Sciencemadness Discussion Board - Brief downtime, soon, for another upgrade


	Not logged in [Login ]

FAQ

Member List

Today's Posts Forum Stats

Stats

Back to:

Sciencemadness Discussion Board » Non-science » Forum Matters » Brief downtime, soon, for another upgrade

Printable Version

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 25-3-2007 at 21:22

Brief downtime, soon, for another upgrade

Security holes have been found in XMB, again, and a new version has been released to counter them. I will briefly take the board down some time in the next 24 hours to perform the upgrade. After the last incident, I don't particularly want to be tardy about security fixes.

PGP Key and corresponding e-mail address

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 26-3-2007 at 22:04

OK, not 24 hours. Real-life work has kept me too busy. Soon, though.

PGP Key and corresponding e-mail address

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 31-3-2007 at 12:38

The upgrade has been completed. You may have noticed some problems earlier with the board while I took it offline to upgrade and then restore settings. Let me know if you spot any problems.

PGP Key and corresponding e-mail address

12AX7

Post Harlot

Posts: 4803
Registered: 8-3-2005
Location: oscillating
Member Is Offline

Mood: informative

posted on 31-3-2007 at 12:45

Excellent. Smileys and buttons changed though. :rolleyes: <-- And still no rolleyes!

Seven Transistor Labs LLC http://seventransistorlabs.com/
Electronic Design, from Concept to Layout.
Need engineering assistance? Drop me a message!

Levi

Hazard to Others

Posts: 196
Registered: 24-1-2007
Member Is Offline

Mood: No Mood

posted on 31-3-2007 at 12:55

Why does whimsy remain hidden until you log in? If it's not intentional (or too much of a bother to change) would you consider changing it back to being visible to offline users?

P.S.

:mad:

<--- this is supposed to be mad? ' looks constipated to me...

Chemcrime does not entail death. Chemcrime is death.

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 31-3-2007 at 16:13

I forgot to change smilies, as I always need to, because they were cached in my browser. Levi, Whimsy was always supposed to be hidden from outsiders -- it must not have been until recently that the XMB code implementing that feature worked correctly.

The idea is that people should be lured here only by what appears in the open forums, not by what they might be able to access in the closed forums.

PGP Key and corresponding e-mail address

quicksilver

International Hazard

Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline

Mood: ~-=SWINGS=-~

posted on 31-3-2007 at 17:50

Are the folks who developed XMB supportive or are you pretty much left to your own devices to work out the various issues? The reason I ask is that I support a veteran's website and was asked to check into a feature that was provided by CPanel but would be better served by a standalone completed discussion board like this one. We have some money to sink into it if it's not too expensive -AND they provide some support with the issues experienced by new users, etc.

franklyn

International Hazard

Posts: 3026
Registered: 30-5-2006
Location: Da Big Apple
Member Is Offline

Mood: No Mood

posted on 31-3-2007 at 18:46

I attempt to log out but this does not occur.
I close all windows then enter www.sciencemadness.org but I am still logged in.
I now close the browser also and then enter www.sciencemadness.org again.
The page now indicates I have logged out. But have I ?
This only occurs after I purge the cookies,
the list of members online still indicates my username.
If I now login once again I experience the same result.

This is not a problem for me but it is a glitch in the current setup

.

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 31-3-2007 at 20:16

I've never tried commercial support for this board software, though I think it does exist. If I were starting the site today I don't think I would try to use XMB; it's suffered from a lot of security problems as well as miscellaneous other bugs. Of course a lot of forum software is buggy, so I'm not sure what I would suggest as a secure and non-buggy choice.

Franklyn, the bug you experienced appears to affect me too. Add another issue to the towering pile of known XMB problems.

PGP Key and corresponding e-mail address

quicksilver

International Hazard

Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline

Mood: ~-=SWINGS=-~

posted on 1-4-2007 at 06:15

The fact that you have found a whole shit-load of problems does not bode well for their future sales.... Does XMB have any competitors worth looking at? (I have access to a super high speed T3 line and could find a torrent of just about anything for evaluation.) If you could try another product, do you have one in mind?

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 1-4-2007 at 10:31

No, I don't know what package I would want to try. Every so often I look to see if there's anything good available based on Ruby or Python, since those are languages that would make it comfortable for me to read and modify the program source. For reasons that aren't entirely clear to me, every PHP-based piece of software seems to encounter a bargeload of security problems. Other web-based software has security problems too, because writing secure code is hard, but PHP seems to attract or create the worst offenders.

I know that leu once recommended a particular forum package to me as being more secure than others, but I can't recall what forum it was now. You might want to send him a U2U message to ask.

PGP Key and corresponding e-mail address

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 1-4-2007 at 11:39

Bugs update

It turns out that the logout problem was already reported to the XMB developer forums, and fixed. I've applied the fix to our system too, so logging out should work correctly now.

There is a U2U problem now where if you click "Reply" in the U2U message panel, or click on the U2U links at the bottom of a member's post or in their profile, the "Send to" field is left blank. This means that after composing your message and sending it, you will get a "Recipient does not exist" error and the message you just wrote will be lost too. I have reported the problem to the XMB developers, but until it is fixed, I imagine that many of us will lose U2U messages when we forget to compensate for the forum's bugs by manually filling in the recipient.

Thanks go to chemrox for bringing the U2U bug to my attention.

[Edited on 4-1-2007 by Polverone]

PGP Key and corresponding e-mail address

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 2-4-2007 at 20:21

The U2U bug has been fixed.

PGP Key and corresponding e-mail address

UnintentionalChaos

International Hazard

Posts: 1454
Registered: 9-12-2006
Location: Mars
Member Is Offline

Mood: Nucleophilic

posted on 3-4-2007 at 12:12

If you are on a computer that has not had the whimsy or refrences passwords typed in already and attempt to use the passwords, you get an error that says that that forum does not exist and it still won't let me into them afterward.

Department of Redundancy Department - Now with paperwork!

'In organic synthesis, we call decomposition products "crap", however this is not a IUPAC approved nomenclature.' -Nicodem

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 3-4-2007 at 17:41

Quote:

Originally posted by UnintentionalChaos
If you are on a computer that has not had the whimsy or refrences passwords typed in already and attempt to use the passwords, you get an error that says that that forum does not exist and it still won't let me into them afterward.

I've tried to reproduce this bug on a couple of machines , 4 different browsers, and http and https versions of the site. Logging in to the protected forums works fine in all cases. Can you try another machine? What OS and browser are you using?

PGP Key and corresponding e-mail address

UnintentionalChaos

International Hazard

Posts: 1454
Registered: 9-12-2006
Location: Mars
Member Is Offline

Mood: Nucleophilic

posted on 3-4-2007 at 22:21

It wasn't my personal computer and it wasn't a remotely new model. If it isn't reproducible on any current computers, it shouldn't be a major issue. I'm back on my regular computer now which has no problem getting into the password-protected forums.

Department of Redundancy Department - Now with paperwork!

'In organic synthesis, we call decomposition products "crap", however this is not a IUPAC approved nomenclature.' -Nicodem

Sciencemadness Discussion Board » Non-science » Forum Matters » Brief downtime, soon, for another upgrade