[Wolves] Scumbags Hack Xoops site

Peter Cannon peter at cannon-linux.co.uk
Fri Oct 21 09:38:10 BST 2005 

On Friday 21 October 2005 01:47, Luke Redpath wrote:

> I'm with Steve on this one.

I'm not on anyones side because its not about sides its about 'why'

{Any capitals in this mail are there for emphasis I'm not shouting} :)

> There is so much poorly written code out there that it is no wonder so
> many security flaws and bugs are found. The problem is - poorly written
> software is being deployed on a large scale. Look at things like Mambo,
> phpBB - they code is junk.

Sorry guys, for me its not good enough to say "The code is junk" that can be 
said of anything Fedora 5 will be crap coded when it first comes out I seem 
to remember Ubuntu going tits up when upgraded YES IT WAS FIXED but it was 
crap coding that caused it.

To convince me you need to show me an alternative product that does the same 
or similar the only thing thats comming across is a shot across the bows from 
disgruntled coders/programmers.

Security features can be added to any site created from any program even a 
simple text editor so the issue is being clouded by saying "Ooh its wide open 
to hacking coz the bad code makes it security vunerable"

> On one hand it is good that things like PHP can be picked up and used by
> amateurs - but it is not a good thing that amateurs are creating
> substandard products that are being used widely, sometimes for mission
> critical apps. The people who write these things wouldn't know what unit
> testing is if it came up and hit them in the face. These apps are hacks,
> and not very good ones at that.

Ah, now thats better. OK agreed it should be easy to write/use PHP I cant 
write anything in PHP, why shouldn't amateurs create products? Its not the 
domain of a privileged few and it strikes me the privileged few will say 
anything to kill off the amateurs.

> I refuse to deploy an off the shelf app that I might have to offer
> support for or customise in some way if it doesn't follow at least some
> form of decent coding standard - ideally written in an object-oriented
> fashion with well written documentation (or code that is so good it
> documents itself) and even better with a comprehensive set of unit and
> functional tests.

Now you're being silly because if I thought for one minute you'd stick rigidly 
to that statement then you had better chuck you're computer out the window 
and go and be a bus driver.

Every single piece of software has a problem or a potential problem thats why 
we have support desks, forums, mailing lists and manuals.

> Have you ever tried installing a mod for one of these things...its
> usually a case of:
>
> 1) Copy a bunch of files to xxx folder
> 2) Open xxx.php, find line 43 and insert the following code after such
> and such piece of code, remove such and such code on line 438 etc.

Now that demonstrates that its been a long time since you looked at these? and 
I would have addressed that supposed bad point in a talk.

Thats not true apart from Drupal and that was only in the setting up and all 
that was needed was to set the user name and database which you have to do in 
all of them anyway.

YOU DO NOT have to mess with any code when adding a module or content in;
Joomla or Mambo with Xoops you need to put the module folder in the modules 
folder of the site then install, Drupal is even better in respect its one 
file that you copy over then make it active.

In all four you do not need to edit the PHP 
(However I have just lied I did need to edit some code after upgrading)
But then even if my mate (and he is a mate) Sparkes wrote a site for me and I 
needed something changing HE WOULD HAVE TO EDIT THE CODE.

> Just to clarify I'm only really talking about web apps here, as that is
> the domain I work in - I couldn't speak for non web-apps.

Hey I'm a lovely salesman, I don't write code and I think Joomla is ideal for 
Joe Public and small businesses.

See the arguments to me are not convincing I've not heard "Ah they wont let 
you display pictures" thats because they will, thats the sort of reason why 
not to use them I'm looking for. To say they are badly coded may or may not 
be true but then the Linux kernel has that many patches it could keep a 
plaster manufacturer in business for years.

-- 
Regards
Peter Cannon
Fedora Core 4 & Suse 9.3

"There is every excuse for not knowing,
There is no excuse for not asking!"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/wolves/attachments/20051021/e14751a9/attachment.bin

More information about the Wolves mailing list