|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 712 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Editorial History on PHP-Nuke and Post-Nuke by Lawrence Krubner (Score: 1, Insighful) by Anonymous on Wednesday, February 19 @ 02:43:39 CET | PostNuke started off with good intentions, but now 99% of the original devlopers are at www.xaraya.com
Spend a few days with these ass-clowns and you will quickly see why all the adults who actually write good code left.
PostNuke is NOW run by a very small group of people with very large egos. They take all suggestions and feedback as "complaints and flames".
Their development team now communicates on a private mailing list and a secret forum that nobody else is allowed to access - this started around February, 2003
Security?
What a joke! mail to security@postnuke.com bounced for over 6 months. Read more about their attitude towards security here: http://news.postnuke.com/modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid=12279&sid=2342&pid=12144&mode=&order=&thold=#12279
Nice long-ass URL there eh? Try writing that down or remembering it.
Make sure you follow the link on that article to this very interesing, still unanswered article at http://archives.neohapsis.com/archives/bugtraq/2002-11/0105.html [archi]
PostNuke also claims:
"The best guarantee of displaying your webpages on all browsers due to HTML 4.01 transitional compliance"
Try and validate ANY of their cluttered and utterly confusing *.postnuke.com sites, or the TachionNET.org site and you will see they are totally clueless.
http://validator.w3.org/check?uri=http%3A%2F%2Fpostnuke.com%2F
http://validator.w3.org/check?uri=http%3A%2F%2Fnews.postnuke.com%2F&doctype=%28detect+automatically%29&charset=%28detect+automatically%29
When I personally fixed hundred of PHP warnings, errors, notices and made HTML and CSS compliance and a really annoying modules regeneration bug attempted to submit the changes to the project, instead of thanking me and accepting my contributions they FLAMED me for it and told me to stop complaining. They cited the fact that a major core rewrite was underway, and that no developers were going to be working on the .7.2.3 release unless it was a major security concern.
So where does that leave people that want to use PostNuke right now?
Well, until xaraya 1.0 is released, check out http://lostnuke.com [lostnuke.com]
Basically it takes a .7.2.3 release of PostNuke and fixes a whole bunch of broken stuff that people still ask about on a daily basis.
It is far more secure and stable than a default installation of PostNuke.
In the interest of security I have changed the following settings of the default install:
anonpost is now 0ff by default (Allowed anonymous users to post comments)
pnAntiCracker is now On by default (With this Off the installation is vulnerable to XSS attacks)
seclevel is now High by default (The default Security Level was Medium)
links_anonaddlinklock is now Off (Allowed anonymous users to post links)
Some of the highlights of LostNuke are:
Short URL support by default. You can easily turn this feature off, although I have no idea why you would.
The option to sort News Stories via the Solution by baev.
LostNuke actually delivers what PostNuke promised: The best guarantee of displaying your webpages on all browsers due to HT
Read the rest of this comment... |
| Parent | | | | | |
|