Mike Macgirvin
 High Range, AustraliaFri, 24 Jun 2016 10:36:02 +1000 last edited: Fri, 24 Jun 2016 10:46:09 +1000  
Here are some of the things I'm working on currently:

CalDAV client and event integration
Platform and DB migration (continued)
Extensible Permissions
Friendica Protocol connector
Webmail integration
DAV based backup/restore (of your entire channel - posts, files, photos, everything). This is the best way to get around all the webserver memory limits that we run into with JSON backup/restore and it's platform neutral. Will work on Windows. Will work on your cell phone (if your SSD is big enough). Will work with rsync and/or stream to a tape drive without requiring any additional software.

These are all pretty heavy duty efforts and completion of any or all of them could be some time into the future. I'll suggest https://macgirvin.com/donate as the most effective way to make any or all of these things happen more quickly.

#hubzilla #donate
Mike Macgirvin
 High Range, AustraliaWed, 22 Jun 2016 18:09:28 +1000 last edited: Wed, 22 Jun 2016 20:20:35 +1000  
In honour of the Brexit vote...


The Clash - Should I Stay or Should I Go
by theclashVEVO on YouTube
elmussol
 Wed, 22 Jun 2016 20:20:28 +1000 
Marshall Sutherland
 Fri, 24 Jun 2016 22:23:09 +1000 
My wife, who seems to be taking this decision very personally, acts like...

R.E.M. - It's The End Of The World
by emimusic on YouTube
Mike Macgirvin
 High Range, AustraliaWed, 22 Jun 2016 14:43:27 +1000 
Let's see who's paying attention.

Image/photo
Charles Roth MPC
 Fri, 24 Jun 2016 04:45:29 +1000 last edited: Fri, 24 Jun 2016 04:45:55 +1000  
/id/

Poor @Mike Macgirvin , it must be painful watching the gears of my mind turn so slowly trying to grasp this.
Mike Macgirvin
 Fri, 24 Jun 2016 06:40:19 +1000 
You're doing just fine.

I've still got folks telling me that they won't use Hubzilla because although cloning is interesting, it's flawed because there's no way to automatically backup the data in their account.

Sure there is, channel export is also provided in the API. This is in fact how we clone from another server.

Those gears are moving glacially.
Mike Macgirvin
 High Range, AustraliaWed, 22 Jun 2016 11:57:36 +1000 
Might not look like much, but deserving of a #homebrew ;  because I had to bludgeon an uncooperative libCurl and PHP into submission before I could start conversing with servers in CalDAV.  Now the floodgates have been opened and we be talking up a storm.

It's kinda' spooky when something like this changes from being an obscure and arcane protocol response to something you can understand and make use of - and verify that it is indeed correct. This packet merely indicates that the calendar I'm interested in ("Reminders") is now at revision 4. If I've got an early revision, I need to pull an update and merge it.

  
[code=xml]
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:cal="urn:ietf:params:xml:ns:caldav" xmlns:cs="http://calendarserver.org/ns/" xmlns:card="urn:ietf:params:xml:ns:carddav">
<d:response>
  <d:href>/cdav/calendars/hubzilla/reminders.ics/</d:href>
  <d:propstat>
   <d:prop>
    <d:displayname>Reminders</d:displayname>
    <cs:getctag>http://sabre.io/ns/sync/4</cs:getctag>
    <d:sync-token>http://sabre.io/ns/sync/4</d:sync-token>
   </d:prop>
   <d:status>HTTP/1.1 200 OK</d:status>
  </d:propstat>
</d:response>
</d:multistatus>
[/code]
Haakon Meland Eriksen
 Wed, 22 Jun 2016 14:34:52 +1000 
Image/photo
Alexandre Hannud Abdo
 Fri, 24 Jun 2016 07:14:05 +1000 
Image/photo
Mike Macgirvin

Announce: Hubzilla 1.8

 High Range, AustraliaMon, 20 Jun 2016 12:30:25 +1000 
Hubzilla Community Server release 1.8 is now available.

https://github.com/redmatrix/hubzilla

Hubzilla 1.8
    Administration:
        Cleanup and resolve some edge cases with addon repository manager
        Provide sort field and direction on all fields of account and channel administration tables
        Rename 'user' administration to account administration to reflect its true purpose
        'safemode' tool to quickly disable and re-enable addons during a hypothetical upgrade crisis
    Security:
        Edited comments to private posts could lose their privacy settings under some circumstances
        Provide zot-finger signatures to prevent a possible but rare exploit involving DNS spoofing and phishing
    ACL selections:
        Various improvements to the ACL editor to further simplify the concepts and make it more intuitive
    Chat:
        Notifications of chatroom activity using standard browser notification interfaces.
    Themes:
        Allow a theme:schema string to represent a valid theme name. This fixes issues with setting schemas on site themes.
    Pubsites:
        Show server role (identify UNO or basic sites as opposed to hubzilla pro) and link to statistics
    Documentation:
        Clarify privacy rights of commenters w/r/t conversation owners, as this policy is network dependent.
    Wiki (Git backed):
        Brand new feature. We'll call it experimental until it has undergone a bit more testing.
    Account Cloning:
        Regression on clone channel creation created a new channel name each time.
        New issue (fixed) with directory creation on cloned file content
    Content Rendering:
        Add inline code (in addition to the existing code blocks) to BBcode
        Add emoji reactions
        Add emojis as extended smilies with auto-complete support
        Emoji added as feature so it can be enabled/disabled and locked
        Ability to configure the standard reactions available on a site basis
        Disable 'convenience' ajax autoload on pgdn key, as it could lead to premature memory exhaustion
    Photos:
        Change album sort ordering, allow widgets and plugins to define other orderings
    Apps:
        Synchronise app list with changes to system apps
        Preserve existing app categories on app updates/edits
        Regression: fixed translated system app names
    Architecture:
        Provide autoloaded class files and libraries for plugins.
        Further refactoring of session driver to sort out some cookie anomolies
        Experimental PDO database driver
        Creation of Daemon Master class and port all daemon (background task) interfaces to use it
        Create separate class for each of 'Cron', 'Cron daily', and 'Cron weekly'.
        Always run a Cron maintenance task if not run in the last four hours
        Refactor the template classes
        Refactor the ConversationItem mess into ThreadItem and ThreadStream
        Refactor Apps, Enotify, and Chat library code
        Refactor the various Config libraries (Config, PConfig, XConfig, AConfig, AbConfig, and IConfig)
        Created WebServer class for top level
        Remove mcrypt dependencies (deprecated in PHP 7.1)
        Remove all reserved (including merely 'not recommended') words as DB table column names
        Provide mutex lock on DB logging to prevent recursion under rare failure modes.
    Bugfixes:
        Remove db_close function on page end - not needed and will not work with persistent DB connections.
        Undefined ref_session_write
        Some session functions needed to be static to work with CalDAV/CardDAV
        CLI interface: argc and argv were reversed
        HTML entities double encoded in edited titles
        Prevent delivering to empty recipients
        Sabre library setting some security headers for SAML after we've emitted HTML content
        Always initialise miniApp (caused obscure warning message if not set)
        Block 'sys' channels from being 'random profile' candidates
        DB update failed email could be sent in the wrong language under rare circumstances
        Openid remote authentication used incorrect namespace
        URL attached to profile "things" was not linked, always showing the "thing" manage page
        New connection wasn't added to default privacy group when "auto-accept" was enabled
        Regression: iconfig sharing wasn't working properly
    Plugins:
        CalDAV/CardDAV plugin provided
        Issue sending Diaspora 'like' activities from sources that did not propagate the DCV
        Allow 'superblock' to work across API calls from third party clients
        statistics.json: use 'zot' as protocol
        Issues fixed during testing of ability to follow Diaspora tags
        Parse issue with Diaspora reshare content
        Chess: moved to main repo, ported to 1.8

#announce #hubzilla
Sean Tilley
 Tue, 21 Jun 2016 03:10:28 +1000 
Image/photo
Sean Tilley
 Tue, 21 Jun 2016 03:11:04 +1000 
Congrats on the release - it looks great! :D
Mike Macgirvin
 High Range, AustraliaSun, 19 Jun 2016 17:53:04 +1000 
If you ever want to marvel at the confluence of creation and evolution, one of the video masterpieces of our lifetimes,  David Attenborough: The Galapagos.
Mike Macgirvin
 High Range, AustraliaSat, 18 Jun 2016 08:14:42 +1000 
My desktop is a mess. Over 50 tabs opened in the browser. Then I realise that they are all open to open source projects and products. Not a single corporate provider.

#Winning.
Mike Macgirvin
 Mon, 20 Jun 2016 16:06:16 +1000 
So as to open discussion on the issue reporting, I'm anticipating that it will look a lot like a forum. But you'll probably have to post wall-to-wall so as to pull up the 'issue editor' when posting to the issues forum. It may or may not respond to forum mention tags since it will be more difficult on a remote site to decide whether you're writing a post or creating an issue and provide all the right dialogues.

The more complex issue is for folks that will need to connect with the issues list to post an issue, but don't necessarily want to follow every issue that gets reported. We'll likely need a new permission category for this. You can either follow as if the issues channel is a forum, or you might have a permissions toggle or subscription option which says "only send me updates/replies to issues that I created or am participating" .
Tobias
 Thu, 23 Jun 2016 18:40:03 +1000 
I like the addon of @Fabio he wrote it for Friendica, but I think if someone would port it to Hubzilla and help Fabio with the missing features placing them in both addon, that could be something.
Mike Macgirvin
 High Range, AustraliaThu, 16 Jun 2016 13:57:54 +1000 
Probably looks like dung on your server. Look at it on my channel page....

[code=php]
<?php

namespace Zotlabs\Web;

/**
* @file index.php
*
* @brief The main entry point to the application.
*/

require_once('Zotlabs/Web/WebServer.php');

$server = new WebServer();
$server->run();
[/code]
Einer von Vielen
 Thu, 16 Jun 2016 21:52:49 +1000 
Oops
Beni Grind
Thu, 16 Jun 2016 23:36:24 +1000 
Nice :D That's exactly what I missed!
Mike Macgirvin
 High Range, AustraliaWed, 15 Jun 2016 14:00:39 +1000 last edited: Thu, 16 Jun 2016 03:00:04 +1000  
Trying to architect a CalDAV client for our event manager which syncs to our CalDAV server plugin has taken some interesting twists. It's really not rocket science to write a caldav client. But the tricky part is going to be how we deal with authentication on the server.

Typically calendar clients ask you for your login credentials to the sync server, and they store these to use whenever they need to sync something.

In this case the client and server are on the same system, but in order for them to communicate, we need to store the login credentials in a manner that's reversible. This basically means your password can be more easily hacked. We've already stored it in a way that isn't reversible, but if you use caldav you're going to have it in an easily reversible form in your database.

So now I'm thinking of connecting caldav to magic-auth, which eliminates the password storage (and is a great use case for why we have magic-auth). This makes sense since in most cases, you're going to be logged in when you're syncing events. (Magic-auth securely converts your existing (authenticated) login cookies to authenticated cookies in a different domain).The difficulty is that magic-auth uses several browser redirects before you arrive authenticated at your destination. CalDAV doesn't use standard request methods like GET and POST, but more obscure things like PROPFIND and REPORT. So to make magic-auth work, one has to preserve and re-apply not just the request url, once authentication is complete, but also the request *method* across numerous redirects. This is turning out to be quite an interesting little puzzle.

An alternative solution would be to reverse engineer curl's cookie store (which probably isn't difficult but not very portable), and shove your existing session_id into the curl cookie database. I'm sure this is possible. Making magic-auth work would be a lot more fun, but it could also be an insane amount of work.
#calDAV #magic-auth