ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ownCloud 9 is Here

    News
    owncloud
    10
    142
    56.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      So, now that we've covered that ALL of the alerts are incorrect and that this is clearly very confusing to anyone who isn't a confident Linux admin... why are we getting these errors? They cannot help someone who isn't an expert, and they aren't useful to us. They would be very harmful to normal users trying to just run the system.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        So just to recap:

        • Internet Access Not Working: False. Internet access is just fine.
        • cURL / NSS Out of Date: False. Current and patched. Latest from Red Hat.
        • PHP Unsupported: False / Tricky. Unsupported by someone who is not the support vendor, so very misleading to anyone that isn't an expert and worthless to anyone who is.
        • CentOS 7 Out of date: False Turns out that the concept of the target platform is misunderstood and is actually fully up to date.

        Does this make it clear why we see these are problematic?

        1 Reply Last reply Reply Quote 1
        • jospoortvlietJ
          jospoortvliet Vendor @scottalanmiller
          last edited by jospoortvliet

          @scottalanmiller said:

          @jospoortvliet said:

          Look, these are warnings. If you're confident there is no problem, you can ignore them.

          This is not a professional response to being informed clearly that there is a bug.

          You just told me to ignore a bug. Are we 100% clear that that's what's going on? Is that how ownCloud feels about security issues? Sweet them under the rug? Be wrong and hope that users ignore them?

          YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix. You claim our security guy is incompetent and you trust Red Hat. Fine. Just two links then about PHP:
          https://access.redhat.com/solutions/641423
          https://bugzilla.redhat.com/show_bug.cgi?id=662707

          Here's the cURL bug, yes, related to a NSS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1241172

          As I said - before I take your input as 'bugreports' I need some proof that these warnings are wrong. For now, I have some reason to think it is GOOD to warn of projects no longer supported by upstream: clearly, distributions don't do a good job keeping up with issues in them and clearly, our warnings (no matter how annoying) are helpful.

          Ok, let me give you one more then: https://statuscode.ch/2016/02/distribution-packages-considered-insecure so you can read a bit from the guy we're talking about. There's a reason Lukas is pretty well known in the security world - he knows his stuff. And works for us. These warnings are there because these ARE issues. Perhaps not today because RH just fixed one - but again next week as they are 'maintaining' something which isn't easy to maintain and they don't do such a great job. Wait, wasn't that what you said yourself about LTS earlier? Ah!

          Oh and really, if you're right about our security guy, you can make loads of money: https://hackerone.com/owncloud

          If you don't mind, I'll retreat from this conversation. If the three links above is not enough proof that these warnings are useful - nothing will be. I honestly think you're barking up the wrong tree - we are careful to warn when there's a serious potential for trouble. Maybe that's zealous - overzealous even. But better safe than sorry.

          JaredBuschJ scottalanmillerS 6 Replies Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @jospoortvliet
            last edited by

            @jospoortvliet said:

            If you don't mind, I'll retreat from this conversation. If the three links above is not enough proof that these warnings are useful - nothing will be.

            Then I hope you don't mind if I quit recommending ownCloud as a viable solution to my clients.

            scottalanmillerS 1 Reply Last reply Reply Quote 2
            • scottalanmillerS
              scottalanmiller @jospoortvliet
              last edited by

              @jospoortvliet said:

              YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix.

              Okay, whatever. Clearly I'm taking your platform way too seriously.

              jospoortvlietJ 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @JaredBusch
                last edited by

                @JaredBusch said:

                @jospoortvliet said:

                If you don't mind, I'll retreat from this conversation. If the three links above is not enough proof that these warnings are useful - nothing will be.

                Then I hope you don't mind if I quit recommending ownCloud as a viable solution to my clients.

                I certainly no longer see them as a business class solution. What a joke.

                1 Reply Last reply Reply Quote 0
                • jospoortvlietJ
                  jospoortvliet Vendor @scottalanmiller
                  last edited by jospoortvliet

                  @scottalanmiller said:

                  @jospoortvliet said:

                  YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix.

                  Okay, whatever. Clearly I'm taking your platform way too seriously.

                  Seriously? You didn't read the links? Wow. Good night...

                  scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @jospoortvliet
                    last edited by

                    @jospoortvliet said:

                    You claim our security guy is incompetent and you trust Red Hat. Fine.

                    Correct.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @jospoortvliet
                      last edited by

                      @jospoortvliet said:

                      @scottalanmiller said:

                      @jospoortvliet said:

                      YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix.

                      Okay, whatever. Clearly I'm taking your platform way too seriously.

                      Seriously? You didn't read the links? Wow. Good night...

                      I did. That's CentOS 6 from 2013. It's important why?

                      jospoortvlietJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @jospoortvliet
                        last edited by

                        @jospoortvliet said:

                        @scottalanmiller said:

                        @jospoortvliet said:

                        YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix.

                        Okay, whatever. Clearly I'm taking your platform way too seriously.

                        Seriously? You didn't read the links? Wow. Good night...

                        Maybe because I cannot? Also this is talking about RHEL 6.4

                        0_1457557129552_upload-e9b9c155-87aa-410a-b941-4a9999d29eab

                        1 Reply Last reply Reply Quote 1
                        • A
                          Alex Sage
                          last edited by

                          alt text

                          1 Reply Last reply Reply Quote 2
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            the other is from 2010. Again, why did you link it? Are these just misdirection hoping that we wouldn't follow the links?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @jospoortvliet
                              last edited by

                              @jospoortvliet said:

                              Here's the cURL bug, yes, related to a NSS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1241172

                              More misdirection. This isn't a security problem. Yes it has a bug, so? So does ownCloud and they wont even admit it. Red Hat takes this so seriously they are actually working on it. Big difference. They don't pretend that that's okay that there are bugs.

                              Why is this is a reason to stop using Red Hat's repos and go to rolling out own? That's insane. You can't actually expect us to take this seriously?

                              JaredBuschJ jospoortvlietJ 2 Replies Last reply Reply Quote 0
                              • jospoortvlietJ
                                jospoortvliet Vendor @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                @jospoortvliet said:

                                @scottalanmiller said:

                                @jospoortvliet said:

                                YOU say they are bugs. I don't. I believe they are real issues a sysadmin should fix.

                                Okay, whatever. Clearly I'm taking your platform way too seriously.

                                Seriously? You didn't read the links? Wow. Good night...

                                I did. That's CentOS 6 from 2013. It's important why?

                                Because it shows exactly what I said - these warnings are useful. They were in those cases and by your own account (not trusting LTS releases), they are now. Also note when they were opened and when they were fixed.

                                What more do you want? That we, real-time, update these warnings based on existing vulnerabilities that aren't disclosed or fixed? That would be awesome, don't get me wrong - but rather ambitious.

                                scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @jospoortvliet
                                  last edited by

                                  @jospoortvliet said:

                                  As I said - before I take your input as 'bugreports' I need some proof that these warnings are wrong. For now, I have some reason to think it is GOOD to warn of projects no longer supported by upstream: clearly, distributions don't do a good job keeping up with issues in them and clearly, our warnings (no matter how annoying) are helpful.

                                  WTF. You've got your proof. Prove to me they are right! We've shown why they are wrong. You've explained how ownCloud didn't understand the platform so we know why you got them wrong. Now you expect us to do your homework for you? We've been doing that all day.

                                  I realize that ownCloud is open source, but you have paid people whose jobs it is to make this system work, right? But you expect us to do this for free?

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    @jospoortvliet said:

                                    Here's the cURL bug, yes, related to a NSS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1241172

                                    More misdirection. This isn't a security problem. Yes it has a bug, so? So does ownCloud and they wont even admit it. Red Hat takes this so seriously they are actually working on it. Big difference. They don't pretend that that's okay that there are bugs.

                                    Why is this is a reason to stop using Red Hat's repos and go to rolling out own? That's insane. You can't actually expect us to take this seriously?

                                    Apparently, his security guy does. That is what the link he posted is all about. not trusting the repos.
                                    https://statuscode.ch/2016/02/distribution-packages-considered-insecure/

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @jospoortvliet
                                      last edited by

                                      @jospoortvliet said:

                                      Because it shows exactly what I said - these warnings are useful.

                                      No, it does nothing of the sort. It shows that someone, a while ago, thought that one warning was useful. Maybe it was. We didn't say that your security team could never get one right, we just said that they got all of these wrong and that you can't trust them (or by extension, ownCloud.)

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @JaredBusch
                                        last edited by

                                        @JaredBusch said:

                                        @scottalanmiller said:

                                        @jospoortvliet said:

                                        Here's the cURL bug, yes, related to a NSS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1241172

                                        More misdirection. This isn't a security problem. Yes it has a bug, so? So does ownCloud and they wont even admit it. Red Hat takes this so seriously they are actually working on it. Big difference. They don't pretend that that's okay that there are bugs.

                                        Why is this is a reason to stop using Red Hat's repos and go to rolling out own? That's insane. You can't actually expect us to take this seriously?

                                        Apparently, his security guy does. That is what the link he posted is all about. not trusting the repos.
                                        https://statuscode.ch/2016/02/distribution-packages-considered-insecure/

                                        Um, okay. Certainly no point continuing this conversation then. I'll just start building my own operating system that ownCloud doesn't support and running that.

                                        You are just making it so that ownCloud never has to be responsible for anything. We've asked for any way to run a system that ownCloud wouldn't blame us for the decisions and you've made it crystal clear why no such recommendation will ever be forthcoming - this is all setting up excuses so that OC never has to accept responsibility.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @jospoortvliet
                                          last edited by

                                          @jospoortvliet said:

                                          What more do you want? That we, real-time, update these warnings based on existing vulnerabilities that aren't disclosed or fixed? That would be awesome, don't get me wrong - but rather ambitious.

                                          How can you POSSIBLE ask this again. I want accurate, truthful errors and bugs fixed. No false errors.

                                          You are constantly arguing that false errors are better than no errors. I'm telling you, that's wrong. But, it's your product. Don't listen to me.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @jospoortvliet
                                            last edited by

                                            @jospoortvliet said:

                                            If you don't mind, I'll retreat from this conversation. If the three links above is not enough proof that these warnings are useful - nothing will be.

                                            Correct, no amount of unrelated links will ever convince me that fake and inaccurate warnings are useful. Misleading system admins is never a good activity no matter how links that say nothing of the sort are provided.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 7 / 8
                                            • First post
                                              Last post