Slashdot Mirror

phpBB removed version numbers in early 2005 (Ctrl+F5 for "Removed version number from powered by line") so it's not exactly unprecedented.

This page was really helpful for us.

http://www.phpbb.com/community/viewtopic.php?f=1&t=427852&start=0&st=0&sk=t&sd=a

For smaller forums and niche boards, a board-appropriate question and answer is usually sufficient to stop nearly all spam accounts.

I'm a member of a guild for an online game and a couple of years ago we were seeing alot of spam accounts created on our phpBB forums. After reading the above site, we then installed Registration Authorization Code (RAC) and asked a game-related question in addition to using CAPTCHA for account creation.

We assumed most bots create spam accounts based on the default account creation settings in phpBB. By inserting our question into the account creation process, we've probably stopped 99% of the bots. But if it was an actual human creating a spam account, asking a simple question via RAC would be an ineffective deterrent. Therefore, we used a question requiring a game-specific knowledge (appropriate for real applicants and nearly impossible for spammers).

After implementing the above, we've had no more spam accounts created while having no problems with real account registrations.

Eh? Are we talking about the same PHPBB? 'Cause this one is open source, GPL-licensed, and totally free.

From my perusal of TFA, I think the passwords were actually hashed in the DB, but the guy who cracked the site broke them: http://hackedphpbb.blogspot.com/

The response from phpBB.com seemed to indicate that the only passwords that were cracked were from those accounts that had been created in an older system, and had not logged in under the newer system. Given the large number of spam accounts on that site, I wonder if the majority of those cracked, not recently logged in accounts were spam accounts, and as such if the passwords are not representative of the userbase at large: http://area51.phpbb.com/phpBB/viewtopic.php?f=3&t=29973

They are using phpBB which has some really cool mods that you can use to deal with trolls. Some of them are quite inventive. See here if you'd like.

Using phpBB http://www.phpbb.com/ and a mod called "textual confirmation" http://www.phpbb.com/community/viewtopic.php?t=463860 no bots have successfully signed up for the forum for my non-profit organization although there are sometimes hundreds that attempt to daily. It's simple to use and very flexible.

Currently I pose a simple arithmetic question (eg. 3+8=_ _? or 15-3=_ _?). The questions are selected from a list so there's little risk of the bot "learning" the answer. Alternatively you could offer a question that has a deliberate cultural bias (Jack and Jill went up the _ _ _ _?) or really any question of your choosing (What is the fifth word from the second paragraph on the home page _ _ _ _ _?).

Please don't take my pronouncement of ZERO bots as a challenge but feel free to test this very easy-to-use tool by registering for my forum regarding Teen Dating Violence:
http://www.jenniferann.org/forum

Using phpBB http://www.phpbb.com/ and a mod called "textual confirmation" http://www.phpbb.com/community/viewtopic.php?t=463860 no bots have successfully signed up for the forum for my non-profit organization although there are sometimes hundreds that attempt to daily. It's simple to use and very flexible.

Currently I pose a simple arithmetic question (eg. 3+8=_ _? or 15-3=_ _?). The questions are selected from a list so there's little risk of the bot "learning" the answer. Alternatively you could offer a question that has a deliberate cultural bias (Jack and Jill went up the _ _ _ _?) or really any question of your choosing (What is the fifth word from the second paragraph on the home page _ _ _ _ _?).

Please don't take my pronouncement of ZERO bots as a challenge but feel free to test this very easy-to-use tool by registering for my forum regarding Teen Dating Violence:
http://www.jenniferann.org/forum

I love PHPBB, but I am truly disappointed with both responses I've seen from the phpBB guys. It's really a shame.

I love PHPBB, but I am truly disappointed with both responses I've seen from the phpBB guys. It's really a shame.

> PHPBB not only has had a terrible security track record

Run the numbers. phpBB's record is no worse than punBB's, and punBB is often one of the forums heralded by would-be internet experts as a secure phpBB replacement.

> but when you find significant security flaws (I have) they don't even want to hear about them.

What significant security flaw have you found that phpBB don't want to hear about?

