| Pages: 1 2 3 :: [one page] |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Nypheas Azurai
   |
Posted - 2011.04.10 00:32:00 -
[1]
CCP it's not hard really. Your forums aren't doing anything complex, they just query a database of posts, present information and maybe query the image server for the avatar. I don't understand how something so simple can be made so complex. Ease-of-use, user interface, robustness, security? Just please use phpBB or a well-known forum package. Clearly in-house isn't working for you, and phpBB version 3.0 is more robust and secure than anything that might get published and patched and re-patched 3 months. Hire a php developer to create any mods needed to tie into EVE gate. I'm sure you can find people here to do it for free, we are that concerned about the state of the forums.
|
Miilla
Minmatar
Hulkageddon Orphanage
|
Posted - 2011.04.10 00:34:00 -
[2]
Edited by: Miilla on 10/04/2011 00:35:27
I guess that is one fully justified post! ehm. Needs more underlining, itallics and perhaps a sprinkling of bold? Perhaps some strikethrough to really blind us.
 |
Marley Browning
|
Posted - 2011.04.10 00:38:00 -
[3]
No way because that would mean that a CCP product would work first try...
|
Xavier Isaacson
Minmatar
Surface Detail
|
Posted - 2011.04.10 00:43:00 -
[4]
 Originally by: Nypheas Azurai
CCP it's not hard really. Your forums aren't doing anything complex, they just query a database of posts, present information and maybe query the image server for the avatar. I don't understand how something so simple can be made so complex. Ease-of-use, user interface, robustness, security? Just please use phpBB or a well-known forum package. Clearly in-house isn't working for you, and phpBB version 3.0 is more robust and secure than anything that might get published and patched and re-patched 3 months. Hire a php developer to create any mods needed to tie into EVE gate. I'm sure you can find people here to do it for free, we are that concerned about the state of the forums.
You clearly haven't been following this. The forums were NOT created in-house and are in fact re-skinned open source forums. This is most likely the only reason the security flaws slipped through as easily as they did.
Originally by: Verone
BBC Trust are a sack of arses.
|
Diomedes Calypso
|
Posted - 2011.04.10 00:43:00 -
[5]
I'm wondering what the problem is myself. Learning how to create a forum is a project in most programing for web books. And jeeze forums have been a staple from the very earliest days of the web so the mistakes that can be made must be pretty common knowledge for anyone in the busines at all.
But, I'll give the benefit of the doubt that they are attempting something unique?
Is it the interface between the game database thats an issue ? (and can't that be solved by a once a day indexing of the game info and transfer the index to the forum server?)
Well I won't guess cause thats just not my area.. but i'd love to understand the general aspects that make a forum so much more difficult in this situation that elsewhere?
|
Tippia
Sunshine and Lollipops
|
Posted - 2011.04.10 00:43:00 -
[6]
Originally by: Nypheas Azurai
Hire a php developer
PHP is not sold by Microsoftà 
ùùù
ôIf you're not willing to fight for what you have in ≡v≡à
you don't deserve it, and you will lose it.ö
ù Karath Piki |
Sable Blitzmann
Minmatar
Massively Dynamic
|
Posted - 2011.04.10 00:44:00 -
[7]
I think they are using a pre-built, open source platform called YAF. It's written in ASP (why they still use ASP I would never know).
The problem is that they need to tie it in with EVE Gate. That's where everything went wrong. They supposedly botched up some authentication features and rigged the new forums to support EVE Gate integration.
|
SupaKudoRio
|
Posted - 2011.04.10 00:44:00 -
[8]
Originally by: Marley Browning
No way because that would mean that a CCP product would work first try...
I... I'm missing the Like button. 
Ye'llo? |
Miilla
Minmatar
Hulkageddon Orphanage
|
Posted - 2011.04.10 00:49:00 -
[9]
Originally by: SupaKudoRio
Originally by: Marley Browning
No way because that would mean that a CCP product would work first try...
I... I'm missing the Like button.
We don't like you anymore
|
SupaKudoRio
|
Posted - 2011.04.10 00:51:00 -
[10]
Originally by: Miilla
Originally by: SupaKudoRio
Originally by: Marley Browning
No way because that would mean that a CCP product would work first try...
I... I'm missing the Like button.
We don't like you anymore
I feel so dirty. 
Ye'llo? |
|
|
Barakkus
|
Posted - 2011.04.10 00:53:00 -
[11]
Hell ****ing no. PHPBB is nothing but asking for security breaches.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Liang Nuren
|
Posted - 2011.04.10 00:54:00 -
[12]
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
^^ Truth.
--
Eve Forum ***** Extraordinaire
On Twitter
|
Miilla
Minmatar
Hulkageddon Orphanage
|
Posted - 2011.04.10 00:54:00 -
[13]
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
Then they should ask the nice Microsoft sales man about ASP.NET.
|
Barakkus
|
Posted - 2011.04.10 00:58:00 -
[14]
Originally by: Miilla
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
Then they should ask the nice Microsoft sales man about ASP.NET.
**** **** asp, you can do a much better job doing it with C++ or Delphi rather than using an interpreted language.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Natalia Kovac
Minmatar
Stimulus
Rote Kapelle
|
Posted - 2011.04.10 01:00:00 -
[15]
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
I doubt it's any worse than CCP's custom bull****.
|
Calathea Sata
State War Academy
|
Posted - 2011.04.10 01:01:00 -
[16]
Originally by: SupaKudoRio
Originally by: Marley Browning
No way because that would mean that a CCP product would work first try...
I... I'm missing the Like button.
Actually, me too but I stole a little one as a souvenior...
|
Barakkus
|
Posted - 2011.04.10 01:01:00 -
[17]
Originally by: Natalia Kovac
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
I doubt it's any worse than CCP's custom bull****.
Problem is they used php.....
-
-
[SERVICE] Corp Standings For POS anchoring
|
Nypheas Azurai
|
Posted - 2011.04.10 01:02:00 -
[18]
Originally by: Xavier Isaacson
You clearly haven't been following this. The forums were NOT created in-house and are in fact re-skinned open source forums. This is most likely the only reason the security flaws slipped through as easily as they did.
Wrong. Whatever forum they are using, in-house or not, is clearly not well-known. If it were, it would be deployed in millions of installations around the globe. It would be at this very moment used by millions of people, but not just people: it would be bombarded by the microsecond by bots, hackers, and spammers.
^^ Have a billion people test every feature every second of the day, and when something breaks have a thousand eyes on it and release a patch within the day.
That. Is how you get a robust forum. If you think that well-used open-source software is somehow less robust or secure because many people use it and many eyes watch over the code, you are painfully wrong about how good software is written and tested.
|
Barakkus
|
Posted - 2011.04.10 01:04:00 -
[19]
Edited by: Barakkus on 10/04/2011 01:12:32
Edited by: Barakkus on 10/04/2011 01:09:21
Originally by: Nypheas Azurai
Originally by: Xavier Isaacson
You clearly haven't been following this. The forums were NOT created in-house and are in fact re-skinned open source forums. This is most likely the only reason the security flaws slipped through as easily as they did.
Wrong. Whatever forum they are using, in-house or not, is clearly not well-known. If it were, it would be deployed in millions of installations around the globe. It would be at this very moment used by millions of people, but not just people: it would be bombarded by the microsecond by bots, hackers, and spammers.
^^ Have a billion people test every feature every second of the day, and when something breaks have a thousand eyes on it and release a patch within the day.
That. Is how you get a robust forum. If you think that well-used open-source software is somehow less robust or secure because many people use it and many eyes watch over the code, you are painfully wrong about how good software is written and tested.
Yeah lot of good that does when not even php can secure their own websites. Check out their latest new article...
All opensource gets you is an easy vector for an attacker to discover exploits in the system.
You don't get "a patch within a day", most of the time **** festers for months before a new build is available because you have 1000 people arguing over some stupid crap instead of fixing it for weeks. I am forced to work with opensource garbage and it's stupid. You end up with a bunch of *******s providing support and acting like fatbeards towards the people that report bugs and then ignoring things they "don't feel is important enough" to call it a bug.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Nypheas Azurai
|
Posted - 2011.04.10 01:15:00 -
[20]
Edited by: Nypheas Azurai on 10/04/2011 01:22:43
Originally by: Barakkus
Yeah lot of good that does when not even php can secure their own websites. Check out their latest new article...
a) phpBB is not php
b) php's wiki is not php
c) the server running php's wiki is not php
d) poorly written code can be written in any language
e) did I mention phpBB is not php?
in a clumsy way you also just proved the point didn't you? when it comes to software that millions rely on, security issues are addressed and fixed instantly. You aren't seeing php.net down are you? You aren't being redirected to old asp.net are you?
edit:
as for your rant about devs, without feeding the troll, it's clear you were touched badly on a mailing list somewhere. Maybe your incompetence was exposed publically, I feel badly for you if that is the case, and some closed communities (linux kernel development?) can be that way. But not forumboard providers such as phpBB. They publish a product precisely for open public consumption and having more experience than you with such frameworks I can say they are able and willing to help the end-user.
In fact I'd go so far to say that if CCP contacted them, they would welcome CCP using their software so much so they would be more than happy to spare extra services and custom-tailored advice for whatever they need to do.
|
|
|
Andrea Griffin
|
Posted - 2011.04.10 01:20:00 -
[21]
Originally by: Barakkus
All opensource gets you is an easy vector for an attacker to discover exploits in the system.
You don't get "a patch within a day", most of the time **** festers for months before a new build is available because you have 1000 people arguing over some stupid crap instead of fixing it for weeks. I am forced to work with opensource garbage and it's stupid. You end up with a bunch of *******s providing support and acting like fatbeards towards the people that report bugs and then ignoring things they "don't feel is important enough" to call it a bug.
Mister Balmer - is that you? I didn't you know you played E- Crap man, don't throw that chair at me, bro! 
-
"When I nerf something, it takes 2-3 months for your dreams to be crushed." - CCP Big Dumb Object |
Barakkus
|
Posted - 2011.04.10 01:20:00 -
[22]
Edited by: Barakkus on 10/04/2011 01:27:04
Originally by: Nypheas Azurai
Originally by: Barakkus
Yeah lot of good that does when not even php can secure their own websites. Check out their latest new article...
a) phpBB is not php
b) php's wiki is not php
c) the server running php's wiki is not php
d) poorly written code can be written in any language
e) did I mention phpBB is not php?
in a clumsy way you also just proved the point didn't you? when it comes to software that millions rely on, security issues are addressed and fixed instantly. You aren't seeing php.net down are you? You aren't being redirected to old asp.net are you?
edit:
as for your rant about devs, without feeding the troll, it's clear you were touched badly on a mailing list somewhere. Maybe your incompetence was exposed publically, I feel badly for you if that is the case, and some closed communities (linux kernel development?) can be that way. But not forumboard providers such as phpBB. They publish a product precisely for open public consumption and having more experience than you with such frameworks I can say they are able and willing to help the end-user.
In fact I'd go so far to say that if CCP contacted them, they would welcome CCP using their software so much so they would be more than happy to spare extra services and custom-tailored advice for whatever they need to do.
Do you not understand that phpbb runs under php?
I wouldn't touch php with a 10 foot pole due to how easy it is to break into a website running php.
Security issues are not "instantly fixed" that's a load of crap that opensource fanboi's constantly spout. That's not how it works in the opensource world and you know it.
And, no I wsan't touched in a bad place by the fatbeards in some stupid opensource community. I have to watch the bug reports for postgresql in order to keep on top of **** at work and deal with anything that they haven't fixed and probably won't fix for months. The attitudes of the people that work on postgresql, especially Tom Lane is abysmal and ****ing stupid.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Jack Tronic
|
Posted - 2011.04.10 01:25:00 -
[23]
Edited by: Jack Tronic on 10/04/2011 01:27:25
Edited by: Jack Tronic on 10/04/2011 01:26:35
1. They are using a comparable ASPX based forum software called YAF.net
2. It isn't in house, see above
3. Stop being an ignorant fu*k who feels superior
4. You just got owned
5. Go hang yourself.
Quote:
Do you not understand that phpbb runs under php?
I wouldn't touch php with a 10 foot pole due to how easy it is to break into a website running php.
I will setup a site that consists of the following
Quote:
<?php
echo "hello world";
?>
And I expect you to break into the website.
PHP is just like any other language, if someone writes bad code there will be bad code, a ruby, python,whatever site can be just as exploitable if someone does something dumb.
|
Diomedes Calypso
|
Posted - 2011.04.10 01:26:00 -
[24]
Bark,
If i were going to use an off the shelf web database platform (im an amateur obviously) and you think php is extrodinarily vulnerable, would you have any recomendations for some equivelent to drupal or joomala?
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.10 01:27:00 -
[25]
PHP and ASP is so last century
--
please consider to visit our w-space system, cake will be served immediately. |
Florentis
|
Posted - 2011.04.10 01:27:00 -
[26]
Originally by: Tippia
Originally by: Nypheas Azurai
Hire a php developer
PHP is not sold by Microsoftà
CCP just released the Microsoft Forum Simulator 2011 based on asp, as we see it.
|
Nypheas Azurai
|
Posted - 2011.04.10 01:28:00 -
[27]
Originally by: Andrea Griffin
Mister Balmer - is that you? I didn't you know you played E- Crap man, don't throw that chair at me, bro!
oh shi- man I see it now, how was I so blind?
Originally by: Barakkus
I have no idea what I'm talking about and little web-programming experience, so here's a chair in your face
Originally by: Barakkus
DEVELOPERS DEVELOPERS DEVELOPERS
|
Barakkus
|
Posted - 2011.04.10 01:29:00 -
[28]
Originally by: Nypheas Azurai
Originally by: Andrea Griffin
Mister Balmer - is that you? I didn't you know you played E- Crap man, don't throw that chair at me, bro!
oh shi- man I see it now, how was I so blind?
Originally by: Barakkus
I have no idea what I'm talking about and little web-programming experience, so here's a chair in your face
Originally by: Barakkus
DEVELOPERS DEVELOPERS DEVELOPERS
Lol, go ahead and keep raging opensource fanboi you're about as knowledgeable as someone who just graduated from webdesign school and I wouldn't hire if my life depended on it.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.10 01:46:00 -
[29]
Originally by: Barakkus
I have to watch the bug reports for postgresql in order to keep on top of **** at work and deal with anything that they haven't fixed and probably won't fix for months. The attitudes of the people that work on postgresql, especially Tom Lane is abysmal and ****ing stupid.
Right, and you never get that problem with closed source because it is bug free? And how would you fix it there on your own if for example oracle is to lazy to fix an issue with their software? With OS you have at least the chance to find a third party that will do the support for you if "the community" isn't willing to fix your "very important" problems. "Community" does not mean they work for you if you don't pay them.
Everyone that still relays on CS software with a potential lock in is in my opinion just plain stupid and takes risks no one would take in any other field.
If you still think OS has something to do with idealism then you understand nothing at all. Its the only way to get a free market in the software business.
--
please consider to visit our w-space system, cake will be served immediately. |
Yaba Yaba
|
Posted - 2011.04.10 01:54:00 -
[30]
Originally by: Barakkus
Security issues are not "instantly fixed" that's a load of crap that opensource fanboi's constantly spout. That's not how it works in the opensource world and you know it.
You misunderstand the benefits of open source. Linux isn't one of the most secure operating systems because it's closed source. The fact that iot's open source allows ANYONE to view the source and thus find bugs and patches.
The reason why the forums broke so easily is because CCP messed with the authentication system, not because they were based off an open source project.
tl;dr: everyone in this thread is dense
|
|
|
Barakkus
|
Posted - 2011.04.10 02:09:00 -
[31]
Edited by: Barakkus on 10/04/2011 02:13:51
Originally by: Karak Terrel
Originally by: Barakkus
I have to watch the bug reports for postgresql in order to keep on top of **** at work and deal with anything that they haven't fixed and probably won't fix for months. The attitudes of the people that work on postgresql, especially Tom Lane is abysmal and ****ing stupid.
Right, and you never get that problem with closed source because it is bug free? And how would you fix it there on your own if for example oracle is to lazy to fix an issue with their software? With OS you have at least the chance to find a third party that will do the support for you if "the community" isn't willing to fix your "very important" problems. "Community" does not mean they work for you if you don't pay them.
Everyone that still relays on CS software with a potential lock in is in my opinion just plain stupid and takes risks no one would take in any other field.
If you still think OS has something to do with idealism then you understand nothing at all. Its the only way to get a free market in the software business.
Um, no, any support we've had to get from Oracle, Microsoft, Symantec or any other vendor has been top notch and immediate response, I've had patches made for BackupExec from Symantec within a week for problems we've had to contact them for, and their tech support provided a work around within a day or two.
I trust someone I'm paying to provide solutions faster than relying on some random people out in the ether...they want your money, they fix your problems, pretty simple.
I've been waiting on a bug fix for hot standby database corruption from postgresql for a good month since deploying 9. They still are trying to fix it (and arguing about it). It doesn't affect our ability to run the database, but the hot standby feature is sitting there languishing because they're too busy fighting about the fix for it. There's a number of other problems with their implementations of character sets and floating point values that ARE a big deal, and haven't gotten fixed and aren't even getting responded to. If I was running MSSQL I would expect that to be fixed faster than waiting on the people "working" on postgresql.
I tried to get them to use Oracle or MSSQL server, but they wanted to go the cheap route and use postgresql and now we're stuck with a database platform that was developed by people that don't understand threading and is unnecessarily a resource hog. They can't even get it to actually cluster...you have to go do some backasswards way of getting any sort of pseudo clustering done...they wouldn't go with MySQL because the stupid web designers didn't like it, then they ended up sticking with Oracle and not even moving to postgresql because they're too lazy to port their crap code to postgresql.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Nypheas Azurai
|
Posted - 2011.04.10 02:15:00 -
[32]
Edited by: Nypheas Azurai on 10/04/2011 02:28:06
Originally by: Barakkus
Lol, go ahead and keep raging opensource fanboi
Several others in this thread already stated CCP used YAF.net, which is open-source, so clearly they are "fanboi's" too.
