Page 5 of 9

Re: Oolite.org updated media?

Posted: Mon Mar 12, 2012 10:32 pm
by pagroove
I use Joomla! often for webdesign and I agree that it takes a while to get used to. Some things that seem simple are not simple and logic at all. For example what I found confusing are the user positions that you have to use when you have a CSS- template. I've been looking into Wordpress lately. And What I see makes me happy. Some things are more logical and straightforward to use.

But the statement that every other CMS is better is not really true IMO. Believe me on my word that I've seen commercially developed CMS systems that work more user-friendly, or just don't work at all or are just downright more confusing than Joomla!. That said it is a shame indeed that the really good plugins are commercial. Or you have to write them yourself.

Re: Oolite.org updated media?

Posted: Mon Mar 12, 2012 11:52 pm
by Gimi
Just to get things straight, I started this whole thing with my screen shot that Selezen commented on. :mrgreen: :mrgreen: :mrgreen:
Anyway, I am aware that currently Winston is absent from the forum. Regardless, he did at one time put a lot of effort and money into hosting and maintaining the current Wiki, and thus he is the key to this whole thing. I will not support a move away from the current wiki without his consent. Maik has done an awesome job, and ultimately I think that moving on is beneficial to Oolite, but I still feel that a consent from Winston is required.

Re: Oolite.org updated media?

Posted: Tue Mar 13, 2012 8:12 am
by maik
I don't think there is any rush to move.

I know Winston put a lot of his time into Oolite and as far as I can tell, he is to thank for that there even is a unified source tree for OS X, Linux, and Windows, and that we have a wiki at all (and, as Selezen pointed out, a BB). So getting word from him that real life just does not permit him to spend time on Oolite related activities anymore and that he supports a move would be great. Especially because a supported move is a lot less painful from getting data from an old to a new setup.

However, from a purely logical point of view, waiting for his consent might mean not ever moving if he does not answer.

And again: I'm not in a hurry. I also don't mind using my server for something else if we find out we actually don't need it (if Winston resurfaces and becomes active again). It is just a plan B.

Re: Oolite.org updated media?

Posted: Tue Mar 13, 2012 9:33 am
by Selezen
The whole topic started due to comments that the website was out of date and needed some updating. It's a bit of a tricky process to update it, as the code is hosted on Berlios and would need to be manually updated and uploaded every time even a typo was fixed.

I suggested a consolidation of the three non-aegidian hosted parts of our community because:
a) the website is difficult to update
b) there is no admin access to the wiki server or database and
c) files are hosted in a "commercial" shared file server

Winston started the wiki after a request for an Elite wiki on the Elite BBS - Oolite kind of took it and ran with it. Winston hasn't been around here for over a year and hasn't even updated his Frontier News page for 2 years+. His own website seems not to have been updated since 2002. The Elite BBS seems to be down, so without any evidence to the contrary, it seems Mr Smith has taken a step back from involvement with Elite/Oolite. Which leaves the wiki floating in limbo with no idea whether or not someone will ever be able to administer it. I think it makes good sense to move the Oolite content to a separate place and link to it from the Elite wiki, as if Dylan doesn't come back it's going to get gradually more and more outdated.

My main comment initially was about adding pics and stuff to the oolite.org site - We have a shed lead of wallpaper-quality images and loads of videos that could be added to the site (or linked) and currently it's a nightmare to do it on a static site. I still think that a CMS would be a good idea, but Joomla, Wordpress and the like are just too much for the sort of dynamism that the site needs. We don't need a bloated blogging site - that's what the BB is for. "Keep It Simple, Stupid". ;-)

Re: Oolite.org updated media?

Posted: Tue Mar 13, 2012 5:28 pm
by Thargoid
maik wrote:
I don't think there is any rush to move.
Except for the extra work in maintaining both versions of the wiki, as McLane mentioned.

Whilst it's an exercise in copy/paste, it is more to do and there is the risk of divergence. So a resolution sooner rather than later would be much preferred.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 6:56 am
by maik
Ok, I looked at a few more light-weight CMS that fit snuggly into the existing server setup and seem to not have a very steep learning curve and was most happy with textpattern. Its user community seems very active and friendly (good match for us) and they also produce a lot of plugins. It runs on http://maikschulz.de now and I already copied the oolite.org contents into it.

This was only a rough exercise so far, except for the gallery page I did not add any flexibility with placeholders for articles, so the only advantage over oolite.org at the moment is that you can edit the pages directly in the CMS front end and don't have to have server access.

