State of the forum(s) + changelog

[Christopher]

Google listing is nox fixed. Woohoo! :happy:

Anyway, I made some changes to the Sosumi template, but I'm still tweaking a bit. Bear with me.

Most important changes: search for new posts has been added to the overall header, and there is finally a division line between the post subject/post time/online/quote etc. Still kinda tweaking this for optimal look.

I also put that pesky jumpbox in a keen place.

Additionally, the board has been upgraded to phpbb 2.0.11; please report any bugs here.

[Christopher]

I have altered things with the Sosumi template in a keen fashion and I'm very content with my efforts. Because of such, we are now on the third revision of this template, and perhaps the last. There are dynamic differences between being logged in and out, and the forum overall has a mature feel because of such. I highly suggest that if you haven't seen it in a while, that you switch to the Sosumi template for a day to see what I'm referring to.

Nonetheless, I just want to note a very important feature that was taken off the index, "Search for new posts since your last visit" was MOVED to the overall header, and is the [new] next to the Search. I hope that this will make the board's functionality easier for all and a change that will be easy to get used to. I would love to hear comments, complaints, etc to make your experience better overall.

[Christopher]

We're now at Sosumi v. 4, and please read this:

http://forums.minidisc.org/viewtopic.php?p=35507

[Christopher]

I got rid of the users of the day modification because I'm trying to fix the Google issue once and for all. This should be the last time I have to deal with this and ALL of the topics within the forum should be spidered by the end of tomorrow [hopefully].

Anyway, I broke the profiles, bear with me whilst I try and fix it. It'll probably be fixed by tomorrow evening, EST.

[Christopher]

Profiles are still broken. Sorry! I will try and get this fixed as soon as possible.

Anyway, I think we're finally in the clear with google. Hopefully this will mean many more hits for the forum.

Additionally, I restructured the forum a bit. I hope it's acceptable and not confusing. :happy:

[Christopher]

Profiles are still not working. Sorry!

Anyway, I've added a little wintery theme to Sosumi, please refresh a few times to allow this change.

SubTrail users: I will be working on this template very soon and making it up to speed with the numerous changes I've made with Sosumi.

[Christopher]

Some new smilies:

:whistle: :peace: :spite: :shock: :welcome: :thumbsup2: :cry: :elitist: :rasp2:

Just click on "View more Emoticons" when posting a reply [i will look into finding a way to make this work with quick reply]

[jadeclaw]

Excellent!

Geil! I can view my profile! :thumbsup2:

[Christopher]

You can view your profile?

[atrain]

i can't view any profile. no detective work for me then

[jadeclaw]

You can view your profile?

Now I can't. [19.12.2004 - 16:01 MEZ]

:cry:

No, wait!

If I click on the profile button in my post, I get a blank.

If I click the 'Profile' - button at the top of the whole page,

I do get my profile and can change it.

:wacky:

[Christopher]

Right - it's still broken, but it's not that high on my priority list to be honest. In fact, the only major thing I have left to do here is update SubTrail a little bit and probably never tweak with anything again [aside from interface/software upgrades]. Not all of you are as keen on the progress we've made since I started here except the few that have been here for a long time. jadeclaw can most certainly understand how much development I've done in regards to speed and popularity.

Of course, if anyone has requests or input, I'd love to hear it.

[Christopher]

subTrail users, you are being forced to use Sosumi template until I am done with tweaking subTrail. Thank you for your patience.

[Christopher]

Welcome Nismo96 to the moderation team. I have let a few people go, and I have one more person in mind. We shall see, however.

[Fat Tires]

Thanks for the welcome. I look forward to continuing to serve the MD community here at the MDCF.

[Christopher]

The forum was shut down today because of an exploit that could've hurt the whole site [minidisc.org] and destroyed a considerable amount of content.

After a few oddities, the forum and website is now running the latest version of PHP, Apache and MySQL. Please report any bugs.

And..the profiles are working. Okay, this is where I wanted to be. Yaaaay, this forum is uber.

[iceeedtea]

Netcraft confirms it: Apache/1.3.33 (Unix) PHP/4.3.10. /ducks

More info:

PHP Vulnerabilities Announced

Net Worm Uses Google to Spread

Advisory: Multiple vulnerabilities within PHP 4/5

Any reason for not using Apache/2.0.52 | PHP/5.0.3, even though the PHP Community does not recommend it? Before you complain that phpBB doesn't work with PHP5, *cough*. Try it in a sandbox install on your home Linux box before you do anything stupid. Bleeding-edge systems, baby, bleeding edge.

By the way, you might want to suggest to Eric to use an OS that has had "Only one remote hole in the default install, in more than 8 years" instead of something that has "The Power To Serve". Rock-solid servers, baby, rock solid.

In fact, why don't you us#$$%*Fnfas@*%

+++ATH

NO CARRIER

[Christopher]

Happy Holidays, Andrew; I hope that all has been well since I've spoken to you last.

[iceeedtea]

You still didn't answer my queries. It's like an unstable version of MySQL database on a production server gone bad! :whatever:

"Bah, Humbug!" to you too.

/ducks

[Christopher]

Heh, you know how it is here, I'm content with what we got. Definitely a Christmas present for sure, after some tweaks it'll be interesting to see what this old gal is really capable of. We're probably going to serve more than 14 million page views this month. Astounding.

btw, Athlon 64 + Linux; not bad, not bad. :grin:

[iceeedtea]

My first generation Blueberry iBook G3 has more power than that. My modified Performa 6300CD from the mid-90s has more disk space than that. And my....

And you might as well be using an Itanic at home for all I care, considering that you likely run it with this, thus negating all benefits coming from this.

And that's the end of that.

[skyther]

Yawn.

ifyourenotbeingconstructiveplsstfuandbragelsewherekthxbai.

[iceeedtea]

It's amazing how some people can't sense sarcasm and banter when they read it.

ifyourenotbeingconstructiveplsstfuandbragelsewherekthxbai.

likroflollercoasteromgwtfbbqjootalkingboutboiwhydontjoostfuandgomakelovewithyouripodandlearntostfukthxbai. :smile:

[skyther]

Iceeedtea you're just a small fry so please don't call me 'boi', kthx. Amazing how little kids nowadays can't tell who's in authority... =)

So long, farewell, Auf wiedersehn, adieu... cya mate.

p.s. It's good to see you back again. I can see that it's taken this long for you to return as you've probably been compiling in Gentoo all this while.

[jadeclaw]

@kurisu: As the Heise-Newsticker reports, a new version of the Santy-worm is active.

Since Google blocks all searches specific to that worm, it now uses Yahoo instead.

So, expect atleast a higher load over christmas.

@to all: Merry Christmas!

[Christopher]

Hey, as long as the bugger clicks on ads I'll be okay..:grin:

Merry Christmas jade, hope all is well for you this eve.

[Christopher]

The forum has been extremely slow today and was pretty much incapable of serving visitors yesterday as it's getting SLAMMED by this worm. We're not getting hacked or anything, but there are so many variants attacking that our little server can't handle the high load. I apologize for this, but it's out of my control.

[jadeclaw]

The actual worm is now probing for security holes in php-scripts in general,

especially for unfiltered $_GET and $_POST-variables going into include and system commands...

If interested, one worm source is here: http://civa.org/pdf/

The sources are in pv and in the ssh directory.

One of the scripts has an unfiltered variable going in, allowing to inject code for uploading.

Try this: http://civa.org/gallery.php?show=../pdf/

Yep, that's the same directory. :shock:

And the worst thing: The owner of the site is playing dead duck and doesn't react on e-mails...

[Christopher]

I can only hope that this constant swarm of hits will end soon, as it has made minidisc.org and these forums nearly impossible to reach at times. It seems to have lessened in severity, but only highlights the limitations of this server. I'll be discussing with Eric server upgrades [hopeuflly] that will occur sometime in '05.

[jadeclaw]

civa.org has now removed the worm sources, the security hole is still there.

Seeing the load and sluggishness of the server, plus today's database problems,

a dual AMD64 opteron ist the way to go... :grin:

[Christopher]

To put it lightly, we got hit by a Tsunami here at the forums. It's hard to tell where the problem originated from, but initally the whole forum was delivering blank web pages. This is not good.

Daijoubu and I walked through some things and it seems to have originated from the Catagories Hiearchy mod. This is the modification that allows one to have subforums. As you can see, some of the subforums are lost. The only backup I had was on a USB thumbdrive, which was destroyed a few days ago in the wash. The prior backup I have is approaching a year old and is pretty worthless. I was able to grab a significant chunk of the missing threads from Google's cache, but things here have certainly taken a considerable blow. Only the subforums were affected, not the main ones.

Anyway, the forum is back up now, and seems a decent speed, but there's alot of work to be done and I'm glad that the forum is here for the most part. Bear with me and I'll get this place back to normal.

[jadeclaw]

Hmm, the only useable backup on a usb-stick in the washing machine?

Not to step on your toes, but I think, it is time for a backup strategy.

Mine would be a daily snapshot of the database, keeping these for 15 days, plus one per month for a year, if something legal pops up.

[Christopher]

That's basically what I'd done, but the loss of usb thumbdrive was totally unexpected. I'm tired of this server, I'm seriously considering moving to a different one aside from this one that's shared with minidisc.org.

Additionally, all backups will be on my Hi-MD + hard drive - those will never be near the wash.

p.s. Don't worry, I was able to save alot of stuff.

[Christopher]

Okay, after some talks with the webmaster it looks like we're getting a server upgrade soon. ETA: Jan '05.

Anyway, looks like we may also change from phpbb to Invision Power Board or vBulletin. I am very excited about this, and I hope you guys are too.

[jadeclaw]

Good news, I say.

However, I'm not that convinced, that changing the Forum software is such a good idea.

First, the money, Invision takes 200 bucks, vBulletin shorts you by 160...

And speaking of software glitches, they both had them too:

Invision: http://www.k-otik.com/exploits/20041122.r57ipb.pl.php

And vBulletin had for the previous version also an update out:

http://www.vbulletin.com/forum/showthread.php?t=24116.

But such things are normal for any software project of this size.

Took a look at both of them, Invision is more to my taste, functionwise.

On the other paw, you are experienced in phpBB's internals.

Plus, we would have all to sign up again...

[Christopher]

I have decided IPB before I read this, so I'm glad you like my choice.

Anywho, a child could retool phpbb as I have. It is not very difficult - in fact, it's almost elementary. That's one of the main reasons I am dissatisfied with phpbb. The santy worm is a powerful reminder of the dangerous side effects of GPL'd software. Never again. We must've recieved more than a million page requests per day for a short stint there. This would not have happened with closed source bulletin board software. Yes, the vulnerbilities are there too, but the code for IPB or even vB is much more robust and not susceptible to such silly things.

Plus, the forum is growing by leaps and bounds. phpbb does not preform well unless you tweak incessantly and in my honest opinion, it's not worth it. With IPB, I'll be truly scaleable without having an anuerysm. Plus..the features that IPB will bring, and this new server. I am going to have an album for all of us to share live recordings, maybe pictures and whatever else.

p.s. All posts, user names and etc will be easily converted to IPB. Nothing will be lost.

:happy:

[jadeclaw]

The santy worm is a powerful reminder of the dangerous side effects of GPL'd software.

Is it possible, that you spend the last few years in Hibernation?

You obviously missed not only the link, I've included,

no, you obviously forgot about SQL-Slammer, Nimda and numerous other vermin as well, that plagued proprietary software.

I do not say, that the GPL is a mark of quality in itself, but the security risks are far lower, when using GPL and other open source software.

And my experience with open source is, that fixes come much faster than by any proprietary software vendor.

Oh, and speaking of Santy, that fix was available in mid-November,

publicly displayed on the phpBB main site, anyone using phpBB, who has not updated is self responsible for the trouble, that followed.

[Christopher]

Jade, you know I have always kept the forum up to date with the latest version of phpbb.

