Some feedback

Having trouble installing serendipity?
Post Reply
arvin
Posts: 3
Joined: Thu Jun 30, 2016 1:06 pm

Some feedback

Post by arvin » Mon Jul 04, 2016 3:47 pm

Hi

I've been looking over Serendipity the last few days (downloaded the latest release).
You have a great looking blog package that's very easy to control and can be made very
attractive.
The interface is especially good.

Unfortunately what I'm looking for is a local blog with no third party connections (No RSS etc)
and no links elsewhere - did you know that a very simple installation of Serendipity comes with
over 4000 links to third party sites?
Ideally I'd like to see a blog with RSS as an optional plugin. Sadly they don't seem to exist
as far as I can tell.
I have had a quick look but is seems there is no way for me to modify Serendipity to
remove all the links and offsite communication.

If you should have a version that is like that I'd very much welcome it.
But for now - best wishes
Arvin.

User avatar
onli
Regular
Posts: 2243
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: Some feedback

Post by onli » Mon Jul 04, 2016 4:18 pm

Hi Arvin
Nice to see you liked it in general.

Which links do you mean with 4000 links to third party sites? I think we have by default one single link, in the footer, that is pointing to s9y.org. And that one can be removed by editing a template.

A blog is very much defined as having a rss feed, and serendipitys goal is to provide such a classical blog engine. But you could make the feed unuseable by setting a Custom feed URL under Configuration -> Feed Settings, and then activating setting Force custom feed URL? to yes. But you can't do anything against external services like superfeedr creating a feed out of your html structure, apart from setting a password via .htaccess and restricting access completely.

arvin
Posts: 3
Joined: Thu Jun 30, 2016 1:06 pm

Re: Some feedback

Post by arvin » Tue Jul 05, 2016 11:41 am

Hi Onli

Absolutely I liked it.
Not too complex to start with - easy to add features - nice clean interface.
If I was to use an RSS blog I'd certainly be looking at Serendipity. You've done
a great job with it.

My current need however is to blog locally just for my site members and that's
something no one seems to cover. My feeling is a blog is just what it says; if you
want to network it that should be an add on. The basic blog should not contain
any external links - just a blog/editor.

These days I feel it important to have full control over what you link to and how.
Having software full of code linking to third party sites makes basic security
very much harder to ensure. I suspect others are coming to the same conclusion
albeit slowly and quietly.

For the link count try a grep for "http://"

best wishes
arvin.

User avatar
onli
Regular
Posts: 2243
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: Some feedback

Post by onli » Tue Jul 05, 2016 12:01 pm

For the link count try a grep for "http://"
A link is no external communication, it is just a link, it has no security impact. We even bundle jquery locally. RSS Feeds are also nothing external, they are just another local representation of your blog that can be easier understand by feed readers, they do nothing active. A s9y blog is by default doing no networking on its own.

The one external thing I can think of are webfonts, that are fetched from google in some themes.

I think your concerns there are unfounded, but please, if you have doubts about a specific link, feel free to show it here.

arvin
Posts: 3
Joined: Thu Jun 30, 2016 1:06 pm

Re: Some feedback

Post by arvin » Wed Jul 06, 2016 1:22 pm

Onli
I don't have concerns _ Just informing you why Serendipity can't be used here.
The fact that the code and links exist in the program make it unsecure by definition.
Any code that exists that is not required - should not exist.
Hacking occurs because hackers do things programmers don't think can be done.
And accidental password releases happen all the time ... you may notice.

I wish you well with it however.

User avatar
onli
Regular
Posts: 2243
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: Some feedback

Post by onli » Wed Jul 06, 2016 1:59 pm

Thanks. I would let it rest normally, but please understand I can't let it stand like this, in case other user get confused by this.
arvin wrote:The fact that the code and links exist in the program make it unsecure by definition.
That is just wrong.
arvin wrote:Any code that exists that is not required - should not exist.
That is kind of true, but has nothing to do with feeds and nothing to do with links.
arvin wrote:And accidental password releases happen all the time ... you may notice.
That is not our prioritized threat model. But it also has nothing to do with links and feeds.

I really think that you are severely misinformed on what can be a security issue and what can not. Passive elements like links or the sole existence of rss feeds are not in any way a security issue. Completely disregarding the fact that a default serendipity installation does not have many external links (which would be bad for some seo theories).

Tip: You might be interested in a static site generator. No moving parts could be exactly what you search :)

Post Reply