The gallery looks quite horrible at the moment, but this is due to my limited HTML/CSS knowledge and to textpattern not seeing libGD which would be responsible for automatically creating thumbnails. So thumbnails have to be created manually at the moment until I get this fixed.

If someone would like to play around with it PM me for a user.

Edit: Fixed the thumbnail generation

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 9:13 am
by Selezen
Can I ask if there was something wrong with the gpEasy CMS that I trialled at www.hughesd.co.uk/oolitedev?

Does TextPattern offer something better?

That said, it does look like it has allowed the porting of the script based header stuff, which is good. :-)

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 9:15 am
by maik
Selezen wrote:
Can I ask if there was something wrong with the gpEasy CMS that I trialled at http://www.hughesd.co.uk/oolitedev?

Does TextPattern offer something better?
Yes:
Selezen wrote:
That said, it does look like it has allowed the porting of the script based header stuff, which is good. :-)
;-)

Edit: There is also quite a lot of documentation, which I found lacking for gpEasy.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 9:22 am
by Selezen
gpEasy doesn't need a lot of documentation. Neither does it need a MySQL database, which is one thing I think would be a good idea, and why gpEasy would be a good choice. It removes another layer of maintenance (as well as removing the need for a connection string and reliance on another location for data storage).

gpEasy is SO easy, all you have to do is log in, hover your mouse pointer over the bit you want to change and click on the "edit" link.

Either that or use the small menu to organise or create content. All that with a flat file content system that makes access faster and makes maintenance easier too. If I can find/make a headerless theme then I'd be able to port the script over too.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 9:39 am
by maik
Selezen wrote:
gpEasy doesn't need a lot of documentation. Neither does it need a MySQL database, which is one thing I think would be a good idea, and why gpEasy would be a good choice. It removes another layer of maintenance (as well as removing the need for a connection string and reliance on another location for data storage).

gpEasy is SO easy, all you have to do is log in, hover your mouse pointer over the bit you want to change and click on the "edit" link.

Either that or use the small menu to organise or create content. All that with a flat file content system that makes access faster and makes maintenance easier too. If I can find/make a headerless theme then I'd be able to port the script over too.
I haven't yet understood why a (MySQL) DB is a bad thing. It runs on the same box, so does not need another location for data storage. And in contrast to a hierarchical file system, a relational DB gives you numerous advantages, e.g. "in a customer-order schema you could only access an order through a customer, you couldn’t easily find all the orders that included the sale of a widget because the schema isn’t designed to all that" (quote from some online publication). Content only stored in files does not support additional attributes to an article that can be searched, etc. at all.

Oh, and the MySQL DB was already there since I needed it for the MediaWiki anyways. So no additional maintenance. And neither with MediaWiki nor with textpattern I had to care about a connection string. They are admin-friendly enough to just ask for the DB name, user, and password and create the connection string themselves.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 10:01 am
by Selezen
Fair comment, since you have all the stuff on your hosting, but the drive for this topic was to SIMPLIFY the maintenance of the web stuff. With your suggestion, a potential "web site administrator" needs to know MySQL as well as PHP/HTML.

I didn't suggest gpEasy just because I use it, I suggested it because it makes sense to adopt something that needs a similar amount of knowledge to install and maintain as is currently used for the existing web site. With any MySQL-based CMS, if the SQL side of it goes down it will need someone with MySQL experience to be able to step in and repair it. Is the database backed up? If you vanish off the map, would someone be able to access the database backups (and this is relevant for the wiki installation too) and be able to restore them? We'd be relying on having a member of the commoonity active on the bb with MySQL knowledge to be able to restore the website.

With a flat file structure, as the current web site is, it's just a matter of backing up the web folder and restoring via FTP or similar as necessary. It's more sensible to only require a single skill rather than two skills, in my opinion.

Look, I get the feeling I might be coming across as adversarial here, but I don't mean to be. It's simply a matter of what I think is the most sensible option for ease of maintenance both now and in the future. No matter what gets adopted for the hosting strategy, it will have to be documented so that the admin handling can be "handed over" in the future when various members of the community inevitably depart, and there's no guarantee that we'll have the same skillset available then as we do now. Whoever takes charge of the hosting will have to accept that they will be letting people they don't know access their web hosting platform, and I worry about the adoption of the "security measures" that Maik has proposed - sensible in the short term, but my gut tells me that there could be problems down the line, for example people may pass on that access without maik's knowledge.

Additionally, if maik can no longer host the site, the migration to another location will be that much more difficult with a web site reliant on a MySQL database. Again, luck will play a part, and we'd have to hope that there would be a person on the forum with available web space and a MySQL server to use. Using a flat file option would allow the web site to be migrated in one step and at least present a "front end" whilst the wiki was ported or moved. Again, I suggested pmWiki for the same reasons before, but I admit that was perhaps more effort than it was worth to port the content... ;-)

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 10:04 am
by maik
Selezen wrote:
maik wrote:
Both oolite.org and alioth.net seem to belong to aegidian
alioth.net belongs to Winston. Only Winston has access to the back end of his domain and he ain't sharing.
I have been looking around the web a little bit and also found some scripts that scrape an existing phpBB3 installation to move it to a new one. Users, forums, topics, posts are kept intact, passwords, attachments (which we don't have) and polls are lost.

So we could even create a new BB and migrate the contents of this one here over if we want to go this route. Haven't tried the script yet, but looking at the post I linked to above it seems under active development on the phpBB.com forum which is encouraging.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 10:29 am
by maik
Selezen wrote:
Fair comment, since you have all the stuff on your hosting, but the drive for this topic was to SIMPLIFY the maintenance of the web stuff. With your suggestion, a potential "web site administrator" needs to know MySQL as well as PHP/HTML.
I would like to distinguish between web content maintenance (which will not require MySQL nor PHP, but only HTML/CSS/JavaScript knowledge) and web server maintenance (which will require Linux/Apache/MySQL knowledge and general security awareness / paranoia).
Selezen wrote:
With any MySQL-based CMS, if the SQL side of it goes down it will need someone with MySQL experience to be able to step in and repair it.
It's not only the CMS, but also the wiki and, if we stay with phpBB, the forum.
Selezen wrote:
Is the database backed up? If you vanish off the map, would someone be able to access the database backups (and this is relevant for the wiki installation too) and be able to restore them? We'd be relying on having a member of the commoonity active on the bb with MySQL knowledge to be able to restore the website.
The whole server is backed up by the hoster, once per day going back 10 days. I have never tested their restore mechanism though. And currently, it is only me who has access to the hoster. But this was talking about disaster recovery. For the case that I vanish off the face of earth, cim has access to the server and can retrieve everything that is needed by accessing the DB directly and moving it to a new server.
Selezen wrote:
With a flat file structure, as the current web site is, it's just a matter of backing up the web folder and restoring via FTP or similar as necessary. It's more sensible to only require a single skill rather than two skills, in my opinion.
That talk about FTP makes me uneasy, it is the least secure protocol to use, transmitting the password in plain text. Not even installed on my server. I haven't yet seen a web application CMS + BB + Wiki stack that you can administer with only a single skill and get a useful set of features. What I'm trying to do is keep the number of different technologies down to not require too many different skills. Apache + PHP + MySQL DB on Linux is pretty much standard (also referred to as LAMP), and the chance of finding someone who is able to deal with these quite high.
Selezen wrote:
Look, I get the feeling I might be coming across as adversarial here, but I don't mean to be. It's simply a matter of what I think is the most sensible option for ease of maintenance both now and in the future. No matter what gets adopted for the hosting strategy, it will have to be documented so that the admin handling can be "handed over" in the future when various members of the community inevitably depart, and there's no guarantee that we'll have the same skillset available then as we do now.
Don't worry. I simply disagree with the idea that someone without the skills that I listed above would be a good candidate. Web servers get hacked every day and I don't want mine on the list just because someone with only passing ideas of running a server securely becomes admin. No offense meant to anyone here, its just that people have different skills and should do what they know best. I don't design web pages nor model oolite ships.
Selezen wrote:
Whoever takes charge of the hosting will have to accept that they will be letting people they don't know access their web hosting platform, and I worry about the adoption of the "security measures" that Maik has proposed - sensible in the short term, but my gut tells me that there could be problems down the line, for example people may pass on that access without maik's knowledge.
I only give out named users to people who identify themselves to me. Sorry, my server, my rules. Whoever receives a named user is responsible for what this named user does on the server. So passing it on to someone else means assuming responsibility and violating my trust.
Selezen wrote:
Additionally, if maik can no longer host the site, the migration to another location will be that much more difficult with a web site reliant on a MySQL database. Again, luck will play a part, and we'd have to hope that there would be a person on the forum with available web space and a MySQL server to use. