Advertisement:

Author Topic: SMF Copyright Rewording  (Read 47594 times)

Offline NewUsername

  • Newbie
  • *
  • Posts: 7
SMF Copyright Rewording
« on: July 16, 2005, 05:51:59 AM »
Hello everyone. I have just installed SMF for a web designers' community site and I have some concerns regarding the copyright messages generated by SMF. The site will contain several copyright notices including the one generated by SMF. All the other copyright messages are fine except for the SMF copyright which muddles the other copyright messages.

There have been a few questions regarding *removing* the copyright message generated by the software. The answer to all those questions have been in the line of "you cannot remove the copyright messages". I am aware that the SMF license prohibits removal of the copyright notices that are generated by the software. That's okay. Lewis Media is well within its rights to have those clauses in their license.

I have read the thread found here:

http://www.simplemachines.org/community/index.php?topic=36056.0

However it's already too watered down that I felt the best course of action is to start a new thread. So here goes...

My main concern is how the copyright message is worded. Another concern is with security (explained later). Here is an example:

Some Forum on Some Site | Powered by SMF 1.1 Beta 3.
© 2001-2005, Lewis Media. All Rights Reserved.


It is not clear here what this copyright message is acknowledging. Does it mean that:

1. Lewis Media owns the copyright to SMF;

or

2. Lewis Media owns the copyright to the "Some Forum on Some Site" forum and its contents;

or

3. Lewis Media owns the copryight to the whole site itself;

I already know that the correct interpretation is #1 here. But to casual visitors to the site, the interpretation remains open to either 1, 2, or 3. I am also aware that one can also add one's copyright message (i.e. the copyright to the site itself). But that would only confuse things even more. Now there will be two copyright claims on the same page!

My proposal is to reword the copyright message generated by SMF as such:

Some Forum on Some Site | Powered by SMF (Simple Machines Forum)
SMF is © 2001-2005, Lewis Media. All Rights Reserved.


This effectively disambiguates the copyright notice and makes it possible to place several copyright claims on the same page without muddling the other claims.

Note that I removed the version number here on purpose. Which brings me to my second concern: security.

As with the recent phpBB security debacle, advertising the software version number increases the likelihood that SMF sites will also be hax0red. Eventually, SMF will replace phpBB (unless the phpBB team get their act together). By then, SMF will be the new target. Kiddies will download and install SMF on their local XAMPP installation and start to poke around to find holes and ways of exploiting them. Once they do, all that is needed is to search for the string "Powered by SMF x.x.x" to find vulnerable sites. Easy because of the "sticky-copyright" clause in the license. You know what will happen next...

So hopefully the devs consider this request and include it in the next release. I am sure that it will satisfy all concerned parties, even ones who find the "sticky-copyright" clause in the license too restrictive. In the meantime, I hope that it is okay with the devs if I reword the copyright message to the second example given above.

--

J. Baller Esq.

Offline Trekkie101

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,157
  • Gender: Male
  • Ad Astra!
    • https://www.facebook.com/DLRPRoundup on Facebook
    • @dlrproundup on Twitter
    • DLRP Roundup
Re: SMF Copyright Rewording
« Reply #1 on: July 16, 2005, 06:39:40 AM »
I cant really say anything about the copyright notices, but about the security points. I know others have removed the version number just to be safe, but what phpBB and others dont have is the same development skill and logic of the SMF team, ever if SMF is hacked/exploited it only takes a very short time for the development team to quickly repair that small bit of code, and release a full patch into the Package Manager. A quick patch, a quick flick of a switch, SMF calls home, SMF goes nuts telling you about updates. All mods still working away, everything just purring along nicely. The way in which SMF conducts itself is a lot more secure than phpBB. Even the way in which versions are released, by going down a ladder to get to the normal users, it allows a huge ammount of time to squash bugs which could otherwise be exploits.

Offline NewUsername

  • Newbie
  • *
  • Posts: 7
Re: SMF Copyright Rewording
« Reply #2 on: July 17, 2005, 06:44:19 AM »
but what phpBB and others dont have is the same development skill and logic of the SMF team, ever if SMF is hacked/exploited it only takes a very short time for the development team to quickly repair that small bit of code, and release a full patch into the Package Manager. A quick patch, a quick flick of a switch, SMF calls home, SMF goes nuts telling you about updates. All mods still working away, everything just purring along nicely. The way in which SMF conducts itself is a lot more secure than phpBB. Even the way in which versions are released, by going down a ladder to get to the normal users, it allows a huge ammount of time to squash bugs which could otherwise be exploits.

Yes but this is assuming that every SMF board is patched at the exact same time that the patch is released, which is impossible. We all live in different timezones and it could very well be that I am asleep when an exploitable bug was discovered by kiddies, they write the exploit and search using everyone's favorite search engine for the SMF copyright phrase+version number. They find my board and they target it. I wake up the next day and my board is hax0red. If I am lucky, the exploit did not allow them to changed my admin password and allow me to download the patch. If I am lucky maybe they haven't messed up the system enough and the patch will work. If I am lucky.

And mind you, some kiddies can more subtle and not just deface your site straight off. They can plant a mass mailer and use your server as a spambot. Or just prepare your machine for a rootkit insertion. In this case, you will never know that it was through SMF that your machine got compromised, and neither will the devs. Unless of course the exploit becomes so widespread that it gets noticed and finally fixed. But by then, it could already be too late for you.

It is not right to downplay the issue because you have total confidence in the developers and the release process. I have total confidence in them as well. But security is still at the top of my priorities when maintaining a website. It is far better to use pre-emptive and proactive measures such as not displaying the version number of the software in public than it is to be passive and reactive.

And as for the copyright messages, I certainly do hope the devs and Lewis Media do consider the rewording. I could reword it myself in my installation. But that would be in violation of their terms. If that is not acceptable to them, then I propose that they provide a list of acceptable reworded versions and certainly an FAQ or something with regards to this. I am sure this issue will come up over and over again.

The current copyright message is not that totally ambiguous when displayed on its own as explained in my initial posting. It is not that I have trouble understanding it. It is because when it is thrown in with other copyright messages on the same page, the SMF copyright message muddles everything because of its ambiguity.

And btw, IAALS  :)

--

J. Baller Esq.

Offline Trekkie101

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,157
  • Gender: Male
  • Ad Astra!
    • https://www.facebook.com/DLRPRoundup on Facebook
    • @dlrproundup on Twitter
    • DLRP Roundup
Re: SMF Copyright Rewording
« Reply #3 on: July 17, 2005, 06:52:13 AM »
I completely understand what you mean, and hope the day an exploit does appear we can all patch fast.


Offline Ben_S

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,724
  • xxx
Re: SMF Copyright Rewording
« Reply #4 on: July 17, 2005, 07:21:22 AM »
You can remove the version by removing it from index.php.
Liverpool FC Forum with 14 million+ posts.

Offline I, Brian

  • Semi-Newbie
  • *
  • Posts: 45
  • Gender: Male
  • No more Llamas!
    • Internet business
Re: SMF Copyright Rewording
« Reply #5 on: July 18, 2005, 06:00:55 AM »
I actually thought it was against the forum licence to interfere with any part of the notice.

And the concern about version number is absolutely right - simply helps hackers, not users.


