xoops forums

irmtfan

Module Developer
Posted on: 2005/1/1 5:57
irmtfan
irmtfan (Show more)
Module Developer
Posts: 3419
Since: 2003/12/7
#21

Re: Xoops On Crack?

GIJOE,
your an expert programmer and mature in php and so on.everyone know this as well.in this topic (3rd post) you see i recommended your protector module.
but i have 2 question from you.
1- why you dont write good documentation for your works?
personally i use your modules and hacks ( protector , autologin , xhld ) but there is no documentation in your site or i cant find it.for regular modules the documentation is not very need and important but for a module like 'protector' we MUST have a very compelete detailes documentation to use. if we cant understand it how we can recommended it?

2- why you dont write any news about your works in xoops.org site?
report to community is very important. e.g. you release protector 2.2 in http://www.peak.ne.jp but a person like me how know about it? i dont know what you think about it but i can tell you "many people dont know about you and your works"

Quote:
Come on, let's work on this together, shall we?

why you dont like to supprot community?we have a warm community here with many people. if you dont have too time to spend here please just take some time here and see the result.in according to your join date and your post numbers its a fact that you are very low active member of XOOPS in comunity.
instead of just coding and coding and coding .... just spend some times with us .the community waiting for you

Mithrandir

XOOPS is my life!
Posted on: 2005/1/1 9:49
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#22

Re: Xoops On Crack?

Quote:
why you dont like to supprot community?we have a warm community here with many people. if you dont have too time to spend here please just take some time here and see the result.in according to your join date and your post numbers its a fact that you are very low active member of XOOPS in comunity.
instead of just coding and coding and coding .... just spend some times with us .the community waiting for you

Ok, this is getting a bit one-sided. GIJOE is not very visible here, but I am sure he does a tremendous job in the Asian community sites, so it is not the case of a guy just coding, coding and coding and not doing any support work.

However, I AM a bit disappointed that we don't seem to get the goodies from developments and discoveries made in Asia (sorry for grouping so many people together by referring to an entire continent)
It is hard for me to frequent the Japanese, Chinese etc. sites as I neither read nor write languages other than Danish, English and some French.

carnuke

Home away from home
Posted on: 2005/1/1 10:13
carnuke
carnuke (Show more)
Home away from home
Posts: 1955
Since: 2003/11/5
#23

Re: Xoops On Crack?

Having just read this entire thread, I have a concern that politics and bad feelings may get in the way of valuable and important developments regarding security. The protector module IS useful and I have highlighted this in the XOOPS FAQ in a long detailed entry.

The demonstration, though extreme does prove a point and one that we should listen too in preference to highlighting it's unethical quality.

As this new year starts, let's invite some positive constructive response to this discussion in a way that all parties feel they are heard, appreciated and respected.

vinit

Just can't stay away
Posted on: 2005/1/1 12:52
vinit
vinit (Show more)
Just can't stay away
Posts: 530
Since: 2004/1/10
#24

Re: Xoops On Crack?

I dont have words to express, bang in with a blast.
A shocking, blasting new year start at xoops.
Things which we felt is secured is been torn apart in seconds, and if xoops.org can be brought to knees then any lam sham bam site is just waiting for opportunitist. This might sound odd at this moment but what GIJOE has demonstrated is "TRUTH" and we got to work together face realities of this kind and lets develop needfull solutions for it in core.

I guess a team for special sercurity scrutinising should be brought in. Efforts from all the corners of the world needs to be channelized. I do understand and accept that Asian developers works has not got that attention, but then language at times act as barriers. I would urge the developers associated with XOOPS to work together to resort the common issues of XOOPS to make it a better CMS. At the same time lets respect everyones work and have open ears for everyone.

Olorin

Just popping in
Posted on: 2005/1/1 14:33
Olorin
Olorin (Show more)
Just popping in
Posts: 50
Since: 2003/7/5 1
#25

Let's just calm down...

Quote:

Mithrandir wrote:
Ok, this is getting a bit one-sided. GIJOE is not very visible here, but I am sure he does a tremendous job in the Asian community sites, so it is not the case of a guy just coding, coding and coding and not doing any support work.
GIJOE is the most active supporter in Japan. Moreover, he couldn't be more active in his personal support site as you can see.

Quote:

carnuke wrote:
As this new year starts, let's invite some positive constructive response to this discussion in a way that all parties feel they are heard, appreciated and respected.
I quite agree with you. As Mithrandir stated on the news, XOOPS seems to be looking for the developers for the current version. At the same time, Japanese developers seem to be serious about leaving XOOPS and making their own one.

