Mirroring for module files: Having one or more mirrors for modules will save
us a lot of bandwidth. I thought there was going to be a straightforward way
to do this through MediaWiki, but I haven’t found one yet. What I was
expecting to do was have the file links do something like rotate over the
available mirrors.
Forum-mailing list bridge: Right now, we’re using Mail2Forum to bridge between
a Mailman list and phpBB2. phpBB2 reached its end-of-life in February 2009, so
there will be no more updates for it, not even security updates. The current
version of Mail2Forum does not work with phpBB3, and after hours of trying
I haven’t been able to get the alpha of Mail2Forum 2 to work with phpBB3.
Having a working forum-list bridge is non-negotiable for me. The new site will
not go live until this problem is solved, but presently I don’t see any
acceptable solutions here.
I don’t know if this will be any help to you, because in fact I don’t really understand what you are doing… its beyond me, but just in case I was looking at some software located here schoolforge.net/education-software/web-based
It may be of use to you and it may not.
Well, I suppose we could continue to use phpBB2 and gamble that they’ll come up with a mailing list bridge for phpBB3 (with an upgrade path) before security vulnerabilities make phpBB2 unusable.
There is an alpha of mail2forum (version 2.0a4) which is suppose to handle phpbb3.
From what I see on their status of v2.0, after a somewhat messy install (because its an alpha) if you can pass all the tests with out any bugs cropping up, pass the appropiate chain usage, it should be alright to use maybe… is it worth trying
Would it be possible to split the items and run the forum on the older
software until the gateway catches up?
Also, on the mirror issue, one could always go with a manual solution,
with multiple links. It isn’t as seamless and doesn’t do real load-
balancing, but it would spread things out a bit. Especially if one
attached geographic areas to different links.
Yes, but then we’re running software which has a history of security
problems while knowing that any yet-to-be discovered problems will never
be fixed. And the SSO stuff I wrote was designed to work with phpBB3, not
phpBB2, as was the forum customization. I don’t know if phpBB2 can even
do LDAP authentication. I’m not very keen on doing work to retrofix this,
since it’s work that we’d throw away tomorrow if we could get Mail2Forum
to work with phpBB3.
This is the version of Mail2Forum I was speaking of.
I can pass all of the tests which aren’t phpbb2 tests (I don’t care about
those) except one which has to do with MIME types. I can get chains which
don’t involve phpBB3 to work. I can’t successfully post a message in phpBB3
after installing M2F without getting an exception.
I think as long as phpBB2 is backed up every day, we can deal with security issues if/when they happen, without much downtime. Honestly, security just isn’t worth the worry and extra work.
So hopefully… and I can only pray… phpBB2 and the associated Mysql database are both being backed up. Right guys?
I can’t speak for the old server. Everything on the new server is backed up
nightly.
I had not thought of this until you mentioned backups, but there’s a
serious problem created by the interaction between the way we’re doing
backups and possible security flaws in phpBB2: The current backup scheme
on the new server has backups being pushed from our server to our hosts’s
backup server. If our server were to be compromised, then an attacker
could use the backup account to log into our hosts’s backup server. I
can’t justify exposing Bruce’s backup server that way. This makes running
phpBB2 even less appealing than it had been.
I could reverse the way the backups work, so that the backup server pulls
the backups instead of having them pushed from our server, and I might do
that anyway—but since I would be the person cleaning up the mess if
we were pwned via phpBB2, I’m still not keen on continuing to use phpBB2.
We could do that, but it would mean that we’ll continue to pay for two
hosting setups, and also it means that we can’t start using the single-
signon stuff I wrote—and it still doesn’t address the security issue,
it just moves it around.
It occured to me that we might be able to get M2F working with phpBB3 faster
if we could offer the M2F developers some help. Is there anyone here who is
proficient with PHP who would be willing to donate them a bit of time?