Offline Cerberus

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
    • My main site: Pocket PC Russia
Re: SMF Copyright Rewording
« Reply #6 on: July 18, 2005, 06:15:05 AM »
How about something like this?
Forum powered by SMF 3.1.2 © Lewis Media. All Rights Reserved.
(SMF & Lewis Media are links)
Best Regards, Cerberus
YaBB Gold -> YaBB 1.1 -> YaBB SE (YaPP -> PfaBB) -> SMF
Pocket PC Russia

Offline NewUsername

  • Newbie
  • *
  • Posts: 7
Re: SMF Copyright Rewording
« Reply #7 on: July 18, 2005, 12:16:37 PM »
How about something like this?
Forum powered by SMF 3.1.2 © Lewis Media. All Rights Reserved.
(SMF & Lewis Media are links)

That would be acceptable too. It would even be better if the devs could provide a way for users to configure the display of the copyright message. Some options come to mind:

1. Show/Hide SMF version number.

2. Select which copyright message format they want. Devs and Lewis Media could provide a list of accepted message formats.

I would prefer that there would be a way to select between different versions of the copyright message, at least when SMF generates the message it will be one of the approved versions.
--

J. Baller Esq.

Offline rhizome

  • Jr. Member
  • **
  • Posts: 304
Re: SMF Copyright Rewording
« Reply #8 on: July 18, 2005, 12:27:41 PM »

...
It would even be better if the devs could provide a way for users to configure the display of the copyright message. Some options come to mind:

1. Show/Hide SMF version number.

2. Select which copyright message format they want. Devs and Lewis Media could provide a list of accepted message formats.

I would prefer that there would be a way to select between different versions of the copyright message, at least when SMF generates the message it will be one of the approved versions.
--

J. Baller Esq.

I think that's an excellent suggestion, and would keep things simple, as opposed to member requests for alterations

Offline Tristan Perry

  • SMF Hero
  • ******
  • Posts: 2,498
  • Gender: Male
    • Tristan Perry
Re: SMF Copyright Rewording
« Reply #9 on: July 18, 2005, 12:29:26 PM »
How about something like this?
Forum powered by SMF 3.1.2 © Lewis Media. All Rights Reserved.
(SMF & Lewis Media are links)

That would be acceptable too. It would even be better if the devs could provide a way for users to configure the display of the copyright message. Some options come to mind:

1. Show/Hide SMF version number.

2. Select which copyright message format they want. Devs and Lewis Media could provide a list of accepted message formats.

I would prefer that there would be a way to select between different versions of the copyright message, at least when SMF generates the message it will be one of the approved versions.
--

J. Baller Esq.
Nice idea, post in features and request? I'd use this feature.

Offline Cerberus

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
    • My main site: Pocket PC Russia
Re: SMF Copyright Rewording
« Reply #10 on: July 18, 2005, 12:44:58 PM »
Let's wait for the devs' opinion on the matter :)
Best Regards, Cerberus
YaBB Gold -> YaBB 1.1 -> YaBB SE (YaPP -> PfaBB) -> SMF
Pocket PC Russia

Offline Tristan Perry

  • SMF Hero
  • ******
  • Posts: 2,498
  • Gender: Male
    • Tristan Perry
Re: SMF Copyright Rewording
« Reply #11 on: July 18, 2005, 12:51:03 PM »
Let's wait for the devs' opinion on the matter :)
Yeah, hence why I said maybe post it in features and request  :) It'll be cool to see what the dev's think of this idea. It could be useful for some, or at least I think giving people the option to hide the version number is a good idea.

Offline Ben_S

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,724
  • xxx
Re: SMF Copyright Rewording
« Reply #12 on: July 18, 2005, 12:56:56 PM »
And the concern about version number is absolutely right - simply helps hackers, not users.

I disagree, if people don't upgrade then they are still at risk, hiding the version number is giving them a false sence of security, having the version displayed makes it far easier to provide support, the ammount of people that don't bothered to mention what version they are running is getting silly.
Liverpool FC Forum with 14 million+ posts.

Offline † ÐëepÇuT¹ †

  • Jr. Member
  • **
  • Posts: 353
  • Gender: Male
  • YaBBSe
    • x3Generation
Re: SMF Copyright Rewording
« Reply #13 on: July 18, 2005, 01:04:09 PM »
How about something like this?
Forum powered by SMF 3.1.2 © Lewis Media. All Rights Reserved.
(SMF & Lewis Media are links)

That would probably be the best option :).
Personal Website
x3Generation - gaming
graphics and anime.
 
