Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] This is my %#$ rant

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] This is my %#$ rant


Chronological Thread 
  • From: Al Beano <albino AT autistici.org>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] This is my %#$ rant
  • Date: Mon, 11 Sep 2017 17:58:18 +0100

If <marquee> tags are available should it not follow that <script> tags and
other JS attributes are also allowed?

On 11 September 2017 17:55:12 BST, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
>I appreciate the offer. It's not really a matter of not being *able*
>to
>fix it, I'm fairly fluent in PHP and its shortcomings in many of its
>functions that don't quite live up to their names, it's more a matter
>of
>having the problem pointed out to me. If someone had just said "hey we
>
>can enter <script> tags in the fields", it would have immediately
>clicked that yes, this is a very very bad thing, and I would have
>locked
>it down right away.
>
>
>On 09/11/2017 02:04 AM, Dmitry S. Nikolaev wrote:
>>
>> Hi Jeff.
>>
>> First of all get well and be healthy.
>>
>> I did not quite understand who did and what did, but I understood
>that
>> someone hack something.
>> I dont see any discussion about it.
>>
>> If it is PHP code, so maybe I can help you. Write if you need help.
>We
>> will see what we can do.
>>
>> Good luck !
>> With best regards, Dmitry S. Nikolaev
>>
>> Moscow, Russia
>> phone: +7 (499) 678 8007 [ext. 6003]
>> fax: +7 (499) 678 8007 [ext. 7777]
>> www:http://www.mega-net.ru
>> mail:dnikolaev AT mega-net.ru
>> SIP URI:dnikolaev AT sip.mega-net.ru ||dn AT sip.mega-net.ru
>> On 11.09.2017 07:52, Jeff Taylor wrote:
>>> Last night I got an ear infection plus bad acid reflux and didn't
>>> hardly sleep at all. So you can imagine my state of mind when I got
>
>>> up this morning to find a discussion between T1 and T2 operators
>>> talking vaguely about an exploit they found in the servers page, and
>
>>> the page itself broken and not providing usable info. It took me
>>> quite awhile to dig through everything and determine exactly what
>was
>>> done and start working towards repairing the intentional damage.
>>>
>>> OK, it's a fair point that I didn't properly sanitize the input.
>>> However we're talking about a page that has been online for the past
>
>>> two years without any problems, but for some reason you decided that
>
>>> immediate action must be taken right this very second. And not a
>>> single one of you assholes had the courtesy to even send me a PM to
>>> say "hey we found this problem in your page and these are the
>actions
>>> we took." Seriously, I know some of you newcomers are in your
>teens,
>>> but do you really have to ACT like it? This is a community project,
>
>>> it exists because people in the past have worked *together* to solve
>
>>> problems. It's not a hacking contest to see who can blow up each
>>> other's contributions.
>>>
>>> There have been a lot of complaints about my code in the past. Yes I
>
>>> write in Bash and PHP, and yes my code isn't going to be the easiest
>
>>> to read. There's also the constant complaints that I don't post my
>>> code on repo-of-the-week, which I've discussed several times on IRC
>>> but nobody seems to care. Just how many 'official' source-hosting
>>> pages has opennic been through? We've been in sourceforge, but we
>>> don't trust them now. What was the one that did SVN? And of course
>
>>> there's the numerous local repos that people have run over the years
>
>>> which up and disappear one day without warning. I've submitted a
>>> fair chunk of my code at least twice. And poof, there's no evidence
>
>>> remaining that it ever existed.
>>>
>>> I have limited time to work on opennic, but I've churned out an
>>> incredible amount of code for the project over the years. There is
>>> very little of opennic's infrastructure that I haven't had a hand in
>
>>> or written completely from scratch. Everybody that comes through
>>> always has their own ideas on how things should be done, what
>changes
>>> need to be made, and yet almost none of those people have actually
>>> contributed anything. Opennic owes its very existence to those few
>>> people such as myself who have dedicated months or years of
>>> programming time to provide the services that everyone else uses on
>a
>>> daily basis. There is a huge amount of code in the background that
>I
>>> personally own and have to troubleshoot when things go wrong. I
>>> spend what time I can either fixing the larger problems or trying to
>
>>> set up new code to provide features. I have dedicated time nearly
>>> daily to making sure things run smoothly or fixing whatever is
>>> broken, and the thanks I get is "hey lets fuck up his shit and see
>>> how long it takes him to figure it out." Real mature.
>>>
>>> If anyone wants a copy of my working code, I have always been happy
>>> to provide it. It may take me some time to get it together, but
>I've
>>> always given it. And I would love to have others help clean things
>>> up, especially the registrar code behind reg.for.free.
>Unfortunately
>>> the only feedback I have ever gotten is "I don't like your standard
>>> use of single- and double-quotes... here's a rewrite to quote things
>
>>> MY way." I don't have time to keep learning a new repo system every
>
>>> year or two and I no longer have the patience to care, but if
>someone
>>> else wants to do the deed I've already mentioned many times that I
>am
>>> happy to help work with them.
>>>
>>> I've been thinking about this all day and I'm still pissed, and
>>> apparently still can't even coherently express my frustration, so
>let
>>> me summarize... Grow the fuck up and learn how to actually work with
>
>>> other people who are in different times zones. People have pointed
>>> out bugs in my code before, and I almost always get them fixed
>within
>>> a day or two. Yeah I make mistakes, I know this and I know enough
>to
>>> understand the problem when they are pointed out, assuming you
>>> actually give me the chance.
>>>
>>>
>>> --------
>>> You are a member of the OpenNIC Discuss list.
>>> You may unsubscribe by
>emailingdiscuss-unsubscribe AT lists.opennicproject.org
>>
>>
>>
>>
>> --------
>> You are a member of the OpenNIC Discuss list.
>> You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>
>
>
>------------------------------------------------------------------------
>
>
>
>--------
>You are a member of the OpenNIC Discuss list.
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page