Re: [Freecol-developers] (no subject)
On Wed, 22 Dec 2021 12:31:03 + (UTC) D Blakeley wrote: > Hey guys, > As some of you know I'm not programmer so anything I say about this should be > taken with a grain of salt lol. However today I noticed some panic in the fan > game community regarding fan games made with Java due to a 'Java Log4j > exploit'... I probably should have spoken sooner, given I do Computer Security professionally. The log4j bug has been around for a bit, and you are right to be concerned because it is extremely bad. Rest assured that freecol is log4j free, and if it had not been, I would have killed its use with fire and pushed out an emergency release. Cheers, Mike Pope pgpsTQXpqb_1p.pgp Description: OpenPGP digital signature ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
> [...] 'Java Log4j exploit' [...] No worries, we are not using Log4j :-) Best wishes, Stian Grenborgen ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
Hey guys, As some of you know I'm not programmer so anything I say about this should be taken with a grain of salt lol. However today I noticed some panic in the fan game community regarding fan games made with Java due to a 'Java Log4j exploit' recently discovered and doing the media rounds. Thought I better mention it to you guys... https://www.cnet.com/tech/services-and-software/log4j-software-bug-cisa-issues-emergency-directive-to-federal-agencies/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 Also is the Nightly pre-release building currently broken? Had a number of fans asking me about them. I've assured them FreeCol is not dead and that the behind the scenes dev emails are flowing bigtime lol. Regards Blake___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
[Freecol-developers] (no subject)
___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
As mentioned in the other thread. A github repository for the website plus simple html5 and css3 would be more then enough, but we should also target mobile devices as well as people might use them to file bugs or look up things. If you guys agree and someone sets up the repository on github or where ever i can get something done in a matter of hours. On Thu, Dec 25, 2014 at 9:16 AM, Bryce Harrington br...@bryceharrington.org wrote: On Tue, Dec 23, 2014 at 08:19:03PM +1030, Michael T. Pope wrote: On Mon, 22 Dec 2014 22:51:23 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: Wordpress is super easy to update Yes, good. I salute your enthusiasm but please understand my caution. I just looked it up, and wordpress has 740(!) CVEs issued since 2003. I knew it was going to be bad, but that is abysmal. To maintain it well you are going to need to watch carefully for security announcements and update promptly. Are you sure you can commit to that long term? Even if so, I think if we go with wordpress, we need an emergency exit strategy. Perhaps I should wget freecol.org and stash a tarball in the git repo at the very least. WordPress is awesome, but isn't it a bit overkill for what freecol.org needs? There aren't that many pages, and they aren't updated that frequently... I've seen some pretty robust sites done for open source projects using just git and some random html templating language. I've even seen a few simple ones that just have a really good CSS template and plain HTML. For example, Cairo's website (cairographics.org) uses a static html generator that gets triggered (I think) via git push, which from a maintainer POV is convenient since updating the website is essentially the same workflow as updating the codebase. And also scriptable... cairo's new-version release process also scripts up all the website updates Bryce -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers -- Jonathan Aquilina -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
Wordpress as of v4 has a self update feature which is very nice. I am quite versed and still learning lots of new things about web design. I can code something from scratch where it can be a bit more dynamic and take advantage of a responsive design so it can be viewed on mobiles and tablets too On Tue, Dec 23, 2014 at 10:49 AM, Michael T. Pope mp...@computer.org wrote: On Mon, 22 Dec 2014 22:51:23 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: Wordpress is super easy to update Yes, good. I salute your enthusiasm but please understand my caution. I just looked it up, and wordpress has 740(!) CVEs issued since 2003. I knew it was going to be bad, but that is abysmal. To maintain it well you are going to need to watch carefully for security announcements and update promptly. Are you sure you can commit to that long term? Even if so, I think if we go with wordpress, we need an emergency exit strategy. Perhaps I should wget freecol.org and stash a tarball in the git repo at the very least. Cheers, Mike Pope -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers -- Jonathan Aquilina -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
On Sun, 21 Dec 2014 14:53:39 +0100 Stian Grenborgen stian...@student.matnat.uio.no wrote: I have converted the entire site into a static version. Dynamic content (such as operating system detection, polls etc) have been removed. Thank you. I think that was needed. New content can only be added manually. Adding a new news item is cumbersome as not only the HTML-file needs to be added ... but every link should be updated as well (frontpage, news, releases, RSS-feeds etc). Understood. Cumbersome though this might be, it will not block a release. I can probably edit HTML faster than I could use the old Joomla:-). We need to decide on a more permanent solution. We do. As I have said earlier I have no strong preference regarding the software involved, but I would propose some criteria, which are mainly motivated by the very low numbers of volunteers: - Ease of maintenance, especially security updates - Ease of release process (look at the chapter in .../doc/developer.tex on what we do/did to make a release for comparison) - Preference for something we can continue to host at sourceforge where freecol.org has long been Cheers, Mike Pope pgpAvkMDjsqR2.pgp Description: OpenPGP digital signature -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
Wordpress is super easy to update On 22 Dec 2014 22:10, Michael T. Pope mp...@computer.org wrote: On Sun, 21 Dec 2014 14:53:39 +0100 Stian Grenborgen stian...@student.matnat.uio.no wrote: I have converted the entire site into a static version. Dynamic content (such as operating system detection, polls etc) have been removed. Thank you. I think that was needed. New content can only be added manually. Adding a new news item is cumbersome as not only the HTML-file needs to be added ... but every link should be updated as well (frontpage, news, releases, RSS-feeds etc). Understood. Cumbersome though this might be, it will not block a release. I can probably edit HTML faster than I could use the old Joomla:-). We need to decide on a more permanent solution. We do. As I have said earlier I have no strong preference regarding the software involved, but I would propose some criteria, which are mainly motivated by the very low numbers of volunteers: - Ease of maintenance, especially security updates - Ease of release process (look at the chapter in .../doc/developer.tex on what we do/did to make a release for comparison) - Preference for something we can continue to host at sourceforge where freecol.org has long been Cheers, Mike Pope -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
On 2014-12-16 23:05, Michael T. Pope wrote: On Tue, 16 Dec 2014 11:25:37 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: I can put together a quick place holder page if you like. At the top of the thread Stian said that there is a place holder there already. I would like to see other parts of the static content restored soon, in particular the stuff that new users or contributors might need to be referred to (e.g. how to contribute, getting started, news and links to old releases, the (non)-roadmap). I have converted the entire site into a static version. Dynamic content (such as operating system detection, polls etc) have been removed. New content can only be added manually. Adding a new news item is cumbersome as not only the HTML-file needs to be added ... but every link should be updated as well (frontpage, news, releases, RSS-feeds etc). We need to decide on a more permanent solution. Best wishes, Stian -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
On Tue, 16 Dec 2014 08:29:26 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: [Much discussion about webpage redesign] I think this is getting a little ahead of events. I am delighted that people are interested in helping with a nice new web page, but right now it would be good to quickly recover a simple static version of the broken freecol.org and get that back online. Enough annoying user-visible bugs in 0.11.1 have been fixed that we are approaching the point where I should seriously consider releasing 0.11.2 some time in the Christmas/New Year break. However, to do so with freecol.org down would be a bit lame. Cheers, Mike Pope pgp8X9EmAIqnR.pgp Description: OpenPGP digital signature -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
On Tue, 16 Dec 2014 11:25:37 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: I can put together a quick place holder page if you like. At the top of the thread Stian said that there is a place holder there already. I would like to see other parts of the static content restored soon, in particular the stuff that new users or contributors might need to be referred to (e.g. how to contribute, getting started, news and links to old releases, the (non)-roadmap). Cheers, Mike Pope pgp7zyeyrXh6b.pgp Description: OpenPGP digital signature -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
Hey Stian is it possible to get a copy of the place holder please? On Tue, Dec 16, 2014 at 11:05 PM, Michael T. Pope mp...@computer.org wrote: On Tue, 16 Dec 2014 11:25:37 +0100 Jonathan Aquilina eagles051...@gmail.com wrote: I can put together a quick place holder page if you like. At the top of the thread Stian said that there is a place holder there already. I would like to see other parts of the static content restored soon, in particular the stuff that new users or contributors might need to be referred to (e.g. how to contribute, getting started, news and links to old releases, the (non)-roadmap). Cheers, Mike Pope -- Jonathan Aquilina -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
Re: [Freecol-developers] (no subject)
Sorry Jonathan, I didn't mean to imply that you'd be contributing money, but rather time and expertise. The same with you Jonas. In my case, for better or worse, all the PHP coding I've ever done is to create websites that don't rely on a backend, but can only be changed through coding, so I personally don't have a ton of experience with creating an Admin Control Panel. From the opinion of someone who is mainly an end-user and occasional bug finder (and Col1 mis-rememberer) the most important parts of the website are: - Explain the software (to prospective users) - Download the software - Explain the software (to users) - Provide news on releases, development, etc. to users of the project. The first and third points can be relatively static, but their needs to be some type of ACP backend to get the second and fourth points updated. On Sun, Dec 14, 2014 at 10:50 PM, Jonathan Aquilina eagles051...@gmail.com wrote: I would not be asking for money to do it, i would do it to hone my skills in web design as well as the ability to give back to the community. On Mon, Dec 15, 2014 at 12:37 AM, Caleb Williams cale...@gmail.com wrote: On Sun, 14 Dec 2014 14:02:48 -0600 Caleb Williams calebrw@... wrote: Out of the frying pan and into the fire? That really depends on getting the theme right. Sorry for being obtuse. I am involved in computer security professionally. Both Joomla and Wordpress have very poor reputations in that field. That was the motivation for my comment. Cheers, Mike Pope No slight taken on my end. There are ways to harden WordPress http://codex.wordpress.org/Hardening_WordPress, but without knowing what hosting options are available, it's tough to know exactly what is the best solution. The most secure solution could be a custom website that doesn't use some of the same attack scripts as a WordPress or Joomla site. Of course, the downside, is that creating a custom website often takes more money than a project just as FreeCol has available to work with. Hopefully Mr. Aquilina will be able to help out with that. -- *Caleb R. Williams* -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers -- Jonathan Aquilina -- *Caleb R. Williams* *Photographer* w: http://calebwilliamsphotography.com b: http://blog.calebwilliamsphotography.com e: cale...@gmail.com c: 612-275-7796 -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
[Freecol-developers] (no subject)
On Sun, 14 Dec 2014 14:02:48 -0600 Caleb Williams calebrw@... wrote: Out of the frying pan and into the fire? That really depends on getting the theme right. Sorry for being obtuse. I am involved in computer security professionally. Both Joomla and Wordpress have very poor reputations in that field. That was the motivation for my comment. Cheers, Mike Pope No slight taken on my end. There are ways to harden WordPress http://codex.wordpress.org/Hardening_WordPress, but without knowing what hosting options are available, it's tough to know exactly what is the best solution. The most secure solution could be a custom website that doesn't use some of the same attack scripts as a WordPress or Joomla site. Of course, the downside, is that creating a custom website often takes more money than a project just as FreeCol has available to work with. Hopefully Mr. Aquilina will be able to help out with that. -- *Caleb R. Williams* -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers