Advertisement:

Author Topic: Some updates on SMF 2.1  (Read 317264 times)

Offline Night09

  • SMF Hero
  • ******
  • Posts: 1,940
  • Gender: Male
Re: Some updates on SMF 2.1
« Reply #500 on: January 26, 2015, 06:23:05 PM »
I completely disabled Registration for almost an Entire Month now at the Dream Portal site, that runs SMF (And yes, still getting Spam, but I suppose from Bots that have joined over a month ago).  Reasons, were I had over 100 spam bots posting all kinds of things.  Having installed a mod, Stop Forum Spam, did help a lot, however, crazy as it is now almost at 1 Million Spam bots blocked, in approx. 6 months that I have had it installed.  Also, there are still spam bots getting through, as I had to delete over 500 posts from Spam Bots.  And please don't even mention this being a security issue with Dream Portal, as this is happening on all of my SMF Sites, without Dream Portal, everywhere.  I just hope that SMF 2.1 has some kind of improvement over this.  Doesn't start to happen, until I post a link to my site though, since I suppose, bots don't know it exists until than.

This is why we set up anti spam Q&A with good questions before we turn registration on...

You need to learn how to implement spam control properly if your plagued like so. Ive got multiple SMF installs and never have this kind of problem. Q&A has worked wonders and also no captcha turned on because its pointless.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,059
    • Arantor on GitHub
Re: Some updates on SMF 2.1
« Reply #501 on: January 26, 2015, 06:25:23 PM »
Especially since in 2.1 I added other stealth measures to combat spam.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline austin.bollinger

  • Semi-Newbie
  • *
  • Posts: 18
Re: Some updates on SMF 2.1
« Reply #502 on: January 28, 2015, 06:33:16 AM »
« Last Edit: January 28, 2015, 11:53:49 AM by austin.bollinger »

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,059
    • Arantor on GitHub
Re: Some updates on SMF 2.1
« Reply #503 on: January 28, 2015, 06:38:03 AM »
There is not a 'security team' per se, however there are people around in the ecosystem actively involved that are *very* familiar with security issues. Including people that hold Zend certification and over a decade of PHP experience.

If you feel there is a legitimate security concern, please send an email to security at simplemachines.org where it will be looked at and investigated.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline margarett

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,761
  • Gender: Male
Re: Some updates on SMF 2.1
« Reply #504 on: January 28, 2015, 09:10:39 AM »
Putting it in another perspective: there are no known security issues in SMF. Even the last ones that were patched all require a compromised admin account or a deliberately "dangerous" action by an admin (in which case all bets are off anyway). So there is nothing to "harden" ;)

If you are interested in helping SMF's development, our github repo is the place to start ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

Quote
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,059
    • Arantor on GitHub
Re: Some updates on SMF 2.1
« Reply #505 on: January 28, 2015, 09:18:36 AM »
There are hardening things that can be done above and beyond, but these all fall into the realm of preventative rather than corrective measures.

* Arantor has a plan for a new paid mod
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Joshua Dickerson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,775
  • Gender: Male
    • joshuaadickerson on GitHub
    • joshuaadickerson on LinkedIn
Re: Some updates on SMF 2.1
« Reply #506 on: January 30, 2015, 01:56:49 PM »
One thing I'm strongly against yet I'm truly sorry to say but most of the people in SMF (includes some of current developers) don't want to understand, depending on 3rd party too much makes your line of work a lot harder. You start to wait fixes from other people, because you expand the things you are using, which trust me every single new component added to your software not just designed for one thing, increase the risk of getting exposed to different type of vulnerability. So instead taking whole bootstrap & bootstrap rtl, I think its better to sit down and write your own CSS.
I used to agree but then I changed my ways. That is the antithesis of the idea of open source. You make it open source so anyone can find and fix issues and then release that change. Yeah, you might become complacent with checking your third party software but I'm willing to bet you wouldn't be checking that part of your own software anyway. At least someone out there is an expert in that area and you don't have to be. So, you can focus your time on being an expert of your area - thus potentially decreasing issues with it. If you want to fix an issue and the third party software is open source, you can contribute to it. If it follows good programming guidelines, you should be able to distribute your change in your software and not have to worry about forwards compatibility.
Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,120
  • Gender: Male
    • Kindred-999 on GitHub
Re: Some updates on SMF 2.1
« Reply #507 on: January 30, 2015, 02:53:23 PM »
That is a really big "IF" right there... and I would estimated that 90% or more would actually NOT fall into that category
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,649
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • Lunarfall
Re: Some updates on SMF 2.1
« Reply #508 on: January 30, 2015, 03:07:32 PM »
Actually if you outsource too much, in this case which is what you say is take everything from its expert, not only you wait fixes but also you load a lot more than you need.
Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline Joshua Dickerson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,775
  • Gender: Male
    • joshuaadickerson on GitHub
    • joshuaadickerson on LinkedIn
Re: Some updates on SMF 2.1
« Reply #509 on: January 30, 2015, 03:34:13 PM »
That is a really big "IF" right there... and I would estimated that 90% or more would actually NOT fall into that category
What's a big if?
Actually if you outsource too much, in this case which is what you say is take everything from its expert, not only you wait fixes but also you load a lot more than you need.
I used to be overly concerned with that. My entire outlook on development has changed. I used to be the guy that wanted to get every drop of performance, but that comes at a huge cost for making good software. Watch for the 90% issues and grab the low-hanging fruit when you can but focus on writing good code and making software people want to use and develop. If performance is that big of a concern, there are plenty of things you can change to make an application like SMF way faster without writing code.
Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,120
  • Gender: Male
    • Kindred-999 on GitHub
Re: Some updates on SMF 2.1
« Reply #510 on: January 30, 2015, 03:38:53 PM »
That is a really big "IF" right there... and I would estimated that 90% or more would actually NOT fall into that category
What's a big if?

If it follows good programming guidelines, you should be able to distribute your change in your software and not have to worry about forwards compatibility.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,649
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • Lunarfall
Re: Some updates on SMF 2.1
« Reply #511 on: January 30, 2015, 04:44:20 PM »
When I was searching a new news fader (slider), I see many projects left to dead. Its way too hard to find proper projects which gets some update - open license. Finding the balance is very important in my eyes. If you take a look at SMF 2.1, each outsourced material doing exactly what its asked for (excluding jQuery because its a main dependency for every component).
Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline SoLoGHoST

  • SMF Hero
  • ******
  • Posts: 1,795
  • Gender: Male
  • Real coders do not need to comment their code!
    • Dream Portal
Re: Some updates on SMF 2.1
« Reply #512 on: January 30, 2015, 04:48:52 PM »
I'm confused about outsourcing?  You mean with a CDN?  Also, if you want bare minimum bootstrap, you can customize it and download it just like jQueryUI.  Just download only what you need.  Add to SMF install, no need to outsource, can be packaged with SMF.  In any case, not my call.  I just feel that maybe you are wasting valuable time on parts of a product (like Joshua already stated), for very little gain, when you could take advantage of open source code (Bootstrap modals, slideshows, tabs, etc.) that many have already discovered works flawlessly.  This would allow your developers to focus on the very heart and soul of what SMF should be.

row
col-xs-{grid size part}
col-s-{grid size part}
col-md-{grid size part}
col-lg-{grid size part}
col-offset-md-{grid size part}

These are all classes that can make your job tons easier... and there's soooo many more!

For example:

Code: [Select]
<div class="row">
    <div class="col-xs-24 col-md-12">Hello, I'm on Left Side in Large devices, and my own row in small devices.</div>
    <div class="col-xs-24 col-md-12">Hello, I'm on Right Side in Large devices, and underneath previous div in small devices.</div>
</div>

"row" class automatically clears element.  Many great looking sites built using bootstrap ( http://discoverphl.com , http://libertydiscountfuel.com , http://www.thinkitfirst.com just to name a few that I'm familiar with ).  Why rebuild something that has been built with a solid foundation already?  Because you don't want to rely on other 3rd party software?  This is something you are already doing in SMF anyways.  I seriously doubt CSS can cause a huge security risk as much as jQuery does.  Many people I work with surprised that Forum software is even still around.  SMF has a good chance at maintaining it, but new cutting-edge technologies are making Forum software not so much appealing anymore.  Why is HTML 5 not implemented?  Especially since HTML 5 has a huge advantage over 4, and has been around for quite some time now.  Why is SMF just now starting to use jQuery after all of this time?  How did it survive without it?  Even moreso, how did it survive without responsive design for all of this time?

The only answer I can think of is, Good People, Good Core, and Good Support!
« Last Edit: January 30, 2015, 05:27:07 PM by SoLoGHoST »

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,649
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • Lunarfall
Re: Some updates on SMF 2.1
« Reply #513 on: January 30, 2015, 04:52:07 PM »
CDN is also outsourcing but not the way we are talking it. Bootstrap is not gonna be part of SMF 2.1, maybe for 3.0 but I'm not going to decide that.

http://www.businessdictionary.com/definition/outsourcing.html
Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline Joshua Dickerson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,775
  • Gender: Male
    • joshuaadickerson on GitHub
    • joshuaadickerson on LinkedIn
Re: Some updates on SMF 2.1
« Reply #514 on: January 30, 2015, 05:30:26 PM »
That is a really big "IF" right there... and I would estimated that 90% or more would actually NOT fall into that category
What's a big if?

If it follows good programming guidelines, you should be able to distribute your change in your software and not have to worry about forwards compatibility.

Well, you're responsible for finding good software to use.

Antes, so it's already built. Use it in the release you want and you can always change it later. Or, you can continue development with a fork or contributions. That's my point.
Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Offline Powerbob

  • Full Member
  • ***
  • Posts: 673
  • Gender: Male
Re: Some updates on SMF 2.1
« Reply #515 on: April 03, 2015, 03:03:05 AM »
Very quiet here  O:)
Last post is January 31st.



My SMF 2.1 Beta test site; http://www.pplb.net/smf21/index.php