Allow me to reword what I said; "The santy worm is a powerful reminder of the dangerous side effects of GPL'd software in a website enviroment serving millions of hits per month. Susceptibilites in forum software, espesically using Google and such as the key when the forum has more than 10k topics spidered is extremely dangerous. IPB's response [in the highly doubtful hypothetical situation that this whole mess would've occured in the first place as their code is extremely robust] to this matter would have come steadfast and would have nullified the problem. I would have come to them for support on the issue at hand, and they would have a level tech spend time with me and help me find a way to counteract this in all aspects. phpbb would've said, "You should've patched." I did patch way back in Nov, but that doesn't stop the site from getting slammed. There was little help from phpbb about apache strings and modifications that could be employed to stop the huge amount of hits we were recieving. This is why you get what you pay for. Well, this forum has nearly matured to four million page views per month - it's time to get serious about the backend and the content management here."

[jadeclaw]

Jade, you know I have always kept the forum up to date with the latest version of phpbb.

I never claimed otherwise.

Allow me to reword what I said; "The santy worm is a powerful reminder of the dangerous side effects of GPL'd software in a website enviroment serving millions of hits per month.

In other words, these guys are completely dumb by offering GPLed software for mission critical environments.

Susceptibilites in forum software, espesically using Google and such as the key when the forum has more than 10k topics spidered is extremely dangerous.

First, a forum shouldn't be spidered. Never heard of robots.txt?. Or placing somethin like this into the template?:

<meta name="robots" content="noindex,nofollow">

Almost all spiders adhere to that. Including Google.

IPB's response [in the highly doubtful hypothetical situation that this whole mess would've occured in the first place as their code is extremely robust] to this matter would have come steadfast and would have nullified the problem.

Possibly not. Why? Sure, they would have out a patch as quickly as the phpBB guys. But when Administrators don't patch, then the worm finds enough places to live in and grow. And it doesn't matter, if the forum is GPLed or not. If there is a hole and the patches offered are ignored, then desaster will struck. And the last version not even targeted phpBB as such, but instead was looking for common errors and oversights anyone could avoid with a little bit of thinking.

I would have come to them for support on the issue at hand, and they would have a level tech spend time with me and help me find a way to counteract this in all aspects.

Sure? You do know, that techsupport is expensive? The 200 bucks you just payed for the software is just good for a few hours of that support, after that, Invision makes a loss on you...

phpbb would've said, "You should've patched." I did patch way back in Nov, but that doesn't stop the site from getting slammed.

See my note about the Meta-tag above. It keeps Searchengines out. And therefore searchengine based worms as well.

And if IBP had a similar hole, as soon a fix is out, you would get the same response: "Patch it please."

Paying for software doesn't relieve you from the responsibility to keep it up to date on the security side. And that means: Patching! :grin:

There was little help from phpbb about apache strings and modifications that could be employed to stop the huge amount of hits we were recieving.

Plain and frankly, it is not their job. If you need to know about server rewrite rules, Apache.org is your friend.

This is why you get what you pay for. Well, this forum has nearly matured to four million page views per month

Which is not a problem for phpBB. And in fact, it has kept up quite well, despite the limited server power.

- it's time to get serious about the backend and the content management here."

Definitely. But claiming, that GPLed software in general is to blame, is quite a bit off the mark...

[Christopher]

Jade, a line by line dissection of my words? I'm honored. I won't reply, but just know that my summations were an intelligent way of saying, "I am sick of phpBB."

Regardless, the forum has been converted from phpBB to Invision Power Board 2.0.3. We will never run phpBB again. *throws last piece of dirt over the grave* This new system and interface has flexibility that is nearly unparalleled. I am very excited about how smooth the transition was, and I hope that with a little time we'll all come to love this place as we did the last version of the Minidisc Community Forums.

Things are still in a massive beta at the moment, so please report any bugs. I see one already jadeclaw - it has to do with your avatar. I will look into why that occured.

Updates to the forum and templates will come gradually. Bear with me whilst I move in.