vBulletin 2.2.5 Released - discuss [Archive]

boatdesign

Mon 1st Apr '02, 8:08pm

Only 2 templates were changed this time.
Thanks tubedogg. That I do really appreciate.

I cant believe people actually bitch about having a newer secured version. My board is heavily modded too and I am gonna have to spend a few hours again modding stuff, but lets not forget to thank VB for handling the security issues in a timely manner.
Security is good, but it is still a huge pain to have to re-do all the customizations so often.

One problem is that vBulletin is so big now that I fear it might be targeted much more than a small forum software. People might simply search for vbulletin, or even "copyright Jelsoft" etc. if they're looking for some boards to exploit. There have been a lot of patches lately. And it's not just reapplying all the customizations; it's also worrying that fixing/patching/changing abc might break customization x y or z.

With so many security patches, I think future releases need to find a way to be a lot more 'modular' so that security patches can be applied without having to redo all the formatting over and over and over again. This one doesn't sound too bad since only two templates were changed and it probably won't affect the mods I've applied (vbstats, quickreply, etc.). But still if vBulletin could be more abstract/modular so that you could apply security patches with fewer worries that it will break something else or that you will have to spend hours reapplying formatting, that would be a real plus. Maybe the upgrade script itself could include a find and replace function which would ask if you want to reapply customizations and also be keyed to deted modifications which have been applied and alert if an incompatibility exists. (vbulletin.org lists the version next to a hack, so to take this a step further the upgrade script could be aware of the major add-ons)

Erwin

Mon 1st Apr '02, 8:36pm

Here we go again!!! ;)

Shall wait until this comes out of beta first...

Jake Bunce

Mon 1st Apr '02, 8:43pm

why are people complaining about jelsoft fixing security holes and fixing bugs? it's all bassackwards! http://www.macsubculture.com/forum/images/smilies/crazy.gif

:D

ToraTora!

Mon 1st Apr '02, 8:52pm

well, here i am again, with my most unpopular opinion on the matter.

Security is good, and we all know that. I mean, its pretty contrived to think that we as owners of software that is available on the net, for sale, or in some cases, free, would be impervious to attacks, or for that matter, "safe". When a upgrade for safety, or security comes along, its only natural to upgrade.

The main point that most are generating here, is not that of disappointment to upgrading, but that of the timely upgrades that seem to occur just after one finishes another upgrade.

With the advice of using araxis merge, I have been able to cut my time in half when upgrading, but, also with the advice that Luke pointed out, I have started to either remove these hack tidbits, or make scripts stand-alone.
I am pretty much convinced, that what Jellsoft has around the corner for 3.0, will render some, if not all hacks, useless anyways.

Security, as they describe it, means major changes to several areas of the software, and as noted in places commented within their scripts. You can see possible removals on the way. User profiles in integration...old caches being removed, and of course, the ever so popular db calls have a new twist to them in several areas now as well. Not really new persay to DB calls, just a different flavor of how Jellsoft performs them.

Basically, those with hacks, in my honest opinion, should start thinking of work arounds, or stand alone scripts, if not total removal (the ones that may be included in scripts that VB re-scripts for security) because i think, and this is of course my opinion, VB may make the hacking business quite tough, or in some cases, impossible to pull off in the near future.

For those complaining, I can relate, for I did my share already, however, I have moved on, learned, and used some valuable advice for what i think, is going to be a almost "tamper" proof software system in the near future.

filburt1

Mon 1st Apr '02, 8:52pm

Files changed: (from 2.2.4)

announcement.php, attachment.php, calendar.php, editpost.php, forumdisplay.php, global.php, index.php, member.php, member2.php, memberlist.php, misc.php, moderator.php, newreply.php, newthread.php, online.php, poll.php, postings.php, printthread.php, private.php, private2.php, register.php, search.php, showgroups.php, showthread.php, threadrate.php, usercp.php, admin/badwords.php, admin/functions.php, admin/sessions.php, admin/style.php, admin/thread.php, admin/user.php, mod/announcement.php, mod/global.php
Aw jeez, I'll just live with the security holes :(

samtha25

Mon 1st Apr '02, 8:59pm

Originally posted by filburt1
Aw jeez, I'll just live with the security holes :(

Not something you might want to advertise on a public forum.

boatdesign

Mon 1st Apr '02, 9:01pm

Basically, those with hacks, in my honest opinion, should start thinking of work arounds, or stand alone scripts, if not total removal (the ones that may be included in scripts that VB re-scripts for security) because i think, and this is of course my opinion, VB may make the hacking business quite tough, or in some cases, impossible to pull off in the near future.

I'm no expert, and this is just my opinion, but without the modifications, add-ons, and hacks (and more importantly the vBulletin.org hacking community), vBulletin wouldn't be of much interest. Why buy forum software if it will look and function just like everyone else's with only "color changes" - you might as well just use ezBoard :D People might forget which forum they're even visiting...

Seriously, I like the idea of stand-alone hacks, but I wonder if that will mean a performance hit too.

I guess there's really no good answer. Except maybe if the security holes can be reduced beforehand so the number of updates and recustomizations is minimized. But that's kind of a silly statement too since obviously it was impossible.

I do appreciate the updates when they're important security fixes, but they are a huge pain too when they come every week.

boatdesign

Mon 1st Apr '02, 9:02pm

why are people complaining about jelsoft fixing security holes and fixing bugs? it's all bassackwards!
The same reason they criticize Microsoft for the same :D

samtha25

Mon 1st Apr '02, 9:03pm

Originally posted by ToraTora!
Basically, those with hacks, in my honest opinion, should start thinking of work arounds, or stand alone scripts, if not total removal (the ones that may be included in scripts that VB re-scripts for security) because i think, and this is of course my opinion, VB may make the hacking business quite tough, or in some cases, impossible to pull off in the near future.

If you're right, vBulletin will become a much less attractive choice. Hacking isn't just about adding frills and flourishes, but about being able to have the software work the way that's best for your needs. Since customers needs vary greatly, the ability to "hack" vBulletin fairly easily adds considerable value to the franchise. IMO, this is something Jelsoft should embrace, not consider a problem.

tubedogg

Mon 1st Apr '02, 9:05pm

We don't do anything on the basis of how it affects hacks. If something we do makes hacking easier, great. If not, well, there's likely a good reason (such as security in this case).

vB3 will render 99% of the hacks on vB.org right now useless simply because the code has been drastically altered, not because we are trying to put the hackers out of business. People will hack their code regardless of what we do.

boatdesign

Mon 1st Apr '02, 9:14pm

We don't do anything on the basis of how it affects hacks. If something we do makes hacking easier, great. If not, well, there's likely a good reason (such as security in this case).

I guess the question is: could you do something with vBulletin 3 which would make applying add-on's while still keeping vBulletin up to date security-wise less painful?

When asked for certain features in the past, vBulletin developers have said that it won't be included because you want to keep vBulletin's core lean and fast since not that many people will use feature xyz. IMHO, since you can't bundle everything into the main vBulletin program, it would be a big advantage to vBulletin and vBulletin users if you could come up with a structure to make modifications/add-ons more modular and able to flow with the security updates.

hypedave

Mon 1st Apr '02, 9:19pm

I think they want an executable file upgrade, lol

Reeve of Shinra

Mon 1st Apr '02, 9:21pm

Maybe you can add some features along with the security updates. Most people here wouldn't be thinking about the pains of upgrading if they were occupied with a new 'toy'.

boatdesign

Mon 1st Apr '02, 9:22pm

I think they want an executable file upgrade, lol
Well, if it's something you're going to have to reapply on a weekly basis, that would be a real time saver :D

I guess I'm just reacting because I would like to see more, not less, official support for the hacking community and add-on's. vBulletin is a great package, but it's the add-on's that make it really special.

tubedogg

Mon 1st Apr '02, 9:26pm

Originally posted by Reeve of Shinra
Maybe you can add some features along with the security updates. Most people here wouldn't be thinking about the pains of upgrading if they were occupied with a new 'toy'. We have done in the past as well and been lynched for including features in "bug-fix" upgrades. In addition, at this point, development on 2.x has all but ceased in deference to vB3.

Erwin

Mon 1st Apr '02, 9:43pm

How do we know that the files are no longer "beta"?

Will you send us an email? Is there a time period before it is no longer beta?

klisis

Mon 1st Apr '02, 10:19pm

I don't want to go with this again.

Guys.. Jelsoft is not responsible for hacks that are installed on your VB...

tubedogg

Mon 1st Apr '02, 10:43pm

Originally posted by Erwin
How do we know that the files are no longer "beta"?

Will you send us an email? Is there a time period before it is no longer beta? The announcement in the Announcements forum will be modified to note this, the "beta" tag will be removed from the file name in the Member's Area, and an email will be sent announcing the new version, just like with every other release.

Erwin

Mon 1st Apr '02, 10:50pm

Thanks! I shall wait with anticipation...

ToraTora!

Mon 1st Apr '02, 11:07pm

Originally posted by klisis
I don't want to go with this again.

Guys.. Jelsoft is not responsible for hacks that are installed on your VB...

and again...i think people realize that simple fact, for it has been said time and time again, and argued until all involved in the dispute end up flaming each other until the thread winds up being closed.

The main issue with everybody that has complained, is the timing factor, and nothing more.

After all is said and done, and the upgrades are completed, everybody feels better, and does not regret spending the time, to make those changes. However, if the upgrade has to happen within a few days of a 'major must do now upgrade', than you are bound to hear these types of complaints, which, as already stated in this thread, A major software market strives and keeps market shares high above all with that type of stratedgy.

We all know that this is not the object of fancy for Vbulletin, because mostly they are sincere about the efforts for pushing secure software, and its not their faults people hack their boards.
(again, everybody knows that fact, and again, we find great pride in creating something that can be either beneficial to one, or all when it concerns hacks...which we all know, are not endorsed nor supported by Jellsoft enterprizes)

[Notice how annoying that little tid bit about not supporting hacks gets?]

With araxis merge, I again, pulled off a 35 minute change over, with over 100 hacks, but, these are my hacks, and are also outside of the vb scripts themselves, so the change over goes a hell of alot smoother than when you seen me post in here earlier.
Without araxis, i can gurantee, that I would be in line here complaining once again. Its human nature to work a little bit, and sit back and admire the fruits of your labor, and to also hate doing things twice. :) (well..some things...) So try not to get all up in arms over somebody voicing displeasure.

snyx

Tue 2nd Apr '02, 12:27am

Originally posted by tubedogg
vB3 will render 99% of the hacks on vB.org right now useless simply because the code has been drastically altered...oh please. :rolleyes:
seeing will be believing in this case.

Steve Machol

Tue 2nd Apr '02, 12:32am

Originally posted by snyx
oh please. :rolleyes:
seeing will be believing in this case. Well :rolleyes: or not, tubedogg is correct. The truth is that the code is being rewritten from the bottom up and very few, if any, hacks will be usable with vB 3.0 as written. That's not to say that the hacks can't be rewritten, perhaps even quickly. Whatever you believe now, virtually all hacks will need to be updated.

snyx

Tue 2nd Apr '02, 12:42am

oh geez, my apologies! I though tubedogg said that 99% of all hacks will be in vB3.0, not that they would be useless! hahaha, sorry! don't post high. :p

Marshalus

Tue 2nd Apr '02, 1:33am

ON A CONSTRUCTIVE NOTE:

The list says announcement.php was changed, but Araxis Merge shows no differences in the files.

Is that file just not out of beta, or is it possible that the upgraded file was not included with this zip?

Chen

Tue 2nd Apr '02, 1:39am

Originally posted by boatdesign
I'm still not clear if this is a minor problem or a major problem. What does "there might be a database error" mean. Does this mean that something might happen which corrupts the whole database forcing a restore from backup. Or does this mean that something might happen that will corrupt one user's settings?

But it is 100% fixable if "the error" happens before I upgrade?
I haven't read all the thread yet, but anyway. The error might occur when updating User Titles, when one of your user's has an empty string for his post count (For whatever reason). It won't cause you any database corruption, but you will be unable to update User Titles beyond that user.
Unless you edited someone's post count to be "" (empty), you don't need to worry.

But this is the minor bug fixed on this release, you shouldn't even worry whether or not it is serious since the security patch is worth the upgrade.

Chen

Tue 2nd Apr '02, 1:40am

Originally posted by heretic
hmm....

first I'll wait until it's out of beta, or after the 1st (to see if it's a joke), then I'll wait for firefly to post the upgrade helper at vb.org

:D
There'll be no upgrade 'hack' posted because of the number of changes. Unless someone is crazy and willing to dedicate many many hours of hard work.

Marshalus

Tue 2nd Apr '02, 1:41am

It's easier just to use Arazix and do it your self.

Chen

Tue 2nd Apr '02, 1:43am

Originally posted by boatdesign
With so many security patches, I think future releases need to find a way to be a lot more 'modular' so that security patches can be applied without having to redo all the formatting over and over and over again. This one doesn't sound too bad since only two templates were changed and it probably won't affect the mods I've applied (vbstats, quickreply, etc.). But still if vBulletin could be more abstract/modular so that you could apply security patches with fewer worries that it will break something else or that you will have to spend hours reapplying formatting, that would be a real plus. Maybe the upgrade script itself could include a find and replace function which would ask if you want to reapply customizations and also be keyed to deted modifications which have been applied and alert if an incompatibility exists. (vbulletin.org lists the version next to a hack, so to take this a step further the upgrade script could be aware of the major add-ons)
Giving away the patches of security holes is the worst idea. When that major hole in sessions.php was found, the developers rearrange a large portion of the file, because any person with a comparison tool can find it and exploit it.
So telling in the upgrade find A and replace it with B (to fix the bug), is like telling people how to hack into vBulletin.

Nafae

Tue 2nd Apr '02, 1:53am

araxis merge is just too complicated for lil' ol' me. I tried it, and always get halfway done and worry about something i didn't transfer over because i wasn't sure if it was a hack, e.g. hacks that replace code (I rarely comment what they replaced out, although I suppose I should with the /* */ tags)

boatdesign

Tue 2nd Apr '02, 1:53am

Giving away the patches of security holes is the worst idea. When that major hole in sessions.php was found, the developers rearrange a large portion of the file, because any person with a comparison tool can find it and exploit it.
So telling in the upgrade find A and replace it with B (to fix the bug), is like telling people how to hack into vBulletin.

Interesting .... so they rearrange the file *just* to make the changes less clear so forums that haven't updated won't be hacked? There's a certain irony in trying to figure out what has been intentionally confused.

It's too bad that they can't e-mail only the license owners the exact change, but I suppose even one of us could use it for evil purposes against the others :(

I hope that vBulletin doesn't become the victim of it's own popularity, like Windows or Outlook Express where everyone uses it so tons of viruses and crack attempts target it.

Marshalus

Tue 2nd Apr '02, 2:04am

Originally posted by boatdesign
It's too bad that they can't e-mail only the license owners the exact change, but I suppose even one of use it for evil against the others :(

Not everyone who owns a copy of vB is a upstanding net-citizen.

Chen

Tue 2nd Apr '02, 2:04am

Originally posted by ToraTora!
[Notice how annoying that little tid bit about not supporting hacks gets?]
Re not supporting hacks: I don't see how releases today are any different from the time the hacks were on this site. Either way you had to install all your hacks again or compare the files.

BradC

Tue 2nd Apr '02, 2:05am

First off, squishing and ridding vb of security holes is a must, and is very note worthy :)

The complaints about upgrades will always come.. I don't think there will or is a proper way to make things easy to install and uninstall.. like plug n play on a computer.

Beyond Compare and Araxis are two great programs to analyze changes in files, but sometimes don't catch all the changes. Now I have almost completely tried to make my own code to co-exist with vb, except for a few boards that I help adminstrate.. but what I have done and many probably have.. is I put a comment at the top of every file that I edit (so I can see or keep track of my changes..), and I also comment out all the old code and put in the fresh or altered code.. and comment the crap out of everything, and then when doing upgrades.. it does not matter if something gets messed up, it does not take me very long to add my changes back in place. But the idea of making things stand alone, has helped me also. I use my own query functions, and everything.. so that if changes are made it won't directly effect me unless the database or (certain) templates were altered.

As for the hacks currently out there, that are for 2.X and with the new vb3, coming out build from the ground up, some if not all will be easily changed over.. the only major ones will be if the file was removed or completely changed, then the hack.. instructions will have to change to accomodate.. kind of like some of the old stuff that was in showthread.php and got moved to the functions.php file, had some wondering.. but in the end it turned out better :)

Over at vbportal, upgrades seem to go pretty easily for the most part, I would have to see wajones post, about the difficulty or easyness of it, but he seems to upgrade in a timely manner (given the time that he has.. to work on the project) :)

Keep up the good work.. :)

BradC

Tue 2nd Apr '02, 2:07am

Originally posted by boatdesign

It's too bad that they can't e-mail only the license owners the exact change, but I suppose even one of use it for evil against the others :(

I see that is a lot of time spent out on the developers/staff's part.. Unless a mailing list is setup, but still going through and cataloging (writing down) the changes and how to's.. will still take some time...

hey it will make us better at reading and understanding directions.. and also better at looking code and understanding it.. :D

Chen

Tue 2nd Apr '02, 2:09am

Originally posted by boatdesign
Interesting .... so they rearrange the file *just* to make the changes less clear so forums that haven't updated won't be hacked? There's a certain irony in trying to figure out what has been intentionally confused.

It's too bad that they can't e-mail only the license owners the exact change, but I suppose even one of use it for evil against the others :(
The rearranging isn't done every time, I only gave 2.0.3's sessions.php as a good example. Since John specifically said "replace sessions.php to fix the bug" (in his own British words ;)), every hacker (a bad hacker) with the smallest amount of IQ could figure out what the bug was, and from there, there is no problem hacking all 2.0.2 boards on the net.

And about e-mailing licensed: how do you think the very first vBulletin got on a Warez site? It didn't drop from the moon, someone bought a license, probably with some friends who chipped in, downloaded vBulletin and sent it to warez sites.

kvk007

Tue 2nd Apr '02, 2:13am

OH NO, NOT AGAIN, UPGRADING.. :mad: :mad: :mad:

Marshalus

Tue 2nd Apr '02, 2:27am

Simma down na! ;)

Decoder

Tue 2nd Apr '02, 2:45am

how do i upgrade it?
i also need to move it to a new DB

Hooper

Tue 2nd Apr '02, 2:58am

What is the ETA of Ver 3?

Chen

Tue 2nd Apr '02, 3:05am

Originally posted by Hooper
What is the ETA of Ver 3?
N/A.

Decoder

Tue 2nd Apr '02, 3:06am

how bout someone tell me how to go about upgrading?

