Continued Development

Quote: Originally posted by LordOfSpoon

Hello All! As I have made a previous post here explaining I would like to continue development on XMB. After some serious life changes I was unfortunately unable to even work on my own projects. As you can see, I have not forgotten about this community. I have to say...I'm blown away that there are still some people stalking around here. Which, makes me feel pretty inspired. If anyone on here would me out. I may not have a lot of time for development, however, I can pitch in time for webmaster services, design, and organization services. I can purchase domains, hosting, etc. All I would ask in return is some help from dedicated people... Although, there would need to be some changes. The forum would need to be 're-branded'. The reason being, this domain is toxic. Just by reading some former posts, there is too much confusion with domains and such. I'm willing to give this a shot if other people are will to pitch in. I can begin setting up a Trello Board to organize the development and GitHub to code share. Why do I want to do this? Honestly, I love forums and the people around them. Forums are dying because of large sites like Reddit and Facebook. But that doesn't mean there isn't room for a small market which XMB could fill. If know-one here would like to see this through, I understand. What do you say?...

Toxic? nope, that's called history. I'm not keen on rebranding as it's an insult to everyone that has helped xmb in the past and currently.

To be honest - anyone can provide webmaster services, design, and organization services along with purchasing of domains, hosting, etc. What xmb does need in my opinion, is people with php experience and time, so there is more than one dev/support.

Good luck though with whatever you decide to do, whether that is here, other forums, creating your own or walking away.

Quote: Originally posted by xmb-fan

Toxic? nope, that's called history. I'm not keen on rebranding as it's an insult to everyone that has helped xmb in the past and currently. To be honest - anyone can provide webmaster services, design, and organization services along with purchasing of domains, hosting, etc. What xmb does need in my opinion, is people with php experience and time, so there is more than one dev/support. Good luck though with whatever you decide to do, whether that is here, other forums, creating your own or walking away.

History is just that... History. We as webmasters remember those great days of a certain website which we had a deep attachment too. Regardless of those emotions, some things just need to be let go for progress to continue.

I can understand how rebranding would feel like an insult. However, from legal complications, DMCA issues, no staff, and many more issues, the truth is that this site remains on the hope that this software will remain relevant and will be remade someday. Which is awesome, don't get me wrong. I applaud the people who have come this far with it. If everyone really cares about this community and this software, it's time to hit the ground running and organize some support.

And you're right... Anyone can provide these services. The fact is, I don't see a lot of people around saying they are (apart from lottos, and other people keeping this site going) offering such services.

Yes, developers are an integral part of the operation. I have many years in the forum 'world' and strong organizational skills. I also have ties to a lot locals colleges and schools in my area. There is much that can be done, even without those handy coding skills.

I very much appreciate your post, xmb-fan. I can see a good future in this software if everyone is willing to pitch in, make hard decisions, and move forward. If thats the case, I will stay around as long as possible. I have no interest in working with another forum software again, unless it's XMB.

The fact that you have registered an account to simply reply to this post, speaks volumes about this software...

Quote: Originally posted by kuba1

Not much for me to say .... miqrogroove is the man for these questions.

Nice to see my u2u worked lol

Quote: Originally posted by miqrogroove

Branding has never been the issue. My personal goal was to stabilize the old code just so that it was still workable. During that effort, there was a consensus reached that the old code would be of no value to a new major version. It would have to be a total re-write. So the brand was something that could stay or go without much consequence to a new project. And it was never my intention to re-invent this wheel.

Well suppose we build a team for a new project? I miss working in these areas and want to get back in the game. Even the lead of Flarum left to build his own premium forum software.

I have many great ideas and the motivation. Just need the right people.

Quote: Originally posted by lottos

Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.

Well, I’m here everyday now. Scanning this topic for replies lol I’m willing to give something an actual shot if others are.

It really depends on how you intend to do it. Writing everything from a scratch is a quite ambitious and very unlikely....
The xmb as it is right now is very messy to extend. You would need to write a framework or use an existing one that would have great extendibility.
I think porting xmb as a full forum module on some existing cms is your best best.

Quote: Originally posted by lottos

Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners.

100% agree. I've just spent a few days making GaiaBB (nee UltimaBB, which John and I worked on after XMB), PHP 7.4, mysqli, and MariaDB compatible. I think at this point, it might be worthwhile to bring those things together so there can be one code base for those who have historic XMB, XMB 2, UltimaBB, and GaiaBB forums.

Quote: Originally posted by vanderaj

Quote: Originally posted by lottos   Been down this path a few times with people coming in and making a level of excitement, eg sliq and eman86, then to never see them again, so I'm not holding my breath. I think over the years, there has been a consolidation of forum providers, with some dropping off the radar and a few new ones emerging as the new front runners. 100% agree. I've just spent a few days making GaiaBB (nee UltimaBB, which John and I worked on after XMB), PHP 7.4, mysqli, and MariaDB compatible. I think at this point, it might be worthwhile to bring those things together so there can be one code base for those who have historic XMB, XMB 2, UltimaBB, and GaiaBB forums.

I've done some preliminary testing of xmb with php7.4, warning messages [added to bug tracker]:

PHP Deprecated: Function get_magic_quotes_runtime() is deprecated in /include/global.inc.php on line 34
PHP Deprecated: Function get_magic_quotes_gpc() is deprecated in /include/validate.inc.php on line 82

Noticed your forum footer links to a gaiabb domain that must have expired as it's definitely not to your code. I'd link it to your github [or back here ].

Grabbed your image dimension code in functions.inc.php for another xmb forum user.

Look forward to your further testing results.

Quote: Originally posted by vanderaj

I just checked in a bunch of code that includes the XMB postify() and a bunch of other fixes. I'm still working on issues relating to PHP 7.4. I keep on getting surprised at what actually works (terrible code), and what doesn't (clean but ... wrong ... code). I ported the Davis theme to GaiaBB. It showed that there are issues with importing XMB themes, and also found a bug in header links area that's probably been there for over a decade. I'll get the rest working first before revisiting XMB theme support. Edit: Yeah, I let that domain expire, so I had thought I had updated all the links in the code to GitHub. There should be no more links to the domain at all.

Great! Interested on collaborating with this?

Quote: Originally posted by miqrogroove

There's an interesting bug report now encouraging an overhaul of the XMB session handler. Basically, why does XMB allow weak password resets and why is there no rate checking of failed login attempts, etc. Obviously, XMB has always been weak in these areas. The minimal amount of work to fix this would be a re-write of the session system (no reason to keep the old code), upgrade of the database schema requiring use of the (new) XMB upgrade script, and increasing the minimum PHP support level to 7-ish. So I'm looking for second opinions. Does the community need this, and when? Will it break anything? Is it worth the effort anymore?

I think you know my opinion: yes to questions 1 and 3!

XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate.

Quote: Originally posted by lottos

XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate.

This part is fine. The report shows we have less than 3 bytes of useful entropy and even less with stronger hacks. Without any rate limits or extra tokens it is possible to brute force account access.

A few quick notes on this, on our XMB forum we changed the hashing algorithm to SHA256 (I believe), and of course had to rehash existing passwords (via mandatory password reset).

We also added a database table to track failed logins, and even an anti-spam system to track known behavior (ie: proceding to the User CP within a minute of registration, attempts to insert URLs into bio/signature fields, etc)

If anybody is interested in collaborating on this, let me know! I also run a forum in a non-production environment that we can nuke the crap out of in the name of development/progress

Can I just add how exciting it is to see interest in XMB?

Quote: Originally posted by miqrogroove

Quote: Originally posted by lottos   XMB misc.php allows one password reset request per 24 hours, date and time of last request in members table, column pwdate. This part is fine. The report shows we have less than 3 bytes of useful entropy and even less with stronger hacks. Without any rate limits or extra tokens it is possible to brute force account access.

Oh yes, we danced with this for quite awhile. Our site owner was dead set on VB initially, but I managed to talk him into going with XMB so this issue in particular was in the forefront.

Other than account lockout timers (similar to the Windows domain feature) and implementing a more secure hashing algorithm (SHA256) we never did find a neat & tidy solution. I proposed everything from password complexity requirements and PIN codes to multifactor authentication. Our Sophos UTM security appliance with WAF adds another layer of intrusion prevention, exploit mitigation and session hardening, but of course this isn't bulletproof either.

For us, a key security measure is frequent backups. Every time we move code into the production environment, we take a full backup. Backups are also conducted three times per day, using Windows scheduled tasks and saved to a shared network location. This location is backed up once daily to physical disk.

Fortunately I have physical server access which makes this process much easier. On that same note, we have plenty of extra space on the server and gigabit bandwidth if anybody needs a place to host an XMB instance! Also can accommodate your own domain provided you can point them at our nameservers.

Quote: Originally posted by miqrogroove

What would be an appropriate version number for the next patch then? If it requires a schema upgrade and PHP upgrade, would it become 1.9.12?

Sounds right to me!

Exciting times

So whats the plan Micro?

Quote: Originally posted by miqrogroove

Are there any existing hacks that should get baked into 1.9.12? I was thinking our new user moderation system has become such a vital anti-spam tool that it would have even more value as an integrated feature set. https://sourceforge.net/p/xmb-forum/code/HEAD/tree/hacks/tru... The code has been stable for years, and just needs some refinement to make it look more official.

After reviewing the list of existing hacks, I think the moderation system is a great and most appropriate candidate to be baked in.

Not existing hacks but perhaps the last post date and time could be a link to the actual last post? Could be more intuitive for some ?



[edit: saw a nifty implementation of something similar from forum provider microcosm where they have for example:
@Ken replied 3 hours ago

Broken down:
'@Ken' is hyperlink to member profile
'replied' is the hyperlink to the last post
'3 hours ago' is clickable and changes to the date and time posted]

Quote: Originally posted by lottos

google-rdf-breadcrumbs.zip rdfa-breadcrumbs.zip Maybe a contender?

Going to take a second look at this.

Beta 2 is up.

Quote: Originally posted by lottos

Wondering how difficult it would be to alter search.php to allow multiple user names in the user name field, perhaps in same format as sending multiple u2us, ie: user1, user2, user3

Sounds like an interesting feature or modification.

Seems like beta testing is wrapped up. I don't know how much serious testing happened, but it's what we got. I'll try to package up the 1.9.12 release today or tomorrow.

Quote: Originally posted by miqrogroove

Seems like beta testing is wrapped up. I don't know how much serious testing happened, but it's what we got. I'll try to package up the 1.9.12 release today or tomorrow.

I did as much as possible, topicadmin was an area I spent some time on and with the admin rights I have, all seemed to function as expected.

Awesome work miqrogroove, I've peeked at much of the code and the effort you have put into this is commendable.

p.s. Don't forget to update https://www.xmbforum2.com/ after the release