| Author |
Message |
phoenix-cms
Worker
Joined: Aug 05, 2005
Posts: 139
|
 Posted:
Sun Sep 18, 2005 5:38 pm |
|
ok i not going to bore you with this topic i know my thoughts on phpnuke , since tinymce its a pile of junk,
thats why i forking a new cms based on 7.6 but your see previews soon on this but whats your opinion vote!, vote!, vote! |
| |
|
 
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Sun Sep 18, 2005 6:18 pm |
|
woohoo another fork, keep doing that instead of joining to beat FB.
I personally vote none of the above and also not for your cms, however there might be one fork i should vote for and that is 64bit his fork. He is the only person who actualy made php-nuke 100% html and css compliant, every other fork i know of sucks because they never fixed the most annoying things.
Secondly building your "safe" fork from 7.6 will not fix the problems. I bet i can XSS your fork within one minute. |
| |
|
|
|
phoenix-cms
|
| Posted:
Sun Sep 18, 2005 6:22 pm |
|
you aint seen it yet lol works with cpg and postnuke as well  and been doing this for almost 6 months and produces around 30 queries max |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Sep 18, 2005 9:47 pm |
|
I have attempted, amaip, to stay out of all this "forking" discussion. My thoughts on forking have been well established in other threads, as is known. When is a fork, not a fork? | Quote: | | works with cpg and postnuke as well |
What does that mean? A fork of phpnuke would not "work" with any other "fork" because it would not need to. It's a system as cpg is a system as postnuke is a system yada, yada, yada. I am not attacking yours, nor anyone else's.
Do we need to count the works that are going on, independently, by so many? How is a new person suppose to choose? That's one of the reasons why I stopped my pre-packs and haven't moved ahead on my own desire from 2 years ago to "fork". FB is probably rolling over in his house every time he reads about another "fork". His will remain the most popular, especially as long as there are so many different "paths" to take.
You've been working for 6 months? Djmaze has been working for at least 2 years as I have been working on a design for almost that time. I have tried some approaches and scrapped them, thus far, mainly because just putting out a better moustrap with the same infastructure will not cause the masses to move to it. In fact, I wonder if they will in any event? The bottom line is that phpnuke, for all its issues, is still easy to install, easy to use, easy to patch.
I'm also playing devil's advocate here. Seriously, pretend I'm a novice who doesn't know programming. I have found phpnuke and applied Chatserv's 3.1 patch and NukeSentinel. Now, convince me why I should or even need to change to your "fork" or Raven's "spoon" or 64bit's "knife". |
| |
|
|
|
|
Mesum
Useless
Joined: Aug 23, 2002
Posts: 213
Location: Chicago
|
| Posted:
Mon Sep 19, 2005 2:29 am |
|
Like I posted in some other "Fork" thread on this site, there are many other forks who are very popular in people, offer many add-ons and great support and then we have forks like DragonFly and ProjectXO that do not offer anything but the fixes that should have been part of core PHP-Nuke and are plain ole duds.
Why make a new fork, when something that you are trying to do has already been done or is in progress by others? Why not just join a team who thinks alike?
Raven made a pretty good point about why would someone switch to your script?
What I can think are 2 reason:
1: Offer them something no one else offers. When CPGnuke AKA DragonFly started, they promoted as "Oh the most secure script in the world, bow down to it" and that didn't work for them. So what they did? Killed Coppermine project for PHP-Nuke and made it part of core CPGnuke. When someone asked for the help regarding PHP-Nuke module, they replied "Oh we don't support Coppermine for PHP-Nuke anymore but you can switch to CPGnuke and Coppermine comes as default core module of it. Plus it's 10 times more secure than PHP-Nuke"
2: Great selection of add-ons, support and some outstanding marketing. Mambo is a great example of it. |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
VinDSL
Life Cycles Becoming CPU Cycles
Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
| Posted:
Mon Sep 19, 2005 3:35 am |
|
| djmaze wrote: | | I personally vote none of the above... |
Good idea! Option added... |
_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. |
|
 |
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Mon Sep 19, 2005 10:04 am |
|
I think it would be useful to distinguish distributions from forks. From Internet.com's Only registered users can see links on this board! Get registered or login!:
| Quote: | | fork: To split source code into different development directions. Forking leads to the development of different versions of a program. Forking often occurs when the development of a piece of open source code has reached an impasse. The project is forked so that the code can be developed independently in different ways with different results. |
The core of a distribution is managed by the same entity, but different or additional functions / modules, installation routines, etc. have been added by a third party.
If you agree with those definitions, it really boils down to the entity (individual, group) that manages development. Usually, forks end up not being compatible, but on the other hand, forks may be completely compatible - or even compatible with more than one other fork.
IMO, the number of distributions has been growing substantially, but the number of forks has not. The question in my mind is: Do we really want to continue to follow the direction of the current entity managing the development of PHP-Nuke or can we do a better job?
Some corollary questions that may help to clarify: Can we contribute to the development of PHP-Nuke's core? Are the mechanisms (CVS, official support forums, roadmap, etc.) in place to support true open source development? If there is any doubt, I think Chatserv can best answer these, based on his experiences.
If we submit to continuing support for the current system (i.e. we don't care to, don't want to, and / or don't believe we can do it better), then we should accept the conditions that go with that. Accepting those conditions under these circumstances, where the only official mechanism for support, contributions, etc., is "an email if you know my address," means that repeated complaints in unofficial (at least as far as the official development project is concerned) forums like Raven's seems pointless.
In simpler terms, we should put up (do something) or shut up. If we choose to do something, managing the development of the source ourselves (i.e. forking or creating a completely new system) seems like the only alternative. Raven's been down the path of developing a completely new system, and Bob Marion, DJMaze, and others have been down the fork path. DJ has provided some great advice on the fork path. Although behind the scenes, Bob has also given some great input and assistance. My initial thought was to evolve from distribution to fork to a new system. Yes, it's been done before (see the transformation of CPGNuke to Dragonfly), but it's worth considering since it could be a path to the nirvana that is Raven's vision. At the least, we can end the constant patching, repatching, and recovering from attacks due to lack of security and focus on the improvements that matter to the community. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Raven
|
| Posted:
Mon Sep 19, 2005 10:28 am |
|
Well said! One of the main failures of many forks is ego. I don't think I need to explain at all. Kevin, I was not aware until recently (at least that I can remember) that you were in process on one. So, I can't comment on it. I would suggest that you and Steph, at the very least, put your heads together and come out with a single base. I have already replied to Steph with my thoughts on a possible approach - very high level. I will post it in the Staff boards when I get a chance. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Sep 19, 2005 11:13 am |
|
Agreed. I've used my own distribution for some time (like most people who support multiple sites), but when I gutted most of the standard modules and rewrote, replaced or tweaked many of the core functions, I realized that, though compatible with Nuke, it wasn't Nuke anymore. I could no longer just patch code by replacing stuff, though admittedly, the goal is not to NEED to do that!
There is still much to do - much more than I could accomplish alone in a reasonable time frame. I'm not a graduate of Vaporware University, and I'm not sure when what I have will be ready for any kind of distribution - much less supportable - so it's been pretty low key.
Many of my goals are consistent with and even came from Steph's comments, and what we've done thus far compliments each other nice (better put: the little I've done isn't the same as the lot Steph's done!). I would definitely like to offer what I've done, and more importantly, work with Steph and others to develop a single base. Like Steph, I've been working with the authors of specific modules, addons and tweaks to test, improve, etc., with the goal being to include those improved functions in the new system.
As for ego, well I'm more interested in the end result than I am in taking credit for it. I do want to make sure that those who contribute are properly credited for their work. It's great if others benefit from that work, but I'm not trying to save the world. My motive is purely financial, driven by the many clients who will appreciate a better solution and (hopefully) my ability to support them more easily. (Just to be clear, I am not interested in a proprietary solution).
I am interested in your thoughts on a possible approach and look forward to seeing it. Since Steph is much further along in the process, I'll follow his lead on where to go from here. |
| |
|
|
|
|
phoenix-cms
|
| Posted:
Mon Sep 19, 2005 12:16 pm |
|
myself i think the last bunch of nukes are so bad never seen nuke so bad like all of nukes i can hack all of them and even find admin_file name if its been renamed,
and even in patch 3.1 there are still few holes i know of that i can get in with, so what i done basailly built a cms from nuke 7.6 and started more of a personal project but i thinking of releasing it as well,
it even supports other cms based apon nuke and if not there are instructions for porting your module into classes and make use of smarty template engine as well.
the worst part of nuke is its queries after adding modules you need its producing close to 200 queries
when i have over 30 modules and even backported some of cpg content as well like downloads pro, rewritten gt-nextgen to show titles in html and even dynamic and static keywords.
what i aiming for before i make it public is get a good bunch of tools ported over as well.
yes i know most people use nuke and i not forcing them to use my system its just there if they want it,
as nuke out of the box dont do what i want it to
but thats the reason i forked it
well thats my 2 cents
thanks
steve |
| |
|
|
|
|
djmaze
|
| Posted:
Mon Sep 19, 2005 5:24 pm |
|
| phoenix-cms wrote: | | when i have over 30 modules and even backported some of cpg content as well like downloads pro, rewritten gt-nextgen to show titles in html and even dynamic and static keywords. |
I'm sorry phoenix but did you ever read the license that is shipped with our "downloads pro" module ?
| license wrote: | You may not:
* permit other individuals to use the Module except under the terms
listed above
* create derivative works based on the Module for distribution or usage
outside your web site
* use the Module in such a way as to condone or encourage terrorism,
promote or provide pirated software, or any other form of illegal or
damaging activity
* modify and/or remove any copyright notices or labels on the Module on
each page (unless the shareware license is purchased) and in the header
of each script source file
* remove all links to the "credits" page of the CMS which outputs the
Module copyright notices (unless the shareware license is purchased)
* distribute the Module without written permission from CPG
* distribute individual copies of files, libraries, or other programming
material in the Module package
* distribute or modify proprietary graphics packaged with the Module for
use in Software applications other than CPG Dragonfly or web sites
without written permission from CPG
* create applications which interface with the Module |
You probably forgot our module isn't released as GPL 
We did this on purpose to have a good destinguish against other CMS's and something that is especialy designed for Dragonfly users.
