[Wolves] Scumbags Hack Xoops site

Dick Turpin highwayman.turpin at gmail.com
Thu Oct 20 22:45:19 BST 2005


On Thursday 20 October 2005 20:05, Steve Parkes wrote:

> no it doesn't it makes lamers who claim to be coders/designers redundant.

Whee plop, that one fell on the ground coz I don't know what a lamers is.

> No open source CMS comes configured out of the box with a unique look
> and your business solution installed.  Jobs for people with skills.

Them days are going going gone. true there are still some juicy consultancy 
jobs around but remember my favourite (needs to be said in a strangled voice) 
"Oh na mate I can get it cheaper on ebay" these days everyone's a web expert 
or MS expert, plug and play has killed us all so has the ubiquitous wizard.

Even Xoops, mambo and Joomla may be classed as hammering a nail in the 
designers coffin. Yes you're 100% correct they don't come with you're company 
name address blah blah blah but anyone with a bit of computer exposure could 
change Joomla to give a company some web presence and thats the point.

> It's an application written in a client server style using an SQL
> database.  The problem comes that what looks like a content oriented
> management tool to you looks like a pile of wet shite held together with
> selotape to a developer and a playground with free beer, crack cocaine
> and whores to a cracker.

But you're not the one using it! it'll be Mr business owner who see the dollar 
as the bottom line, why pay Mr S Parkes £1000.00 to make us a site when that 
Joomla thing is free plus it must be good it won an award didn't it? and 
Betty the tea lady can look after it.

I believe you when you say its crap coding, I know you know you're onions plus 
I wouldn't have the foggiest if the code was bad or not. All I do know is;

1. It works.
2. It looks good.
3. Its fairly easy to use.

And thats what everyone wants an easy life :)

> If you are telling someone you have a cool client server application
> that anyone can edit your front page or get at your clients credit card
> numbers and passwords.

Be fair thats not strictly true is it? Thats only if you allow that function 
and as for getting at credit card details that can be done with any site, if 
they want it bad enough they'll get it thats why I only use a credit card 
with a £200.00 limit for any Internet or telephone transactions.

> I don't care what age people are as long as they have a fucking clue
> about what they are doing.  Spend ten mins around a foss cms with nuke
> dna and you will soon get to see the people pulling the shots are 100%
> clueless about all parts about what they are developing apart from
> submitting lines upon lines of code into the cvs.

Hang on, I'm not baiting you I can sense the famous Sparkes wrath rising. 
Due to that tirade you lost me a bit, we started this off in respect of the 
product, we seem to have moved on to slagging off the developers now I know 
what you'll say "Shite developers = shite app" But thats not true is it? and 
to be honest if its just about cleaning up the code maybe you could help?

> it's not the same for all software.  Software with developers with a
> clue have special teams for security auditing and tracking.

Behave, you're talking about an org that has some money who can afford to pay 
for that sort of setup.

> Within a hour or two of a linux (for example) exploit being found it's
> obvious which companies and teams have their fingers on the button
> because they release details to their communities listing the effected
> products and recommendations.

Nothing new here, that goes for most products a reactive response when an end 
user notifies the vendor if you look on the Joomla forum they released a 
security update the other day. True you need to be either on a mailing list 
or visit the forum regularly to be aware of the issue but its just the same 
so I don't think that argument (as far as Joomla's concerned) is fair.

> For example this message about enigmail dropped into my box today
>
> ===========================================================
> Ubuntu Security Notice USN-211-1	   October 20, 2005
> enigmail vulnerability
> CVE-2005-3256
> ===========================================================
>
> followed by the problem and the fix.

I bet you get lots of them :P

> MS do things there own way, it's not my problem I'm not one of their
> customers ;-)

Um whats MS got to do with it? although having said that you can run a VM 
Mambo server on Windows ;)

-- 
Regards
Dick Turpin
highwayman.turpin at gmail.com
"Stand and Deliver"



More information about the Wolves mailing list