The other "classic" discussion forum seems to be down at the moment (or is it just me?)

---

Not just you. I was on the board when it happened. Got page not found on this server when going from the index to a forum and now the index gives a blank page.

---

"The ultimate test of a moral society is the kind of world that it leaves to its children." - Dietrich Bonhoeffer

Hi everyone,

This morning I received the following email from Paul Alexander at KMi (Open University):

-------------
Dave,

In view of the latest revelation that phpBB version 2.0.11 can be hacked,
please see here:

http://www.phpbb.com/phpBB/viewtopic.php?t=257290

I feel we have no option but to take the board down for the time being until
the phpBB team write a patch for the latest security flaw(s).
------------

And I agreed with him that this was the right thing to do, especially in view of what happened to the phpbb forum last month. We're encouraging all the phpbb regulars to come over here and chat in the meantime (which again shows the virtues of two independent forums, in my view).

As soon as the problem is fixed we'll put the board back up. Sorry for the incovenience, but we felt that prevention is a lot better than cure.

Dave

---

Nothing yet. We're vey eager to get them back up in the next day.

---

> > Nothing yet. We're vey eager to get them back up in the next day.
> >
> Any further news Dave?

I talked to KMi today. They're not yet convinced that phpbb is robust enough (yet) to put the boards back up. I impressed upon them our eagerness to have the boards up and running in view of the large number of new participants (Tolu said we've had about 5500 downloads since the press embargo was lifted). Nevertheless, it's KMi's call (it's their machine). They did offer to tar it up and send it to us to host, but neither Neil nor Tolu were convinced (when push came to shove) that phpbb is safe enough (at the moment) to risk it. This is partly because we don't have any spare machines which could just host the boards. Maybe one of our friendly collaborating institutions could help us out..?

Dave

---

The danger comes in having another instance of phpBB that hasn't been upgraded to 2.0.11 hosted on the same server. The server also needs to be running PHP 4.3.10.

Link <a href="http://www.phpbb.com/phpBB/viewtopic.php?p=1405174#1405174">here</a>.

---

"The ultimate test of a moral society is the kind of world that it leaves to its children." - Dietrich Bonhoeffer

I agree with Thyme Lawn and his link: if there is a machine with PHP 4.3.10 AND phpBB 2.0.11 (no older versions of phpBB), we should be fine.
Doing a regular backup of phpBB forum is VERY easy - any administrator can do simply by clicking appropriate menu.

&gt; It's absolutely crucial that we get the cpdn forum back up and running
&gt; regardless of the technicalities.

If one of those technicalities is bringing down KMi and maybe even the Open University, then I'm afraid I can't agree.

Sorry.

Dave

---

Its particularly annoying that the php board and all the information on it is not available this week with all the new users joining us, but it would be irresponsible not to take the security issues involved seriously. No-one has suggested that the other board won't be back up and running. We all want to keep the php board for reasons we've been over many times before but it sounds as though the solution to the problem may take some time and we're just going to have to be patient. It's unfair to expect anyone else to jeopardise what they do just so that we can get what we want, and we've still got the back-up even if it is a shadow of the other board.

Marj

---

_________________________________

&gt; &gt; It's absolutely crucial that we get the cpdn forum back up and running
&gt; &gt; regardless of the technicalities.
&gt;
&gt; If one of those technicalities is bringing down KMi and maybe even the Open
&gt; University, then I'm afraid I can't agree.
&gt;
&gt; Sorry.
&gt;
&gt; Dave
&gt;

But it is hard to have such a long outage, especially when one of the reasons we like CPDN is the excellent forum. Also, it is very bad timimg given all the recent publicity.

I'm sure you and the OU are doing all you can. From our point of view, though, I agree with Graham - this is urgent!

---

&gt; But it is hard to have such a long outage, especially when one of the reasons
&gt; we like CPDN is the excellent forum. Also, it is very bad timimg given all the
&gt; recent publicity.
&gt;
&gt; I'm sure you and the OU are doing all you can. From our point of view, though,
&gt; I agree with Graham - this is urgent!

The timing is perhaps bad but was not a matter of choice.
Security issue is an important one and nor CPDN nor KMi nor OU should be careless about it.
I still agree with Marj that it's a shame having all the valuable information deep burned in shadows.

Another idea - would having a phpBB up in a read-only mode be considered as a security risk? Participants will have all information available at easy access (e.g. search functions and many more missing on BOINC forum). I'm aware that it would rise issue of 'why i can't post on a forum' but can be easily explained on top page.

The very fact that the security issue has been openly discussed on the messageboard and website increases the risk. We all know that a tiny number of people are intent on spoiling things or 'exposing loopholes'.

The Japanese may have 4 tennis courts full of servers, but if they see a security risk, I'm sure they will be just as keen to put it right even if it means adjourning the men's singles final.

We are lucky to have this alternative boinc board and are also seeing people who don't usually post on the phpbb board.

---

__________________________________________________

Hi,
Perhaps you can switch to an Invision Board forum. AFIAK it's more secure and you can use the PHPbb database, so no information will be lost.
Just use Invision Board while waiting for the PHPbb 3.0 version that is said to be more secure than 2.X.

---

Arnaud

&gt;
&gt; The timing is perhaps bad but was not a matter of choice.
&gt; Security issue is an important one and nor CPDN nor KMi nor OU should be
&gt; careless about it.
&gt; I still agree with Marj that it's a shame having all the valuable information
&gt; deep burned in shadows.
&gt;
&gt; Another idea - would having a phpBB up in a read-only mode be considered as a
&gt; security risk? Participants will have all information available at easy access
&gt; (e.g. search functions and many more missing on BOINC forum). I'm aware that
&gt; it would rise issue of 'why i can't post on a forum' but can be easily
&gt; explained on top page.
&gt;
Or putting some of the most useful information posts from the php boards (the 'stickies') into a separate subject heading on the BOINC style boards so the information could still be read. e.g, such things that spring to mind are the detailed descriptions on how to use CPView and the running of the various PC CPU and memory stability tests etc. The latter of special importance if lots of new users are attracted.

Pete

&gt; Hi,
&gt; Perhaps you can switch to an Invision Board forum. AFIAK it's more secure and
&gt; you can use the PHPbb database, so no information will be lost.
&gt; Just use Invision Board while waiting for the PHPbb 3.0 version that is said
&gt; to be more secure than 2.X.

Hmm, an idea...but
- it is not free
- it doesn't resolve where to run it (e.g. extra machine handling forum)
- PHPbb 3.0 or even 2.x is way behind...we might need to wait months since it's ready and somehow tested.

If it is not a risk, i would be still for a read-only version of our ever-best phpBB.