[Discuss] Support Toolkit 1.0.3 Released

[Erik Frèrejean]

Discuss the release of Support Toolkit 1.0.3 here.

[Popp Singh]

Cool . Whats new ?

[Erik Frèrejean]

Have a look at the release announcement

[Popp Singh]

Hmmmm.....Could have sworn that wasnt there when i asked ......... must have gone colourblind with excitement ......LOL

[Cpt. Blackbeard]

That sucks, just had a Guy install it a couple of days ago and now I get this:
General Error
Your Support Toolkit installation appears to be out of date. The latest available version is 1.0.3, while the version your have installed is 1.0.2.1-pl1.

Due to the large impact of this tool on your phpBB installation, it has been disabled until an update is performed. We strongly recommend keeping all software running on your server up to date. For more information regarding the latest update, please see the release topic.

I find it hard to believe a program that worked fine yesterday is now so dangerous to use you have to disable it until updated. Talk about going to extremes.

[Phil]

The Support Toolkit contains a wide variety of tools that are more than capable of damaging or destroying your forum in the event of a bug; consequentially, we've opted to disable older released when updates are released so that any severe bugs are no longer allowed to propagate after they are fixed. Fortunately, we have yet to experience and incident where this would have otherwise been an issue, however, we prefer to err on the side of caution.

It's also worth noting that updating the STK takes (literally) one minute; simply delete the old release's directory and download/upload the new release. It likely took longer to write your post about the warning than it did to heed it

[Pony99CA]

The Support Toolkit contains a wide variety of tools that are more than capable of damaging or destroying your forum in the event of a bug; consequentially, we've opted to disable older released when updates are released so that any severe bugs are no longer allowed to propagate after they are fixed. Fortunately, we have yet to experience and incident where this would have otherwise been an issue, however, we prefer to err on the side of caution.

How about having the best of both worlds? Instead of just pulling the version number from the server, also pull a "disaster" flag. If the disaster flag is not set, the user just gets a warning about the new version, but doesn't have to update. If the disaster flag is set, only then do you disable the old version.

That's user-friendly and protection when you need it. (You could be even more friendly by having a disaster flag for each tool, and only disabling the tools that had the severe bugs.)

Steve

[Erik Frèrejean]

The Support Toolkit contains a wide variety of tools that are more than capable of damaging or destroying your forum in the event of a bug; consequentially, we've opted to disable older released when updates are released so that any severe bugs are no longer allowed to propagate after they are fixed. Fortunately, we have yet to experience and incident where this would have otherwise been an issue, however, we prefer to err on the side of caution.

How about having the best of both worlds? Instead of just pulling the version number from the server, also pull a "disaster" flag. If the disaster flag is not set, the user just gets a warning about the new version, but doesn't have to update. If the disaster flag is set, only then do you disable the old version.

That's user-friendly and protection when you need it.

Than the disaster flag would be set for most updates, especially those made after an phpBB update as an phpBB update breaks certain parts of the STK as they relay on information that isn't available until an update is released.

That's user-friendly and protection when you need it. (You could be even more friendly by having a disaster flag for each tool, and only disabling the tools that had the severe bugs.)

Interesting idea, though I'm not sure how easily something like that could be implemented.
We won't be changing this behavior in the current 1.0.x line, but as we'll be rewriting the STK for phpBB Ascraeus something like this is worth to look into to see whether its possible to implement correctly.

[IKFT]

I am getting this when trying to access the support tools page I also get these errors when trying to use a function (not the same error)
[phpBB Debug] PHP Notice: in file /stk/tools/support/mysql_upgrader.php on line 48: require(./index.phptools/support/database_cleaner.php) [function.require]: failed to open stream: No such file or directory
[phpBB Debug] PHP Notice: in file /stk/tools/support/mysql_upgrader.php on line 48: require(./index.phptools/support/database_cleaner.php) [function.require]: failed to open stream: No such file or directory

Fatal error: require() [function.require]: Failed opening required './index.phptools/support/database_cleaner.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/iman/public_html/stk/tools/support/mysql_upgrader.php on line 48

[Erik Frèrejean]

Please post any support questions in the appropriate support area, this topic is only for discussion purposes.

[Popp Singh]

This isnt a discussion , discussions are free and not subject to childish censorship . My post got deleted AGAIN . Why ? It was to the point , about the STK and people doing things worse than spaming forums to offer viagra , hand bags and boots . At least with those things we know about them . Its done up front and not behind our backs in secret for dubious reasons . And we can do something about it .

With what right does it fone home ? Who gave you persmision to allow it to fone home from our sites ? Who gave you permision to deactivate it on our sites ? Why didnt you inform us that it has those spy functions ? What happened to freedom of choice ? Didnt you think about the VERY bad publicity that this could give phpbb if and when it gets to the media ?

Please tell us how to deactivate the fone home function and the deactivation function .

Are there anymore secret functions and / or back doors that you didnt feel nesecery to inform us about in the STK and in the phpbb software ?

Over the last few days the members were haveing a discussionn about remote computers hosting java script parts of MODS . The staff were all against it ...... and now this !!!!! This is worse . What about the safety aspects ? How many other things can you turn of on our sites ? Doesnt it open a back door for hackers to try to use and get even more acsess to our sites ?

[Noxwizard]

This has come up just about every release. The kill switch is to keep you from destroying your board, as Phil has already stated. That is hardly a "dubious" reason. As for being a secret, it is not hidden, nor have we denied its existence. The STK is open source just like phpBB, so it would be impossible for us to hide something like that. It has been in the STK since RC1, it will not be removed, nor will we tell you how to remove the check. You are welcome to remove it, but if you break your board after removing it, you will receive no support for it. It would be irresponsible of us to allow our users to run a tool that could damage their board simply because they didn't update it. It only takes a minute to update the STK, but it takes much longer to fix your board if you've managed to wreck it with some of these tools.

What about the safety aspects ? How many other things can you turn of on our sites ? Doesnt it open a back door for hackers to try to use and get even more acsess to our sites ?

The STK requires an administrative login to use, so it's only as safe as you make it. It does allow you to generate a temporary password, but that requires file access to upload and enable it. At that point, your site has already been compromised.

[Zulcun]

I would hardly call it a "Back Door" into your server! All it does is use a simple PHP function to grab a text file from the phpBB servers, which only contains the latest version number, if the version numbers match then nothing happens, if they don't then it shuts down.

It is a one way thing, phpBB cannot access your server in any way so there is no reason to worry.

[Ascareus]

thx for the update
though this release force me domore effort
as i got some mods conflicting

[MichaelC]

I would hardly call it a "Back Door" into your server! All it does is use a simple PHP function to grab a text file from the phpBB servers, which only contains the latest version number, if the version numbers match then nothing happens, if they don't then it shuts down.

It is a one way thing, phpBB cannot access your server in any way so there is no reason to worry.

Which is the same way that phpBB checks whether your install is up to date. The only difference is what the code tells the script to do when it is found to be outdated.