16 July 2024, 14:20 | #81 |
Registered User
Join Date: Nov 2010
Location: .
Posts: 388
|
|
19 August 2024, 15:13 | #82 |
Administrator
Join Date: Feb 2001
Location: Paris / France
Age: 46
Posts: 3,104
|
For me, EAB should stay as it, with the old vb3 engine, because of the speed, nostalgia, and amiga compatible
I don't care about mobile skin, double authentication, etc. but we have to be "findable" by search engine to not be useless. Now, if we want to keep abime.net server secure, I have to keep kernel and linux packages up to date, because this server is online 24/24. This means PHP versions are always growing (EAB is running on php 7.x, but php 8.x will be soon live, etc.) So I will do the maximum to patch the php code and let it work with the latest PHP version. But maybe one day it won't be possible anymore, and if it happens, I will be forced to make a poll to choose between security (new forum engine) or unsecure EAB. Hopefully it won't happen soon Last edited by RCK; 19 August 2024 at 15:22. |
19 August 2024, 15:46 | #83 |
son of 68k
Join Date: Nov 2007
Location: Lyon / France
Age: 51
Posts: 5,391
|
Updates have their own issues, look at what happened with CrowdStrike.
|
23 August 2024, 02:04 | #84 |
cheeky scoundrel
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 43
Posts: 7,128
|
CrowdStrike hooks into kernel space, that is a whole different level of update disaster. But what would be even worse is if they would stop pushing those updates.
|
23 August 2024, 05:30 | #85 | |||
old bearded fool
Join Date: Jan 2010
Location: Bangkok
Age: 57
Posts: 818
|
Quote:
From experience, being familiar enough with the PHP code to patch it increases the security a lot, and I like your plan. Quote:
A working compromise for me is to never forget what the smartphone is, "an ankle monitor for the modern world", and leave it behind in certain situations. Quote:
In vBulletin you have the "?p=123" parameter which takes you to post 123 in this case. Let's say a security flaw is reported where someone manages to inject an SQL string into this "p" parameter which does some nasty query on your database. The bug is disclosed in public and an official patch is released which changes the SQL query to be quoted differently in the PHP code. Solution 1 (following guidance, not knowing the code): You apply this patch by updating, and feel good about yourself. Solution 2 (thinking yourself, knowing the code): You quickly realize that the "p" parameter should never accept anything except integers, since you know the code, you add code which check if "p" brings an integer, if not you reject the parameter and give http error "403". "Solution 1" will fix the bug for the specific attack used to compromise the "p" parameter, while "Solution 2" will future proof your code by preventing any SQL injection attacks regarding the "p" parameter ever again. As an added bonus the quick http error "403" exit in your code prevents DDOS attacks unintentionally created by hoards of bots trying to exploit the announced bug. Also, "Solution 2" lets you patch code which isn't officially supported anymore. Last edited by modrobert; 23 August 2024 at 07:28. Reason: Added lots of stuff, merged posts. |
|||
23 August 2024, 07:46 | #86 |
son of 68k
Join Date: Nov 2007
Location: Lyon / France
Age: 51
Posts: 5,391
|
|
23 August 2024, 10:01 | #87 | |
Registered User
Join Date: May 2023
Location: Norwich
Posts: 531
|
Quote:
|
|
23 August 2024, 10:17 | #88 | |
son of 68k
Join Date: Nov 2007
Location: Lyon / France
Age: 51
Posts: 5,391
|
Quote:
Nevertheless the situation is slightly different. Pushing updates all the time isn't exactly the same as an emergency fix. Was CrowdStrike update a security fix or did it contain a shitload of other things (especially that users didn't want) ? |
|
24 August 2024, 19:54 | #89 |
Registered User
Join Date: Jan 2019
Location: Germany
Posts: 3,505
|
The forum software is probably a bit outdated, but working. But what really annoys me is the forum structure, or the lack of it. There are too many subforums, and some seem to be quite pointless and should probably be retired. Do we really need:
support.WinFellow support.OtherUAE support.FS-UAE as independent top-level forums instead of just one (emulators of all kind). support.Games support.Demos support.Apps Why is this not just "software"? Why are here subforums required? support.Amiga Forever support.Amix Is this really popular enough to justify subforums? Why is "requests" a separate group of it itself? Wouldn't it be better to just host requests under the software or hardware forum where features are requested? Games images which need to be WHDified: Why is this a separate forum? Probably goes into a generic "games" forum? Why does "HOL" require an entire group? Would one be not be enough? Same for ARM. Why does a group "Projects" even exist, and what makes a "Project" important enough to appear here? Create a single entry "Projects", and there create a hierarchy, but there are even projects I never heard (or care about), but why does this take so much screen estate? This is hard to navigate. Create a hierarchy, put the projects there, and allow also other projects to appear there. I believe restructuring eab would be much more beneficial than updating the software. Cut the number of subforums down, seriously so. This would help a lot to navigate. |
