Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking to hire a dev to re-code LEB Theme - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking to hire a dev to re-code LEB Theme

2»

Comments

  • @yoursunny said:
    Yes, I have AJAX aka XmlHttpRequest. The comments API is a separate app on the same server.

    Good, now it's clear that you're a little bit new to the JAMstack term and still doesn't know that JAMStack doesn't mean it's a static site at all.

    Just sit down and have a read:
    https://css-tricks.com/5-myths-about-jamstack/
    https://jamstack.wtf/#dynamic-parts

    and then come back arguing your site from 2007 is a JAMstack which fetches comments via Ajax that simply can't be correctly indexed by search engines.

  • When I was a noob I would find another theme and change the css until it looked like the other one :O

  • jsgjsg Member, Resident Benchmarker

    I think, @raindog308 nailed it quite well. Wordpress may be a sh_tty software seen from a pro developers point, but it pretty much is what FrontPage was 15 years ago: The way to somehow put something like a website together and used by millions upon millions of people - which also means that it needs to and does address a certain low-skill clientele (not few of which consider themselves to be developers).

    Second big point raindog308 got nicely right: it's the aeon old story of efforts vs need. The two extremes are (a) we need something going and our primary focus is content, and (b) we need something that is fast and/or secure and/or safe and/or multi-server or multi-location and/or low-latency and/or ...

    The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.

    And Wordpress is in between, a kind of Frontpage on steroids plus it makes many, many users feel safe because the software and modules are "tested" by large crowds and because humans are herd animals.

  • People feel safe running WordPress? It's a top zero day target that one should constantly be worried about. One should be a paranoid fuck to run WordPress, IMO.

    My logs are filled with WP attacks and I don't run WP.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited January 2021

    @jsg said:
    it pretty much is what FrontPage was 15 years ago:

    I wouldn't admit that my first webpage was made with Microsoft Word 97.

    it's the aeon old story of efforts vs need. The two extremes are (a) we need something going and our primary focus is content, and (b) we need something that is fast and/or secure and/or safe and/or multi-server or multi-location and/or low-latency and/or ...

    My blog has both. I write content in VS Code and rsync to the server.
    I only upgrade Hexo if a Node upgrade breaks it. I only touch the theme once a year to upgrade the syntax highlighter.

    @TimboJones said:
    People feel safe running WordPress? It's a top zero day target that one should constantly be worried about. One should be a paranoid fuck to run WordPress, IMO.

    What if you set IP limits to wp-login.php? Then nobody can get in unless you are in the office or enterprise VPN.

    My logs are filled with WP attacks and I don't run WP.

    I only log 200 status code. Problem solved.

    @jsg said:
    The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.

    Same can be said for DirectAdmin Personal License and other "panels" (in single VPS, not shared hosting providers). I don't use any of them because it's pure overhead and additional security vulnerability.

  • jsgjsg Member, Resident Benchmarker

    @yoursunny said:
    I wouldn't admit that my first webpage was made with Microsoft Word 97.

    I didn't read that ...

    it's the aeon old story of efforts vs need. The two extremes are (a) we need something going and our primary focus is content, and (b) we need something that is fast and/or secure and/or safe and/or multi-server or multi-location and/or low-latency and/or ...

    My blog has both. I write content in VS Code and rsync to the server.
    I only upgrade Hexo if a Node upgrade breaks it. I only touch the theme once a year to upgrade the syntax highlighter.

    But then you are a guy who's different from most.

    @TimboJones said:
    People feel safe running WordPress? It's a top zero day target that one should constantly be worried about. One should be a paranoid fuck to run WordPress, IMO.

    What if you set IP limits to wp-login.php? Then nobody can get in unless you are in the office or enterprise VPN.

    Hmmm, not really. For one I wouldn't bet on the premise that wp-login.php is the only way to get in, plus don't forget that most have a dynamic IP. And he definitely had a point with WP being a top target for hackzors, plus: making anything in PHP, let alone something where installations are cobbled together from plugins all over the place and from diverse origin.
    I use WP myself because I had to and I have invested a lot of work in making it safer (but certainly not safe). Short version: I hate it as much as many love it, I avoid plugins wherever feasible and I have a quite "interesting" installation that really tries to achieve some reasonable level of safety ... but I still hate it and consider even the safest, most professionally done WP sites (incl. mine, of course) a rather high security risk.

    My logs are filled with WP attacks and I don't run WP.

    I only log 200 status code. Problem solved.

    "log"?? What's that? And which log plugin is the coolest?

    @jsg said:
    The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.

    Same can be said for DirectAdmin Personal License and other "panels" (in single VPS, not shared hosting providers). I don't use any of them because it's pure overhead and additional security vulnerability.

    No surprise there, basically the same problem constellation. And of bloody course most of them panels have been done in PHP or, yuck, Perl, the only language that might be even worse and a more nightmarish trouble ticket generator than PHP.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited January 2021

    @jsg said:

    @TimboJones said:
    People feel safe running WordPress? It's a top zero day target that one should constantly be worried about. One should be a paranoid fuck to run WordPress, IMO.

