End of Seditio and LDU

pieter	#1 2011-02-12 18:38
Team Thanked: 9 zaman	Has anybody seen this? http://www.neocrome.net/ End-of-life for the Sedito and Land Down Under products. You can still find limited support in our Forums. ... can we help you ...

aiwass	#2 2011-02-12 18:46
Members Thanked: 1 zaman	Didn't that happen when Cotonti was born as well? Take all that money that we spend on weapons and defences each year and instead spend it feeding and clothing and educating the poor of the world, which it would many times over, not one human being excluded, and we could explore space, together, both inner and outer, forever, in peace. - Bill Hicks https://evlear.com

GHengeveld	#3 2011-02-12 19:08
Team Thanked: 52 zaman	I have to say I was expecting that to happen. Seditio and LDU have always been a one-man show, which resulted in very slow development. I understand why Olivier made the decision to pull the plug. He's a grown man, with a family and a job. It makes complete sense that he wants to spend less time on Seditio, and more time with his family. Also consider the fact that he doesn't earn anything by working on Seditio, not even much respect and gratitudes anymore, I can imagine. It can also be depressing to see other (newer) systems gain a lot of attention very fast, while Seditio has been on the sideline for very long. To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management.

GHengeveld

#3 2011-02-12 19:08

Team
Thanked: 52 zaman

I have to say I was expecting that to happen. Seditio and LDU have always been a one-man show, which resulted in very slow development. I understand why Olivier made the decision to pull the plug. He's a grown man, with a family and a job. It makes complete sense that he wants to spend less time on Seditio, and more time with his family. Also consider the fact that he doesn't earn anything by working on Seditio, not even much respect and gratitudes anymore, I can imagine. It can also be depressing to see other (newer) systems gain a lot of attention very fast, while Seditio has been on the sideline for very long.

To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management.

aiwass	#4 2011-02-12 19:24
Members Thanked: 1 zaman	# Koradhil : I have to say I was expecting that to happen. Seditio and LDU have always been a one-man show, which resulted in very slow development. I understand why Olivier made the decision to pull the plug. He's a grown man, with a family and a job. It makes complete sense that he wants to spend less time on Seditio, and more time with his family. Also consider the fact that he doesn't earn anything by working on Seditio, not even much respect and gratitudes anymore, I can imagine. It can also be depressing to see other (newer) systems gain a lot of attention very fast, while Seditio has been on the sideline for very long. To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management. Utterly offtopic: If there was a "LIKE" button here I would click it Take all that money that we spend on weapons and defences each year and instead spend it feeding and clothing and educating the poor of the world, which it would many times over, not one human being excluded, and we could explore space, together, both inner and outer, forever, in peace. - Bill Hicks https://evlear.com

aiwass

#4 2011-02-12 19:24

Members
Thanked: 1 zaman

# Koradhil : I have to say I was expecting that to happen. Seditio and LDU have always been a one-man show, which resulted in very slow development. I understand why Olivier made the decision to pull the plug. He's a grown man, with a family and a job. It makes complete sense that he wants to spend less time on Seditio, and more time with his family. Also consider the fact that he doesn't earn anything by working on Seditio, not even much respect and gratitudes anymore, I can imagine. It can also be depressing to see other (newer) systems gain a lot of attention very fast, while Seditio has been on the sideline for very long.

To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management.

Utterly offtopic: If there was a "LIKE" button here I would click it

Take all that money that we spend on weapons and defences each year and instead spend it feeding and clothing and educating the poor of the world, which it would many times over, not one human being excluded, and we could explore space, together, both inner and outer, forever, in peace. - Bill Hicks

https://evlear.com

GHengeveld	#5 2011-02-13 00:04
Team Thanked: 52 zaman	Heheh, thanks for the hint, maybe I'll include something like that on the new site ;-) Update: Ok, new site will get AddThis.
Team Thanked: 52 zaman	Bu konu Koradhil tarafından düzenlendi(2011-02-13 00:34, 13 yıllar önce)

peptobismal	#6 2012-02-25 02:24
Members	Wait a second Neocrome is back? Craziness.

Trustmaster	#7 2012-02-25 08:33
Administrators Thanked: 263 zaman	Yes, and it's been quite active lately. May the Source be with you!

Eugene	#8 2012-02-25 09:55
Members Thanked: 4 zaman	#28313 GHengeveld: To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management. It is great to see realistic point of view! ))) I wish I can do everything in the world with just Cot... But there is always tension inside - cause business expectes you to bring ready extensions\|functions to hands of customers... Like last week I was asked about how much would cost to create PR web-site with the wall\|chat\|and some of functionality of FaceBook... Finally, I understand that there are better solutions in both Drupal and WP... But I hate that, honestly... I prefer Cot, as anyone would prefer his first love... ))

Eugene

#8 2012-02-25 09:55

Members
Thanked: 4 zaman

#28313 GHengeveld:
To be honest, the golden era of CMS systems is over. Big players like Drupal and Wordpress have the market, and that's not going to change any time soon. For us, this is one of the reasons to take Cotonti in a different direction, focussing on application development (as a framework) rather than just content management.

It is great to see realistic point of view! ))) I wish I can do everything in the world with just Cot... But there is always tension inside - cause business expectes you to bring ready extensions|functions to hands of customers... Like last week I was asked about how much would cost to create PR web-site with the wall|chat|and some of functionality of FaceBook... Finally, I understand that there are better solutions in both Drupal and WP... But I hate that, honestly... I prefer Cot, as anyone would prefer his first love... ))

peptobismal	#9 2012-02-25 20:31
Members	LDU 600 or 700 I believe was my first. ;) But also, as I have seen with wordpress and all those big named CMS, my point of view stands as yeah there's more quantity but that overwhelms your ability to find true quality. When I see a CMS or CMF with millions of things to do it's just too much bull to sift through for me. Added 4 months later: #33271 Trustmaster: Yes, and it's been quite active lately. And it's back down?
Bu konu peptobismal tarafından düzenlendi(2012-07-06 15:34, 11 yıllar önce)

peptobismal

#9 2012-02-25 20:31

Members

LDU 600 or 700 I believe was my first. ;)

But also, as I have seen with wordpress and all those big named CMS, my point of view stands as yeah there's more quantity but that overwhelms your ability to find true quality. When I see a CMS or CMF with millions of things to do it's just too much bull to sift through for me.

Added 4 months later:

#33271 Trustmaster:
Yes, and it's been quite active lately.

And it's back down?

Bu konu peptobismal tarafından düzenlendi(2012-07-06 15:34, 11 yıllar önce)

Trustmaster	#10 2012-07-06 16:02
Administrators Thanked: 263 zaman	Smb. hacked the site and Olivier didn't have time to restore it. May the Source be with you!

MecTruy	#11 2012-07-21 11:45
Members Thanked: 10 zaman	#34889 Trustmaster: Smb. hacked the site and Olivier didn't have time to restore it. really Kurta sormuşlar senin ensen neden kalın ? diye, Kendi işimi kendim yaparımda ondan demiş...

tensh	#12 2012-08-18 12:43
Contributors Thanked: 12 zaman	I always find it amazing on how only the time is needed to break the site's security. O_O As far as I know, Seditio was quite secure for years.

GHengeveld	#13 2012-08-18 18:27
Team Thanked: 52 zaman	Seditio was 'quite secure' for years because the hacks used weren't common knowledge back then. Nowadays there's far more people with knowledge about things like XSS, CSRF and other such techniques. Luckily Cotonti is still in active development and has much better security.

ez	#14 2012-08-19 21:28
Contributors Thanked: 10 zaman	I want to know more about this CRSF.. I write a lot of plugins, so I need to know how i should protect my plugins for these kind of attacks... (Any best practices ??) I do a lot of JSON stuff through POST and GET's thnx Is there a Tutorial somewhere for devs ? ==- I say: Keep it EZ -==

GHengeveld	#15 2012-08-21 07:25
Team Thanked: 52 zaman	Cotonti has a system in place to prevent CSRF. It uses a security token named "x" and is stored in $sys['xk'] in the code. Cotonti automatically creates a hidden input field for every form, which contains the current value of $sys['xk'], so when the form is submitted, the token is sent along with it. Upon receiving a POST request, Cotonti automatically verifies the value of "x" to match the value of $sys['xk']. If it doesn't match, the request is denied and an error page is returned. The value of $sys['xk'] is changed regularly. As an extension developer, you usually don't have to worry much about CSRF. If you use regular forms and send them using POST, Cotonti will handle the inclusion and validation of the security token automatically. However, if you're going to send stuff to the server using an AJAX POST request, you'll have to include the security key yourself. you can do this by simply using {PHP.sys.xk} in your tpl. For example: jQuery.post( "{PHP.cfg.mainurl}/{PHP\|cot_url("plug", "e=myplugin", "", 1)}", { x: "{PHP.sys.xk}" } ); If you want to verify the security token in a GET request, you can use cot_check_xg().

GHengeveld

#15 2012-08-21 07:25

Team
Thanked: 52 zaman

Cotonti has a system in place to prevent CSRF. It uses a security token named "x" and is stored in $sys['xk'] in the code. Cotonti automatically creates a hidden input field for every form, which contains the current value of $sys['xk'], so when the form is submitted, the token is sent along with it. Upon receiving a POST request, Cotonti automatically verifies the value of "x" to match the value of $sys['xk']. If it doesn't match, the request is denied and an error page is returned. The value of $sys['xk'] is changed regularly.

As an extension developer, you usually don't have to worry much about CSRF. If you use regular forms and send them using POST, Cotonti will handle the inclusion and validation of the security token automatically. However, if you're going to send stuff to the server using an AJAX POST request, you'll have to include the security key yourself. you can do this by simply using {PHP.sys.xk} in your tpl. For example:

jQuery.post(
  "{PHP.cfg.mainurl}/{PHP|cot_url("plug", "e=myplugin", "", 1)}",
  { x: "{PHP.sys.xk}" }
);

If you want to verify the security token in a GET request, you can use cot_check_xg().

12>>>