Register Members List Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools
  #1  
Old 29 Jun 2007, 17:54
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
What happened to respect?

I thought the policy was to contact an author if a vulnerability was discovered in one of their hacks, and give them a reasonable amount of time to fix the issue before publicly flogging them. I believe the PM telling me about the issue was actually sent AFTER the hack was pulled and every user alerted via an update email. Gee, thanks.

It's a hack that's been around for a couple years, too. Still, I guess it just had to be removed INSTANTLY.
__________________
  #2  
Old 29 Jun 2007, 17:56
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
It's nothing against the coder ... we just have to do with what's best for the community.
__________________
Former vBulletin.org Staff Member

Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
  #3  
Old 29 Jun 2007, 18:00
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
Originally Posted by Princeton View Post
It's nothing against the coder ... we just have to do with what's best for the community.
Well let me know when you start doing that. I've been waiting for three years.
__________________
  #4  
Old 29 Jun 2007, 18:02
nexialys
Guest
 
for the best of the community, when a tool is having a bug, 99% of the time, people are reporting the bug in the thread related to the hack... then the author can fix the bug...

an insert or a exploit is a bug, so it have to be reported in the thread, contacting the author, and wait for a certain time for a result...

for the best of the community, if you really want to protect the members and the people using these codes, you'd be better test each release before they go public... but you don't... so give a chance to the coder first.
  #5  
Old 29 Jun 2007, 18:05
RedTyger RedTyger is offline
 
Join Date: Nov 2006
It's not what Jelsoft do for their own product, so I would say it's only fair that what's good for the goose is good for the gander.
  #6  
Old 29 Jun 2007, 18:07
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
Originally Posted by hambil View Post
Well let me know when you start doing that. I've been waiting for three years.
if that was the case .. I have no idea why you're still here.

Originally Posted by nexialys View Post
for the best of the community, when a tool is having a bug, 99% of the time, people are reporting the bug in the thread related to the hack... then the author can fix the bug...

an insert or a exploit is a bug, so it have to be reported in the thread, contacting the author, and wait for a certain time for a result...

for the best of the community, if you really want to protect the members and the people using these codes, you'd be better test each release before they go public... but you don't... so give a chance to the coder first.
if an exploit is found .. mod will be removed - no ands, ifs, or buts

coder is always contacted and they are free to fix .. once fixed, we will gladly return the mod to it's proper location
__________________
Former vBulletin.org Staff Member

Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
  #7  
Old 29 Jun 2007, 18:39
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
Originally Posted by Princeton View Post
if that was the case .. I have no idea why you're still here.
That's a pretty good question, actually.
__________________
  #8  
Old 29 Jun 2007, 21:14
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
http://www.vbulletin.org/forum/info.php?do=security

SQL injections are always considered severe.

As for 'respect' - perhaps you need to review your posts in this thread. Sarcastic remarks are not generally considered very respectful.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
  #9  
Old 29 Jun 2007, 21:53
nexialys
Guest
 
i think it is more frustration than missrespect from hambil... his age and experience make him easily iritated... LOL...
  #10  
Old 30 Jun 2007, 01:22
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
My guess is a serious review of the hacks on this board would result in over half of them being taken down for security reasons. I have no issue with dealing seriously with a security issue, but over-reactions bother me. Not contacting the author giving them a chance to fix it. Moving the hack to the graveyard so the author can't even download it themselves (to insure the fix they are making is to the same files everyone else has downloaded - especially when the hack is two years old).

As I said, this issue has been in that code for two years. To my knowledge nobody has ever had a problem, and nobody has reported it in the hack thread. This doesn't mean it isn't serious and doesn't need to be urgently addressed, but come-on. Next time Jelsoft has a serious security issue can I expect my forum software to be immediately shut down without my consent or any pre-notification and not run again until Jelsoft fixes the issue?

Call it what you want, spin it however you want, this was a disrespectful and unnecessary act that can only make sense if you have a very exaggerated sense of self importance and your place in the world. My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching, and neither is vb itself.
__________________
  #11  
Old 30 Jun 2007, 01:55
nexialys
Guest
 
My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching
don't be so sure on that... i'm pretty sure that your code could be used to drive the next launch of Columbia... and actually, that may be the cause of the last crash of one of the USAir Force Helicopter... your exploit would have caused a lot if the army use vB ...

tssss !!!
  #12  
Old 30 Jun 2007, 02:46
Roms's Avatar
Roms Roms is offline
 
Join Date: Jun 2004
Real name: Roms
Originally Posted by hambil View Post
Call it what you want, spin it however you want, this was a disrespectful and unnecessary act that can only make sense if you have a very exaggerated sense of self importance and your place in the world. My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching, and neither is vb itself.
The fact is many poeple have invested a lot of money into their sites, if a modification has an exploit it is policy to remove it. This is a black and white issue with no grey area, if it has an exploit it is removed until it is fixed. If you don't like the policy then don't post your modification. It's a simple choice....

I'm happy they treat exploits with that amount of importance in their place in the world. More people should take ownership like the staff here is doing.

As for respect, it is earned. Earn it.
__________________
Former vBulletin.org Staff Member

- Roms, \m/ Rock on!

"We are the vBorg. You will be assimilated!"



Please do not contact me via PM or E-Mail to answer questions about a modification, please use the relevant thread or forum. I don't do custom work.

Last edited by Roms; 30 Jun 2007 at 02:49.
  #13  
Old 30 Jun 2007, 03:35
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
Originally Posted by Roms View Post
As for respect, it is earned. Earn it.
That's a good idea. I'll spend about three years here, writing and publishing hacks, answering questions in support forums, attempting to start community projects like Pimp My Board and half a dozen tries to get developers and staff to work together on a community hack project, and being as supportive and responsive as I can manage with my hacks when people have questions or issues.

Wait, I did that already. What have you done?
__________________
  #14  
Old 30 Jun 2007, 03:37
nexialys
Guest
 
tss, tss, guys, please calm down...

it is obviously just a misinterpretation of the action made regarding a hack to be checked out... can you just stay focussed here instead of throwing insults ?!
  #15  
Old 30 Jun 2007, 03:40
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Real name: Hambil
Originally Posted by nexialys View Post
tss, tss, guys, please calm down...

it is obviously just a misinterpretation of the action made regarding a hack to be checked out... can you just stay focussed here instead of throwing insults ?!
I agree actually. It's not this one action, for me. It's cumulative. As I said, I've spent three years here, and I think I'm done, at least as far as free hacks go.
__________________
Closed Thread



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 09:05.

Layout Options | Width: Wide Color: