morgar

About me: I'm an architect, but I have been working in software development and user interaction design for a couple of decades.

Group membership

Activity

  • morgar replied on the discussion topic Upgrading a large Elgg 1.5 community
    Yes, you are bpth right, maybe I oversimplify my expression. I understand there are a lot of different risks in not keeping the scripts updated, not only in the topics I mentioned. Our implementation is highly customized, so we delayed the upgrades... view reply
  • morgar replied on the discussion topic Upgrading a large Elgg 1.5 community
    @jededitor you are absolutely right :) We wouldn't need to upgrade because the site is working great, and about security flaws in previous versions don't affect us because we aren't using the Elgg authentication and authorization, but I'm planning... view reply
  • morgar replied on the discussion topic Upgrading a large Elgg 1.5 community
    Hey friend @DhrupDeScoop! Long time no see you. It seems that we are in the same boat :) I never had the time for upgrade it either, but now I think it's the time. We are mainly using the core plugins, but our problem is almost all views were... view reply
  • morgar replied on the discussion topic Upgrading a large Elgg 1.5 community
    Hi Brett, thanks for your answer. Yes, I have a full "twin" site for testing. My main concern is the DB conversion. If I remember right, in some upgrade the DB gets a format change. This site has 70K users and, for example, the metadata table has 1... view reply
  • morgar added a new discussion topic Upgrading a large Elgg 1.5 community in the group Feedback and Planning
    Hi friends. I'm planning to update a large Elgg implementation, still in v1.5 (!), in a couple of months. I was looking here for the right path for doing that but no luck. Maybe someone could points me where I can get that info, if it exists. Not...
    • @Carlos:
      He is right ;)
      If you go back thru the Elgg Releases' Notes;
      only find a simple reference to 'security fixes' --
      with no details of what the security holes were that got fixed
      ( makes us more secure ).
      These usually may have been XSS fixes - investigated and reported
      by " those who research " this aspect ;)
      And so... " always a good idea " is a good idea.. ;-P

    • Yes, you are bpth right, maybe I oversimplify my expression. I understand there are a lot of different risks in not keeping the scripts updated, not only in the topics I mentioned. Our implementation is highly customized, so we delayed the upgrades because it will surely require lot of rewriting, but ok, this seems to be the right moment :)

    • Hi Morgar,

      I've also been rewriting plugins originally written for Elgg 1.5 or earlier and yes, rewriting them correctly for 1.8 is quite a bit of work.

      The good side is that the database changes have not been huge - it is more the API and look and feel changes that affect the code.

      To be honest, I wasn't that motivated to make major changes for Elgg 1.7. Sure, the new API functions were more convenient but that helps only when creating new code. For existing code, my attitude was: if it ain't broke, don't fix it. So I just added some security tokens and kept going.

      For Elgg 1.8 there is no such simple fix. Moreover, the design changes and the new sticky form system are such an improvement that it is worth taking the time to rework my plugins from the ground up.

      I keep telling myself that the effort will be worth it once I'm done digging my tunnel to the other side of the mountain.

      :)