Don't slice the messenger
Recent › Forums › Main Forum › Suggestion Box › Forum Usability Notes and Requests › Don't slice the messenger
- This topic has 13 replies, 7 voices, and was last updated 08/14/2017 at 9:52 am by developer (ChrisB).
-
AuthorPosts
-
08/12/2017 at 8:49 pm #40587
Honestly, and I’m not trying to give Chris or anybody else at WE a hard time: my suggestion is to dump this forum software like a bad date. WordPress is an excellent CMS platform – it is great for blogging, for general web sites, and for giving the non-technical user some semblance of power and control.
However, despite attempts, it is not software that can “do everything.” No software can pull that off. Find a forum specific software that does only forums; it’s going to be more reliable (how many crashes with lost data have you had this year? If you say more than zero, that’s too many, IMO), have a better feature set, enable better portability of data, all those things that are soon going to overwhelm you…including security.
Wordpress is a leading threat vector for attacks; sooner or later, it will happen to you. You will discover that somebody took advantage of known vulnerabilities in WordPress to compromise and control your site. It is virtually guaranteed in today’s web space, and it’s a real PITA when it does happen. I was the CTO at a hosting company, and I regret that we ever got involved with WordPress – supporting the security was a nightmare.
I would make another suggestion that goes with this: you have a forum on the Internet, which is great – and for many users, that’s all they will ever need or want. However, there is another class of user who is arguably at least as important, and they will never use an Internet-based forum: these are the FaceBook people. It’s a completely different dynamic, and a powerful dynamic. Businesses ignore this dynamic at their own peril; most businesses have, as part of their customer support and communication plan, the establishment of an Internet forum and the establishment of a Facebook forum.
(If I was more jaded, I might request that you get the Facebook stuff rolling soon, so that you keep the FacePlace people away from me over here; but I’m kinder and gentler these days, so I would never say that. I would just emphasize that the FacePlace people really do need their own space.)
As far as software goes, I know that vBulletin XenForo are popular. I have no idea of relative merits, nor of what else might be available. Might be worth a look.
I know, this is huge. I really do believe that it would, in the longer run, be worth it in terms of stable uptime, data retention, and security.
As somebody with advanced terminal cancer, there will be dark days when I complain about things you say for no apparent reason. Please consider this my apology in advance for such times. There will be days that what I say is clearly wrong, making no sense: on these days I will often be argumentative. Please do not "let me slide" at such times, but rather call me out, point out what is factually wrong, and demand I explain my position. Please also consider this my apology in advance for such times.
3 users thanked author for this post.
08/12/2017 at 9:56 pm #40588Great points Bob!
1 user thanked author for this post.
08/13/2017 at 2:22 am #40589I beg to disagree, Bob. I find this forum now one of the most user-friendly fora I know. There have been crashes in the past, but those were due to implementation issues or hosting problems. I do agree that it might have been cheaper to use dedicated forum-only software, although I have no insight in the prices.
What are the specific problems you have with this forum software? The thing you mention is its security. I think this is no different for WordPress than for most other web-based software. My WordPress blogs are stable as a rock and have never been successfully attacked. Also, we now have much better spam control than with the previous forum.
Molecule Polishing: my blog about sharpening with the Wicked Edge
1 user thanked author for this post.
08/13/2017 at 12:16 pm #40595I beg to disagree, Bob. I find this forum now one of the most user-friendly fora I know. There have been crashes in the past, but those were due to implementation issues or hosting problems. I do agree that it might have been cheaper to use dedicated forum-only software, although I have no insight in the prices.
What are the specific problems you have with this forum software? The thing you mention is its security. I think this is no different for WordPress than for most other web-based software. My WordPress blogs are stable as a rock and have never been successfully attacked. Also, we now have much better spam control than with the previous forum.Mark,
You beg to disagree with what? I made quite a few assertions in my post. I will, given your lack of specificity, assume that we are going to talk a bit about security. I will dispense with anecdotal reports after this: I had 400 sites in our data center; about 70 of those were WordPress. Oftentimes they had been compromised, and remained compromised, without the owners knowing that fact until I notified them that my tools were seeing network traffic indicative of malware originating from their server.
Here’s an example of a publicly disclosed vulnerability, reported on June 30, 2017. A company was working on a stats plug-in; according to them:
“Facebook
Twitter
Instagram
WordPress Vulnerablity Disclosre
SQL Injection Vulnerability in WP Statistics
JUNE 30, 2017JOHN CASTROESPANOLPORTUGUESSecurity Risk: Dangerous
Exploitation Level: Easy/Remote
DREAD Score: 7/10
Vulnerability: SQL Injection
Patched Version: 12.0.8
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues.While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites.
Are You at Risk?
This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress installation.
If you have a vulnerable version installed and your site allows user registration, you are definitely at risk.”
This illustrates the nature of the problems with WP quite nicely. While a core build may or may not be OK, the plug-ins – something that WordPress leverages in a way no other software does – add a layer of vulnerability.
OWASP additionally states: “There is a long list of recommended resources for securing aspects of the WordPress implementation.” The OWASP guide points out, rightly, that not only does a good security posture include the WordPress core, all plug-ins, the infrastructure, Apache, but it also includes mySQL, PHP – and these lists are quite long as well.
IN short: creating and maintaining a proper security posture for WordPress is quite difficult. For example, this plug-in might be compromised now; however, the malware might only be monitoring transactions, and unless there is a solid pre-emptive plan, the malware may be running unopposed.
The CVE database lists 1,114 security flaws in WordPress.
The CVE database lists 87 security flaws in vBulletin.That strikes me as a substantial gap between platforms.
As far as problems I’m having: well, I cannot format text in the editor. I think the user i/f is non-intuitive to the point of insanity. I routinely pick the wrong elements in the UIX for what I wish to do. I have never had that problem with vBulletin or XenFora.
Not knowing much about it, and not willing to learn it – that’s above my pay grade – I don’t know what is being done for SEO. For example, tags are not automatically filled in as far as I can tell. I have not, to the best of my knowledge, been provided with any suggestions for tagging so that SEO efforts are optimized. Are permalinks automatically created in SEO-friendly methods?
SPAM should not be handled by forum software, but by anti-spam software and/or hardware.
These are just my quick observations of higher priority issues.
YMMV,
BobW
EDIT so the link is not live: haaaattp://www.helltownknives.comI apparently hit another bug: if I link to a website as I did above, I’m not sure what happens aside from it crashing Chrome on the iPad.
Another feature that is not great – and I have seen other people mention it – private messaging.
As somebody with advanced terminal cancer, there will be dark days when I complain about things you say for no apparent reason. Please consider this my apology in advance for such times. There will be days that what I say is clearly wrong, making no sense: on these days I will often be argumentative. Please do not "let me slide" at such times, but rather call me out, point out what is factually wrong, and demand I explain my position. Please also consider this my apology in advance for such times.
08/13/2017 at 12:56 pm #40596Gentlemen I think this is a Wicked Edge Knife Sharpening Forum. Your discussion or whatever it’s turning into is better placed elsewhere! Thankyou
Marc
(MarcH's Rack-Its)1 user thanked author for this post.
08/13/2017 at 3:48 pm #40598I do apologize. I thought when the developer – whom I respect greatly – posted the following:
I’ve created this new sub-forum (Suggestion Box | Forum Usability) so we can discuss various items that would improve forum usability. Please also post your suggestions and questions here.
We’d love to hear your thoughts on things that would make the forums easier/better.That rather meant that he would like to hear my thoughts on what would, in fact, make the forums easier/better.
Forgive me, I am new to your planet; I am sure that I will soon enough understand the finer points of your language.
As somebody with advanced terminal cancer, there will be dark days when I complain about things you say for no apparent reason. Please consider this my apology in advance for such times. There will be days that what I say is clearly wrong, making no sense: on these days I will often be argumentative. Please do not "let me slide" at such times, but rather call me out, point out what is factually wrong, and demand I explain my position. Please also consider this my apology in advance for such times.
1 user thanked author for this post.
08/13/2017 at 4:37 pm #40601Hello RL,
I think the message sent in response to Mark76 just came off a little confrontational. I don’t think you meant it that way but it did seem that way to some of us. Sometimes when a disagreement or difference of opinion arises maybe a PM would be better and I think the disagreement is cleared up quicker and a lot less public. I don’t personally understand the technical stuff when it comes to computers, security, and the like, as this is the first social media that I have taken part in. Never been on Facebook, twitter or any of that. I come to this forum to help and be helped with the quest for the illusive and in my opinion unattainable “perfect edge”. I know from your post about your experiences that your intentions are genuine and I hope that you will get with Chris because I do think that you have experience and knowledge that would benefit all of us.
I don’t think Mark76 was challenging you. I think he was trying to say that the site was working well for him. I of course am reading intent and that is almost always dangerous because our perspectives are all relative according to our experience.
I hope you take this as it is intended and thank you for responding. Some folks would not.
08/13/2017 at 8:13 pm #40606Fair enough. Just to be clear: in what follows, I’m neither trying to justify what I posted, nor argue for a particular position. I am only laying where I’m coming from out in front of the group, no more, no less.
In my experience – I was involved in a lot of facets of IT since 1986, including at one point from 99-01 sysmodding a forum with an average post count of 300,000 posts per month – if we don’t debate ideas, and back up those ideas with facts, we pretty quickly lose the thread. I’ve seen many discussions of security especially go nowhere precisely because people are unwilling to confront the hard ideas and work through the difficult questions. I’ve seen many companies lose quite a bit of money because their foundation is built on half-truths; I saw one company paying over $120k in IT support costs when they were down 40% of the time; when their computers and software were years out of date; when their “IT Guy” was only charging them $30/hr. They were floored when I reorganized their operation, and got their support costs down to $20k/year, with new hardware every 2 years, and I was charging $150/hr.
There is a right way and a wrong way. The right way is characterized by open challenging of ideas and mutual respect.
I, too, care quite a bit about the WE company and products. When there was a call by Chris to discuss ideas about the forum, I was very enthused. I (perhaps too enthusiastically) laid out some of my ideas and opinions. That’s all. I actually am quite glad that Mark76 challenged those ideas – in my opinion, that sort of challenge and response cannot be replaced. It’s fair to say that I think more highly of Mark76 for doing just that, for through the open expression of disagreement about old ideas, new & better ideas are born in my experience.
I certainly don’t think I’m better than anybody else posting on this forum. I think we are all equals. I also think it would be a mistake to discourage the open and honest exchange of ideas in any way. That strikes me as antithetical not only to the development of new ideas about the subject matter, but absolutely antithetical to the entire concept of a message board designed to encourage communication.
However, I will abide by the conclusions that some of you have reached, and I will keep my hole shut in the public areas of this forum as a necessary step I should take in keeping the peace. Not a problem at all, and thank you for bringing this to my attention.
Sincerely, and with respect,
RLDubbya
PS One last thing before I shut up: I’m off to sharpen some custom knives for a big game guide!
As somebody with advanced terminal cancer, there will be dark days when I complain about things you say for no apparent reason. Please consider this my apology in advance for such times. There will be days that what I say is clearly wrong, making no sense: on these days I will often be argumentative. Please do not "let me slide" at such times, but rather call me out, point out what is factually wrong, and demand I explain my position. Please also consider this my apology in advance for such times.
08/13/2017 at 10:01 pm #40607Maybe I should have just stayed out of it and waited for Mark76 to respond, hope he does. You certainly understand this stuff better than I and, like I stated, trying to read the intent is almost always dangerous, please except my apology. Certainly did not intend to inhibit the exchange of ideas and I certainly don’t want to “shut you up” and I’m very sorry if that is what you got from what I said, not my intention. I hope Chris and Clay can use the information you can provide. All the best!
08/13/2017 at 10:14 pm #40608Personally I took it as constructive criticism, especially given the sub forum heading its listed under, and I believe Clay and Chris would see it the same although I can’t speak for them.
My business site is WordPress, which has worked great for me as well (just like mark) but I also always am seeing updates rolling out because of some weakness being exploited by hackers – not that anything is invincible to this. I know the WE forum has been “hijacked” a couple times over the years but not sure if it was on WordPress at that point. Anyway, it’s always a good idea to discuss improvements in an open and honest way without any hostility – which I don’t sense here.
Just my .02 🙂
1 user thanked author for this post.
08/13/2017 at 10:57 pm #40609What about hosting forum in cloud? Then you shouldn’t worry about security, installations, updates.
1 user thanked author for this post.
08/14/2017 at 6:09 am #40611This is the point I don’t agree with:
my suggestion is to dump this forum software like a bad date
I’ll explain a few more reasons below, but the main thing is that I find this forum software very user friendly now.
I’m still not sure what you don’t like about it. Ok, the security (we have not a single hack yet, by the way). I don’t know a lot about that and you have obviously more experience with it than I do. But you also mention quite a few web-based software that’s been hacked lately. I think nearly all web-based software is vulnerable. This site has never been hacked and neither have my blogs.
For forum software, the most important thing to me is the functionality it offers. And in that respect, I like this forum a lot. I agree with you that it would be nice to format your posts better (although there are quite a few options already). But that’s only one of the few opportunities for improvement I see. And, to me, a minor one. Do you see other opportunities? Please add them to this forum.
I’m sorry if you got the idea I was challenging you. I’d just like to know what you’d like improved (and we now have an entire subforum to post your ideas 🙂 ).
Molecule Polishing: my blog about sharpening with the Wicked Edge
08/14/2017 at 9:34 am #40613Hi All, sorry to be late to the game. It was the last weekend before back-to-school here in Denver, and so I maximized the time with my daughters (I got beat in UNO, putt putt golf, and other activities).
I’m all for the discussion, so no worries. But I do try to walk that fine line of soliciting forum feedback while keeping the focus on WEPS and sharpening. I have my feet in both worlds (forum and sharpening) and couldn’t be happier to discuss it with you all – this forum has very high quality discussions.
Briefly, on the topic of the forum software/platform. Just to keep my forum role in context, I’m just in a role to support Clay and team, meaning I’m not a decision maker. I do of course make recommendations, but I mainly want to take what-is, and make it better.
For the forum platform, it does seem like we’re doing pretty well on our current setup. One thing that may not be visible is just how heavily Wicked Edge invests in highly secure and redundant cloud hosting (pagely.com); it’s not cheap and it’s specifically designed to protect against the security and performance shortcomings otherwise found in wordpress.
In the technology realm, I’ve come to realize it’s usually a case of pick your poison. So, our wordpress/bbpress forum has its strengths and weaknesses, and so we take steps across the board to compensate for the weaknesses. Regarding attack vectors, wordpress is a case of ‘availability bias’ meaning it’s so popular and widely used that naturally there are more cases of attacks and compromises; yet there’s also good reason for the wide popularity that makes it such a target.
Just PM me any time if there’s a tech topic on your mind. I’m not against any of these conversations on the forum, but I do want to make sure we keep the focus on sharpening.
Thanks all!
Chris
Working to make knife.wickededgeusa.com a great forum!
1 user thanked author for this post.
08/14/2017 at 9:52 am #40614One more note, about facebook… No doubt RLDubbya, it’s a massive factor for companies to use to interact with customers. And, I’d say Wicked Edge has done a world class job of using facebook, going back to the early days of facebook. Wicked Edge comes across as authentic, relatable and has been extremely responsive on facebook. With 177k facebook followers, Wicked Edge is in elite company. That success is all Clay and team, putting in the effort on facebook and being willing to engage in real discussions there.
For facebook vis-a-vis the forum, I’d say we need to engage in both.
Working to make knife.wickededgeusa.com a great forum!
-
AuthorPosts
- You must be logged in to reply to this topic.