Ideas for 2.2

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Ideas for 2.2

Post by onli »

With 2.1 at the horizon, I felt like writing down what I plan for 2.2. Got some initial feedback from the others, and am now interested in what you think. Do you have some wishes for the next s9y version? Maybe even areas where you want to work on yourself ?

These are my ideas:


1. Change password hash

We are currently using sha1 as hash function, in https://github.com/s9y/Serendipity/blob ... .php#L2219. SHA1 is the wrong choice for passwords, as it is a fast hash that. I'd replace it with scrypt or Argon2.

For context: That is not something that is really security-relevant for a normal blog system. It is more that if someone was to capture your database and you have user accounts for thousands of users, then that hash becomes important in protecting the stored passwords from being computable with the resources a hacker has a hand, like a gpu. Still, big multi-user systems is something s9y does theoretically support.

1.1: Add rate limiting to the login function (if we don't have that already)
1.2: Rewrite autologin-cookie (issue #441)


2. Fix MySQL UTF-8 bug

That will include changing the charset of existing installations. I'm most likely the wrong dev to do that btw, I'm using so far sqlite everywhere (issue #394). But this one is very pressing.


3. PHP 7.1 compatibility

We got 7.0, but 7.1 seems to have new incompatibilities (issue #441)


4. Cleanup plugins

We should remove broken plugins, or fix them, or at the very least mark them (that idea is coming from YL, I think)


5. Responsive Images

YL mentioned that a long time ago. S9Y already has functionality for resizing images, it should thus be able to generate the needed sizes (if the original is big enough) and set them according to https://responsiveimages.org/.


6. Social Network Home

I'd like to look into whether it is possible to mirror comments on FB/etc and have them as marked comment in the blog (nod to Mario, I think we talked about that).


7. Minor: A round of Trackback/Pingback compatibility testing.

After implementing the trackback meta header it would need to be tested anyway. S9y should work well with Wordpress, and we should disallow settings that break compatibility easily, such as the IP check.


8. Database security

We had some ugly sql injections this round, thankfully not with ciritical variables, if I saw that right. The main fault is that someone made a fault when creating the responsible code, but the other fault is that we create them as raw strings in the first place. We should use prepared statements instead of escaping manually and bind the variables to them, which escapes the variables automatically, which will remove almost all the possibilities of such issues occurring. We can wrap an API around that, such that a statement looks like:

Code: Select all

$result = serendipity_db_query("SELECT * from namespace_config WHERE key = :name AND user = :user", {"name" => "editor", "user" => "otto"});
Of course, other APIs are possible.

That would mean a lot of change in the core and plugins, that is why we didn't do it so far.


9. Caching

2.1 brings the database cache, but for the next version I'd like to activate it by default, and add the functionality of using redis as cache system. My goal here is to counteract the image Wordpress has, that it fails as soon as something like Reddit or Hacker News links to it, if the admin did not do a lot of tuning. At least as much as possible with the servers we have.

---

Do you have other changes in your mind?
We also could bring back the "upcoming s9y Features" subforum, if there is a some interest.
Imajica
Regular
Posts: 59
Joined: Mon Dec 05, 2016 5:26 pm
Location: Racine
Contact:

Re: Ideas for 2.2

Post by Imajica »

as a new serendipity user (rapidly heading towards evangelist) I have a couple things I'd like to see

a way to update the footer from the theme admin panel, like some of the older templates did (I can find an example given some time)

adding social icons/links to the footer (like timeline)

adding recaptcha or a different captcha

personally I'd like to see the upcoming s9y Features subforum... I'm always wanting to see what's next

I'm not a coder, but I am a tester... and I am always willing to donate some server space for that purpose

John
yellowled
Regular
Posts: 7111
Joined: Fri Jan 13, 2006 11:46 am
Location: Eutin, Germany
Contact:

Re: Ideas for 2.2

Post by yellowled »

Imajica wrote:a way to update the footer from the theme admin panel, like some of the older templates did
That is not really a core feature, nor should it (in my opinion) necessarily be one. It should be a theme functionality (some themes may not even have a footer).
Imajica wrote:adding social icons/links to the footer (like timeline)
Same here. That is a theme-specific functionality, and it should remain that way.
Imajica wrote:adding recaptcha or a different captcha
What about the serendipity_event_recaptcha plugin, does that not work for you? (Again, this should by all means remain a plugin functionality, not core.)

