HTS Needs to Stop Sucking

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

Re: HTS Needs to Stop Sucking

Post by sanddbox on Tue Jan 18, 2011 12:51 am
([msg=52351]see Re: HTS Needs to Stop Sucking[/msg])

fashizzlepop wrote:Thats exactly what I meant and I know Its possible in phpBB.


These forums are PHPBB; just modified. Let me talk to Monica.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by fashizzlepop on Tue Jan 18, 2011 2:48 am
([msg=52355]see Re: HTS Needs to Stop Sucking[/msg])

I am going to guess that if this was put in place, we would need more mods to keep up with posts. Maybe not.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by insomaniacal on Tue Jan 18, 2011 7:07 am
([msg=52363]see Re: HTS Needs to Stop Sucking[/msg])

fashizzlepop wrote:I am going to guess that if this was put in place, we would need more mods to keep up with posts. Maybe not.


We could only make it regulated in certain sections. For example, places like Nzone should be kept open for posting, while questions about missions should be regulated. New Threads (which often end up breaking the rules) should also be regulated.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by tremor77 on Tue Jan 18, 2011 9:35 am
([msg=52372]see Re: HTS Needs to Stop Sucking[/msg])

fashizzlepop wrote:
tremor77 wrote:@sanddbox: I hate making suggestions for HTS without putting my money where my mouth is.. I think I'll go ahead and apply on that promoter position.

Why bother? There's nothing happening right now. Hopefully soon, we will have a change in authority structure and shit will begin to *click*


Change happens from within, maybe if I staff up I can help move the agenda forward. I haven't made up my mind yet though, because when I commit to something I want to make sure I will have the time to actually meet the responsibilities.

As far as these forums go, because of the lack of subforums, lack of collapsing and the carbon style, would I be safe to assume it's still on PHPBB2 and not 3?
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 910
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by sh3llz on Tue Jan 18, 2011 4:53 pm
([msg=52388]see Re: HTS Needs to Stop Sucking[/msg])

phpbb2 was my guess as well.
I do hope the forums meet with some improvement. But as you've said before fashizzlepop, I feel like I should be contributing if I'm going to stand here criticizing the current system. For now all I can do is maybe write an article or two or give a presentation. It's not much compared to say, become a staff member - but it's something. And I think if more people start to make any sort of an effort at all HTS can stop sucking.

And on that note, #4
We need more mods/admins. There aren't enough IMO. Not enough administrative presence.
~More mods would be used for new member moderation, described later. Also, for stricter spoiler filtering.

If the current mods/admins agree with this, I'd like to see a thread similar to the "Want To Become A HackThisSite Staff Member? " topic. Opening up moderation positions with specific tasks in mind, I think, would be a step forward.

To get a better idea of our current situation, who would need to be consulted and what would need to be done in order to start a thread like that? I realize I've just recently popped into the forums so it's understandable that I wouldn't know, but I get the feeling that most of the other members don't know either.
sh3llz
New User
New User
 
Posts: 18
Joined: Fri Apr 10, 2009 1:26 am
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by Monica on Tue Jan 18, 2011 5:07 pm
([msg=52390]see Re: HTS Needs to Stop Sucking[/msg])

fashizzlepop wrote:1. I believe the admins need to freely share progress with whatever projects are currently being developed (if any at all) with the community (if we can even call it that anymore).

The entire HTS staff agree with your statement here. However, just because we work on specific projects - it doesn't mean it is guaranteed for release. We hate to make promises, and we hate to make things LOOK like promises, if that makes any sense.

2. I would very much like to see a weekly update regardless of how anti-climactic it is. Even if it just an funny story by a admin or mod.

There will be a huge change in staff structure, especially with the Moderation group. We will continue to bring you pure entertainment, or just good ol' relevant education.

3. The community should be more open with their suggestions and criticisms and this thread should be a start.

Of course, HackThisSite cannot improve without feedback. We're ALWAYS open to any feedback, whether negative or positive. Feel free to email any HTS staff directly, PM us, or join #comdev on IRC to voice.

4. We need more mods/admins. There aren't enough IMO. Not enough administrative presence.
~More mods would be used for new member moderation, described later. Also, for stricter spoiler filtering.

We absolutely agree! I am inviting those interested to become a HackThisSite Forum Moderator to apply. Please, please, please keep in mind we do have specific requirements. Please refer to, "Want To Become A HackThisSite Staff Member?" thread. If you do NOT have forum or moderation experience or if you have less than 200 posts on this forum, please do NOT apply. Interviews will be selected, so do not ask.

5. Apparently Kage and Monica are 2 of the higher ups on this site, are there others? This is a complete guess as there is absolutely NO evidence (that I have found on the site) of them giving any sort of fuck about this site. Upset, noods.

Kage has absolutely been doing his best working behind the scenes. Although I admit to being inactive, doesn't mean I don't care about HackThisSite. I've been a user and a staff for quite some time. The rest of the staff have their own duties.

6. No more lectures to be heard of and the HTS Radio is hardly mentioned... PS. EnigmaGroup.org is holding a small lecture on SQL Injection (live targets) this Friday around 8pm Central.

It doesn't mean we're dead. The staff and I will continue to restore the community. To be honest, we're working to bring lectures back! Of course, with major improvements.

7. Forum policies should change. New member's posts should be more scrutinized. Many forums moderate the first few posts of new members. Rules are usually applied such as "Google first," "search for previous threads first," etc...

Agreed. Bear with us because we're still working on it.

8. I'm not sure how the current hierarchy of admins and mods is set up currently, but it should be less monarchical and more democratic. Ie, no "Lead Mod" rather 2+ Lead Mods to make decisions. Same with Admins.

I will not express my personal opinion here, but I have selected Defience as Lead Mod to assist with upcoming projects. No, this is not a decision that was made out of spite. I personally selected Defience as my partner as of two years ago! He's a very, very trustworthy and dedicated person and a staff member and here to contribute. Of course, do not forget about Goatboy, Sanddbox, Insomn, Mischief, Eljonto and Tgoe! They're here to stay, and we're all "Super Mods." URUPSET. :)

Who will read this, and who will care enough to make a difference?

About time a caring HTS user voicing his opinion. Bravo. All feedback are taken into consideration.

Love,
fashizzlepop

Edit/PS: I would like to give a shout out to Thetan and Bren2010 for pushing the development along, regardless of how much others want to shut things down. Also, the current mods are doing a great job *ahem* minus Manica *ahem*!

Okay, great! I will let them know.
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 900
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by fashizzlepop on Wed Jan 19, 2011 2:17 am
([msg=52418]see Re: HTS Needs to Stop Sucking[/msg])

Thank you Monica for editing your post and responding thoughtfully. I sincerely appreciate it.

About the weekly updates: I wasn't expecting a complete release of all activities just merely a "Yeah, we're here, been working on so and so. Comments or Suggestions? We'll read them!" kinda thing.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by mShred on Wed Jan 19, 2011 2:51 am
([msg=52420]see Re: HTS Needs to Stop Sucking[/msg])

I really like the idea of a more updated HTS. The main page seems dead to new users due to the rare updates. It'd also let us know what's going on. I think HTS should definitely work on that.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1767
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: HTS Needs to Stop Sucking

Post by neuromanta on Wed Jan 19, 2011 4:11 am
([msg=52421]see Re: HTS Needs to Stop Sucking[/msg])

Here's another thing: there are many new topics by new users, asking where to start learning if they want to become a hacker. I think that there should be an easily recognizable link on the main page, what points the newcomer to a page, where everything is written down for the newcomers.
User avatar
neuromanta
Poster
Poster
 
Posts: 302
Joined: Mon Nov 30, 2009 9:29 am
Location: Hungary
Blog: View Blog (0)


Re: HTS Needs to Stop Sucking

Post by Wells on Wed Jan 19, 2011 5:21 am
([msg=52422]see Re: HTS Needs to Stop Sucking[/msg])

Hi everyone. It's been a long time since I've been on the forums. In fact I just had to register so I guess I haven't been here since the old forums were trashed or whatever happened to them.

Anyway, I'll begin with a satirical "Developers Needed" piece I wrote some time ago:

Yes, it's that time of the year again folks - HackThisSite is once again looking for developers!

We will be hiring people from the #help channel - the first 5 volunteers under the age of 15 will be accepted, followed by a further 3 who meet the following criteria:

* Must have at most 3 months of PHP experience.
* Must have developed at least one HackThisSite clone with no real features or missions
* Must be experienced in using mysql_query to execute vulnerable statements by concatenating unescaped user input with SQL strings.
* Must have either little or no experience with mitigating XSS and CSRF attacks. Ideally we would like someone who has hacked together a sanitize(...) function which applies unnecessary and useless encodings to the input.
* Must have little or no knowledge of cryptography, bonus points if you double or triple hash passwords with your own custom hash algorithm.

New developers will be given direct access to the live site and database with no background checks or trial periods.

In a month or so, after the site has been defaced and the database dropped, we will be hiring again. So don't worry if you miss out this time.

Any questions, join us in #htsdev


This is the way it has been with HackThisSite development for many years now. I've done development for HTS a number of times, and was involved in a large recode attempt, 'htsv4'. That was another failure, mainly because it was just an excuse for IceShaman and I to experiment and get experience with web development, and secondly because I had to get on with my life.

Anyway I think I'm qualified to comment on what has been wrong with previous 'recode' attempts, and what can be done to at least give 'htsv5' a fighting chance at success.

First of all, we of course need good developers. The problem with the HTS community is that so many 14 year old inexperienced hackers want to be involved. And when they do get involved they naturally want to write everything from scratch - their own Content Management System, template system, database access layer, Access Control List and permissions system, etc. etc. It becomes their hobby project, a learning experience. There's nothing wrong with that, but if we want a working site we have to start with experienced developers who know what the hell they are doing.

These young hackers inevitably introduce SQL injection, XSS and CSRF vulnerabiilities and their code isn't clean, well designed or maintainable. To be able to write code like that requires years of experience, and when it comes to development of a successful framework/CMS that also involves years of effort. You can't hope to come up with anything decent for your first hobby project.

What HackThisSite needs is content. We need articles, we need missions, and regular news posts about the site itself as well as recent vulns or other security-related topics. The content must come first. That's where most of our time and energy should be spent. We need to focus on serving the needs of the site's visitors.

I have never seen any kind of document which describes use cases or functionality the site should offer. This is where any kind of major development should start, from the user. What is the first thing a user should see on the site? What information do we present? What are the core features? Users don't care about some fancy versioning article system, or a cool database design for the missions. But that's where most HTS development starts. Programmers just start hacking on code with no real thought to the needs of the users on the site. Do we really need versioned news posts? Of course we don't. What we need are people posting frickin' news!

Because our man-power is so limited we should be taking all the steps necessary to reduce the amount of time spent on coding, and focus all our efforts on the content. This means we must not waste time reinventing the wheel and writing our own CMS from scratch. Otherwise history will keep on repeating itself and in 6 months time we'll have nothing to show for our efforts, the 14 year old developers will have to go to college and disappear, leaving nothing, nothing of worth and the whole cycle will repeat itself again.

Unfortunately at the moment 'htsv5' is being developed by bren2010. He is 14 years old, he is using the half-finished custom-made MVC framework that Thetan made, and I've already seen multiple XSS bugs being patched in the git logs. I solved XSS in PHP years ago, it simply should not happen.

The MVC framework is a poorly designed skeleton at best which can't hope to support HTS going into the future. A lot of code is being written for things like news posts and database access layers, which is totally unnecessary.

So here's what I've been suggesting for a long time now:

  • Use codeigniter as your PHP/MVC framework. This offers everything you need as a basic framework, it is a mature product and the primary feature and what people love about it is the speed of development, just what we need. It offers you a nice active-record database access layer and many other things. There is absolutely no need to write our own MVC framework.

    Even PHP's creator Rasmus Lerdorf said that he liked codeIgniter best "because it is faster, lighter and the least like a framework". Just use it for god's sake.
  • Use DataMapper (http://datamapper.wanwizard.eu/) which runs on codeigniter as your ORM layer. You have no idea how simple it can be to create something like a news or article system. In fact let me show you quickly. First you create your table in SQL. You can also use NoSQL stuff, there are drivers for most things.

    Code: Select all
    CREATE TABLE news (
      id INTEGER UNSIGNED AUTO_INCREMENT,
      title VARCHAR(256),
      body TEXT,
      PRIMARY KEY (id)
    );


    Now you inherit a class from the DataMapper base class:

    Code: Select all
    class News : DataMapper {}


    And that's it, you're all set to go. Let's create a news post:

    Code: Select all
    $n = new News();
    $n->title = "My First News Post";
    $n->body = "Hello, this is the body of the post";
    $n->save();


    That's it. The DataMapper ORM figures it all out. You try writing to a property called "title" and it will generate the appropriate SQL automagically. I don't have to write a frickin' database layer. This is how we should be developing our code. You don't have to spend days writing a news system, it can be done in minutes.

    If I want to add a date field, it takes all of 30 seconds:

    Code: Select all
    ALTER TABLE news ADD COLUMN date DATETIME;


    And now I just access the 'date' property on my objects:

    Code: Select all
    $n->date = time();


    This is the essence of practical coding. Every good developer will have written their own CMS and database layer at some point, but when it comes to getting stuff done you realize you have to go with a pre-existing framework. You have to be as productive as possible.

    But instead people like bren2010 are writing everything from scratch, they are wasting time. You have to drop this urge to write everything yourself and instead be pragmatic. We want to be able to develop the site as fast as possible so we can focus on the content.

    For some reason the HTS leaders like Kage refuse to listen to this advice. And this is not me bitching or trolling, this is common sense and sound software development. We need simplicity and productivity, which frees us up to focus on the content.

  • So yeah, the content. We need a whole new set of basic missions. These should actually be educational and teach you what you need to know before you do the mission itself. They should not require registration. I made a website called http://www.hakdissitelol.org as a proof of concept of what I thought the missions should be like. That url is now inactive but I have uploaded a copy to wired's shell account here: http://wired.rootedker.nl/

    We want hackthissite to be the landing page for a search like "What is SQL injection". And not only do we teach the user exactly what it is, we let them try it out themselves.

    Forcing registration on the site is a huge barrier to entry. And the fact the basic missions suck so hard and don't actually teach you anything is a big problem.

    Personally I think HTS needs to drop the political underground bullshit and just focus on educating and teaching people about various security and hacking-related topics in a fun and engaging way.

Well my brain is a bit tired now, so I'll leave it there for now. Basically, the people in charge of HTS development need to get some common fucking sense and focus on what is important. Otherwise the whole thing is doomed from the start.

Wells
Wells
New User
New User
 
Posts: 23
Joined: Wed Jan 19, 2011 3:57 am
Blog: View Blog (0)


PreviousNext

Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests