Yeah, all files were properly replaced, and I ran upgrade without errors. Twice, to be sure.
Maybe it is database related. Maintenance got stuck at circa 2000 of 9000 tasks, and shortly thereafter googlebot went nuts looking for things that did not exist (like /var/Nudes/Portraits/… where there should only be /var/Nudes/… and /var/Portraits/…). Maintenance corrupted the database tree or something, resetting all modification dates, making images not showing etc. I dare not touch that thing again.
I do very much like comments in the code like this
//remove any style attributes, IE allows too much stupid things in them, eg.
//<span style="width: expression(alert('Ping!'));"></span>
// and in general you really don't want style declarations in your UGC
it really shows professional level of the coder
and yet, G3 is based on outdated version of jQuery, etc...
No more support for Windows platform? what is the reason?
No more support for Windows platform? what is the reason?
https://sourceforge.net/apps/trac/gallery/ticket/1883
Just because it may work does not mean there is not security issues with it that we don't test for or have not found or are willing to spend the time and resources to do so.
@inposure: looks like you're stuck in maintenance mode and it's struggling to figure out whether the controller at the url you provided is allowed to run in maintenance mode or not. It's weird that you're seeing that - I don't have enough info to fix it... is it still happening?
@SergeD: yeah those comments are funny. That's 3rd party code, though - I try to avoid changing their comments Yes, I'd like to update jQuery, but it's a large task and I don't have enough time to tackle it now. Maybe later. Pretty busy at work right now. No more support for windows because there are security vulnerabilities in Gallery 3 on Windows and I don't want to spend time fixing them on that platform (there are probably a ton, and it's not worth the time). If we don't prevent users from running on Windows, we have to deal with users who get hacked. Ergo, we won't let anybody run on Windows unless they hack the code (in which case it's their problem not ours).
The image block module now displays a link to itself /image_block/random/id rather then to the actual image page.
BAD IDEA, as this just creates YET ANOTHER layer of duplicates that bots crawl, thereby consuming unnecessary resources and confusing things.
inposure
Joined: 2010-04-23
Posts: 304
Posted: Wed, 2012-06-13 01:14
@bharat: I don’t know, I dare not try until night fall and there’s a fresh backup. My hypothesis is that it is corrupting the database (which itself is fine and in order).
Update: still stalling. It nukes the database, flattening the folder structure or something… look at this:
The URL is just several albums and images squashed into one piece.
This may not have to do with this particular update, although it is a serious problem. Maintenance is supposed to help, not nuke.
bharat
Joined: 2002-05-21
Posts: 7994
Posted: Tue, 2012-06-12 23:12
We need an interstitial on the image block images otherwise when you're on a search results page and you click on a random image it tries to view the image in a search context which bombs. I'll file a bug to investigate.
---
Problems? Check gallery3/var/logs file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Serge D
Joined: 2009-06-11
Posts: 2466
Posted: Tue, 2012-06-12 23:44
bharat wrote:
@SergeD: yeah those comments are funny. That's 3rd party code, though - I try to avoid changing their comments Yes, I'd like to update jQuery, but it's a large task and I don't have enough time to tackle it now. Maybe later. Pretty busy at work right now. No more support for windows because there are security vulnerabilities in Gallery 3 on Windows and I don't want to spend time fixing them on that platform (there are probably a ton, and it's not worth the time). If we don't prevent users from running on Windows, we have to deal with users who get hacked. Ergo, we won't let anybody run on Windows unless they hack the code (in which case it's their problem not ours).
Hi, Bharat
Glad to see you here Good stuff. Please keep up with updates!
I have succeeded, at least for my needs, with migration of jQuery - GD Theme 4.0 is jQuery latest and is in beta now - yes, some challenges, but it is doable... have to override some G3 JS files : ajax, dialog, form, json...
Windows... yes, I understand your concern... do you think cutting the head is better than head may hurt? it is not that you do not provide support for Windows platform, you do not run on Windows right now... too drastic, but hey, the boss is the boss I was just curious.
Trying to solve this… I notice that the Dashboard now takes a whopping 60 secs to load, rather than 0.15 secs. Turns out that the project news feed is the culprit, but I have no clue to why that is. I do have extensive iptables firewall rules, but the entire menalto.com range is allowed, and in any case netstat shows it is connecting using IPv6 to 2001:470:1:12d::252 (no firewall rules). Yet it comes up empty, so also if I reset iptables. Wasn't like that before. (Ping works fine.)
This makes me wonder if ”Fix your gallery” does any networking? If it stalls, then it could be for the same reason, although I can't follow the code to see what is actually happening.
It is not the DB. I downloaded it to my local Mac gallery, and it works just fine.
Ideas?
Serge D
Joined: 2009-06-11
Posts: 2466
Posted: Wed, 2012-06-13 05:39
For me project news never loaded before. issue is with how server handles fetch of external data across domains - logic used by G3 core does not work for all systems.
In the past I have tried to use similar for some of the modules and ended up switching to CURL instead... may be worth looking into at some point
inposure: that smells an awful lot like a result of http://en.wikipedia.org/wiki/World_IPv6_Day. Try disabling IPv6 on your web server or confirming that you have working IPv6 connectivity.
inposure
Joined: 2010-04-23
Posts: 304
Posted: Wed, 2012-06-13 06:36
Nope, works fine.
ping6 ipv6.google.com
PING ipv6.google.com(arn06s02-in-x13.1e100.net) 56 data bytes
64 bytes from arn06s02-in-x13.1e100.net: icmp_seq=1 ttl=55 time=17.7 ms
64 bytes from arn06s02-in-x13.1e100.net: icmp_seq=2 ttl=55 time=18.0 ms
…
Works for me. No issues with the dashboard on my end, either.
Thanks!
Take care,
Shad
bharat
Joined: 2002-05-21
Posts: 7994
Posted: Thu, 2012-06-14 18:02
Hey inposure, from that same machine can you try the same with gallery.menalto.com? Here's what I see from my work machine:
$ ping6 gallery.menalto.com
PING gallery.menalto.com(2001:470:1:12d:252::1) 56 data bytes
64 bytes from 2001:470:1:12d:252::1: icmp_seq=1 ttl=56 time=2.34 ms
64 bytes from 2001:470:1:12d:252::1: icmp_seq=2 ttl=56 time=2.46 ms
64 bytes from 2001:470:1:12d:252::1: icmp_seq=3 ttl=56 time=2.39 ms
64 bytes from 2001:470:1:12d:252::1: icmp_seq=4 ttl=56 time=2.39 ms
Also try creating modules/gallery/controllers/y.php and put this in it:
<?php
class y_Controller extends Controller {
public function index() {
print "<pre>";
print_r(feed::parse("http://gallery.menalto.com/node/feed", 3));
}
}
Then browse to /gallery3/index.php/y in your Gallery install and tell me what you see.
@bharat: can comfirm that there is an ipv6 problem here… no ping, returns an empty array. For the time being, I changed /etc/gai.conf to let ipv4 take precedence on dual stacks, this needs further investigation. This wasn't so before.
Maybe we should just delete the threads from me, they add nothing useful here, probably nothing wrong at all with Gallery (although I still wonder if the fix gallery problem is related, maybe it checks for new translations or something and then stalls, leaving the DB in a mess).
On another note, now the add info boxes function suddenly doesn't work in dashboard… it disappeared and won't come back.
Ranger187
Joined: 2005-12-02
Posts: 204
Posted: Fri, 2012-06-15 03:05
I've said it back in 2008, I've said it 2 years ago and I'll say it now. Limiting this to linux shows inexperience and biased views. Claiming windows has "security" flaws is as valid as me saying "going outside will kill you". Sure, if you go outside and don't put on a bulletproof vest and spf 400 you'll eventually come to your demise, but having such an extreme vast open excuse is pitiful.
Oh wait, let's release COUNTLESS security fixes/updates because the only OS we support is so secure. <---- Now let's try and sidestep it and blame it ONLY on php/mysql etc so we can deny the the OS we support is flawless...
They have a thing called the EULA and also a disclaimer removing one from perjury from any harm from a product. Every company out there uses it so the cop out you are using saying you don't want to be responsible is null and void.
If there is a way YOUR product can exploit the system it's not the OS/Admins problem, it's your defective product.
Windows and Linux both have security issues. BOTH are remedied by the ADMINISTRATOR maintaining the box.
I now disprove this product and will start boycotting it if this CONSTANT attitude continues.
Sigh. I have limited time, I don't use Windows as a server, I'm not going to spend any time on maintaining a Windows version. Honestly, I don't owe you anything here. If you want to support a Windows version - go right ahead. Clone the source on github and have at it, with my blessing. But don't count on me to spend a second on supporting it. Boycott away.
PS: There are a lot of security issues with Gallery 3 on Windows. Security experts have pointed them out to me. I'm not going to fix them, but I'm also not going to let people be exploited by them through their ignorance. Caveat emptor.
Sigh. I have limited time, I don't use Windows as a server, I'm not going to spend any time on maintaining a Windows version. Honestly, I don't owe you anything here. If you want to support a Windows version - go right ahead. Clone the source on github and have at it, with my blessing. But don't count on me to spend a second on supporting it. Boycott away.
PS: There are a lot of security issues with Gallery 3 on Windows. Security experts have pointed them out to me. I'm not going to fix them, but I'm also not going to let people be exploited by them through their ignorance. Caveat emptor.
I already DO support windows versions on here. I have for countless years. But thanks for that weak excuse as to why you can't support an OS. I understand it might be because you don't have the knowledge or skill but that's not a valid argument here. Since 90% of EVERY Web Server application is cross platform. I'd expect after 7+ years of releasing a product you'd be able to understand the fundamentals and make a secure product. If there is an exploit, and it's NOT an issue unless this product is installed, that's Gallery's issue. Passing it off as the OS. That's CLASSIC!
Man, you're really aggressive about this. I'm going to respond one more time on this, then I'm going to ignore all future comments.
Time is highly limited. Every OS we support takes time. I volunteer my time to support a platform that I myself use. There are known security bugs using Gallery 3 on Windows. I choose not to spend the time to fix them. I don't want users to accidentally suffer for it. Add it up == you're not going to see me support Windows. If you choose to continue to support it - that's great! But I'm voting with my time here and will continue to do so in the future.
---
Problems? Check gallery3/var/logs file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Serge D
Joined: 2009-06-11
Posts: 2466
Posted: Fri, 2012-06-15 03:51
This is unfortunate, it is discouraging, it is bad excuse though.
It is the same excuse as to why we still use 2+ years old jQuery with possible security and performance issues we all so concern about.
While I respect your opinion, I think you further discourage people use the gallery. Honestly, we do not need such bad press.
Man, you're really aggressive about this. I'm going to respond one more time on this, then I'm going to ignore all future comments.
Time is highly limited. Every OS we support takes time. I volunteer my time to support a platform that I myself use. There are known security bugs using Gallery 3 on Windows. I choose not to spend the time to fix them. I don't want users to accidentally suffer for it. Add it up == you're not going to see me support Windows. If you choose to continue to support it - that's great! But I'm voting with my time here and will continue to do so in the future.
---
Problems? Check gallery3/var/logs file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Sweet, your method is valid right. So if a cancer patient has a tumor, ignore it. Get a gunshot wound...IGNORE IT!
LET ME TAKE IT A STEP FURTHER.... LET'S FIX THE ISSUES THAT ARE IN LINUX, but not in another os. If the issue is in Linux it SHOULD be in windows since it's PHP and SQL code and VICE VERSA. Hence the only valid reasons here are:
1. Security (you don't know how to TELL windows to do a function). > Simply explain in the docs they need to perform step x y and z (GOD THAT'S SO HARD!)
;)
It's like saying, if you are black (Windows), you can't use this product, but if you are white (Linux), we think you are cool and we understand you. So don't buy a Honda if you are black, because you won't know how to drive it, but a white person will.... ;)
I have been using this product from Ngallery until now. I have always supported it. I love it. But when you give WEAK MINDED excuses that are easily disproven time and time again. Well... Yeah. That's logical.
======================================= http://codex.gallery2.org/Gallery3:Installation_on_Windows_Server_2008_and_IIS7
floridave
Joined: 2003-12-22
Posts: 27300
Posted: Fri, 2012-06-15 04:19
Serge D wrote:
This is unfortunate, it is discouraging, it is bad excuse though.
It is very discouraging that we get comments like this as well. It is a valid excuse. It it is HIS time not yours or anybody else's. HIS time is valuable, telling him that he has not spent enough effort on this project is not the way to encourage him to spend more.
Comments like that can break a project and I hope that Bharat understands that there is a LOT of people that appreciate his effort and hope that comments like that don't discourage him from continuing on.
I can understand your frustration but can you contribute even more than you already have? I know I can't especially with comments like it is a bad excuse that we don't give enough to the project already.
It is comments like that that make me think twice about giving back.
@SergeD: I'm trying to make time to update jQuery, but I have to prioritize. Security comes first, infrastructure comes second. There's no time to add more platforms. I don't understand why you think this is a bad excuse. I'm lucky to have a couple of hours a week to work on Gallery - tell me where you'd like me to spend them, and I'll spend them there. From the reports I've seen, properly the security issues for Windows is probably 40+ hours of work. I'm guessing that updating jQuery and having it bullet-proof is about the same.
This is unfortunate, it is discouraging, it is bad excuse though.
It is very discouraging that we get comments like this as well. It is a valid excuse. It it is HIS time not yours or anybody else's. HIS time is valuable telling him that he has not spent enough effort on this project is not the way to encourage him to spend more.
Comments like that can break a project and I hope that Bharat understands that there is a LOT of people that appreciate his effort and hope that comments like that don't discourage him from continuing on.
I can understand your frustration but can you contribute even more than you already have? I know I can't especially with comments like it is a bad excuse that we don't give enough to the project already.
It is comments like that that make me think twice about giving back.
Can I contribute? I have. See the document I created.
Don't you think old code such as the jquery and other things are also something that can break and CONTINUE to cause issues? It's a 2 way street and if it's only "My way", EVERYONE loses.
I've been willing to help. Don't you think telling me they will not listen to negotiate with us is saying OUR time isn't valuable?
Excuses only go so far. Actions speak louder than words.
@Ranger187: ok, I admit - I'm still reading your comments. In the 3.0.4 release we haven't changed our stance on Windows - we haven't supported it since the beginning. So as far as I can tell, all you need to do is update your doc and tell users to remove the 3 lines from index.php that prevent Gallery from running on Windows and you're back to where you were before. But I suggest at that point that you contact Mateusz Goik and Emanuel Bronshtein so that they can outline all the various security issues that exist with Gallery 3 on Windows so that you can document those fixes as well.
@Ranger187: ok, I admit - I'm still reading your comments. In the 3.0.4 release we haven't changed our stance on Windows - we haven't supported it since the beginning. So as far as I can tell, all you need to do is update your doc and tell users to remove the 3 lines from index.php that prevent Gallery from running on Windows and you're back to where you were before. But I suggest at that point that you contact Mateusz Goik and Emanuel Bronshtein so that they can outline all the various security issues that exist with Gallery 3 on Windows so that you can document those fixes as well.
Bharat, Thank you. Sincerely I appreciate any effort.
I have a few ideas to remedy this situation and if you are willing to hear me out in a PM I'd like to shoot some ideas off to you.
======= Windows Install Guide
bharat
Joined: 2002-05-21
Posts: 7994
Posted: Fri, 2012-06-15 04:38
@Ranger187: I think you missed my point. I am not planning to spend any time on this at all (that includes reading PMs about it) - but I'm not stopping you from spending time on it. I know you've spent a lot of time on this, but so have I and I really have no more to give. Good luck - I'm sure all the Windows users will appreciate it!
---
Problems? Check gallery3/var/logs file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
floridave
Joined: 2003-12-22
Posts: 27300
Posted: Fri, 2012-06-15 04:47
Ranger187,
Ranger187 wrote:
LET'S FIX THE ISSUES THAT ARE IN LINUX, but not in another os.
I see the document you have created and I bet the the community appreciates it. Windows_Server_2008_and_IIS7
Last time I checked there was more than one version of Windows.
Quote:
So if a cancer patient has a tumor, ignore it.
Bringing your cancer analogy to play... it looks like you only want to work on skin cancer? What about all the other cancersOSs and server software?
Lets do like they do in the medical world ...
We should give a referral to another expert in that field.
How about you?
bharat wrote:
If you choose to continue to support it - that's great!
Create a fork on git hub that has support for Windows_Server_2008_and_IIS7 or other OSs that you care to work on as well.
I see the document you have created and I bet the the community appreciates it. Windows_Server_2008_and_IIS7
Last time I checked there was more than one version of Windows.
Linux has many flavors as well. From a Windows standpoint, running IIS from XP/Vista/Windows 7 isn't efficient but possible. But Windows Server 2003, 2008, R2 and 2012 are practical and I've proven it works.
floridave wrote:
Create a fork on git hub that has support for Windows_Server_2008_and_IIS7 or other OSs that you care to work on as well.
Sure, drop someone in a fire and say don't get burned. I need a flame retardant suit (I've never done this before, I would need to collaborate with others that already are in the project that are WILLING to offer what they know and a way to do this with others, hence a simple forum category too) and some kind of backing on this. There is a reason people have policies and procedures and best practices on how to do something and if you give it to a random group that doesn't have a guideline or resource to follow or collaborate, then it's meaningless.
=======
I thought this was a joint effort where you encourage others to help, volunteer and improve the product. If only you are in control and you tell others good luck and have at it, while remaining an individual, that defeats the purpose or point of others even attempting to do anything.
Joined: 2005-12-02 <---- I've been here 7 years, and I've been following/using this product longer. I think that's enough reason to understand I've been here freely to get and offer continued support.
Collaboration and communication is what everyone is saying is needed to further this product, but it seems you are making EVERY effort to tamper that.
How can I spend time on it if it's independent and lacks everything? We have NO OUTLET to do this with. I'm not a programmer but I am a windows server person who can help in the security area.
If a "Gallery Windows Support" area in the forums can be created all the IIS/Windows issues can be collected, researched and resolved. And I'll spearhead that.
That doesn't mean Gallery supports it, but it's an option and resource for others to take to be able to ACTUALLY do something. If you say we have your blessing to take it on, there you go.
If the project is lacking windows support, coders etc, can't you publish on the main page to requrest Windows coders, etc? And with a Windows forum area, that would only double the benefit.
Now I've offered outlets to resolve things, which would allow Mateusz Goik and Emanuel Bronshtein and the community a way to collaborate and improve the product in the areas that you have no time for, but others do.
@SergeD: I'm trying to make time to update jQuery, but I have to prioritize. Security comes first, infrastructure comes second. There's no time to add more platforms. I don't understand why you think this is a bad excuse. I'm lucky to have a couple of hours a week to work on Gallery - tell me where you'd like me to spend them, and I'll spend them there. From the reports I've seen, properly the security issues for Windows is probably 40+ hours of work. I'm guessing that updating jQuery and having it bullet-proof is about the same.
As I said I understand time constrains, please note that you choose to cut the head by preventing gallery to be run on windows rather than leave some sort of option to allow it. Special key? No, you ask people to hack the code. Well, it is not so much of "protection" to require delete 3 lines of code.
So in the end it is an excuse, sorry.
People who do run G3 on the Windows platform may take your action may be too personal, don't you think?
It is action taken without any discussion, vote, or even the note, what offends. It is community project after all, is it not? If it is personal project, then it is of different matter, then let's treat it as such without pretenses.
Yes, we learn to live over the years when Unix guys think things about Windows, same as Windows guys think about Unix. Apple against Google, Google against Apple, Microsoft in between when it suites them
As I said, we may be taking it too personal, and we should not. Couple months, a year and WordPress may have the same capabilities or our friends from other gallery projects would offer similar flexibility. Why should we fight over piece of code, no matter how good it is or could become? Every problem has multiple solutions, choice is just choice...
I've offered suggestions, made efforts and I'm tired of hearing "If you want to do it, you can" but then they turn their back. Why have 20,000 resources when it all can be managed, maintained and developed all centrally in 1 place?
If people need more reasons why ANY effort by a 3rd party is snidely disavowed time and time again, see this example: http://gallery.menalto.com/node/102637
Serge, myself, Joosep, jtenkate, rwatcher all have provided solutions, ideas and they all get a "this isn't supported" or "thanks but we don't have time." yet WE ARE MAKING THE TIME and every effort is dismantled.
How hard is it to make a "Gallery Windows Support" area, then if so be it, post "community supported only" and let us have at it so we can all contribute? Or are we going to get 30 reasons why not when they have a "General Chit-Chat" , "International Zone" etc.... It's ok to allow people to translate and chit chat, but not offer windows support?
It is very discouraging that we get comments like this as well. It is a valid excuse. It it is HIS time not yours or anybody else's. HIS time is valuable, telling him that he has not spent enough effort on this project is not the way to encourage him to spend more.
Comments like that can break a project and I hope that Bharat understands that there is a LOT of people that appreciate his effort and hope that comments like that don't discourage him from continuing on.
I can understand your frustration but can you contribute even more than you already have? I know I can't especially with comments like it is a bad excuse that we don't give enough to the project already.
It is comments like that that make me think twice ....
Are you saying it is not community project even a little bit? Are you saying that people outside G3 core team are not contributing? Or have much more time to spare? Or their time is less valuable then yours or Bharat's? Do you think that comments like yours may have the same effect that you are so worried about when it comes to you or your friends? Should we just shut up and move on? Well I am offended by your words then, I will go into my dark corner, think, delete all my contributions, and move on... If we are soo sensitive... Good solution for you? Should I do that? Should others do the same? What would be left? Is it what you want? Really?
Serge, no matter what it's a community effort no matter what anyone wants to say. Yet if the community of Windows users (still a community) want to resolve it, our tickets are closed, ignored or scoffed at leaving the community with no options but to go outside of the COMMUNITY and essentially 3rd party make our own version. This is not what is intelligent or rational nor my or others intentions to branch off.
Soon as an update or fix or new version is released, there is NO way to collaborate with the other community to in UNISON update "our" version. Essentially saying we aren't a community, we need to be isolated.
I don't mind managing a windows portion, having a windows build and MAINTAINING windows support, but it should be done on here, so bugs, update, info etc can all be known to EVERYONE. Both sides can collaborate, give advice, offer ideas and yield results.
This product grew by others contributing and developing into what it is and if everyone worked together (because not everyone is a programmer, security expect etc, but they have found solutions and the more skilled can clean/modify/offer solutions) and collaborated it would work.
Society, products and ideas can't go anywhere without adaptation. But it seems that one sided "adaptation" is used here when the community and resources are there and every effort is shot down.
Serge D
Joined: 2009-06-11
Posts: 2466
Posted: Fri, 2012-06-15 07:02
Wrong target, late time, too many emotions, pointless discussion, everyone has their own reasons, but nobody wants to reason...
Just delete 3 lines and be done with it.
Which support 80% of windows and other OS's still make it so it's working on all platforums (Those are stats from the last 7 years totaled) which should make people cry here.
Operating System Downloads
Windows 80,712
Linux 5,337
Macintosh 4,642
Unknown 4,216
Android 46
BSD 3
Solaris 1
TOTAL 105,012
Um. Serge, I never brought up wordpress. I was stating FACTS. Whether you like or dislike that product doesn't matter. They SUPPORT all OS's. Unlike the one you are here posting about. That's the point.
Thanks for the update. Was able to get my gallery updated with all my additional code tweaks added in.
- Mark H.
Using Gallery 3.0.4 - gallery.markheadrick.com
wellensittich
Joined: 2011-07-14
Posts: 8
Posted: Sun, 2012-06-17 17:14
No Problems... Vielen Dank :-D
Vojtech
Joined: 2009-06-22
Posts: 35
Posted: Tue, 2012-06-19 14:31
It works fine, thank You very much for Your work!
Short note to previous conversation in this thread: I am very grateful, that someone provides very good application like this - I wouldn't be able to write it myself. :-D Nothing is perfect, but this is very good. And especially I appreciate it is free open-source. There is no right to require support from developers and I thank them for any support they provide here on forum. Might be, developers could provide paid support for extra work.
Short note to previous conversation in this thread: I am very grateful, that someone provides very good application like this - I wouldn't be able to write it myself. :-D Nothing is perfect, but this is very good. And especially I appreciate it is free open-source. There is no right to require support from developers and I thank them for any support they provide here on forum. Might be, developers could provide paid support for extra work.
^^ this ^^
ACruz
Joined: 2012-06-20
Posts: 1
Posted: Wed, 2012-06-20 15:31
Hi!
I install the gallery 3.0.4 and my Gallery Remoto stop working. I already do modification of file cookie.php and .htacess but is the same thing!
Cant help me please?
Posts: 304
Running "Fix your gallery" stalls, and renders gallery useless. Seem like I need to reinstate a backup or something, logs say nothing.
Posts: 304
Posts: 304
Old database reinstated, but something is seriously fracked up.
Posts: 27300
This file: https://github.com/gallery/gallery3/commits/master/modules/gallery/helpers/gallery.php has not changed since the last version and for some time.
Are you sure all files where replaced properly? How did you upgrade the files?
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 304
Yeah, all files were properly replaced, and I ran upgrade without errors. Twice, to be sure.
Maybe it is database related. Maintenance got stuck at circa 2000 of 9000 tasks, and shortly thereafter googlebot went nuts looking for things that did not exist (like /var/Nudes/Portraits/… where there should only be /var/Nudes/… and /var/Portraits/…). Maintenance corrupted the database tree or something, resetting all modification dates, making images not showing etc. I dare not touch that thing again.
Posts: 205
I installed it last night without issue.
===========================
Version: 3.0.4 (Ricochet)
Operating system: Linux 2.6.18-194.11.4.el5
Apache/2.2.21
PHP: 5.3.8
MySQL: 5.0.95
Clean Canvas theme
Graphics Toolkit = ImageMagick
Albums: 199
Photos: 68913
Posts: 2466
I do very much like comments in the code like this
//remove any style attributes, IE allows too much stupid things in them, eg.
//<span style="width: expression(alert('Ping!'));"></span>
// and in general you really don't want style declarations in your UGC
it really shows professional level of the coder
and yet, G3 is based on outdated version of jQuery, etc...
No more support for Windows platform? what is the reason?
Otherwise, installed successfully
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 27300
https://sourceforge.net/apps/trac/gallery/ticket/1883
Just because it may work does not mean there is not security issues with it that we don't test for or have not found or are willing to spend the time and resources to do so.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 7994
@inposure: looks like you're stuck in maintenance mode and it's struggling to figure out whether the controller at the url you provided is allowed to run in maintenance mode or not. It's weird that you're seeing that - I don't have enough info to fix it... is it still happening?
@SergeD: yeah those comments are funny. That's 3rd party code, though - I try to avoid changing their comments Yes, I'd like to update jQuery, but it's a large task and I don't have enough time to tackle it now. Maybe later. Pretty busy at work right now. No more support for windows because there are security vulnerabilities in Gallery 3 on Windows and I don't want to spend time fixing them on that platform (there are probably a ton, and it's not worth the time). If we don't prevent users from running on Windows, we have to deal with users who get hacked. Ergo, we won't let anybody run on Windows unless they hack the code (in which case it's their problem not ours).
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 304
The image block module now displays a link to itself /image_block/random/id rather then to the actual image page.
BAD IDEA, as this just creates YET ANOTHER layer of duplicates that bots crawl, thereby consuming unnecessary resources and confusing things.
Posts: 304
@bharat: I don’t know, I dare not try until night fall and there’s a fresh backup. My hypothesis is that it is corrupting the database (which itself is fine and in order).
Update: still stalling. It nukes the database, flattening the folder structure or something… look at this:
The URL is just several albums and images squashed into one piece.
This may not have to do with this particular update, although it is a serious problem. Maintenance is supposed to help, not nuke.
Posts: 7994
We need an interstitial on the image block images otherwise when you're on a search results page and you click on a random image it tries to view the image in a search context which bombs. I'll file a bug to investigate.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 2466
Hi, Bharat
Glad to see you here Good stuff. Please keep up with updates!
I have succeeded, at least for my needs, with migration of jQuery - GD Theme 4.0 is jQuery latest and is in beta now - yes, some challenges, but it is doable... have to override some G3 JS files : ajax, dialog, form, json...
Windows... yes, I understand your concern... do you think cutting the head is better than head may hurt? it is not that you do not provide support for Windows platform, you do not run on Windows right now... too drastic, but hey, the boss is the boss I was just curious.
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 304
Trying to solve this… I notice that the Dashboard now takes a whopping 60 secs to load, rather than 0.15 secs. Turns out that the project news feed is the culprit, but I have no clue to why that is. I do have extensive iptables firewall rules, but the entire menalto.com range is allowed, and in any case netstat shows it is connecting using IPv6 to 2001:470:1:12d::252 (no firewall rules). Yet it comes up empty, so also if I reset iptables. Wasn't like that before. (Ping works fine.)
This makes me wonder if ”Fix your gallery” does any networking? If it stalls, then it could be for the same reason, although I can't follow the code to see what is actually happening.
It is not the DB. I downloaded it to my local Mac gallery, and it works just fine.
Ideas?
Posts: 2466
For me project news never loaded before. issue is with how server handles fetch of external data across domains - logic used by G3 core does not work for all systems.
In the past I have tried to use similar for some of the modules and ended up switching to CURL instead... may be worth looking into at some point
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 2258
inposure: that smells an awful lot like a result of http://en.wikipedia.org/wiki/World_IPv6_Day. Try disabling IPv6 on your web server or confirming that you have working IPv6 connectivity.
Posts: 304
Nope, works fine.
ping6 ipv6.google.com
PING ipv6.google.com(arn06s02-in-x13.1e100.net) 56 data bytes
64 bytes from arn06s02-in-x13.1e100.net: icmp_seq=1 ttl=55 time=17.7 ms
64 bytes from arn06s02-in-x13.1e100.net: icmp_seq=2 ttl=55 time=18.0 ms
…
cat /proc/net/if_inet6
20010470dd5acafe02169dfffe595a71 02 40 00 00 eth0
2a0016d800020300b14274208f8bee8f 02 40 00 21 eth0
2a0016d80002030002169dfffe595a71 02 40 00 00 eth0
…
Posts: 183
Works for me. No issues with the dashboard on my end, either.
Thanks!
Take care,
Shad
Posts: 7994
Hey inposure, from that same machine can you try the same with gallery.menalto.com? Here's what I see from my work machine:
Also try creating modules/gallery/controllers/y.php and put this in it:
Then browse to /gallery3/index.php/y in your Gallery install and tell me what you see.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 304
@bharat: can comfirm that there is an ipv6 problem here… no ping, returns an empty array. For the time being, I changed /etc/gai.conf to let ipv4 take precedence on dual stacks, this needs further investigation. This wasn't so before.
Maybe we should just delete the threads from me, they add nothing useful here, probably nothing wrong at all with Gallery (although I still wonder if the fix gallery problem is related, maybe it checks for new translations or something and then stalls, leaving the DB in a mess).
On another note, now the add info boxes function suddenly doesn't work in dashboard… it disappeared and won't come back.
Posts: 204
I've said it back in 2008, I've said it 2 years ago and I'll say it now. Limiting this to linux shows inexperience and biased views. Claiming windows has "security" flaws is as valid as me saying "going outside will kill you". Sure, if you go outside and don't put on a bulletproof vest and spf 400 you'll eventually come to your demise, but having such an extreme vast open excuse is pitiful.
Oh wait, let's release COUNTLESS security fixes/updates because the only OS we support is so secure. <---- Now let's try and sidestep it and blame it ONLY on php/mysql etc so we can deny the the OS we support is flawless...
They have a thing called the EULA and also a disclaimer removing one from perjury from any harm from a product. Every company out there uses it so the cop out you are using saying you don't want to be responsible is null and void.
If there is a way YOUR product can exploit the system it's not the OS/Admins problem, it's your defective product.
Windows and Linux both have security issues. BOTH are remedied by the ADMINISTRATOR maintaining the box.
I now disprove this product and will start boycotting it if this CONSTANT attitude continues.
=======================================
http://codex.gallery2.org/Gallery3:Installation_on_Windows_Server_2008_and_IIS7
Posts: 7994
Sigh. I have limited time, I don't use Windows as a server, I'm not going to spend any time on maintaining a Windows version. Honestly, I don't owe you anything here. If you want to support a Windows version - go right ahead. Clone the source on github and have at it, with my blessing. But don't count on me to spend a second on supporting it. Boycott away.
PS: There are a lot of security issues with Gallery 3 on Windows. Security experts have pointed them out to me. I'm not going to fix them, but I'm also not going to let people be exploited by them through their ignorance. Caveat emptor.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 204
I already DO support windows versions on here. I have for countless years. But thanks for that weak excuse as to why you can't support an OS. I understand it might be because you don't have the knowledge or skill but that's not a valid argument here. Since 90% of EVERY Web Server application is cross platform. I'd expect after 7+ years of releasing a product you'd be able to understand the fundamentals and make a secure product. If there is an exploit, and it's NOT an issue unless this product is installed, that's Gallery's issue. Passing it off as the OS. That's CLASSIC!
=======================================
http://codex.gallery2.org/Gallery3:Installation_on_Windows_Server_2008_and_IIS7
Posts: 7994
Man, you're really aggressive about this. I'm going to respond one more time on this, then I'm going to ignore all future comments.
Time is highly limited. Every OS we support takes time. I volunteer my time to support a platform that I myself use. There are known security bugs using Gallery 3 on Windows. I choose not to spend the time to fix them. I don't want users to accidentally suffer for it. Add it up == you're not going to see me support Windows. If you choose to continue to support it - that's great! But I'm voting with my time here and will continue to do so in the future.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 2466
This is unfortunate, it is discouraging, it is bad excuse though.
It is the same excuse as to why we still use 2+ years old jQuery with possible security and performance issues we all so concern about.
While I respect your opinion, I think you further discourage people use the gallery. Honestly, we do not need such bad press.
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 204
The excuses we are being given are past old.
Sweet, your method is valid right. So if a cancer patient has a tumor, ignore it. Get a gunshot wound...IGNORE IT!
LET ME TAKE IT A STEP FURTHER.... LET'S FIX THE ISSUES THAT ARE IN LINUX, but not in another os. If the issue is in Linux it SHOULD be in windows since it's PHP and SQL code and VICE VERSA. Hence the only valid reasons here are:
1. Security (you don't know how to TELL windows to do a function). > Simply explain in the docs they need to perform step x y and z (GOD THAT'S SO HARD!)
;)
It's like saying, if you are black (Windows), you can't use this product, but if you are white (Linux), we think you are cool and we understand you. So don't buy a Honda if you are black, because you won't know how to drive it, but a white person will.... ;)
I have been using this product from Ngallery until now. I have always supported it. I love it. But when you give WEAK MINDED excuses that are easily disproven time and time again. Well... Yeah. That's logical.
=======================================
http://codex.gallery2.org/Gallery3:Installation_on_Windows_Server_2008_and_IIS7
Posts: 27300
It is very discouraging that we get comments like this as well. It is a valid excuse. It it is HIS time not yours or anybody else's. HIS time is valuable, telling him that he has not spent enough effort on this project is not the way to encourage him to spend more.
Comments like that can break a project and I hope that Bharat understands that there is a LOT of people that appreciate his effort and hope that comments like that don't discourage him from continuing on.
I can understand your frustration but can you contribute even more than you already have? I know I can't especially with comments like it is a bad excuse that we don't give enough to the project already.
It is comments like that that make me think twice about giving back.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 7994
@SergeD: I'm trying to make time to update jQuery, but I have to prioritize. Security comes first, infrastructure comes second. There's no time to add more platforms. I don't understand why you think this is a bad excuse. I'm lucky to have a couple of hours a week to work on Gallery - tell me where you'd like me to spend them, and I'll spend them there. From the reports I've seen, properly the security issues for Windows is probably 40+ hours of work. I'm guessing that updating jQuery and having it bullet-proof is about the same.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 204
Can I contribute? I have. See the document I created.
Don't you think old code such as the jquery and other things are also something that can break and CONTINUE to cause issues? It's a 2 way street and if it's only "My way", EVERYONE loses.
I've been willing to help. Don't you think telling me they will not listen to negotiate with us is saying OUR time isn't valuable?
Excuses only go so far. Actions speak louder than words.
=======================================
Windows Install Guide
Posts: 7994
@Ranger187: ok, I admit - I'm still reading your comments. In the 3.0.4 release we haven't changed our stance on Windows - we haven't supported it since the beginning. So as far as I can tell, all you need to do is update your doc and tell users to remove the 3 lines from index.php that prevent Gallery from running on Windows and you're back to where you were before. But I suggest at that point that you contact Mateusz Goik and Emanuel Bronshtein so that they can outline all the various security issues that exist with Gallery 3 on Windows so that you can document those fixes as well.
In the meantime, I'm going to spend my time on trying to update jQuery.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 204
Bharat, Thank you. Sincerely I appreciate any effort.
I have a few ideas to remedy this situation and if you are willing to hear me out in a PM I'd like to shoot some ideas off to you.
=======
Windows Install Guide
Posts: 7994
@Ranger187: I think you missed my point. I am not planning to spend any time on this at all (that includes reading PMs about it) - but I'm not stopping you from spending time on it. I know you've spent a lot of time on this, but so have I and I really have no more to give. Good luck - I'm sure all the Windows users will appreciate it!
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 27300
Ranger187,
I see the document you have created and I bet the the community appreciates it. Windows_Server_2008_and_IIS7
Last time I checked there was more than one version of Windows.
Bringing your cancer analogy to play... it looks like you only want to work on skin cancer? What about all the other
cancersOSs and server software?Lets do like they do in the medical world ...
We should give a referral to another expert in that field.
How about you?
Create a fork on git hub that has support for Windows_Server_2008_and_IIS7 or other OSs that you care to work on as well.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 204
Last time I checked there was more than one version of Windows.
Linux has many flavors as well. From a Windows standpoint, running IIS from XP/Vista/Windows 7 isn't efficient but possible. But Windows Server 2003, 2008, R2 and 2012 are practical and I've proven it works.
Sure, drop someone in a fire and say don't get burned. I need a flame retardant suit (I've never done this before, I would need to collaborate with others that already are in the project that are WILLING to offer what they know and a way to do this with others, hence a simple forum category too) and some kind of backing on this. There is a reason people have policies and procedures and best practices on how to do something and if you give it to a random group that doesn't have a guideline or resource to follow or collaborate, then it's meaningless.
=======
I thought this was a joint effort where you encourage others to help, volunteer and improve the product. If only you are in control and you tell others good luck and have at it, while remaining an individual, that defeats the purpose or point of others even attempting to do anything.
Joined: 2005-12-02 <---- I've been here 7 years, and I've been following/using this product longer. I think that's enough reason to understand I've been here freely to get and offer continued support.
Collaboration and communication is what everyone is saying is needed to further this product, but it seems you are making EVERY effort to tamper that.
How can I spend time on it if it's independent and lacks everything? We have NO OUTLET to do this with. I'm not a programmer but I am a windows server person who can help in the security area.
If a "Gallery Windows Support" area in the forums can be created all the IIS/Windows issues can be collected, researched and resolved. And I'll spearhead that.
That doesn't mean Gallery supports it, but it's an option and resource for others to take to be able to ACTUALLY do something. If you say we have your blessing to take it on, there you go.
If the project is lacking windows support, coders etc, can't you publish on the main page to requrest Windows coders, etc? And with a Windows forum area, that would only double the benefit.
Now I've offered outlets to resolve things, which would allow Mateusz Goik and Emanuel Bronshtein and the community a way to collaborate and improve the product in the areas that you have no time for, but others do.
=======
Windows Install Guide
Posts: 7994
Dear lord. I'm out, fellas. Good luck with this.
---
Problems? Check gallery3/var/logs
file a bug/feature ticket | upgrade to the latest code! | hacking G3? join us on IRC!
Posts: 2466
As I said I understand time constrains, please note that you choose to cut the head by preventing gallery to be run on windows rather than leave some sort of option to allow it. Special key? No, you ask people to hack the code. Well, it is not so much of "protection" to require delete 3 lines of code.
So in the end it is an excuse, sorry.
People who do run G3 on the Windows platform may take your action may be too personal, don't you think?
It is action taken without any discussion, vote, or even the note, what offends. It is community project after all, is it not? If it is personal project, then it is of different matter, then let's treat it as such without pretenses.
Yes, we learn to live over the years when Unix guys think things about Windows, same as Windows guys think about Unix. Apple against Google, Google against Apple, Microsoft in between when it suites them
As I said, we may be taking it too personal, and we should not. Couple months, a year and WordPress may have the same capabilities or our friends from other gallery projects would offer similar flexibility. Why should we fight over piece of code, no matter how good it is or could become? Every problem has multiple solutions, choice is just choice...
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 204
I've offered suggestions, made efforts and I'm tired of hearing "If you want to do it, you can" but then they turn their back. Why have 20,000 resources when it all can be managed, maintained and developed all centrally in 1 place?
If people need more reasons why ANY effort by a 3rd party is snidely disavowed time and time again, see this example: http://gallery.menalto.com/node/102637
Serge, myself, Joosep, jtenkate, rwatcher all have provided solutions, ideas and they all get a "this isn't supported" or "thanks but we don't have time." yet WE ARE MAKING THE TIME and every effort is dismantled.
How hard is it to make a "Gallery Windows Support" area, then if so be it, post "community supported only" and let us have at it so we can all contribute? Or are we going to get 30 reasons why not when they have a "General Chit-Chat" , "International Zone" etc.... It's ok to allow people to translate and chit chat, but not offer windows support?
I rest my case.
=======
Windows Install Guide
Posts: 2466
Are you saying it is not community project even a little bit? Are you saying that people outside G3 core team are not contributing? Or have much more time to spare? Or their time is less valuable then yours or Bharat's? Do you think that comments like yours may have the same effect that you are so worried about when it comes to you or your friends? Should we just shut up and move on? Well I am offended by your words then, I will go into my dark corner, think, delete all my contributions, and move on... If we are soo sensitive... Good solution for you? Should I do that? Should others do the same? What would be left? Is it what you want? Really?
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 204
Serge, no matter what it's a community effort no matter what anyone wants to say. Yet if the community of Windows users (still a community) want to resolve it, our tickets are closed, ignored or scoffed at leaving the community with no options but to go outside of the COMMUNITY and essentially 3rd party make our own version. This is not what is intelligent or rational nor my or others intentions to branch off.
Soon as an update or fix or new version is released, there is NO way to collaborate with the other community to in UNISON update "our" version. Essentially saying we aren't a community, we need to be isolated.
I don't mind managing a windows portion, having a windows build and MAINTAINING windows support, but it should be done on here, so bugs, update, info etc can all be known to EVERYONE. Both sides can collaborate, give advice, offer ideas and yield results.
This product grew by others contributing and developing into what it is and if everyone worked together (because not everyone is a programmer, security expect etc, but they have found solutions and the more skilled can clean/modify/offer solutions) and collaborated it would work.
Society, products and ideas can't go anywhere without adaptation. But it seems that one sided "adaptation" is used here when the community and resources are there and every effort is shot down.
Posts: 2466
Wrong target, late time, too many emotions, pointless discussion, everyone has their own reasons, but nobody wants to reason...
Just delete 3 lines and be done with it.
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 204
Products like this: http://sourceforge.net/projects/coppermine/files/Plugins/1.5.x/stats/os
Which support 80% of windows and other OS's still make it so it's working on all platforums
Operating System Downloads
Windows 455
Unknown 97
Android 4
Linux 3
Macintosh 3
562
=======
Windows Install Guide
Posts: 204
Products like this: http://sourceforge.net/projects/coppermine/files/Plugins/1.5.x/stats/os
Which support 80% of windows and other OS's still make it so it's working on all platforums (Those are stats from the last 7 years totaled) which should make people cry here.
Operating System Downloads
Windows 80,712
Linux 5,337
Macintosh 4,642
Unknown 4,216
Android 46
BSD 3
Solaris 1
TOTAL 105,012
=======
Windows Install Guide
Posts: 2466
I will agree with you on WordPress, but Coppermine? phpBB style gallery? This is soo yesterday
Serge
_____________________________________________
Photo Gallery | GreyDragon Theme | Follow on Twitter
Posts: 204
Um. Serge, I never brought up wordpress. I was stating FACTS. Whether you like or dislike that product doesn't matter. They SUPPORT all OS's. Unlike the one you are here posting about. That's the point.
=======
Windows Install Guide
Posts: 42
Thanks for the new release!
Manual update worked without problems.
If somebody needs it, here i have made a list with the changed files: http://www.xeta.at/gallery_3.0.4_and_3.0.3.html
For local testing purpose with Xampp you have to edit the new index.php
www.xeta.at
Posts: 241
Thanks for the update. Was able to get my gallery updated with all my additional code tweaks added in.
- Mark H.
Using Gallery 3.0.4 - gallery.markheadrick.com
Posts: 8
No Problems... Vielen Dank :-D
Posts: 35
It works fine, thank You very much for Your work!
Short note to previous conversation in this thread: I am very grateful, that someone provides very good application like this - I wouldn't be able to write it myself. :-D Nothing is perfect, but this is very good. And especially I appreciate it is free open-source. There is no right to require support from developers and I thank them for any support they provide here on forum. Might be, developers could provide paid support for extra work.
----
http://galerie.trapa.cz/
Posts: 814
^^ this ^^
Posts: 1
Hi!
I install the gallery 3.0.4 and my Gallery Remoto stop working. I already do modification of file cookie.php and .htacess but is the same thing!
Cant help me please?
Thanks