phpBB 3.2

[Cap'n Refsmmat]

Yes indeed, I'm just making sure they don't forget

[Otra]

I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I'm not here to argue, please stop trying to do so with me. Being flamebait is someone trying to cause trouble. If you think I am trying to cause trouble, go back and read my replies, please.

Listen, people. I read, way way way back, very different ideas as to the hows and why's of their decision. I respect the fact that they think it makes it more like a chat room, but I disagree with that. I'm not insulting anyone, I'm not being a jerk, I simply disagree, and if you want to hate me because I simply disagree with something, then you should look at your priorities. I think it makes life a lot easier at a forum, and makes it a lot easier to use.

The reason I was annoyed - at first - was I was told anyone who so much as spoke about QR would be banned from here. I don't like that idea, and I've since seen that was either a lie from another user, or something they might have said to shut people up. I don't know, I don't care, and it doesn't seem likely they have or will ban for that. If there's even a shred of truth about that, though, it shows that the QR mod is very desirable.

So, if you want to reply to me, and you want to jump all over me for this, again I ask you to go back to the last page or two and see what I said.

---

On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.

[Nicholas the Italian]

On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.

Yes. Look at one of the one hundred topics about prosilver ("First impressions", for example, on phpbb.com).

[Eelke]

I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I think you're the only person who is trying to make a fight out of this, because that comment wasn't directed at you... Personally, when I do not include quotes, that'd usually mean I am replying to the post directly above mine. Also, I think the second sentence of that reply was a pretty obvious clue what I was replying to: "If you're going to accuse the current BBcode handling of being improper, at least provide some kind of motivation." I.e., i was replying to:

I'd like proper BBcode handling, myself.

That's just an unfounded, unmotivated statement, which would indeed seem to have as its sole purpose to annoy people. That qualifies as flamebait in my book, until that person motivates their statement to explain why they think the BBcode handling isn't "proper". As I basically said in that reply already.

[bonelifer]

I find it funny so many people are bitching about phpBB 3 not having AJAX. When just recently they found that the majority of STABLE and reliable AJAX implementations where found to have a serious security vulnerabilities allowing someone to execute dangerous arbitrary code on the host system.

[Eelke]

Who's they and where did they find it? AJAX isn't trivial, that's for sure.

[bonelifer]

Reference:
Web 2.0 Apps Vulnerable to Attack -->> http://news.yahoo.com/s/pcworld/2007040 ... rld/130354

More References:
Report warns of critical flaw in Web 2.0, AJAX -->> http://searchsecurity.techtarget.com/or ... 66,00.html

Love Ajax? Hate The Exploits -->> http://www.webpronews.com/topnews/2007/ ... e-exploits

New vulnerability strikes heart of Web 2.0 -->> http://www.regdeveloper.co.uk/2007/04/0 ... hijacking/

JavaScript Hijacking -->> http://www.schneier.com/blog/archives/2 ... _hija.html

[Handyman]

Reference:
Web 2.0 Apps Vulnerable to Attack -->> http://news.yahoo.com/s/pcworld/2007040 ... rld/130354

More References:
Report warns of critical flaw in Web 2.0, AJAX -->> http://searchsecurity.techtarget.com/or ... 66,00.html

Love Ajax? Hate The Exploits -->> http://www.webpronews.com/topnews/2007/ ... e-exploits

New vulnerability strikes heart of Web 2.0 -->> http://www.regdeveloper.co.uk/2007/04/0 ... hijacking/

JavaScript Hijacking -->> http://www.schneier.com/blog/archives/2 ... _hija.html

a few things you should be aware of with ajax

IMHO, this paper does not show anything that is new. In order to get any of the examples running you need to have access to the page DOM via XSS or some sort of browser bug. If the attacker has access to the page and the page DOM, of course they can hijack whatever they want.

So the title "JavaScript Hijaking" does not make sense at all, at least not to me. It is almost like saying Python hijacking or Perl hijacking. If someone has access to Python or Perl's dynamic environment they will be able to hijack all of the objects.

This paper is primarily based on using JavaScript capabilities as programming language to show fictitious problems. Every AJAX programmer knows how to overwrite prototype methods and properties but this does not make the programming feature a security problem.

It is time to look at JavaScript the same way you look at other programming languages. There is nothing different about.

That's all I have to say.

Good blog!

and

Curiously, the paper seems to deliberately avoid making the simple recommendation not to use JSON for message exchange in the first place. I've always been extremely wary of JSON--anything that requires calling eval on an interpolated value is something to be avoided in any language. It's an inherently lazy and dangerous construct, and frameworks should not be promulgating it.

JSON is making a big publicity push to try and get that method of using AJAX out there… apparently it's not safe.
So in the end, it really depends on how it's written and how the back end handles the AJAX.

[EXreaction]

As for someone mentioning Soft Delete.

I will probably be making a mod for it later on.

Currently (ok, not really working on it now. I work on it whenever I feel like it, but I only do 1 project at a time) I am working on my User Blog mod. I did some thinking about the deletion method that should be used in it (yes, the User Blog Mod has soft delete) and the thing that worked best was users, mods, and admins can soft delete if they have the permissions. Moderators and admins can un-delete if they have the permissions. Admins can permanently delete (it first needs to be soft deleted, once that is done it can be permanently deleted) if they have the permissions.

I think it would be rather easy to implement that setup in the core package.

[Otra]

I only wish to reply to the person who called me "flamebate", and provide yet another short note of what happened. I'll just touch on a few things here.

I think you're the only person who is trying to make a fight out of this, because that comment wasn't directed at you... Personally, when I do not include quotes, that'd usually mean I am replying to the post directly above mine. Also, I think the second sentence of that reply was a pretty obvious clue what I was replying to: "If you're going to accuse the current BBcode handling of being improper, at least provide some kind of motivation." I.e., i was replying to:

I'd like proper BBcode handling, myself.

That's just an unfounded, unmotivated statement, which would indeed seem to have as its sole purpose to annoy people. That qualifies as flamebait in my book, until that person motivates their statement to explain why they think the BBcode handling isn't "proper". As I basically said in that reply already.

I'm quoting below instead because I just want to be short.

Eelke, you obviously do things a little different. Considering how people have treated me here, simply because I have a different opinion, I am looking out for more people jumping on my back because I think differently on one subject, yet am not insulting those who insulted me, nor am I trying to argue. I simply and only want the fact that my opinion is different to not affect my standing at a forum I'm beginning to dislike due to people like you. You made a big deal out of this to me, and continued the trend to the person who has a different opinion then you on how BBcode is done.

On a positive note, since I was last here a week or so ago, the new skin is outstanding! Attractive, and wonderful functionality. I do wonder if the avatar and user info is movable? I only ask that because I'm used to it on the left, although it still works well.

Yes. Look at one of the one hundred topics about prosilver ("First impressions", for example, on phpbb.com).

Ya know, this is simply NOT a friendly forum at all. I have to be directed to another post (or posts) simply because I thought I'd insert the comment in here about prosilver? Geez, I only said I liked it and was not trying to start some huge conversation, and I wanted something nice and friendly in my post. What is wrong with everyone here that they have to jump on everyone's back for everything?

This place really needs to learn not to be so all out on people.