You are not logged in.
I think Trilby was making a bit more of a principled argument against "code X hasn't seen updates in years, that implies it's now full of security holes".
Manually validated code written in assembler 60 years ago and not touched since then has not grown some security issues in the meantime, there's no unexpected behavior.
Any kind of complexity (internal or external dependency) raises chances of issues but code is either subject to a CVE or it's not and it's impossible to say that by superficially looking at some timestamp.
(Schrödinger's code, but whenever you're dealing w/ WAN facing code, the assumption has to be that the cat is dead)
Wrt the software at debate, https://github.com/phpbb/phpbb has seen the last stable release 2 months ago and the last commit 2 days ago.
It's actively maintained and I bet your right arm that there're currently several security holes and bugs in the code. But when they show up and get reported there's a very good chance that you're also getting a timely patch for that. And that's what the world is running on.
Offline
My point was only precisely what I said it was. Many windmills have been now taken down - but no one cared about them anyways. The fact that software has gone a long period of time without updates is not sufficient to infer that it is unsafe / insecure to use. Period. For some reason certain flavors of intellect here a statement that X is not sufficient to conclude Y, and somehow hear it as Y must always be false, and then react to that imagined but never stated proposition.
As for forum complexity, some forums (cough, discourse, cough) are ridiculously complex. But forum software can also be *very* simple. Not a whole lot more than a simple html page. Having written forum software, I'm comfortable saying that. Admitting that they don't know how forums work under the hood, others have said the opposite. I guess they just said it louder. And that's all that matters in today's social discourse. So I yield the point.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
My point was only precisely what I said it was. Many windmills have been now taken down - but no one cared about them anyways. The fact that software has gone a long period of time without updates is not sufficient to infer that it is unsafe / insecure to use. Period. For some reason certain flavors of intellect here a statement that X is not sufficient to conclude Y, and somehow hear it as Y must always be false, and then react to that imagined but never stated proposition.
As for forum complexity, some forums (cough, discourse, cough) are ridiculously complex. But forum software can also be *very* simple. Not a whole lot more than a simple html page. Having written forum software, I'm comfortable saying that. Admitting that they don't know how forums work under the hood, others have said the opposite. I guess they just said it louder. And that's all that matters in today's social discourse. So I yield the point.
What is this forum run on? I just looked on the source code and didn't see anything obvious in the top few lines of code. It just looks like a html page prima facie but I am not too sure what I am looking for, not being familiar with 'forum code'.
Also, I know you felt strongly about it in the previous thread I originally linked, since this one is considered deprecated and being used a/the reason/excuse to upgrade...do you think it is unwarranted, given your previous point about false obsolescence?
It is pertinent me asking because, as I have already stated, this is probably my favorite forum for speed and simplicity.
Not being any kind of expert in forums though I don't want to go down a 'dead end' and have to switch in the near future and the disruption that would entail having built up some kind of user base. That is really why I am asking, if they code is fine and I could use it happily indefinitely or if that is deemed an erroneous excuse for other motivations parceled into that.
Last edited by archuser38013 (2024-08-10 06:32:16)
Offline
What is this forum run on?
Look into the lower right corner of the web page or serach it for "powered by"
Offline
It just looks like a html page... not being familiar with 'forum code'.
It is just an html page. There's no such thing as forum code. It's just a website. There also needs to be some form of data back-end, but that can be as simple as a handful of lines of php and a well-structured sqlite database. This is comparable to a wide range of other types of website. It's just a forum, not an operating system.
I know you felt strongly about it in the previous thread
While I do like fluxBB, and I find most more "modern" alternatives to be giant steps backwards, I have no issues at all seeing fluxBB get retired. My strong(est) feelings have been about the manner in which a replacement has been decided on and the misconduct that went into that process.
this one is considered deprecated and being used a/the reason/excuse to upgrade...do you think it is unwarranted
That depends on precisely what the pronoun "it" (in "it is unwarranted") actually represents. Remember:
... X is not sufficient to conclude Y, and somehow hear it as Y must always be false
First, fluxBB has never been deprecated by the software definition of that term. It has not had any code changes in several years and it's homepage has gone offline (not the code hosting, just the home page itself).
For comparison, the openbox window manager has not had any code changes in nearly twice as long, their homepage has also disappeared, and yet it is one of the most frequently recommended window managers (for standalone window managers). And a window manager is several orders of magnitude more complex than a web forum - and more vulnerable to serious security concerns.
So whatever negative marks go to fluxBB for being "unmaintained" go double for openbox. But doubling zero is still zero! The lack of code changes is simply not a reason to switch.
But this does not mean there are not good reasons for this community to replace fluxBB. if there are unresolved security issues, then that's a good reason to change. Or if our community wants to sneak in some feature to the forums that fluxBB does not support, then that could be a reason (though whether it's a good reason is debatable).
But people should be looking at the real reasons for the proposed changed, because "fluxBB development has stalled" simply ain't it. That's a lie to keep people from looking much closer.
Some time back there was pushback against some SSO proposals. That topic went on the back burner until it found a champion in "replacing the forum". Suddenly the fact that fluxBB didn't support SSO was the reason to ditch fluxBB. But if this were too transparent, people might again ask, do we really want that SSO stuff? To avoid any such discussion of the actual issues, the forum replacement was instead pushed on this false narrative that "old is inherently bad" so fluxBB must go.
So is fluxBB still good to use?
- It's age is irrelevant to whether it can be good to use.
- It's lack of SSO integration is only relevant for those who want to use SSO, do you?
- Any un-patched security vulnerabilities could mean it's not good, but:
- What are those vulnerabilities: I don't doubt that they exist, but the suspicion of them is not relevant
- Do the actually existing vulnerabilities even apply to your use case? See the 0.0.0.0 bug thread for analogy: some vulnerabilities even if they exist, may not apply to your use case.
- Unmaintained code can sometimes be an advantage:
- I gave up on the wayland compositor I had written because I could not keep up with the drastic API-breaking changes that came with every minor version release of the wlroots library: I had to rewrite my compositor from scratch for every upstream release. Now don't over-interpret this either, I'm glad wlroots continues to develop, but actively maintained and changing code does present a hurdle for any projects relying on that code.
... this is probably my favorite forum for speed and simplicity... I don't want to go down a 'dead end' and have to switch in the near future
You've been pointed to phpBB as well which is very similar to fluxBB but may be actively maintained. Somehow most people feel that this makes phpBB a much better option. I think it's a point in phpBB's favor, sure. But phpBB development could stop at any moment, at which point phpBB will be in exactly the same category as fluxBB.
We cannot predict the future. But we can see that whatever fluxBB did with their fourm, they made it so it managed to still be functional for many years after it's development stopped. If you really prefer fluxBB to phpBB, then it seems reasonable that this could offset the one point in favor of phpBB due to it's active maintenance.
While we cannot predict the future, you can assess how responsive you want your forum project to be to future developments. If your user-base is the type to want new features arriving all the time in the tools they use (AKA Apple fans) then fluxBB would be a bad choice as nothing will be added. If instead you favor a (closer to) set-it-up-and-forget-it approach, fluxBB might not be a bad choice.
So all in all, what forum software would I recommend using? Whichever one meets your needs. NOT whichever one fits the political machinations of another community's leadership.
Last edited by Trilby (2024-08-10 13:56:54)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
A few stawmen are roaming this thread, so let direct our searchlights at them.
Nobody claims the gist of the problem is bugs appearing in software with time.⁽¹⁾ The bugs are already there. What appears with time is the need to fix them upon manifestation. That is the part missing in unmaintained software.
Existence of specific bugs in a single piece of software doesn’t have to be proven. The bugs are there in the probabilistic sense.
A product doesn’t need official, authoritative deprecation message to become outdated. In fact nearly none ever do. So not seeing one is meaningless here.
It’s misdirecting attention from complexity of software to first state it can be made with static documents,⁽²⁾ then add a “but”. Then handwave and say “there is no complexity to see here, just a some forum handling PHP”, and move on. That is exactly where the complexity and the problems are.
Also: comparing two arbitrarily chosen pieces of software makes sense only if that comparison is somehow representative for the population. Which is not the case here.
Trillby: In the 0.0.0.0 thread you pointed to a data(!) file being a security risk, hence requiring maintenance.
____
⁽¹⁾ Though they do.
⁽²⁾ Which already is ignoring that bugs can also exist in static documents and they also may need updating. E.g. HTML interpretation changes over the years. One might claim that documents should be interpreted as if they were upon their creation. But that can’t be applied to invalid documents, which never had a defined interpretation. Where to find such a document? You are reading one right now.
↓ Here you may see a note about an edit. That edit is caused by me having to circumvent a bug in unmaintained software. Touché́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́́!
Last edited by mpan (2024-08-10 16:14:09)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
Are you joking, Mpan? Literally every you just said is contradicted by your own previous statements in this thread and the 0.0.0.0 thread. I really can't be bothered to quote line-by-line as you are not engaging in honest discussion.
As for two arbitrary pieces of software, you mean fluxBB and phpBB? How is that arbitrary? The first is the very example of the OPs goal, and the latter has been offered as the most likely alternative to satisfy the OP's goals. Who gives a shit about the "population"? I'm trying to help the OP make informed choices to meet their goals, not your goals or that of some unspecified larger population. EDIT: or perhaps you mean the comparison to openbox?? But that'd make even less sense.
Last edited by Trilby (2024-08-10 18:18:38)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
A few stawmen are roaming this thread, so let direct our searchlights at them.
It would probably help if you're also point one or two fingers at them - can't make heads and tails out of the post.
Yeah, nobody has arguing this… so where's the strawman??
Offline