phpBB Weekly

phpBB 3.0.RC6, probably the most hyped release candidate of phpBB so far (and definitely the one release that we’ve talked about more than any other on our show), was just released this afternoon. (Or, if you’re in Europe/Asia, it was released last night.) What’s so significant about this particular release is that it arguably includes the most changes/new features to the phpBB3 codebase since UTF-8 support arrived in Beta3, back last November. (David covered many of these features on episode #033, and we also discussed a few of these on today’s episode #034, which will be released really soon.)

It was also revealed that the phpBB3 codebase security audit was done by independent software security company SektionEins. Their website indicates that they specialize in security audits for web applications, in particular for those based on PHP. Their site also lists a number of stats about Internet attacks, and on episode #034 we talked a bit about some common vulnerabilities that web applications suffer. One of the reasons that phpBB has a bad reputation for security is because many hosts are using much much older versions of phpBB2 that have serious vulnerabilities in them. The phpBB teams over the years have been very good at getting new, fixed releases out in a timely matter, and the majority of the fault for these exploits are forum admins who don’t keep phpBB2 up-to-date, but nevertheless, the phpBB teams have been unfairly blamed many times for these. By having a codebase audit prior to Olympus going gold, phpBB3 will hopefully have a better lifetime than phpBB2 did.

However, Acyd Burn mentioned that the security audit turned up zero SQL injection vulnerabilities and zero Command Code Execution (CCE) vulnerabilities, which is excellent news and really exemplifies some of phpBB3′s superiority to phpBB2 when it comes to security. Considering that there’s over 200,000 lines of code in phpBB3, this is an excellent accomplishment and props for that goes to the Development Team. However, thanks to the security audit, RC-6 does bring along fixes for a few XSS vulnerabilities, a new password hashing mechanism, and a number of other new goodies.

Anyway, be sure that you run, don’t walk, over to the downloads page and download the RC-6 updater! The countdown to phpBB3 is getting nearer, can you feel the excitement?

UPDATE: Acyd Burn has announced that due to some problems with the RC-6 package, a new RC-7 package will be released later today. The teams will be providing auto-update packages for both RC-6 to RC-7 and RC-5 to RC-7. You probably should hold off until the new release this afternoon.
On phpBB Weekly #035, David will probably talk a bit about what happened to necessitate the RC-7 release.

If you are experiencing problems on your board with the RC-6/RC-7 update, read this article which details many problems with MODs and Styles due to the update.

We briefly mentioned this as a possiblity on our last phpBB Weekly episode, now I guess it’s time for me to make it official. This Saturday, we will be reining in a developer onto the program. That’s right: phpBB Developer DavidMJ will be joining us on Saturday to talk about phpBB3, I would guess. Let’s just say, I wouldn’t want to bet against those odds.

Of course, we’ll probably ask him a bit about what he does in his own life (even though phpBB team members by general rule aren’t supposed to have a personal life) and how he got to be a phpBB developer, but the two Davids (DavidMJ and our own David Lewis) will also be talking a lot about the most significant new features coming in phpBB3, including some you may not have known about. He will also be taking in-depth about the new DBAL tools (which he was in charge of designing, by the way).

Of course, please take advantage of the show being live and join in! If you have any questions that you’d like to ask a phpBB Developer, this is a great chance to make your voice heard!

If there’s a question that you’d like us to ask, but you won’t be able to be on the live show to ask it yourself, there’s a discussion topic over at Star Trek Guide where you can submit questions for us to interrogate ask him.

See you this Saturday at 12 PM Eastern time (1600 UTC)!

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Download MP3 Episode (28.5 MB)

Episode Duration: 1:14:08
On This Episode: Douglas Bell (Fountain of Apples) and David Lewis (Highway of Life)

Well, this episode of phpBB Weekly certainly did not run as intended. We had planned to have guests from the Tech Podcast Network join us to talk about their experiences with bulletin board-based websites, but to our surprise, none of them have worked with them before! Then, TalkShoe surprised us when they ended up doing a hardware move (and not warning us about it until half an hour into the show), which forced us to record this episode off of TalkShoe. And then, David ended up having to do the second half of the show from a car en route to the airport to catch a flight after the show, resulting in, well, not the greatest audio quality possible. Nevertheless, we did have a good (albeit technical) episode.

On this episode, David and I start out by welcoming the five (count them, five) new members of the Moderator Team, whom are cherokee red, ChrisRLG, darcie, dellsystem, and will_hough. We then take a look back at what caused the phpBB.com Outage last weekend, including what caused it, how serious it was, and how the teams have responded to it.

For the main part of the show, David takes a look at the many changes that will be coming in phpBB 3.0.RC6, including a new location for download.php, new dynamic login forms, the new use of check_form_key() and add_form_key() on all forms, new option so that you don’t have to use MD5 hashing anymore if you don’t want to, checking for the ‘IN_PHPBB’ constant in all files, and a number of other minor changes. MOD authors may want to check and see if their phpBB3 MODs will be RC-6 compatible.

The MOD of the Week is Last Posts Titles for phpBB2 by LEW21 and the Style of the Week is Sniper_Blue for phpBB3 by Sniper_E.

phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.

Sorry folks, but apparently TalkShoe is having some kind of issues right now that is preventing us from connecting to them. However, since David has to catch a flight in 2 hours, he and I are going to go ahead and record the episode ourselves over Skype. I wish to apologize to any of you who were hoping to call in this morning. I have reported the problem to TalkShoe and they’ll hopefully get back to me on what’s going on, however we’re going to have to skip the live callers this morning.

If you had a question that you really wanted to ask, you can e-mail it in and I’ll be checking the e-mails while we record the show. Get it in within the next hour to make sure that I’ll get it in time.