THe number one think that needs to be considered here is xtremessystem safety in my mind. Like i dont mine have html turned off it it keeps the forums here and more stable
Printable View
THe number one think that needs to be considered here is xtremessystem safety in my mind. Like i dont mine have html turned off it it keeps the forums here and more stable
yea i think i want to change my vote to yes, they should turn it off, the only reason i voted no was becuase of the D2OL sigs and such and now we figured that out so it wont be bad if it is turned off, now if only i could really change my vote
The hacks and whatnot are only a problem if you use an insecure browser, in which case it's your fault for using such a browser. I update regularly, including SP2 (and there's nothing wrong with it, almost everything they say is just hersay and rumor), so I voted no.
Mind you the other forum I visit regularly has it disable, and it has never been a real problem there. UBB code does the job well enough, so if you had to turn it off I don't mind. I just think it's unnecessary.
If those voting "No" and posting here with their opinions that HTML is not a problem are right, then why was boshi permanently banned?
It just appears to me that if HTML abuse isn't a problem, then what boshi did is a relatively minor infraction.
What I mean is, you can't have it both ways and still maintain integrity - horrible behavior deserves a permanent ban but if the actions of a forum member aren't all that horrible, why ban? Either HTML use is acceptable and it's potential abuse is also acceptable, or it's not.
I'm still in favor of disabling of HTML, most forums on the net have it disabled due to abuse potential.
Quote:
Originally Posted by sjohnson
Simple as that. Having HTML on in no way, shape or form means we accept its abuse. Having VB on does not mean we accept its abuse either.Quote:
20. Anyone entering the forum with the express intent to cause trouble or harm is subject to immediate and permanent ban.
matt9669 - you're evading the question ;)
Please understand that I support those rules, but the question regards why HTML is seen as both innocuous and evil, at the same time.
HTML is neither innocuous nor evil. HTML cannot in and of itself create any harm. It requires the use of browser bugs (as in the case of boshi) or outside code and/or scripting.
Boshi violated rule #20. It doesn't matter HOW he violated that rule. His intent to harm XS was clear and so he was banned permanently, immediately.
if we can't have the internet (html, images, swf, media, etc) the terrorists have already won. pre-emptive strike time? :stick:
if it's not an HTML exploit, it'll be an IMG exploit from someone's uploaded avatar.. or some other exploit to come in the end. then someone will write a worm to exploit a bug in vbb version x.
i say leave it on & deal with few when they come along. too bad it's so cat/mouse.
you could restrict to user agents (firefox/opera vs ie) but that's spoofable.
yes it was Osama bin laden working together with the NRA and the KKK to bring peoples browsers to their knees. :rolleyes:Quote:
Originally Posted by sllywhtboy
and that's the last stupid remark you're going to make on these forums. Bye bye 9mm.
:slobber: Fast and exact.......... ;)Quote:
Originally Posted by Kazoo
BTW what's up to HTML now, two hours ago it worked again, now already gone again....... :confused:
:toast:
I just noticed that vbulletin 3.0.7 has been released while the forum is running 3.0.3. Many of those updates contain a number of security fixes. Not only that, but according to netcraft outdated versions of both Apache (2.0.50 installed and 2.0.53 has been released) and PHP (4.3.8 installed whereas 4.3.10 has been released) are installed on the server.
I might as well retract what I said earlier because you should just enable everything again if your software isn't updated. Securing the site by disabling HTML and the php scripts as images isn't going to help if there are other bigger vulnerabilities. HTML shouldn't actual affect the integrity of the database where these problems actually can. At least you have Linux installed; I just hope the OS is secured for your sake.
I sure hope someone is at least backing up the database often.
I apologize in advance for sounding like a jerk, but I am trying to make a point. I just find it incredibly ironic that you are asking if HTML should be disabled when I feel there are other things that should be addressed. I have limited knowledge of the server situation, so there may be a perfectly good reason why the software appears to be out of date.
Gack! I'm not arguing for boshi. Why is the point continually being evaded? ps2pcgamer hits the nail on the head. The forums appear to be readily compromisable. Not my problem, but I fail to see how NOT securing the forum is good.Quote:
Originally Posted by matt9669
How many people don't run antivirus programs, don't use firewalls and routers, don't run antispyware? It just makes no sense to me that a forum wouldn't be as secured as is practical.
It's a matter of principal IMHO. Securing the forum by means of removing functionality is wrong because what needs securing are people's browsers, not the forum. The forum is not at fault by any means except that it allows HTML, added functionality, which happens to be exploitable on IE because it's a poor browser. Just because people have poor computing/internet practices does not mean you should accomodate those people by removing functionality from others that are not in harm's way. It's strictly the responsibility of the user. Securing the forum is all fine and well until it inhibits those that don't need securing. My browser is not vulnerable, so securing the forum in this manner does nothing but cater to the lowest common denominator in terms of personal PC security. It does nothing to help me out, it only inhibits me. As a matter of principal, I personally don't believe XS is responsible for baby-sitting the user's computing practices.Quote:
Originally Posted by sjohnson
And that's the thing, it isn't practical. It's akin to putting 2 foot bumbers 360 degrees around a car because there are bad drivers on the road. You have to draw the line between the forum's responsibility and the user's responsibility, and in this case it's the user who needs to be more responsible.
I am not using IE, so I am not worried about this particular issue/exploit. However not having HTML on XS does nothing to protect the end user from the mulititude of other forums that most people visit on a daily basis. I know I visit at least 10 different forums on a daily basis, and I am sure others are probably in the same boat.
I am pleased that the owners of XS care enough about the members here to be worried about them and their personal systems, but if a persons system is vulnerable to this exploit it is vulnerable to this exploit. Wether they run into problems from visiting XS or some other site. I think the real issue is to make the users aware of the issue and how they can be protected from it if they so feel the need. Like someone said earlier no reason all of us should be subject to the least common denominator on the internet.
Again, I just want to stress that I am glad that XS cares about us, I am sure other forums could give a rats ass about their members.
Well apparently the mods dont mind thread crapping so I will reply to this a touch.Quote:
Originally Posted by thewildblue
You have no idea of the bullsh** that has not been put onto any forum yet. There are tons of things that have yet to be put into the open. That is the reason why the "XR crew" dont stick to 'genmay' or such like. Before you go screaming about the "guilty parties" needing to leave, you might want to know those facts.
I wish beyond reason I could actually say some of these things but I am not being allowed to yet. Believe me once I can, I will.
[/end thread crap]
As for the html crap, IMO, leave it. It is the responsiblity of the end user, not the site to worry about these hacks or whatever. The sites job is to make sure their end is secure and up to date and to inform the users when something such as that has happened and then to deal with that.
IFMU
Ok, I'll repeat. I used a fully patched Win2k system and IE to test the original threads that crashed IE. I made sure that ALL patches, Critical, Recommended and Drivers were installed.
IE still crashed. So, I'm vulnerable to an HTML exploit should I use IE. XP patches may eliminate that vulnerability, I don't know. I'm using Linux and Firefox 95% of the time, so the particular exploit in question isn't a personal issue.
IMO Site management should include protection and functionality that allows members to contribute and not be vulnerable.
How many of you run Windows with no service packs, no A/V protection, no firewalling? Why should a site be run without maintaining the same type of system maintenance most would recommend for Windows?
HTML isn't the issue, site maintenance is. The HTML exploit by boshi only pointed out a need to revisit site administration. My 2 cents. Also my last post in this thread. It's just silly to argue, and the ultimate responsibility lies with the site administrators.
Microsoft has stated they are no longer fully supporting any workstation class OS except XP, meaning that your IE browser in 2K, even when fully patched, will still be vulnerable. XP SP2 fixes this particular problem, and Microsoft will not be creating security fixes for 2K like they do for XP. Since you choose not to run a fully supported OS, it is your responsibility to use a more secure browser, i.e. Firefox. If you choose not to, that is your problem, not the forum's. This statement can be directed towards all 2K users, I'm not trying to single you out.
No one is saying not to keep the server protected and secure. This is a CLIENT issue, not a server issue.
In this case, neither HTML or site maintenance is the issue... it's client maintenance to avoid being vulnerable when using an unsecure browser.
The HTML exploit by boshi, even he admitted this, was to make an example that Microsoft seems to refuse to fix problems like this for all it's products. If you read the log of Kazoo's chat with boshi, he admits turning this problem in to MS 3 years ago, and it's still not fixed on all OS's. MS has taken the stance of not being willing to fully support NT, 2K, etc. and that is the problem.
This has absolutely nothing to do with site administration. I don't think you understand the problem, or you at least just want to take the responsibility away from the user.
The thing is Im not interested in the politics between the forums. That was just my view on things as an individual and how they come accross to someone who isnt directly involved in any of it. To be honest whether XR or whoever are right or wrong they dont seem to be going the right way about things. I dont see how this is a thread crap as it was relevant to the current question as far as I was concerned.Quote:
Originally Posted by IFMU
that sounds like a great compromise to me! :)Quote:
Originally Posted by PS2pcGAMER
every week afaik :DQuote:
Originally Posted by PS2pcGAMER
:confused: ?Quote:
Originally Posted by IFMU
please explain, oh and please watch your language :P
I don't think it would be proper to disable HTML. Maybe some people around here will need it. I don't need it, but i'm against disabling it because of a 13years old punk who learned yestarday to write html and using it's vulnerabilities. I'm using Firefox from day 1. Many xtremesystems forum users use it. I don't think that there are too much people affected by this problem. You'dd better try and advertise for last MS updates... Not everyone has the Automatic Updates on.
Also i'm not convinced that discussing with punks like "blue boshi" would solve something out. When he'll grow up he'll think more wisely.
It's more often then that Saaya. ;)
@PS2pcGamer, are you also aware that version 3.07 came out less then a week after version 3.06? We are always cautious about upgrading to new versions of software without thoroughly testing it first.
@IFMU, it is not thread crapping, as the whole XR/XS thing was discussed in the initial post, in the PM between Boshi and I. Thewildblue's point, is that nobody really cares. To put it in perspective, there are less then 100 people in the world who it matters to. As for what you can't talk about, I'm sure you could speculate right up there with the best of them. But that's all it would be, speculation -- a 2nd hand version of events that you have been told, in the version you have chosen to believe. No one here can, or will fault you for your beliefs, as it's human nature to trust and believe your friends.
The bottom line is this forum is not about the XR/XS split, it's about the users. They are what make XS what it is. This is their home, and yes, they get annoyed when someone with an axe to grind disrupts and/or attempts to maliciously hurt their home. The past is just that, the past. We are all sick of rehashing events that does nothing to change anyone's mind about anything, or has anything to do with what we do here. At XS, we look to the future -- that's what we are all about ;)
AmenQuote:
Originally Posted by Kazoo
Hit the nail on the head there kazoo !Quote:
Originally Posted by Kazoo