Well, maybe we ought to take more of this "conversation" "off-line", and/or perhaps make an adjustment to its tone.
First of all, I think we ought to thank, and not forget, that most - if not quite literally all - of this, is volunteer done/run/operated. So, we should be thankful and appropriately appreciative of all the hard work that's been done and what we have gotten. Sure, things haven't been and will likely never be "perfect".
Sure, we can continue to work on ways to improve things. But we should be cautious to do so in manners that well leverage and utilize what resources we have, or potentially have, to work with. Of course we also want to appropriately consider what does and/or doesn't work (and how well, with what risks/trade-offs, etc.) in terms of general benefit and use to BALUG "members" (users of site/lists, those that come to our meetings, etc.), and also factors such as supportability, maintainability, etc.
I know I certainly appreciate the work that Michael Hubbard and Xavier and others have done regarding site work and support, web page work, materials contribution, etc.
And in general, it's best not to tick off those that have done and/or continue to do significant good work / support for one's organization - even if it may not be perfect and/or all that may be desired.
Anyway, hopefully we can mostly manage constructive useful dialogs.
Sorry if I might have sounded a wee bit alarmist when the main web page of http://www.balug.org/ had been trashed, but I was mostly concerned about how that looked for and reflected upon BALUG. I am quite glad that we did get at least the most obvious damage (the web page defacement) corrected relatively quickly.
Anyway, thanks again for everyone's work on the site and for BALUG, etc.
Quoting Xavier balug-talk@xav.to:
michael@offroadgeek.com wrote: And without a back end view, its not easy or safe to assume that little has gone wrong. Moreover in the past worse has happened and nothing got done about it for a long time.
The hack that was used was a simple way to change the index.php file.
The
hackers did not actually break into the server and no security is compromised.
Do you have immutable logs to verify that?