The Best Thing that phpBB Can Do: Merge

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5402
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by Marc » Fri Apr 06, 2012 11:18 am

@Son of a Beach: What you mean is actually an acquisition.

A merger is when two companies (in this case myBB & phpBB) form a new company out of the two companies which means that company A and company B become company C. In your scenario this would mean there would be some new forum software.

An acquisition is basically when two companies "merge" into one of those two companies.

Then again, if you wish to use myBB then do so. If you want some of phpBB's features in myBB then ask the myBB people. Everything else you are discussing has already been discussed. I don't like topics like this one because from my point of view they are just a way of advertising the "new" forum software some user uses.

User avatar
tbackoff
Former Team Member
Posts: 7022
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: The Best Thing that phpBB Can Do: Merge

Post by tbackoff » Fri Apr 06, 2012 2:48 pm

I just want to point out that we do not want another "phpBB Falling Behind" topic. Please keep the discussions to just that - discussions and not insults or flame wars. If posts start getting insulting or flame wars start, this topic will be locked.
Flying is the second best thrill to cheerleaders; being caught is the first.

User avatar
DionDesigns
Registered User
Posts: 515
Joined: Sun Feb 26, 2012 11:22 pm
Location: Uncertain due to momentum.
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by DionDesigns » Fri Apr 06, 2012 6:13 pm

(This tangent probably belongs in its own topic, starting with this post.)
Erik Frèrejean wrote:
DionDesigns wrote:I heard the exact same thing back in the mid-90s, except you would need to substitute "CSS" for "javascript". And it seems to me that the same thing was being said in the mid-80s, but in that case you would need to substitute "GUI" for "javascript". Change can sometimes be difficult, but it's time to embrace the new millennium. ;)
There is however one massive difference, If I turn off CSS I can still navigate the site and use it ;). If I turn off javascript on a javascript powered site I can't use it. You might chose that, you require javascript on your own site but enforcing it in the package would cause problems. We can't expect that every single phpBB user has javascript enabled.
Navigation may technically be possible if one removes the CSS from a phpBB3 board, but teleportation is technically possible as well. ;)

Your last sentence (boldfaced by me for effect) is the crux of the problem. Attempting to placate everyone will inevitably result in little to nothing getting done, and that's true whether we're talking about software development or running a government. I'd be surprised if more than a half-percent of phpBB3 users are completely turning off javascript. I suspect a significantly larger percentage of people have grown tired of the look/feel of phpBB3. Shouldn't one develop for the majority?

A point is soon coming that these attempts to develop for the 0.5% will cause phpBB3 to not have a 99.5%. It's time to leave the 0.5% behind and move on.

User avatar
chAos
Former Team Member
Posts: 4032
Joined: Wed Jan 16, 2002 7:05 am
Location: Seattle, WA, US

Re: The Best Thing that phpBB Can Do: Merge

Post by chAos » Fri Apr 06, 2012 6:14 pm

I don't think you should worry about javascript being turned off in the Facebook era (though still graceful fallback). Conversely, phpBB (and other forums) aren't built upon JS to the level Facebook is so it's not necessary.

CaNNon_
Registered User
Posts: 392
Joined: Wed Apr 29, 2009 2:07 am

Re: The Best Thing that phpBB Can Do: Merge

Post by CaNNon_ » Fri Apr 06, 2012 9:53 pm

NoScript Featured

The best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
Rated 5 out of 5 stars (1,058) 2,183,573 users
I think it's a may be a little more than .05%, and I'm only showing one way to do it.
Thing is if I like the site I'll give it script permissions but if I can't see it, I'm going to move on to the next hit in google.

You can't compare it to css, exploits are very real in this case and can be proven just by posting a url.

_ollie_
Registered User
Posts: 654
Joined: Wed May 25, 2005 7:27 pm
Location: Berkshire
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by _ollie_ » Sun Apr 08, 2012 12:09 am

Well, it has certainly been a while since I've posted here..but I want to say a little something so sorry for bumping this up - I know a day has passed :)

I've used phpBB for several years and look forward to continuing to do so.
In my view the best thing phpBB can do is keep up the good work they have done so far.
I believe in choice, so it seems reasonable to me that people have a choice in the type of forum that they wish to use - if that is phpBB great, if not, well, there are plenty of other options out there.

<3 phpBB <3

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29250
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by Marshalrusty » Sun Apr 08, 2012 10:53 am

Call me naive, but from the title of the topic, I had expected a bit more... substance. Perhaps some well-researched list of pros and cons or a case study of another pair of relateable projects that merged, with an overall positive outcome. What I instead see is an opinion based on assumptions and supported with generalizations.

For example, here are both:
Son of a Beach wrote:The features that myBB lacks that phpBB has are few, and are not essential to me
i don't think that we have ever compared phpBB to other forum software purely by number of features. Some people will want things that phpBB does not have, which is why we are an open source project and encourage customisation and community development. I can also understand that some people do not wish to edit source code, which is why 3.1 adds properly-done hooks. I can also understand that some people will find other forum software better fitting for their needs, in which case they should use it instead.
Son of a Beach wrote:phpBB 3.x has a very good security record so far. But no system is perfect. I don't consider any system to be flawless. But again, if the merged with another project, they could get a similar security audit done there, and apply the lessons learnt, and the new system should end up just as secure.
We've never claimed that phpBB is "perfect" or "flawless", but unless you have a vulnerability to report, please don't make it sound like one is coming any day now. Security audits only provide suggestions to make the software more secure than it was before the security audit, nothing more. vBulletin had tremendously more resources than phpBB and nevertheless has nowhere near the same security record, solidifying the point. It takes much more than a security audit to end up with a record like the one phpBB3 has.


All in all, this topic might as well have been about how Microsoft should merge with Apple, for virtually all of the same reasons you specified.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by Pony99CA » Sun Apr 08, 2012 9:52 pm

Marshalrusty wrote:Call me naive, but from the title of the topic, I had expected a bit more... substance. Perhaps some well-researched list of pros and cons or a case study of another pair of relateable projects that merged, with an overall positive outcome. What I instead see is an opinion based on assumptions and supported with generalizations.
A well-researched list or a case study in an Internet "discussion" forum? Surely you jest. :D

The original post was just one person's opinion. As he said, he didn't realistically expect that it would be acted upon.
Marshalrusty wrote:For example, here are both:
Son of a Beach wrote:The features that myBB lacks that phpBB has are few, and are not essential to me
i don't think that we have ever compared phpBB to other forum software purely by number of features.
I know, but maybe that's his point -- other people do. In fact, the Devil's Advocate might argue that you don't compare features because you'd lose. :shock:

Personally, I would have attacked the statement by saying that other people might find those "few" features essential. Different people have different needs. I would have also called him out for not giving a list of "essential" features that myBB had that phpBB was lacking (beyond the plug-in system and a better warning/banning system -- the latter of which isn't "essential" to me as I'm the only moderator/admin of my board).
Marshalrusty wrote:
Son of a Beach wrote:phpBB 3.x has a very good security record so far. But no system is perfect. I don't consider any system to be flawless. But again, if the merged with another project, they could get a similar security audit done there, and apply the lessons learnt, and the new system should end up just as secure.
We've never claimed that phpBB is "perfect" or "flawless", but unless you have a vulnerability to report, please don't make it sound like one is coming any day now.
I think that you're nitpicking here. He didn't say that phpBB was perfect or flawless, nor did that quote imply that a security problem was just around the corner. It was a correct statement that almost any complex system can have flaws. And, of course, those flaws could be discovered at any time -- that's what "zero-day" problems are all about.

Again, I would have attacked that part by asking why they haven't had a security audit done already (if they in fact haven't) or (if they have) why their developers haven't taken those lessons heart.
Marshalrusty wrote:Security audits only provide suggestions to make the software more secure than it was before the security audit, nothing more.
Sure because even finding an exploit would still be a "suggestion" -- they can't force the development team to fix it. :) The development team would still have to implement the suggestion. That doesn't mean that an audit is worthless, though.
Marshalrusty wrote:vBulletin had tremendously more resources than phpBB and nevertheless has nowhere near the same security record, solidifying the point. It takes much more than a security audit to end up with a record like the one phpBB3 has.
Do you know if vBulletin has had a security audit? I agree that an audit is worthless if you don't act upon it, and that security has to be thought about during development, but if vBulletin never had one, that could be part of the problem.

In fact, as you're the head honcho basically, how about answering what I consider the most important question that he asked:
So what are the goals of phpBB? If it is to provide the best free open source forums software, then perhaps the most efficient way to do this is actually to combine resources and knowledge with another project which is developing at a more acceptable rate, and which already has a good plugins system in place.
What are the goals of phpBB (both short-term and long-term), not from a feature/development point of view, but at a higher level. And, given that, why wouldn't merging with myBB (or some other project) be for the best?

You can attack individual pieces of his argument all that you want, but if you can't answer those, you haven't really refuted the basic thesis.

And, just for the record, I have no major complaints with phpBB as it exists today and plan to keep using it. I do wish that it had some additional features, though. :) As I argued in the locked topic, more frequent feature releases are what keep the project looking alive and vibrant.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by callumacrae » Sun Apr 08, 2012 10:15 pm

Do you know if vBulletin has had a security audit? I agree that an audit is worthless if you don't act upon it, and that security has to be thought about during development, but if vBulletin never had one, that could be part of the problem.
I doubt that vBulletin will have had an external audit like phpBB had, because they've got built in security people.
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by A_Jelly_Doughnut » Mon Apr 09, 2012 2:27 am

Marshalrusty wrote: i don't think that we have ever compared phpBB to other forum software purely by number of features.
Well, Highway of Life and I created a poorly-researched feature comparison page for the website (a la forummatrix) upon the completion of 3.0. One of the points we were sure to emphasize was phpBB's lack of a quick reply :lol:

I'm afraid that other than archival tidbit, I have little to add to the merging discussion that hasn't already been brought up.

Personally, I feel that the best thing that's happened to phpBB recently is its GSOC approval and particularly the recently-announced number of applicants.
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29250
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by Marshalrusty » Mon Apr 09, 2012 6:26 am

Pony99CA wrote:A well-researched list or a case study in an Internet "discussion" forum? Surely you jest. :D

The original post was just one person's opinion. As he said, he didn't realistically expect that it would be acted upon.
Correct me if I'm wrong, but that essentially makes this topic purely self-serving.
Pony99CA wrote:I know, but maybe that's his point -- other people do. In fact, the Devil's Advocate might argue that you don't compare features because you'd lose. :shock:
The devil's advocate should contribute some patches to the codebase ;)
Pony99CA wrote:I think that you're nitpicking here. He didn't say that phpBB was perfect or flawless, nor did that quote imply that a security problem was just around the corner. It was a correct statement that almost any complex system can have flaws. And, of course, those flaws could be discovered at any time -- that's what "zero-day" problems are all about.

Again, I would have attacked that part by asking why they haven't had a security audit done already (if they in fact haven't) or (if they have) why their developers haven't taken those lessons heart.
There's no question that any system can have flaws, but throwing this statement out as a shield just creates a universal false equivalency. All software is not equally secure and I look at the final product and its comprehensive security record (quantities, severities, time passed, popularity of the product, etc.) as the primary predictor of what is likely to come.
Pony99CA wrote:
Marshalrusty wrote:Security audits only provide suggestions to make the software more secure than it was before the security audit, nothing more.
Sure because even finding an exploit would still be a "suggestion" -- they can't force the development team to fix it. :) The development team would still have to implement the suggestion. That doesn't mean that an audit is worthless, though.
That is not what I meant. A security audit analyzes finished code and produces a list of concerns. The process is akin to repairing the foundation of a building after it has already been built. At that stage, you can fix what is obviously broken, but there's no going back to the beginning and doing the thing properly.

Imagine that phpBB3 did not use a request_var() function, requiring all input to be entirely sanitized in place. It is possible to do this without adding any vulnerabilities to the code, but a single oversight anywhere would result in a hole. A security audit would hopefully find any oversights, but we're now talking about hundreds of additional points that require detailed verification. This was a problem in phpBB2 and remains an active issue in much commonly used software. Security audits are just the last step, and certainly not the key.
Pony99CA wrote:Do you know if vBulletin has had a security audit? I agree that an audit is worthless if you don't act upon it, and that security has to be thought about during development, but if vBulletin never had one, that could be part of the problem.
I am not familiar with vBulletin's security process, but an external audit is not an inherent requirement for achieving a high level of security. Unless I am very much mistaken, phpBB3's security audit did not reveal any XSS or remote code execution vulnerabilities, for example. It did, however, provide a great deal of recommendations, some of which dealt in areas that might have been used in conjunction with each other or with code added at a later time or with code added by MODs or some incorrectly configured servers or any number of other hypothetical scenarios that we covered "just in case".
Pony99CA wrote:In fact, as you're the head honcho basically, how about answering what I consider the most important question that he asked:
I guess I'll take this opportunity to mention that the project is jointly overseen by members of the Management Team, who represent team members, who further stand for the community at large. Most of the important decisions are heavily influenced by the forces of the community and are therefore mostly a formality. I do, however, maintain full authority to change my avatar at will.
Pony99CA wrote:
So what are the goals of phpBB? If it is to provide the best free open source forums software, then perhaps the most efficient way to do this is actually to combine resources and knowledge with another project which is developing at a more acceptable rate, and which already has a good plugins system in place.
What are the goals of phpBB (both short-term and long-term), not from a feature/development point of view, but at a higher level. And, given that, why wouldn't merging with myBB (or some other project) be for the best?
Oleg addressed these points on the second page. Being an opensource project, the goals of the software are actively evaluated and reevaluated by the community, as was clearly demonstrated by the reversal of the decision to drop support for subsilver2 (which was even mentioned in this topic). Our goals are to continue facilitating a system by which the community can determine phpBB's direction (see: [3.1/Ascraeus] RFCs & Patches Forum on area51).
Pony99CA wrote:And, just for the record, I have no major complaints with phpBB as it exists today and plan to keep using it. I do wish that it had some additional features, though. :) As I argued in the locked topic, more frequent feature releases are what keep the project looking alive and vibrant.
We agree. There is active work via multiple channels being done to improve release times and rectify resource limitations both in the short and long term. Of course, the community is keenly positioned to assist with both.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
Elias
Registered User
Posts: 4625
Joined: Sat Feb 25, 2006 4:31 pm
Location: In the Water!
Name: Elias

Re: The Best Thing that phpBB Can Do: Merge

Post by Elias » Mon Apr 09, 2012 6:48 am

Very, very well said.
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by callumacrae » Mon Apr 09, 2012 6:53 am

Unless I am very much mistaken, phpBB3's security audit did not reveal any XSS or remote code execution vulnerabilities, for example.
I believe that all the changes marked [Sec] here are things found by the audit: http://www.phpbb.com/support/documents. ... n=3#v30rc5
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Son of a Beach
Registered User
Posts: 294
Joined: Fri Sep 07, 2007 1:36 am
Location: Tasmania
Contact:

Re: The Best Thing that phpBB Can Do: Merge

Post by Son of a Beach » Mon Apr 09, 2012 8:07 am

It's good to see that there has been some reasonable discussion continuing here (as well as some dull repetition of points that I'll continue to ignore).

Firstly, I want to say that I'm sorry for any offense I've caused people here. I did expect to ruffle feathers, as it is a controversial thing to post. However, I've clearly hit a raw nerve with a lot of people judging by some of the rather emotional responses.
Marshalrusty wrote:Call me naive, but from the title of the topic, I had expected a bit more... substance. Perhaps some well-researched list of pros and cons or a case study of another pair of relateable projects that merged, with an overall positive outcome. What I instead see is an opinion based on assumptions and supported with generalizations... (snip)
I was deliberately using generalisations and not a whole lot of specific substance. Although I've clearly made a choice of other forum software, I wanted to avoid talking about any specific other forums software too much (except when other people brought it up). In particular, I did not want this topic to be a feature comparison topic.

What I was really interested in was the overall focus of phpBB. As a user and occasional visitor to these forums, it's easy to get the impression that phpBB's focus is on phpBB. Personally, I think their focus should be on their users.

Even to the extent that if the best interests of their users was for something other than phpBB.

uuiiuu
Registered User
Posts: 127
Joined: Wed Jan 25, 2012 12:01 pm

Re: The Best Thing that phpBB Can Do: Merge

Post by uuiiuu » Mon Apr 09, 2012 11:47 am

i dont agree with you at all
mybb is very low quality system, it has some extra importent features, but it dosnt have good styles, it is very prehistoric, the system is not secure like phpBB
phpbb could add all the extra features that myBB has without this merge

Post Reply

Return to “phpBB Discussion”