions anywhere.

I must say that if the project manager is invisible for more than a few days, a lot of professional users of XOOPS will be forced to leave the project as they have responsabilitie for their clients and can't make them choose XOOPS in such conditions.


Foreign communities have taken their responsabilities by explaining their point of view officially, will xoops.org do the same or continue to act as everything was fine?


You're right!
...

30
nachenko
Re: Xoops 2.0.17 released (Unofficial version) by Hervé
  • 2007/6/4 20:39

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


Quote:
I must say that if the project manager is invisible for more than a few days, a lot of professional users of XOOPS will be forced to leave the project as they have responsabilitie for their clients and can't make them choose XOOPS in such conditions.


I'm one of these.

ANd yes, one of my newst projects for next month will not be made in XOOPS.

Login

Who's Online

361 user(s) are online (314 user(s) are browsing Support Forums)


Members: 0


Guests: 361


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits