Open sourcing pouet.net ?
category: offtopic [glöplog]
kusma: apparently we do. This clusterfuck keeps getting worse.
//if($_SESSION["SCENEID_ID"]==2100)
// $comment = "hi! i'm dubmood and i suck!\n\nps. i have a small penis.";
// $comment = "hi! i'm dubmood and i suck!\n\nps. i have a small penis.";
oh, this thread is pure love.
i wonder how much time we have left until someone finds a security hole in the sources and wipes the entire db, both for lulz and to check whether there's a backup at all. or messes with it enough for admins not to notice right away, but after a point when there's no clean backup.
that said, analogue, you should hurry and dump the pouet db into the warm hands of openness, as i said earlier. everyone would totally benefit from it!
i wonder how much time we have left until someone finds a security hole in the sources and wipes the entire db, both for lulz and to check whether there's a backup at all. or messes with it enough for admins not to notice right away, but after a point when there's no clean backup.
that said, analogue, you should hurry and dump the pouet db into the warm hands of openness, as i said earlier. everyone would totally benefit from it!
gloom: Seems so. Wow.
I hope there are daily/hourly backups of the prod db. The old pouet code doesn't strike me as particularly sql injection safe. With the code now published it would probably not take much time to have a bit of fun with that.
Quote:
AMcBain: ok, want me to rollback to pre shared coding ? I sure can.
Just stop it. You know that's not your only option. You can actually ask them. Even if they do end up saying "you can have it" like you indicated, that's more sound than just saying they would. You can also list all the proper contributors, their contributions, and exempt them from the license you chose (I think that's possible, things like VLC have various different parts under different licenses but IANAL). You're also free to rewrite their code under the new license too.
w23: the DDL dump is there, https://github.com/lra/pouet.net/blob/master/pouet.sql
Dumping the data makes no sense.
If anything bad happens, we can rollback. Feel free to do a security audit.
Dumping the data makes no sense.
If anything bad happens, we can rollback. Feel free to do a security audit.
Quote:
i wonder how much time we have left until someone finds a security hole in the sources and wipes the entire db, both for lulz and to check whether there's a backup at all. or messes with it enough for admins not to notice right away, but after a point when there's no clean backup.
let's start posting here then!
AMC: I just asked
Want me to bitch about the design, db and name over Gargaj pouet v2 ?
I sure don't care, and I'm sure they feel the same.
Want me to bitch about the design, db and name over Gargaj pouet v2 ?
I sure don't care, and I'm sure they feel the same.
Defiance: Awesome tip!
Since you asked so nicely: I hereby place my pissy little slightly-more-than-0% contribution to Pouet into the public domain.
In return, I request that the copyright notice is changed to - at minimum - "Copyright (C) 2000-2013 Laurent Raufaste and contributors".
In return, I request that the copyright notice is changed to - at minimum - "Copyright (C) 2000-2013 Laurent Raufaste and contributors".
gasman: done, if you want your name there, pls go ahead.
What Gasman said for my part as well.
Lator: It's mostly the Zend-style "MVC" aka "let's use as many source files as possible without any discernible connection between them" that I'm so against. There's ways around it, and yes, using an API for model access solves the biggest of the problems quite nicely already...
... if the API is any good. Looking at the 0.9 code and Analogue's plan to improve on that foundation, and looking at the SQL schema which is a big pile of o.O, I sincerely doubt it will be.
And yeah, ORM. If the database is to stay in a shape like this, I'd say ditch SQL completely and use some cheap key/value store instead. Zero foreign keys (so no chance for the ORM layer to find out wtf all those IDs are if you don't want to code everything twice AGAIN), and everything's so hardcoded that you could have gotten away with a few text files instead. On the other hand, if let's say there'd be an acceptable database schema behind everything, it'll be fun to convince the ORM not to perform 100000 joins every time. I still doubt it'd be too much of an advantage.
... if the API is any good. Looking at the 0.9 code and Analogue's plan to improve on that foundation, and looking at the SQL schema which is a big pile of o.O, I sincerely doubt it will be.
And yeah, ORM. If the database is to stay in a shape like this, I'd say ditch SQL completely and use some cheap key/value store instead. Zero foreign keys (so no chance for the ORM layer to find out wtf all those IDs are if you don't want to code everything twice AGAIN), and everything's so hardcoded that you could have gotten away with a few text files instead. On the other hand, if let's say there'd be an acceptable database schema behind everything, it'll be fun to convince the ORM not to perform 100000 joins every time. I still doubt it'd be too much of an advantage.
Quote:
If anything bad happens, we can rollback.
How is a rollback even remotely helpful in the case of an SQL injection?
"To the time machine!"
bump: https://github.com/lra/pouet.net/blob/master/solo2_tagcloud.php
Quote:
//if($_SESSION["SCENEID_ID"]==2100)
// $comment = "hi! i'm dubmood and i suck!\n\nps. i have a small penis.";
Really glad I managed to piss someone off to the point that he/she wasted time doing that. Smells like... smells like victory.
kb: Then again. 0.9 code is 13 years old. So far analogue is the only one of the old developers that has made a statement of a feature platform that makes any sense at all. And as I requested the API should be developed in open from the beginning. Since only then will it be accepted by more sites wanting to do kindof the same stuff with or without christian out reach moral censorship.
And once you made the API caching is trivial (and fun) to implement.
And once you made the API caching is trivial (and fun) to implement.
feature and future is *always* the same thing
I request that the API should be implemented in Object Disoriented INTERCAL!
A Brainfuck-Lambda-Operator to rule them all!
Haskel est belle la vie...
i don't think old source code will help that much. What you need is a good understanding of database, and then start rewriting the website from scratch (using today technology). Not everything need to be done at first just very basic stuff (eg: a homepage and browsing prods). There is not that much work to setup such a very basic website for a skilled web developer, maybe just a few weeks. Then, if adopted by community, a progressive switch could be made and more advanced features could be added.
Having ALL features of current pouet in new website would require time; but its not that big (pouet is mostly viewing stuff, very few edit pages). There is also lot of things people can live without at first.
About how it should look :
I don't think current pouet layout sucks, i like that blue trumpets and good old tables layout. This doesn't need to be changed in my opinion. But be honest, there is TONS of things that could be improved without changing look too much.
Having ALL features of current pouet in new website would require time; but its not that big (pouet is mostly viewing stuff, very few edit pages). There is also lot of things people can live without at first.
About how it should look :
I don't think current pouet layout sucks, i like that blue trumpets and good old tables layout. This doesn't need to be changed in my opinion. But be honest, there is TONS of things that could be improved without changing look too much.