24 August 2024, 20:59 | #90 | |||||
Global Moderator
Join Date: Jan 2004
Location: Oxford
Posts: 14,658
|
Quote:
Quote:
Quote:
Quote:
Quote:
I think you and I use EAB in quite a different way, I only browse the Forum front page when I want to post something, to work out where to post. I normally just log-in, click on "show unread posts", catch up and then mark everything read. |
|||||
24 August 2024, 22:40 | #91 | |||||
Registered User
Join Date: Jan 2019
Location: Germany
Posts: 3,505
|
Quote:
Quote:
Don't get me wrong. I'm not requesting one - but my point is that there are already too many "oh, this might be important" lines on the top level that I'm feeling lost, and yes, I believe "Emulation" is good enough to cover multiple emulators, and they are similar enough such that when reading through the topics, you might find relevant answers. Quote:
Quote:
Quote:
This said, I thank eab for the service, and I'm glad it exists, but that doesn't mean that it could not be improved by giving it a better structure. |
|||||
24 August 2024, 23:40 | #92 | |||||||
Global Moderator
Join Date: Jan 2004
Location: Oxford
Posts: 14,658
|
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Certainly couldn't hurt giving it a go. Last edited by alexh; 24 August 2024 at 23:45. |
|||||||
25 August 2024, 09:48 | #93 | |
Global Moderator
Join Date: Sep 2006
Location: Germany
Age: 46
Posts: 32,603
|
Quote:
Some inactive projects/subforums should be removed/archived/merged in my opinion. I'll ask RCK what he thinks about it and then it will take some time to decide on which ones will be affected. |
|
25 August 2024, 10:34 | #94 |
Registered User
Join Date: Dec 2019
Location: Ur, Atlantis
Posts: 2,209
|
I agree that the front page could do with a bit of reorganising. I also mostly just use "show unread posts" and seldom visit the front, but when I do and try to find something there, it can be somewhat confusing.
|
25 August 2024, 12:53 | #95 |
Ex nihilo nihil
Join Date: Oct 2017
Location: CH
Posts: 5,160
|
I would appreciate if the "OffTopic" sections (new posts) could be again accessed without the need of being logged in.
|
25 August 2024, 16:12 | #96 |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,964
|
The forum is OK as is, if you ask me, sans any direct incompatibilities with PHP8 assuming that's the intended upgrade path.
However, I would advocate hardening of the software. I've seen vb code before and it isn't pretty, so what I'd suggest: Do a permissions validation so that all the directories are locked down to just the appropriate user with just the minimum require permissions. Ensure there are some HTTP server mods to scrub out things like SQL injection. Make sure PHP configured to never output error information. Implementing an input screen. This is one that requires some bare minimum coding but the idea is pretty simple. You create an include file to be included at the head of each HTTP accessible page that a guest can access. This should define code that completely scrubs out the php superglobals except for a set you define just before including it. It should be a simple array structure that specifies the expected parameter name, which collection it is expected to arrive in (e.g. POST, GET, COOKIE, etc) and what it's basic data type/format requirements are. You will need to define that on a per page basis before inclusion. The screen will capture only those, empty the rest and reinject the captured values, having validated/sanitised them. I had to do something similar to this a long time ago for a crotchety old bespoke system that was apparently written by someone with no cognisance of good practise and there wasn't time to completely replace it. |
25 August 2024, 22:16 | #97 |
Registered User
Join Date: Sep 2008
Location: Sesimbra
Posts: 1,463
|
I like the forum as it is. It's simple to navigate, friendly to the eye and above all, works really well.
When I use other forum software, I don't feel as at home as working with vBulletin. |
25 August 2024, 22:22 | #98 |
Registered User
Join Date: Nov 2006
Location: Lincoln, UK
Posts: 622
|
I too like this forum, as old as it is. Its fast, simple to navigate, "mark forums read" is super quick (other forums i go to it takes forever to tell me "forums are now marked as read".) Its simple too. I hope it can stay as long as possible, but also see the need for security and updates just may not be possible after a while.
Maybe theres a modern vbulletin3 style alternative now? |
27 August 2024, 13:11 | #99 | |
Administrator
Join Date: Feb 2001
Location: Paris / France
Age: 46
Posts: 3,104
|
Quote:
Moreover the "Show Unread Posts" link is only working with one real account (to be able to know what your have already read). So EAB for guest have just one "Today's Posts" link, for all public forums |
|
Currently Active Users Viewing This Thread: 4 (0 members and 4 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Thoughts..? | Charlie | Retrogaming General Discussion | 4 | 21 April 2006 16:46 |
Some Thoughts | pgf | request.UAE Wishlist | 1 | 16 May 2005 08:55 |
My thoughts on RetroCoding... | Jim | project.CARE | 2 | 03 April 2004 09:54 |
|
|