Mike Macgirvin
 High Range, AustraliaTue, 03 May 2016 18:42:14 +1000 
You certainly don't want to make any enemies around here. This is the second time I've needed help disposing of a body (*). One phone call. "Leave it to me mate".  

(*) First time was a goat. This time it was a horse.
 Tue, 03 May 2016 19:20:49 +1000 
Openeing the "Dead Animals Zoo". Any ambalmer nearby?
Mike Macgirvin
 High Range, AustraliaTue, 03 May 2016 09:25:22 +1000 
I've been slowly getting my head around what it will take to fix oembed security. I've also implemented some stuff - but don't get comfortable with those changes just yet.

I've attempted in all of this to ensure that youtube videos work out of the box, without any configuration changes. Also that profile embeds from other hubzilla members work out of the box. But this premise is wrong and unfortunately I think it has to change. Basically embeds have to go through an HTML purifier to remove bad stuff. All of them - by default.

This will break youtube videos.

My current thinking is to provide an addon (called something like 'std_embeds' perhaps) that will re-enable the top handful of embedded media sites (youtube, soundcloud, and vimeo) which use "dangerous" code and allow them to run unfiltered.  I'm not going to put this in core because we're trying to maintain absolutely zero hacks pertaining to large corporate services in core. This is not Facebook and this is not Google. This is Hubzilla. We stand on our own. Anything that needs to build bridges to these large corporate octopodes needs to be in addons.

Anyway this note is mostly to warn you that if youtube stops working, look around addons for something to bring it back. This doesn't exist today, but it may exist by the time you need to go looking for it.
giac hellvecio
 Tue, 03 May 2016 10:39:03 +1000 
Mike Macgirvin
 High Range, AustraliaSun, 01 May 2016 09:41:50 +1000 
Release versioning in a multi-tag world....

Wondering how best to manage release tagging. Let me offer an example. I work primarily in the dev tree. We've got an interface version there, let's call it 1.4.2. Master is at 1.4. But what happens if we provide a bugfix on master? Shouldn't we roll the master version? What do we roll it to? We can't use 1.4.1 because that already matches a possibly unrleated interface change elsewhere. We can't really call it 1.4.3 because the master branch may not yet have 1.4.1 and 1.4.2. A plugin could not use this as a reliable indicator that an interface has been applied.

I'm sort of thinking for master we want to go alpha. So you'd have 1.4a (b,c, etc.) or 1.4.0a - this way the numbering between the branches remains independent, but you would have an easy way to determine if there have been bugfixes on master since you last pulled.

I'm also thinking we should probably freeze the rev date at the last change. That just confuses things. So that just becomes a build date and nothing more. That's already the case since 2016-05-01.xxxxH is a different git revision and entirely different functionality on both master and dev, so it loses relevance. Perhaps we should deprecate it.  

Any thoughts?  

Oh yeah Happy #MAYDAY
 Sun, 01 May 2016 19:45:23 +1000 
I mostly like the idea of having only 2 numbers used for main versioning. The first would be the major version, the second the minor one. If there are a lot of minor versions between major ones the second number can go double digits. You can then reserve the 3rd number for bugfix releases only (or use an alpha character for this).
So for instance 1.26.0 (or 1.26)  would be a stable version on the master branch while you'd be working on 1.27.0 (or 1.27) on the dev branch. If there's a bugfix, it's going to be 1.26.1 (or 1.26a) on master.
You could also branch off every release for testing and preparing before merging it to master while development can go on in parallel on the dev branch.
I'm a huge fan of this model (and derivatives):
Andrew Manning
 Sun, 01 May 2016 21:13:26 +1000 
I agree with @phellmes . I found that same article last night and was going to share it. It is highly relevant to what we are already doing and shows how we can extend what we're doing to deal with these parallel development and stable release issues.
Mike Macgirvin
 High Range, AustraliaThu, 28 Apr 2016 15:02:46 +1000 
Sorry I've been bizzy on other stuff and just noticed there's a different icon for context help now and I hadn't explored the 'highlight element' feature previously. That's fine - quite nice all the way around, but we seem to have lost any way to click through to the main help page if context help is present.
Mario Vavti
 Thu, 28 Apr 2016 20:03:48 +1000 
Right... I'll look for a nice place to put the /help link in the context help window...
Haakon Meland Eriksen
Sat, 30 Apr 2016 19:20:09 +1000 
Thanks for both efforts here - /help was easy and needs to be easy. The context help is very nice too, but perhaps a little too "in your face" at all times in the navbar? I was like "YES, this is great - now I know what the network page is." and then I was like "But where is the overview Help pages?" and I had to type it in by hand using knowledge in the head. Great if you manage to work this out.
Mike Macgirvin
 High Range, AustraliaWed, 27 Apr 2016 11:45:18 +1000 
We're one step closer to making nomadic identity work better with  "singletons". Singletons are connections that are on networks which don't support nomadic identity.

In the latest commits, when things you create or interact with are synced to your channel clones, the clones should now deliver any applicable stuff to any singletons they are connected with. So as long as none of the hubs that are connected to the singletons are actually down, it might appear as if nomadic identity works across networks.

It's only an illusion. Nomadic identity isn't supported on singletons and its usefulness only becomes blatantly obvious when hubs are actually down.
giac hellvecio
 Thu, 28 Apr 2016 00:39:20 +1000 
if I understand correctly, there is a way to trick those software/networks that do not recognize the nomadic identity, the possibility of having an illusion of nomadic identity, and so continue to communicate with everyone.
Mike Macgirvin
 High Range, AustraliaSat, 23 Apr 2016 18:34:52 +1000 
Trying to come up with a clean method of providing object oriented plugins without losing compatibility with our existing plugin system is proving a bit of a tough nut to crack. We'll get there...
Mike Macgirvin
 Sun, 24 Apr 2016 08:39:53 +1000 
Indeed I appear to be winning. So the functionality is there right now. Will need some doco on how to make use of it. It essentially uses the PHP internal convention of calling a class method as an array. So the function parameter when registering the hook is


and off you go... There were some technical issues using '\\Myclass::method' in a string. Theoretically it should work just fine, but in practice there are a lot of complications which make it a bit nasty

(By the way, can we agree that v1.5 is the release corresponding to a stable core using the new object-oriented system? This is a big deal and needs a common vocabulary. I know some people hate words like "milestone" and "schedule" but at least let's have similar expectations.)

That's a reasonable expectation.
Mike Macgirvin
 Sun, 24 Apr 2016 09:33:10 +1000 
Incidentally, this has bitten me a few times this week, so mentioning it:

There have been so many architecture changes the last couple of weeks which affect the interaction of core and plugins that if you need to switch between dev and master, you're going to whitescreen if you don't switch both core and plugins. This should stabilise after 1.5. The MinVersion setting isn't catching it completely as we aren't running the version check for every page load - only when you make plugin changes. That's a bug, but could hurt performance if we have to parse every plugin file for every page load.
Mike Macgirvin
 High Range, AustraliaFri, 22 Apr 2016 13:23:12 +1000 
Pardon the dust.

$ git diff 1.0 | wc -l
Chris en
 Sat, 23 Apr 2016 23:24:42 +1000 
You should make stable version for version that does not change often
dev version
lightspeed version for version that change every miliseconds
Einer von Vielen
 Wed, 27 Apr 2016 00:04:24 +1000 
I like the concept to deploy early and often. No bing bang. But I am not sure to pull dev (instead of master) for my digitalesparadies.de
Michael Meer
 Fri, 22 Apr 2016 18:38:35 +1000 
Herzlichen Glückwunsch zum Geburtstag!
congratulations and a happy Birthday!
 Fri, 22 Apr 2016 20:15:52 +1000 
Thank you all! Usually (in real life) I receive much less HBs. This is a record for me :)
Mike Macgirvin
 High Range, AustraliaMon, 18 Apr 2016 15:53:22 +1000 
@Channel One+ @Redmatrix / Hubzilla Support Channel+

Just noticed that the editor button layout changed recently on the rpost module (probably due to the addition of bbcode autocomplete). That's OK, but there's a little issue that if you are viewing in a small viewport (cell-phone or firefox's share dialogue) the drop down menu that opens is positioned mostly offscreen and you can't read the entries.

Mario Vavti
 Mon, 18 Apr 2016 18:32:18 +1000 
Oups... Sorry... Thats my fault... Since we use jot in many situations i added a switch to not show the bbcode buttons where not appropriate and probably missed a situation or two...
Mike Macgirvin

Modules and Controllers

 High Range, AustraliaSat, 16 Apr 2016 16:26:20 +1000 last edited: Sat, 16 Apr 2016 16:28:01 +1000  
The way we route URLs to functions in hubzilla is about to get a major facelift. This post is targeted to developers. Others can safely ignore.

Previously, if you wanted to visit a URL on your site at https://yoursite/foo we mapped it to a file called mod/foo.php and a set of functions in that file such as foo_init(), foo_post(), and foo_content() to process any input and generate output.

We will continue to use the same basic method, but the architecture is changing to an object oriented (rather than procedural) design. In the new world, if you visit https://yoursite/foo we will map it to an extended Controller class in the directory Zotlabs/Module - which is defined thusly:


namespace Zotlabs\Module;

class Foo extends Zotlabs\Web\Controller {

    function init() { // do init stuff here

    function post() {  // do post stuff here

    function get() { this replace the old mod_content() function


Note that the chosen class name is the same as the target URL, but with an uppercased first letter.

We will continue to support the old method for some time into the future. But new modules should probably be written to the new interface. You may notice we no longer pass $a to these functions, since that was moved to an \App static class a couple of weeks ago and is no longer relevant.

This code is not yet available on the dev branch. I'm providing some warning so you know what to expect. The routing components will land sometime in the next several days, and existing modules will be ported over the coming week or two. There should not be any compatibility issues with any existing code. The exact method for routing to plugins will stay the same *at this time* because the plugin interface is going to undergo a completely different transition once the controller interface upgrade is complete.
Mike Macgirvin
 Sun, 17 Apr 2016 07:04:51 +1000 
In fact that's coming. We can extend the router to work with arbitrary functions (with any name) and we've done this with plugins, but it causes a performance problem. Essentially you would have to load every controller on the system and say "I've got a URL 'foo'. Do you handle it? No? OK, Next..." Some CMS's work this way and turn into memory hogs. An alternative is to put the URL mapping table into the DB and one would have to register each new controller and the routes it serves when the controller is installed. That's the approach I prefer. Then you do a lookup and load just what you have to load. We still need the module system or something like it as a high-performance first try for the bootstrap phase and also it has a unique ability to make controllers hot-pluggable. Drop it in and go, no installation or registration required.
Mike Macgirvin
 Sun, 17 Apr 2016 08:48:28 +1000 
On the bright side it appears I can upgrade about 140 of the existing modules with a script, leaving just under 20 that require hand tweaking.
Mike Macgirvin
 High Range, AustraliaFri, 15 Apr 2016 18:39:05 +1000 
I would probably announce a Hubzilla 1.4 release but I'm way too busy working on 1.5. Anyway dev has been rolled forward to master and we're starting another cycle.
Jeroen van Riet Paap
 Sat, 16 Apr 2016 04:11:59 +1000 
Probably the edit of my comment didn't came through. The edit was:

Edit: OK, forget it. Switching to another channel and back fixed it. Probably related to that session-thing.
Haakon Meland Eriksen
 Sun, 17 Apr 2016 05:22:24 +1000 
#fixed - emptied browser cache
Mike Macgirvin
 High Range, AustraliaTue, 12 Apr 2016 09:14:43 +1000 
Need some testing help from folks that are comfortable using the dev branch. In the last few days the session management code has been revamped. Except for one brief hiccup which repaired itself, I can't get it to fail; however at least one person is having persistent issues.

Basically, checkout the dev branch and login/logout and do things in between. See if you can get it to fail to login or logout correctly. Try with and without 'remember me'. If you have difficulties, let us know your PHP version, web server, and whatever you can tell us about what you were doing when it messed up. The more detail the merrier. Bonus points for examining your website cookies in your browser and those stored in the DB and finding anomalies with them. It might also be useful to know the values of


If you get stuck and can't login or logout, you may be able to get out of it by visiting /login or /logout directly, and as a last resort removing browser cookies for your site or emptying your session table (but please report any details before removing them).
Andrew Manning
Fri, 15 Apr 2016 11:08:57 +1000 
Log in/out with/without "remember me" works. Tried various other functions and pages with no errors.

  • Version 2016-04-13.1365H+ed0bff7
  • PHP 5.5.9-1ubuntu4.14
  • Linux 3.13.0-57-generic #95-Ubuntu SMP Fri Jun 19 09:28:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  • mysql  Ver 14.14 Distrib 5.5.47, for debian-linux-gnu (x86_64) using readline 6.3
Waitman Gobble
 Sat, 16 Apr 2016 09:24:03 +1000 
looks like the fix solved the issue @Mike Macgirvin thanks
Mike Macgirvin
 High Range, AustraliaMon, 11 Apr 2016 11:47:18 +1000 
Freedom isn't just a word. It's a noun.
Einer von Vielen
 Mon, 11 Apr 2016 22:45:46 +1000 
"Freedom is just another word for nothing left to loos" (Janis Joplin) No more data to loose for most people.
 Sun, 17 Apr 2016 07:04:37 +1000 
I'm gonna be anal and point out it's a Kris Kristofferson song. Ms Joplin did one of the finest of many renditions.
Mike Macgirvin
 High Range, AustraliaSat, 09 Apr 2016 08:18:22 +1000 
I'm going to keep this ten year old computer a while longer. I've discovered over the last year that it's a great spyware detector. Whenever you hit one of those clickbait sites the fan starts getting louder as it's crunching through all the javascript that's digging around your computer for anything it can send home. So as soon as I hear the fan I close that particular window.
Manuel Jiménez Friaza
 Sat, 09 Apr 2016 18:28:12 +1000 
XDDD I'll be more attentive to the roars of my fan!
Seth Martin
 Sat, 09 Apr 2016 22:30:04 +1000 
A few weeks ago, one of the desktop computers at home had the fan kicking in to high speed frequently sounding like a rocket ship! I told the roommates to use some of my thermal paste to replace the old at the processor/heatsink because the old is probably useless at this age. The paste never got replaced and now it has overheated and dead but somehow it's my fault for not taking care of it for them.

Apparently, the fan's high speed whine didn't make them want it fixed bad enough to do it themselves, but having a non-functional computer has them taking it apart, trying to fix it over and over again even though I told them it's too late, only a new processor will fix it.
Mike Macgirvin
 High Range, AustraliaFri, 08 Apr 2016 08:52:39 +1000 

I have it from somewhat reliable sources that birthday greetings are in order (tomorrow); old man.
Manuel Jiménez Friaza
 Fri, 08 Apr 2016 14:58:30 +1000 
@elmussol Happy birthday, friend!
 Fri, 08 Apr 2016 20:16:05 +1000 
Mike Macgirvin
 High Range, AustraliaThu, 07 Apr 2016 19:48:18 +1000 
This is actually pretty cool.

Share a photo. Only with Bill.

Bill visits your website. He sees the photo. Debbie visits your website. She can't see the photo.

Bill's website has financial problems and shuts down.  He goes to another site. He visits yours. He can still see the photo. Debbie can't. Debbie goes to another site. She still can't.

Your service provider is having a bad day with a router so you go to another site until they get their stuff sorted. You still have your photo album, your profile, your stream and all your friends. In particular, you're still friends with Bill and Debbie. You write to them.

Bill visits your new (temporary) site. He can still see the photo in your photo album; even though you're now both on different sites than where you were when you first shared it with him. You've not touched the photo at all - only when you first published it and made it visible to Bill. In fact everything looks exactly the same. You look at your social stream. It's exactly the same - nothing missing. Nothing is different.

Debbie looks at your photo album on your temporary server. She still can't see the photo.  

Sean Tilley
 Sat, 09 Apr 2016 08:57:34 +1000 
I really wish other federated platforms would also support MagicAuth. It's just so incredibly useful.
Beni Grind
 Sat, 09 Apr 2016 17:20:30 +1000 
@Mike Macgirvin I agree that both go hand in hand. Decentralized permissions don't make sense without nomadic identities. On the other hand, nomadic identities don't work seamlessly without decentralized permission, and for something to even have the potential to be picked up by the broad masses it has to work seamlessly.
Mike Macgirvin
 High Range, AustraliaThu, 07 Apr 2016 06:55:46 +1000 
Status update on a few things.

How not to do federation, continued... Diaspora protocol changes are proving to be a tough nutter. We're now forced to store Diaspora XML messages for every comment that comes into the system - whether or not you have the Diaspora protocol enabled; because the channel which owns the conversation might have the Diaspora protocol enabled. And if you don't sign the post using the Diaspora signing string on the Diaspora XML message nobody using Diaspora (or Friendica) will see it.

Anyway, the XML parser we were using creates XML compound objects which can't easily be stored, and we really don't want to parse the XML over and over again. So.... I'm switching out the XML parser to use xml2array which provides a serialisable standard array. But I basically had to rewrite the entire Diaspora connector. I will be adding the signing crap over the next few weeks and using our item-meta config for a storage mechanism. Will probably convert the existing "diaspora_meta" storage to iconfig since it's a more generalised solution for storing arbitrary data that really isn't needed by hubzilla itself but may be needed by addons. There are a number of other Diaspora changes coming that will make unnecessary work on this side. I really don't desire to work on this at all, but sort of need to keep it progressing because otherwise the amount of work necessary to catch up when stuff breaks will be daunting.

