Sciencemadness Discussion Board

Brief downtime, soon, for another upgrade

Polverone - 25-3-2007 at 21:22

Security holes have been found in XMB, again, and a new version has been released to counter them. I will briefly take the board down some time in the next 24 hours to perform the upgrade. After the last incident, I don't particularly want to be tardy about security fixes.

Polverone - 26-3-2007 at 22:04

OK, not 24 hours. Real-life work has kept me too busy. Soon, though.

Polverone - 31-3-2007 at 12:38

The upgrade has been completed. You may have noticed some problems earlier with the board while I took it offline to upgrade and then restore settings. Let me know if you spot any problems.

12AX7 - 31-3-2007 at 12:45

Excellent. Smileys and buttons changed though. :rolleyes: <-- And still no rolleyes!

Levi - 31-3-2007 at 12:55

Why does whimsy remain hidden until you log in? If it's not intentional (or too much of a bother to change) would you consider changing it back to being visible to offline users?

P.S.

:mad: <--- this is supposed to be mad? ' looks constipated to me...

Polverone - 31-3-2007 at 16:13

I forgot to change smilies, as I always need to, because they were cached in my browser. Levi, Whimsy was always supposed to be hidden from outsiders -- it must not have been until recently that the XMB code implementing that feature worked correctly.

The idea is that people should be lured here only by what appears in the open forums, not by what they might be able to access in the closed forums.

quicksilver - 31-3-2007 at 17:50

Are the folks who developed XMB supportive or are you pretty much left to your own devices to work out the various issues? The reason I ask is that I support a veteran's website and was asked to check into a feature that was provided by CPanel but would be better served by a standalone completed discussion board like this one. We have some money to sink into it if it's not too expensive -AND they provide some support with the issues experienced by new users, etc.

franklyn - 31-3-2007 at 18:46

I attempt to log out but this does not occur.
I close all windows then enter www.sciencemadness.org but I am still logged in.
I now close the browser also and then enter www.sciencemadness.org again.
The page now indicates I have logged out. But have I ?
This only occurs after I purge the cookies,
the list of members online still indicates my username.
If I now login once again I experience the same result.

This is not a problem for me but it is a glitch in the current setup

.

Polverone - 31-3-2007 at 20:16

I've never tried commercial support for this board software, though I think it does exist. If I were starting the site today I don't think I would try to use XMB; it's suffered from a lot of security problems as well as miscellaneous other bugs. Of course a lot of forum software is buggy, so I'm not sure what I would suggest as a secure and non-buggy choice.

Franklyn, the bug you experienced appears to affect me too. Add another issue to the towering pile of known XMB problems.

quicksilver - 1-4-2007 at 06:15

The fact that you have found a whole shit-load of problems does not bode well for their future sales.... Does XMB have any competitors worth looking at? (I have access to a super high speed T3 line and could find a torrent of just about anything for evaluation.) If you could try another product, do you have one in mind?

Polverone - 1-4-2007 at 10:31

No, I don't know what package I would want to try. Every so often I look to see if there's anything good available based on Ruby or Python, since those are languages that would make it comfortable for me to read and modify the program source. For reasons that aren't entirely clear to me, every PHP-based piece of software seems to encounter a bargeload of security problems. Other web-based software has security problems too, because writing secure code is hard, but PHP seems to attract or create the worst offenders.

I know that leu once recommended a particular forum package to me as being more secure than others, but I can't recall what forum it was now. You might want to send him a U2U message to ask.

Bugs update

Polverone - 1-4-2007 at 11:39

It turns out that the logout problem was already reported to the XMB developer forums, and fixed. I've applied the fix to our system too, so logging out should work correctly now.

There is a U2U problem now where if you click "Reply" in the U2U message panel, or click on the U2U links at the bottom of a member's post or in their profile, the "Send to" field is left blank. This means that after composing your message and sending it, you will get a "Recipient does not exist" error and the message you just wrote will be lost too. I have reported the problem to the XMB developers, but until it is fixed, I imagine that many of us will lose U2U messages when we forget to compensate for the forum's bugs by manually filling in the recipient.

Thanks go to chemrox for bringing the U2U bug to my attention.

[Edited on 4-1-2007 by Polverone]

Polverone - 2-4-2007 at 20:21

The U2U bug has been fixed.

UnintentionalChaos - 3-4-2007 at 12:12

If you are on a computer that has not had the whimsy or refrences passwords typed in already and attempt to use the passwords, you get an error that says that that forum does not exist and it still won't let me into them afterward.

Polverone - 3-4-2007 at 17:41

Quote:
Originally posted by UnintentionalChaos
If you are on a computer that has not had the whimsy or refrences passwords typed in already and attempt to use the passwords, you get an error that says that that forum does not exist and it still won't let me into them afterward.

I've tried to reproduce this bug on a couple of machines , 4 different browsers, and http and https versions of the site. Logging in to the protected forums works fine in all cases. Can you try another machine? What OS and browser are you using?

UnintentionalChaos - 3-4-2007 at 22:21

It wasn't my personal computer and it wasn't a remotely new model. If it isn't reproducible on any current computers, it shouldn't be a major issue. I'm back on my regular computer now which has no problem getting into the password-protected forums.