README
------
-StatusNet 0.8.2 ("Life and How to Live It")
-26 Aug 2009
+StatusNet 0.9.0 ("Stand") Beta 5
+1 Feb 2010
This is the README file for StatusNet (formerly Laconica), the Open
Source microblogging platform. It includes installation instructions,
StatusNet (formerly Laconica) is a Free and Open Source microblogging
platform. It helps people in a community, company or group to exchange
-short (140 character) messages over the Web. Users can choose which
-people to "follow" and receive only their friends' or colleagues'
-status messages. It provides a similar service to sites like Twitter,
-Jaiku, Yammer, and Plurk.
+short (140 characters, by default) messages over the Web. Users can
+choose which people to "follow" and receive only their friends' or
+colleagues' status messages. It provides a similar service to sites
+like Twitter, Jaiku, Yammer, and Plurk.
With a little work, status messages can be sent to mobile phones,
instant messenger programs (GTalk/Jabber), and specially-designed
New this version
================
-This is a minor feature and bugfix release since version 0.8.0,
-released Jul 15 2009. Notable changes this version:
-
-- Laconica has been renamed StatusNet. With a few minor compatibility
- exceptions, all references to "Laconica" in code, documentation
- and comments were changed to "StatusNet".
-- A new plugin to support "infinite scroll".
-- A new plugin to support reCaptcha <http://recaptcha.net>.
-- Better logging of server errors.
-- Add an Openid-only mode for authentication.
-- 'lite' parameter for some Twitter API methods.
-- A new plugin to auto-complete nicknames for @-replies.
-- Configuration options to disable OpenID, SMS, Twitter, post-by-email, and IM.
-- Support for lighttpd <http://lighttpd.org/> using 404-based
- rewrites.
-- Support for using Twitter's OAuth authentication as a client.
-- First version of the groups API.
-- Can configure a site-wide design, including background image and
- colors.
-- Improved algorithm for replies and conversations, making
- conversation trees more accurate and useful.
-- Add a script to create a simulation database for testing/debugging.
-- Sanitize HTML for OEmbed.
-- Improved queue management for DB-based queuing.
-- More complete URL detection.
-- Hashtags now support full Unicode character set.
-- Notice inboxes are now garbage-collected on a regular basis
- at notice-write time.
-- PiwikAnalyticsPlugin updated for latest Piwik interface.
-- Attachment and notice pages can be embedded with OEmbed
- <http://www.oembed.com>.
-- Failed authentication is logged.
-- PostgreSQL schema and support brought up-to-date with 0.8.x features.
-- The installer works with PostgreSQL as well as MySQL.
-- RSS 1.0 feeds use HTTP Basic authentication in private mode.
-- Many, many bug fixes, particularly with performance.
-- Better (=working) garbage collection for old sessions.
-- Better (=working) search queries.
-- Some cleanup of HTML output.
-- Better error handling when updating Facebook.
-- Considerably better performance when using replication for API
- calls.
-- Initial unit tests.
+This is a major feature release since version 0.8.2, released Nov 1 2009.
+It is also a security release since 0.9.0beta4 January 27 2010. Beta
+users are strongly encouraged to upgrade to deal with a security alert.
+
+http://status.net/wiki/Security_alert_0000002
+
+Notable changes this version:
+
+- Records of deleted notices are stored without the notice content.
+- Much of the optional core featureset has been moved to plugins.
+- OpenID support moved from core to a plugin. Helps test the strength of
+ our plugin architecture and makes it easy to disable this
+ functionality for e.g. intranet sites.
+- Many additional hook events (see EVENTS.txt for details).
+- OMB 0.1 support re-implemented using libomb.
+- Re-structure database so notices, messages, bios and group
+ descriptions can be over 140 characters. Limit defined by
+ site administrator as configuration option; can be unlimited.
+- Configuration data now optionally stored in the database, which
+ overrides any settings in config files.
+- Twitter integration re-implemented as a plugin.
+- Facebook integration re-implemented as a plugin.
+- Role-based authorization framework. Users can have named roles, and
+ roles can have rights (e.g., to delete notices, change configuration
+ data, or ban uncooperative users). Default roles 'admin' (for
+ configuration) and 'moderator' (for community management) added.
+- Plugin for PubSubHubBub (PuSH) support.
+- Considerable code style cleanup to meet PEAR code standards.
+- Made a common library for HTTP-client access which uses available
+ HTTP libraries where possible.
+- Added statuses/home_timeline method to API.
+- Hooks for plugins to handle notices offline, either by defining
+ their own queue handler scripts or to use a default plugin queue
+ handler script.
+- Plugins can now modify the database schema, adding their own tables
+ or modifying existing ones.
+- Groups API.
+- Twitter API supports Web caching for some methods.
+- Twitter API refactored into one-action-per-method.
+- Realtime plugin supports a tear-off window.
+- FOAF for groups.
+- Moved all JavaScript tags to just before </body> by default,
+ significantly speeding up apparent page load time.
+- Added a Realtime plugin for Orbited server.
+- Added a mobile plugin to give a more mobile-phone-friendly layout
+ when a mobile browser is detected.
+- Use CSS sprites for most common icons.
+- Fixes for images and buttons on Web output.
+- New plugin requires that users validate their email before posting.
+- New plugin UserFlag lets users flag other profiles for review.
+- Considerably better i18n support. Use TranslateWiki to update
+ translations.
+- Notices and profiles now store location information.
+- New plugin, Geonames, for turning location names and lat/long pairs
+ into structured IDs and vice versa. Architecture reusable for other
+ systems.
+- Better check of license compatibility between site licenses.
+- Some improvements in XMPP output.
+- Media upload in the API.
+- Replies appear in the user's inbox.
+- Improved the UI on the bookmarklet.
+- StatusNet identities can be used as OpenID identities.
+- Script to register a user.
+- Script to make someone a group admin.
+- Script to make someone a site admin or moderator.
+- 'login' command.
+- Pluggable authentication.
+- LDAP authentication plugin.
+- Script for console interaction with the site (!).
+- Users don't see group posts from people they've blocked.
+- Admin panel interface for changing site configuration.
+- Users can be sandboxed (limited contributions) or silenced
+ (no contributions) by moderators.
+- Many changes to make language usage more consistent.
+- Sphinx search moved to a plugin.
+- GeoURL plugin.
+- Profile and group lists support hAtom.
+- Massive refactoring of util.js.
+- Mapstraction plugin to show maps on inbox and profile pages.
+- Play/pause buttons for realtime notices.
+- Support for geo microformat.
+- Partial support for feed subscriptions, RSSCloud, PubSubHubBub.
+- Support for geolocation in browser (Chrome, Firefox).
+- Quit trying to negotiate HTML format. Always use text/html.
+ We lose, and so do Web standards. Boo.
+- Better logging of request info.
+- Better output for errors in Web interface.
+- No longer store .mo files; these need to be generated.
+- Minify plugin.
+- Events to allow pluginizing logger.
+- New framework for plugin localization.
+- Gravatar plugin.
+- Add support for "repeats" (similar to Twitter's "retweets").
+- Support for repeats in Twitter API.
+- Better notification of direct messages.
+- New plugin to add "powered by StatusNet" to logo.
+- Returnto works for private sites.
+- Localisation updates, including new Persian translation.
+- CAS authentication plugin
+- Get rid of DB_DataObject native cache (big memory leaker)
+- setconfig.php script to set configuration variables
+- Blacklist plugin, to blacklist URLs and nicknames
+- Users can set flag whether they want to share location
+ both in notice form (for one notice) and profile settings
+ (any notice)
+- notice inboxes moved from normalized notice_inbox table to
+ denormalized inbox table
+- Automatic compression of Memcache
+- Memory caching pluginized
+- Memcache, XCache, APC and Diskcache plugins
+- A script to update user locations
+- cache empty query results
+- A sample plugin to show best plugin practices
+- CacheLog plugin to debug cache accesses
+- Require users to login to view attachments on private sites
+- Plugin to use Mollom spam detection service
+- Plugin for RSSCloud
+- Add an array of default plugins
+- A version action to give credit to contributors and plugin
+ developers
+- Daemon to read IMAP mailbox instead of using a mailbox script
+- Pass session information between SSL and non-SSL server
+ when SSL set to 'sometimes'
+- Major refactoring of queue handlers to manage very
+ large hosting site (like status.net)
+- SubscriptionThrottle plugin to prevent subscription spamming
+- Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached)
+- Improve name validation checks on local File references
+- fix local file include vulnerability in doc.php
+- Reusing fixed selector name for 'processing' in util.js
+- Removed hAtom pattern from registration page.
+- restructuring of User::registerNew() lost password munging
+- Add a script to clear the cache for a given key
+- buggy fetch for site owner
+- Added missing concat of </li> in Realtime response
+- Updated XHR binded events to work better in jQuery 1.4.1. Using .live() for event delegation instead of jQuery.data() and checking to see if an element was previously binded.
+- Updated jQuery Form Plugin from v2.17 to v2.36
+- Updated jQuery JavaScript Library from v1.3.2 to v1.4.1
+- move schema.type.php to typeschema.php like other files
+- Add Really Simple Discovery (RSD) support
+- Add a robots.txt URL to the site root
+- error clearing tags for profiles from memcached
+- on exceptions, stomp logs the error and reenqueues
+- add lat, lon, location and remove closing tag from geocode.php
+- Use passed-in lat long in geocode.php
+- better handling of null responses from geonames.org
+- Globalized form notice data geo values
+- Using jQuery chaining in FormNoticeXHR
+- Using form object instead of form_id and find(). Slightly faster and easier to read.
+- removed describeTable from base class, and fixed it up in pgsql
+- getTableDef() mostly working in postgres
+- move the schema DDL sql off into seperate files for each db we support
+- plugin to limit number of registered users
+- add hooks for user registration
+- live fast, die young in bash scripts
+- for single-user mode, retrieve either site owner or defined nickname
+- method to get the site owner
+- define a constant for the 'owner' role of a site
+- add simple cache getter/setter static functions to Memcached_DataObject
+- Adds notice author's name to @title in Realtime response
+- Hides .author from XHR response in showstream
+- Hides .author from XHR response in showstream
+- Fix more fatal errors in queue edge cases
+- Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted.
+- Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue.
+- Log exceptions from queuedaemon.php if they're not already caught
+- Move sessions settings to its own panel
+- Fixes for status_network db object .ini and tag setter script
+- Add a script to set tags for sites
+- Adjust API authentication to also check for OAuth protocol params in the HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
+- Last-chance distribution if enqueueing fails
+- Manual failover for stomp queues.
+- lost config in index.php made all traffic go to master
+- "Revert "move RW setup above user get in index.php so remember_me works""
+- Revert "move RW setup above user get in index.php so remember_me works"
+- move RW setup above user get in index.php so remember_me works
+- hide most DB_DataObject errors
+- always set up database_rw, regardless, so cached sessions work
+- update mysqltimestamps on insert and update
+- additional debugging data for Sessions
+- 'Sign in with Twitter' button img
+- Update to biz theme
+- Remove redundant session token field from form (was already being added by base class).
+- 'Sign in with Twitter' button img
+- Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items
+- Showing processing indicator for form_repeat on submit instead of form
+- Removed avatar from repeat of username (matches noticelist)
+- Removed unused variable assignment for avatar URL and added missing fn
+- Don't preemptively close existing DB connections for web views (needed to keep # of conns from going insane on multi-site queue daemons, so just doing for CLI) May, or may not, help with mystery session problems
+- dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary
+- append '/' on cookie path for now (may still need some refactoring)
+- set session cookie correctly
+- Fix for Mapstraction plugin's zoomed map links
+- debug log line for control channel sub
+- Move faceboookapp.js to the Facebook plugin
+- fix for fix for bad realtime JS load
+- default 24-hour expiry on Memcached objects where not specified.
Prerequisites
=============
- GD. For scaling down avatar images.
- mbstring. For handling Unicode (UTF-8) encoded strings.
- gettext. For multiple languages. Default on many PHP installs.
-- tidy. Used to clean up HTML/URLs for the URL shortener to consume.
For some functionality, you will also need the following extensions:
1. Unpack the tarball you downloaded on your Web server. Usually a
command like this will work:
- tar zxf statusnet-0.8.1.tar.gz
+ tar zxf statusnet-0.8.2.tar.gz
- ...which will make a statusnet-0.8.1 subdirectory in your current
+ ...which will make a statusnet-0.8.2 subdirectory in your current
directory. (If you don't have shell access on your Web server, you
may have to unpack the tarball on your local computer and FTP the
files to the server.)
2. Move the tarball to a directory of your choosing in your Web root
directory. Usually something like this will work:
- mv statusnet-0.8.1 /var/www/mublog
+ mv statusnet-0.8.2 /var/www/mublog
This will make your StatusNet instance available in the mublog path of
your server, like "http://example.net/mublog". "microblog" or
These "fancy URLs" are more readable and memorable for users. To use
fancy URLs, you must either have Apache 2.x with .htaccess enabled and
-mod_redirect enabled, -OR- know how to configure "url redirection" in
+mod_rewrite enabled, -OR- know how to configure "url redirection" in
your server.
1. Copy the htaccess.sample file to .htaccess in your StatusNet
If you changed your HTTP server configuration, you may need to restart
the server first.
+If it doesn't work, double-check that AllowOverride for the StatusNet
+directory is 'All' in your Apache configuration file. This is usually
+/etc/httpd.conf, /etc/apache/httpd.conf, or (on Debian and Ubuntu)
+/etc/apache2/sites-available/default. See the Apache documentation for
+.htaccess files for more details:
+
+ http://httpd.apache.org/docs/2.2/howto/htaccess.html
+
+Also, check that mod_rewrite is installed and enabled:
+
+ http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
+
Sphinx
------
-To use a Sphinx server to search users and notices, you also need
-to install, compile and enable the sphinx pecl extension for php on the
-client side, which itself depends on the sphinx development files.
-"pecl install sphinx" should take care of that. Add "extension=sphinx.so"
-to your php.ini and reload apache to enable it.
+To use a Sphinx server to search users and notices, you'll need to
+enable the SphinxSearch plugin. Add to your config.php:
+
+ addPlugin('SphinxSearch');
+ $config['sphinx']['server'] = 'searchhost.local';
-You can update your MySQL or Postgresql databases to drop their fulltext
-search indexes, since they're now provided by sphinx.
+You also need to install, compile and enable the sphinx pecl extension for
+php on the client side, which itself depends on the sphinx development files.
-On the sphinx server side, a script reads the main database and build
-the keyword index. A cron job reads the database and keeps the sphinx
-indexes up to date. scripts/sphinx-cron.sh should be called by cron
-every 5 minutes, for example. scripts/sphinx.sh is an init.d script
-to start and stop the sphinx search daemon.
+See plugins/SphinxSearch/README for more details and server setup.
SMS
---
needs as a parameter the install path; if you run it from the
StatusNet dir, "." should suffice.
-This will run eight (for now) queue handlers:
+This will run the queue handlers:
+* queuedaemon.php - polls for queued items for inbox processing and
+ pushing out to OMB, SMS, XMPP, etc.
* xmppdaemon.php - listens for new XMPP messages from users and stores
- them as notices in the database.
-* jabberqueuehandler.php - sends queued notices in the database to
- registered users who should receive them.
-* publicqueuehandler.php - sends queued notices in the database to
- public feed listeners.
-* ombqueuehandler.php - sends queued notices to OpenMicroBlogging
- recipients on foreign servers.
-* smsqueuehandler.php - sends queued notices to SMS-over-email addresses
- of registered users.
-* xmppconfirmhandler.php - sends confirmation messages to registered
- users.