The issue here is they didn't choose wisely because they let their choice be governed by ease (YAF is also ASP.net, so they can hack it into EVEGate with less work), rather than security and robustness. There are several hundred forumboard packages out there, but phpBB is one of, if not, the best when it comes to robustness, usability, and security. More so than anything that exists out there currently, and anything they could design in-house. It's not because it is designed in some specific language (AJAX and MVC.net, are both more advanced and feature-rich than php), it is because it is widely-used, tested, and updated.
If CCP are looking for the best solution instead of just one that can be easily hacked into EVEGate, then they will choose a well-known forumboard package such as phpBB.
Edit:
Someone already took the time to explain to you that you can "pay" anyone to support anything. Paying for support isn't exclusive to closed-source companies. You can hire developers to support your forum installation if you so choose, and unlike Microsoft support, there is competition, so not only do they have more incentive to provide a better service, they also answer only to you.
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.10 02:35:00 -
[33]
Originally by: Barakkus
I trust someone I'm paying to provide solutions faster than relying on some random people out in the ether...they want your money, they fix your problems, pretty simple.
Well, thats what i say! But you compare a community which is btw most of the time a group of people that get paid by someone and thats why they fix the problem of this party and not yours. The difference is that with CS you have to get that support form Oracle, Symantec or Microsoft. They will probably not do it, but if they decide to rise support costs, no longer deliver fixes in time, etc. there is nothing you can do because 99% of the time you have no chance to migrate to another database. With an OS solution you don't have that lock in. If you want the same support for postgres you have to pay for it, opensource does not mean free support. If the company ****es you of and doesn't fix stuff in time there may as well be another company that will fix it for you, support is a free market in the OS world. Someone that locks his data into a product which is only maintained by one company and with EULA's that give them the right to forbid you to use the product and doesn't freaking matter how unlikely they will use that right, is just INSANE!
Even the big players have realized this now. For example, if redhat support ****es you of, you can now buy rhel support from oracle..
--
please consider to visit our w-space system, cake will be served immediately. |
Barakkus
|
Posted - 2011.04.10 02:40:00 -
[34]
Originally by: Nypheas Azurai
Edit:
Someone already took the time to explain to you that you can "pay" anyone to support anything. Paying for support isn't exclusive to closed-source companies. You can hire developers to support your forum installation if you so choose, and unlike Microsoft support, there is competition, so not only do they have more incentive to provide a better service, they also answer only to you.
Enterprise level tech support from Microsoft is excellent actually, so is Symantec's support as well as Dell's enterprise level support.
People that ***** about companies and their tech support are *****ing about consumer level support most of the time, most of the time enterprise level support from companies is much, much better...they want to keep the money coming in, so they will bend over backwards to support their enterprise customers.
There's a current issue with being able to DoS sites running the latest version of PHP by submitting bogus get requests with huge floating point values...haven't patched that yet as far as I can tell or even acknowledged it.
All I'm saying is opensource is far from superior to actually purchasing your software, which the opensource fanbois seem to want to espouse until they're blue in the face...doesn't mean that is actually the case...
-
-
[SERVICE] Corp Standings For POS anchoring
|
Barakkus
|
Posted - 2011.04.10 02:46:00 -
[35]
Originally by: Karak Terrel
99% of the time you have no chance to migrate to another database
No, the only reason someone would not be able to migrate to a different database platform is because they are unwilling to, or they locked themselves into a particular language and are unwilling to do something different. There is no reason someone couldn't migrate data from Oracle to PostgreSQL to MSSQL to MySQL to DB2 then back again. I've had to migrate data from various database platforms and rewrite applications to work with a new platform, there is no way to "lock you into" a particular product. There are only 2 products I know of that you get "locked" into because they are so closed and that's SAP and MAS...and even then you could migrate off of those...
-
-
[SERVICE] Corp Standings For POS anchoring
|
Max Romeo
|
Posted - 2011.04.10 02:46:00 -
[36]
Originally by: Yaba Yaba
You misunderstand the benefits of open source. Linux isn't one of the most secure operating systems because it's closed source. The fact that iot's open source allows ANYONE to view the source and thus find bugs and patches.
tl;dr: everyone in this thread is dense
Own goal bro.
Users arn't developers; Developers who are going to look at the source are going to see the problems if they have paid for the code or not(in the case of something like non-binary php). There's even some research in ACM papers about the 'many eyes' concept being a paradox; In that while more people 'hack on' source, they often propagate lower quality code than the upstream author as well as seldom checking or report security issues, while all the time thinking 'this is safe, many other people have looked at it'... chances are no one has unless it has research/reimplementation potential... forums don't. You're also generally confusing hobbyists and hackers for professionals (even if most devs these days are CCP's level of badness, whatever).
Code quality is a hard metric to define, but it's got very little correlation to the license in a case like this.
But I have feeling you're some hardened Stallman rimming, GNUtard.
(See : How many lines of kernel/crypto stack have you audited, how often do you read your httpd's socket handlers?, do you sub to all of the repo mailing lists? 'many' eyes... heeeeh)
|
Nypheas Azurai
|
Posted - 2011.04.10 02:51:00 -
[37]
Originally by: Barakkus
All I'm saying is opensource is far from superior to actually purchasing your software, which the opensource fanbois seem to want to espouse until they're blue in the face...doesn't mean that is actually the case...
Excellent, and you're completely off-base, so move along to another thread.
We've already established that CCP is using an open-source forum, so either suggest a closed-source version that you think is "superior" and that they can roll out in a reasonable time and is also robust and secure, or explain which open-source package they should be using and why.
If it's the former, you can't obviously, since it's closed source and you will have little knowledge of it unless you have purchased it before, and even then, won't know how it works internally. If it's the latter, then you'd be hard-pressed to find any better open-source package than the one mentioned in thread title.
Saying "open source is far from superior" is useless banter and can be said of anything. In this case (attempting to setup forums that are robust and secure) it is more desirable to have as many eyes on potential bugs and exploits than that 1 guy in QA, and for that... for that you need open-source.
|
Barakkus
|
Posted - 2011.04.10 02:56:00 -
[38]
Edited by: Barakkus on 10/04/2011 02:56:31
Originally by: Nypheas Azurai
We've already established that CCP is using an open-source forum, so either suggest a closed-source version that you think is "superior" and that they can roll out in a reasonable time and is also robust and secure, or explain which open-source package they should be using and why.
What they SHOULD have done from the beginning is code it themselves in something that's not interpreted and isn't opensource.
There's more than java, php and other nonsense out there. They could have simply done a whole ISAPI application suite instead of relying on opensource garbage and written a much, much better site than dealing with any of this interpreted crap.
You obviously have no clue about developing software so maybe you should move along...
-
-
[SERVICE] Corp Standings For POS anchoring
|
Grimpak
Gallente
The Whitehound Corporation
Frontline Assembly Point
|
Posted - 2011.04.10 03:01:00 -
[39]
Edited by: Grimpak on 10/04/2011 03:02:59
Originally by: Nypheas Azurai
Edited by: Nypheas Azurai on 10/04/2011 02:28:06
Originally by: Barakkus
Lol, go ahead and keep raging opensource fanboi
Several others in this thread already stated CCP used YAF.net, which is open-source, so clearly they are "fanboi's" too.
The issue here is they didn't choose wisely because they let their choice be governed by ease (YAF is also ASP.net, so they can hack it into EVEGate with less work), rather than security and robustness. There are several hundred forumboard packages out there, but phpBB is one of, if not, the best when it comes to robustness, usability, and security. More so than anything that exists out there currently, and anything they could design in-house. It's not because it is designed in some specific language (AJAX and MVC.net, are both more advanced and feature-rich than php), it is because it is widely-used, tested, and updated.
If CCP are looking for the best solution instead of just one that can be easily hacked into EVEGate, then they will choose a well-known forumboard package such as phpBB.
Edit:
Someone already took the time to explain to you that you can "pay" anyone to support anything. Paying for support isn't exclusive to closed-source companies. You can hire developers to support your forum installation if you so choose, and unlike Microsoft support, there is competition, so not only do they have more incentive to provide a better service, they also answer only to you.
what happened here was:
- CCP picked the YAF way.
- reskins it to their tastes,
- proceeds to pretty much remove every security feature it has,
- breaks IMG tags in the process,
- breaks whatever security feature was still there,
- HTML code is, somehow, allowed to post,
- work complete!
so no, while YAF.net's security level might be debatable, the fault here lies on CCP and CCP alone.
-
---
Quote:
The more I know about humans, the more I love animals.
ain't that right. |
Nypheas Azurai
|
Posted - 2011.04.10 03:11:00 -
[40]
Originally by: Barakkus
What they SHOULD have done from the beginning is code it themselves in something that's not interpreted and isn't opensource.
Although I do appreciate the irony coming from someone who is clearly code-illiterate, suffice to say EVEGate was in-house. EVE is CCP's "in-house" thing, not forum software. I didn't think I needed to explain to you why anything CCP develops in-house in the next few weeks or even months won't beat something that is many people's life's work for the last few years.
If you think code that has been running on millions of servers and services millions of users of the last decade has problems, wait until you see just how robust is code that's been pushed out in a few weeks and only tested in-house by that 1 QA guy.
|
|
|
Barakkus
|
Posted - 2011.04.10 03:13:00 -
[41]
Edited by: Barakkus on 10/04/2011 03:16:06
Originally by: Nypheas Azurai
Originally by: Barakkus
What they SHOULD have done from the beginning is code it themselves in something that's not interpreted and isn't opensource.
Although I do appreciate the irony coming from someone who is clearly code-illiterate, suffice to say EVEGate was in-house.
Ok rtard boy. Get back to me when you've been a professional developer not making rinky dink web pages for over 10 years.
Let me know when you've coded your own custom SSH servers and database applications...and handle a little less than a billion dollars annually with software you've written...then maybe you can talk...until then you're just some clueless rtard 20 something that thinks he knows it all because he plays with linux.
-
-
[SERVICE] Corp Standings For POS anchoring
|
De'Veldrin
Minmatar
Self Preservation Society the 2nd
|
Posted - 2011.04.10 05:14:00 -
[42]
Originally by: Tippia
Originally by: Nypheas Azurai
Hire a php developer
PHP is not sold by Microsoftà
Thank ****ing God. Microsoft could screw up an attempt to boil water.
--Vel
Originally by: Blacksquirrel
This is EVE. PVE can happen anywhere at anytime. Be prepared.
|
Liang Nuren
|
Posted - 2011.04.10 05:24:00 -
[43]
Originally by: Barakkus
Um, no, any support we've had to get from Oracle, Microsoft, Symantec or any other vendor has been top notch and immediate response
Uh. No. This has absolutely not been my experience. Especially from Sun/Oracle.
Quote:
I've been waiting on a bug fix for hot standby database corruption from postgresql for a good month since deploying 9. They still are trying to fix it (and arguing about it). It doesn't affect our ability to run the database, but the hot standby feature is sitting there languishing because they're too busy fighting about the fix for it. There's a number of other problems with their implementations of character sets and floating point values that ARE a big deal, and haven't gotten fixed and aren't even getting responded to. If I was running MSSQL I would expect that to be fixed faster than waiting on the people "working" on postgresql.
This **** happens with all databases. The amount of working around Oracle bugs I've seen done because we couldn't get Oracle to fix their broken **** is ****ing amazing.
Quote:
I tried to get them to use Oracle or MSSQL server, but they wanted to go the cheap route and use postgresql and now we're stuck with a database platform that was developed by people that don't understand threading and is unnecessarily a resource hog.
