pouët.net

Go to bottom

Open sourcing pouet.net ?

category: offtopic [glöplog]
kusma: apparently we do. This clusterfuck keeps getting worse.
added on the 2013-05-07 21:11:46 by gloom gloom
//if($_SESSION["SCENEID_ID"]==2100)
// $comment = "hi! i'm dubmood and i suck!\n\nps. i have a small penis.";
added on the 2013-05-07 21:12:33 by D.Fox D.Fox
oh, this thread is pure love.
i wonder how much time we have left until someone finds a security hole in the sources and wipes the entire db, both for lulz and to check whether there's a backup at all. or messes with it enough for admins not to notice right away, but after a point when there's no clean backup.

that said, analogue, you should hurry and dump the pouet db into the warm hands of openness, as i said earlier. everyone would totally benefit from it!
added on the 2013-05-07 21:14:46 by provod provod
gloom: Seems so. Wow.
added on the 2013-05-07 21:15:16 by kusma kusma
I hope there are daily/hourly backups of the prod db. The old pouet code doesn't strike me as particularly sql injection safe. With the code now published it would probably not take much time to have a bit of fun with that.
added on the 2013-05-07 21:15:47 by D.Fox D.Fox
Quote:
AMcBain: ok, want me to rollback to pre shared coding ? I sure can.

Just stop it. You know that's not your only option. You can actually ask them. Even if they do end up saying "you can have it" like you indicated, that's more sound than just saying they would. You can also list all the proper contributors, their contributions, and exempt them from the license you chose (I think that's possible, things like VLC have various different parts under different licenses but IANAL). You're also free to rewrite their code under the new license too.
w23: the DDL dump is there, https://github.com/lra/pouet.net/blob/master/pouet.sql
Dumping the data makes no sense.

If anything bad happens, we can rollback. Feel free to do a security audit.
added on the 2013-05-07 21:16:50 by analogue analogue
Quote:
i wonder how much time we have left until someone finds a security hole in the sources and wipes the entire db, both for lulz and to check whether there's a backup at all. or messes with it enough for admins not to notice right away, but after a point when there's no clean backup.


let's start posting here then!
added on the 2013-05-07 21:19:03 by Defiance Defiance
AMC: I just asked

Want me to bitch about the design, db and name over Gargaj pouet v2 ?
I sure don't care, and I'm sure they feel the same.
added on the 2013-05-07 21:19:05 by analogue analogue
Defiance: Awesome tip!
added on the 2013-05-07 21:22:41 by leijaa leijaa
Since you asked so nicely: I hereby place my pissy little slightly-more-than-0% contribution to Pouet into the public domain.

In return, I request that the copyright notice is changed to - at minimum - "Copyright (C) 2000-2013 Laurent Raufaste and contributors".
added on the 2013-05-07 21:31:39 by gasman gasman
gasman: done, if you want your name there, pls go ahead.
added on the 2013-05-07 21:35:52 by analogue analogue
What Gasman said for my part as well.
added on the 2013-05-07 21:38:55 by Gargaj Gargaj
Lator: It's mostly the Zend-style "MVC" aka "let's use as many source files as possible without any discernible connection between them" that I'm so against. There's ways around it, and yes, using an API for model access solves the biggest of the problems quite nicely already...

... if the API is any good. Looking at the 0.9 code and Analogue's plan to improve on that foundation, and looking at the SQL schema which is a big pile of o.O, I sincerely doubt it will be.

And yeah, ORM. If the database is to stay in a shape like this, I'd say ditch SQL completely and use some cheap key/value store instead. Zero foreign keys (so no chance for the ORM layer to find out wtf all those IDs are if you don't want to code everything twice AGAIN), and everything's so hardcoded that you could have gotten away with a few text files instead. On the other hand, if let's say there'd be an acceptable database schema behind everything, it'll be fun to convince the ORM not to perform 100000 joins every time. I still doubt it'd be too much of an advantage.

added on the 2013-05-07 21:49:19 by kb_ kb_
Quote:
If anything bad happens, we can rollback.

How is a rollback even remotely helpful in the case of an SQL injection?
added on the 2013-05-07 21:58:36 by gloom gloom
"To the time machine!"
added on the 2013-05-07 22:00:20 by D.Fox D.Fox
bump: https://github.com/lra/pouet.net/blob/master/solo2_tagcloud.php
added on the 2013-05-07 22:03:26 by skarab skarab
Quote:
//if($_SESSION["SCENEID_ID"]==2100)
// $comment = "hi! i'm dubmood and i suck!\n\nps. i have a small penis.";


Really glad I managed to piss someone off to the point that he/she wasted time doing that. Smells like... smells like victory.
added on the 2013-05-07 22:07:25 by Dubmood Dubmood
kb: Then again. 0.9 code is 13 years old. So far analogue is the only one of the old developers that has made a statement of a feature platform that makes any sense at all. And as I requested the API should be developed in open from the beginning. Since only then will it be accepted by more sites wanting to do kindof the same stuff with or without christian out reach moral censorship.

And once you made the API caching is trivial (and fun) to implement.
added on the 2013-05-07 22:10:06 by Hatikvah Hatikvah
feature and future is *always* the same thing
added on the 2013-05-07 22:17:31 by Hatikvah Hatikvah
I request that the API should be implemented in Object Disoriented INTERCAL!
added on the 2013-05-07 22:22:05 by kusma kusma
A Brainfuck-Lambda-Operator to rule them all!
added on the 2013-05-07 22:30:18 by Hatikvah Hatikvah
Haskel est belle la vie...
added on the 2013-05-07 22:40:30 by Dbug Dbug
i don't think old source code will help that much. What you need is a good understanding of database, and then start rewriting the website from scratch (using today technology). Not everything need to be done at first just very basic stuff (eg: a homepage and browsing prods). There is not that much work to setup such a very basic website for a skilled web developer, maybe just a few weeks. Then, if adopted by community, a progressive switch could be made and more advanced features could be added.

Having ALL features of current pouet in new website would require time; but its not that big (pouet is mostly viewing stuff, very few edit pages). There is also lot of things people can live without at first.

About how it should look :
I don't think current pouet layout sucks, i like that blue trumpets and good old tables layout. This doesn't need to be changed in my opinion. But be honest, there is TONS of things that could be improved without changing look too much.
added on the 2013-05-07 22:47:56 by Tigrou Tigrou

login

Go to top