Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Update your Vanilla Forums
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Update your Vanilla Forums

MunMun Member without signature
Howdy,

We've just released 2.1.13, which addresses multiple security issues issues found during a self-initiated audit. Update should be applied immediately to all forums running the 2.1 release branch (or earlier). You can find full details on what changes were made and how to upgrade here.

More info:
http://vanillaforums.org/discussion/31046/vanilla-2-1-13-security-updates

Thanked by 2netomx Nyr
«1

Comments

  • MunMun Member without signature

    @jbiloh ;) ^^

  • NekkiNekki Moderator

    @Mun said:
    jbiloh ;) ^^

    I think we need @sysadmin

    Thanked by 1netomx

    Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.

  • MunMun Member without signature

    @Nekki said:

    I think I need you ;)

  • NekkiNekki Moderator

    @Mun said:
    I think I need you ;)

    Well ain't you just the sweet talker

    Thanked by 3netomx GM2015 BensDaMan

    Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.

  • @Nekki said:
    Well ain't you just the sweet talker

    Mum got in your pants pretty quick, I didn't know you were that easy ;)

    Thanked by 2GM2015 NexHost
  • So much love in this thread!

    Want your Service reviewed? Shoot me a PM
    realvpsreview.com

  • NyrNyr Member
    edited November 2015

    This is getting ridiculous. I don't know where to start:

    • Two weeks ago, they released another security update. They needed to release FOUR different revisions until all the regressions introduced in the security update were fixed. This did take them several days.
    • New update released some days ago and today another revision is submitted to fix one more regression. So a total of four revisions needed in two weeks just to fix fucking security updates.
    • I didn't get a notification about this new security update because they didn't care to tag the release in GitHub. There isn't any reliable way to get security notifications from them.

    Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    Thanked by 1doughmanes
  • ATHK said: Mum got in your pants pretty quick, I didn't know you were that easy ;)

    >

    Awkward typo

    Thanked by 3GM2015 trewq BensDaMan

    Favourite host in general: Ramnode (affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)

  • MunMun Member without signature

    I moved away from Vanilla forums around a year and a half ago due to the issues that kept happening.

  • @IceCream said:
    Who uses Vanilla forums anyway.

    I'm getting rusty, I can't tell if that's sarcasm or not.

  • MunMun Member without signature

    @IceCream said:
    Who uses Vanilla forums anyway.

    Stares at screen .

    Thanked by 2netomx Nomad
  • IceCreamIceCream Member
    edited November 2015

    @Umcookies said:
    I'm getting rusty, I can't tell if that's sarcasm or not.

    What is sarcasm?

  • @IceCream said:
    What is sarcasm?

    Its an icecream flavour :)

    Thanked by 1Falzo
  • In my country we make sarcasm with fermented cabbage. Every Sunday the whole family gets together for sarcasm.

    Thanked by 2netomx Four20
  • @Mun, @IceCream, @Nyr What do you suggest as alternatives?

  • @TWo said:
    Mun, IceCream, Nyr What do you suggest as alternatives?

    Flarum looks decent.

    Thanked by 1TWo
  • @Nyr said:
    Flarum looks decent.

    Will look into it. Thanks.

  • MunMun Member without signature

    @TWo said:

    Fluxxbb is also amazing, they are migrating it into flarum though.

    Thanked by 1TWo
  • MunMun Member without signature

    @mgilang said:
    vote for discourse forum

    Kinda meh, buggy, heavy on resources.

  • joepie91joepie91 Member, Provider
    edited November 2015

    Discourse has a lot of the right ideas, but unfortunately 1) it's written in Ruby (which means it is a nightmare to deploy), and 2) it requires Javascript to be enabled to use it (even just to read), which is unacceptable for a forum.

    Thanked by 1netomx
  • dedicadosdedicados Member
    edited November 2015
    Two weeks ago, they released another security update. They needed to release FOUR different revisions until all the regressions introduced in the security update were fixed. This did take them several days.
    New update released some days ago and today another revision is submitted to fix one more regression. So a total of four revisions needed in two weeks just to fix fucking security updates.
    I didn't get a notification about this new security update because they didn't care to tag the release in GitHub. There isn't any reliable way to get security notifications from them.
    

    Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    sounds like WHMCS

    xD

    Thanked by 2netomx tux

    Nothing for the moment

  • Flarum is cool, but I'm waiting until it's a bit more feature-complete before deploying it. Discourse is a resource hog (and then some!), but it's pretty stable and flexible once you get it up and running.

    Thanked by 1Rolter

    This signature wasted 121 bytes of your data allocation.

    https://nixstats.com/report/56b53d6465689e44598b4567

  • Nyr said: Guys: don't use Vanilla Forums for any project you are planning to start, really. The codebase is crap, the security side is crap too and the developers aren't qualified to ship a production ready product.

    And yet, despite many, many attempts I don't seem to be able to convince some people that we should switch from Vanilla to a more mature, secure, and stable product.

    This product is going to bite us in the ass again sooner or later and all I can do at that point is say "I told you so" and try to iron things out for the people that wouldn't listed to me.

    I recommend Prometeus, the best provider ever!

  • MunMun Member without signature

    @mpkossen as of current there is no good way to migrate to another forum. So start from scratch as well.

  • @Mun said:
    mpkossen as of current there is no good way to migrate to another forum. So start from scratch as well.

    Writing a migration script should be worth the effort IMHO. What's worse: having to spend 16-32 hours on writing a migration script or having your forum owned again and your reputation blown to pieces?

    I believe there is at least one solution with an importer that can then export to other solutions. Migrations aren't easy, they never are. But at some point it is worth the effort.

    Thanked by 1Rolter

    I recommend Prometeus, the best provider ever!

  • MunMun Member without signature

    @mpkossen I'm not saying it isn't worth it. I'm saying that after I looked for a proper migration solution that I couldn't find any. Something to consider as part of the move (that will happen eventually).

  • @Mun said:
    mpkossen I'm not saying it isn't worth it. I'm saying that after I looked for a proper migration solution that I couldn't find any. Something to consider as part of the move (that will happen eventually).

    Sorry, didn't mean to sound cross in my reply. I agree though, migration isn't easy.

    I recommend Prometeus, the best provider ever!

  • @Infinity580 said:
    phpbb3

    Ew. MyBB all the way or IP.Board if you want to pay for forum software.

  • MunMun Member without signature

    @aldothetroll said:
    Ew. MyBB all the way or IP.Board if you want to pay for forum software.

    Only seen issues with ipb. Constant upgrade problems. Etc. Look at vpsboard. Upgrade downgrades everywhere.

  • IceCreamIceCream Member
    edited November 2015

    It's simply not the "LET" feeling when we'd switch to vMyPHPBoardBB or whatever. Correct, there are themes and CC or mpkossen could work for hours to get the shit done, but wouldn't you miss Vanillas crappy codebase, security and developers, who are not qualified to ship a production ready product ?

    Thanked by 2Mun GM2015
  • IceCream said: but wouldn't you miss Vanillas crappy codebase, security and developers, who are not qualified to ship a production ready product ?

    I would never, ever miss Vanilla. The only reason people use it is the theme and that's a real shame.

    I recommend Prometeus, the best provider ever!

  • @mpkossen said:
    The only reason people use it is the theme and that's a real shame.

    Exactly, that's what got me hooked and back then I couldn't imagine the size of the mess I was getting into.

    "It is being used at LET, can't be so bad!". This was before the hacks and all, obviously.

  • netomxnetomx Member, Moderator

    Is there any way to code a forum like Vanilla? It doesnt seem difficult

  • jbilohjbiloh Administrator

    netomx said: Is there any way to code a forum like Vanilla? It doesnt seem difficult

    That would be quite the undertaking. We're continuing to look at options but no decisions have been made yet.

    The thing is, Vanilla, at least in part, is what gives LET its character and uniqueness.

    Thanked by 1Mun
    Jon Biloh
  • k0nslk0nsl Member, Member without signature
    edited November 2015

    I'd suggest phpBB3; 3.1.6 is great and I'm sure you could theme it to look somewhat similar to this crappy theme as well ;)

    [edit: fixed grammar.]

  • joepie91joepie91 Member, Provider

    @netomx said:
    Is there any way to code a forum like Vanilla? It doesnt seem difficult

    I started an effort for that, at some point, to replace LEB/LET. Then VPSBoard came along, and that idea pretty much went down the priority list.

    It's certainly not hard to do, it's just a matter of investing the time into it :)

    (I should note that I personally can't stand either BBCode or WYSIWYG editors.)

    Thanked by 1netomx
  • @jbiloh said:
    The thing is, Vanilla, at least in part, is what gives LET its character and uniqueness.

    I agree, it's a different approach to forums and I like the UX even if the backend is a big liability.

    Thanked by 2joepie91 netomx
  • joepie91joepie91 Member, Provider

    @Nyr said:
    I agree, it's a different approach to forums and I like the UX even if the backend is a big liability.

    Very much this. I far prefer Vanilla's UX over that of any other forum, except for maybe Discourse - and that one is problematic for all the reasons already mentioned.

    Thanked by 1netomx
  • netomxnetomx Member, Moderator

    joepie91 said: (I should note that I personally can't stand either BBCode or WYSIWYG editors.)

    If you add basic BBCode, I can send Bitcoins as a donation :)

    Anyone helping this cause? :)

  • @joepie91 said:
    Very much this. I far prefer Vanilla's UX over that of any other forum, except for maybe Discourse - and that one is problematic for all the reasons already mentioned.

    The UX could work on any system. It shouldn't be confused for Vanilla. Making such a theme for any other forum system isn't as large an undertaking as rewriting the forums is.

    I recommend Prometeus, the best provider ever!

  • joepie91joepie91 Member, Provider

    mpkossen said: The UX could work on any system. It shouldn't be confused for Vanilla.

    Yes, it's possible - it's just very hard on many platforms. Most forum software doesn't support Markdown for example, and subtle things like jumping to the last unread post when clicking a thread can be very hard to implement; especially when the vendor has a habit of making unannounced breaking changes (looking at you, IPB).

    Making such a theme for any other forum system isn't as large an undertaking as rewriting the forums is.

    Not necessarily. A forum isn't exactly a complex thing to write, especially with the (lack of) features of Vanilla. Sometimes, modifying existing things really does take more time than starting anew.

    Thanked by 1netomx
  • @joepie91 said:
    Not necessarily. A forum isn't exactly a complex thing to write, especially with the (lack of) features of Vanilla. Sometimes, modifying existing things really does take more time than starting anew.

    Which is the case with Vanilla.

    I recommend Prometeus, the best provider ever!

  • I must say that markdown has me puzzled. For the same functions, it's a lot harder than html because there are so many versions and you never know what to expect. It is in fact a specialist language. With html any fool can just google and find the answer in two seconds. Consider also that this is a tech forum - or isn't it? There's nothing wrong with expecting users to use basic html or having the knowledge to google for instructions. Other tech forums allow html, even The Register which has a very wide range of users (9.5 million readers). In their words: "HTML is the open standard of the web. Deal with it, bitches." In my opinion the fact that LET uses markdown is an insult to the technical level of its users.

    Thanked by 1netomx
  • I love markdown. Go away, @Ole_Juul! Take your HTML with you! ;-)

    Thanked by 1IceCream

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • MunMun Member without signature

    Ohh shizzzzz 2.2 is out:

    http://vanillaforums.org/discussion/31121/vanilla-is-proud-to-present-version-2-2

    "You CANNOT DOWNGRADE after upgrading because 2.2 contains a change in password hashing that is irreversible. You would lock yourself (and anyone else who's logged in since the upgrade) out of your account by downgrading."

    Thanked by 1Mark_R
  • "Vanilla is proud to present version 2.2"

    Shouldn't be proud of anything they've done so far.

  • @Infinity580 said:
    phpbb3

    I always liked phpBB, not sure why it isn't more popular

    Favourite host in general: Ramnode (affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr ($50 free credit for new accounts, affiliate link)

Sign In or Register to comment.