> But they are far, far from proactive about heading off new ones.

phpBB 2 had a security audit resulting in the 2.0.18 release. Since then there have been 7 Secunia advisories, all of which were issued in 2006. Two of these required you to be an administrator. One was Internet Explorer only, and a further 3 were passive (XSS and CSRF from malicious links).

phpBB 3 is genuinely designed with security in mind and will undergo a full audit before release. Yeah, they said phpBB 2 was designed with security in mind, too, but that was coming off the back of phpBB 1 and anything would be security compared to phpBB 1. The main problem is that phpBB 3 has taken so long coming; you won't find many PHP applications of phpBB's popularity and codebase size that have been on maintenance releases only since 2002.

> PHPBB is a main reason the PHP people have asked other groups to stop putting "PHP" in the names of their projects; gives the whole language a bad rep.

Guess you've never heard of PHPNuke.

A fully agree to the above comment.

First: if i read that correctly, you branched from phpBB2. In the meantime, that one is old: phpBB3 is nearly released (Release Candidate 6 was yesterday). Do you have all the features phpBB3 has? Do you have the userbase to *find* and the time to *fix* all the bugs?

And: if I got it right, it was a 1-Man-Project. Look at the CVS logs and the Bugtrackers of phpBB3. While your work probably isnt bad, it impossibly can stand against the work of the phpBB3 devteam.

I vote for "specialize it": please, do not release another forum software, there are already enough. Sorted by popularity (as I see it): phpBB, myBB, IBB, [20 others follow].

I wish you luck. And a good documentation.

PS: phpBB3's documentation is wonderful. No, really. Perhaps the only doc I like. Look at it.

A fully agree to the above comment.

First: if i read that correctly, you branched from phpBB2. In the meantime, that one is old: phpBB3 is nearly released (Release Candidate 6 was yesterday). Do you have all the features phpBB3 has? Do you have the userbase to *find* and the time to *fix* all the bugs?

And: if I got it right, it was a 1-Man-Project. Look at the CVS logs and the Bugtrackers of phpBB3. While your work probably isnt bad, it impossibly can stand against the work of the phpBB3 devteam.

I vote for "specialize it": please, do not release another forum software, there are already enough. Sorted by popularity (as I see it): phpBB, myBB, IBB, [20 others follow].

I wish you luck. And a good documentation.

PS: phpBB3's documentation is wonderful. No, really. Perhaps the only doc I like. Look at it.

http://www.phpbb.com/community/viewtopic.php?t=472 940

On http://www.saveirelandbaldwin.org/ a sample question is:

Mary had a little _ _ _ _.

Obviously this question would be limited to those with a knowledge of Western culture and nursery rhymes but that's easier for me than culling the bot accounts.

On another site a sample question is:

2 x 3 = _ ?

I'm unaware of a limit to the number of questions that you can input. They appear to cycle sequentially.

This won't prevent humans from creating accounts but has so far stopped 100% of the bots.

I have an installation of SugarCRM "Open Source" on my laptop that I am using for evaluation purposes. I attempted to install a plugin created by a developer, and somehow it modified the code that displays the SugarCRM logo image on every page. All of a sudden, I was completely locked out of the system. I could no longer log in, even to disable the plugin that I had installed. The error message "Please replace the SugarCRM logos" kept popping up every time. So I Googled around a bit and found this article about "Badgeware":

http://blogs.zdnet.com/open-source/?p=867

Apparently this "feature" was added into the code to try and prevent companies like vTiger from doing exactly what the parent poster said - exercise their rights under the "Sugar Public License". You can't even post the word "vTiger" on their forums without it being censored:

http://sugarcrm.com/forums/showthread.php?t=20207

There are lots of companies trying to jump on the open source bandwagon, but not many that actually stick with a "real" open source license like the GPL.

There is an (at the moment unofficial) phpbb2 mod that does a pretty similar thing. What it does is remove the website entry field from the registration form, and only lets people put in an website after making a few posts.

As the bots don't look at the form (they just do a post of what they think the required data is) they will be the only ones submitting a website on registration, so any registration that contains a website can be dumped.

Of course, if this is used widely the bots will be rewitten and the whole thing will start again...

He has one accepted /. submission which states his e-mail address as mailto:mkavanagh@gmail.com (user profile says 'email not shown publicly'). That address also returns a hit for user Pit on area51.phpbb.com, which has Matthew C./Matt Kavanagh several times in the source in its CVS repository. A guy by the same name posts in the php-dev mailing list under mailto:matthew@teh.ath.cx. This address can again be linked to Pit which states:

## MOD Author: Pit < matthew@teh.ath.cx > (Matt Kavanagh) n/a

I hate to post this, but I don't see why Matthew would deserve the anonimity he denied Jani.

No, we actually hire outsourced support agencies and make them do everything. Not as fast as a USB 2.0 jack from your brain to the box, but it is one.

Honestly folks with the advent of Xen I suggest avoiding shared web hosting at all costs. No matter how grand dios the control panel is, or how cleverly they've been able to transcend text descriptors into arguments for simple shell scripts, you have the following issues :

1 - Popular scripts require functions enabled in php which have corresponding popular vulnerabilities, if your script itself is vulnerable. Who's to say your neighbor is uploading a secure version of phpBB ? Your host can't disable functions needed to secure the box against what *could* get uploaded or they'd cripple 60% of what people want to use the hosting for in the first place.

2 - You don't get the resources you pay for.

3 - You're paying way too much. You can lease your own box for the cost of a typical re-seller account.

4 - Email from hundreds of domains all using one outgoing mail IP

5 - You suffer from your neighbor's DOS attack because he posted something offensive on his forum or blog

The list goes on , and on .. and on..

Find yourself a provider like provps, unixshell, or someone else offering a xen dom-u at a reasonable price. Then install whatever you like to help manage it, or hire someone to do it.

IMHO, a jazzy hosting CP, if on shared hosting is like laying a tird in a basket with fluffy green easter grass. No matter how much you dress it up, its still a tird, and something anyone can make themselves.

C-Panel, Ensim, Plesk, Hsphere, All of them, are over hyped, over resource taxing pieces of shit. I know this because I have the gross misfortune of having to manage a few hundred shared hosting servers.

This one actually bent the needle on my fud-o-meter. Musta been a slow news day.

I tried getting my coworkers where I used to work to use a wiki, but it just didn't catch on. I wonder if a forum management tool like phpBB would have worked better.

1- set up a server on a spare computer (LAMP is pretty easy with a package based disro)

2- install a SVPN on the server and anyone's computer that will connect to it

3- install a BB, like phpBB on the server.

4- configure your BB This way, not only is access to the server private (since it doesn't have a static IP) but when it is accessed via the SVPN, that access is password protected and encrypted end-to-end.

Despite this, don't go uploading how you firebomb airplane hangers (you should be that stupid to firebomb one in the first place, let alone record it). But it is reassuring to know that even if you did it would be private and secure.

I see you can't think of any connection.
Something in your thinking process
stop midway and discards answers as Irrelevent.

5.Dynamic tagging system or ratings doesn't stop bots or ignorant masses to
assign their garbage top score.And don't forget Advertisement.

Is reply to :
Your browser bookmarks folder doesn't allow you to share links with other people; it doesn't provide a dynamic tagging system for organizing the bookmarks;

MY Browser, Does NOT uses advertised Links,
SPammed and rated garbage ignorant Masses assign to THEir "Favorite" " Important" and "Unique" links.
Why i need this "dynamic" Tagging to organize them? Why i need to come to site to use my bookmarks? Why not store them on floppy?

6.I can access all of my bookmarks if i use them from a network drive or my website hosted on some server.
You can make a freewebs page in few seconds and post your bookmarks there.

There MUCH BETTER venues and options to Meet Other People.IRC Instant Messaging VOIP FORUMs WebChat/websites and Newsgroups are way superior then you pitiful bookmarklets sharing site.

Is Reply to:
it doesn't allow for discussions on the bookmarks; it doesn't let you access your bookmarks from any computer you want; and it doesn't help you meet other people with similar interests as you.

Forums allow discussion on bookmarks
You must admit it.
Network drives and hosted files(I.e. Freewebs) Allows me to access them anytime i want.

Doesn't help meet me other people?
This is poor choice to meet people.
I feel thats what most geeks do to meet people...goto social bookmarking site.
Why is that superior(or even significant to compare) from full-fledged forum Instant messaging or IRC?

Notepad for all it matters excellect and fast editor (in fact i mostly use Metapad,a notepad replacement to get my work done).I know here alot sladhot people who Work with Vi and Emacs
exclusively.

Is reply to:
You might as well say that notepad precludes Open Office.

What is wrong with using software that fits my needs? You can advertise Open Office twenty times a day but i won't budge a finger.

8."Then I guess a database driven CMS is just the same as an online forum too, right? "
Yes.Your forum/blog are database driven entities.

Is reply to:
And how is an online journal the same as a messageboard? Oh, because you can post text on the internet with both of them? Then I guess a database driven CMS is just the same as an online forum too, right? Just because a lot of idiots like to substitute one for the other doesn't mean that they are appropriate substitutes.

You ask how they same? I reply?
Then you complain how they not same,
They same in the sense on being built of the same. A database.Database driven.
Read the whole answer.VEry slowly.
That every word reaches your mind.

Yes.
Your forum/blog
are database driven
entities.

How you can crititize the way i subtitue appllication? Isn't that you would complain as Irrelevant?
Doesn't personal Criticism much more Irrelevant to discussion? Oh well

Just because a lot of idiots like to substitute one for the other doesn't mean that they are appropriate substitutes.

Now who defines Appropriate? I or you?
I seem to know enough to choose for myself.Thank you.

"A messageboard thread won't let you rank the bookmarks, or group them, or browse them by tags, or allow slashdot editors to refer to them for news submissions."
A modified forum script would have these features.Its not that significant:
I seen many forums with karma systems,
Moderator only forums(with submission queues,etc.)
See http://www.phpbb.com/mods/ [phpbb.com] for example.
"assign their garbage top score" ex:
A group of harry potter fans would rank their Snape photos Top score.
Advertisement:Think of spam.Links advertised by bots.

Is reply to:
A messageboard is

Why do I begin?

5.Dynamic tagging system or ratings doesn't stop bots or ignorant masses to
assign their garbage top score.And don't forget Advertisement.

What does any of this have to do with the discussion?

6.I can access all of my bookmarks if i use them from a network drive or my website hosted on some server.
You can make a freewebs page in few seconds and post your bookmarks there.

We're talking about the functionality of local bookmarks, not what you can do with a network drive, or a free webhost. In fact, your second suggestion is just a clumsy and inefficient way of publishing your bookmarks on the web--isn't that exactly what you are trying to argue as being unnecessary because you have local bookmarks?

There MUCH BETTER venues and options to Meet Other People.IRC Instant Messaging VOIP FORUMs WebChat/websites and Newsgroups are way superior then you pitiful bookmarklets sharing site.

And what does that have to do with the fact that local bookmarks don't combine the social aspects of a web community with the function of keeping bookmarks? How you prefer to communicate over the internet is irrelevant to this discussion. Just cuz you prefer listening to music on a home stereo system doesn't mean that car stereos are superfluous.

Notepad for all it matters excellect and fast editor (in fact i mostly use Metapad,a notepad replacement to get my work done).I know here alot sladhot people who Work with Vi and Emacs
exclusively.

Did I argue that notepad wasn't a good editor? Did I ask whether people on slashdot use vi or emacs? What does any of this have to do with the analogy I used for my argument: Word and notepad don't preclude the usefulness of each other, even though they're both text editors, since they were designed with different purposes in mind.

8."Then I guess a database driven CMS is just the same as an online forum too, right? "
Yes.Your forum/blog are database driven entities.

Do you understand what "same" means? I wasn't asking you whether a CMS and online forum are both database-driven, or if they are similar. I asked you if they are the same just because they share a few vague similarities--an example being that both are able to post text on the web (or that both may be database-driven). Sharing a few vague similarities doesn't change the fact that they are entirely different applications designed for completely different purposes. A coloring book and a math book may be constructed of the same materials and share many similarities, but you still can't substitute one for the other because of their functional differences.

"A messageboard thread won't let you rank the bookmarks, or group them, or browse them by tags, or allow slashdot editors to refer to them for news submissions."

A modified forum script would have these features.Its not that significant:
I seen many forums with karma systems,
Moderator only forums(with submission queues,etc.)
See http://www.phpbb.com/mods/ [phpbb.com] for example.
"assign their garbage top score" ex:
A group of harry potter fans would rank their Snape photos Top score.
Advertisement:Think of spam.Links advertised by bots.

Oh, those features aren't significant--even though they require entirely different data structures, table relationships, and interfaces, and by the time you make those modification you are no longer working on a messageboard. Right... And mentioning a few features that Slashdot shares with some messageboards doesn't change the fact that the applications you are comparing serve completely different purposes. You can mention that they both use HTML, HTTP, and both are

What's ironic about posting that here? Slashdot isn't running a modified version of phpBB. Slashcode is a specialized CMS designed for newsites that facilitates threaded discussions and a unique peer moderation system. The forum-like aspect of the site is but a small part of the code.

"A messageboard thread won't let you rank the bookmarks, or group them, or browse them by tags, or allow slashdot editors to refer to them for news submissions."

A modified forum script would have these features.Its not that significant:

If a forum were modified into a del.icio.us-like application, then it wouldn't be a forum anymore. There's a difference between a site for sharing/ranking/browsing bookmarks that also happens to allow you to comment on the bookmarks, and a discussion forum where people go simply to have free-form discussions on the web. If you have to completely change the layout and functional flow of the site, you might as well start fresh since you're building an entirely different application.

I seen many forums with karma systems, Moderator only forums(with submission queues,etc.) See http://www.phpbb.com/mods/ for example.

And I've seen minivans with DVD screens. Does that make them a movie theater? Combining feature sets is useful, as I said before, but just because there's a partial overlap of features doesn't mean the sites are functionally equivalent.

"assign their garbage top score" ex: A group of harry potter fans would rank their Snape photos Top score. Advertisement:Think of spam.Links advertised by bots.

Once again, what does that have to do with anything? Can a spam bot not post spam messages to a message board? And you don't seem to know how content rating systems work. Ofcourse a bunch of harry potter fans are gonna rate their harry-potter-related items high, and others who don't like harry potter as much will rate them lower. The overall rank will be determined by the average consensus of the site's userbase--that's how it's supposed to work. What is wrong with that?

You're going off on completely irrelevant tangents. What is your point? That messageboards prevent people from advertising on them? A folksonomically organized link-sharing site such as del.icio.us handles spammers much more effectively than a messageboard. And all sites where users can submit their own content is going to be vulnerable to spamming.

Slashdot is overhyped news blog,run by OSDN.The only aspects i see here is data sharing.

I don't know what that's supposed to mean...

It doesn't look superflous to have all these features in your forum and del.ici.ous? Do your forum makes it forbidden posting pictures? Do they prevent discusion on pictures?

No, it doesn't look superfluous--because these sites aren't forums. If I wanted to go to a messageboard, I'd go to an actual messageboard. I come here to read the news items and participate in discussions on the news posts. A forum does not have the content generation system that Slashdot has, and the discussions aren't structured as comments to news items, and they don't have the same social features as Slashdot. I could post pictures on a messageboard, but that isn't going to be ideal for sharing photos with people outside of the forum, and it won't be organizable into galleries and grouped with related photos through dynamic tags.

Image IMs are different from IRC DCC sends? Does forum prevent you from sending IM IN The Forum,COntaining these same images? Did i mention you don't need a proprietary network to run those forum? Do the images lose quality or "social aspect" just because they sent from a forum,email,or IRC DCC feature?

IRC DCC sends don't let you view the image directly in the IM. But that isn't the point. You're just rambling on incoherently. I asked you whether image

ironic to see you posting this on the site while "it was never designed to be an all-purpose back-end solution".

1.There similar sites to compete with tinypic.com for example,I just put them in the same range as Flickr.com.

"A messageboard thread won't let you rank the bookmarks, or group them, or browse them by tags, or allow slashdot editors to refer to them for news submissions."

A modified forum script would have these features.Its not that significant:
I seen many forums with karma systems,
Moderator only forums(with submission queues,etc.)
See http://www.phpbb.com/mods/ for example.
"assign their garbage top score" ex:
A group of harry potter fans would rank their Snape photos Top score.
Advertisement:Think of spam.Links advertised by bots.

" I guess the social aspect of Slashdot is useless" Its inferior.Even a normal forum has a community which is visible by member lists,thread archives,lists of subforums,and easy access to all features/threads for members.
Slashdot is overhyped news blog,run by OSDN.The only aspects i see here is data sharing.

"Del.icio.us gives people topics to talk about, just like Slashdot does, that's the whole point of having these sites."

It doesn't look superflous to have all these features in your forum and del.ici.ous? Do your forum makes it forbidden posting pictures? Do they prevent discusion on pictures?

  You might as well argue that image IMs are unnecessary because you can just post images to an angelfire page or FTP, or that radios in cars are a bad idea because they're "inferior" to your home stereo system.

Image IMs are different from IRC DCC sends? Does forum prevent you from sending IM IN The Forum,COntaining these same images?
Did i mention you don't need a proprietary network to run those forum?
Do the images lose quality or "social aspect" just because they sent from a forum,email,or IRC DCC feature?

Everything on the web runs of different CMS,Except
static pages.Forum is a Public CMS,Database driven:All people who have permission can add content.
Different aspects:
"Professional web admins don't use an online forum as a CMS"
I said it is database driven,not that it better then a Dedicated CMS.

If you are using phpBB, the first suggestion I have is to change the VC code to something else. It doesn't have to be hard to break, it just has to be diffrent.

There's also a huge topic on phpBB.com http://www.phpbb.com/phpBB/viewtopic.php?p=1404100 which details a few things you can do to stop them. Of main suggestion is the Instan Ban mod (http://www.phpbb.com/phpBB/viewtopic.php?t=186683 ) which will modifiy the registration page in such a way that automated attempts get banned. It is done in such a way that a normal user can't trip it either, so false positives will be very much 0.

I've also taken to logging the attempts that failed (in terms of username, password, website and e-mail). Of intrest is that out of 1339 failed attempts, 153 attempted a mail.ru e-mail address, so banning it is advisable.

NeoThermic

If you are using phpBB, the first suggestion I have is to change the VC code to something else. It doesn't have to be hard to break, it just has to be diffrent.

There's also a huge topic on phpBB.com http://www.phpbb.com/phpBB/viewtopic.php?p=1404100 which details a few things you can do to stop them. Of main suggestion is the Instan Ban mod (http://www.phpbb.com/phpBB/viewtopic.php?t=186683 ) which will modifiy the registration page in such a way that automated attempts get banned. It is done in such a way that a normal user can't trip it either, so false positives will be very much 0.

I've also taken to logging the attempts that failed (in terms of username, password, website and e-mail). Of intrest is that out of 1339 failed attempts, 153 attempted a mail.ru e-mail address, so banning it is advisable.

NeoThermic

From TFA:

SharePoint puts me in touch with lots of people deep in the organization. It's like having a super-website that lets many people edit and discuss--far more than the standard practice of sending e-mails with enclosures. And it notifies you if anything comes up in an area you're interested in.

So... Microsoft invented web forums? and they chose to call it a 'super-website'. Someone should have told bill about phpbb.

phpbb.com, not org.. sorry

phpBB, vBulletin, mysqladmin, postnuke, phpDiplomacy (shameless self promotion), etc, etc; none will work until they've been ported to the new PHP5 OO model, and once they've been ported they won't work on PHP4.

They should leave in backwards compatibility for the class based OO model which <PHP5 uses. Once they bring out PHP6, PHP5 will be the only version which runs new and legacy PHP scripts, so PHP5 will clearly become the standard for a long time.

I'm a big fan of PHP, but with so many apps (e.g. my university's timetabling app) still in PHP3, all the rest in PHP4, both becoming obsolete, changes to the API, even changes to what's allowed within the same version; I'm starting to wonder if I should have focused on a more stable language like python or perl instead.

I'm involved with a project that is looking to develop an online community for technology oriented business customers.
Sell your idea to ebay, they might like you. (and the highest bidder wins!)


  If you could develop an online community to encourage collaboration and information sharing, what features would you want included?
That's easy, BitTorrent.


  How would you go about including features that are widely available in other places (weblogging, message boards, wiki) and generating buy-in from customers.
1) Visit homepages of said OSS
2) Get the sources
3) Right-Click Ctrl-V
4) Get headache integrating code from multiple projects^W4) Discover 'magical' missing libraries^W4) Consider rewriting everything with existing code as reference^W4) Give up^W4) ????
5) Profit!

phpBB also has this option. They call it "sandboxing".

It's a really dirty measure, though. It was once used on a forum that I go to and the person who was collectively ignored didn't notice until months later.

• Wikipedia
  
• Firefox
  
• OpenOffice
  
• BitTorrent
  
• MediaWiki
  
• Xvid
  
• phpBB
  
• Outfoxed
  
• Dyne:bolic
  
• GIMP
  
• Apache
  
• SourceForge
  

Wordpress 2.0, Spam Karma, Bad Behavior, PhpBB all completely rock.

here's the top ten - Wikipedia, Firefox, Open Office, Bittorrent, MediaWiki, Xvid, pbb, Outfoxed, dyne:bolic, GIMP, Apache and SourceForge.

In case, like me, you're wondering what on earth "pbb" is, let me spare you the searching:

"pbb" at Wikipedia redirects to "Polybrominated biphenyls", with no disambiguation link.

"pbb" on Google returns nothing remotely related to open source.

"pbb open source" on Google returns phpBB at the top.

So why the zark does the summary say "pbb"?

Java is far from dead. In fact it recently overtook C++ on sourceforge for the number of projects in development. See here...http://www.jroller.com/page/matsh?entry=jav a_history_was_made_today.

Try comparing LAMP to LAMJ. Use Linux because it the best for servers. Use Apache to server up the static content because it's the best at that. Use MySQL as the database. Then, really, the only thing to compare is Java vs. PHP and that really just depends on your project.

Some things are pre-build in PHP and so easy to use that it makes no sense to take the time redo the work in Java. A great example of that is phpBB http://www.phpbb.com/ . I wouldn't dream of rewriting a BB when it only takes an hour (maybe two) to install phpBB but I will spend the time to make a Java program that uses the same database as phpBB to create a customizable RSS feed based off of personal encrypted tokens that pulls only the thread that person wants from those boards. So, there you have it! JLAMP!

The main difference between the two is this...

• Java
  
• Dependable and proven
• Compiled (so it runs faster than PHP which is interpereted for server side programming)
• More extensive and versitile libraries
• Better programming environments
• Multi-threaded to better handle heavy loads
• Better pay in the market place so keep those skills up!

• PHP
• The latest Fad in server side technology (ah, I can here the flaming now, but you can't deny the truth)
• More community support
• Slightly easier language to learn
• Easier environment to setup and install to
• More pre-written solutions that you can plug in less than an hour

The main thing is to get the job done quickly, done well, and be easily maintainable. That might just mean mixing technologies. I am a huge fan of Java (except for applets, whoever uses applets should be shot) but only an idiot would not use all the tools at hand.

A few links for completeness:

It's "rival": phpBB.
A description of forum software on Wikipedia.

(0 == "a")

No. If that were true, then they would have seen far greater adoption rates. PostgreSQL has a history of difficult installations

I'll second that. Last autumn I tried to switch my phpBB-centric sites from MySQL 4.0 to PostgreSQL 7.4. After a week's efforts to get my databases converted, the results were these:

• I can tell anyone is lying who says getting PostgreSQL up and running for the first time is not harder than MySQL.
• I had found tons of URLs that used to contain tools designed for the purpose.
• I had found several Perl-tools that I wasn't able to get to produce anything more useful than several error messages. Several other tools I found that were written C or other languages were as lucky...
• ...except one simple PHP script. After some modifying and changing the allowed memory usage in php.ini to about 20-fold.
• And finally, that when I did things in things in the order of 1) installing phpBB normally, 2) deleting the contents of the created tables with phpPgAdmin and 3) importing the newly converted ex-mysqldump which had to be created by phpBB's backup database option without the table structure, I could have my sites working as read-only archives.

So, while I knew the best solution for my current and future database needs (in terms of license and features) was PostgreSQL, I wasn't able to find a way to move my sites from MySQL to PostgreSQL without sacrificing all the messages and user accounts in my forums.

