The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#191
05-22-2006, 01:37 PM
|
|||
|
|||
Quote:
|
|
#192
05-22-2006, 03:32 PM
|
||||
|
||||
|
You (VBorg/VBcom staff/volunteers et al) have failed to grasp my vailed attempt to bring some sanity into your actions, or inactions.
You have missed or simply refused to listen to JohnBee's comments. Quote:
Quote:
I am absolutely horrified by the lack of business sense vBorg/Jelsoft team has demonstrated in this, and similar threads. Wake up Jelsoft. |
|
#193
05-22-2006, 04:42 PM
|
||||
|
||||
|
Quote:
Quote:
If you want to modify your board, you are doing so at your own risk. Jelsoft is not the author of the hacks. Jelsoft does not hold responsibility for the content of the hacks; though they remove anything that is unsafe. You guys are missing the point of the thread, here is my take:
|
|
#194
05-22-2006, 05:42 PM
|
||||
|
||||
|
You've completely missed the point. Let me try to restate it.
Code with backdoors were uploaded to this site and downloaded by users of this site. The code found thus far is relatively harmless, but it was only found because it interacted with this site AND it took several months to be noticed. This does not mean that all backdoors have been found. Nor does it mean all that all as of yet unfound backdoors are harmless. Someone said there is a procedure in place for security risks. I disagree. There may be procedures for reacting to vulnerabilities once known, but nothing of a proactive nature to expose potential vulnerabilities before they happen. And lets stop referring to Jelsoft. If the VB.Org staff is to be believed, and I think they are entitled to that, then VB.Org is NOT Jelsoft. This is a unique and separate entity. So, my two cents on a solution... 1. Hacks not supported by the author should not even be here. Thats the biggest risk right there. 2. Hacks/Mods/plugins/products - anything with PHP code - should only be allowed to be posted by individuals in a particular group, coder group for example. 3. There should be a verification process for allowing an individual into the coder group, some identifying credentials that translates a computer username into a real person with a verified location in the real world. 4. Coder titles should not be based on post counts. If I release a poor product, I could easily ratchet up my post count supporting that dog. Coder titles should be a formula taking into account longevity, post count, threads started in the release areas, combined install bases, number of monimations for HOTM and number of times won, all properly weighted so that no one variable matters significantly. It is the overall body of work that matters. 5. HOTM should be based on something other than raw install numbers. You need a more meaningful criteria than that, plus then there is no need for install numbers to generate this type of an issue. The folks on the coding team should be able to make nominations based on merit if their good enough developers in their own right. And what's wrong with 10 nominees? Let each coding team member nominate 2 hacks and give us a narrative as to why. 6. Again for the coding team. Any hack/file/plugin/product should be subject to random audits and the results made known. Maybe not specifically, but perhaps award the code a "VB.Org" certified label. Also something for the programmer themselves, showing that their code meets VB.Org standards. 7. Finally, when you do find something amiss, IMMEDIATELY email all users who have installed the prodcut/plugin/code and tell us to suspend its operation immediately. Your loyalty in that situation is to us, the install base of the code, and not to the coder. 8 I lied. THIS is the final thought. Charge for listing commercial software if you so desire, but give a discount for any developer that offers a useful "lite" version here. You should definitely differentiate between those that see VB.Org as a target market and those that support the site with lite versions. Flame away, boys and girls. I'm a big boy. I can take it. |
|
#195
05-22-2006, 05:48 PM
|
||||
|
||||
|
Good post FASherman...if it is all do-able given the limited resourses the staff has here, then I'm all for it. What it may come down to in order to achieve these type of results is a certain level of paid staff...this remains to be seen.
|
|
#196
05-22-2006, 06:06 PM
|
||||
|
||||
|
1. Why not? They are still useful to others. This ties into the 'users becoming lazy' discussion that the product system brought. Many 'hacks' are ways to edit your board; whether or not the author supports it, the value is still there.
2. I disagree. How do you expect people to learn? If this was the case, I bet you that 50% of the hacks here would be gone - including many of the popular ones. 3. They can always hold the license owner responsible... 4. They are based on # of installs. Don't take them so seriously; they are just for show. 5. I beleive the top 10 installed hacks are placed into the poll automatically, but the voting is done by users. 6. If something HAS been inspected by the coders, then yes, some sort of 'verified' status would be good. The downside, though, is that users will begin to not install unverified hacks. It should be a plus, not a requirement. 7. Yes, if the coder does something wrong, they should be pointed out. That is probably punishment enough. You are taking the 'coders' usertitles and the 'coding team' way too seriously. Many users have far more talent who are not 'coders' or who aren't on the team. Everyone also has very different standards. What I consider a good coder, may greatly differ from who the staff considers a good coder (either way). Who's call is it? Are they qualified to make this decision? -as a developer, so my thoughts may be a little bias. |
|
#197
05-22-2006, 06:08 PM
|
||||
|
||||
|
I've got an asnwer for that too, if it takes more staff. Charge for user access.
What I mean is this: Keep track of the release dates of uploads. Lets say I upload GeeWiz 1.0 into the product release directory. All contributing members get immediate access to that new release. Non-contributing members get access after 30 days. Then I update the code to GeeWiz1.1. Contributing members can download v1.1 right away. Non-contributing members must wait for 30 days. For those 30 days, v1.0 is still available for download. After 30 days, v1.1 is available and v1.0 is archived. 30 days could just as easily be 45 or 60 days. Doesn't matter. Contributor memberships cost $25/per year. Just another idea. |
|
#198
05-22-2006, 06:40 PM
|
|||
|
|||
|
If this is the case then the coder in question must face the responsibility for his or her actions.
Look at it this way, from a legal stand point if you present a product such as software with a list of features but fail to mention or disclose hidden features, then you as a coder are miss representing a product where end users are incapable of properly evaluating the risks involved before committed the said product to there own site. In an overall case this is an illegal procedure. This situation has brought a very interesting point to my attention. It would seem that neither Jelsoft, vb.org or the coder claim liability for such actions and under these conditions the system is in serious need to change. Quote:
|
|
#199
05-22-2006, 07:08 PM
|
|||
|
|||
|
I understand what happened, but I'm still failing to see how it's apparently such a struggle to just let us know which hacks you found out about? Why won't someone post it? No one is going to die. And those people obviously aren't going to step forward & say it's their hacks otherwise they would've done it already.
|
|
#200
05-22-2006, 07:18 PM
|
||||
|
||||
|
Quote:
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 08:56 PM.