Discuss mailing list

[Daniel Shirley <aditaa05 AT gmail.com>]

you can update the repo in that folder to point to http://gitlab.libre and it will push all of your old commits as the log .... if you need help with the commands to do that (as there not used often) hit me up in IRC.

On Mon, Sep 11, 2017 at 12:32 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

Funny enough, the code WAS originally hosted in a git repo.  The .git folder is still present, but the particular repo went away and by that time I was tired of trying.

On 09/11/2017 11:14 AM, Mitch Roote wrote:

Is the code hosted publicly on a Git repo somewhere?  It would be easier
to catch errors and vulnerabilities if there was a defined development
process and the code was available.  This would also help in accepting
contributions from others as well.

Any security vulnerabilities should be fixed ASAP and having the code
available would help in finding issues sooner.

Regards,
Mitch


On Mon, Sep 11, 2017, at 12:58 PM, Al Beano wrote:

If <marquee> tags are available should it not follow that <script> tags
and other JS attributes are also allowed?

On 11 September 2017 17:55:12 BST, Jeff Taylor <shdwdrgn AT sourpuss.net>
wrote:

I appreciate the offer.  It's not really a matter of not being *able*
to 
fix it, I'm fairly fluent in PHP and its shortcomings in many of its 
functions that don't quite live up to their names, it's more a matter
of 
having the problem pointed out to me.  If someone had just said "hey we

can enter <script> tags in the fields", it would have immediately 
clicked that yes, this is a very very bad thing, and I would have
locked 
it down right away.


On 09/11/2017 02:04 AM, Dmitry S. Nikolaev wrote:

Hi Jeff.

First of all get well and be healthy.

I did not quite understand who did and what did, but I understood

that 

someone hack something.
I dont see any discussion about it.

If it is PHP code, so maybe I can help you. Write if you need help.

We 

will see what we can do.

Good luck !
With best regards, Dmitry S. Nikolaev

Moscow, Russia
phone: +7 (499) 678 8007 [ext. 6003]
fax: +7 (499) 678 8007 [ext. 7777]
www:http://www.mega-net.ru
mail:dnikolaev AT mega-net.ru
SIP URI:dnikolaev AT sip.mega-net.ru  ||dn AT sip.mega-net.ru
On 11.09.2017 07:52, Jeff Taylor wrote:

Last night I got an ear infection plus bad acid reflux and didn't 
hardly sleep at all.  So you can imagine my state of mind when I got

up this morning to find a discussion between T1 and T2 operators 
talking vaguely about an exploit they found in the servers page, and

the page itself broken and not providing usable info.  It took me 
quite awhile to dig through everything and determine exactly what

was 

done and start working towards repairing the intentional damage.

OK, it's a fair point that I didn't properly sanitize the input.  
However we're talking about a page that has been online for the past

two years without any problems, but for some reason you decided that

immediate action must be taken right this very second.  And not a 
single one of you assholes had the courtesy to even send me a PM to 
say "hey we found this problem in your page and these are the

actions 

we took."  Seriously, I know some of you newcomers are in your

teens, 

but do you really have to ACT like it?  This is a community project,

it exists because people in the past have worked *together* to solve

problems. It's not a hacking contest to see who can blow up each 
other's contributions.

There have been a lot of complaints about my code in the past. Yes I

write in Bash and PHP, and yes my code isn't going to be the easiest

to read.  There's also the constant complaints that I don't post my 
code on repo-of-the-week, which I've discussed several times on IRC 
but nobody seems to care.  Just how many 'official' source-hosting 
pages has opennic been through?  We've been in sourceforge, but we 
don't trust them now.  What was the one that did SVN?  And of course

there's the numerous local repos that people have run over the years

which up and disappear one day without warning.  I've submitted a 
fair chunk of my code at least twice.  And poof, there's no evidence

remaining that it ever existed.

I have limited time to work on opennic, but I've churned out an 
incredible amount of code for the project over the years.  There is 
very little of opennic's infrastructure that I haven't had a hand in

or written completely from scratch.  Everybody that comes through 
always has their own ideas on how things should be done, what

changes 

need to be made, and yet almost none of those people have actually 
contributed anything.  Opennic owes its very existence to those few 
people such as myself who have dedicated months or years of 
programming time to provide the services that everyone else uses on

a 

daily basis.  There is a huge amount of code in the background that

I 

personally own and have to troubleshoot when things go wrong.  I 
spend what time I can either fixing the larger problems or trying to

set up new code to provide features.  I have dedicated time nearly 
daily to making sure things run smoothly or fixing whatever is 
broken, and the thanks I get is "hey lets fuck up his shit and see 
how long it takes him to figure it out."  Real mature.

If anyone wants a copy of my working code, I have always been happy 
to provide it.  It may take me some time to get it together, but

I've 

always given it.  And I would love to have others help clean things 
up, especially the registrar code behind reg.for.free. 

Unfortunately 

the only feedback I have ever gotten is "I don't like your standard 
use of single- and double-quotes... here's a rewrite to quote things

MY way."  I don't have time to keep learning a new repo system every

year or two and I no longer have the patience to care, but if

someone 

else wants to do the deed I've already mentioned many times that I

am 

happy to help work with them.

I've been thinking about this all day and I'm still pissed, and 
apparently still can't even coherently express my frustration, so

let 

me summarize... Grow the fuck up and learn how to actually work with

other people who are in different times zones.  People have pointed 
out bugs in my code before, and I almost always get them fixed

within 

a day or two.  Yeah I make mistakes, I know this and I know enough

to 

understand the problem when they are pointed out, assuming you 
actually give me the chance.


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by

emailingdiscuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing

discuss-unsubscribe AT lists.opennicproject.org



------------------------------------------------------------------------



--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org