YL
Imajica
Regular
Posts: 59
Joined: Mon Dec 05, 2016 5:26 pm
Location: Racine
Contact:

Re: Ideas for 2.2

Post by Imajica »

yellowled wrote:That is not really a core feature, nor should it (in my opinion) necessarily be one. It should be a theme functionality (some themes may not even have a footer).
please remember I'm new and just throwing ideas out there...
I disagree on some level.. having certain settings as universal, despite the theme, would be a nice addition IMHO
The functionality of the footer should be determined by the theme, but the base data contained within can be controlled at the core.
yellowled wrote:Same here. That is a theme-specific functionality, and it should remain that way.
Again just my opinion, if this information was stored in the core as one changes or modifies themes you wouldn't have to reenter that data... My Facebook page is universal across all themes
yellowled wrote:What about the serendipity_event_recaptcha plugin, does that not work for you? (Again, this should by all means remain a plugin functionality, not core.)
serendipity_event_recaptcha plugin didn't work at first, the documentation was incorrect and I went to http://www.recaptcha.net (which is a dead url) I just revisited it and remembered that recaptcha is a google product. So the documentation just needs to be updated

I'll just withdraw that particular suggestion. :)

John
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: Ideas for 2.2

Post by onli »

I disagree on some level.. having certain settings as universal, despite the theme, would be a nice addition IMHO
I don't disagree, btw. We already have this for the header. But for the footer it would be harder to define what should be the standardized text inside it, or even just its structure. But that might still come :)
thh
Regular
Posts: 419
Joined: Thu Oct 26, 2006 2:38 pm
Location: Stuttgart, Germany
Contact:

Re: Ideas for 2.2

Post by thh »

Imajica wrote:serendipity_event_recaptcha plugin didn't work at first, the documentation was incorrect and I went to http://www.recaptcha.net (which is a dead url) I just revisited it and remembered that recaptcha is a google product. So the documentation just needs to be updated
You're right.

I've opened a pull request with those changes (#50).
yellowled
Regular
Posts: 7111
Joined: Fri Jan 13, 2006 11:46 am
Location: Eutin, Germany
Contact:

Re: Ideas for 2.2

Post by yellowled »

Imajica wrote:I disagree on some level.. having certain settings as universal, despite the theme, would be a nice addition IMHO […] Again just my opinion, if this information was stored in the core as one changes or modifies themes you wouldn't have to reenter that data... My Facebook page is universal across all themes
All that may sound very comfortable, but the ultimate point to determine whether something should be a core functionality or a plugin is if it is useful to a majority of users. I have my doubts about this with both editing the footer and adding social links.

Please note that I'm not at all voting against implementing these features, I'm merely saying it might be better to implement them as plugins, meaning optional features to be added on if the user chooses.

YL
Imajica
Regular
Posts: 59
Joined: Mon Dec 05, 2016 5:26 pm
Location: Racine
Contact:

Re: Ideas for 2.2

Post by Imajica »

yellowled wrote:Please note that I'm not at all voting against implementing these features, I'm merely saying it might be better to implement them as plugins, meaning optional features to be added on if the user chooses.
YL
I'll concede that point... but I'd still rather put it out there then say nothing at all :)

John
Don Chambers
Regular
Posts: 3652
Joined: Mon Feb 13, 2006 2:40 am
Location: Chicago, IL, USA
Contact:

Re: Ideas for 2.2

Post by Don Chambers »

John - I think that it is great that you are offering your input. New thoughts and perspectives are always welcome.

You might be thinking of Bulletproof, which I think had a footer theme option. We went crazy with theme options in Bulletproof as we explored nearly everything we thought was possible at the time.

Timeline does have a few options in the footer which include copyright text, footer links, and social icons. I took a different approach with Timeline for social icons by coding in the choices I felt most popular.... the admin then selects the desired social media links from those available. You can modify the code in the file config.inc.php to add additional social media options.
=Don=
Imajica
Regular
Posts: 59
Joined: Mon Dec 05, 2016 5:26 pm
Location: Racine
Contact:

Re: Ideas for 2.2

Post by Imajica »

Has anyone thought about multisite?
Lux
Regular
Posts: 764
Joined: Fri Aug 12, 2005 4:36 pm
Location: Grüt, Zürich, Switzerland
Contact:

Re: Ideas for 2.2

Post by Lux »

Imajica wrote:Has anyone thought about multisite?
We already have this. It is called "shared installation".

Cheers

Dirk
Imajica
Regular
Posts: 59
Joined: Mon Dec 05, 2016 5:26 pm
Location: Racine
Contact:

Re: Ideas for 2.2

Post by Imajica »

Lux wrote:We already have this. It is called "shared installation".

Cheers

Dirk
I did see that but it's marked as experimental and at least from the documentation appears to be targeted at subdomains.

I was thinking more along the lines of:
www.mysite.com - using timeline theme
www.adifferentsite.com - using next theme
www.athirdsite - using skeleton theme

single admin interface and a single database

this is often a feature of commercial CMS systems, but is sometimes an option in opensource systems.
It was a feature in nucleus (my previous platform)

John
Lux
Regular
Posts: 764
Joined: Fri Aug 12, 2005 4:36 pm
Location: Grüt, Zürich, Switzerland
Contact:

Re: Ideas for 2.2

Post by Lux »

Imajica wrote:I did see that but it's marked as experimental and at least from the documentation appears to be targeted at subdomains.
In my opinion it is called experimental because of very few people using it.
Imajica wrote:single admin interface and a single database
I never tested it, but I think you will get several admin interfaces. You can put different blogs in one database if you change the prefix "serendipity_" for each blog to something different.

Cheers

Dirk
Post Reply