| Author |
 Topic  |
|
BryanJWinter
Starting Member
6 Posts |
 Posted - 16 May 2002 : 10:36:08
|
<RANT>
I downloaded version 3.3.03 the forum a long time ago and had quite a bustling community going with several thousand posts. I say "had" because I got hacked and now all that wonderful data is gone.
It was only after I got hacked did I hit THIS forum to discover that there were security patches posted, and an email list I could join!
Now, I downlaoded version 3.3.03 a long time ago and it worked great. I never hit THIS forum since the thing worked and I thought I did not need to. Occassionally I would pop onto the home page to see if the version numbver had changed. IT HAD NOT. And so I figured the script was up to date.
Well, I was wrong. Security patches were released and applied yet the version number never changed. So I never knew about them. Isn't the POINT of version numbers to let user know when a program has been changed? Especially a HUNDRETHS PLACE version number?!?
After the first patch was applied the version number and home page should have become 3.3.04, and so on with each new patch.
I'm REALLY FRUSTRATED by that this, as you may imagine.
PLEASE PLEASE PLEASE PLEASE use the standard numbering protcols and update the version number when you update the program!
I'm on the email list now so hopefully I will catch these things in the future (I didn't know about the email list as well).
</RANT>
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 May 2002 : 13:37:52
|
<EVEN BIGGER RANT>
Is that so.
I beg to differ, the version available for download was until only a few days ago still vers 3.3.03 there is no law that states we have to give it a different version because we issue a security patch. If we had changed the version number what good would it have done you if as you said you never come here.
|
 |
|
|
BryanJWinter
Starting Member
6 Posts |
Posted - 16 May 2002 : 14:08:16
|
My point is I DID come hre - but I mistakenly only wnet as far as the home page which has had the sdame version number for months and months. I had NO IDEA that I was "supposed" to also hit your forums to learn about updates.
I would also hit the "downlaods" page where I also never learned about updates or patches.
On most sites visiting the forum is an option - here it is a requirement. Inever knew that. And frankly I'm a bit too busy to crawl around and discover these things on my own.
I think I did my part - I went to the homepage, I went to the support page, I went to the downlaods page. I never saw any reason to be concerned about the integrity of the software.
All I'm asking is that you put a notice somplace "obvious" that says "be sure to hit the Community button to learn about upgrades and patches, and to join our mailing lists."
No there isn't a law and yes I know that the version listed on the home page has been 3.3.03 (and still is). I'm just a little frustrated and offering a plea to make a few subtle changes to either your version number or your homes page to let other users like me avoid any potential downfalls.
|
|
|
|
DreaMasteR
Starting Member
36 Posts |
Posted - 16 May 2002 : 16:39:02
|
What - You want your money back? A free product developed by dedicated people can only do so much - and lately they TOO have been attacked by the hackers.
It is up to you to support and track this product. YOU need to go to the effort of checking for fixes and Updates. They offer their labor for Free, They maintain their product for free, they code this product with no expectations of cash from the user.
There are Plenty of Pricey alternatives out there if you FEEL they owe you anything.
You need to fricking apologize to the Snitz team.
|
|
|
|
BryanJWinter
Starting Member
6 Posts |
Posted - 16 May 2002 : 17:30:25
|
...sigh...
I know the product is free. And it is a great product and I love it to death and I would never use anything else.
I know I have to do what I can to look for updates and patches and such.
BUT YOU ARE NOT LISTENING TO MY POINT.
My point is I that THOUGHT I was doing it right. I THOUGHT I was checking for updates and patches in the right spots. BUT I WASN'T DOING IT RIGHT. I WAS WRONG. OK? I WAS WRONG. YES I KNOW THE MISTAKE WAS MINE. I KNOW THAT ALREADY SO YOU DON'T HAVE TO KEEP TELLING ME.
Now will you please jump off the high and mighty horses you are on and listen to my point?
All I'm saying is that there are PROBABLY one or two or 100 folks out there who are making the same mistake that I already made. And all I'm suggesting is for ONE LINE OF TEXT on the home page or someplace to let those folks know that there are updates and patches to be applied and where to go to get them. That just may avoid the same kind of headaches I am currently going through.
Is that so much to ask?
I never ONCE claimed that the Snitz gang was responsible - please read my posts again. I'm very sorry if you jumped to that conclusion. Am I frustrated? You bet. I am currently seeking legal advice to tray to get my host to restore a backup which they refuse to do. These are hoops I REALLY don't want to jump through.
I'f my frustration seemed to be directed at the developers, I am sorry for that. That was not my intent. I was merely trying to quantify how much I thought my small suggestion was needed.
OK?
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 16 May 2002 : 17:52:43
|
Well, I think the scale of this hacking wave was just beyond anything anyone could really have expected, given what had happened in the past.
I agree with you Brian, when you say that something probably should change, regarding the info given to the users downloading the code. Probably the readme, maybe starting with the next release version that should be out soon, should include strong advice for users to subscribe to the Snitz mailing lists and to come here periodically and browse the Community: Announcements forum to check for new security updates.
Given the nature of the Snitz forum, where no money is charged for the product, users should also understand that downloading and installing a forum gives them the responsability of maintaining their code up to date, to cover bugs and security fixes. This is true even with purchased software, but in that case the fact that we spent money on the product probably makes us more attentive to that, in order to rentabilize our investment as much as we can.
Truth be told, I see no reason for that to be any different with Snitz. If the forums are so important for use, we have the duty of making sure it's up to date.