PostgreSQL and Oracle are different. They both have features that the other lacks, but in the end I'd rather use PostgreSQL for most purposes. And yes, I'm more than capable of debating the internals of the databases if you care to. ;-)
-Liang
--
Eve Forum ***** Extraordinaire
On Twitter
|
Liang Nuren
|
Posted - 2011.04.10 05:26:00 -
[44]
Originally by: Barakkus
No, the only reason someone would not be able to migrate to a different database platform is because they are unwilling to, or they locked themselves into a particular language and are unwilling to do something different. There is no reason someone couldn't migrate data from Oracle to PostgreSQL to MSSQL to MySQL to DB2 then back again. I've had to migrate data from various database platforms and rewrite applications to work with a new platform, there is no way to "lock you into" a particular product. There are only 2 products I know of that you get "locked" into because they are so closed and that's SAP and MAS...and even then you could migrate off of those...
What the **** is this noise? Are you drunk? Have you ever worked with a database bigger than 30 Gigs? Its not a simple matter to migrate 5 million lines of code and 250+ terabytes of data to a different database for ****ing ****s and giggles. 
-Liang
--
Eve Forum ***** Extraordinaire
On Twitter
|
Steve Thomas
Minmatar
Sebiestor Tribe
|
Posted - 2011.04.10 05:30:00 -
[45]
Originally by: Yaba Yaba
Originally by: Barakkus
Security issues are not "instantly fixed" that's a load of crap that opensource fanboi's constantly spout. That's not how it works in the opensource world and you know it.
You misunderstand the benefits of open source. Linux isn't one of the most secure operating systems because it's closed source. The fact that iot's open source allows ANYONE to view the source and thus find bugs and patches.
The reason why the forums broke so easily is because CCP messed with the authentication system, not because they were based off an open source project.
tl;dr: everyone in this thread is dense
Its also the most secure because almost noone uses it.
.end of line.
----
If you think your too paranoid to play EvE...
Then you clearly are not paranoid enough to play EvE
(Alt list) Rico Lobo |
Liang Nuren
|
Posted - 2011.04.10 05:32:00 -
[46]
Originally by: Barakkus
What they SHOULD have done from the beginning is code it themselves in something that's not interpreted and isn't opensource.
There are costs and benefits for doing it either way. If you write it yourself:
- Your software is closed, and rare. That makes it somewhat harder for The Bad Men to find the holes in it.
- Your QA department is all the QA you get.
- You have to maintain it, and fix all the bugs associated with it.
If you use off the shelf parts:
- Your software is open (potentially), but is not rare. That makes it somewhat easier for The Bad Men to find holes in it. It also means that someone finding a 0 day on another board will instantly **** your piece of software.
- You get a lot more QA.
- You don't necessarily have to fix the bugs... but you are allowed to contribute a patch if its open source.
As to your ******ed interpreted vs compiled langauge: you're just wrong. For the most part, interpreted languages are slightly slower but are much more expressive. This means that you can slam out higher quality code in much less time.
-Liang
--
Eve Forum ***** Extraordinaire
On Twitter
|
Barakkus
|
Posted - 2011.04.10 05:36:00 -
[47]
Originally by: Liang Nuren
Originally by: Barakkus
No, the only reason someone would not be able to migrate to a different database platform is because they are unwilling to, or they locked themselves into a particular language and are unwilling to do something different. There is no reason someone couldn't migrate data from Oracle to PostgreSQL to MSSQL to MySQL to DB2 then back again. I've had to migrate data from various database platforms and rewrite applications to work with a new platform, there is no way to "lock you into" a particular product. There are only 2 products I know of that you get "locked" into because they are so closed and that's SAP and MAS...and even then you could migrate off of those...
What the **** is this noise? Are you drunk? Have you ever worked with a database bigger than 30 Gigs? Its not a simple matter to migrate 5 million lines of code and 250+ terabytes of data to a different database for ****ing ****s and giggles.
-Liang
Trust me, I don't do that **** for ****s and giggles, took 5 years to migrate to PostgreSQL :P
-
-
[SERVICE] Corp Standings For POS anchoring
|
Liang Nuren
|
Posted - 2011.04.10 05:55:00 -
[48]
Originally by: Barakkus
Originally by: Liang Nuren
Originally by: Barakkus
No, the only reason someone would not be able to migrate to a different database platform is because they are unwilling to, or they locked themselves into a particular language and are unwilling to do something different. There is no reason someone couldn't migrate data from Oracle to PostgreSQL to MSSQL to MySQL to DB2 then back again. I've had to migrate data from various database platforms and rewrite applications to work with a new platform, there is no way to "lock you into" a particular product. There are only 2 products I know of that you get "locked" into because they are so closed and that's SAP and MAS...and even then you could migrate off of those...
What the **** is this noise? Are you drunk? Have you ever worked with a database bigger than 30 Gigs? Its not a simple matter to migrate 5 million lines of code and 250+ terabytes of data to a different database for ****ing ****s and giggles.
-Liang
Trust me, I don't do that **** for ****s and giggles, took 5 years to migrate to PostgreSQL :P
Ok, so a 5 year investment to switch databases seems to be a pretty damn good reason not to do it.
-Liang
--
Eve Forum ***** Extraordinaire
On Twitter
|
Gravemind GER
Caldari
Community for Justice
Majesta Empire
|
Posted - 2011.04.10 05:58:00 -
[49]
boah hell no, dont give them the idea to use the ****ty phpbb forum... its nothing but problems and only freebies and new***s in the internets use this ****.
i prefer vbulletin 3.x or myBB or smf
U SIR ARE A SPAI! |
Aineko Macx
|
Posted - 2011.04.10 06:48:00 -
[50]
Originally by: Gravemind GER
boah hell no, dont give them the idea to use the ****ty phpbb forum... its nothing but problems and only freebies and new***s in the internets use this ****.
i prefer vbulletin 3.x or myBB or smf
Yeah, I don't get why it's always phpBB people suggest, when it has nothing going for it except being the most used, which just helps perpetuate the fact...
________________________
CCP: Where fixing bugs is a luxury, not an obligation. |
|
|
Barakkus
|
Posted - 2011.04.10 08:10:00 -
[51]
Originally by: Liang Nuren
Ok, so a 5 year investment to switch databases seems to be a pretty damn good reason not to do it.
-Liang
Trust me, we had to.
The way the software was re-engineered another migration would only take us maybe a year, and if I can manage to get a particular set of components, and they work out right, I can cut that down to maybe 6-9 months, but that's another 3-6 months work to swap out database components. We'd pretty much be able to migrate to any database platform with minimal work after that, at least internally...web designers, well that's another story...but they're switching all the web stuff to use hibernate, so that may not be that big of a deal either.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.10 13:43:00 -
[52]
Originally by: Barakkus
All I'm saying is opensource is far from superior to actually purchasing your software, which the opensource fanbois seem to want to espouse until they're blue in the face...doesn't mean that is actually the case...
It seams you don't have a problem with open source, you have a problem with free software, and by free i mean free as in free beer. Most of the companies pay for their open source software and then they get their support exactly the same way as you get support for closed source software. Yet again, the difference is that if you can't switch the software (which is not impossible but expensive), you can change the company that supports it. Because there is now way the can hold your own data ransom.
If the developers you work for decided to use postgres because it is cheap and now depend on the support they didn't want to pay for, they are complete morons, and it's their problem if they don't get a quick solution. Actually it's your problem, but thats because ppl in dba, op and se are always where the problems all the devs and architects caused have to been solved. From that perspective your situation is far from unique.
--
please consider to visit our w-space system, cake will be served immediately. |
Malaclypse Muscaria
|
Posted - 2011.04.10 15:31:00 -
[53]
Originally by: Barakkus
Um, no, any support we've had to get from Oracle, Microsoft, Symantec or any other vendor has been top notch and immediate response
One of my clients is a big Oracle customer, not just for their database products, but their pharmaceutical and CRM (Siebel) software, and what I've seen through them has left me with a very poor opinion of Oracle, both regarding the quality of their software and their support.
It's bad, and I'm on certain occasions called to clean up after the Oracle consultants, when they are unable to figure out why their own software installation keeps burping, sometimes regarding some very basic things. But as unhappy as they may be with Oracle, this company has no other choice: you may be able to switch database vendors given enough time & effort, but not when it comes to their pharmaceutical software.
This company also relies on Microsoft for Active Directory, Exchange and so on, and all I hear from them in that regard is pain and misery.
On the other hand, the Linux servers and custom made software running on them based on open source technologies (Apache, Java, Python, JBoss, Tomcat, Plone, etc...) are not only a joy to work with, they've also never given us any significant problems.
|
Erichk Knaar
Caldari
Noir.
Noir. Mercenary Group
|
Posted - 2011.04.10 15:38:00 -
[54]
Edited by: Erichk Knaar on 10/04/2011 15:41:20
Edited by: Erichk Knaar on 10/04/2011 15:38:52
Originally by: Barakkus
Edited by: Barakkus on 10/04/2011 02:13:51
I've been waiting on a bug fix for hot standby database corruption from postgresql for a good month since deploying 9. They still are trying to fix it (and arguing about it). It doesn't affect our ability to run the database, but the hot standby feature is sitting there languishing because they're too busy fighting about the fix for it. There's a number of other problems with their implementations of character sets and floating point values that ARE a big deal, and haven't gotten fixed and aren't even getting responded to. If I was running MSSQL I would expect that to be fixed faster than waiting on the people "working" on postgresql.
You do realize this affects all products. I've got some great Oracle stories through the years. PGSQL is a perfectly good platform. You do know you can get very good pro support for it? Are you trying to run it on Windows or something?
EDIT: Also, phpBB is terrible.
|
Hamburgg
|
Posted - 2011.04.10 17:48:00 -
[55]
Originally by: Barakkus
Hell ****ing no. PHPBB is nothing but asking for security breaches.
phpBB3 has not had a single serious security hole since it was released 3 years ago. phpbb2 is the version everyone thinks about for security problems. phpBB3 is a completely new version. |
Helicity Boson
Amarr
The Python Cartel.
The Defenders of Pen Island
|
Posted - 2011.04.10 17:58:00 -
[56]
I don't think it's fair to attack open source over the fact that CCP disabled the normal security features in favor of something utterly demented of their own devising.
Leave FOSS alone, direct your anger at the people that took a good forum, ruined it, rebranded it, then released it; while claiming they spent 72,000 man hours on it.
|
Alex Artrald
|
Posted - 2011.04.10 18:05:00 -
[57]
While I'm not a fan of phpbb I was wondering why they didn't use a premade script. If they wanted free MyBB would have been my choice but there are paid options as well of forums.
|
Ban Doga
|
Posted - 2011.04.10 18:23:00 -
[58]
Edited by: Ban Doga on 10/04/2011 18:23:16
Originally by: Barakkus
Edited by: Barakkus on 10/04/2011 02:56:31
any of this interpreted crap.
What's the problem with interpreted languages?
|
Erichk Knaar
Caldari
Noir.
Noir. Mercenary Group
|
Posted - 2011.04.10 18:27:00 -
[59]
Originally by: Ban Doga
Edited by: Ban Doga on 10/04/2011 18:23:16
Originally by: Barakkus
Edited by: Barakkus on 10/04/2011 02:56:31
any of this interpreted crap.
What's the problem with interpreted languages?
+1
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.10 22:26:00 -
[60]
Originally by: Ban Doga
Edited by: Ban Doga on 10/04/2011 18:23:16
Originally by: Barakkus
Edited by: Barakkus on 10/04/2011 02:56:31
any of this interpreted crap.
What's the problem with interpreted languages?
There are two problems with interpreted languages:
1) People don't understand that most of this languages are just "the glue" on top and that the expensive operations still run in compiled code. (thats not true for some ruby implementations and probably for some other script languages to. php?)
2) the amount of work to implement something in a dynamic script languages is much smaller than the implementation in a not so dynamic compiled language. From the money you save there you can buy better hardware which compensates that "glue on the top". Hardware is cheaper than programmers. There are cases where this is not true, but you can identify them and replace only this particular code with something faster (in the case of eve probably the inventory system if i read the devblog right?).
--
please consider to visit our w-space system, cake will be served immediately. |
|
|
Lykouleon
Bad Kitty Inc.
|
Posted - 2011.04.10 22:31:00 -
[61]
Originally by: Grimpak
- breaks IMG tags in the process
Considering CCP's limitations on images on "ye olde forums," I wouldn't be surprised if the removal of img tag usage was intended.
Don't click on this.
No, really, don't, it'll make your eyes bleed. |
Aineko Macx
|
Posted - 2011.04.11 06:13:00 -
[62]
Originally by: Karak Terrel
1) People don't understand that most of this languages are just "the glue" on top and that the expensive operations still run in compiled code. (thats not true for some ruby implementations and probably for some other script languages to. php?)
Since version 4 php is compiled into bytecode at runtime. As is python.
Quote:
2) the amount of work to implement something in a dynamic script languages is much smaller than the implementation in a not so dynamic compiled language. From the money you save there you can buy better hardware which compensates that "glue on the top". Hardware is cheaper than programmers. There are cases where this is not true, but you can identify them and replace only this particular code with something faster (in the case of eve probably the inventory system if i read the devblog right?).
At fanfest I was talking about this with CCP Warlock, and she stated that generally most execution time is already spent on compiled C(++?) code called by the python "glue".
________________________
CCP: Where fixing bugs is a luxury, not an obligation. |
Mara Rinn
|
Posted - 2011.04.11 06:58:00 -
[63]
Originally by: Barakkus
I've been waiting on a bug fix for hot standby database corruption from postgresql for a good month since deploying 9. They still are trying to fix it (and arguing about it). It doesn't affect our ability to run the database, but the hot standby feature is sitting there languishing because they're too busy fighting about the fix for it.
The issue they're "arguing about" is an architectural change that has to be made to the rest of the RDBMS code in order to get the hot standby system working correctly. They're basically looking at reworking the foundations of a building, not simply what colour to paint the front door.
Mischaracterizing the discussion as "arguing about it" is disingenuous but not unexpected from a proprietary software disciple.
The simple fact of the matter is that the software which gets reviewed by more bug hunters will have fewer bugs. Linus Torvalds characterized this as "given enough eyeballs, all bugs are shallow." Just being Open Source or proprietary doesn't make software any more or less secure than any other software in the same field. What makes the software more secure is having more people looking for bugs and fixing them.
There were plenty of people looking for (and finding) bugs in the New Forums, but there was nobody spending time on the fixing them part. Thus the New Forums were pushed out with known security issues, which were immediately exploited.
This is not an Open Source is more or less secure than closed source argument. The issue is simply that bugs were found but not fixed. The deeper issue is a question of why the bugs made it into production in the first place: was it due to developer incompetence, management pressure to deliver a product at all costs, or other factors?
So no, switching to PHPBB or any other forum software at this stage of the game is not going to magically fix the problem. The problem is due to CCP's web development team doing really braindead stuff to shoehorn the YAF forum software onto the EVE Online/Carbon authentication system.
--
[Aussie players: join ANZAC channel] |
Ban Doga
|
Posted - 2011.04.11 08:20:00 -
[64]
Originally by: Karak Terrel
Originally by: Ban Doga
Edited by: Ban Doga on 10/04/2011 18:23:16
Originally by: Barakkus
Edited by: Barakkus on 10/04/2011 02:56:31
any of this interpreted crap.
What's the problem with interpreted languages?
There are two problems with interpreted languages:
1) People don't understand that most of this languages are just "the glue" on top and that the expensive operations still run in compiled code. (thats not true for some ruby implementations and probably for some other script languages to. php?)
2) the amount of work to implement something in a dynamic script languages is much smaller than the implementation in a not so dynamic compiled language. From the money you save there you can buy better hardware which compensates that "glue on the top". Hardware is cheaper than programmers. There are cases where this is not true, but you can identify them and replace only this particular code with something faster (in the case of eve probably the inventory system if i read the devblog right?).
Seems like you are using "interpreted language" as a synonym for "scripting language".
It would really help to get familiar with the technical terms before you start spewing around non-sense.
And about the people who use certain languages:
You can be sure there has been more abuse and utter failure with C than with - let's say - php, alone for the fact that C is so much older.
|
Erichk Knaar
Caldari
Noir.
Noir. Mercenary Group
|
Posted - 2011.04.11 09:09:00 -
[65]
Originally by: Mara Rinn
Originally by: Barakkus
I've been waiting on a bug fix for hot standby database corruption from postgresql for a good month since deploying 9. They still are trying to fix it (and arguing about it). It doesn't affect our ability to run the database, but the hot standby feature is sitting there languishing because they're too busy fighting about the fix for it.
The issue they're "arguing about" is an architectural change that has to be made to the rest of the RDBMS code in order to get the hot standby system working correctly. They're basically looking at reworking the foundations of a building, not simply what colour to paint the front door.
Mischaracterizing the discussion as "arguing about it" is disingenuous but not unexpected from a proprietary software disciple.
Besides all the truth about F/OSS development models, I wonder if the guy you quoted has offered any incentive or support to the pg developers to either prioritize or fast track his issue. We hired a PG guy. It's great, and its still cheaper than Oracle licenses.
|
Karak Terrel
As Far As The eYe can see
Chained Reactions
|
Posted - 2011.04.11 17:10:00 -
[66]
Originally by: Ban Doga
Seems like you are using "interpreted language" as a synonym for "scripting language".
It would really help to get familiar with the technical terms before you start spewing around non-sense.
Actually i used it the other way around and it's not the point at all. If you have something to say against my arguments feel free to point out my mistakes. If not why don't you just shut up and stop wasting forum space with your childish teenrage?
--
please consider to visit our w-space system, cake will be served immediately. |
|
|
| |
|
| Pages: 1 2 3 :: [one page] |