If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Policy / Politique
The fee for tournament organizers advertising on ChessTalk is $20/event or $100/yearly unlimited for the year.
Les frais d'inscription des organisateurs de tournoi sur ChessTalk sont de 20 $/événement ou de 100 $/année illimitée.
You can etransfer to Henry Lam at chesstalkforum at gmail dot com
Transfér à Henry Lam à chesstalkforum@gmail.com
Dark Knight / Le Chevalier Noir
General Guidelines
---- Nous avons besoin d'un traduction français!
Some Basics
1. Under Board "Frequently Asked Questions" (FAQs) there are 3 sections dealing with General Forum Usage, User Profile Features, and Reading and Posting Messages. These deal with everything from Avatars to Your Notifications. Most general technical questions are covered there. Here is a link to the FAQs. https://forum.chesstalk.com/help
2. Consider using the SEARCH button if you are looking for information. You may find your question has already been answered in a previous thread.
3. If you've looked for an answer to a question, and not found one, then you should consider asking your question in a new thread. For example, there have already been questions and discussion regarding: how to do chess diagrams (FENs); crosstables that line up properly; and the numerous little “glitches” that every new site will have.
4. Read pinned or sticky threads, like this one, if they look important. This applies especially to newcomers.
5. Read the thread you're posting in before you post. There are a variety of ways to look at a thread. These are covered under “Display Modes”.
6. Thread titles: please provide some details in your thread title. This is useful for a number of reasons. It helps ChessTalk members to quickly skim the threads. It prevents duplication of threads. And so on.
7. Unnecessary thread proliferation (e.g., deliberately creating a new thread that duplicates existing discussion) is discouraged. Look to see if a thread on your topic may have already been started and, if so, consider adding your contribution to the pre-existing thread. However, starting new threads to explore side-issues that are not relevant to the original subject is strongly encouraged. A single thread on the Canadian Open, with hundreds of posts on multiple sub-topics, is no better than a dozen threads on the Open covering only a few topics. Use your good judgment when starting a new thread.
8. If and/or when sub-forums are created, please make sure to create threads in the proper place.
Debate
9. Give an opinion and back it up with a reason. Throwaway comments such as "Game X pwnz because my friend and I think so!" could be considered pointless at best, and inflammatory at worst.
10. Try to give your own opinions, not simply those copied and pasted from reviews or opinions of your friends.
Unacceptable behavior and warnings
11. In registering here at ChessTalk please note that the same or similar rules apply here as applied at the previous Boardhost message board. In particular, the following content is not permitted to appear in any messages:
* Racism
* Hatred
* Harassment
* Adult content
* Obscene material
* Nudity or pornography
* Material that infringes intellectual property or other proprietary rights of any party
* Material the posting of which is tortious or violates a contractual or fiduciary obligation you or we owe to another party
* Piracy, hacking, viruses, worms, or warez
* Spam
* Any illegal content
* unapproved Commercial banner advertisements or revenue-generating links
* Any link to or any images from a site containing any material outlined in these restrictions
* Any material deemed offensive or inappropriate by the Board staff
12. Users are welcome to challenge other points of view and opinions, but should do so respectfully. Personal attacks on others will not be tolerated. Posts and threads with unacceptable content can be closed or deleted altogether. Furthermore, a range of sanctions are possible - from a simple warning to a temporary or even a permanent banning from ChessTalk.
Helping to Moderate
13. 'Report' links (an exclamation mark inside a triangle) can be found in many places throughout the board. These links allow users to alert the board staff to anything which is offensive, objectionable or illegal. Please consider using this feature if the need arises.
Advice for free
14. You should exercise the same caution with Private Messages as you would with any public posting.
For the Saskatoon Chess Club web site (http://scc.saskchess.com), I concocted a way to use the Chess Tempo viewer (http://chesstempo.com/). Check the Games section of the SCC site for examples. The site uses Drupal, but I'm sure something similar could be done with Joomla without too much difficulty.
Thnx, I checked it. Could not figure out (read) how to insert the game in the post (http://chesstempo.com/pgn-usage.html gives instructions for the webpage, not the blog)
The plugin, which I use, allows < pgn > tag. Thus simple copy/paste works like a charm :)
Re: A New CFC Website?? Security Weakness Is Critical
As stated in several posts it is not just new vs old website but also the use of new development tools and platforms which are easier to support and maintain as well as providing increased security.
This is also an excellent time to introduce a project management methodology.
My company Arizmi Solutions Inc. controls a dedicated server having 500GB monthly transfer with Canada Web Hosting who provide superior IT support including Microsoft OS patches etc.
The server environment is .NET with SQL 2005 database, however, we can install any desirable component on server.
Economies of scale are realized with select clients on the same platform supported by the same tools.
My associates and I have been developing database applications for over 20 years and wish to start a dialog with the CFC on providing a cost effective solution for the website going forward.
I think Roger has hit the nail on the head. An up-to-date, functioning web site is essential to organizations like the CFC today. Custom coded web solutions like what the CFC has today belong to a bygone era. I happen to favour DotNetNuke but any well supported Content Management System (Joomla, Drupal, DotNetNuke, etc.) liberate staff from coding concerns. They make the upkeep of a web site a content problem not a technology problem.
A small organization like the CFC can't afford to stick with yesterday's technologies. This isn't technology for technology's sake. A couple of years ago I rewrote the Scarborough Chess Club web site in DotNetNuke. After the work of transfering the web site from one platform to another, I now have a web site that is much easier to look after. Adding pages or sections or removing them is trivial in the new framework. I now do changes to the web site that I just wouldn't undertake before because it was to much a pain in the ass. Inertia is tough to overcome and there are Luddites who decry change but I wouldn't go back to my old web site for anything. We're making the same sorts of decisions in the web sites that I manage at my place of work. We want to spend more time creating content and less time managing it.
This is not true. This website is today internet technology since it work in Internet Explorer. Even if you do not like the tools used with differents tools you will save only 10% in productivity when you have to update the data.
It is a small system so no need for differents tools, simply more time. With 3.5 hours, give me any software and you will have the same result as what we get today.
Keeping this website updated would required a minimum of 1 day per week. This is the same among of time Jean Hébert puts in HPE newsletter. Redaction work and formatting takes time. But HPE could also take more than a day of work if the user was no good with computers. When you are no good with computers everything seems complicated.
I can't say whether the hosting that the CFC is using is good or bad. Issues of hosting, etc. are not really central to the problem the CFC is facing.
Where we seem to have a definite weakness at the CFC is ASP knowledge. There's no excuse for the web site being "fixed" and then immediately hacked.
I'm not technical, but I don't see why CFC needs ASP. OK, sure, you don't want to redevelop a database-membership-rating_system that's already written in MS Access / VB / Access BASIC. Continue with that. But the database itself is updated only once a week. No data entry is done on the www. Surely the database can be exported once a week (or once a day if automated, it only should take a few seconds) and "standard methods" used to query that. So, no ASP at the CFC website. What am I missing?
I'm not technical, but I don't see why CFC needs ASP. OK, sure, you don't want to redevelop a database-membership-rating_system that's already written in MS Access / VB / Access BASIC. Continue with that. But the database itself is updated only once a week. No data entry is done on the www. Surely the database can be exported once a week (or once a day if automated, it only should take a few seconds) and "standard methods" used to query that. So, no ASP at the CFC website. What am I missing?
You need something like PHP, ASP, ASP .NET, etc. to allow you to enter a last name and retrieve a rating. And any time you allow a query on a database, you have to guard against techniques that try to overwhelm the security on the database and allow malware to be injected into the database. So unless you're happy with a static list, ASP (or something else) is necessary. Even refreshing (i.e. replacing the database) every week doesn't really buy you protection from injection attacks. The solution lies in employing appropriating professional coding practices. Any number of strategies can provide adequate protection.
You need something like PHP, ASP, ASP .NET, etc. to allow you to enter a last name and retrieve a rating. And any time you allow a query on a database, you have to guard against techniques that try to overwhelm the security on the database and allow malware to be injected into the database. So unless you're happy with a static list, ASP (or something else) is necessary. Even refreshing (i.e. replacing the database) every week doesn't really buy you protection from injection attacks. The solution lies in employing appropriating professional coding practices. Any number of strategies can provide adequate protection.
A naive question: What if a flat file is dumped out of Access (a csv file for example), and simple text searching (a cgi script in perl, say) used to retrieve the desired information?
When the database is being updated off site, it might be practical to write a program to generate static pages from the database which could then be transferred to the website.
For example, ratings could be organized alphabetically by lastname on a page starting with the first letter of the lastname.
A index page could also be created that would provide one click access to the page with your rating.
Many browsers have a find on this page feature which could be used to locate the name instead of scrolling.
No database is required on the website. The key question is who at the CFC is evaluating which processes would be practical and at a budget the CFC can afford.
SQL injection attacks in ASP queries can be avoided by not running a query - built in the code - directly against the tables, for example,
execute "select * from ratings where lastname like '%" & inputfield & "%'"
The SQL injection attack places subqueries in the input field that will also be run as part of the statement execution. These subqueries can build temporary tables,transfer data to the tables, execute stored procedures that provide access to the file system etc.
These attacks can be avoided by running a stored procedure to select the records instead of building the statement in code.
The stored procedure will limit the parameters size making it more difficult to embed longer statements in an input field. Permissions are only given to the stored procedures needed by the web pages and not to all the tables and stored procedures in the database.
Last edited by David Lyall; Tuesday, 29th September, 2009, 03:18 PM.
Reason: typos
Today at 3:30 pm, I asked IT specialist Steve Karpik to check the CFC website ratings page for the virus/unauthorized script. He checked Egis' rating page, and the Hart House summer crosstable, and the infection is STILL THERE . It is something put into the ratings database by unknown persons, and its effect is not known, but usually these incursions are in furtherance of criminal aims. It seems to me that therefore CFC members checking their ratings may be at risk still. Also, this points to the fact that our CFC website security is still very lacking. Steve advises me that a number of security measures can be taken to prohibit this kind of incursion, though the age of our website does make it more vulnerable.
Furthermore, the notice on our CFC website says:
" Our site has since been cleaned and is presently virus-free. "
Obviously this is no longer true, and should be changed.
What are the Executive/EK Gillin doing about this current new infection? What are they doing about improving security for our site while discussions go on about perhaps purchasing a new website? Why is the executive so silent on these issues?
Re: A New CFC Website?? Security Weakness Is Critical
What if a company paid the CFC an amount to develop and host the ratings, for example, $500 per year?
The company would incur all development costs which would be recouped from advertising rights on the ratings page over an agreed upon period, for example, 3 years.
As membership grows the advertising value of the page increases and a new rate is negotiated at the end of the agreed upon period.
The CFC may seek other sponsors of the page at the end of this period to who ever is willing to bid the most for the rights to the ratings page.
This solution would provide reliable hosting of the ratings page - developed with new tools - over several years as well as generate some revenue for CFC ( with no costs ) allowing the CFC to focus on membership and other initiatives.
Re: A New CFC Website?? Security Weakness Is Critical
CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
I think the USCF site has some ads on their rating page, though not many. Revenue is revenue and since the CFC lacks revenue, no harm in looking into this IMO.
CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
Re: A New CFC Website?? Security Weakness Is Critical
Who says the CFC lacks revenue? The CFC should be running a huge surplus this year since they haven't proceeded with any of the major programs in the budget.
Re: A New CFC Website?? Security Weakness Is Critical
Ads could be given a specific area on the page , for example, the page could have a design where the name entered to do ratings lookup would be on left and the ad ( graphic ) would be on right of the page - no popups.
The value of the advertising on the ratings page could grow as the membership increases, for example, each 2,000 increase in members could have the ad value grow by $500.
The idea would be to get the page established so other parties could see the page, know the number of visitors to page, and also want to advertise on that page.
Also key to the idea would be to put the page and process for updating the ratings - as viewed on the web site - developed in new tools - with increased security and reliability to ensure access to both ratings and ads over an extended period.
Tweet
Comment