README
------
-StatusNet 0.8.2 ("Life and How to Live It")
-1 Nov 2009
+StatusNet 0.9.0 ("Stand") Beta 5
+1 Feb 2010
This is the README file for StatusNet (formerly Laconica), the Open
Source microblogging platform. It includes installation instructions,
StatusNet (formerly Laconica) is a Free and Open Source microblogging
platform. It helps people in a community, company or group to exchange
-short (140 character) messages over the Web. Users can choose which
-people to "follow" and receive only their friends' or colleagues'
-status messages. It provides a similar service to sites like Twitter,
-Jaiku, Yammer, and Plurk.
+short (140 characters, by default) messages over the Web. Users can
+choose which people to "follow" and receive only their friends' or
+colleagues' status messages. It provides a similar service to sites
+like Twitter, Jaiku, Yammer, and Plurk.
With a little work, status messages can be sent to mobile phones,
instant messenger programs (GTalk/Jabber), and specially-designed
New this version
================
-This is a minor feature and bugfix release since version 0.8.1,
-released Aug 26 2009. Notable changes this version:
-
-- New script for deleting user accounts. Not particularly safe or
- community-friendly. Better for deleting abusive accounts than for
- users who are 'retiring'.
-- Improved detection of URLs in notices, specifically for punctuation
- chars like ~, :, $, _, -, +, !, @, and %.
-- Removed some extra <dl> semantic HTML code.
-- Correct error in status-network database ini file (having multiple
- statusnet sites with a single codebase)
-- Fixed error output for Twitter posting failures.
-- Fixed bug in Twitter queue handler that requeued inapplicable
- notices ad infinitum.
-- Improve FOAF output for remote users.
-- new commands to join and leave groups.
-- Fixed bug in which you cannot turn off importing friends timelines
- flag.
-- Better error handling in Twitter posting.
-- Show oEmbed data for XHTML files as well as plain HTML.
-- Updated bug database link in README.
-- require HTML tidy extension.
-- add support for HTTP Basic Auth in PHP CGI or FastCGI (e.g. GoDaddy).
-- autofocus input to selected entry elements depending on page.
-- updated layout for filter-by-tag form.
-- better layout for inbox and outbox pages.
-- fix highlighting search terms in attributes of notice list elements.
-- Correctly handle errors in linkback plugin.
-- Updated biz theme.
-- Updated cloudy theme.
-- Don't match '::' as an IPv6 address.
-- Use the same decision logic for deciding whether to mark an
- attachment as an enclosure in RSS or as a paperclip item in Web
- output.
-- Fixed a bug in the Piwik plugin that hard-coded the site ID.
-- Add a param, inreplyto, to notice/new to allow an explicit response
- to another notice.
-- Show username in subject of emails.
-- Check if avatar exists before trying to delete it.
-- Correctly add omb_version to response for request token in OMB.
-- Add a few more SMS carriers.
-- Add a few more notice sources.
-- Vary: header.
-- Improvements to the AutoCompletePlugin.
-- Check for 'dl' before using it.
-- Make it impossible to delete self-subscriptions via the API.
-- Fix pagination of tagged user pages.
-- Make PiwikAnalyticsPlugin work with addPlugin().
-- Removed trailing single space in user nicknames in notice lists.
-- Show context link if a notice starts a conversation.
-- blacklist all files and directories in install dir.
-- handle GoDaddy-style PATH_INFO, including script name.
-- add home_timeline synonym for friends_timeline.
-- Add a popup window for the realtime plugin.
-- Add some more streams for the realtime plugin.
-- Fix a bug that overwrote group creation timestamp on every edit.
-- Moved HTTP error code strings to a class variable.
-- The Twitter API now returns server errors in the correct format.
-- Reset the doctype for HTML output.
-- Fixed a number of notices.
-- Don't show search suggestions for private sites.
-- Some corrections to FBConnect nav overrides.
-- Slightly less database-intensive session management.
-- Updated name of software in installer script.
-- Include long-form attachment URLs if url-shortener is disabled.
-- Include updated localisations for Polish, Greek, Hebrew, Icelandic,
- Norwegian, and Chinese.
-- Include upstream fixes to gettext.php.
-- Correct for regression in Facebook API for updates.
-- Ignore "Sent from my iPhone" (and similar) in mail updates.
-- Use the NICKNAME_FMT constant for detecting nicknames.
-- Check for site servername config'd.
-- Compatibility fix for empty status updates with Twitter API.
-- Option to show files privately (EXPERIMENTAL! Use with caution.)
-- a script to register a new user.
-- a script to make a user admin of a group.
+This is a major feature release since version 0.8.2, released Nov 1 2009.
+It is also a security release since 0.9.0beta4 January 27 2010. Beta
+users are strongly encouraged to upgrade to deal with a security alert.
+
+http://status.net/wiki/Security_alert_0000002
+
+Notable changes this version:
+
+- Records of deleted notices are stored without the notice content.
+- Much of the optional core featureset has been moved to plugins.
+- OpenID support moved from core to a plugin. Helps test the strength of
+ our plugin architecture and makes it easy to disable this
+ functionality for e.g. intranet sites.
+- Many additional hook events (see EVENTS.txt for details).
+- OMB 0.1 support re-implemented using libomb.
+- Re-structure database so notices, messages, bios and group
+ descriptions can be over 140 characters. Limit defined by
+ site administrator as configuration option; can be unlimited.
+- Configuration data now optionally stored in the database, which
+ overrides any settings in config files.
+- Twitter integration re-implemented as a plugin.
+- Facebook integration re-implemented as a plugin.
+- Role-based authorization framework. Users can have named roles, and
+ roles can have rights (e.g., to delete notices, change configuration
+ data, or ban uncooperative users). Default roles 'admin' (for
+ configuration) and 'moderator' (for community management) added.
+- Plugin for PubSubHubBub (PuSH) support.
+- Considerable code style cleanup to meet PEAR code standards.
+- Made a common library for HTTP-client access which uses available
+ HTTP libraries where possible.
+- Added statuses/home_timeline method to API.
+- Hooks for plugins to handle notices offline, either by defining
+ their own queue handler scripts or to use a default plugin queue
+ handler script.
+- Plugins can now modify the database schema, adding their own tables
+ or modifying existing ones.
+- Groups API.
+- Twitter API supports Web caching for some methods.
+- Twitter API refactored into one-action-per-method.
+- Realtime plugin supports a tear-off window.
+- FOAF for groups.
+- Moved all JavaScript tags to just before </body> by default,
+ significantly speeding up apparent page load time.
+- Added a Realtime plugin for Orbited server.
+- Added a mobile plugin to give a more mobile-phone-friendly layout
+ when a mobile browser is detected.
+- Use CSS sprites for most common icons.
+- Fixes for images and buttons on Web output.
+- New plugin requires that users validate their email before posting.
+- New plugin UserFlag lets users flag other profiles for review.
+- Considerably better i18n support. Use TranslateWiki to update
+ translations.
+- Notices and profiles now store location information.
+- New plugin, Geonames, for turning location names and lat/long pairs
+ into structured IDs and vice versa. Architecture reusable for other
+ systems.
+- Better check of license compatibility between site licenses.
+- Some improvements in XMPP output.
+- Media upload in the API.
+- Replies appear in the user's inbox.
+- Improved the UI on the bookmarklet.
+- StatusNet identities can be used as OpenID identities.
+- Script to register a user.
+- Script to make someone a group admin.
+- Script to make someone a site admin or moderator.
+- 'login' command.
+- Pluggable authentication.
+- LDAP authentication plugin.
+- Script for console interaction with the site (!).
+- Users don't see group posts from people they've blocked.
+- Admin panel interface for changing site configuration.
+- Users can be sandboxed (limited contributions) or silenced
+ (no contributions) by moderators.
+- Many changes to make language usage more consistent.
+- Sphinx search moved to a plugin.
+- GeoURL plugin.
+- Profile and group lists support hAtom.
+- Massive refactoring of util.js.
+- Mapstraction plugin to show maps on inbox and profile pages.
+- Play/pause buttons for realtime notices.
+- Support for geo microformat.
+- Partial support for feed subscriptions, RSSCloud, PubSubHubBub.
+- Support for geolocation in browser (Chrome, Firefox).
+- Quit trying to negotiate HTML format. Always use text/html.
+ We lose, and so do Web standards. Boo.
+- Better logging of request info.
+- Better output for errors in Web interface.
+- No longer store .mo files; these need to be generated.
+- Minify plugin.
+- Events to allow pluginizing logger.
+- New framework for plugin localization.
+- Gravatar plugin.
+- Add support for "repeats" (similar to Twitter's "retweets").
+- Support for repeats in Twitter API.
+- Better notification of direct messages.
+- New plugin to add "powered by StatusNet" to logo.
+- Returnto works for private sites.
+- Localisation updates, including new Persian translation.
+- CAS authentication plugin
+- Get rid of DB_DataObject native cache (big memory leaker)
+- setconfig.php script to set configuration variables
+- Blacklist plugin, to blacklist URLs and nicknames
+- Users can set flag whether they want to share location
+ both in notice form (for one notice) and profile settings
+ (any notice)
+- notice inboxes moved from normalized notice_inbox table to
+ denormalized inbox table
+- Automatic compression of Memcache
+- Memory caching pluginized
+- Memcache, XCache, APC and Diskcache plugins
+- A script to update user locations
+- cache empty query results
+- A sample plugin to show best plugin practices
+- CacheLog plugin to debug cache accesses
+- Require users to login to view attachments on private sites
+- Plugin to use Mollom spam detection service
+- Plugin for RSSCloud
+- Add an array of default plugins
+- A version action to give credit to contributors and plugin
+ developers
+- Daemon to read IMAP mailbox instead of using a mailbox script
+- Pass session information between SSL and non-SSL server
+ when SSL set to 'sometimes'
+- Major refactoring of queue handlers to manage very
+ large hosting site (like status.net)
+- SubscriptionThrottle plugin to prevent subscription spamming
+- Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached)
+- Improve name validation checks on local File references
+- fix local file include vulnerability in doc.php
+- Reusing fixed selector name for 'processing' in util.js
+- Removed hAtom pattern from registration page.
+- restructuring of User::registerNew() lost password munging
+- Add a script to clear the cache for a given key
+- buggy fetch for site owner
+- Added missing concat of </li> in Realtime response
+- Updated XHR binded events to work better in jQuery 1.4.1. Using .live() for event delegation instead of jQuery.data() and checking to see if an element was previously binded.
+- Updated jQuery Form Plugin from v2.17 to v2.36
+- Updated jQuery JavaScript Library from v1.3.2 to v1.4.1
+- move schema.type.php to typeschema.php like other files
+- Add Really Simple Discovery (RSD) support
+- Add a robots.txt URL to the site root
+- error clearing tags for profiles from memcached
+- on exceptions, stomp logs the error and reenqueues
+- add lat, lon, location and remove closing tag from geocode.php
+- Use passed-in lat long in geocode.php
+- better handling of null responses from geonames.org
+- Globalized form notice data geo values
+- Using jQuery chaining in FormNoticeXHR
+- Using form object instead of form_id and find(). Slightly faster and easier to read.
+- removed describeTable from base class, and fixed it up in pgsql
+- getTableDef() mostly working in postgres
+- move the schema DDL sql off into seperate files for each db we support
+- plugin to limit number of registered users
+- add hooks for user registration
+- live fast, die young in bash scripts
+- for single-user mode, retrieve either site owner or defined nickname
+- method to get the site owner
+- define a constant for the 'owner' role of a site
+- add simple cache getter/setter static functions to Memcached_DataObject
+- Adds notice author's name to @title in Realtime response
+- Hides .author from XHR response in showstream
+- Hides .author from XHR response in showstream
+- Fix more fatal errors in queue edge cases
+- Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted.
+- Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue.
+- Log exceptions from queuedaemon.php if they're not already caught
+- Move sessions settings to its own panel
+- Fixes for status_network db object .ini and tag setter script
+- Add a script to set tags for sites
+- Adjust API authentication to also check for OAuth protocol params in the HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
+- Last-chance distribution if enqueueing fails
+- Manual failover for stomp queues.
+- lost config in index.php made all traffic go to master
+- "Revert "move RW setup above user get in index.php so remember_me works""
+- Revert "move RW setup above user get in index.php so remember_me works"
+- move RW setup above user get in index.php so remember_me works
+- hide most DB_DataObject errors
+- always set up database_rw, regardless, so cached sessions work
+- update mysqltimestamps on insert and update
+- additional debugging data for Sessions
+- 'Sign in with Twitter' button img
+- Update to biz theme
+- Remove redundant session token field from form (was already being added by base class).
+- 'Sign in with Twitter' button img
+- Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items
+- Showing processing indicator for form_repeat on submit instead of form
+- Removed avatar from repeat of username (matches noticelist)
+- Removed unused variable assignment for avatar URL and added missing fn
+- Don't preemptively close existing DB connections for web views (needed to keep # of conns from going insane on multi-site queue daemons, so just doing for CLI) May, or may not, help with mystery session problems
+- dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary
+- append '/' on cookie path for now (may still need some refactoring)
+- set session cookie correctly
+- Fix for Mapstraction plugin's zoomed map links
+- debug log line for control channel sub
+- Move faceboookapp.js to the Facebook plugin
+- fix for fix for bad realtime JS load
+- default 24-hour expiry on Memcached objects where not specified.
Prerequisites
=============
- GD. For scaling down avatar images.
- mbstring. For handling Unicode (UTF-8) encoded strings.
- gettext. For multiple languages. Default on many PHP installs.
-- tidy. Used to clean up HTML/URLs for the URL shortener to consume.
For some functionality, you will also need the following extensions:
These "fancy URLs" are more readable and memorable for users. To use
fancy URLs, you must either have Apache 2.x with .htaccess enabled and
-mod_redirect enabled, -OR- know how to configure "url redirection" in
+mod_rewrite enabled, -OR- know how to configure "url redirection" in
your server.
1. Copy the htaccess.sample file to .htaccess in your StatusNet
If you changed your HTTP server configuration, you may need to restart
the server first.
+If it doesn't work, double-check that AllowOverride for the StatusNet
+directory is 'All' in your Apache configuration file. This is usually
+/etc/httpd.conf, /etc/apache/httpd.conf, or (on Debian and Ubuntu)
+/etc/apache2/sites-available/default. See the Apache documentation for
+.htaccess files for more details:
+
+ http://httpd.apache.org/docs/2.2/howto/htaccess.html
+
+Also, check that mod_rewrite is installed and enabled:
+
+ http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
+
Sphinx
------
needs as a parameter the install path; if you run it from the
StatusNet dir, "." should suffice.
-This will run eight (for now) queue handlers:
+This will run the queue handlers:
+* queuedaemon.php - polls for queued items for inbox processing and
+ pushing out to OMB, SMS, XMPP, etc.
* xmppdaemon.php - listens for new XMPP messages from users and stores
- them as notices in the database.
-* jabberqueuehandler.php - sends queued notices in the database to
- registered users who should receive them.
-* publicqueuehandler.php - sends queued notices in the database to
- public feed listeners.
-* ombqueuehandler.php - sends queued notices to OpenMicroBlogging
- recipients on foreign servers.
-* smsqueuehandler.php - sends queued notices to SMS-over-email addresses
- of registered users.
-* xmppconfirmhandler.php - sends confirmation messages to registered
- users.
-
-Note that these queue daemons are pretty raw, and need your care. In
-particular, they leak memory, and you may want to restart them on a
-regular (daily or so) basis with a cron job. Also, if they lose
-the connection to the XMPP server for too long, they'll simply die. It
-may be a good idea to use a daemon-monitoring service, like 'monit',
+ them as notices in the database; also pulls queued XMPP output from
+ queuedaemon.php to push out to clients.
+
+These two daemons will automatically restart in most cases of failure
+including memory leaks (if a memory_limit is set), but may still die
+or behave oddly if they lose connections to the XMPP or queue servers.
+
+It may be a good idea to use a daemon-monitoring service, like 'monit',
to check their status and keep them running.