Seems that the home page of mysql2psql at least has been updated since I last checked, so it could finally do what it is supposed to. It sure should if switchers from MySQL to PostgreSQL were considered welcome.

Lame =).

I don't know what's more lame, the phrase you were referring to, our your attempted use of BBCode on Slashdot.

phpBB 2.0.11 was a 0.1 release that fixed a hole used to exploit a few thousand servers...

yeah, because php is really secure

It relies on the proprietary database that has been around since the BBS days! Furthermore, you have to pay extra to support Internet gateways (even POP3). The licensing model runs exactly like most pre-Internet BBS/mail server software, which you definitely want to avoid. But the worst part is that you MUST use the settings file (which resembles 'skins' for media players) to connect EVERY FirstClass site! There are cheaper and more interoperatable alternatives even back in 1980s, and it is totally useless for setting up any new site in the post-Internet world we live in. If you want to run a bulletin board, you're better off using phpBB, which is open sourced, supports open protocols and requires ZERO client software.

Funny, they're using some of the phpBB icons for the menu on the top of their site:

The download icon:
http://www.daffodildb.com/images/download.gif
http://www.phpbb.com/images/b_downloads-over.gif

The forum icon:
http://www.daffodildb.com/images/forum.gif
http://www.phpbb.com/phpBB/templates/subSilver/ima ges/folder_big.gif

The buy icon (can't find this right now on phpBB's site, but I'm sure I've seen it there before):
http://www.daffodildb.com/images/buy.gif

Funny, they're using some of the phpBB icons for the menu on the top of their site:

The download icon:
http://www.daffodildb.com/images/download.gif
http://www.phpbb.com/images/b_downloads-over.gif

The forum icon:
http://www.daffodildb.com/images/forum.gif
http://www.phpbb.com/phpBB/templates/subSilver/ima ges/folder_big.gif

The buy icon (can't find this right now on phpBB's site, but I'm sure I've seen it there before):
http://www.daffodildb.com/images/buy.gif

It seems that Slashdot has a bizarre obsession with Microsoft. Ever since SP2, security problems have been few and far between, and even when highly theoretical in nature, they are splashed all over slashdot front page multiple times.

When an open source project completely shuts down due to rampant security problems, it doesnt even make the slashdot front page!

So slashdot, without any security problems to speak of, publishes one story about Microsoft making record revenues and then another that inexaplicably claims Microsoft is "in decline".

This pathetic obsession is really getting tiring... we have been reading this drivel since 1998 and, no, it is still not the year of Linux. Please.. get a new crusade! THANKS IN ADVANCE !

I love how when open source software suffers from such rampant security flaws, it has to shut down completely and doesn't even show up on Slashdot front page.

But Microsoft release a routine patch and Slashdot pastes it all over the news.

The method in the first post here is currently effective against both - which are PITA DoS attacks, even if phpBB is patched or updated, unless blocked by this or a similar method.

This is a phpBB bug.

"that's not what topics on phpBB.com"
Except http://www.phpbb.com/phpBB/viewtopic.php?t=244451, right?

You say that "it doesn't have to do with unpatched phpBB installations." And you also provide a link to the phpBB forum to "prove" it.

You're still wrong, though.
There have been many problems found with old versions of PHP, but this is a specific problem with phpBB

Here's part of my proof:
http://www.phpbb.com/phpBB/viewtopic.php?t=240513

I'm not particularly pro- or anti-phpBB, I just like people to be informed of the facts.

Don't spread FUD.

Sourceforge offers release trackers which the phpBB team openly point people to if they want mail updates: http://sourceforge.net/project/filemodule_monitor. php?filemodule_id=28882

Plus it is not something that you can find mentioned prominently on their site. You have to search through the forums to find mention of it.

Or of course, there is the RSS feed : http://www.phpbb.com/rss.php

And, after 'popular demand' they are currently working on a special security mailing list that people can subscribe to.

It is hard to tell from the forums that they were going to do this since they have closed all the threads related to a mailing list. They did not say that they were creating one from my reading of the threads. But I could have missed it somewhere :)