I went back and started again to tackle syncing files/photos to clones. It's a hard problem. There's a new doc page at help/filesync outlining how I currently envision it happening. I've got the basics in place so I think we'll have sync ability "soon" (depending on what time and resource can be invested into the problem). Currently the prime focus is to sync new file changes to an existing clone. Export/import of files (offline storage of all the files and metadata that we require for mirror reconstruction) is a bit harder but I may have a Unix solution without a lot of additional work. Using a Windows system is a bit harder. We need client side bits to run through each of the files and do the magic because if you do it server side you'll exhaust memory.

GNU-social connector is on hold because recent changes there really screwed up federation and the ability to test stuff. We'll see if it sorts itself out.

Friendica (DFRN) connector moving very slowly. It's conceptually not challenging but mostly just a lack of available time/resources to push it forward until one or more of my other projects is finished or stalls.
Haakon Meland Eriksen
 Thu, 07 Apr 2016 20:06:28 +1000 
Thanks, Mike - this makes sense.

So there are perhaps three use cases I should cover? I am at work now, but does this look correct?

1) Update your master to upstream master branch

git fetch upstream;git checkout master;git merge upstream/master;git push origin;git push openshift HEAD

2) Update your master to upstream dev branch

git fetch upstream;git checkout dev;git merge upstream/dev;git push origin;git push openshift HEAD

3) Update your dev branch to upstream dev branch

git fetch upstream;git checkout dev;git merge upstream/dev;git push origin/dev;git push openshift HEAD
Einer von Vielen
 Fri, 08 Apr 2016 01:44:12 +1000 last edited: Fri, 08 Apr 2016 01:44:18 +1000  
Einer von Vielen hat Mike Macgirvins Kommentar mit ⋕git verschlagwortet
Mike Macgirvin
 High Range, AustraliaFri, 01 Apr 2016 19:14:08 +1100 
The new chat page is nice. Thanks again Mario.
 Fri, 01 Apr 2016 21:18:38 +1100 
It's very nice indeed!
A friend of mine can't join it using the old link though. The chat is private, is hosted on my account and he's on the same hub.
 Sat, 02 Apr 2016 00:27:28 +1100 
It's working now! It looks like it's been fixed :) Thanks!!
Mike Macgirvin

IMPORTANT: potentially destablising update

 High Range, AustraliaFri, 01 Apr 2016 11:28:50 +1100 
A major code update will be landing this afternoon (about 3 hours from now). With this update, we are deprecating the global App variable known as $a - which is used most everywhere in the code, and replacing it with a static class (App::).

I've got this code running in test currently and it appears to be working smoothly. It is likely to have issues with third party themes and plugins (anything not in the central hubzilla repositories).  These will be fine once they are updated.

If your site whitescreens when this update is applied, it is best to temporarily disable any third party addons until they are updated. You can do this with the cmd-line tool:

% util/addons list                    # list installed plugins

% util/addons uninstall foo      # remove the foo plugin
Mike Macgirvin
 Sun, 03 Apr 2016 06:56:40 +1000 
The error is line 65 in Router.php

Andrew Manning
 Sun, 03 Apr 2016 10:21:48 +1000 
You also need to replace
new AccessList
new Zotlabs\Access\AccessList
Mike Macgirvin
 High Range, AustraliaSun, 27 Mar 2016 08:57:46 +1100 
As long as I'm working on federation bridges to platforms where everybody hates me and the work I'm doing, the question is what should come after Diaspora and GNU-social? I'm thinking DFRN (Friendica) should be next because there is so much more hate for me than for instance Pump.io. I could probably build a killer federation bridge to DFRN because it's got a (primitive) implementation of magic-auth.
Mike Macgirvin
 Tue, 29 Mar 2016 14:05:17 +1100 
I don't dwell much on the negativity. Learned long ago that it's OK for people to not like you. In some respects it's something to be proud of.
 Tue, 29 Mar 2016 19:58:29 +1100 
@Mike Macgirvin  just call it wisdom of age :-)
And thanks for your great work (again). "People" are one of the reasons why I'm still at Friendica and Hubzilla.