Download Episode

Sponsor: Try GotoMeeting free for 30 days! For this special offer, visit www.gotomeeting.com/techpodcasts/.

Is your website secure? What if you learned that half a million websites have been hacked via SQL Injections just since last January? On this episode, David Lewis is joined by Paul (of the MODs Team) and Ashley Pinner (NeoThermic, Support Team Leader), in which they discuss how site owners can be aware of SQL injection vulnerabilities, how they can prevent vulnerabilities in their own site, and how you can identify possible SQL injections within MODs that you download. And for MOD authors out there, they discuss the phpBB3 framework and how you can use it to prevent SQL injections in MODs.

Plus, have you ever run phpBB3 and made a change to your site, but nothing changed? That’s probably due to phpBB3’s caching of content, templates, and themes. David and the others discuss how to properly purge the cache with phpBB3, as well as discussing the differences between the different kinds of cached content.

And of course, Londonvasion is getting ever-closer, and so we’ve got your latest fix on Londonvasion news right here, as usual. Stay tuned as we finalize phpBB Weekly’s own Londonvasion plans over the next few weeks; we’ll be keeping you posted.

The MOD of the Week is Purge cache from any page for phpBB3 by Elglobo, and the Style of the Week is Day Song for phpBB3 by APT92.

phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.

Download Episode

Sponsor: Try GotoMeeting free for 30 days! For this special offer, visit www.gotomeeting.com/techpodcasts/.

Douglas was off taking a test during this episode, so he couldn’t make it, but then again, David forgot that it was Saturday, which is why the live stream of phpBB Weekly never happened! Whoops. Anyway, David managed to grab together a couple of team members to talk to for what could almost pass as another episode of the Official phpBB Podcast. So, on this episode, he’s joined by Paul Sohier (of the MOD Team), Yuriy Rusko (Marshalrusty of the Support Team), and Ashley Pinner (NeoThermic, Support Team Leader).

Anyway, this past week, the inevitable phpBB 3.0.1 was released featuring dozens of bugfixes, including two security-related fixes. As this marks the first non-RC-related update to phpBB3, they spend a little bit of time reviewing the process for updating from 3.0.0 to 3.0.1 and the importance of keeping your boards up-to-date. In addition, they discuss other common support issues with upgrading and how upgrading relates to the importance of keeping core code changes in MODs down to a minimum for compatibility.

They then discuss the recent alpha release of a MOD by naderman (of the Development Team) of the Sphinx Search Plugin for phpBB. Sphinx is a free open-source SQL fulltext search engine that is now another option that you can use for indexing your board’s content on your search page, and will quite possibly be showing up in phpBB 3.2 “Ascraeus.”

Yuriy gives us a quick update on the latest Londonvasion details (and by the way, you should also check out phpBB Weekly’s latest Londonvasion plans), and David tells us about Star Trek Guide’s new MOD Manager, as well as how you can obtain the “Borg Invasion” style that was used for STG’s recent April Fools joke.

No MOD or Style of the Week was selected this week, but we promise that we will make up for lost time next week and get back into the MODs and Styles selections.

Technical Note: Apologies for the background sounds in this episode–David discovered after the fact that he forgot to turn off his Skype sound effects!

phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.

Download Episode

We thought that we were going to do this episode of phpBB Weekly on Skypecasts, but we encountered problems with their service that made TalkShoe feel like the utopia of live audio streaming, so we decided to move back, and indeed, a brand new bugfixed update of TalkShoe was waiting for us. After spending some time talking about our interesting phpBB Weekly plight, congratulating David’s brother Francis Lewis (Handyman) for becoming a MOD Team member (the first time when two brothers have both been on the teams!), and talking about the recent Joomla!-phpBB meetup, we welcomed phpBB Developer DavidMJ as special guest for the show.

With DavidMJ, we talk about some of the many changes in phpBB3 over phpBB2, particularly in the areas of security and the improved accessibility of the codebase for MOD and style authors. DavidMJ also tells us about his particular areas of expertise in phpBB3, the database management system (DBMS). We also discuss the question over phpBB2’s fate, how much longer phpBB3 will support PHP 4, and some technical info on the various optimizations in phpBB3, and much more.

The MOD of the Week is Instant Post Redirect for phpBB3 by eviL<3, and the Style of the Week is Holiday Style for phpBB3 by Echo. (Yes, we did unintentionally pick styles from the same author on two consecutive episodes.)
Also, as the holiday season gets closer, we’re asking you to recommend any holiday-related MODs and Styles to us to feature on the upcoming episodes of phpBB Weekly. If you have one to recommend, bookmark it on del.icio.us with the tag “phpbbwmod” or “phpbbwstyle” and we’ll consider promoting it on the show.

Editor’s Note: Apologies for the time it took to release this episode. I was having some difficulties getting my editing software to work properly until Apple pushed out an updated release which fixed everything. I look forward to when we’ll stop having technical difficulties on this podcast!

phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.

Download Episode

This episode did not go according to plan. We had expected to have phpBB Developer DavidMJ on as a guest today, but unbeknownst to us at the time, he had a family emergency and was unable to make it, so we ended up coming together with a pretty good show while we stalled and took comments from our live listeners (six of whom were phpBB team members!). This episode was recorded right before the release of phpBB3 RC-6 and the ensuing chaos that has followed the release, which you can read a bit about in the previous post on this blog, and which will be discussed more thoroughly on next week’s episode. We do hope to try to bring DavidMJ on sometime in November, with more details coming soon.

In this episode we talk a bit about the phpBB Security Team and Incident Investigation Team and about what those teams do, and also briefly discuss some common security vulnerabilities common in PHP code that both the developers and MOD authors need to look out for. We do a little bit more coverage of the just-about-to-be-released RC-6, and wander off for a few minutes into a discussion of Mac security vs. Windows security. (It’s not as bad as you might think.) Then, Jeffro calls in and asks us to talk a bit more about just how private private messaging is, and we also talk about changes in phpBB3 styles vs. phpBB2 styles and possible enhancements to phpBB MODding in the long-term future.

The MOD of the Week is Notify Admin on Registration for phpBB3 by ameeck, and the Style of the Week is Playstation for phpBB3 by Scott Stubblefield.

phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.

phpBB 3.0.RC6, probably the most hyped release candidate of phpBB so far (and definitely the one release that we’ve talked about more than any other on our show), was just released this afternoon. (Or, if you’re in Europe/Asia, it was released last night.) What’s so significant about this particular release is that it arguably includes the most changes/new features to the phpBB3 codebase since UTF-8 support arrived in Beta3, back last November. (David covered many of these features on episode #033, and we also discussed a few of these on today’s episode #034, which will be released really soon.)

It was also revealed that the phpBB3 codebase security audit was done by independent software security company SektionEins. Their website indicates that they specialize in security audits for web applications, in particular for those based on PHP. Their site also lists a number of stats about Internet attacks, and on episode #034 we talked a bit about some common vulnerabilities that web applications suffer. One of the reasons that phpBB has a bad reputation for security is because many hosts are using much much older versions of phpBB2 that have serious vulnerabilities in them. The phpBB teams over the years have been very good at getting new, fixed releases out in a timely matter, and the majority of the fault for these exploits are forum admins who don’t keep phpBB2 up-to-date, but nevertheless, the phpBB teams have been unfairly blamed many times for these. By having a codebase audit prior to Olympus going gold, phpBB3 will hopefully have a better lifetime than phpBB2 did.

However, Acyd Burn mentioned that the security audit turned up zero SQL injection vulnerabilities and zero Command Code Execution (CCE) vulnerabilities, which is excellent news and really exemplifies some of phpBB3’s superiority to phpBB2 when it comes to security. Considering that there’s over 200,000 lines of code in phpBB3, this is an excellent accomplishment and props for that goes to the Development Team. However, thanks to the security audit, RC-6 does bring along fixes for a few XSS vulnerabilities, a new password hashing mechanism, and a number of other new goodies.

Anyway, be sure that you run, don’t walk, over to the downloads page and download the RC-6 updater! The countdown to phpBB3 is getting nearer, can you feel the excitement?

UPDATE: Acyd Burn has announced that due to some problems with the RC-6 package, a new RC-7 package will be released later today. The teams will be providing auto-update packages for both RC-6 to RC-7 and RC-5 to RC-7. You probably should hold off until the new release this afternoon.
On phpBB Weekly #035, David will probably talk a bit about what happened to necessitate the RC-7 release.

If you are experiencing problems on your board with the RC-6/RC-7 update, read this article which details many problems with MODs and Styles due to the update.