Of course I think Snitz doesn't want the consequences of this hacking wave to be repeated again. No one has pleasure in seeing a software where so much free time was spent, being hacked as happened in this wave of attacks. So this should be probably be the subject of some reflection on ways to minimize the potential for this to happen again. The revitalization of the Snitz mailing lists was a good response to that. Probably adding stronger advice to the readme (in spite the fact that so many times users just skip reading it) and in the download area here would help also.
And Brian, regardless of your provider's backup, you should have backups of your own. I do it every once in a while (I have a small movement forum). That was your responsability.
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 16 May 2002 : 18:00:49
|
There is now a forum Richard set up for security related bug fixes, which will help make it more obvious if there is a security related fix available. Yes, before that information was available but you did need to follow certain threads (the bugs thread has always had any information about fixes and patches).
Sorry your host doesn't want to reload your backup. Sounds like time for a host change!
======
Doug G
====== |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 16 May 2002 : 18:53:08
|
You all make valid points, though its a shame that BryanJWinters post seems to have been taken as a personal criticisim rather than constructive as intended. Personally I agree with him and see benefit to everyone in updating the version numbers more often.
Perhaps when all the big stuff is out of the way and 4.0 is released you could consider being more consistent in version numbering as it would benefit a lot of people and its not a difficult thing to do.
The download available had actually been updated since 3.3.03 was Officially released, if you look at the filedates in that archive a couple of pages had been updated (going from memory I think around February when changes were made to inc_functions.asp to prevent embeded Jscript in posts.) Fortunately whilst that bug was posted to BugTraq the script kiddies must have missed that post though  .
I appreciate it's not always the easiest to take criticisim of something you've put so much personal effort into, but please stop to consider that whilst this is your product, theres a heck of a lot of content in there thats been either developed by others (MOD's you've included in the base) or come by way of suggestions posted here on this board. This is just another suggestion that deserves some consideration too.
At the end of the day, we (or at leat most of us) are all just here to help make this become a better product for everyone, and we get less out of it than you do, at least you can call it "your" product and put your name on it.
www.daoc-halo.com
Edited by - Gremlin on 16 May 2002 18:55:30 |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 16 May 2002 : 19:23:01
|
I was not taking it personally, just pointing out that by his own admision he hadn't been back here until he got hacked, so changing version numbers would not have helped.
plus, for all he knows, the download available (at sourceforge) was the same version he had, since richard only very recently updated it, so most of his <RANT> was falsely directed if well intentioned.
|
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 16 May 2002 : 19:47:30
|
Actually he did go on to say that he had been back several times, but didn't read any further becuase the download page semeed to indicate that it was still the original August 3.3.03 that was available (when in fact it had been updated in February).
I've struck exactly that same problem myself, I've introduced a few friends to Snitz and twice now I've told them that there are updates available for security patches they've come back and said :no theres not, the download is still 3.3.03 which is what I'm already running"
Just please consider it for future releases :) I know Richard said that updating the download wasn't that easy either now that its hosted on sourceforge, I guess that just complicates things futher.
www.daoc-halo.com |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 16 May 2002 : 21:54:56
|
Ya know, constructive criticism usually doesn't start with "<RANT>" and end with
Just an observation (Korzybski might agree).
======
Doug G
====== |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 16 May 2002 : 22:47:02
|
quote:
Ya know, constructive criticism usually doesn't start with "<RANT>" and end with
Just an observation (Korzybski might agree).
======
Doug G
======
True enough, but when you take his emmotion about just being hacked into consideration I think you can see it was more constuctive than anything else.
www.daoc-halo.com |
|
|
|
HurricaneDH
Starting Member
7 Posts |
Posted - 16 May 2002 : 23:53:36
|
Moral of the story folks: (as others have noted) BACKUP
Sorry to hear of the maliscious hack. ****er script kiddies.
|
|
|
|
HurricaneDH
Starting Member
7 Posts |
Posted - 17 May 2002 : 00:41:54
|
Even though I just posted thread # 666 to this category, I would like to state for the record that I am in no way affiliated with Satan.
|
|
|
|
BryanJWinter
Starting Member
6 Posts |
Posted - 17 May 2002 : 08:29:22
|
quote:
[
I was not taking it personally, just pointing out that by his own admision he hadn't been back here until he got hacked, so changing version numbers would not have helped.
As I have said several times now, I did some back several times. Usually every 2-3 weeks to see if there was an update.
quote:
I know Richard said that updating the download wasn't that easy either now that its hosted on sourceforge, I guess that just complicates things futher.
It's hosted on sourceforge?? See, that's another thing I had no idea about. I don't even know where to begin to find it there. I relied on the Home page, the Downloads page and the Support page. But usually just the home page said it has always said v3.3.03, and still does! I made the assumption that the homepage was up to date - which apparently it is not?
So, IS there is more recent version available with all these patches applied? Or do I have to redownload v3.3.03 and apply them myself?
quote:
Ya know, constructive criticism usually doesn't start with "<RANT>" and end with
Hrmm... I've always been under that impression that <RANT> meant "I have to get something off my chest so please bear with me for a sec." I had no idea that people would take it personally. I appologize for the mixup.
quote:
And Brian, regardless of your provider's backup, you should have backups of your own. I do it every once in a while (I have a small movement forum). That was your responsability.
No doubt about that - and I do have a backup of my own. My problem with the host is that they have a more recent backup than mine, and although I was under the impression that restoration was in their list of services, they are telling me it is not. So we are butting heads over their poorly-worded Terms of Service and List of Services.
|
|
|
|
Topic |
|
Topic Locked