    What if you set IP limits to wp-login.php? Then nobody can get in unless you are in the office or enterprise VPN.

    Hmmm, not really. For one I wouldn't bet on the premise that wp-login.php is the only way to get in, plus don't forget that most have a dynamic IP.

    An office generally has fixed IP.

    Otherwise:

    • Install VPN on the server itself and limit IP to VPN subnet only.
    • Install VPN on another server and limit IP to that server only.

    And he definitely had a point with WP being a top target for hackzors, plus: making anything in PHP, let alone something where installations are cobbled together from plugins all over the place and from diverse origin.

    You are supposed to audit all WordPress plugins, WordPress itself, and PHP interpreter.
    Oh, don't forget to audit nginx, MySQL, GCC compiler, Linux kernel, Intel firmware...

    I use WP myself because I had to and I have invested a lot of work in making it safer (but certainly not safe). Short version: I hate it as much as many love it, I avoid plugins wherever feasible and I have a quite "interesting" installation that really tries to achieve some reasonable level of safety ... but I still hate it and consider even the safest, most professionally done WP sites (incl. mine, of course) a rather high security risk.

    #DeleteWordPress

    My logs are filled with WP attacks and I don't run WP.

    I only log 200 status code. Problem solved.

    "log"?? What's that? And which log plugin is the coolest?

    I have logging in the frontend HTTP server.
    The plugin is FilterEncoder.

    @jsg said:
    The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.

    Same can be said for DirectAdmin Personal License and other "panels" (in single VPS, not shared hosting providers). I don't use any of them because it's pure overhead and additional security vulnerability.

    No surprise there, basically the same problem constellation. And of bloody course most of them panels have been done in PHP or, yuck, Perl, the only language that might be even worse and a more nightmarish trouble ticket generator than PHP.

    • #DeleteDirectAdmin
    • #DeleteWHMCS
    • #DeleteSolusVM
    • #DeleteVirtualizor

    What's left?

    • Go
    • C#
    • Java

    These are all very secure enterprise grade languages.

  • "Java
    These are all very secure enterprise grade languages."

    Bruh..

    Thanked by 1raindog308
  • jsgjsg Member, Resident Benchmarker

    @yoursunny said:
    An office generally has fixed IP.

    ... or not, depending on many factors such a country, telecom, etc

    Plus: it's not "the office" that admins the WP site, it's persons ... who tend to not be stationary.

    And he definitely had a point with WP being a top target for hackzors, plus: making anything in PHP, let alone something where installations are cobbled together from plugins all over the place and from diverse origin.

    You are supposed to audit all WordPress plugins, WordPress itself, and PHP interpreter.
    Oh, don't forget to audit nginx, MySQL, GCC compiler, Linux kernel, Intel firmware...

    If one even can, and it would need an organisation of significant size. Such as e.g. universities (oh wait, sorry, they for some reason very rarely provide such a service, let alone for a whole lot of software) or linux (oh wait, sorry, they're more in the 'creating new bugs' business), ...

    I use WP myself because I had to and I have invested a lot of work in making it safer (but certainly not safe). Short version: I hate it as much as many love it, I avoid plugins wherever feasible and I have a quite "interesting" installation that really tries to achieve some reasonable level of safety ... but I still hate it and consider even the safest, most professionally done WP sites (incl. mine, of course) a rather high security risk.

    #DeleteWordPress

    Nice tag and I'd like to support it ... but won't happen. Way too many sites and even companies based on it.

    My logs are filled with WP attacks and I don't run WP.

    I only log 200 status code. Problem solved.

    "log"?? What's that? And which log plugin is the coolest?

    I have logging in the frontend HTTP server.
    The plugin is FilterEncoder.

    Does it provide funny graphs and clickedy click stuff?

    @jsg said:
    The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.

    Same can be said for DirectAdmin Personal License and other "panels" (in single VPS, not shared hosting providers). I don't use any of them because it's pure overhead and additional security vulnerability.

    No surprise there, basically the same problem constellation. And of bloody course most of them panels have been done in PHP or, yuck, Perl, the only language that might be even worse and a more nightmarish trouble ticket generator than PHP.

    • #DeleteDirectAdmin
    • #DeleteWHMCS
    • #DeleteSolusVM
    • #DeleteVirtualizor

    You are right. But won't happen, see above for reasons.

    What's left?

    • Go
    • C#
    • Java

    These are all very secure enterprise grade languages.

    Nope. "Enterprise" yes, "secure" much less so.

    And keep in mind who almost everywhere are the decision makers and what their priority is: efficiency (as in "how to create some software fast and cheap") and cost (and time and other variations of basically the same thing).

    Plus, and I name just one example, facebook created "Hack", a less insecure PHP ... and hardly anyone outside of facebook uses it.

    Thanked by 1yoursunny
  • Jona4sJona4s Member
    edited January 2021

    Efficiency as in fast and cheap?

    All you need is a phone.

    Use termux, vim a file, write html markup.

    Check the result on chrome at file:///sdcard/hello.html

    SSH into a server, vim a main.go file, type 4 lines of code, like:

    var x = "< html > hello< /html>"
    func main() {
    http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, x) })
    http.ListenAndServe(":80", nil)
    }

    Why do you ever need a graphical frontend to build a web?
    I've code entire SaaS applications from my phone while having sex.

    You just dont want to admit that u are effeminate thats all.

    Thanked by 1yoursunny
  • yoursunnyyoursunny Member, IPv6 Advocate
    edited January 2021

    @Jona4s said:

    var x = "< html > hello< /html>"
    func main() {
    http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, x) })
    http.ListenAndServe(":80", nil)
    }

    fmt.Fprintf is too inefficient.
    You should use w.Write([]byte(x)).

    Why do you ever need a graphical frontend to build a web?
    I've code entire SaaS applications from my phone while having sex.

    I can code entire website with my toe while doing push-ups.

    Thanked by 1Jona4s
  • skorupionskorupion Member, Host Rep

    @yoursunny said: I can code entire website with my toe while doing push-ups.

    Btw do you have any push-ups deals?

    Thanked by 1yoursunny
  • yoursunnyyoursunny Member, IPv6 Advocate
    edited January 2021

    @skorupion said:

    @yoursunny said: I can code entire website with my toe while doing push-ups.

    Btw do you have any push-ups deals?

    You came too late:
    https://www.lowendtalk.com/discussion/comment/3187022#Comment_3187022

    I sold a premium VPS for 19 push-ups.

  • skorupionskorupion Member, Host Rep
    edited January 2021

    @yoursunny said: I sold a premium VPS for 19 push-ups.

    Noooooooo, imma never get any of those flash deals
    Maybe you could sneak something in for me 😉

    Thanked by 1yoursunny
  • I think should consider switching to Discourse or Flarum.

  • @xiaopigu said:
    I think should consider switching to Discourse or Flarum.

    If it's not Vanilla, then it's not LET.

    Thanked by 2yoursunny raindog308
  • @lokuzard said:

    @xiaopigu said:
    I think should consider switching to Discourse or Flarum.

    If it's not Vanilla, then it's not LET.

    Why?

    Is there any specific reason why it must be Vanilla?

  • DPDP Administrator, The Domain Guy

    Switch to phpBB for more attention :joy:

    Thanked by 2yoursunny skorupion
  • @jbiloh Switch to Discourse Please :) More secure and stable

  • isnt easier to find someone on fiverr

  • raindog308raindog308 Administrator, Veteran

    @xiaopigu said: @jbiloh Switch to Discourse Please More secure and stable

    https://discord.gg/NMxrk9y

    But it's just a weak appendage, not the true LET.

  • edited January 2021

    @raindog308 said:

    @xiaopigu said: @jbiloh Switch to Discourse Please More secure and stable

    https://discord.gg/NMxrk9y

    But it's just a weak appendage, not the true LET.

    Discourse, not Discord :-)

    Thanked by 1raindog308
  • raindog308raindog308 Administrator, Veteran

    @t0ny0 said: Discourse, not Discord :-)

    image

    Thanked by 1NobodyInteresting
  • @xiaopigu said:
    @jbiloh Switch to Discourse Please :) More secure and stable

    Vanilla is stable and secure...
    My personal oppinion.. vanilla is more eye friendly that discourse.

    Thanked by 1yoursunny
  • raindog308raindog308 Administrator, Veteran

    @xiaopigu said: I think should consider switching to Discourse or Flarum.

    I'd point out something interesting.

    There was a high quality forum that was an alternative to LET called vpsBoard. It's still around but virtually dead. @MannDude put a ton of work into it - I mean, really, a ton of work as well as his own money. They even have a kickass logo. It's run on a much more traditional BB software - IPBoard. But it didn't succeed.

    Meanwhile, two LET spinoffs are both running Vanilla and both are still around and while I personally don't participate there, I think they're doing well in terms of traffic.

    So...I think LowEnders just like Vanilla.

  • jbilohjbiloh Administrator, Veteran
    edited January 2021

    @FAT32 has been hired for the LEB re-write. Further updates to follow.

    Big thanks to @FAT32 for accepting the job!

    Thanked by 2raindog308 WSCallum
  • @jbiloh said: Big thanks to @FAT32 for accepting the job!

    Correct man for the job <3

    Thanked by 1yoursunny
  • @raindog308 said:
    So...I think LowEnders just like Vanilla.

    I never hated a forum as much as Vanilla purely for the back-loads-the-top of the page instead of previous scrolled view. It has since been fixed and now doesn't drive nails into my brain. The message board for pihole and yunohost are the worst dumpster fire of discussion boards.

    Lack of ignore button sucks.

    Also dislike that signature wraparound on mobile taking up to 4 lines. But that problem is an 11 on LES and completely ruins that site for me.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited January 2021

    @sdglhm said:

    @jbiloh said: Big thanks to @FAT32 for accepting the job!

    Correct man for the job <3

    @FAT32 's best job is this logo:

    yoursunny push-ups

    Second best is this button:

    order

Sign In or Register to comment.