not my programmers..:laugh: just a team of volunteers..:smile:
Take care.. We'll see you back here soon!!:smile:
Quote:
Originally Posted by DarkAngel
Printable View
not my programmers..:laugh: just a team of volunteers..:smile:
Take care.. We'll see you back here soon!!:smile:
Quote:
Originally Posted by DarkAngel
Don't wish to rain on your love-fest parade, but we who criticize are also a major positive influence for the good of these projects (despite getting bashed regularly - not just IE2).
I wish that free project "volunteers" truly understood this - all too often, the type of comments which commercial interests learn to tolerate (and seriously learn from) are scorned in these forums; to everyone's detriment IMHO.
Please - it is a forum (looking the word up on Google: a medium for open discussion or voicing of ideas) and as such, you do the project a disservice if you do not accept and learn from criticism.
I re-read the last few pages and saw no finger-pointing or insults - except from those who should know better.
That said, volunteers on this site do a good job, but that does not mean standards - of any kind - should be lowered.
And criticism is not an issue at all.. (never was) However the MANNER in which it's handled can be conducted without name calling and accusations.. Doesn't matter whether or not this is commercial software or not.. There's something to be said for HOW problems are presented or issues are brought to the table. In an open source environment it's especially important since all of the work here is done on a volunteer basis. no reason why issues cannot be presented in a constructive manner..
I simply posted my observations in a "medium for open discussion or voicing of ideas" of what I observed. It's called agreeing to disagree.. We are all after the same thing, but it's presumptuous to assume that not agreeing with someone is a lowering of standards or otherwise from anyone..
Quote:
Originally Posted by tpeck
Finger-pointing? Name-calling? Accusations? Insults? Are we referring to the same thread? Why do you write such things?
I can't find a shred of evidence for any of this.
I write such things, because just like you you expressed the opinion that "all too often, the type of comments which commercial interests learn to tolerate (and seriously learn from) are scorned in these forums; to everyone's detriment IMHO", what I wrote is MY opinion.. You clearly do not agree.. So again we will have to simply agree to disagree.. That should be okay right??Quote:
Originally Posted by tpeck
Attempting to address recent security concerns.
In my Linux development server, setting the images and the bmz_cache to 755 will not work, simply because "other", in this case PHP, is not allowed to write to those folders.
So I set them to 777 and happily type away.
When I'm done I FTP folders and files as is to the production server.
But when I look at the permissions in the production server they are set to 755 and they work!
How come?
Well, turns out that the production server runs PHP as FastCGI with Apache mod_suexec installed.
The server automatically changes permissions and lets the magic of the Apache configuration work.
Some excellent webhosts also run PHP with mod_suphp, which does pretty much the same thing.
As you may have surmised, in Unix/Linux jargon "su" stands for "superuser" or root.
These programs allow for the execution of scripts as the user, and the user is allowed to write (permission 7).
I don't need to install this on my development server for obvious reasons.
Just to be on top of the paranoia, DV has modified the file that created these folders with 777 permissions to 755.
If you guys use a development server (strongly recommended), please be aware of the issue, just chmod recursively those folders to 777 (if needs be) and fear not.
As DrByte explained, this issue is mostly the webhost's responsibility and not a flaw in IH2.
Sure enough, anything is hackable, given enough time a consumated hacker can break into any system.
The only way to be protected is to tighten your defenses and not be interesting, because hackers don't have time to spend into breaking into a site that is not interesting and has strong defenses, they will simply move on.
And this has been said by Rasmus Lerdorf, creator of PHP.
Look at the Bank of America example, do you think their folders were set to 777?
So, does IH2 make your site more vulnerable, even if in its original inception it set images and bmz_cache to 777?
Certainly not, not more vulnerable than any other mod, depending on the seriousness of your webhost.
Is 777 permissions a security issue?
It used to be, hardly any more.
So, what can we do with support tickets that declare that if folders are set to 777, there is a vulnerability?
Obviously the answer was given out of context, and since they are in electronic format cannot be used as toilet paper.
More info here:
http://www.suphp.org/Home.html
http://httpd.apache.org/docs/2.0//mod/mod_suexec.html
or simply Google these terms.
What is hilarious about all this is that this whole issue has been raised by a guy who:
1. Does not use IH2, so has never experienced a problem with it.
2. Thinks his comments are worthwhile, and wants to be thanked for his contribution.
Sorry to say, I cannot thank a potty-mouthed drunken hooligan for his worthless rants.
I have now to test the new /includes/modules/additional_images.php, otherwise DV will bite my ######.
I wrote to you personally to apologise for any offence I may have *unintentionally* caused with what I considered to be general comments. You seemed to accept and understand this.
A day later you are attacking me - and others I presume - and, although I don't take offence easily, this time *I* am offended, your opinions notwithstanding.
If you don't understand why, there's little I can do to change that.
I thank you for your help and effort helping me with my IH2 problems, but at present I won't be recommending it to others until the filenaming issue is either eliminated or flagged, and - at the very least - our concerns are treated with more respect.
If this was a commercial project you would be receiving a great deal more flak than you have been getting, and you wouldn't be expecting us to help fix things either - nor would you be able to respond offensively as you have done.
We are all volunteers here and to suggest - no state - that our responses (the ones that you dislike) are less than helpful, even though we also put in many hours of work to help solve issues which other software dealt with last century, well, it's plain wrong.
Sorry, I don't agree to disagree, I'm just offended.
Sorry to hear that you are so easily offended, maybe you should get a tougher skin when posting in a forum?Quote:
Originally Posted by tpeck
File naming has been addressed thousands of times in this thread, and we cannot put everything in the readme, people don't read it, short as it is.
If you recommend IH2 or not, is of no concern to me (not speaking for anybody else).
I only care if it works for me, and believe me it does.
Easily offended?
You mean it's OK for a poster to accuse another of finger-pointing, name-calling, accusations and being insulting, but it's not OK to be offended by this? Why not check out the rules of just about all forums in existence including this one?
Perhaps you are right; someone who posts as you do is unlikely to understand (potty-mouthed? Where?)
What complete balderdash.Quote:
we cannot put everything in the readme, people don't read it, short as it is
So I've heard back from all but only 2 testers.. Based on this I will plan for this weekend to submit the new IH2 code to the downloads section.
FYI, we are going to make some quick checks to make sure we account for 1.3.9e compatibility. Most notably (as was pointed out a day back) the changes in the includes/modules/YOUR_TEMPLATE/additional_images.php file. So far even without the 1.3.9e changes, the Rev8c package still works on a 1.3.9e site..