So why don't you make the best of Japanese developers' enthusiasm? For instance, you can let the Japanese team alter the current 2.0.x series. And the others focus on the 2.1 series.

Of course, there should be a consensus for the development so as not to make a difference between the current and the future one in their features.

This may delay the release of 2.1, eventually. But even Onokazu thinks there should be another release with a few, but not too radical, changes in the feature before 2.1 arrives.

In the end, all the Xoopsers can have more secure Xoops, Japanese team doesn't need to worry about the language, and English team can focus on the future version.

Surely, I'm not ignoring the other local communities. But Japanese developers are just HEATED in many ways.

This is "ORETEKI Xoops":
http://marijuana.ddo.jp/xoops/modules/mydownloads/
http://marijuana.ddo.jp/xoops/modules ... t.php?cid=1&lid=20&type=0

Some modules have already exceeded the standards of the core, I think. So it's high time we thought how to adopt these advanced features to the core, isn't it?

JMorris

XOOPS is my life!
Posted on: 2005/1/1 14:34
JMorris
JMorris (Show more)
XOOPS is my life!
Posts: 2722
Since: 2004/4/11
#26

Re: Xoops On Crack?

@GIJOE

In the spirit of the new year and new beginnings, let me first apologise for my harsh tone. I do not agree with how your point was made, but it is a valid point and it needs to be addressed. It would be a tremendous benefit to all if you would share what you have learned regardging XOOPS security with the XOOPS Core Team.

@The core Team and Carnuke

The FAQ section touches on XOOPS security, but it's lumped in with Fault-finding, Upgrades, and Backups. Perhaps a dedicated FAQ section for security would be more appropriate.

Also, it seems that the average XOOPS user is not necessarily server savy. I've seen countless posts on "how do I chmod?". Perhaps a special script could be added to the installation process that sets folder and file permissions for the end user. The example on "How to CHMOD to 0444 ?" provides a good example of where to start on this.

It just seems that the few XOOPS sites I have heard of being hacked, the majority of them were hacked because they didn't have appropriate permissions set.

Just a suggestion.

Mithrandir

XOOPS is my life!
Posted on: 2005/1/1 14:41
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#27

Re: Let's just calm down...

Quote:

Olorin wrote:
Quote:

carnuke wrote:
As this new year starts, let's invite some positive constructive response to this discussion in a way that all parties feel they are heard, appreciated and respected.
I quite agree with you. As Mithrandir stated on the news, XOOPS seems to be looking for the developers for the current version. At the same time, Japanese developers seem to be serious about leaving XOOPS and making their own one.

So why don't you make the best of Japanese developers' enthusiasm? For instance, you can let the Japanese team alter the current 2.0.x series. And the others focus on the 2.1 series.

Of course, there should be a consensus for the development so as not to make a difference between the current and the future one in their features.

I would simply love to have some more people working on making the XOOPS core more secure. For both 2.0.x and 2.1/2.2

So far, the Asian communities have the better of us as it is more likely to find a Japanese that knows English than the other way around - therefore it is not possible for many of us to frequent the Asian sites and pick up security tips here and there. We *need* some help on this.

hervet

Friend of XOOPS
Posted on: 2005/1/1 14:44
hervet
hervet (Show more)
Friend of XOOPS
Posts: 2267
Since: 2003/11/4
#28

Re: Let's just calm down...

Olorin,

Can you, the Japanese community and developpers, teach us too ?

Bye,
Hervé
Posted on: 2005/1/1 14:58
smdcom
smdcom (Show more)
Posts: 901
Since: 2004/4/27
#29

Re: Xoops On Crack?

I hope this thread moved to other place privately. Personally, we should invite japanese xoopsers, developer & GIJOE of course sit together and discuss.

I'm afraid public will scared about this thread. lol.. just a suggestion. don't make me wrong.

Bender

Home away from home
Posted on: 2005/1/1 15:11
Bender
Bender (Show more)
Home away from home
Posts: 1899
Since: 2003/3/10
#30

Re: Xoops On Crack?

Quote:

smdcom wrote:
I hope this thread moved to other place privately. Personally, we should invite japanese xoopsers, developer & GIJOE of course sit together and discuss.

I'm afraid public will scared about this thread. lol.. just a suggestion. don't make me wrong.


I don´t think so. We don´t live in a perfect world and if someone can´t deal with that its his/her problem. Taking this thread behind locked doors now would imho cause more damage and just raise suspicions. (just my impression of course )


Back to the general issue:

Quote:
Mithrandir wrote:
I would simply love to have some more people working on making the XOOPS core more secure. For both 2.0.x and 2.1/2.2


I think this not going far enough. However need to formulate what i think in some more lines so i will elaborate a little later.