[hambil]

I thought the policy was to contact an author if a vulnerability was discovered in one of their hacks, and give them a reasonable amount of time to fix the issue before publicly flogging them. I believe the PM telling me about the issue was actually sent AFTER the hack was pulled and every user alerted via an update email. Gee, thanks.

It's a hack that's been around for a couple years, too. Still, I guess it just had to be removed INSTANTLY.

[Princeton]

It's nothing against the coder ... we just have to do with what's best for the community.

[hambil]

Originally Posted by Princeton

It's nothing against the coder ... we just have to do with what's best for the community.

Well let me know when you start doing that. I've been waiting for three years.

for the best of the community, when a tool is having a bug, 99% of the time, people are reporting the bug in the thread related to the hack... then the author can fix the bug...

an insert or a exploit is a bug, so it have to be reported in the thread, contacting the author, and wait for a certain time for a result...

for the best of the community, if you really want to protect the members and the people using these codes, you'd be better test each release before they go public... but you don't... so give a chance to the coder first.

[RedTyger]

It's not what Jelsoft do for their own product, so I would say it's only fair that what's good for the goose is good for the gander.

[Princeton]

Originally Posted by hambil

Well let me know when you start doing that. I've been waiting for three years.

if that was the case .. I have no idea why you're still here.

Originally Posted by nexialys

for the best of the community, when a tool is having a bug, 99% of the time, people are reporting the bug in the thread related to the hack... then the author can fix the bug...

an insert or a exploit is a bug, so it have to be reported in the thread, contacting the author, and wait for a certain time for a result...

for the best of the community, if you really want to protect the members and the people using these codes, you'd be better test each release before they go public... but you don't... so give a chance to the coder first.

if an exploit is found .. mod will be removed - no ands, ifs, or buts

coder is always contacted and they are free to fix .. once fixed, we will gladly return the mod to it's proper location

[hambil]

Originally Posted by Princeton

if that was the case .. I have no idea why you're still here.

That's a pretty good question, actually.

[Paul M]

http://www.vbulletin.org/forum/info.php?do=security

SQL injections are always considered severe.

As for 'respect' - perhaps you need to review your posts in this thread. Sarcastic remarks are not generally considered very respectful.

i think it is more frustration than missrespect from hambil... his age and experience make him easily iritated... LOL...

[hambil]

My guess is a serious review of the hacks on this board would result in over half of them being taken down for security reasons. I have no issue with dealing seriously with a security issue, but over-reactions bother me. Not contacting the author giving them a chance to fix it. Moving the hack to the graveyard so the author can't even download it themselves (to insure the fix they are making is to the same files everyone else has downloaded - especially when the hack is two years old).

As I said, this issue has been in that code for two years. To my knowledge nobody has ever had a problem, and nobody has reported it in the hack thread. This doesn't mean it isn't serious and doesn't need to be urgently addressed, but come-on. Next time Jelsoft has a serious security issue can I expect my forum software to be immediately shut down without my consent or any pre-notification and not run again until Jelsoft fixes the issue?

Call it what you want, spin it however you want, this was a disrespectful and unnecessary act that can only make sense if you have a very exaggerated sense of self importance and your place in the world. My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching, and neither is vb itself.

My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching

don't be so sure on that... i'm pretty sure that your code could be used to drive the next launch of Columbia... and actually, that may be the cause of the last crash of one of the USAir Force Helicopter... your exploit would have caused a lot if the army use vB ...

tssss !!!

[Roms]

Originally Posted by hambil

Call it what you want, spin it however you want, this was a disrespectful and unnecessary act that can only make sense if you have a very exaggerated sense of self importance and your place in the world. My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching, and neither is vb itself.

The fact is many poeple have invested a lot of money into their sites, if a modification has an exploit it is policy to remove it. This is a black and white issue with no grey area, if it has an exploit it is removed until it is fixed. If you don't like the policy then don't post your modification. It's a simple choice....

I'm happy they treat exploits with that amount of importance in their place in the world. More people should take ownership like the staff here is doing.

As for respect, it is earned. Earn it.

[hambil]

Originally Posted by Roms

As for respect, it is earned. Earn it.

That's a good idea. I'll spend about three years here, writing and publishing hacks, answering questions in support forums, attempting to start community projects like Pimp My Board and half a dozen tries to get developers and staff to work together on a community hack project, and being as supportive and responsive as I can manage with my hacks when people have questions or issues.

Wait, I did that already. What have you done?

tss, tss, guys, please calm down...

it is obviously just a misinterpretation of the action made regarding a hack to be checked out... can you just stay focussed here instead of throwing insults ?!

[hambil]

Originally Posted by nexialys

tss, tss, guys, please calm down...

it is obviously just a misinterpretation of the action made regarding a hack to be checked out... can you just stay focussed here instead of throwing insults ?!

I agree actually. It's not this one action, for me. It's cumulative. As I said, I've spent three years here, and I think I'm done, at least as far as free hacks go.