Chen

Tue 2nd Apr '02, 3:12am

Originally posted by Decoder
how bout someone tell me how to go about upgrading?
Read this page: :)
http://www.vbulletin.com/members/upgrade.html

kippesp

Tue 2nd Apr '02, 3:25am

Originally posted by Marshalus
The list says announcement.php was changed, but Araxis Merge shows no differences in the files.
Both are "correct." There are spacing differences in announcement.php that Araxis Merge must have been configured to ignore (lines 45,50,75). The files are essentially the same.

Originally posted by boatdesign
...I think future releases need to find a way to be a lot more 'modular' so that security patches can be applied without having to redo all the formatting. .... Maybe [an] upgrade script ... could ... reapply customizations and also be keyed to deted modifications which have been applied and alert if an incompatibility exists. (vbulletin.org lists the version next to a hack, so to take this a step further the upgrade script could be aware of the major add-ons)

...I would like to see more ... official support for the hacking community and add-on's. vBulletin is a great package, but it's the add-on's that make it really special.
I think this is asking for too much from vB. I drives me bonkers when Microsoft notifies me of IE 6. I don't trust Microsoft to make the correct decision on what is best for my use. I have choosen to change the vBulletin code. Only I should be responsible to the changes I've chosen to make. No script vBulletin could replace the manual process I go through to implement an update.

Several years ago (before dejanews) when I once called the Microsoft support desk, it was always the same procedure--uninstall all drivers, clean out config.sys & autoexec.bat. Why? They wanted all the crud I did to be gone--out of the picture. Certainly this didn't need to be done. But their costs would otherwise shoot to the moon.

If vBulletin were to support the hacks I've done, I would eventually be required to pay more through higher software costs. vBulletin would need to hire more support people or developers (or just drag out development cycles since my hacks need to be supported). Competitors would come in with a lower-cost product. vb3 would suffer because developers were investigating hack problems. New customers would be fewer. And product development/support would suffer more. (I know...this is a bit extream.)

Originally posted by BradC
Beyond Compare and Araxis .... sometimes don't catch all the changes. Now I have almost completely tried to make my own code to co-exist with vb. ....I also comment out all the old code and put in the fresh or altered code....I don't use these. They don't? If it's whitespace related, there may be an option.

We use a source management tool like cvs. Then, the old code remains elsewhere to be examined if needed. This allows you to have uncluttered code without old, commented-out areas. Generally, the old code only needs to be accessed if something goes wrong. And if it does, the complete file history is available through cvs. But this is just the way we do things.

boatdesign

Tue 2nd Apr '02, 3:39am

You're probably right. I probably just overreacted to the frequency of the latest patches, esp. since I just spent all day yesterday customizing 2.2.4 confident that it would be the last release until 3.0. My apologies to FireFly and Tubedogg for what are likely unreasonably difficult demands, or just not taking into account all the forces at work.

Of course if 2.2.6 comes out before I finish redoing 2.2.5 :D

Streicher

Tue 2nd Apr '02, 5:05am

Successfull Update from Version 2.2.4 to 2.2.5 in 1 hour with our own german style. Thanks for the fix.

orozery

Tue 2nd Apr '02, 5:16am

I need to translate vBulletin to Hebrew.
Will there be any template changes from 2.2.5 beta to 2.2.5 final?

JamesUS

Tue 2nd Apr '02, 5:34am

No.

Joe Gronlund

Tue 2nd Apr '02, 11:19am

my server load has been a little higher since the upgrade , anyone else notice this??

gobi

Tue 2nd Apr '02, 11:28am

I am trying to update from 2.2.4 to 2.2.5. It says run the upgrade18.php file in the admin directory, but after I uploaded those files to the directory I can't find upgrade18.php just upgrade17.php and a few others. HELP!

hypedave

Tue 2nd Apr '02, 12:19pm

Originally posted by Asendin
my server load has been a little higher since the upgrade , anyone else notice this??

you know what, come to think of it mine has been as well
im not suure if its my php or mysql settings

ah I fixed it

alanvo

Tue 2nd Apr '02, 2:25pm

If your board has alot of hacks and you dont have alot of time. I prefer, just update big version when it's release ex: 2.x.x not 2.2.x. it's not worth it.

Steve Machol

Tue 2nd Apr '02, 2:27pm

Originally posted by alanvo
If your board has alot of hacks and you dont have alot of time. I prefer, just update big version when it's release ex: 2.x.x not 2.2.x. it's not worth it. Just be aware that when you choose not to update to a version that fixes security holes, you are taking a big risk.

Marshalus

Tue 2nd Apr '02, 2:47pm

Especially after you post it in a public forum that you're not up to date, and have no interest in being.

Me personally, I finished upgrading to 2.2.5 last night. It took about two hours on my hacked board, but the security patches were more than worth it. I had a user take advantage of the very vuneribilities that this upgrade fixes just last week.

Not upgrading to this version would be a major lack in judgement.

hypedave

Tue 2nd Apr '02, 2:51pm

Originally posted by Marshalus

Not upgrading to this version would be a major lack in judgement.

I agree with you, my board has vbportals installed with about 6 major hacks and I was runing vb 2.2.1 for a along time, someone I believed that the security bugs would not bother my board at all, but after seeing so many updates, I start getting a little botherd, but now I am happy that I am on 2.2.5 now

ToraTora!

Tue 2nd Apr '02, 2:57pm

Originally posted by FireFly

Re not supporting hacks: I don't see how releases today are any different from the time the hacks were on this site. Either way you had to install all your hacks again or compare the files.

you kind of misunderstood me on this particular quote.

What it really means, is that people reminding other people, on a continual, if not a over repeated basis within the same thread about the "Supporting hacks" clause, gets quite annoying, and rather redunadant.

Again, I DO know, that hacks are not supported by vbulletin..and most in this thread painfully know all about reinstalling their hacks.
:)

express

Tue 2nd Apr '02, 3:43pm

Some guys in this thread make me sick always kissing someone's butt even though we continually get screwed with these updates. They release 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, and now 2.2.5 this is bull****, No one is going to tell me these things can not be tested before release, and if they are being tested then you guys need new testers because the ones you have suck.

Stasik

Tue 2nd Apr '02, 3:45pm

get ready for 2.2.6 :)
coming soon :D:D

Freddie Bingham

Tue 2nd Apr '02, 4:11pm

webhost you will need to use better language in the future. If you are not happy with out release schedule than feel free to bash it but please use better judgement with your words. Posting in such a derogatory tone is only going to get your posts edited or removed.

N9ne

Tue 2nd Apr '02, 4:42pm

when will vB3 be released? Because if you say it will have a lot of hacks already installed, I might aswell wait for that instead of upgrading...

HairyMonster

Tue 2nd Apr '02, 4:46pm

Sorry Freddie but I think webhost has a valid point and you comment about feeling free to bash it out is a little bit cheeky as the last post we tried to bash it out in got closed after myself as well as others aired our views.

Something serious needs to be done with regards to these wonderful upgrades you give to us as to be honest m8 the problem should not exsist anyhow.

This software is commercial and I would expect buggy code if it was free but not if I have to pay for it. (Microsoft Included).

In effect we have actualy paid for an unfinnished product that is being live beta tested on thousands of forums world wide.

I myself take security very seriously and since my site and my moderators and admin are currently at the center of a multi billion dollar yes i said billion :) law suit then I think it is wise to keep security tight. I even have my own security in place to protect essential elements of the board.

But all I keep hearing about this software is that it has security issues that need addressing and patching all the time ?

I will have to comply with the patch to 2.2.5 but I warn that there will be many others like myself out there who will be looking into alternatives if this is not addressed.

Sorry if I seem like I rant sometimes but this does need addressing.

HM

Joe Gronlund

Tue 2nd Apr '02, 5:21pm

Originally posted by webhost
Some guys in this thread make me sick always kissing someone's butt even though we continually get screwed with these updates. They release 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, and now 2.2.5 this is bull****, No one is going to tell me these things can not be tested before release, and if they are being tested then you guys need new testers because the ones you have suck.

its impossible to mass test, sometimes when you fix a bug you create a new one doing so, nothing is ever perfect..

Steve Machol

Tue 2nd Apr '02, 6:59pm

*Sigh*

Virtually every major product has security problems. Look how many security alerts are issues concerning IE, Windows, Linux, PHP, sendmail, etc. And the fact is that new holes are found almost daily.

I agree that it would be great if all security holes could be fixed once and for all. However I live in the real world and know that this just isn't going to happen.

While I understand and sympathize with the frustration expressed here, I firmly belive that Jelsoft has done an admirable job of finding and fixing all the holes it can.

Will other holes show up in the future? Probably, and not just in vB. The sad thing is that the Mods all knew that Jelsoft would get criticized for this release. However Jelsoft decided it was the right thing to do, regardless of any criticism it received. Frankly I wish all software companies treated security issues with as much seriousness and sincerity as they do.

tubedogg

Tue 2nd Apr '02, 7:12pm

Originally posted by HairyMonster
I will have to comply with the patch to 2.2.5 but I warn that there will be many others like myself out there who will be looking into alternatives if this is not addressed.Like UBB, which is still vulnerable (or was until very recently) to the exploit that was fixed in vB2 RC3 just under a year ago?

Would you rather have secure software and an update every month or so, or have non-secure software and just wait a year for a major version upgrade to fix things? I mean, seriously, that's what it has been. It's been about 10 months since the release of vB2 Gold and there have been about 10 releases. Would you like to compare this to other products? For example, Microsoft has released 15 security bulletins in the first 3 months of 2002. Symantec/Norton releases updates every few weeks or so. UBB has had seven releases since the first of this year.

Where exactly are you going to go to find secure software and one release every 6 months as you apparently want? It doesn't exist.

freaky

Tue 2nd Apr '02, 7:45pm

I guess most of these guys have never heard of Windows....damnit...why are there so many critical updates....it should have been perfect... :p

freaky

Tue 2nd Apr '02, 7:47pm

greeeaaaaat...

pcAnywhere just did this to me..... you would imagine v10.5 is perfect :p

samtha25

Tue 2nd Apr '02, 8:18pm

Originally posted by smachol
The sad thing is that the Mods all knew that Jelsoft would get criticized for this release.

It's not easy being a software developer. Someone will always be unhappy with anything you do. Had the security holes not been patched, the first hint of a problem would have generated a worse outpouring of criticism. It's the nature of the game and you just have to let people vent and not let it bother you. And, the idea that commercial software should be bug-free is nonsense. It's impossible to make bug-free software unless you're programming for a completely closed environment and controlled platform, even then there will be obscure bugs that don't show up in testing. I've paid hundreds of thousands of dollars for software that I wish worked half as well as vBulletin and had developers who were half as responsive.

Marshalus

Tue 2nd Apr '02, 8:48pm

How clearer can Jelsoft and other people make this?

(I'm not ass kissing at all when I say) Not upgrading is stupid, and I don't care if Jelsoft comes out with security patches and upgrades every hour, as long as I'm getting what I paid for.

That's just it, I paid my licence fee, I have my copy of vBulletin, I could care less if Jelsoft got pissed at me for disagreeing with them, but I don't disagree. My board is hacked, and I deal with it, because I know that security is FAR more important than the few hours of my time it takes me to upgrade?

I guess the real question comes down to:

Would you rather spend a day recovering your board, or loes it completly if it wasn't backed up properly, or spend an hour to upgrade it?

boatdesign

Tue 2nd Apr '02, 9:03pm

(I'm not ass kissing at all when I say) Not upgrading is stupid, and I don't care if Jelsoft comes out with security patches and upgrades every hour, as long as I'm getting what I paid for.
Of course if it takes you several hours to upgrade and an upgrade is available every hour, you might have a problem there keeping up :D

You're right - the security updates are a necessity. At the same time, if a competing board like the Gossamer-Threads forum can provide a product which has less security holes to start and thus less frequent patches and which can be maintained with much less time and effort or which can be better customized, vBulletin might lose some market share.

If vBulletin went to a bi-monthly schedule requiring a redo of all modifications, it could become the board for those who want it plain vanilla out of the box, and another board could become the board for people that want something which looks or functions a bit differently.

Only time will tell if vBulletin 3 can be more secure from the start or if the nature of the Internet will dictate even more frequent patches.

xCRYINGoutLOUDx

Tue 2nd Apr '02, 10:24pm

Marshalus

Tue 2nd Apr '02, 11:38pm

Exactly.

boatdesign

Tue 2nd Apr '02, 11:40pm

*sigh*
there is no such thing as a bug-free product... eventually people are going to find bugs by using a product and the makers of that product will fix it and release it. would you rather they just sat back and did nothing? nobody is forcing you to upgrade. i think releasing bug-fixes promptly is a good thing!
The fact that they're prompt about releasing fixes for security holes is a very good thing. I do commend them for fixing the bugs quickly.

But that doesn't translate to "more bugs is better because more patches is better" either. I hope that with 3.0 they can get it down to a security patch/bug fix every month or better, every two months.

I love vBulletin, but it's not my main focus either. So many security patches in such a short time means a lot of time taken away from other things.

Edit: PS: I should add that I'm not saying that I'm unhappy with vBulletin or blaming anyone for anything - I realize that because I've installed mods it was my choice and this is what makes upgrading more difficult. I'm just saying what I would like to see as a customer/user and what I find a bit frustrating. I suppose I just wanted to put my thoughts on the paper -- there now I feel much better. Time to tackle 2.2.5 finally :D

tubedogg

Tue 2nd Apr '02, 11:47pm

Originally posted by boatdesign
I hope that with 3.0 they can get it down to a security patch/bug fix every monthUm...that's what it has been...10 releases, 10 months, about 1/2 of those were new feature+bug fix releases, so 5 pure bug-fix releases in 10 months is about once every 2 months...

boatdesign

Tue 2nd Apr '02, 11:55pm

2.2.3: 03-06-2002
2.2.4: 03-10-2002
2.2.5: 04-01-2002

These were the ones which seemed a little frequent...

ToraTora!

Tue 2nd Apr '02, 11:59pm

jesus..you guys really know how to beat a dead horse.

For one, everybody realizes, or should realize these points:

Hacks are not supported by Vbulletin/Jellsoft
Security is important
Major conflicts with upgrading schedules piss people off
Opinion, and feedback is part of business. Whether it be good, in your favor, or bad, against, take it as constructive suggestions either way.
Linux has a team of contributers who are constantly raising the bar of their product, through months and months of beta testing. I find it hard pressed to say, that i have ever seen a kernel, or versions of Red Hat released every two weeks. In that same aspect, people can download unsupported work for Linux, which leaves little room for pointing fingers. Its a "take a chance" environment, and all involved in that "Beta" session realize that simple fact.
Microsoft makes millions off of "Must have upgrade" software, so do you really think that they are going to find a "cure" any time soon?
PHP is open source. In open source, one can expect such travesties of mistakes, and error. In the relm of open source, you are the "buyer beware" in a free market, or in another terms, the guienie pig for somebody's talents. This should never be the case for a licensed product, no matter what excuse is used, considering the product and user base is spread world wide, and has growing a name for itself, which also means, that there are going to be those who commit to tearing that product down.
Having ample testing is the key to any product, and excuses should never be used in any faction, to endorse, or push aside the overall bottom line, which in this case is security.
The most troubling part of this all consists of the references to 3.0 while we are sitting on 2.5. It reminds me of the previous "Beta" series, in which almost every two-three days, there was another upgrade, before it finally went gold, and than how long did it take, before another upgrade had to be performed?
Being a genie pig for a paid product is one thing, but to listen to excuses as to why one should go willingly as a gueinie pig is another.
opinions, are like (fill in here)
everybody has one, everybody is entitled to voice them. To ignore, or pass off suggestions or displeasure, in favor of being on the "good side" can be rather demeaning, when at times, a little truth would go much further.
Whether you agree with them, or not, one must realize you are not in that persons shoes, and do not understand their frustration. A good post for reference, would be Steves post, in which he voices the sentiments most are feeling, however, explains that what needed to be done, had to be done.
That is, a good example, of listening, or understanding.

In short, I think what really needs to be said, is that people should really learn to respect one another just a little bit better, and start the process of "understanding" a little bit more.

There are only a couple of posts in here that actually voice true concern to issues here, and the rest is just the usual same old same old. You can basically read any previous release thread, and see the same comments over and over again.

And that, is sort of my point. Out of all of these releases, and their corresponding release threads, has there been anything remotely constructive or resolved?

The same three facts, that are repeated again and again are:

We did it for security
Not another upgrade!!!
Im not going to upgrade until the next release

Basically, to solve all ill comments, or hate generated, lets just simply not have a discussion thread, but instead, have a yes no poll that asks "are you happy with this release?"
because for the most part, the discussion factor isn't working.

ToraTora!

Wed 3rd Apr '02, 12:05am

my post above, was not directed at tube or boat. It just happened to fall rite after their posts, so dont take my post as a direct response to their comments.

boatdesign

Wed 3rd Apr '02, 12:10am

No problem - even if it were directed at me, based on my posts in this thread I probably deserve it :D

ToraTora!

Wed 3rd Apr '02, 12:10am

Originally posted by boatdesign
No problem - even if it were directed at me, based on my posts in this thread I deserve it :D

lol... :tortureracksmiliey:

tubedogg

Wed 3rd Apr '02, 12:23am

Originally posted by boatdesign
2.2.3: 03-06-2002
2.2.4: 03-10-2002
2.2.5: 04-01-2002

These were the ones which seemed a little frequent... OK so three releases within a month, that means that the other 7 were spread over 9 months.

What you're asking for simply isn't realistic. Bugs happen, security issues come up, things get fixed, a new release is made. Given what other companies (who charge more for their forum products) are doing, I'd say we're fairly on top of our game here.

tubedogg

Wed 3rd Apr '02, 12:30am

Originally posted by ToraTora!
Linux has a team of contributers who are constantly raising the bar of their product, through months and months of beta testing.We don't have that luxury. And I would dare say that you would find security issues patched quickly as opposed to putting a security patch into beta for months with Linux as well.
I find it hard pressed to say, that i have ever seen a kernel, or versions of Red Hat released every two weeks.There is a slight difference between an operating system and a forum. No, there is not a new release of Linux every two weeks, but (and I am speaking with no knowledge here, keep this in mind) I would assume there are bug fix patches made available fairly often, more than once every six months.

It reminds me of the previous "Beta" series, in which almost every two-three days, there was another upgrade, before it finally went goldWe're supposed to have a beta period but we can't release updates in short-order then either?

and than how long did it take, before another upgrade had to be performed?About three weeks to fix several minor bugs that didn't pop up until it went into wide-spread usage.

That's the thing about software - you can test for 2 years but until it goes into wide-spread usage, you will not be able to find a lot of the bugs simply because a lot of the bugs are obscure little things that depend on the environment, OS, etc.

ToraTora!

Wed 3rd Apr '02, 12:30am

Originally posted by tubedogg
OK so three releases within a month, that means that the other 7 were spread over 9 months.

What you're asking for simply isn't realistic. Bugs happen, security issues come up, things get fixed, a new release is made. Given what other companies (who charge more for their forum products) are doing, I'd say we're fairly on top of our game here.

most, myself included, do not know how some of the bug issues were resolved (code wise), nor how they were discovered for the most part (cross scripting..etc..) although, would it suffice to say, that some of those bugs could of been resolved with a little better testing?

I think that is the main point, because 2.4, although a very, very easy upgrade, illustrated a real black mark for upgrading in high definition concerning "thorough" testing in my mind.

Freddie Bingham

Wed 3rd Apr '02, 12:31am

vb3 will ship without requiring register_globals to be enabled and if it is, all global variables are unset. This alone would have prevented the latest round of patches and a great deal of the previous security patches. You will not see as many security related updated from vb3 as you have from vb2.

Tora, the point is that we have been unable to conceive of the possibility of some of the exploits. We try our damnest and hire others to also look the code over to weed these out. You can test the program for 40 days straight if you wish but that will not uncover potential spots for mis-use. We may be the king of the hill now, or at least the most pirated so that makes us the most popular script to try to hack. vb3 will simply not suffer from the same problems. Almost every problem has resulted from issues stemming from register_globals being enabled and as I said above that will be a deadend for the hacker in vb3.

ToraTora!

Wed 3rd Apr '02, 12:36am

Originally posted by tubedogg

That's the thing about software - you can test for 2 years but until it goes into wide-spread usage, you will not be able to find a lot of the bugs simply because a lot of the bugs are obscure little things that depend on the environment, OS, etc.

I agree with that point. However, in the same instance, if resources are low here for "testers" than by all means, sign a few people up, and have them beat the living hell out of it for a set time period. Obviously, things along the lines of cross scripting should never be handled by any volunteer for such a project, but other simple things would be beneficial I would think.

Most of the users here, can test the software better than the guys who code it in my opinion, due mostly in part, the focus is in the actual implementation of its use, rather than the coding aspects.

A good example would of been the password bug. It took what..a half hour before somebody reported it?

Thats kind of my point in a nutshell. Test it, and test it hard. If there is limited resources, than find some volunteers, because myself, like many others, would be more than happy to literally beat the hell out of something that isnt ours, in order to make sure ours ran perfect after upgrade.

ToraTora!

Wed 3rd Apr '02, 12:48am

Originally posted by freddie
vb3 will ship without requiring register_globals to be enabled and if it is, all global variables are unset. This alone would have prevented the latest round of patches and a great deal of the previous security patches. You will not see as many security related updated from vb3 as you have from vb2.

Tora, the point is that we have been unable to conceive of the possibility of some of the exploits. We try our damnest and hire others to also look the code over to weed these out. You can test the program for 40 days straight if you wish but that will not uncover potential spots for mis-use. We may be the king of the hill now, or at least the most pirated so that makes us the most popular script to try to hack. vb3 will simply not suffer from the same problems. Almost every problem has resulted from issues stemming from register_globals being enabled and as I said above that will be a deadend for the hacker in vb3.

I can totally understand what you are saying, and most would agree that it is a very hectic vantage point from where you guys are sitting rite now. The damned if you do, damned if you dont clause can be applied in most of what has transpired as of late concerning the VB software, and its rapid rise in use on the net.

Im also glad to hear about the newest developments concerning the global areas, because for the most part, anything that can be spead around in mass quanities such as globals (if i am referring to the correct area of globals used) have always given me some rather uneasy feelings. To much information, spead around to many scripts with the same variables set.
The one thing i did notice, other than the new db call arrangements, was the use of unset(); in many areas.

hypedave

Wed 3rd Apr '02, 12:49am

Originally posted by freddie
vb3 will ship without requiring register_globals to be enabled and if it is, all global variables are unset. This alone would have prevented the latest round of patches and a great deal of the previous security patches. You will not see as many security related updated from vb3 as you have from vb2.

Tora, the point is that we have been unable to conceive of the possibility of some of the exploits. We try our damnest and hire others to also look the code over to weed these out. You can test the program for 40 days straight if you wish but that will not uncover potential spots for mis-use. We may be the king of the hill now, or at least the most pirated so that makes us the most popular script to try to hack. vb3 will simply not suffer from the same problems. Almost every problem has resulted from issues stemming from register_globals being enabled and as I said above that will be a deadend for the hacker in vb3.

yeah its disappointing to see so many warez forums with vb, I have tryed my best to report those forums but a year later they are still operational and even updating their vb's , it kinda makes me wonder, but all I can do is hold my head down and continue to pay for my license, and hope that vb3 will be an answere to a hard working person

keep up the good work Jelsoft and dont let anything stop you from being on top

kippesp

Wed 3rd Apr '02, 2:13am

Originally posted by ToraTora!
If resources are low here for "testers" than by all means, sign a few people up, and have them beat the living hell out of it for a set time period.

You could hire infinite monkeys for infinite time to create posts, view the member list, and otherwise have a ball doing normal things. But from what I've see of the 2.2.4 to 2.2.5 updates, all their testing would never uncover all the issues that 2.2.5 fixed.

Most of the code changes prevent users with knowledge of the vB code to do unscrupulous things. More thorough code reviews should be done. vBulletin in a prior post disclosed that a 3rd party company reviewed one of the 2.x.x threads.

I don't think hiring more beta testers would improve these security issues nearly as much as code reviews with an eye towards malicious PHP users (who have the vB code in their back pocket).

mewgood

Wed 3rd Apr '02, 2:32am

Hm..will there be a non beta coming out?
when is that?

firewire

Wed 3rd Apr '02, 2:33am

How come the 2.2.5 files are still beta?

I understand it's important to update in order to fix that unknown security issue :) but I don't really like to put files named beta on a high volume production website.

Can we expect an email notofication, so we now it's "safe" to upgrade?

boatdesign

Wed 3rd Apr '02, 2:45am

The database error issue that 2.2.5 fixes sounds like a bug not an exploit though, and that probably would have been caught by beta testers, right? Was this introduced by 2.2.4 or has it existed all along?

Chen

Wed 3rd Apr '02, 2:51am

Originally posted by boatdesign
The database error issue that 2.2.5 fixes sounds like a bug not an exploit though, and that probably would have been caught by beta testers, right? Was this introduced by 2.2.4 or has it existed all along?
Yes, it's 100% a bug. It was discovered by a customer who asked for a support. I doubt it beta testers would have found this out because it invloves editing a user's password to "", then update titles (which is not a new feature so people wouldn't have even go near it).

Fusion

Wed 3rd Apr '02, 2:56am

Uhh, Chen..
The job of a beta-tester is not only to test new/changed features, but also to periodically re-test "old" areas, do the illogical things if you will. I've been thru many beta-tests, and you would have to do the unexpected to see if anything unforseen pops up.

JamesUS

Wed 3rd Apr '02, 3:14am

Yes it should have been found, but unfortunately there's nothing we can do about it now. We are re-evaluating our internal testing procedures (as John mentioned at the release of 2.2.4), hopefully preventing future issues like this.

Please do bear with us on this one - we don't like it any more than anyone else does.
Our aim as a software development company is to always produce the most secure, bug-free software possible. When a copy of our software provides a security risk then our absolute priority is to release a new version/update to fix that security risk, regardless of how inconvenient it may seem. For other bugs we obviously don't do this, but security always has our ultimate priority and importance.

Floris

Wed 3rd Apr '02, 3:27am

Originally posted by JamesUS
Yes it should have been found, but unfortunately there's nothing we can do about it now. We are re-evaluating our internal testing procedures (as John mentioned at the release of 2.2.4), hopefully preventing future issues like this.

Please do bear with us on this one - we don't like it any more than anyone else does.
Our aim as a software development company is to always produce the most secure, bug-free software possible. When a copy of our software provides a security risk then our absolute priority is to release a new version/update to fix that security risk, regardless of how inconvenient it may seem. For other bugs we obviously don't do this, but security always has our ultimate priority and importance.

YEAH!

And that is why I have chosen to purchase vBulletin.

Everybody is free NOT to upgrade, but .. then do not complain when the source is getting abused. I seriously see no reason for users to complain actually. And I hope it stops. I kind of already stopped reading this 'official' discussion thread, just due to that.

GK_3GO

Wed 3rd Apr '02, 3:30am

People freaking' whine to much! When I was running UBB, the pos inendated with bugs that were never worked on. 99% of the time when I got errors, I got a "it’s your server" b.s. reply.:rolleyes:

I’m happy that Jelsoft actually works on their product! Keep up the great work! :)

Lionel

Wed 3rd Apr '02, 3:58am

waiting for version 3.0 before I do any upgrades :D :D

Chen

Wed 3rd Apr '02, 4:16am

Originally posted by Lionel
waiting for version 3.0 before I do any upgrades :D :D
Is that an invitation for people to hack your board?

Lionel

Wed 3rd Apr '02, 4:23am

last time I checked, I had 95 + hacks installed not counting my own... if you know what I mean. I tried to upgrade using the guidelines at .org and it was a disaster. Thank god I had a backup.

Steve_S

Wed 3rd Apr '02, 4:25am

Congrats to the vB team + helpers for another quick fix.

Your actions speak volumes about your great support and quest for excellence.

:)

ToraTora!

Wed 3rd Apr '02, 7:22am

Originally posted by kippesp

You could hire infinite monkeys for infinite time to create posts, view the member list, and otherwise have a ball doing normal things. But from what I've see of the 2.2.4 to 2.2.5 updates, all their testing would never uncover all the issues that 2.2.5 fixed.

Most of the code changes prevent users with knowledge of the vB code to do unscrupulous things. More thorough code reviews should be done. vBulletin in a prior post disclosed that a 3rd party company reviewed one of the 2.x.x threads.

I don't think hiring more beta testers would improve these security issues nearly as much as code reviews with an eye towards malicious PHP users (who have the vB code in their back pocket).

What you fail to realize, is that some of us have been through this song and dance already quite a few times, for a couple of bugs here and theres, that could of easily been solved by having some of us monkeys that use their bulletin board in every extent of the word, test a release for possible bugs.
If its going to be released anyways, what is the difference?

I never suggested, that Vbulletin give everybody a handbook on how to hack it, nor did I suggest that all users that are testing it be given confidential information to any of the security downfalls of the scripts.

Testing means "Using" the board, not recoding it.

Imagine having 20-50 regular vbulletin owners, testing a pre-release board hosted by Vbulletin on some test server of theirs. I can gurantee, that there would be hardly, if any cosmetic bugs to speak of, nor some of the prior bugs that were discovered.
That is because most have been testing and using this software for close to what... three-four years?
I think you underestimate the talents that some of the members here possess.

All you have to do, is look around in these very same forums to see the participation factor of this site, and realize there are plenty of people who would be more than willing to throw in a extra hand to help out testing the functionality of the board.

The email validation bug as a example, would not of been a missed detail, had there been this type of test environment up and running.

This simple idea, could eliminate a ton of little problems, which would allow Jellsoft to move forward and only worry about their projected goals and completion dates of future releases.

I may be taking a shot in the dark here, but my guess is Jellsoft would like to move forward with each new released version, rather than backtrack re-releasing the same version over and over again because of a few minor bugs that could of been caught prior to a full blown release.

David Bott

Wed 3rd Apr '02, 11:10am

We all know that by putting in hacks we will need redo some of them when fixes like this come out. It is our choice to hack. All bugs/holes can not be found all the time. Heck...Some holes only show up when someone finds a PHP hole or even a MySQL hole that then effects Vb.

I of course will be upgrading when ready and it is not flagged as beta. This should not have been announced as an upgrade until it was done with beta...tisk, tisk...of course IMHO. All you are saying to your owners is..."Here is the new fix, we are not sure it really works as it should at this time." Esp. when you have so many files involved. Post it first on the site as a beta...but do not send out a notice about an upgrade when it is not 100% sure it is ready. All you have done is now make owners like myself nervious about being hacked for I can not afford to take the risk of installing beta code.

All I can hope for on a site our size is that nothing happens to the server load. By which I mean a server load increase. I have had major issues in the past with an upgrade that they said would not be causing my load issue when in fact it was disclosed it was and needed to be fixed. (forumdisplay.php) With all the files changes...I can only hope all will be fine in that area.

Special Regards,

David Bott
AVS Forum/TiVo Community
http://www.avsforum.com
http://www.tivocommunity.com

Floris

Wed 3rd Apr '02, 11:15am

I of course will be upgrading when ready and it is not flagged as beta. This should not have been announced as an upgrade until it was done with beta...tisk, tisk...of course IMHO. All you are saying to your owners is..."Here is the new fix, we are not sure it really works as it should at this time." Esp. when you have so many files involved. Post it first on the site as a beta...but do not send out a notice about an upgrade when it is not 100% sure it is ready.

I do not agree.
Normally the release was ./. announced, and then, in the following two days, some file changes were made, due to whatever reason. And it was confusing for people, since the version number did not change.

I think I read something like: It is flagged as beta, because we expect a few changes in the upcomming days. And when final, it will be unflagged as a beta.

I think this makes it really clear to me to wait, and apply needed patches here and there (or do nothing) .. but if I feel this is needed to be applied straight away, then I am glad there is the beta already open for license holders to download. That way I can be secure enough about my site.

Joe Gronlund

Wed 3rd Apr '02, 12:41pm

is this release "current" going to be upgraded to gold final code??

freaky

Wed 3rd Apr '02, 1:07pm

Originally posted by GK_3GO
People freaking' whine to much! When I was running UBB, the pos inendated with bugs that were never worked on. 99% of the time when I got errors, I got a "it’s your server" b.s. reply.:rolleyes:

I’m happy that Jelsoft actually works on their product! Keep up the great work! :)

A freakin MEN...haha...god those UBB days are over...

tubedogg

Wed 3rd Apr '02, 1:07pm

Originally posted by David Bott
but do not send out a notice about an upgrade when it is not 100% sure it is readyWe haven't sent out an eBulletin about 2.2.5 yet, I'm pretty sure...

Chen

Wed 3rd Apr '02, 1:47pm

Originally posted by tubedogg
We haven't sent out an eBulletin about 2.2.5 yet, I'm pretty sure...
We haven't. :)

tubedogg

Wed 3rd Apr '02, 1:56pm

OK so what was David talking about?

Chen

Wed 3rd Apr '02, 2:11pm

Originally posted by tubedogg
OK so what was David talking about?
I really don't know.

It is being posted as beta, and John explicitly said that in his announcement. Once it's out of beta an E-BULLETIN will be sent to all customers.

N9ne

Wed 3rd Apr '02, 2:20pm

When will vB3 be released? Because I don't want to upgrade and re-hack so I think I will wait on vB3 since many more features are promised :D so I'll wait for that to come out; that depending on when it is released.

Floris

Wed 3rd Apr '02, 2:23pm

Originally posted by N9ne
When will vB3 be released? Because I don't want to upgrade and re-hack so I think I will wait on vB3 since many more features are promised :D so I'll wait for that to come out; that depending on when it is released.

uHm.. this is a 2.2.5 discussion thread :)
vB3 will be out when it is done I guess... and I doubt it will be tomorrow.

wacnstac

Wed 3rd Apr '02, 2:30pm

Dammit I thought this was an April Fools joke at first. So when does the non-beta 2.2.5 come out? I want to upgrade, not beta test.

Chen

Wed 3rd Apr '02, 2:34pm

Originally posted by wacnstac
Dammit I thought this was an April Fools joke at first. So when does the non-beta 2.2.5 come out? I want to upgrade, not beta test.
A matter of days.

David Bott

Wed 3rd Apr '02, 2:51pm

I am talking about when you go into your admin area it reads...

"There is a newer version of vBulletin than the version you are running!
Download vBulletin version 2.2.5 from the Members' Area."

Thus to me it reads...New ready to go version...Install it. :)

Hope this helps.

Fusion

Wed 3rd Apr '02, 3:30pm

Originally posted by FireFly

I really don't know.

It is being posted as beta, and John explicitly said that in his announcement. Once it's out of beta an E-BULLETIN will be sent to all customers. I think David was referring to the announcement labeled "2.2.5 is released". It's only when you read the actual announcement it mentions the beta.-status. I know, I'm picking, but hey, anything to pass the time 'til v3 is out. :p

tubedogg

Wed 3rd Apr '02, 3:32pm

Originally posted by David Bott
I am talking about when you go into your admin area it reads...

"There is a newer version of vBulletin than the version you are running!
Download vBulletin version 2.2.5 from the Members' Area."

Thus to me it reads...New ready to go version...Install it. :)

Hope this helps. OK, that's fair...however when you go to download it, it does say in very clear terms that it's beta...

David Bott

Wed 3rd Apr '02, 3:39pm

Come on Kevin...you get my point. I do not care if it is clear when you go to download. The software should not have told me their was a new version if in fact the current one is still in beta. It just should have been posted on the site and not "steamed" to each users admin area.

Fusion

Wed 3rd Apr '02, 3:49pm

Originally posted by David Bott
Come on Kevin...you get my point. I do not care if it is clear when you go to download. The software should not have told me their was a new version if in fact the current one is still in beta. It just should have been posted on the site and not "steamed" to each users admin area. David has a very valid point. I guess it has all to do with how the version-checking in the admin cp is done, it simply wasn't designed to deal with betas.

tubedogg

Wed 3rd Apr '02, 4:06pm

Originally posted by David Bott
Come on Kevin...you get my point. I do not care if it is clear when you go to download. The software should not have told me their was a new version if in fact the current one is still in beta.I don't agree at all. There is a new version, beta or not, and so it told you that. If you choose not to install it that's your choice, but we've been lambasted in the past for not being louder about new releases, and now we're getting it for doing that, so I guess we can't win.

Fusion

Wed 3rd Apr '02, 4:25pm

Floris

Wed 3rd Apr '02, 4:51pm

Originally posted by Fusion
Using your logic, Kevin, the admin CP should really show v3.0.0 now, it too is still in development like the 2.2.5, because as long as changes may be done from day to day, it IS still being developed.

That is just a pile of donkey pie! :rolleyes:

vB3 is not av, for download, therefor not new.

tubedogg

Wed 3rd Apr '02, 4:54pm

Originally posted by Fusion
Using your logic, Kevin, the admin CP should really show v3.0.0 now, it too is still in development like the 2.2.5, because as long as changes may be done from day to day, it IS still being developed. vB3 is not available for public download. 2.2.5 beta is. There's a slight difference.

David Bott

Wed 3rd Apr '02, 5:05pm

Yes...just like their is a difference between gold and beta.

Look, don't get me wrong. I am glad new version are being released to fix issues and security. That is a good thing.

However, I do not feel I should be told their is a new version when in fact it is still in beta. I can not afford at this point in the game to run beta code. I would rather be told when their is a gold, ready to go, release. That is all I was saying.

Yes...by all means tell the members via the forum they can download the 2.2.5 beta in the members area. But don't let your software tell us their is a new release when it is not ready for prime time.

Thanks for listening.

hypedave

Wed 3rd Apr '02, 5:41pm

Originally posted by David Bott
Yes...just like their is a difference between gold and beta.

Look, don't get me wrong. I am glad new version are being released to fix issues and security. That is a good thing.

However, I do not feel I should be told their is a new version when in fact it is still in beta. I can not afford at this point in the game to run beta code. I would rather be told when their is a gold, ready to go, release. That is all I was saying.

Yes...by all means tell the members via the forum they can download the 2.2.5 beta in the members area. But don't let your software tell us their is a new release when it is not ready for prime time.

Thanks for listening.

yeah come to think about would be nice that in the cp it would say that the news version was beta or full, not that im complaining or anything,

global-mindz

Wed 3rd Apr '02, 5:53pm

we bought the software for our board a couple days ago.. seems all we can grab is beta. no biggie, but seems wierd u can't grab an older more stable build, albiet with security bugs but a standard installation (gold release) to update/upgrade from later... instead of trying to update an (unsupported?) beta build when ur a newbie :) -- hope u have the final soon.. and will our license be extended for a week because of the delay?

DaBuzz

Wed 3rd Apr '02, 6:02pm

Originally posted by tubedogg
I don't agree at all. There is a new version, beta or not, and so it told you that. If you choose not to install it that's your choice, but we've been lambasted in the past for not being louder about new releases, and now we're getting it for doing that, so I guess we can't win. And now you're being lambasted for not clearly labeling an upgrade notification in the control panel of VB's across the globe. Different issue than what you are complaining about completely.

I too was a bit "put out" when I saw 2.2.5 was out according to my CP only to come to VBulletin.com and see that it was actually 2.2.5 BETA.

I think all people are asking is that your notifications in our control panels be a bit more accurate by giving the FULL version that is available, in this case it is 2.2.5 BETA, not 2.2.5 as the control panel notification says.

I don't think this is an outlandish request in the slightest.

Marshalus

Wed 3rd Apr '02, 8:38pm

Simple guys: If you don't want to run a beta, don't install it, wait for the final.

I'm sure it took a whole 5 minutes out of your busy day to check the site, and see it was beta. Don't tell me "my time is very important" otherwise you would have never even spent the time to complain about it.

tubedogg

Wed 3rd Apr '02, 8:45pm

Originally posted by global-mindz
and will our license be extended for a week because of the delay?No your license will not be extended.

TECK

Wed 3rd Apr '02, 9:14pm

when 225 will be out of BETA stage?
thanks.

tubedogg

Wed 3rd Apr '02, 9:24pm

Within the next two to three days probably.

DVD Plaza

Wed 3rd Apr '02, 9:36pm

Yeah I'm still waiting for it to be out of beta - given it's allegedly a security fix I'm alarmed at still waiting on this.

What's with the version number not reflecting it being beta? If any changes were made that would mean there are different versions of 2.2.5 making the version number ultimately quite pointless.

jucs

Wed 3rd Apr '02, 10:22pm

Please only announce upgrades in the Admin that are not beta. Thanks.

David Bott

Wed 3rd Apr '02, 10:41pm

Tubedogg...

You know I really, really have been biting my tong with your remarks....I am sorry to say I am finding them sometimes very rude to the members and thus un-professional. Remember....these are the customers.

I referring to remarks like...."Would you prefer we just hand you something untested and hope it works? You're being irrational." I won't even get into the issue I have with the new customer buying code and finding it in beta and your more or less "No Way" remark!

You are the one taking this totally out of context and being irrational. You just do not seem to get the fact that we were informed of a NEW RELEASE of the code. In looking at the release we are told it is because a number of security holes in the software. Then we go to download the code and find it in BETA.

Now what do you have? You have people in a catch 22. On one side they want to upgrade to plug the holes to protect their site. One the other, it is BETA CODE (to some point) and that could in fact be a worse move to install it.

My site alone see's 30,000 unique people a day (one of Vb's largest). As I have mentioned, I can not afford to run beta code for I really, really could hurt if something goes wrong. Thus...I just mentioned the fact to please not say their is a new release when their is not a "true" release. That is all I said. Now I have read the issues and I am nervous about the holes found....But I must sit and wait for Jelsoft to say it is safe to install. Note though...even after that I will watching my servers closely due to past upgrade issues.

All in all, you need to just listen sometimes and not be so quick to defend. We are not saying this is a bad upgrade or anything...but to please maybe consider changing in the future how something is announced as a release.

Jelsoft...I hope you take corrective action as needed.

wacnstac

Wed 3rd Apr '02, 10:47pm

I agree. Please only make official announcements of new versions that ARE NOT beta. Post beta versions somewhere else. I'm not going to do the work to upgrade to a beta then upgrade again in a couple days.

tubedogg

Wed 3rd Apr '02, 11:47pm

Originally posted by David Bott
You are the one taking this totally out of context and being irrational. You just do not seem to get the fact that we were informed of a NEW RELEASE of the code. In looking at the release we are told it is because a number of security holes in the software. Then we go to download the code and find it in BETA.

Now what do you have? You have people in a catch 22. On one side they want to upgrade to plug the holes to protect their site. One the other, it is BETA CODE (to some point) and that could in fact be a worse move to install it.And? If you do not want to run the beta code, it is clearly marked before you download. You are implying that by telling you in the Admin CP that there is a new version available that we are forcing you to run it, which is nowhere near accurate. If you feel you can't run beta code, then don't download it, and wait for the eBulletin telling you that the "gold" version is available.

You want a perfect bug-free version, which can't happen unless (and even when) we test the version, but when we release it for testing, we're not allowed to tell anyone about it? Talk about a catch 22...We can only test it so hard internally. None of us wants to repeat the 2.2.3/2.2.4 issue, and this was released as a beta. What is the big deal about telling you of a new version in the Admin CP? It doesn't affect you, at all. There is no loss of functionality due to it. It doesn't shut the program down until you upgrade. In short there is no difference, so why is it such a big deal?

but to please maybe consider changing in the future how something is announced as a release.I really do not see what there is to change. Simply ignore the message in your Admin CP and wait for your eBulletin to let you know when the gold code is released. How does it affect you to tell you there is a new version? That's what I don't understand.

Mike Sullivan

Thu 4th Apr '02, 12:12am

Just FYI, but as of now there haven't been any changes to the code for the final version and I don't expect there to be. Barring a problem, 2.2.5 should be tagged stable tomorrow (Thursday).

DaBuzz

Thu 4th Apr '02, 1:01am

Originally posted by tubedogg
I really do not see what there is to change. Simply ignore the message in your Admin CP and wait for your eBulletin to let you know when the gold code is released. How does it affect you to tell you there is a new version? That's what I don't understand. So then if the Admin CP version notification is so useless that an official VBulletin rep is saying we should ignore it, I expect it to be removed once 2.2.5 is gold. Obviously the eBulletin email is the only version information we should care about so why have redundant and conflicting version reporting systems?

I don't want to pay for code that VBulletin themselves say I should ignore, and as a result is useless, especially something that seems so important as a version upgrade notice when obviously it is not important at all since we are now told to ignore it.

Do you see how completely off base you are yet tube? :rolleyes:

All we are asking for is to not have our Admin CP tell us of versions that are not ready for prime time, BETA code is not ready for prime time and whether we spent 5 seconds or 5 minutes figuring out that this was BETA code after we saw the notification is of no importance. Your customers are making a VERY LEGITIMATE request, and instead of taking that request and processing it and determining how it would better serve the services you offer, you become defensive and in my opinion, a bit arrogant.

It is attitudes like these that made me leave UBB in November of 2000 when I first bought VBulletin, it's a shame to see the same thing here.

Steve Machol

Thu 4th Apr '02, 1:20am

IMHO labeling is 2.2.5 beta in the Admin CP does make sense. I also sympathize with the new custmer who can only download a 'beta' version. Although in all honesty that version is more bug-free and secure than the 'stable' version it replaced.

I think one of the things that makes this issue difficult is that this really isn't a 'beta' in the truest sense of the word - perhaps 'release candidate' is more appropriate. I think all Jelsoft is saying is that the code is essentially done but they just want to make sure there are no more unpleasant surprises before calling it stable. I also believe they did the right thing in releasing this version as quickly as they did. The security hole had been published and everyone's forums were at risk. It was clearly the responsible thing to do.

Marshalus

Thu 4th Apr '02, 1:32am

I agree, and as someone who works as customer service when he isn't at home or school, I can see why tubedogg is getting so defensive.

Yes, your request is a legitimate one, not to have the beta notice in your Admin CP, but chances are the majority of the people here like it. I've said it, Jelsoft has said it, if you don't want a beta, don't install it, and wait for gold.

Fusion

Thu 4th Apr '02, 1:44am

Originally posted by smachol
IMHO labeling is 2.2.5 beta in the Admin CP does make sense. I also sympathize with the new custmer who can only download a 'beta' version. Although in all honesty that version is more bug-free and secure than the 'stable' version it replaced.

I think one of the things that makes this issue difficult is that this really isn't a 'beta' in the truest sense of the word - perhaps 'release candidate' is more appropriate. I think all Jelsoft is saying is that the code is essentially done but they just want to make sure there are no more unpleasant surprises before calling it stable. I also believe they did the right thing in releasing this version as quickly as they did. The security hole had been published and everyone's forums were at risk. It was clearly the responsible thing to do. As an alternative, consider releasing such betas/RCs through a separate beta-forum, or extend the admin CP version checking to differentiate between such releases and the latest "stable" release. That's two simple means that others have used with success, and which would satisfy all parties involved.

Personally, I can't help consider betas/RCs as yet unofficial, in part because there's been no eBulletin addressing it, but also because the very idea of "testing the waters" gives me the willies. All things considered, an official release has to be the latest stable version, 2.2.4 in this case, and therefore, making an official announcement about the relase is misguided and confusing to the end-users.

tubedogg

Thu 4th Apr '02, 2:18am

Originally posted by DaBuzz
So then if the Admin CP version notification is so useless that an official VBulletin rep is saying we should ignore it, I expect it to be removed once 2.2.5 is gold.No, I said once you determine the code to be beta, that you should simply ignore the notification until you get your official notification that it is "gold" if you don't want to be running beta code.

All we are asking for is to not have our Admin CP tell us of versions that are not ready for prime time, BETA code is not ready for prime time and whether we spent 5 seconds or 5 minutes figuring out that this was BETA code after we saw the notification is of no importance. Your customers are making a VERY LEGITIMATE request, and instead of taking that request and processing it and determining how it would better serve the services you offer, you become defensive and in my opinion, a bit arrogant.I said a few pages back that marking releases as "beta" in the Admin CP might not be a bad idea. However, and this is a very important distinction, I do not agree that it should not tell you of new releases until the code is "gold".

I'm sorry if I seem arrogant. But I simply cannot fathom why this is such a huge deal. If you don't want to run beta code, then don't do so. But why is the fact that it tells you there is a new version in the Admin CP so show-stopping?

For example, wacnstac said "I'm not going to do the work to upgrade to a beta then upgrade again in a couple days." How does this affect the notification in the Admin CP? The notification in the Admin CP doesn't force you to upgrade, as his message seems to imply it does. If he doesn't want to run the beta, then don't run it.

Chen

Thu 4th Apr '02, 2:20am

Originally posted by wacnstac
I agree. Please only make official announcements of new versions that ARE NOT beta. Post beta versions somewhere else. I'm not going to do the work to upgrade to a beta then upgrade again in a couple days.
John specifically said in his announcement:
Since we have had to modify a lot of files to fix this issue, the files will be tagged as 'beta' for a few days to allow us to update them if any minor bugs are found.
Can you be any clearer than that? You don't have to install the beta version, no one forces you to do that. Rest assured that when the code is stable and ready you will get an e-mail to your inbox announcing this release.
How do you suggest we test the beta version without announcing it? Kind of defeats the purpose, don't you think? We need as many people as possible to test the program if we want to find bugs, correct? Posting it in the Chit Chat forum, for example, would be irresponsible because many people don't bother reading that forum.

ixian

Thu 4th Apr '02, 2:24am

This was a fun thread to wade through. It's interesting to see how it degenerated into a battle with the dev team in full defensive mode. I read about 12 posts explaining how people were basically fools if they didn't upgrade to 2.2.5 ("Is that an invitation to hack your board?" etc, etc) and then several posts stating "If you don't like the beta status, wait for gold!".

Hmm.

Comparisons to Microsoft and their "patch of the week" are valid, to a point, but they miss a major (IMHO) factor - Microsoft patches are EASY TO APPLY. Say what you will about them, Windows Update works like a charm. It'll even do it for you automatically. My mom is as computer-illiterate as they come and even she can figure it out. And as for the others mentioned, such as Symantec, yes they do patch bugs frequently and they couldn't be easier to update. With automatic LiveUpdate I haven't had to manually upgrade my anti-virus code (for example) for over a year.

My point is, I believe the frustration is not so much that there have been several bug fixes lately - I completely understand these things happen - but that it's such a pain in the rear to upgrade. Especially if you use hacks, which most of us here do. And before somebody jumps in:

I understand hacks aren't supported.
I understand WHY hacks aren't supported.

But this also needs to be understood - The ONLY reason I, and I suspect many others, use and pay for Vbulletin is the great hacking community that surrounds it. Like someone else mentioned, if you want a cookie-cutter forum that looks like everyone else's you can get EZ-Board or Ikonboard (or phpforums, etc) for free. The hacking community is a major force for Vbulletin and while I don't expect them to support hacks, I do expect them to acknowledge they exist and the problems these constant upgrades cause for them.

I take OpenBSD as an example. Here's a perfectly free, super-secure operating system based off BSD 4.4. I use it for my dedicated firewall (so does Yahoo, btw). Now, OpenBSD has many a bug crop up, and many a patch released - they ARE super-anal about security, after all. Yet, using something as simple as CVS, synced to a stable upgrade tree maintained by OpenBSD, I can constantly stay synced with the latest releases without - and here's the catch - affecting any OS (Kernel, port, etc) hacks I have made) . OpenBSD, which doesn't even charge you money, is mindful of changes you have made to the OS. They expect you to make changes. For example, I compiled a custom kernel for my firewall so that it suited my hardware and the tasks I wanted it to do to a T. I would be totally screwed if every time a security patch was released I had to re-do everything. But I don't, because their patching process doesn't work that way. It doesn't replace files, it patches them.

And here's the crux of my argument - I believe all the bad will we are seeing posted here is directly due to the fact that these upgrades are just that - upgrades, and not patches. Heck, they aren't really even upgrades, just modified full releases. THAT is what we are all annoyed about here. Someone joked earlier about an executable patch. I don't think there's anything funny about it. I think a patch executable, or SOME type of upgrade that doesn't require me to re-upload all the files and then go back and modify them AGAIN is a great idea. A necessary idea, in fact.

Anyway, I'm off to fire up BeyondCompare again and upgrade...again. I sincerely hope the dev team is considering something like this for 3.0.....

Chen

Thu 4th Apr '02, 2:25am

Originally posted by David Bott
Now what do you have? You have people in a catch 22. On one side they want to upgrade to plug the holes to protect their site. One the other, it is BETA CODE (to some point) and that could in fact be a worse move to install it.
If you feel it's important for you to plug the security holes, more than it is to run stable code, install the beta version. If you don't, wait until John officialy announces the code as stable. The only reason we do this beta-to-final stages is to make sure no bug were caused by the upgrade, and that the final version wouldn't cause any problems. At first, we got yelled at for not doing this. Now that we do, we are still get yelled at.

Floris

Thu 4th Apr '02, 4:16am

Because it is tagged as 'beta' it does not mean it is unstable. Therefor 2.2.4 is no longer available for download, since this beta is the most stable, secure version up to now. The only thing that has changed it to beta, is so you guys know and understand that possibly a few files might get a little bit more tweaking in the last couple of days. And upgrading from beta to the gold (tomorrow?) is as easy as baking a cookie yourself.

I doubt that the majority has purchased vBulletin just because there is a hacking community behind it. You seriously do NOT need the code-hacks in order to make the forum look and feel and/or integrate with your website. [staring at the template system].

If you run 2.2.4 (being beta/gold/stable/unstable/alpha/cow) and 2.2.5 (being beta/gold/stable/unstable/alpha/cow) is available for download, then the CP will say there is a newer version, and 'advices' you to download.

The choice is YOURS if you want to wait for a final. At least you had the option to goto the members area, check out its status and read some discussions about the 2.2.5 release.

All this shouting and demaninding and screaming like mad girls doesn't get your anywhere, not even to the gold version of 2.2.5.

I think it is rediculious and time-wasting. 95% of this thread is not about 2.2.5, but about beta/final/cp. And I have read that in the previous 2.2.x threads already.

And yes, sure, some users give out good points. The rest just bores me.

Sorry if this sounds like trolling/flaming/whatever. But when I get an E-mail from the 2.2.5 discussion thread, and go check about possible 'good' & 'usefull/required' info that might improve my installation or 2.2.5 version/security/whatever; and end up reading all this. it makes me kind of want to post my thoughts about it. Take those kind of complaints to different threads, so this one stays clean and on-topic.

Fusion

Thu 4th Apr '02, 5:20am

Originally posted by xiphoid
Because it is tagged as 'beta' it does not mean it is unstable. Therefor 2.2.4 is no longer available for download, since this beta is the most stable, secure version up to now. The only thing that has changed it to beta, is so you guys know and understand that possibly a few files might get a little bit more tweaking in the last couple of days. And upgrading from beta to the gold (tomorrow?) is as easy as baking a cookie yourself.Being tagged as beta means it's potentially unstable, as does the fact that "a few files might get a little bit more tweaking".
The choice is YOURS if you want to wait for a final. At least you had the option to goto the members area, check out its status and read some discussions about the 2.2.5 release.

All this shouting and demaninding and screaming like mad girls doesn't get your anywhere, not even to the gold version of 2.2.5.

I think it is rediculious and time-wasting. 95% of this thread is not about 2.2.5, but about beta/final/cp. And I have read that in the previous 2.2.x threads already.

And yes, sure, some users give out good points. The rest just bores me.

Sorry if this sounds like trolling/flaming/whatever. But when I get an E-mail from the 2.2.5 discussion thread, and go check about possible 'good' & 'usefull/required' info that might improve my installation or 2.2.5 version/security/whatever; and end up reading all this. it makes me kind of want to post my thoughts about it. Take those kind of complaints to different threads, so this one stays clean and on-topic. Believe it or not, the recent rants are on-topic. No one's debating the fact that there's a need to test this beta, nor the fact that its fixes are critical.

It could have been facilitated in a far better manner, though.