X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=README;h=9b4147645b5fe1ce0f67a117480ad5f62402cbf2;hb=162868afdb1181a3d6e973a3de9d0abbb5e1c168;hp=51a8e91cc5e9542d0e72a2b0032f1b6771d10284;hpb=bf4ed35a90d5cc906dbae7c097551fb3a10f14d6;p=quix0rs-gnu-social.git diff --git a/README b/README index 51a8e91cc5..9b4147645b 100644 --- a/README +++ b/README @@ -2,8 +2,8 @@ README ------ -StatusNet 0.8.2 ("Life and How to Live It") -1 Nov 2009 +StatusNet 0.9.0 ("Stand") Beta 5 +1 Feb 2010 This is the README file for StatusNet (formerly Laconica), the Open Source microblogging platform. It includes installation instructions, @@ -16,10 +16,10 @@ About StatusNet (formerly Laconica) is a Free and Open Source microblogging platform. It helps people in a community, company or group to exchange -short (140 character) messages over the Web. Users can choose which -people to "follow" and receive only their friends' or colleagues' -status messages. It provides a similar service to sites like Twitter, -Jaiku, Yammer, and Plurk. +short (140 characters, by default) messages over the Web. Users can +choose which people to "follow" and receive only their friends' or +colleagues' status messages. It provides a similar service to sites +like Twitter, Jaiku, Yammer, and Plurk. With a little work, status messages can be sent to mobile phones, instant messenger programs (GTalk/Jabber), and specially-designed @@ -77,81 +77,203 @@ for additional terms. New this version ================ -This is a minor feature and bugfix release since version 0.8.1, -released Aug 26 2009. Notable changes this version: - -- New script for deleting user accounts. Not particularly safe or - community-friendly. Better for deleting abusive accounts than for - users who are 'retiring'. -- Improved detection of URLs in notices, specifically for punctuation - chars like ~, :, $, _, -, +, !, @, and %. -- Removed some extra
semantic HTML code. -- Correct error in status-network database ini file (having multiple - statusnet sites with a single codebase) -- Fixed error output for Twitter posting failures. -- Fixed bug in Twitter queue handler that requeued inapplicable - notices ad infinitum. -- Improve FOAF output for remote users. -- new commands to join and leave groups. -- Fixed bug in which you cannot turn off importing friends timelines - flag. -- Better error handling in Twitter posting. -- Show oEmbed data for XHTML files as well as plain HTML. -- Updated bug database link in README. -- add support for HTTP Basic Auth in PHP CGI or FastCGI (e.g. GoDaddy). -- autofocus input to selected entry elements depending on page. -- updated layout for filter-by-tag form. -- better layout for inbox and outbox pages. -- fix highlighting search terms in attributes of notice list elements. -- Correctly handle errors in linkback plugin. -- Updated biz theme. -- Updated cloudy theme. -- Don't match '::' as an IPv6 address. -- Use the same decision logic for deciding whether to mark an - attachment as an enclosure in RSS or as a paperclip item in Web - output. -- Fixed a bug in the Piwik plugin that hard-coded the site ID. -- Add a param, inreplyto, to notice/new to allow an explicit response - to another notice. -- Show username in subject of emails. -- Check if avatar exists before trying to delete it. -- Correctly add omb_version to response for request token in OMB. -- Add a few more SMS carriers. -- Add a few more notice sources. -- Vary: header. -- Improvements to the AutoCompletePlugin. -- Check for 'dl' before using it. -- Make it impossible to delete self-subscriptions via the API. -- Fix pagination of tagged user pages. -- Make PiwikAnalyticsPlugin work with addPlugin(). -- Removed trailing single space in user nicknames in notice lists. -- Show context link if a notice starts a conversation. -- blacklist all files and directories in install dir. -- handle GoDaddy-style PATH_INFO, including script name. -- add home_timeline synonym for friends_timeline. -- Add a popup window for the realtime plugin. -- Add some more streams for the realtime plugin. -- Fix a bug that overwrote group creation timestamp on every edit. -- Moved HTTP error code strings to a class variable. -- The Twitter API now returns server errors in the correct format. -- Reset the doctype for HTML output. -- Fixed a number of notices. -- Don't show search suggestions for private sites. -- Some corrections to FBConnect nav overrides. -- Slightly less database-intensive session management. -- Updated name of software in installer script. -- Include long-form attachment URLs if url-shortener is disabled. -- Include updated localisations for Polish, Greek, Hebrew, Icelandic, - Norwegian, and Chinese. -- Include upstream fixes to gettext.php. -- Correct for regression in Facebook API for updates. -- Ignore "Sent from my iPhone" (and similar) in mail updates. -- Use the NICKNAME_FMT constant for detecting nicknames. -- Check for site servername config'd. -- Compatibility fix for empty status updates with Twitter API. -- Option to show files privately (EXPERIMENTAL! Use with caution.) -- a script to register a new user. -- a script to make a user admin of a group. +This is a major feature release since version 0.8.2, released Nov 1 2009. +It is also a security release since 0.9.0beta4 January 27 2010. Beta +users are strongly encouraged to upgrade to deal with a security alert. + +http://status.net/wiki/Security_alert_0000002 + +Notable changes this version: + +- Records of deleted notices are stored without the notice content. +- Much of the optional core featureset has been moved to plugins. +- OpenID support moved from core to a plugin. Helps test the strength of + our plugin architecture and makes it easy to disable this + functionality for e.g. intranet sites. +- Many additional hook events (see EVENTS.txt for details). +- OMB 0.1 support re-implemented using libomb. +- Re-structure database so notices, messages, bios and group + descriptions can be over 140 characters. Limit defined by + site administrator as configuration option; can be unlimited. +- Configuration data now optionally stored in the database, which + overrides any settings in config files. +- Twitter integration re-implemented as a plugin. +- Facebook integration re-implemented as a plugin. +- Role-based authorization framework. Users can have named roles, and + roles can have rights (e.g., to delete notices, change configuration + data, or ban uncooperative users). Default roles 'admin' (for + configuration) and 'moderator' (for community management) added. +- Plugin for PubSubHubBub (PuSH) support. +- Considerable code style cleanup to meet PEAR code standards. +- Made a common library for HTTP-client access which uses available + HTTP libraries where possible. +- Added statuses/home_timeline method to API. +- Hooks for plugins to handle notices offline, either by defining + their own queue handler scripts or to use a default plugin queue + handler script. +- Plugins can now modify the database schema, adding their own tables + or modifying existing ones. +- Groups API. +- Twitter API supports Web caching for some methods. +- Twitter API refactored into one-action-per-method. +- Realtime plugin supports a tear-off window. +- FOAF for groups. +- Moved all JavaScript tags to just before by default, + significantly speeding up apparent page load time. +- Added a Realtime plugin for Orbited server. +- Added a mobile plugin to give a more mobile-phone-friendly layout + when a mobile browser is detected. +- Use CSS sprites for most common icons. +- Fixes for images and buttons on Web output. +- New plugin requires that users validate their email before posting. +- New plugin UserFlag lets users flag other profiles for review. +- Considerably better i18n support. Use TranslateWiki to update + translations. +- Notices and profiles now store location information. +- New plugin, Geonames, for turning location names and lat/long pairs + into structured IDs and vice versa. Architecture reusable for other + systems. +- Better check of license compatibility between site licenses. +- Some improvements in XMPP output. +- Media upload in the API. +- Replies appear in the user's inbox. +- Improved the UI on the bookmarklet. +- StatusNet identities can be used as OpenID identities. +- Script to register a user. +- Script to make someone a group admin. +- Script to make someone a site admin or moderator. +- 'login' command. +- Pluggable authentication. +- LDAP authentication plugin. +- Script for console interaction with the site (!). +- Users don't see group posts from people they've blocked. +- Admin panel interface for changing site configuration. +- Users can be sandboxed (limited contributions) or silenced + (no contributions) by moderators. +- Many changes to make language usage more consistent. +- Sphinx search moved to a plugin. +- GeoURL plugin. +- Profile and group lists support hAtom. +- Massive refactoring of util.js. +- Mapstraction plugin to show maps on inbox and profile pages. +- Play/pause buttons for realtime notices. +- Support for geo microformat. +- Partial support for feed subscriptions, RSSCloud, PubSubHubBub. +- Support for geolocation in browser (Chrome, Firefox). +- Quit trying to negotiate HTML format. Always use text/html. + We lose, and so do Web standards. Boo. +- Better logging of request info. +- Better output for errors in Web interface. +- No longer store .mo files; these need to be generated. +- Minify plugin. +- Events to allow pluginizing logger. +- New framework for plugin localization. +- Gravatar plugin. +- Add support for "repeats" (similar to Twitter's "retweets"). +- Support for repeats in Twitter API. +- Better notification of direct messages. +- New plugin to add "powered by StatusNet" to logo. +- Returnto works for private sites. +- Localisation updates, including new Persian translation. +- CAS authentication plugin +- Get rid of DB_DataObject native cache (big memory leaker) +- setconfig.php script to set configuration variables +- Blacklist plugin, to blacklist URLs and nicknames +- Users can set flag whether they want to share location + both in notice form (for one notice) and profile settings + (any notice) +- notice inboxes moved from normalized notice_inbox table to + denormalized inbox table +- Automatic compression of Memcache +- Memory caching pluginized +- Memcache, XCache, APC and Diskcache plugins +- A script to update user locations +- cache empty query results +- A sample plugin to show best plugin practices +- CacheLog plugin to debug cache accesses +- Require users to login to view attachments on private sites +- Plugin to use Mollom spam detection service +- Plugin for RSSCloud +- Add an array of default plugins +- A version action to give credit to contributors and plugin + developers +- Daemon to read IMAP mailbox instead of using a mailbox script +- Pass session information between SSL and non-SSL server + when SSL set to 'sometimes' +- Major refactoring of queue handlers to manage very + large hosting site (like status.net) +- SubscriptionThrottle plugin to prevent subscription spamming +- Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached) +- Improve name validation checks on local File references +- fix local file include vulnerability in doc.php +- Reusing fixed selector name for 'processing' in util.js +- Removed hAtom pattern from registration page. +- restructuring of User::registerNew() lost password munging +- Add a script to clear the cache for a given key +- buggy fetch for site owner +- Added missing concat of in Realtime response +- Updated XHR binded events to work better in jQuery 1.4.1. Using .live() for event delegation instead of jQuery.data() and checking to see if an element was previously binded. +- Updated jQuery Form Plugin from v2.17 to v2.36 +- Updated jQuery JavaScript Library from v1.3.2 to v1.4.1 +- move schema.type.php to typeschema.php like other files +- Add Really Simple Discovery (RSD) support +- Add a robots.txt URL to the site root +- error clearing tags for profiles from memcached +- on exceptions, stomp logs the error and reenqueues +- add lat, lon, location and remove closing tag from geocode.php +- Use passed-in lat long in geocode.php +- better handling of null responses from geonames.org +- Globalized form notice data geo values +- Using jQuery chaining in FormNoticeXHR +- Using form object instead of form_id and find(). Slightly faster and easier to read. +- removed describeTable from base class, and fixed it up in pgsql +- getTableDef() mostly working in postgres +- move the schema DDL sql off into seperate files for each db we support +- plugin to limit number of registered users +- add hooks for user registration +- live fast, die young in bash scripts +- for single-user mode, retrieve either site owner or defined nickname +- method to get the site owner +- define a constant for the 'owner' role of a site +- add simple cache getter/setter static functions to Memcached_DataObject +- Adds notice author's name to @title in Realtime response +- Hides .author from XHR response in showstream +- Hides .author from XHR response in showstream +- Fix more fatal errors in queue edge cases +- Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted. +- Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue. +- Log exceptions from queuedaemon.php if they're not already caught +- Move sessions settings to its own panel +- Fixes for status_network db object .ini and tag setter script +- Add a script to set tags for sites +- Adjust API authentication to also check for OAuth protocol params in the HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme. +- Last-chance distribution if enqueueing fails +- Manual failover for stomp queues. +- lost config in index.php made all traffic go to master +- "Revert "move RW setup above user get in index.php so remember_me works"" +- Revert "move RW setup above user get in index.php so remember_me works" +- move RW setup above user get in index.php so remember_me works +- hide most DB_DataObject errors +- always set up database_rw, regardless, so cached sessions work +- update mysqltimestamps on insert and update +- additional debugging data for Sessions +- 'Sign in with Twitter' button img +- Update to biz theme +- Remove redundant session token field from form (was already being added by base class). +- 'Sign in with Twitter' button img +- Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items +- Showing processing indicator for form_repeat on submit instead of form +- Removed avatar from repeat of username (matches noticelist) +- Removed unused variable assignment for avatar URL and added missing fn +- Don't preemptively close existing DB connections for web views (needed to keep # of conns from going insane on multi-site queue daemons, so just doing for CLI) May, or may not, help with mystery session problems +- dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary +- append '/' on cookie path for now (may still need some refactoring) +- set session cookie correctly +- Fix for Mapstraction plugin's zoomed map links +- debug log line for control channel sub +- Move faceboookapp.js to the Facebook plugin +- fix for fix for bad realtime JS load +- default 24-hour expiry on Memcached objects where not specified. Prerequisites ============= @@ -358,7 +480,7 @@ It's possible to configure the software so it looks like this instead: These "fancy URLs" are more readable and memorable for users. To use fancy URLs, you must either have Apache 2.x with .htaccess enabled and -mod_redirect enabled, -OR- know how to configure "url redirection" in +mod_rewrite enabled, -OR- know how to configure "url redirection" in your server. 1. Copy the htaccess.sample file to .htaccess in your StatusNet @@ -384,6 +506,18 @@ like: If you changed your HTTP server configuration, you may need to restart the server first. +If it doesn't work, double-check that AllowOverride for the StatusNet +directory is 'All' in your Apache configuration file. This is usually +/etc/httpd.conf, /etc/apache/httpd.conf, or (on Debian and Ubuntu) +/etc/apache2/sites-available/default. See the Apache documentation for +.htaccess files for more details: + + http://httpd.apache.org/docs/2.2/howto/htaccess.html + +Also, check that mod_rewrite is installed and enabled: + + http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html + Sphinx ------ @@ -539,26 +673,19 @@ server is probably a good idea for high-volume sites. needs as a parameter the install path; if you run it from the StatusNet dir, "." should suffice. -This will run eight (for now) queue handlers: +This will run the queue handlers: +* queuedaemon.php - polls for queued items for inbox processing and + pushing out to OMB, SMS, XMPP, etc. * xmppdaemon.php - listens for new XMPP messages from users and stores - them as notices in the database. -* jabberqueuehandler.php - sends queued notices in the database to - registered users who should receive them. -* publicqueuehandler.php - sends queued notices in the database to - public feed listeners. -* ombqueuehandler.php - sends queued notices to OpenMicroBlogging - recipients on foreign servers. -* smsqueuehandler.php - sends queued notices to SMS-over-email addresses - of registered users. -* xmppconfirmhandler.php - sends confirmation messages to registered - users. - -Note that these queue daemons are pretty raw, and need your care. In -particular, they leak memory, and you may want to restart them on a -regular (daily or so) basis with a cron job. Also, if they lose -the connection to the XMPP server for too long, they'll simply die. It -may be a good idea to use a daemon-monitoring service, like 'monit', + them as notices in the database; also pulls queued XMPP output from + queuedaemon.php to push out to clients. + +These two daemons will automatically restart in most cases of failure +including memory leaks (if a memory_limit is set), but may still die +or behave oddly if they lose connections to the XMPP or queue servers. + +It may be a good idea to use a daemon-monitoring service, like 'monit', to check their status and keep them running. All the daemons write their process IDs (pids) to /var/run/ by @@ -568,7 +695,7 @@ daemons. Since version 0.8.0, it's now possible to use a STOMP server instead of our kind of hacky home-grown DB-based queue solution. See the "queues" config section below for how to configure to use STOMP. As of this -writing, the software has been tested with ActiveMQ ( +writing, the software has been tested with ActiveMQ. Sitemaps -------- @@ -654,10 +781,12 @@ subdirectory to add a new language to your system. You'll need to compile the ".po" files into ".mo" files, however. Contributions of translation information to StatusNet are very easy: -you can use the Web interface at http://status.net/pootle/ to add one +you can use the Web interface at TranslateWiki.net to add one or a few or lots of new translations -- or even new languages. You can also download more up-to-date .po files there, if you so desire. +For info on helping with translations, see http://status.net/wiki/Translations + Backups ------- @@ -683,15 +812,21 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. -If fancy URLs is enabled, access to file attachments can also be -restricted to logged-in users only. Uncomment the appropriate rewrite -<<<<<<< HEAD:README -rule in .htaccess or your server's httpd.conf. (This most likely will -not work if you are using a virtual server for attachments, so consider -the performance/security tradeoff.) -======= -rule in .htaccess or your server's httpd.conf. ->>>>>>> 446de62... Revert "Added some explanatory text to README":README +Access to file attachments can also be restricted to logged-in users only. +1. Add a directory outside the web root where your file uploads will be + stored. Usually a command like this will work: + + mkdir /var/www/mublog-files + +2. Make the file uploads directory writeable by the web server. An + insecure way to do this is: + + chmod a+x /var/www/mublog-files + +3. Tell StatusNet to use this directory for file uploads. Add a line + like this to your config.php: + + $config['attachments']['dir'] = '/var/www/mublog-files'; Upgrading ========= @@ -1002,6 +1137,12 @@ Creative Commons Attribution 3.0 license, which is probably the right choice for any public site. Note that some other servers will not accept notices if you apply a stricter license than this. +type: one of 'cc' (for Creative Commons licenses), 'allrightsreserved' + (default copyright), or 'private' (for private and confidential + information). +owner: for 'allrightsreserved' or 'private', an assigned copyright + holder (for example, an employer for a private site). If + not specified, will be attributed to 'contributors'. url: URL of the license, used for links. title: Title for the license, like 'Creative Commons Attribution 3.0'. image: A button shown on each page for the license. @@ -1407,6 +1548,44 @@ contentlimit: max length of the plain-text content of a message. Default is null, meaning to use the site-wide text limit. 0 means no limit. +logincommand +------------ + +Configuration options for the login command. + +disabled: whether to enable this command. If enabled, users who send + the text 'login' to the site through any channel will + receive a link to login to the site automatically in return. + Possibly useful for users who primarily use an XMPP or SMS + interface and can't be bothered to remember their site + password. Note that the security implications of this are + pretty serious and have not been thoroughly tested. You + should enable it only after you've convinced yourself that + it is safe. Default is 'false'. + +singleuser +---------- + +If an installation has only one user, this can simplify a lot of the +interface. It also makes the user's profile the root URL. + +enabled: Whether to run in "single user mode". Default false. +nickname: nickname of the single user. + +robotstxt +--------- + +We put out a default robots.txt file to guide the processing of +Web crawlers. See http://www.robotstxt.org/ for more information +on the format of this file. + +crawldelay: if non-empty, this value is provided as the Crawl-Delay: + for the robots.txt file. see http://ur1.ca/l5a0 + for more information. Default is zero, no explicit delay. +disallow: Array of (virtual) directories to disallow. Default is 'main', + 'search', 'message', 'settings', 'admin'. Ignored when site + is private, in which case the entire site ('/') is disallowed. + Plugins ======= @@ -1573,6 +1752,8 @@ if anyone's been overlooked in error. * Federico Marani * Craig Andrews * mEDI +* Brett Taylor +* Brigitte Schuster Thanks also to the developers of our upstream library code and to the thousands of people who have tried out Identi.ca, installed StatusNet,