-
-Note that these queue daemons are pretty raw, and need your care. In
-particular, they leak memory, and you may want to restart them on a
-regular (daily or so) basis with a cron job. Also, if they lose
-the connection to the XMPP server for too long, they'll simply die. It
-may be a good idea to use a daemon-monitoring service, like 'monit',
+ them as notices in the database; also pulls queued XMPP output from
+ queuedaemon.php to push out to clients.
+
+These two daemons will automatically restart in most cases of failure
+including memory leaks (if a memory_limit is set), but may still die
+or behave oddly if they lose connections to the XMPP or queue servers.
+
+It may be a good idea to use a daemon-monitoring service, like 'monit',
to check their status and keep them running.
All the daemons write their process IDs (pids) to /var/run/ by
Since version 0.8.0, it's now possible to use a STOMP server instead of
our kind of hacky home-grown DB-based queue solution. See the "queues"
config section below for how to configure to use STOMP. As of this
-writing, the software has been tested with ActiveMQ (
+writing, the software has been tested with ActiveMQ.
Sitemaps
--------
compile the ".po" files into ".mo" files, however.
Contributions of translation information to StatusNet are very easy:
-you can use the Web interface at http://status.net/pootle/ to add one
+you can use the Web interface at TranslateWiki.net to add one
or a few or lots of new translations -- or even new languages. You can
also download more up-to-date .po files there, if you so desire.
+For info on helping with translations, see http://status.net/wiki/Translations
+
Backups
-------
to users on a remote site. (Or not... it's not well tested.) The
"proper behaviour" hasn't been defined here, so handle with care.
+Access to file attachments can also be restricted to logged-in users only.
+1. Add a directory outside the web root where your file uploads will be
+ stored. Usually a command like this will work:
+
+ mkdir /var/www/mublog-files
+
+2. Make the file uploads directory writeable by the web server. An
+ insecure way to do this is:
+
+ chmod a+x /var/www/mublog-files
+
+3. Tell StatusNet to use this directory for file uploads. Add a line
+ like this to your config.php:
+
+ $config['attachments']['dir'] = '/var/www/mublog-files';
+
Upgrading
=========
If you've been using StatusNet 0.7, 0.6, 0.5 or lower, or if you've
been tracking the "git" version of the software, you will probably
want to upgrade and keep your existing data. There is no automated
-upgrade procedure in StatusNet 0.8.1. Try these step-by-step
+upgrade procedure in StatusNet 0.8.2. Try these step-by-step
instructions; read to the end first before trying them.
0. Download StatusNet and set up all the prerequisites as if you were
5. Once all writing processes to your site are turned off, make a
final backup of the Web directory and database.
6. Move your StatusNet directory to a backup spot, like "mublog.bak".
-7. Unpack your StatusNet 0.8.1 tarball and move it to "mublog" or
+7. Unpack your StatusNet 0.8.2 tarball and move it to "mublog" or
wherever your code used to be.
8. Copy the config.php file and avatar directory from your old
directory to your new directory.
store all your locale data in one place, you probably
don't need to use this.
language: default language for your site. Defaults to US English.
+ Note that this is overridden if a user is logged in and has
+ selected a different language. It is also overridden if the
+ user is NOT logged in, but their browser requests a different
+ langauge. Since pretty much everybody's browser requests a
+ language, that means that changing this setting has little or
+ no effect in practice.
languages: A list of languages supported on your site. Typically you'd
only change this if you wanted to disable support for one
or another language:
choice for any public site. Note that some other servers will not
accept notices if you apply a stricter license than this.
+type: one of 'cc' (for Creative Commons licenses), 'allrightsreserved'
+ (default copyright), or 'private' (for private and confidential
+ information).
+owner: for 'allrightsreserved' or 'private', an assigned copyright
+ holder (for example, an employer for a private site). If
+ not specified, will be attributed to 'contributors'.
url: URL of the license, used for links.
title: Title for the license, like 'Creative Commons Attribution 3.0'.
image: A button shown on each page for the license.
typically only make 2 connections to a single server at a
time <http://ur1.ca/6ih>, so this can parallelize the job.
Defaults to null.
+ssl: Whether to access avatars using HTTPS. Defaults to null, meaning
+ to guess based on site-wide SSL settings.
public
------
(using version numbers as the path) to make sure that all files are
reloaded by caching clients or proxies. Defaults to null,
which means to use the site path + '/theme'.
+ssl: Whether to use SSL for theme elements. Default is null, which means
+ guess based on site SSL settings.
+
+javascript
+----------
+
+server: You can speed up page loading by pointing the
+ theme file lookup to another server (virtual or real).
+ Defaults to NULL, meaning to use the site server.
+path: Path part of Javascript URLs. Defaults to null,
+ which means to use the site path + '/js/'.
+ssl: Whether to use SSL for JavaScript files. Default is null, which means
+ guess based on site SSL settings.
xmpp
----
StatusNet site using your memcached server.
port: Port to connect to; defaults to 11211.
-sphinx
-------
-
-You can get a significant boost in performance using Sphinx Search
-instead of your database server to search for users and notices.
-<http://sphinxsearch.com/>.
-
-enabled: Set to true to enable. Default false.
-server: a string with the hostname of the sphinx server.
-port: an integer with the port number of the sphinx server.
-
emailpost
---------
a virtual server here can speed up Web performance.
path: URL path, relative to the server, to find files. Defaults to
main path + '/file/'.
+ssl: whether to use HTTPS for file URLs. Defaults to null, meaning to
+ guess based on other SSL settings.
filecommand: command to use for determining the type of a file. May be
skipped if fileinfo extension is installed. Defaults to
'/usr/bin/file'.
subdir of install dir.
path: path to backgrounds. Default is sub-path of install path; note
that you may need to change this if you change site-path too.
+ssl: Whether or not to use HTTPS for background files. Defaults to
+ null, meaning to guess from site-wide SSL settings.
ping
----
Default is null, meaning to use the site-wide text limit.
0 means no limit.
+logincommand
+------------
+
+Configuration options for the login command.
+
+disabled: whether to enable this command. If enabled, users who send
+ the text 'login' to the site through any channel will
+ receive a link to login to the site automatically in return.
+ Possibly useful for users who primarily use an XMPP or SMS
+ interface and can't be bothered to remember their site
+ password. Note that the security implications of this are
+ pretty serious and have not been thoroughly tested. You
+ should enable it only after you've convinced yourself that
+ it is safe. Default is 'false'.
+
+singleuser
+----------
+
+If an installation has only one user, this can simplify a lot of the
+interface. It also makes the user's profile the root URL.
+
+enabled: Whether to run in "single user mode". Default false.
+nickname: nickname of the single user.
+
+robotstxt
+---------
+
+We put out a default robots.txt file to guide the processing of
+Web crawlers. See http://www.robotstxt.org/ for more information
+on the format of this file.
+
+crawldelay: if non-empty, this value is provided as the Crawl-Delay:
+ for the robots.txt file. see http://ur1.ca/l5a0
+ for more information. Default is zero, no explicit delay.
+disallow: Array of (virtual) directories to disallow. Default is 'main',
+ 'search', 'message', 'settings', 'admin'. Ignored when site
+ is private, in which case the entire site ('/') is disallowed.
+
Plugins
=======
T_STRING") in the browser, check to see that you don't have any
conflicts in your code.
-If you upgraded to StatusNet 0.8.1 without reading the "Notice
+If you upgraded to StatusNet 0.8.2 without reading the "Notice
inboxes" section above, and all your users' 'Personal' tabs are empty,
read the "Notice inboxes" section above.
* Jeffery To
* Federico Marani
* Craig Andrews
+* mEDI
+* Brett Taylor
+* Brigitte Schuster
Thanks also to the developers of our upstream library code and to the
thousands of people who have tried out Identi.ca, installed StatusNet,
projects / quix0rs-gnu-social.git / blobdiff