Suggestions for Forum Improvement

What features/apps/bugfixes needed in a future Puppy
Message
Author
User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#331 Post by russoodle »

Smells like an account-hacking job to me :? :twisted:

I PM'd aarf about it but i guess if his account is frozen, he wouldn't have received the message....i've had to delete his account from my server, for obvious security reasons, (as has Smokey01), but his directory contents are intact and still accessible.

I'm sorry for him that this has happened, as i don't believe he's the culprit at all and, in spite of his sometimes (imo) peculiar posts, we have lost a valuable contributor :(
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

Dewbie

#332 Post by Dewbie »

Has anyone ever figured out why stu90 and bugman's forum accounts were broken?
They had to re-register with different member names (stu91 and bugman-2.0).

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#333 Post by nooby »

If aarf is active on Raffy forum we can talk to him there
and what russoodle and Dewbie take up show that it can be
worthy to do it? in case it is something else going on.

Flash do you still ahve the logs so you can see if the IP
for the one that deleted aarf texts are the same IP range
as aarf use for to post in our forum?

At Raffy forum we did have someone that tried to pose
as other users and also tried to guess our log in to take over
our accounts. Maybe Raffy can share what IP ranges that person used?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#334 Post by 01micko »

aarf has been actively posting on Barry's Blog since the last 14 hours.

Kinda miss his (is aarf a 'him?') often dry sarcastic and often informative posts.

Hope the situation is resolved one way or another. Perhaps a review of forum (server side) security is in order?
Puppy Linux Blog - contact me for access

gcmartin

#335 Post by gcmartin »

Our forum, though extremely functional, is really kinda behind the times.

That is NOT to say or suggest that a newer version wouldn't have presented the same kind of target, but, often times, vendors make positive changes to reduce the attack surface and holes that exist.

Maybe its time to review if this forum can achieve an upgrade that would make it not only easier to achieve certains, but also to expand its functionality to the community.

Just thoughts to consider.

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#336 Post by Q5sys »

gcmartin wrote:Our forum, though extremely functional, is really kinda behind the times.

That is NOT to say or suggest that a newer version wouldn't have presented the same kind of target, but, often times, vendors make positive changes to reduce the attack surface and holes that exist.

Maybe its time to review if this forum can achieve an upgrade that would make it not only easier to achieve certains, but also to expand its functionality to the community.

Just thoughts to consider.
Here is the problem. Doing so takes time. And from what I've gathered in my sporatic talks with John... he simply doesnt have it. He hasnt had time in the past month to add a 64 bit forum. If he doesnt have the time to create new forums which would take around 10 minutes, you can be sure he doesnt have time to backup the dbase, install a new forum, import the dbase; and then work with trying to smooth over any issues that come from upgrading from a phpbb2 to phpbb3 forum.
Then of course he'd have the constant task of upgrading the phpbb3 forum everytime a new release comes out (which is every few months).
If he doesnt have time, the only way this would get done is if he would appoint another admin to do it for him. And I can completely understand why he might not want to do that.

I commend the John and the Mods (flash, ian, barry), for all the work they have done and that they have a hands off approach at letting us do our own thing; but it would be nice if there was a bit more pro-active progress going on. But I realize that with the sheer size of this forum, its hard to do that with just two people managing it (John and Flash)

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#337 Post by Flash »

There are a few things about the forum that could be improved from my point of view, but whatever kind of forum software is used, preventing spam would require a policy change that would make the forum less inviting for newcomers, or would require mod and admins to do more work. So far, despite the clunky old forum software, It hasn't been too much trouble to keep up with the worst the spammers have thrown at us, due to the help of members like Makoto ( a few days ago a spammer posted something like 56 spam messages while I was asleep!). The worst attack on the forum that I've had to deal with did not come from a spammer but from some kid who had nothing better to do than try to vandalize the forum. :?

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#338 Post by Q5sys »

Flash wrote:There are a few things about the forum that could be improved from my point of view, but whatever kind of forum software is used, preventing spam would require a policy change that would make the forum less inviting for newcomers, or would require mod and admins to do more work. So far, despite the clunky old forum software, It hasn't been too much trouble to keep up with the worst the spammers have thrown at us, due to the help of members like Makoto ( a few days ago a spammer posted something like 56 spam messages while I was asleep!). The worst attack on the forum that I've had to deal with did not come from a spammer but from some kid who had nothing better to do than try to vandalize the forum. :?
There are some pretty simple and elegant anti-spam solutions for phpbb3, but yea they do require some initial setup time/effort. And no anti-spam solution will work against a real person sitting at their computer wanting to get in and post nonsense.
Spam is less my concern honestly. Not knowing the exact version thats running, I wonder if some of the exploits that are available have been patched for. I realize we are a low target, but as the past has shown, this forum does have people out there that want it to fail. I dont put anything past those people to try to 'defeat' this forum as they have stated is their goal. It's the intentional attack from certain people that worry me.

BTW Flash, you do a great job dealing with the spammers when they do get in. :)

gcmartin

#339 Post by gcmartin »

Is 2013 the year to bring the forum backbone modernization forward? If so, can a small team organize to accomplish the necessary items to reasonably achieve this without taxing a single individual with this upgrade task.

In an effort to achieve such, it would mean that a Shadow (really a test site) be setup where the latest version can be installed providing a home for the movement/conversion of the DB to its new home.

Then some concerted testing to review that the checks and balances are in place.

And finally a site exchange or index movement to the newest after initial tests and shakedown is completed.

Can this be done in a team effort? I have never set up a forum, but believe that for those who understand its structure and have a reasonable understanding of the product, this can be accomplished such that it mimics what we already have and addresses @Flash and other moderator needs.

Is this reasonable? If so, I volunteer to assist in whatever way I can.

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#340 Post by Smithy »

Can I respectfully suggest that you don't start adding lots of java and javascript c**p, cookies and flash things.

This is my fave site on t'internet for ease of use (bam..you're logged in!).
The next easiest is rockbox.org
The worst seem to be those airline booking sites, I bet they do that to make you phone them at premium prices, or they employ some real ***ks who think it needs to be glam, it's not clever and they should keep it simple.

If a site is built as a big flash page I just ignore it, and my goodness there are many of those sites that are barely navigable, anyone remember that big piece of rubbish myspace?

Rant over, java turned temporarily on to allow... :mrgreen: :wink:

gcmartin

#341 Post by gcmartin »

Not sure where that came from, but, what I think will happen is the contributors will put forth the best Forum that benefits this community such that any user can see and access the forum no matter what OS/browser they are running.

Same as we've always had.

No offense to anyone's views. I think the focus will be on simplicity, usability and user forum functionality. ... I think.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#342 Post by Flash »

It will be if I have any say. :)

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#343 Post by Q5sys »

gcmartin wrote:Is 2013 the year to bring the forum backbone modernization forward? If so, can a small team organize to accomplish the necessary items to reasonably achieve this without taxing a single individual with this upgrade task.

In an effort to achieve such, it would mean that a Shadow (really a test site) be setup where the latest version can be installed providing a home for the movement/conversion of the DB to its new home.

Then some concerted testing to review that the checks and balances are in place.

And finally a site exchange or index movement to the newest after initial tests and shakedown is completed.

Can this be done in a team effort? I have never set up a forum, but believe that for those who understand its structure and have a reasonable understanding of the product, this can be accomplished such that it mimics what we already have and addresses @Flash and other moderator needs.

Is this reasonable? If so, I volunteer to assist in whatever way I can.
gcmartin,
Since you admit to never having set up a forum before, I'll try to explain this as clearly as possible so that there isnt any misunderstanding. (hopefully everyone will understand this as well).
I've both set up, admin'd, and mod'd Phpbb2 and phpbb3 forums before, as well as migrated a phpbb3 forum over to bbpress. So I've spent some time working with all the aspects of forum development.

Setting up a forum is really a single man job. It isnt the sort of thing that you can section off jobs to other people. Taking a vanilla software forum package and installing it, is simple enough, but then in order to set the forum up for certain functionality and features... custom editing the php pages and installing modules have to be done in sequence. Its not as if I can say "Person A: go install Module X" and "Person B: go install Module Y" Because once you install module X, that may completely change how Module Y needs to be installed. Same goes for when you are doing custom edits of the Php pages. Once you start changing things... every modification that follows must take into account all the changes that were done before. Its not like setting up a computer where you can install software in any order and it'll work.
So sadly its not the soft of work that can be shared among people. Once the forum is set up, doing the mod work can be shared, but the admin functions of the site, are pretty much single man jobs. You can have two forum admin who are active in tweaking things after the site is set up, but they have to have VERY GOOD communication skills. And honestly, usually its just less complicated for one person to do it all.
The problem is the time element. Since all the admin work falls on one person, it gets done when they have time.

And that's all with the perspective of setting up a fresh new site with no users.
Migrating one site to another can be a complete nightmare. Thankfully going from phpbb2 to phpbb3 (for example) isnt super complicated, but doing other migrations like phpbb2 to bbpress, can be fraught with problems.

Obviously all testing would be done on a test site, that can be poked and prodded so the official site wouldn't have to deal with down time... But that testing phase could take anywhere from a few days (very rare), to months. It all depends on how much time the Admin has to work on it. Now if the community was willing to cough up a few grand to hire a web-development company to do the switch... then it can be done faster. But as we are all volunteers, it'll get done when it gets done.

