Supporting Parallax During Tough Times
idbruce
Posts: 6,197
While I do not personally agree with all of Parallax's policies and/or decisions, I do support them, so please allow me to share a few thoughts.
Several months back, Ken queried the forum about the prospect of moving forward with new forum software and it appeared to me that there was huge support for a change. Alright so a change was made and many are now disgruntled, but I ask all of you to please be patient, while the forum is being refined. With enough constructive feedback, I am sure we will all end up with a nice place to share our ideas and projects.
After having built several websites and having worked with several large web scripts, I can fully understand the complications faced by Parallax. Although the current forum has numerous problems, we really should be applauding Ken and his team for making the change and getting it up and running so quickly, so that we all could continue our discussions, with the least amount of interruption.
One of the key aspects to this type of project is security and I am sure that maintaining security has a high priority level. In another thread, Ken mentioned the members of the forum team, and of these team members, I would imagine that only two of them are capable of internet programming. Having only two members working on the code is both good and bad. It is bad, because changes are slow, but it is also good because security is high. The last thing any of us want, is for a large group of people to know the ins and outs of Parallax's forum code, which they could manipulate for their own evil pleasures. We might as well face it that changes will be slow, because scripts such as those used by a forum, can be quite large and very complicated. One simple change, could require hours of research to implement.
Since the change, Parallax has taken a relentless beating from many members, and I would imagine that they have learned a lot from this experience, or at least I hope so. However as mentioned in another thread, we need to rally together as a team and show our support, because I certainly do not want to lose valued members.
So I ask all members to please be patient while slow and unobvious changes occur, because I am certain they are working on all priority issues, while maintaining a high level of security. And I ask Parallax to please listen to all the concerns of the members, without silencing them.
Several months back, Ken queried the forum about the prospect of moving forward with new forum software and it appeared to me that there was huge support for a change. Alright so a change was made and many are now disgruntled, but I ask all of you to please be patient, while the forum is being refined. With enough constructive feedback, I am sure we will all end up with a nice place to share our ideas and projects.
After having built several websites and having worked with several large web scripts, I can fully understand the complications faced by Parallax. Although the current forum has numerous problems, we really should be applauding Ken and his team for making the change and getting it up and running so quickly, so that we all could continue our discussions, with the least amount of interruption.
One of the key aspects to this type of project is security and I am sure that maintaining security has a high priority level. In another thread, Ken mentioned the members of the forum team, and of these team members, I would imagine that only two of them are capable of internet programming. Having only two members working on the code is both good and bad. It is bad, because changes are slow, but it is also good because security is high. The last thing any of us want, is for a large group of people to know the ins and outs of Parallax's forum code, which they could manipulate for their own evil pleasures. We might as well face it that changes will be slow, because scripts such as those used by a forum, can be quite large and very complicated. One simple change, could require hours of research to implement.
Since the change, Parallax has taken a relentless beating from many members, and I would imagine that they have learned a lot from this experience, or at least I hope so. However as mentioned in another thread, we need to rally together as a team and show our support, because I certainly do not want to lose valued members.
So I ask all members to please be patient while slow and unobvious changes occur, because I am certain they are working on all priority issues, while maintaining a high level of security. And I ask Parallax to please listen to all the concerns of the members, without silencing them.
Comments
I'm not sure what you mean by "security" though. There is no security implemented on this forum, no HTTPS. They also leak information about us to third parties, Facebook and Gravatar. Also, as I have demonstrated this edit box allows entry of HTML that can be used for devious purposes.
Still optimistic for a good end result though.
I have not looked at the source, so perhaps I am all wrong about security. I do remember back in the day when working with PERL CGI scripts, there were several areas that had to be coded carefully to avoid exploitation.
Robert
Whilst using HTTPS is a good idea what you say worries me:
"As it is we should be using a unique password for the forum since it could probably be easy to get this one."
I hope everyone is using a different password on every place they sign up to.
HTTPS may well keep your credentials secure from snoopers between your browser and the servers of Parallax, after that we have to assume everything leaks.
Recent leaks of credentials from all kind of major corporations, like Sony, show that is a reasonable assumption.
Never use the same password in more than one place.
installing an SSL cert on the server isn't a difficult thing to do and at least that would give us an option so we can access the forums either way. It doesn't have to force HTTPS but at least it would be supported and we could useit. There are a lot of benefits to the users and I don't see any downside (other than the cost of the cert to Parallax).
I totally agree on password use and that people should keep unique passwords for each site so that if one gets compromised the others should be safe. Just wanted to mention it since that isn't always on everyones mind and some may not realize it.
I started out that way many many years ago, but pretty soon I found I needed to keep a database of all the various sites I had visited.
In the end, I pretty much accepted a three level approach.
A. High security -- sites that I bank at and sites that retain my credit card info.
B. Medium security -- sites that are related to the above sites, including anything to do with investments.
C. Low security -- sites that I visit for news and so on.
And I have eliminated as much social networking as possible as their seems to be too much linking of my identity to one thing or another, no Facebook, no Twitter, no Goggle Social, etc.
If Parallax has a problem with hacked passwords, they should send me an e-mail requesting a change. But the Forums login is separate from my purchase account with Parallax and so the passwords have always been different. So I would say that Parallax Forums is a Level C, and Parallax shopping is a Level B security.
+++++++++++++++++
As far as I personally am concerned, it anyone really desires to 'support Parallax through tough times', they should stop posting these open discussions that are implicitly negative to new and potential customers. Send an email directly to the appropriate person at Parallax if you want to lobby for a certain change.
Get rid of all the threads that try to micro-manage Parallax policy and just focus on support and use of Parallax products.
One should never have plain HTTP available on a site that is intended to be secured with HTTPS. Doing so creates all kinds of vulnerabilities.
I'm not seeing it.
Since I am using the Style add-on, I am also not sure what fixes have been actually pushed though either.
One should never have plain HTTP available on a site that is intended to be secured with HTTPS. Doing so creates all kinds of vulnerabilities.
Agreed.
I'd personally prefer to pay a little bit of money, say on yearly basis, instead looking into this crappy mess we have here.
How do you think?
I thought the cost is very high for a busy hosted forum. I was comparing a few myself. Some of them are outrageous! You could put up a couple of Amazon EC2 instances with full developer support for much less (on a busy forum). The Amazon developer services have been awesome for me. There is nothing they can't do and when you need something done it is done very quickly. Chances are the Hosted Forums are doing exactly that anyway.
SimpleMachines has a Linux AMI you can have up and running in less than an hour. It reminds me a lot of the old forum.