Author |
Message |
Site Admin/Owner

Joined: Aug 27, 2002
Posts: 17088
Sun Jul 03, 2005 8:50 pm |
FB has posted an ominous message on his site . I repeat it here to save you some keystrokes .
Notice the language?
- "possible vulnerabilities"
- "can't be completely verified"
- "some extra validations and security measures on other modules" and then turns right around and postpones the security measures "Due to the importance to bring a solution to the editor issues I think that this modules changes will be addressed for another version" Yes, FB, you always postpone the security measures, that's the problem. Translated for those of you that don't speak FBEase: He'll wait for Chatserv and others to fix his mistakes!
- and finally "And if you have something to report don't hesitate to do it by submitting it as news, as private message to me or by email (if you know the address)" <== Send him an email if you know the address This just too much!
F. Burzi wrote: | Some thoughts about the next version
Posted on Thursday, June 30 @ 16:33:33 VET by nukelite
Hello Nukers! Since the release of the version 7.8 I'm reading some suggestions and complains about some new features introduced in the last versions. One of the most criticized and acclaimed feature is the wysiwyg editor added recently and the changes required on the system to put this baby to work. Some reports I received talks about possible vulnerabilities using the editor, few bugs has been replicated by my side and will be addressed, other can't be replicated on my test systems (Linux and Windows) and can't be completely verified, but I'm working to force the errors replication and to give a solution if needed. I'm working on a new variables validation system that should be added to clean any text that will interact with any PHP-Nuke part. That will solve part of the current problems. Also, I will work with the editor trying to leave it on the system since many people liked it but by securing the input and output, on this process I'll add the feature to the editor to be turned on or off. BB2Nuke 2.0.16 (released today) will be included, and some cosmetic modifications will be made.
There is work in progress to lift the face of the Downloads and Web Links modules and some extra validations and security measures on other modules. Due to the importance to bring a solution to the editor issues I think that this modules changes will be addressed for another version.
Anyway, I appreciate all the suggestions received and bug reports from you. And if you have something to report don't hesitate to do it by submitting it as news, as private message to me or by email (if you know the address).
Users feedbacks can't all be answered individualy but all of them are taken seriously into consideration.
Thanks! Have a nice Nuke day |

Joined: May 28, 2005
Posts: 90
Sun Jul 03, 2005 10:43 pm |
_________________ Only registered users can see links on this board! Get registered or login! |
New Member

Joined: Feb 02, 2005
Posts: 12
Mon Jul 04, 2005 2:28 am |
Lol i noticed, he is so ****** |
Hangin' Around

Joined: Jun 05, 2004
Posts: 41
Mon Jul 04, 2005 2:31 am |
i believe that mr burzi has played and lost his game.
I surely dont trust him the last 2 years (from version 6.5 and beyond).
I believethat some persons like chat and raven should have the credit that they deserve
and mr burzi should stop evolving(????) something that he cannot secure! |
Life Cycles Becoming CPU Cycles

Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA
Mon Jul 04, 2005 4:07 am |
oh boy!  |
_________________ Scott Johnson MIS Ubuntu/Linux 11.10 |
Sells PC To Pay For Divorce

Posts: 5661
Mon Jul 04, 2005 6:42 am |
Site Admin

Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
Mon Jul 04, 2005 9:41 am |
Hangin' Around

Joined: Mar 19, 2004
Posts: 31
Mon Jul 04, 2005 9:07 pm |
from someone who's smart enough to see what's going on but not as in to it as some of you guys are...
i just wish mr burzi was man enough to realize what he's gotten himself into and hand the project off to another person or set of people. the amount of fixes that have to be applied to his garbage is EMBARRASING. i gotta give the guy credit for creating phpnuke but the last few years have just been awful. just my 2 cents.
thanks again to ALL OF YOU who make this software SAFE and USEABLE. we may or may not tell you enough but it is greatly appreciated. |

Tue Jul 05, 2005 6:12 am |
Will lookup the email... |
Last edited by Quake on Tue Jul 05, 2005 6:13 am; edited 1 time in total |

Tue Jul 05, 2005 6:13 am |
i found the emailaddress on the site
How about using Spambot_Killer module and give his emailaddress to the spambots  |

Tue Jul 05, 2005 10:00 pm |
Quake wrote: | i found the emailaddress on the site
How about using Spambot_Killer module and give his emailaddress to the spambots |

Wed Jul 06, 2005 12:22 pm |
I thought I had replied to this thread but my post seems to have disappeared...
That email address is for a Google Mail account so it will reject most known spam anyway - not that we would ever condone 'spamming' anyone, for whatever reason.
Ny Burzi has asked for comments to be submitted as news articles, so perhaps that might be the best way to air your views. |

Wed Jul 06, 2005 1:15 pm |
Quote: | I thought I had replied to this thread but my post seems to have disappeared... |
Man, you are definitely losing it Your post from July 4th is just a few above this one. |

Joined: Apr 14, 2004
Posts: 193
Wed Jul 06, 2005 1:22 pm |
No matter how you may feel about someone, spamming them is just plain wrong. |

Wed Jul 06, 2005 9:11 pm |
dean wrote: | No matter how you may feel about someone, spamming them is just plain wrong. |
Come on now - lighten up! You're taking this way too seriously ! |
The Mouse Is Extension Of Arm

Joined: Mar 06, 2004
Posts: 1164
Wed Jul 06, 2005 10:32 pm |
How PHP-Nuke 7.9 (as with previous versions) is being developed. Your task? Identify FB in this photograph!
Top Ten List of "FB Translations" For The Lesser Informed
#10: I'm asking $1,000,000.00 for this thing so I'm posting this 7.9 announcement before any potential investors realize.....err... I mean get the wrong idea.
#9: Steph Benoit and others have sent me notifications and have actually demonstrated at least 10 vulnerabilities on test domains, but I can't... err... won't "completely verify" any of them because that would be admitting fault which would be impossible never mind impractical.
#8: I would rather "Lift the face of the Downloads and Web Links" then fix them or add something useful like true groups functionality, at least until I can figure out how to steal NSN Groups and get away with it.
#7: "Lift the face" = Screw-Up By Adding More Bugs And New Unforeseen Security Holes!
#6: Contacting me by "email (if you know the address)" = Get out your crystal ball because I don't have domain email and there would be too many security holes for me to enable forums or a "contact module" at, never mind an actual email address! I mean what do you think this is? 1980's Technology?
#5: "I'm working on a new variables validation system that should be added to clean any text that will interact with any PHP-Nuke part." = Which will be available in 3 or 4 years, or as soon as I can steal it from someone.
#4: "I'll add the feature to the editor to be turned on or off." = I saw this in a news submission at and even though it leaves all of the security holes in place and even adds a few, it sounded like a good way to fool everyone into thinking that I'm actually doing something about this crappy editor and the many new security problems that I created after 7.6.
#3: "Since the release of the version 7.8 I'm reading some suggestions and complains about some new features introduced in the last versions." = I'm ignoring all of the complaints about 7.7 because only an idiot would compound problems through two versions released less than 30 days apart, the same kind of idiot that wouldn't spell or grammar check an important news article about revisions.
#2: "and some cosmetic modifications will be made." = I'll change the copyrights to read "by FB" like I did with Weblinks, Downloads and all of the other default modules that I stole.
#1: "Users feedbacks can't all be answered individualy but all of them are taken seriously into consideration." = I'm ignoring everyone because I can, and you can all stuff your comments up your collective butts because I don't care!
I think that my responding to FB further would be fruitless as he wants to pretend that none of this is going on. Thus, I also think that the best thing to say to FB was put best by Einstein when he said simply:
_________________ Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
New Member

Joined: Jan 23, 2004
Posts: 1
Thu Jul 07, 2005 4:54 am |
You guys should give the man a bit more credit, eventhou he may be a prick, he started out this whole thing, and strangely enough he still is seen as the authority as in updating Nuke, because else someone would have already taken over his work, but it seems to be generally accepted what he does. Because I do not see other versions of Nuke pulling of what he is doing for such a long time, and that is mainly for the simple fact he is working alone imho, else nuke would have already died a slow death, like many open source group projects. On one side his solo preformance can be seen as arrogance, but it keeps everything up and running. 7.9 ladies & gents, prepare for a new standard, it will come, you just need to fix it a bit here and there
You can see this in a funny way as FB creating the bugs and the community fixes them, but how would you feel if he would have started this project and would have made it perfect AND commercial? Then we all be doing Mambo?! And what is the fun a perfect cms? not a lot, now is it... else all of us wouldn't be doing all this.
So thank FB for setting us all up with a great hobby called Nuke, no matter how big of a "fill in what you like" he is. He is still the father of our community and of our baby Php-Nuke dispite a couple of wrong moves.
But then again, what do I know... I'm just another soul sharing his opinion here. |

Thu Jul 07, 2005 7:55 am |
I honestly do not feel that he is a "prick". He an opportunist, for sure. He is not a programmer but, at best, a wannabe. He cares not for those who use phpnuke, by his own admission and practice. I downloaded the original Thatware application recently to see where he started and where nuke is now. What an enlightening experience! Seriously, he has not done much as far as innovation. My main gripe is that in spite of all the security issues since day one, he has NEVER taken it seriously and issues a release that attempts to cleanse and fix. And why should he? He has a select few that fix all of his blunders and then he incorporates them into his next release and sometimes forgets to give credit , although it seems he has been better at that recently. Here are some historical artifacts that may be interesting reading.
Discussion from right after Nuke v6.6 was released. FB threw one of his many tantrums and shut the forums down. Knowing him as I did, he is/was predictable, so I assumed he would shut the forums down and I wanted to capture the discussion. Within minutes of capturing this, he shut it down . Only a few posts were missed
For an "Editorial History on PHP-Nuke and Post-Nuke by Lawrence Krubner" read this next link. BTW, at the time that was written, the following posters in that article were ALL Admins at nukecops: ArtificialIntel, Chatserv, Raven -- almost reads like a Who's Who
I was going to list all the security alerts that nuke has had but I'd have to purchase addition bandwidth  |

Thu Jul 07, 2005 9:03 am |
lqd wrote: | You guys should give the man a bit more credit |
He steals ... I mean takes ... plenty of credit on his own, I don't feel the need to give him any more credit that he doesn't deserve. Anyone that is quick to take credit for other people's work but won't even admit his mistakes is not worthy in my book. Especially when he's not eager if not at least willing to address serious problems immediately, never mind owning up to exposing the community to attacks.
lqd wrote: | he started out this whole thing, and strangely enough he still is seen as the authority as in updating Nuke, because else someone would have already taken over his work, but it seems to be generally accepted what he does. Because I do not see other versions of Nuke pulling of what he is doing for such a long time, and that is mainly for the simple fact he is working alone imho, else nuke would have already died a slow death, like many open source group projects. On one side his solo preformance can be seen as arrogance, but it keeps everything up and running. 7.9 ladies & gents, prepare for a new standard, it will come, you just need to fix it a bit here and there |
Wow, I wouldn't know where to start. I guess I would merely reiterate that he did not start nuke, he borrowed it.... I guess that's the best way to put it. As for being the "authority" I would argue that this simply is not the case. Many others spend countless hours fixing Nuke after each and every version. What is important to note is that if he knew what he was doing, OR if he involved the people that have to re-fix this thing after every release, none of that would not be necessary. I would also point out that FB reintroduces old, fixed problems in every new version, yet fails to incorporate any fixes implemented by the community. Don't take my word for it, simply look at the revision history! I would argue that FB is simply a really bad PHP Coder.
lqd wrote: | You can see this in a funny way as FB creating the bugs and the community fixes them, but how would you feel if he would have started this project and would have made it perfect AND commercial? Then we all be doing Mambo?! And what is the fun a perfect cms? not a lot, now is it... else all of us wouldn't be doing all this. |
I would gladly pay for a perfect CMS and I know that I'm not the only one. I would much rather be providing content and concentrating on my site's offerings than having to fix FB's screw-ups as well as write articles that warn users about the problems of his releases. Also, as far as I know, Mambo is still free. The reason why most of us use PHP-Nuke is the wide array of blocks and modules developed by others for it. Trust me when I say that if these solutions were available for another CMS, we'd probably be using that CMS.
In closing, I can understand someone not knowing the history seeing this as an attack against the so called "father" of Nuke as well as the CMS itself. In some regards it is. FB has made many more than "a couple of wrong moves", probably closer to a couple of hundred.
What concerns me the most (out of the 50 or so concerns that I have) is FB's total disregard for security, and his defiant refusal to immediately address those issues and to take any actions to protect the community that use this application. It's just plain wrong and there is no other way to say it.
These problems needlessly expose people to imminent threat of attacks and data loss.
There are simply no excuses for:
His actions in creating the holes
His dumping new versions on an unsuspecting user community
His defiance in rejecting any kind of community or cooperative development strategy
His indifference by ignoring and not incorporating fixes implemented by others after each and every version that he simply further screws-up.
In any analogy calling FB the "Father" of Nuke, I would say simply that he is a dead-beat dad that ran out on his family of users, and left the Nuke child in a doorway. Now he's on the run (no contact or feedback methods) and refuses to pay child-support (no support). Then on top of that the neighbors are taking care of the family (Chatserv and others) yet every month or so (or year, depending on how horny he is to collect money at his "club") FB produces a new test-tube baby that he sells to members of his "Club" with birth-defects (from the father's side of the family) which promptly ends-up getting dumped off on the neighbors doorstep where we (the neighbors) are forced to take care of it while he runs off again to check his bank account.
This is the part where I explain that everything above is my personal opinion and does not reflect the opinions or positions of or the site owner. I am solely responsible for my personal opinions and accept all consequences of stating those opinions. |

Thu Jul 07, 2005 9:12 am |
well here in the netherlands they say "whatever they write or say...i dont care..its just free advertising"..
and thats what FB gets now..  |

Thu Jul 07, 2005 12:19 pm |
Considering the following that this site has and the breadth and depth of the the coders that come here: why not brand a new version of nuke and leave this developer behind? |
Life Cycles Becoming CPU Cycles

Joined: Jul 07, 2005
Posts: 511
Thu Jul 07, 2005 1:43 pm |
Lots of people have done this already. Even Raven has/had? his own.
I just wanted to say thanks for the info raven, and that link for the NukeCops site. I love FB response in it. Some people will never learn.  |
_________________ Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |

Thu Jul 07, 2005 2:15 pm |
Quote: | Identify FB in this photograph!
Would that be the male medical symbol or the cloud? |

Thu Jul 07, 2005 2:19 pm |
Whilst we are on the subject (loosely) I'm wondering what the communities thought might be to providing Fantastico with a *fixed* version og phpNuke which their customers could install as an alternative to the 'not' fixed original version?
Obviosly this would need to run past those that contribute to *fixes* but I would be interested in anyones thoughts, or lack of thoughts. |

Thu Jul 07, 2005 2:27 pm |
They have stated that they won't use a fixed version. |