@Funya Chin: That didn't make any sense? What has their financial situation got to do with what's happened in their lifetime in this example? Nothing.
@Funya Chin: That didn't make any sense? What has their financial situation got to do with what's happened in their lifetime in this example? Nothing.
Last edited by Awfy; 10-12-2008 at 06:53 PM.
I'm going to get called a suck up fo this but I couldn't care less.
Greg has been working for YouMeO for 6 months as he said. If I'm correct in what he's told me he is the only original employee left. What does this tell you? It tells you that Greg is worth a lot to YouMeO which shows in his work. If it wasn't for Greg in the first place YouMeO would possibly still have a horrible design and wouldn't be near as known as they are now.
Greg has also brought a few good staff members with him as he knows them. Again if I'm correct it's Nick and Simon. Possibly Caleb and Dan when they worked there.
6 months is a good length of time to be working in a Social Networking enviroment as you pick up things quickly and you're working in the industry.
On topic:
I actually now use the site over twitter mainly because I can tell it's going to take off soon with the right ammount of attention. Anybody who says it's going to fail I challenge you to go make a site like that in 11 days whilst working on various other projects.. One of them being a Social Network which would require time and effort each day.
Come on lad, we're from the Westcountry.
Nothing, which is why is was in brackets to try and get you to explain why you used it's success in this thread which juxtopposes the argument you brought up in the other thread, now would you care to answer how you, a 17 year old amateur "web developer" with no degree are better than most and try and "look good" by working for youmeo. The oppurtunity only arisen because you knew Calum.
I'm 18 and I'm not an amateur since I do it as a professional. That means I'm a professional web designer. I have a better knowledge of this industry because I work in it, not a single other person on this forum does - tadaaaa
However, you're using that as a stance of greatness and arrogance - insinuating that no-one on this forum has a clue about anything apart from you.
PHPSESS_REAL had nothing to do with what was wrong with the site.. at all. The system was so ****** up, you could change PHPSESSID (like normal) and it would be logged in as the "person", but would post as your original PHPSESS_REAL.
Which was basically a repeat, and was cross-referencing the sessions!
Other then the fact that the only place on the site, that was filtered and protected.. was the replies page.
The settings page was filtered a bit, but only on that page, and the display on the home..
You need to start coding in the perspective of a hacker, and then you won't have these exploits to fix.. they won't appear at all.
Think, "what would someone do right here.. if they could", then run XSS and SQLI attempts through your mind.. and always put that to the test.
Otherwise you'll come up with this everytime.
Caleb stop trying to act as if we've done wrong, it was coded in 11 days on a rush to prove we could build something in that time. So Simon didn't really have the awareness due to the hours being up to 6am in the morning after a long day at work. So you can't blame him for missing here and there, you would to.PHPSESS_REAL had nothing to do with what was wrong with the site.. at all. The system was so ****** up, you could change PHPSESSID (like normal) and it would be logged in as the "person", but would post as your original PHPSESS_REAL.
Which was basically a repeat, and was cross-referencing the sessions!
Other then the fact that the only place on the site, that was filtered and protected.. was the replies page.
The settings page was filtered a bit, but only on that page, and the display on the home..
You need to start coding in the perspective of a hacker, and then you won't have these exploits to fix.. they won't appear at all.
Think, "what would someone do right here.. if they could", then run XSS and SQLI attempts through your mind.. and always put that to the test.
Otherwise you'll come up with this everytime.
My $_POST/$_GET/$_REQUEST cleaning section had an issue where one function was above another which caused the inputs to get cleaned then uncleaned. I knew what the issue was straight away when Greg told me but I forgot to remove it from when we were developing on HG (same with the issue with the sessions).PHPSESS_REAL had nothing to do with what was wrong with the site.. at all. The system was so ****** up, you could change PHPSESSID (like normal) and it would be logged in as the "person", but would post as your original PHPSESS_REAL.
Which was basically a repeat, and was cross-referencing the sessions!
Other then the fact that the only place on the site, that was filtered and protected.. was the replies page.
The settings page was filtered a bit, but only on that page, and the display on the home..
You need to start coding in the perspective of a hacker, and then you won't have these exploits to fix.. they won't appear at all.
Think, "what would someone do right here.. if they could", then run XSS and SQLI attempts through your mind.. and always put that to the test.
Otherwise you'll come up with this everytime.
I didn't say you were involved in it, so there is no "we" in context. Simon coded it.Caleb stop trying to act as if we've done wrong, it was coded in 11 days on a rush to prove we could build something in that time. So Simon didn't really have the awareness due to the hours being up to 6am in the morning after a long day at work. So you can't blame him for missing here and there, you would to.
I don't care if it was coded in 11 days.. big whoop? It's not the time it takes.. it's the quality of it.
I/everyone else would much rather use a secure product.. then use a vulnerable one that was quickly coded through, with little thought to it.
If he didn't have the awareness.. then he should have waited until he did.
This is not some silly game, you're branding it under "Youmeo developmental labs" or some ****, then it should reflect quality.. and appear "professional".. not:
"It isn't our fault that it's vulnerable and exploitable, we coded it really fast to prove we could do it. So it doesn't matter."
This is user's data at risk, their accounts (which they signed up under..) and I'm sure the privacy policy protects their data.. wait! How can it protect their data, when a simple person executing the wrong request.. has access to all their data!
Hmm.. it can't.
Like I said.. code it in the perspective that I mentioned, and you don't have these problems.. I never have (except for simple file vulnerabilities, mime by post.. which are easily learned from), so please.. don't tell me what I would do and wouldn't do, when you certainly don't know .
If the system was flawed properly and it wasn't a simple human error from lack of memory then I would agree with you about spending more time in the mind of a hacker.
Want to hide these adverts? Register an account for free!