Trevor and me put a lot of time and effort in this module and we used advanced techniques to make it one of the best and to also show what we are capable of.
Thanks to the license we can proove our PHP and system knowledge and try to let others compete with this.
There are much more reasons why we did this, so please remove any code of that project and try to make one yourself since you never asked permission.
Shure the code is OpenSource but there are many ways how to distribute that, and we decided to provide it as OpenSource for educational purposes NOT for distribution. |
| |
|
|
|
|
phoenix-cms
|
| Posted:
Mon Sep 19, 2005 8:46 pm |
|
ok i wont release that with it then like i said i have not decided if i release it public
and if i do i wont release that with it, but what about personal use?
and talking about cpg why you removed all phpnuke credits where credit is due like palladin, fbs code and so much of original nuke code is still there you cant just replace it with your own, is it me or this a common thing round the community
thanks
steve |
| |
|
|
|
|
djmaze
|
| Posted:
Tue Sep 20, 2005 9:18 am |
|
You may use the module personally and hack it into your version of nuke, that is no problem because the license allows you to modify the module it's just not allowed to distribute it unless we accept your request to do so.
Regarding the credits: Only registered users can see links on this board! Get registered or login! |
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Tue Sep 20, 2005 11:10 am |
|
The last three Nuke versions patched or not all share one major bug/vulnerability: tinyMCE |
| |
|
|
|
|
kguske
|
| Posted:
Tue Sep 20, 2005 11:18 am |
|
Chatserv,
I've been trying to address issues with using FCKeditor with PHP-Nuke, and haven't looked closely at tinyMCE - other than the removal of HTML checking in 7.7 and 7.8 (and maybe 7.9, but I haven't checked). Are you referring to something specific about tinyMCE, or the way it was implemented with PHP-Nuke? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Sep 20, 2005 11:30 am |
|
|
|
|
|
chatserv
|
| Posted:
Tue Sep 20, 2005 11:40 am |
|
Tiny has its own issues but the main problem here was that all validation was taken out of any variable related to the editor which leaves all doors open for anyone with even basic copy/paste hacking skills. |
| |
|
|
|
|
Raven
|
| Posted:
Tue Sep 20, 2005 11:42 am |
|
So are you saying, with confidence  that v7.9 patched with 3.1 is safe? |
| |
|
|
|
|
kguske
|
| Posted:
Tue Sep 20, 2005 11:53 am |
|
Nice comparison, Raven. Not as detailed as Only registered users can see links on this board! Get registered or login!, but much more inclusive. I looked only at open source, and cross-browser (though I included HTMLarea for reference since it was the original...).
I'm curious as to the other one you are considering. If it's not already in my comparison, I'd be happy to include it. |
| |
|
|
|
|
Raven
|
| Posted:
Tue Sep 20, 2005 12:01 pm |
|
|
|
|
|
phoenix-cms
|
| Posted:
Tue Sep 20, 2005 12:22 pm |
|
bbcode rules ! easy to intergrate and looks so much nicer and load times 10x faster
but thats my opinion |
| |
|
|
|
|
kguske
|
| Posted:
Tue Sep 20, 2005 12:41 pm |
|
We should probably move this WYSIWYG discussion to a different thread...
TTW looks nice, though somewhat basic.
Just curious - what factors make TTW appealing to you? Size, speed, simplicity, security, spell check? (I was trying to thing of just one more wafer thin mint, uh, factor, that starts with the letter s...). What other editors have you considered?
I like the possibilities for integration with Speller Pages - that appears to have made significant progress since my initial review, so I will revisit that.
I also like some of the other stuff on his page. It's cool that he's Zend Certified - I didn't know there was such a thing!
Thanks! |
| |
|
|
|
|
phoenix-cms
|
| Posted:
Tue Sep 20, 2005 12:46 pm |
|
chatserv i used 7.6 with patch 3.1 for my distro but there one problem that i had to address,
with union i was able to produce md5 passwords of all the admin within downloads module.
this is no security i opened up i checked this in your release at nuke resources
where can i post this code i dont want to get banned with sentinal
thanks |
| |
|
|
|
|
chatserv
|
| Posted:
Tue Sep 20, 2005 2:18 pm |
|
Email it to me phoenix-cms
chatserv at nukefixes dot com |
| |
|
|
|
|
grantb
Regular
Joined: Feb 16, 2005
Posts: 67
Location: Canada
|
| Posted:
Tue Sep 20, 2005 3:29 pm |
|
Thanks to every single one in this thread, you people are the best! It has come to my attention that my post is no where near on topic so I will stop now..lol Just wanted to express my thoughts.. anyways.. nm look to next post... |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
