Jump to content

How are we doing?


RichM

Featured Posts

43 minutes ago, Mike the Boilerman said:

Restoring to the previous software version would be the ideal solution in my opinion, given Ms Fish's opinion there is no improvement in the security. 

the improvements to security were probably nothing to do with YOUR security but more to do with the security of the forum software and it's ability to withstand various forms of attack.

as an example I remember a few years ago another forum I frequent was found to be vulnerable to sql injection attacks within posts, this meant that simply typing the following line into a post and hitting submit virtually destroyed the forum
'; DROP TABLE Users;--

another weakness that was found (also sql injection) was that it was possible to bypass the login system and log in as any user that you knew the username (but not password) for by entering their username and a password of anything' or 1 = 1

Edited by Jess--
  • Greenie 1
Link to comment
Share on other sites

8 minutes ago, carlt said:

They darken when you waggle your cursor near them.

If you mean a pointer, I haven't got one - I'm using a tablet with a touchscreen.

There seem to be 3 levels of contrast - one for the post text, one for things like the post timing and one very faint one for the post number, the 'quote post' button, and 'Report post'. I can only just see the last level, and see no means of increasing contrast.

Link to comment
Share on other sites

22 minutes ago, mross said:

They go from grey to black and are easier to see - not concealed.

They are practically impossible to see on my little notebook pc so perhaps "heavily camouflaged" rather than "concealed".

I still fail to see the point though.

Link to comment
Share on other sites

1 hour ago, carlt said:

They are practically impossible to see on my little notebook pc so perhaps "heavily camouflaged" rather than "concealed".

I still fail to see the point though.

 

Also, I see the Post Number is a link. One which takes you to... yes, the post you're looking at. How pointless is that!

Link to comment
Share on other sites

8 hours ago, Mike the Boilerman said:

Restoring to the previous software version would be the ideal solution in my opinion, given Ms Fish's opinion there is no improvement in the security. 

I'd agree with this - if it was feasible, which it may or may not be.  I always thought it was one of the nicer ones around; it would have been sad to see it replaced with something that actually improved things, let alone this. However, I'm not equipped to suggest anything better, so I'll leave my virtual 'long screwdriver' in my bag, hope our opinions are useful, and wish Rich M and those who are trying to find the most agreeable way forward the best of luck in their endeavours. It is good to see that user views are being sought.

Link to comment
Share on other sites

I think an opportunity was missed - given that the new software has performance issues compared to the old software, and current versions of other forum software; and that the change in usability was quite significant, it was an excellent opportunity to migrate to a different provider of forum software. Basically, Invision have leaned heavily on the inertia that most users wouldn't migrate away, in dreaming up the basically unnecessary V3 --> V4 rewrite. And in doing so, have missed the mark quite significantly regarding what actually makes forum software good. They tried to make it a jack of all trades but really they muddled up the usability for core users. Yes its not a simple process but there's companies out there which specialise in such jobs and their rates aren't totally unreasonable. We never quite got to the bottom of the relative loss of performance with V4 vs V3 (or evaluated competitor's forums on performance) but it was more of a usability perception than a simple numbers thing - although of course, anyone can evaluate the time it takes for a webpage to load. The fact that VNC wasn't present (by default) on the new software was picked up years ago but not acted upon until many weeks afterwards, similar with post numbers and date format (xxxxxxx ago instead of an actual date/time). The only real advantage was a MARGINALLY improved mobile skin, but this could have been so much better on the new version than it is. For me this was not enough of an advantage to justify upgrading. The security issues were, and still are, overplayed. There's other ways to close the vulnerabilities of the existing software which were not understood or explored properly, etc.

Link to comment
Share on other sites

Speaking as a confirmed Dinosaur without interest in the latest this that or the other I can only ask it is left alone and not changed yet again as I can now do everything I could with the old formatt so pleeeeeeeeeeeeese its fine now honest :D

Link to comment
Share on other sites

10 hours ago, Mike the Boilerman said:

 

RichM has consistently maintained the underlying reason for forcing the recent "upgrade" (downgrade would be a better term) on us was to address "security issues" in the previous software versions. 

I too remain to be convinced.  

I believe lulu fish fish was referring to SSL certificates, or the lack of in our case. This is when you see a padlock to confirm that the connection is encrypted over HTTPS. This is a necessity for pages which take sensitive details such as billing addresses and credit cards. We don't handle any of that as all transactions go through a payment gateway, i.e. PayPal.

That said, it is now considered best practice to use HTTPS and as such we will be installing a SSL certificate and soon. This will mean that all login sessions will be handled over HTTPS. 

The security enhancements I referred to previously were more specifically in regards to software patching which prevent against attacks such as SQL injection attacks which Jess-- kindly explained. 

10 hours ago, Mike the Boilerman said:

Restoring to the previous software version would be the ideal solution in my opinion, given Ms Fish's opinion there is no improvement in the security. 

I'm sorry you feel that way but in any case, there is no downgrade option from IPBoard 4.1 to 3.4. It would technically be possible to restore from an old backup meaning we'd lose 6 months of content but to be frank, I'm not doing it. 

9 hours ago, Jess-- said:

the improvements to security were probably nothing to do with YOUR security but more to do with the security of the forum software and it's ability to withstand various forms of attack.

as an example I remember a few years ago another forum I frequent was found to be vulnerable to sql injection attacks within posts, this meant that simply typing the following line into a post and hitting submit virtually destroyed the forum
'; DROP TABLE Users;--

another weakness that was found (also sql injection) was that it was possible to bypass the login system and log in as any user that you knew the username (but not password) for by entering their username and a password of anything' or 1 = 1

Thank you

1 hour ago, Paul C said:

I think an opportunity was missed - given that the new software has performance issues compared to the old software, and current versions of other forum software; and that the change in usability was quite significant, it was an excellent opportunity to migrate to a different provider of forum software. Basically, Invision have leaned heavily on the inertia that most users wouldn't migrate away, in dreaming up the basically unnecessary V3 --> V4 rewrite. And in doing so, have missed the mark quite significantly regarding what actually makes forum software good. They tried to make it a jack of all trades but really they muddled up the usability for core users. Yes its not a simple process but there's companies out there which specialise in such jobs and their rates aren't totally unreasonable. We never quite got to the bottom of the relative loss of performance with V4 vs V3 (or evaluated competitor's forums on performance) but it was more of a usability perception than a simple numbers thing - although of course, anyone can evaluate the time it takes for a webpage to load. The fact that VNC wasn't present (by default) on the new software was picked up years ago but not acted upon until many weeks afterwards, similar with post numbers and date format (xxxxxxx ago instead of an actual date/time). The only real advantage was a MARGINALLY improved mobile skin, but this could have been so much better on the new version than it is. For me this was not enough of an advantage to justify upgrading. The security issues were, and still are, overplayed. There's other ways to close the vulnerabilities of the existing software which were not understood or explored properly, etc.

You are right in that this version of the forum software requires more server resources than the old one. As such, we migrated to a new server with more CPU cores, more memory and solid state disks in order to address any performance issues and to add storage capacity to accommodate the increasing size of the database. We also offload to AWS. 

As you may recall, I have a lot of admin experience with vBulletin. More than I do with Invision in fact and to be honest my personal preference is vBulletin by some margin. That said, the functionality is significantly different (Moreso than the change from 3.4 to 4.1) and I had concerns that some users may not accept such a significant change. 

I agree that the VNC issue could have been handled better but we responded to user feedback as quickly as we could. This was an oversight on my part. 

I don't agree about your comments in regards to security being overplayed. Call be paranoid, but I've had to recover 2 forums from SQL injection attacks in 14 years.  

- The old version of IPBoard was developed using an older version of PHP. What would you do when PHP 5 is deprecated?  
- The old version of IPBoard no longer receives security updates making it vulnerable to future cross-site scripting attacks and SQL injection attacks to name a few possibilities
- The old version of IPBoard is no longer supported. If you encountered a major software issue and required the support from Invision, how would you go about this? We rarely needed to contact them to be fair but when we did, they did not always provide any support because we were using an unsupported version of their software.

I have no doubt that you will come up with at least some answers but these were the challenges we faced and all things considered, we felt the need to apply the update. I don't want to dwell on that too much as it's not something we can revert. 

Sorry if I've missed anything. I've just got home from work and now need to do my boating chores!

Rich

Link to comment
Share on other sites

30 minutes ago, RichM said:

I have no doubt that you will come up with at least some answers but these were the challenges we faced and all things considered, we felt the need to apply the update. I don't want to dwell on that too much as it's not something we can revert. 

I don't mean to be rude, but that being the case, why are you even asking for feedback?

 

One other question, is this new version of the software possibly still in Beta, and there may be some tweaks made to it later on that will tackle some of the existing issues people have mentioned?

Link to comment
Share on other sites

2 minutes ago, Starcoaster said:

I don't mean to be rude, but that being the case, why are you even asking for feedback?

 

One other question, is this new version of the software possibly still in Beta, and there may be some tweaks made to it later on that will tackle some of the existing issues people have mentioned?

Sorry, what I meant to say was that I don't want to dwell too much on the reasons for upgrading the forum software as it was felt that it would have been unreasonable for us not to and in any case, reverting back is not feasible. We are still keen to make improvements based on user feedback but going backwards isn't a realistic option. 

The forum software is not in beta, no. The developers of the forum are in the process of developing IPBoard 4.2 which has some minor functionality and feature improvements without any major design changes. As for the look and feel of the forum, it was designed by IPSFocus and it's likely we will provide feedback to them based on the feedback we receive.

 

Link to comment
Share on other sites

Is it possible to import skins/themes for this board so that users can choose colours and layouts to enhance their individual experiences? This may solve some of the problems of overly large headers on different devices, and poor contrast between the background and some links.

Link to comment
Share on other sites

I didn't particularyly like the new software but I am totally used to it now. Glad to see page numbers and absolute (as opposed to relative) post times. "Remembered" previous attempts at posts not actually posted is useful, as are pop-up "new replies" messages.

From several comments on here it's clear that some people have a problem because they don't have the forum correctly set up on their computers / phones - I think if they did, they would be quite happy. Of course it is a totally valid point that users (many of whom aren't very computer literate) shouldn't HAVE to set anything up on their computers, the forum should be optimal "out of the box". But unless the default behaviour can be changed, perhaps pinned threads showing how to set up VNC and the differences in results on computer and phone would be a second best option?

Edited by nicknorman
Link to comment
Share on other sites

On 27/06/2017 at 21:13, RichM said:

 

I'm sorry you feel that way but in any case, there is no downgrade option from IPBoard 4.1 to 3.4. It would technically be possible to restore from an old backup meaning we'd lose 6 months of content but to be frank, I'm not doing it. 

 

I didn't explain very well. You asked a question along the lines of what would be the ideal way of improving the user interface. My answer is look at the previous version and make the current version the same. The previous interface was really good and hard to fault - it was such a shame to see it abandoned.

Why could Invision not have fixed the security issues and kept the previous slick and user-friendly interface?

Edited by Mike the Boilerman
Link to comment
Share on other sites

20 hours ago, nicknorman said:

I didn't particularyly like the new software but I am totally used to it now. Glad to see page numbers and absolute (as opposed to relative) post times.

Iv'e only just noticed this, but always was a bit slow

Link to comment
Share on other sites

20 hours ago, nicknorman said:

I didn't particularyly like the new software but I am totally used to it now. Glad to see page numbers and absolute (as opposed to relative) post times.

 

I still have relative times.

 

Your post for example, was at "20 hours ago"...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.