http://disqus.com/by/sminnee/enSun, 24 Nov 2013 23:08:41 -0000http://localhost:4000/2013/11/25/mini-rave-for-kiwiburn.html#comment-1137878791<p>I've seen people do this kind of thing in wheelie-bins, which means you can cart it out. Even if it was smaller than that, putting it all in a wheeled box could work quite well.</p>sminneeSun, 24 Nov 2013 23:08:41 -0000http://localhost:4000/zoomin/2013/09/03/script-defer.html#comment-1027104467<p>You might also want to get rid of your inline script blocks? :-P</p>sminneeMon, 02 Sep 2013 22:54:50 -0000http://localhost:4000/zoomin/2013/09/03/script-defer.html#comment-1027071513<p>Is this better than $(document).ready( function() { new GoogleMapsInstance(some params); });</p>sminneeMon, 02 Sep 2013 22:28:47 -0000http://blog.cribznetwork.com/2013/07/silverstripe-3-dos-vulnerable/#comment-966479811<p>Hi Chris,</p><p>Thanks again for raising this issue with us and digging in more detail into its effects.</p><p>I can see that it would be concerning to find that a DoS issue you had raised had already been logged in our bug tracker and not yet resolved. Ultimately, when the issue came to our attention we had rated it as not a severe issue, and so we prioritised it alongside other issues for resolution. This impacted the urgency with which we addressed it. There were a few reasons for that. Firstly, a server configured with a lower MaxClients won't be as susceptible to a full DoS of the server from this bug - the server would be up although responses would slow down, and the offending IP address could be blocked. It's not ideal, but it would be manageable in the case of an attack via this (which, to our knowledge, has never happened). Also, there is no information disclosure or control an attacker would get from flushing a site: the flush is intended to be able to be called at any time without affecting the functioning of the site. That, combined with the fact that the fix wasn't trivial to make, led to the issue being still open at the time you started your investigation.</p><p>As for how the issue got into the system in the first place: when it was originally developed, the scope of the flush command was much more limited and the performance impact was not great enough to be a DoS target. It was a toss-up as to whether we would execute the functionality automatically by detecting the necessary changes, and in the end decided to make it manually triggered. That changed over time as the script behind it got more weighty, and now we need to solve it.</p><p>But that's all in the past. What's important now is that we fix the issue and put it out there for people who may be affected. The fix is almost complete and we will release security updates for 2.4 and 3.0, as well as including the fix in 3.1-rc1 (imminently awaiting release) and providing patches for people to apply the fix themselves. In the meantime, Hamish has put together some workarounds that you can apply here: <a href="https://github.com/silverstripe/silverstripe-framework/issues/1692#issuecomment-21151232" rel="nofollow noopener" target="_blank" title="https://github.com/silverstripe/silverstripe-framework/issues/1692#issuecomment-21151232">https://github.com/silverst...</a></p><p>It's not for me to comment on the details of DIA's security testing of CWP, apart from saying that there has been a robust, independent process underway in the lead-up to its launch.</p><p>Thanks,</p><p>Sam Minnée<br>CEO<br>SilverStripe Limited</p>sminneeWed, 17 Jul 2013 22:24:47 -0000http://womanintech.tumblr.com/post/19549272757#comment-468762856<p>It sounds like you need a holiday. A proper one.</p>sminneeMon, 19 Mar 2012 00:25:57 -0000http://workingsoftware.com.au/page/Your_templating_engine_sucks_and_everything_you_have_ever_written_is_spaghetti_code_yes_you#comment-383908602<p>Build an app using this approach and then I'll listen. ;-)</p>sminneeSun, 11 Dec 2011 03:31:43 -0000http://bennolan.com/2010/10/28/twitterplaces.html#comment-91012404<p>Boobs.</p>sminneeThu, 28 Oct 2010 00:24:50 -0000http://doc.silverstripe.org/doku.php?id=installation-on-webserver#comment-775270<p>I have put this ticket up suggesting some improvements to the rewritetest.php system: <a href="http://open.silverstripe.com/ticket/2608" rel="nofollow noopener" target="_blank" title="http://open.silverstripe.com/ticket/2608">http://open.silverstripe.co...</a></p><p>Lukin - it would be helpful if you could add yourself to the CC field for the ticket, so that you can see if new versions of this feature work on your configuration.</p>sminneeSun, 29 Jun 2008 18:04:19 -0000http://doc.silverstripe.org/doku.php?id=installation-on-webserver#comment-775266<p>Hi Jess,</p><p>If you can set up a database login with CREATE DATABASE rights, then the installer will create the database for you.</p>sminneeSun, 29 Jun 2008 18:02:45 -0000http://doc.silverstripe.org/doku.php?id=tutorial:site-map#comment-742702<p>We're deliberately trying to stay away from using widgets as a main composition tool, as it winds up creating an additional layer that content authors have to wade through in order to get their job done. For this reason, widgets are restricted to subordinate content on pages, rather than main content.</p><p>Furthermore, there's very little overhead in creating a new page type - it's almost exactly the same as the overhead needed to make a widget. :-P</p><p>That said, a site-map widget could be useful. It might also be worth exploring whether using something like widgets to *optionally* add additional content to pages, particularly if the widgets available were specifically designed to work nicely when used in the main content.</p><p>A related issue here is the use of page types for making simple layout changes - for example, swapping between one column of content and columns of content. Perhaps layout and page type could be 2 separate things?</p><p>If we were to head down this path, we would be pushing the CMS classes to be more focused on the data being stored. The key challenge would be to ensure that site management was still logical for people who just wanted to add or edit a few pages. This is an area where other CMSes have gotten into trouble.</p>sminneeTue, 24 Jun 2008 22:32:32 -0000http://doc.silverstripe.org/doku.php?id=sitemap#comment-582222<p>The sitemap.xml request is handled dynamically, by the GoogleSitemap controller. Look for GoogleSitemap.php</p>sminneeTue, 03 Jun 2008 16:26:55 -0000http://doc.silverstripe.org/doku.php?id=tutorial:1-building-a-basic-site#comment-525837<p>We should really update this tutorial to make use of blackcandy, and focus the tutorial steps on altering the initial layout, rather than making a layout from scratch.</p>sminneeSat, 24 May 2008 21:51:09 -0000http://doc.silverstripe.org/doku.php?id=tutorial:site-map#comment-505930<p>One of the problems currently is that our views don't support recursion. Hence, the use of getChildrenAsUL. Hence, the mixing together of View and Controller (and even Model, sadly) logic.</p>sminneeWed, 21 May 2008 17:09:01 -0000http://doc.silverstripe.org/doku.php?id=genericdataadmin#comment-458060<p>Form scaffolding and the many-many auto-complete CTF-style field will be coming in version 2.3. You can expect them in trunk some time in June. </p>sminneeTue, 13 May 2008 15:52:09 -0000http://doc.silverstripe.org/doku.php?id=statistics#comment-458047<p>In either version 2.2.3 or 2.3, statistics is going to be moved into its own separate module.</p>sminneeTue, 13 May 2008 15:50:22 -0000http://doc.silverstripe.org/doku.php#comment-447929<p><a href="http://doc.silverstripe.com" rel="nofollow noopener" target="_blank" title="http://doc.silverstripe.com">http://doc.silverstripe.com</a> and <a href="http://api.silverstripe.com" rel="nofollow noopener" target="_blank" title="http://api.silverstripe.com">http://api.silverstripe.com</a> now have a commenting system, powered by Disqus!</p>sminneeSun, 11 May 2008 23:11:05 -0000