Patch Better
-
@xaade The default install is very secure not as long as you are running an recent version of PHP.
Plugins are the security problem. Not the CMS itself.
-
@lucas1 said in CMS suggestions:
@xaade The default install is very secure not as long as you are running an recent version of PHP.
Plugins are the security problem. Not the CMS itself.
Yes, I'm aware of that.
-
@xaade Then why tell lies?
-
-
@sloosecannon And every platform has vulnerabilities. They get patched quickly (I know as my own wordpress installs auto update).
-
From the linked page:
Current WordPress release : 4.7.2
Let me quote myself:
@TimeBandit said in CMS suggestions:
WordPress is like Windows : if you keep it up-to-date, you should be fine
-
@TimeBandit said in CMS suggestions:
From the linked page:
Current WordPress release : 4.7.2
Let me quote myself:
@TimeBandit said in CMS suggestions:
WordPress is like Windows : if you keep it up-to-date, you should be fine
Oh, absolutely. If you keep it up to date, you're probably fine. I'd question calling WordPress "very secure" though. "Very secure" things should not require constant patching to avoid XSS bugs.
See also: Discourse
-
@sloosecannon OpenBSD which prides itself on security provides security patches on it -STABLE branch (the current version of their OS that isn't in development) regularly.
-
@sloosecannon said in CMS suggestions:
"Very secure" things should not require constant patching
I agree. That's why I never consider Windows very secure
-
@TimeBandit Every OS needs constant patching.
-
every topic is a thread is a post is a blog!
-
@lucas1 said in CMS suggestions:
@TimeBandit Every OS needs constant patching.
Don't make me dig the list of monthly remote code execution patched in Windows.
-
@TimeBandit Which proves what exactly? We all know that every platform has it holes. May I remind you that a few years ago that every SSL cert was fucked on a *nix system, but was fine on Windows machines ...
-
@lucas1 If you don't see a difference in severity between a remote code execution and an invalid SSL cert, I don't think I can help you
-
@lucas1 said in CMS suggestions:
@sloosecannon OpenBSD which prides itself on security provides security patches on it -STABLE branch (the current version of their OS that isn't in development) regularly.
OpenBSD is also an OS, not a web content management system.
-
@TimeBandit Sorry. That isn't a fair equivalence and you are ignoring the reality of the situation that happened.
Linux is a set of Distros. The Distros have components. OpenSSL was a major component on a Linux Web Server. Most Web servers are Linux Servers. OpenSSL was wide open via HeartBleed and there are still servers that have the same exploit.
If a distro ships the same version off OpenSSL they will have the same vulnerability no matter what the distro. It is upto the distro maintainers to patch it and if you aren't running something supported ... who will know when that will happen.
-
@sloosecannon said in CMS suggestions:
OpenBSD is also an OS, not a web content management system.
You are right. However I am simply saying that the OS that prides itself on security still provides regular security updates to the current stable version of the OS.
-
@lucas1 said in CMS suggestions:
OpenSSL was wide open via HeartBleed
I'll just give you the first 4 months of 2016 for Windows. You can find the others yourself.
- January 2016 : 7 Remote Code Execution
- February 2016 : 7 Remote Code Execution
- March 2016 : 9 Remote Code Execution
- April 2016 : 9 Remote Code Execution
Yeah, HeartBleed was bad, but that's equal to 1 remote code execution.
-
@TimeBandit And I could find the same for certain Linux distros. Doesn't mean that Linux is magically more secure.
-
@TimeBandit said in CMS suggestions:
Yeah, HeartBleed was bad, but that's equal to 1 remote code execution.
No it basically exposed loads of private transactions. It isn't remotely equivalent.
-
@lucas1 said in CMS suggestions:
@TimeBandit And I could find the same for certain Linux distros
Please do !
Beside HeartBleed and Shelshock.
-
@TimeBandit Which Distro?
-
@lucas1
Debian Stable, that's what I use
-
@TimeBandit Well not everyone uses that ... which is the entire fucking point.
-
@lucas1 said in CMS suggestions:
@sloosecannon said in CMS suggestions:
OpenBSD is also an OS, not a web content management system.
You are right. However I am simply saying that the OS that prides itself on security still provides regular security updates to the current stable version of the OS.
I would certainly hope it does.
-
@sloosecannon It does.
-
-
@lucas1 Sorry my friend, I'm not following you.
I'm probably not drunk enough
-
@TimeBandit There are 100 of distros that run various versions of libs etc.
As I've said before the security is upto the distro maintainer and Debian maintainers have made huge fuck ups in the past. That affected most of the servers on the internet.
So arguing "well there is a remote code exploit" when most Windows servers are behind a *nix firewall isn't relevant or meaningful.
-
@lucas1 said in CMS suggestions:
Debian maintainers have made huge fuck ups in the past
Can you point me to at least one ?
-
-
@TimeBandit The entropy key explout, XKCD made a comic about it FFS,
-
@lucas1 said in CMS suggestions:
So arguing "well there is a remote code exploit" when most Windows servers are behind a *nix firewall isn't relevant or meaningful.
Lol
-
@lucas1 said in CMS suggestions:
So arguing "well there is a remote code exploit" when most Windows servers are behind a *nix firewall isn't relevant or meaningful
If I'm following you, Unix isn't more secure than Windows, and remote code exploit for Windows are meaningless since most Windows server are protected by Unix.
-
So having layers of security is a stupid thing.
-
@lucas1 said in CMS suggestions:
So having layers of security is a stupid thing.
That's definitely what I said.
-
@TimeBandit Didn't say that.
I said both platform have security problems. But you are pretending that *nix magically doesn't have them. Especially when there are loads of distros that run different versions of core libs.
-
@sloosecannon I will take you at your word as you normally misrepresent whatever I said.
So You agree I am right. Good.
-
@lucas1 said in CMS suggestions:
as you normally misrepresent whatever I said.
Uh.... OK?
@lucas1 said in CMS suggestions:
So You agree I am right. Good.
Nope.
You just don't understand why I'm laughing at your statement...
-
@sloosecannon said in CMS suggestions:
You just don't understand why I'm laughing at your statement...
Sorry I took you at face value as you tend to do every-time you disagree with me about something.
-
@lucas1 said in CMS suggestions:
@sloosecannon said in CMS suggestions:
You just don't understand why I'm laughing at your statement...
Sorry I took you at face value as you tend to do every-time you disagree with me about something.
What?
-
@sloosecannon Not my fault you can't read. It makes sense.
-
@lucas1 said in CMS suggestions:
@sloosecannon Not my fault you can't read. It makes sense.
No, no it doesn't.
Perhaps you're being paranoid? Or confusing me with someone else?
-
@sloosecannon No it makes sense.
Sorry I took you at face value as you tend to do every-time you disagree with me.
The about something is superfluous and isn't needed.
If you can't understand that sentence you are a fucking dumbass.
-
@lucas1 said in CMS suggestions:
@sloosecannon No it makes sense.
Sorry I took you at face value as you tend to do every-time you disagree with me.
The about something is superfluous and isn't needed.
If you can't understand that sentence you are a fucking dumbass.
I understand the English, you imbicile.
What I don't understand is what the $&%# you're talking about. You're bringing in confused complaints from other threads (I think?) and using them for personal attacks in this one. I have no clue what you're talking about.
-
@sloosecannon said in CMS suggestions:
What I don't understand is what the $&%# you're talking about. You're bringing in confused complaints from other threads (I think?) and using them for personal attacks in this one. I have no clue what you're talking about.
No I am not.
I am saying that every platform has it security problems. You are imagining everything else.
-
@lucas1 said in CMS suggestions:
@sloosecannon said in CMS suggestions:
What I don't understand is what the $&%# you're talking about. You're bringing in confused complaints from other threads (I think?) and using them for personal attacks in this one. I have no clue what you're talking about.
No I am not.
I am saying that every platform has it security problems. You are imagining everything else.
Then wtf is this?
@lucas1 said in CMS suggestions:
@sloosecannon said in CMS suggestions:
You just don't understand why I'm laughing at your statement...
Sorry I took you at face value as you tend to do every-time you disagree with me about something.
-
@sloosecannon You being a fucking retard. I am not going indulge your imagined slights.
-
@lucas1 said in CMS suggestions:
@sloosecannon You being a fucking retard.
Right...
Uh, @mods, can we get this crap jeffed into a garage thread or something so I can ignore it easily? Apparently our village drunk has decided to pick a fight tonight.
-
The guy is deliberately mis-understanding everything I said because he doesn't like what I said. There hasn't been one actual argument from @sloosecannon.