Wiki Idea Shot Down



  • Well the title says it all. I was trying to add some value to myself in light of management and help our documentation problem. Didn't go well since the idea was shot down in less than a minute. Our documentation for IP assignments, guides, pc inventory, printer inventory, and many other things are in separate files scattered around everywhere. None are in same directory. In addition other departments have the same situation where they have some shared folders but only shared with a few people and several of those staff are no longer with us. So big problem I thought. Well I spun up a vm on and installed mediawiki without any issues this time and had been working on some basic documentation for our department to showcase how it would work. Guess I'm not a salesman either lol.

    Anyway, the main reasons were he wanted to keep everything on our website even though there still isnt anything there and I have been there 2 years now and he said PHP is too insecure. He said he does vulnerability scans and PHP always gives him a lot of warnings and he wants to get away from anything that has PHP.

    So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it. As context I believe MediaWiki is built on PHP and thats what I built the department wiki with. I have used it in many projects and a few websites and have never had an issue. Is there validity to his concerns if you are properly hardening things?

    What kind of vulnerability scans would be doing on a Windows 7 network with Active Directory?

    Thanks in advance!



  • @jmoore said in Wiki Idea Shot Down:

    Anyway, the main reasons were he wanted to keep everything on our website even though there still isnt anything there and I have been there 2 years now and he said PHP is too insecure.

    Playing Devil's advocate. Why not just start putting stuff in to "our website?"



  • i was wondering why you didn't setup media wiki on their own website too. :P



  • That would of course work if done right but it isn't because no one uses it including the IT department. It's last update was 3 years ago. So public folders were made for each department but each department can only see their own documentation. The public folders are not used either according to management.

    My idea for the wiki was have it available as an organizational resource where anyone with proper credentials can log in and edit/add information for their department that others could see but have special permissions for things that needed to stay within that department. I believed it was doable and an idea worth considering.



  • @dashrender said in Wiki Idea Shot Down:

    i was wondering why you didn't setup media wiki on their own website too. :P

    Ha! Not necessarily that, but just use whatever system is on the current site owned by the person putting the brakes on the project.



  • @eddiejennings said in Wiki Idea Shot Down:

    Ha! Not necessarily that, but just use whatever system is on the current site owned by the person putting the brakes on the project.

    Yes it would of course use the existing system as I don't want to invent the wheel again so to speak.


  • Service Provider

    @jmoore said in Wiki Idea Shot Down:

    So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.

    This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.



  • Probably would have come back and asked him what he considers to be a secure technology to his vulnerability scans without sounding insubordinate. This way, you can sound like you're trying to be a team player and still help the company.

    What does he consider secure anyways? HTML5?

    Another thing is, if they are already in the network then they already have the upper hand.



  • @scottalanmiller said in Wiki Idea Shot Down:

    @jmoore said in Wiki Idea Shot Down:

    So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.

    This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.

    Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away



  • @scottalanmiller said in Wiki Idea Shot Down:

    This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.

    Alright I get that. Could be right, I really don't know. I just don't think PHP being insecure should be a reason. He also said he never liked it since the last web guy installed Wordpress to play around and they ended up with pharmaceutical ads constantly. That is just the web guy not knowing how to harden Wordpress and Apache though and php has nothing to do with that.


  • Service Provider

    @dashrender said in Wiki Idea Shot Down:

    @scottalanmiller said in Wiki Idea Shot Down:

    @jmoore said in Wiki Idea Shot Down:

    So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.

    This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.

    Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away

    Sounding incompetent is never smart, boss or not. You don't want someone documenting your lack of understanding for when you go to HIS boss to ask for a promotion since YOUR boss doesn't know he's doing.



  • @nerdydad said in Wiki Idea Shot Down:

    Probably would have come back and asked him what he considers to be a secure technology to his vulnerability scans without sounding insubordinate. This way, you can sound like you're trying to be a team player and still help the company.

    What does he consider secure anyways? HTML5?

    Another thing is, if they are already in the network then they already have the upper hand.

    Well I was trying to be a team player mostly and trying to do something that I really thought was a good idea to show people I can think about an issue they have complained about before and come up with a solution. I would like to be an admin someday so I try to learn as much as I can and think about my organization's issues.



  • @scottalanmiller said in Wiki Idea Shot Down:

    @jmoore said in Wiki Idea Shot Down:

    So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.

    This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.

    No he knows. His internal built website is more secure than all of PHP......


  • Service Provider

    @jmoore said in Wiki Idea Shot Down:

    He also said he never liked it since the last web guy installed Wordpress to play around and they ended up with pharmaceutical ads constantly. That is just the web guy not knowing how to harden Wordpress and Apache though and php has nothing to do with that.

    That's like saying "I don't like Ford because the last time I rode in one we went to a movie and I didn't enjoy it." Either he knows he's being insanely irrational or he REALLY doesn't know how this stuff works.



  • @dashrender said in Wiki Idea Shot Down:

    Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away

    You could be entirely right there Dash. Telling me php was insecure just tells me that whoever set it up did something wrong with whatever app it is working with.



  • @scottalanmiller said in Wiki Idea Shot Down:

    Sounding incompetent is never smart, boss or not. You don't want someone documenting your lack of understanding for when you go to HIS boss to ask for a promotion since YOUR boss doesn't know he's doing.

    I certainly get that and had no intention to imply that or put him on the spot. I just presented the wiki I had worked long and hard on to him then he asked if it was built on php which I answered yes to. You know the rest


  • Service Provider

    @jmoore said in Wiki Idea Shot Down:

    @dashrender said in Wiki Idea Shot Down:

    Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away

    You could be entirely right there Dash. Telling me php was insecure just tells me that whoever set it up did something wrong with whatever app it is working with.

    It tells you that he either doesn't know how any of it works, or he doesn't know what is plausible. Either way... he doesn't know enough to have a conversation about it and sound like he's aware of what you are discussing.

    Much like AshleyJR in the recent SW RAID thread. Huge thread about RAID, turns out he doesn't even know what RAID 1 is so where his math is coming from no one knows.


  • Service Provider

    @jmoore said in Wiki Idea Shot Down:

    I certainly get that and had no intention to imply that or put him on the spot.

    Sounds like you didn't. His lack of basic knowledge in the area combined with wanting to push an agenda without adequate reasoning put him on the spot, most likely.


  • Service Provider

    0_1500589593571_pzv5j7l.jpg



  • @scottalanmiller said in Wiki Idea Shot Down:

    That's like saying "I don't like Ford because the last time I rode in one we went to a movie and I didn't enjoy it." Either he knows he's being insanely irrational or he REALLY doesn't know how this stuff works.

    Well i can't believe that he doesn't know how it works so he most likely just didn't like the idea for whatever reason and that was the first thing he thought of.



  • First of all, you can keep your internal documentation site, well... internal. No chance of pharma ads then!

    Second, I purposely moved away from mediawiki. I couldn't stand it anymore, and neither could anyone else.

    A wiki-style Wordpress site has been a godsend. Copy/paste in anything from clipboard... pics, screenshots, videos... even formatting from the web or Word. It's stupid easy and fast to make a very readable wiki page. What takes 5 minutes to do on our Wordpress wiki can take hours on mediawiki. That's not an exaggeration, I mean that literally.

    Third, Wordpress is EXTREMELY secure, more-so than almost every other platform out there. Millions and millions of sites are using it without any security issue at all. Only the people who don't properly secure and maintain it get victimized... and rightfully so!



  • @scottalanmiller said in Wiki Idea Shot Down:

    It tells you that he either doesn't know how any of it works, or he doesn't know what is plausible. Either way... he doesn't know enough to have a conversation about it and sound like he's aware of what you are discussing.

    Alright I understand that. You can't know about everything so no big deal. Was just hoping I wasn't making myself look foolish to management by presenting my idea. Thanks and appreciate the comments





  • @tim_g said in Wiki Idea Shot Down:

    Third, Wordpress is EXTREMELY secure, more-so than almost every other platform out there. Millions and millions of sites are using it without any security issue at all. Only the people who don't properly secure and maintain it get victimized... and rightfully so!

    http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337
    hmmm....

    9uzhwgr.png



  • @jmoore said in Wiki Idea Shot Down:

    @scottalanmiller said in Wiki Idea Shot Down:

    Sounding incompetent is never smart, boss or not. You don't want someone documenting your lack of understanding for when you go to HIS boss to ask for a promotion since YOUR boss doesn't know he's doing.

    I certainly get that and had no intention to imply that or put him on the spot. I just presented the wiki I had worked long and hard on to him then he asked if it was built on php which I answered yes to. You know the rest

    I'm guessing Scott is write, he has no idea what those things are - and all he knew is that PHP was the old site, and he had ads and he was unhappy, so he put 1 + 1 together and said what he said...



  • @tim_g said in Wiki Idea Shot Down:

    First of all, you can keep your internal documentation site, well... internal. No chance of pharma ads then!

    Sure I get that. I had intended it be used by the organization and stay within the firewall so no chance of things like pharmaceutical ads


  • Service Provider

    @jmoore said in Wiki Idea Shot Down:

    @scottalanmiller said in Wiki Idea Shot Down:

    It tells you that he either doesn't know how any of it works, or he doesn't know what is plausible. Either way... he doesn't know enough to have a conversation about it and sound like he's aware of what you are discussing.

    Alright I understand that. You can't know about everything so no big deal. Was just hoping I wasn't making myself look foolish to management by presenting my idea. Thanks and appreciate the comments

    No, but there is a correct way to respond to things that you know and a way not to. Bluffing is not the way to do it.



  • @grey said in Wiki Idea Shot Down:

    @tim_g said in Wiki Idea Shot Down:

    Third, Wordpress is EXTREMELY secure, more-so than almost every other platform out there. Millions and millions of sites are using it without any security issue at all. Only the people who don't properly secure and maintain it get victimized... and rightfully so!

    http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337
    hmmm....

    Did you bother to look at any of those? They are all old vulnerabilities from versions of WordPress you should not be using anymore. If you get hit, your fault!

    Edit: Literally, like every single one of them!



  • @tim_g said in Wiki Idea Shot Down:

    A wiki-style Wordpress site has been a godsend. Copy/paste in anything from clipboard... pics, screenshots, videos... even formatting from the web or Word. It's stupid easy and fast to make a very readable wiki page. What takes 5 minutes to do on our Wordpress wiki can take hours on mediawiki. That's not an exaggeration, I mean that literally.

    Always willing to try new things. Do you remember any of the plugin names that made this "wiki-style" ?

    Also I like mediawiki because it is much easier to navigate and get to the area you need than is Wordpress from what I have seen anyway. Thats why I chose a wiki for this project.



  • @tim_g said in Wiki Idea Shot Down:

    Did you bother to look at any of those? They are all old vulnerabilities from versions of WordPress you should not be using anymore. If you get hit, your fault!

    Yeah Wordpress has always been good to me. I have run 2 websites for years and never got hacked which is really a miracle because at first I had no idea what I was doing. The only problem I've had was hackers doing so many attempts at my log in pages and server root that sometimes the site would go down when the server ran out of memory. I had a small server though and after I researched the issue just saw that it was a misconfiguration from Apache which i long since fixed. No issues since then. Knock on lots of Wood!


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.