All the daemons write their process IDs (pids) to /var/run/ by
Since version 0.8.0, it's now possible to use a STOMP server instead of
our kind of hacky home-grown DB-based queue solution. See the "queues"
config section below for how to configure to use STOMP. As of this
-writing, the software has been tested with ActiveMQ (
+writing, the software has been tested with ActiveMQ.
Sitemaps
--------
compile the ".po" files into ".mo" files, however.
Contributions of translation information to StatusNet are very easy:
-you can use the Web interface at http://status.net/pootle/ to add one
+you can use the Web interface at TranslateWiki.net to add one
or a few or lots of new translations -- or even new languages. You can
also download more up-to-date .po files there, if you so desire.
+For info on helping with translations, see http://status.net/wiki/Translations
+
Backups
-------
to users on a remote site. (Or not... it's not well tested.) The
"proper behaviour" hasn't been defined here, so handle with care.
-If fancy URLs is enabled, access to file attachments can also be
-restricted to logged-in users only. Uncomment the appropriate rewrite
-<<<<<<< HEAD:README
-rule in .htaccess or your server's httpd.conf. (This most likely will
-not work if you are using a virtual server for attachments, so consider
-the performance/security tradeoff.)
-=======
-rule in .htaccess or your server's httpd.conf.
->>>>>>> 446de62... Revert "Added some explanatory text to README":README
+Access to file attachments can also be restricted to logged-in users only.
+1. Add a directory outside the web root where your file uploads will be
+ stored. Usually a command like this will work:
+
+ mkdir /var/www/mublog-files
+
+2. Make the file uploads directory writeable by the web server. An
+ insecure way to do this is:
+
+ chmod a+x /var/www/mublog-files
+
+3. Tell StatusNet to use this directory for file uploads. Add a line
+ like this to your config.php:
+
+ $config['attachments']['dir'] = '/var/www/mublog-files';
Upgrading
=========
choice for any public site. Note that some other servers will not
accept notices if you apply a stricter license than this.
+type: one of 'cc' (for Creative Commons licenses), 'allrightsreserved'
+ (default copyright), or 'private' (for private and confidential
+ information).
+owner: for 'allrightsreserved' or 'private', an assigned copyright
+ holder (for example, an employer for a private site). If
+ not specified, will be attributed to 'contributors'.
url: URL of the license, used for links.
title: Title for the license, like 'Creative Commons Attribution 3.0'.
image: A button shown on each page for the license.
Default is null, meaning to use the site-wide text limit.
0 means no limit.
+logincommand
+------------
+
+Configuration options for the login command.
+
+disabled: whether to enable this command. If enabled, users who send
+ the text 'login' to the site through any channel will
+ receive a link to login to the site automatically in return.
+ Possibly useful for users who primarily use an XMPP or SMS
+ interface and can't be bothered to remember their site
+ password. Note that the security implications of this are
+ pretty serious and have not been thoroughly tested. You
+ should enable it only after you've convinced yourself that
+ it is safe. Default is 'false'.
+
+singleuser
+----------
+
+If an installation has only one user, this can simplify a lot of the
+interface. It also makes the user's profile the root URL.
+
+enabled: Whether to run in "single user mode". Default false.
+nickname: nickname of the single user.
+
+robotstxt
+---------
+
+We put out a default robots.txt file to guide the processing of
+Web crawlers. See http://www.robotstxt.org/ for more information
+on the format of this file.
+
+crawldelay: if non-empty, this value is provided as the Crawl-Delay:
+ for the robots.txt file. see http://ur1.ca/l5a0
+ for more information. Default is zero, no explicit delay.
+disallow: Array of (virtual) directories to disallow. Default is 'main',
+ 'search', 'message', 'settings', 'admin'. Ignored when site
+ is private, in which case the entire site ('/') is disallowed.
+
Plugins
=======
* Federico Marani
* Craig Andrews
* mEDI
+* Brett Taylor
+* Brigitte Schuster
Thanks also to the developers of our upstream library code and to the
thousands of people who have tried out Identi.ca, installed StatusNet,
projects / quix0rs-gnu-social.git / blobdiff