Favorite Forums
> SimpleMachines Forum
> GamerzPlanet Forums


Offline Cerberus

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
    • My main site: Pocket PC Russia
Re: SMF Copyright Rewording
« Reply #14 on: July 18, 2005, 01:39:53 PM »
I disagree, if people don't upgrade then they are still at risk, hiding the version number is giving them a false sence of security, having the version displayed makes it far easier to provide support, the ammount of people that don't bothered to mention what version they are running is getting silly.
But people can't be online 24-7 and upgrade the forum immediately when an update is released :(. Let's suppose I'm on a 2 weeks vacation and a critical update is released. Scriptkiddies may attack and even hack my forum if they do know that my version has that hole.

hehe.. guys, am I paranoic? ;D
Best Regards, Cerberus
YaBB Gold -> YaBB 1.1 -> YaBB SE (YaPP -> PfaBB) -> SMF
Pocket PC Russia

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,171
  • Gender: Male
    • Kindred-999 on GitHub
Re: SMF Copyright Rewording
« Reply #15 on: July 18, 2005, 01:50:36 PM »
yes, but automatic updates is just stupid...    the frist thing I do with any software (Especially windows!) that has auto-update is TURN IT OFF!   There is absolutely no reason that any software should be doing anything to my system (or in this case, my site) without *ME* intitiating the action.

If you're on a 2 week vacation, then make a backup of your site before you go....  or have a Cron job that does a streaming backup...

What would you do on that same vacation if your host had connectivity problems?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Ben_S

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,724
  • xxx
Re: SMF Copyright Rewording
« Reply #16 on: July 18, 2005, 02:06:04 PM »
If I were a script kiddy, I'd probably search for forums that aren't displaying the version number personally.
Liverpool FC Forum with 14 million+ posts.

Offline Cerberus

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
    • My main site: Pocket PC Russia
Re: SMF Copyright Rewording
« Reply #17 on: July 18, 2005, 02:23:39 PM »
yes, but automatic updates is just stupid...    the frist thing I do with any software (Especially windows!) that has auto-update is TURN IT OFF!   There is absolutely no reason that any software should be doing anything to my system (or in this case, my site) without *ME* intitiating the action.

If you're on a 2 week vacation, then make a backup of your site before you go....  or have a Cron job that does a streaming backup...

What would you do on that same vacation if your host had connectivity problems?

In fact I don't use them :)
I have regular backups as well, but I'm really concerned about security and server's uptime.
If I were a script kiddy, I'd probably search for forums that aren't displaying the version number personally.
Why?
In order to try out all the exploits discovered since the 1st version os SMF has been released?
IMHO it's too complicated for them ;)
Best Regards, Cerberus
YaBB Gold -> YaBB 1.1 -> YaBB SE (YaPP -> PfaBB) -> SMF
Pocket PC Russia

Offline Ben_S

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,724
  • xxx
Re: SMF Copyright Rewording
« Reply #18 on: July 18, 2005, 03:01:34 PM »
In order to try out all the exploits discovered since the 1st version os SMF has been released?
IMHO it's too complicated for them ;)

How many is it, about 2 maybe 3? No time at all.
Liverpool FC Forum with 14 million+ posts.

Offline Cerberus

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
    • My main site: Pocket PC Russia
Re: SMF Copyright Rewording
« Reply #19 on: July 18, 2005, 05:06:30 PM »
How many is it, about 2 maybe 3? No time at all.
Really?
I thought there're more exploits ::)
Best Regards, Cerberus
YaBB Gold -> YaBB 1.1 -> YaBB SE (YaPP -> PfaBB) -> SMF
Pocket PC Russia