[Wolves] Scumbags Hack Xoops site

Thu Oct 20 20:05:43 BST 2005

Dick Turpin wrote:
> On Thursday 20 October 2005 17:49, Steve Parkes wrote:
> 
>> Seriously all the *nuke php cms' are total pants under the covers with
>> the majority of code written by 14 year old kids :-)  I have been saying
>> this for years and years they suck.
> 
> Go on then I'm interested, bearing in mind I'm years behind with this sort of 
> thing and I know you've been round the block a few times. I understand that 
> its not to the purist-website-creators taste, IMHO thats because it makes Web 
> site creators redundant or at least cuts the plethora down a bit.

no it doesn't it makes lamers who claim to be coders/designers redundant.

No open source CMS comes configured out of the box with a unique look 
and your business solution installed.  Jobs for people with skills.

> For those that don't know its about management so don't get side tracked in 
> respect of Web Site although thats what its doing. 

It's an application written in a client server style using an SQL 
database.  The problem comes that what looks like a content oriented 
management tool to you looks like a pile of wet shite held together with 
selotape to a developer and a playground with free beer, crack cocaine 
and whores to a cracker.

> But that dosen't address why you think they are crap is it because, as you 
> say, the code is written by 14 year old's? I remember being berated a year or 
> so ago for making a similar comment about people turning out applications in 
> their bedroom whats the difference?

If you are telling someone you have a cool client server application 
that anyone can edit your front page or get at your clients credit card 
numbers and passwords.

I don't care what age people are as long as they have a fucking clue 
about what they are doing.  Spend ten mins around a foss cms with nuke 
dna and you will soon get to see the people pulling the shots are 100% 
clueless about all parts about what they are developing apart from 
submitting lines upon lines of code into the cvs.

> 
>> If you need proof look at lists such as bugtraq and in particular at
>> what the teams behind them say when expliots are discovered.  Half the
>> time they don't even have an offical response.
> 
> But hang on thats the same for all software Linux, Open Source, Microsoft etc 
> etc there ain't anyone gonna admit their baby has a problem, I've seen 
> numerous "We cannot replicate you're problem" messages across all platforms 
> and applications so its not just a CMS thing.
> 

it's not the same for all software.  Software with developers with a 
clue have special teams for security auditing and tracking.

Within a hour or two of a linux (for example) exploit being found it's 
obvious which companies and teams have their fingers on the button 
because they release details to their communities listing the effected 
products and recommendations.

Once a genuine fix is found (if not already existing when teh exploit 
was discovered) another release will come out giving instructions on the 
problem and the fix.

For example this message about enigmail dropped into my box today

===========================================================
Ubuntu Security Notice USN-211-1	   October 20, 2005
enigmail vulnerability
CVE-2005-3256
===========================================================

followed by the problem and the fix.

Good developers are open about problems and fixes and have plans in 
motion to declare and fix problems.

MS do things there own way, it's not my problem I'm not one of their 
customers ;-)

sparkes