There have been people in the past that have complained about the slow nature of progress. I dont think anyone right now is in that crowd, but what it takes to mirgate an existing site with 20k users and over 600,000 posts is immense. And I dont think most average users have any conception of what it takes. The DB conversion alone would probably take over a day, depending on the hardware of the server its sitting on, and how many other sites are running on it.

I can't speak for John directly, but I think if it were possible to have a team of people do the work for him, he'd probably relish the opportunity to have other people to the work under his watchful eye; but thats not really possible. And so, we all have to wait until he has the time to focus on it.

We have this place by his generosity, let's all keep in mind that running this server is not his job, and like everyone else he has other things going on that may require his time and attention.
The fact that this community has had such a stable forum for so long is something to be proud of. I'm sure when we do have some progress, it'll be worth the wait.

gcmartin

#344 Post by gcmartin »

Dont know if this would help @JohnMurga or others, but I Google'd "Phpbb2 and phpbb3 migration" and found some topics that might apply to a migration here, should one be undertaken.

One such explanation is here, where it appears that one person on their BB system accomplished a migration by following the product's guide. They also offer a suggestion to shorten the time in migration.

That's merely one approach and it may not be useful in this forum's case. But, if it helps that experience may prove useful.

And, thanks @Q5sys for your practical and thoughtful experience in doing this sort of thing. All of this can help, both, the understanding and assist in a planned approach to objective should it be undertaken.

Here to help

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#345 Post by Q5sys »

gcmartin wrote:Dont know if this would help @JohnMurga or others, but I Google'd "Phpbb2 and phpbb3 migration" and found some topics that might apply to a migration here, should one be undertaken.

One such explanation is here, where it appears that one person on their BB system accomplished a migration by following the product's guide. They also offer a suggestion to shorten the time in migration.

That's merely one approach and it may not be useful in this forum's case. But, if it helps that experience may prove useful.

And, thanks @Q5sys for your practical and thoughtful experience in doing this sort of thing. All of this can help, both, the understanding and assist in a planned approach to objective should it be undertaken.

Here to help
actually I can tell you right now that wont work, there were some rather large changes with phpbb 3.0.6 up through the current 3.0.11 release, which mean the conversion isnt necessarily super easy. That one is very specific that its between two specific versions. I dont know what subversion of v2 we are using, so that'd play a big role in it as well. Also, doing a 'conversion' is not the same as doing an 'upgrade'. Conversion gives you a copy of your phpbb2 forum within phpbb3, but from my understanding you dont have access to all the new features in phpbb3. In order to do an eaiser switch, you sacrifice some of the newer fancy stuff.
Which means that most prebuilt modules for phpbb3 most likely arent going to work without custom editing. So what time you may save during the conversion will come back and cause even more work later as you try to develop forward.

When doing a conversion/upgrade of a forum of this size, simple one size fits all solutions that are put out by developers, wont work 99% of the time. Those single click upgrades, are good for vanilla sites with usually less than 1000 members. Beyond that and things go bad. I've seen databases be completely corrupted by trying to use some of the automatic conversion scripts out there.

If doing all this were easy and simple, it'd probably would have already been done.
I look forward to when all this can be done, in the mean time we will continue to press forward with puppy.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#346 Post by bark_bark_bark »

Does JohnMurga even have decent php version to even run 3.0.11
....

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#347 Post by Q5sys »

bark_bark_bark wrote:Does JohnMurga even have decent php version to even run 3.0.11
Only he knows. No one else that im aware of knows anything about the server config. And I'm not about to launch exploit scripts at the forum/server to find out what version he's using.

gcmartin

#348 Post by gcmartin »

@Q5sys, I don't think anyone has suggested that we step beyond JohnMurga's work, currently.

I glean that this thread is discussing Forum improvements in a way as to view methods of moving the forum from its current release to a version that brings added functionality to forum use.

This includes ideas on personnel approaches, product information availability, ideas of methods of accomplishing build and testing, etc.

You and others are being very helpful with ideas and experiences to consider.

I view this thread as providing insights which will be useful should a forum change occurs by providing helpful info and hints to accomplish it in a safe and easy manner.

I not taking issue, but, I think that is, simply, all thats being shared thus far.

Any ideas that we bring to bear could be helpful to John.

simargl

#349 Post by simargl »

.
Last edited by simargl on Sun 01 Sep 2013, 14:37, edited 1 time in total.

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#350 Post by Q5sys »

simargl wrote:It would be nice to have chat box feature like it's provided in Porteus http://forum.porteus.org/
Then, people could get answers more quickly...
Wouldn't it just make more sense to have a page that has an applet that can let people log into the official puppy chatroom on freenode?
I've seen several sites with php based irc clients that allow people to connect to an irc chatroom.

Since we already have a chat system in place I think it makes more sense to just use that one instead of creating another place for people to check.
Great idea for a 'chat' area.

Post Reply