Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #51  
Old 01-28-2006, 11:03 PM
steven s's Avatar
steven s steven s is offline
 
Join Date: Aug 2004
Location: Greenville, SC
Posts: 572
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I throw some money to the coders of mods or hacks that really enhance my site.
I can think of 3 people I have given money to.
I consider it a tip and appreciation for their efforts and contribution.
That covers 3 renewals right there. Well almost.
Maybe I'll start giving $30 instead of $25.
Reply With Quote
  #52  
Old 12-23-2007, 07:52 PM
pastalover pastalover is offline
 
Join Date: Dec 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I apologize for bringing this thread back to life, but I feel it fitting to express my opinion on the subject.

I know quite a few site owners who use vbulletin for their sites. Most of these people are not code writers by any stretch of the imagination, but desire to see the functionality on their sites improve. Therefore, they will get people who are technically capable of doing these various technical tasks, and in most cases make then administrators of their sites.

I am one of these people.

The owner of the site I frequent was having a problem with account sharing. He runs a premium site, and charges a fee for membership to the site. Well, it was found out that in some cases, close to 50 users were logging into the same account to reap benefits from the site. The solution? He came here and looked for a hack that would detect account sharing, but found nothing that was really suitable. There was a multiple IP detection hack, but that did not address users with dynamic IP's such as AOL users whose IP change every time they click a new link. Also, many other scenarios came into play which this particular plugin did not address.

Since I am a software engineer, he approached me about the problem, and asked me if I could help. I decided I would help. Therefore, myself, and another software engineer took to the task of developing a product that is very effective at detecting "account sharing". We wanted to be very non evasive to the current vbulletin infrastructure, yet also wanted to use vbulletin's current infrastructure to our advantage. Therefore we developed a plugin that requires no template modifications to perform the required tasks.

I did figure that other vbulletin users could greatly benefit from this plugin that we have developed. We created it with vbulletin's code specifications and suggested standards... making it so that it would be easily editable even for a novice coder.

This plugin will probably never see the light of day in the public arena. Why? Because neither myself nor the other software engineer that developed this software are licensed vbulletin users. I do not run my own forums, therefore I have absolutely no need for my own license. Yet, if I did want to share this software "out of the goodness of my heart", there is no provision for doing so... as I cannot even post in the "modification" section of the forums. Therefore, there is no possible way that I could support a product on your site. (BTW, I would never ask the owner of that site to add me to his email product support list)

What Jelsoft has done, is created a very "closed" community. The majority of the people holding a vbulletin license couldn't code to save their lives (nothing wrong with that). But, many of the talented people who would like to code and share have no need for a vbulletin license because they do not run their own forums. I tell you... it is easier to petition a royal court than it is to get information on vbulletin's code infrastructure and built in functions if you do not hold a vbulletin license. I cannot even see code snippets and examples when I browse this forum. Therefore, I had to export whatever plugins the forum owner already had installed to look at a few examples of vbulletin code, and to see how the hook system worked, and to see how the templates were designed.

Therefore I would like to make a suggestion:

It would be real nice if you would make a provision for anyone to be able to submit code modifications somewhere. If the code modification is decided to be "worthy", then create a status for the "unlicensed coder" to be able to support their products. Also, it would be nice if that "unlicensed coder" could see code snippets on the site. I see no real reason to allow that "unlicensed coder" to be able to download other plugins, as they would have no use for them, except for learning from them... but being able to learn from other code snippets would be very helpful.

This would only benefit your own customers, as they would have access to more forum enhancements, and more products than are already available. Also, you would probably be surprised at how many "good" code submissions you receive. I know many software engineers, and coders (good people, not your "133t H@XoR" type), that like to do things for a hobby. Something like this would be right up their alley.
Reply With Quote
  #53  
Old 12-23-2007, 10:19 PM
Blaine0002's Avatar
Blaine0002 Blaine0002 is offline
 
Join Date: Jul 2003
Location: Wisconsin.
Posts: 1,350
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I understand what you are saying, but the more people that get their hands on vbulletin code without jumping through the hoop of buying a license, the more exploits will be found and abused.

You may say "Hey that will just create more secure code", but, if noone finds out about the exploit, it really isnt a problem.
Reply With Quote
  #54  
Old 12-23-2007, 10:38 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The reason you can't see code here if you are not licensed is to make people buy legitimate licenses. If you haven't got a license you can't get proper help (i.e. gain an undestanding of vBulletin's Code). The email support list thing is there for people like you, the owner of the site should have put you on it I don't see why they didn't.

But to be very honest with you pastalover you are unfortunately a very very small minority. You have to compare the amount of people out there who are using vBulletin illegally with those that are like you.

People like your are few and far between.
Reply With Quote
  #55  
Old 12-23-2007, 10:47 PM
5th-Level 5th-Level is offline
 
Join Date: Jul 2007
Location: Georgia
Posts: 165
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I design skins for vBulletin and when I eventually want to sell my license I want be able to access this site anymore
Reply With Quote
  #56  
Old 12-23-2007, 10:49 PM
pastalover pastalover is offline
 
Join Date: Dec 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I appreciate your response Blaine0002. This reminds me of a comic strip that I once seen called "bobby tables" - google it, it is funny.

"Obscurity" as a protection, proves to be little or no protection at all. Just look at anything that is hacked. If an exploiter is so inclined, they CAN find information on the desired subject they want to exploit. Just take a look at pay-tv systems, playstations, or even vbulletin itself. "Obscurity" proved to be nothing more than a minor inconvenience. While carousing through google looking for information about vbulletin, I found many things from people you would consider "unfriendly". It was not hard finding every plugin that vbulletin has ever had posted on this site.

Sure, you may get more people that exploit weaknesses, yet you would get more people that could sanitize these vulnerabilities before they ever made it to the public scene. "Obscurity" will not stop someone with the "know how", not if they are obliging enough. Instead, we should be looking at sanitizing every sort of user input, to get rid of these vulnerabilities. And coders themselves should be on the lookout for other coder's code that could pose a potential vunerability... then discuss how to fix it.

What would you rather have? A product with holes in it that a select few can exploit at will, at any given time... things that aren't public? Or the exploits to made public, and fixes to be made? I would choose the latter of these two options.
Reply With Quote
  #57  
Old 12-23-2007, 11:41 PM
Blaine0002's Avatar
Blaine0002 Blaine0002 is offline
 
Join Date: Jul 2003
Location: Wisconsin.
Posts: 1,350
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

These few people that are "obliging" enough to find these exploitations and do illegal activities is what jelsofts legal team is for.

seriously though, if you search for phpbb exploits you will find more than vbulletin exploits.


PS good comic
Reply With Quote
  #58  
Old 12-24-2007, 06:36 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As you are aware we do have procedures to have additional people showing as licensed. If you choose not to ask the license owner to add you to his support list, then this is your decission.
Reply With Quote
  #59  
Old 12-24-2007, 05:38 PM
pastalover pastalover is offline
 
Join Date: Dec 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
As you are aware we do have procedures to have additional people showing as licensed. If you choose not to ask the license owner to add you to his support list, then this is your decission.
I understand your position, and thank you for considering my suggestion. I will not push the issue further.

Have a merry Christmas everyone! And a happy New Year!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:12 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04839 seconds
  • Memory Usage 2,244KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete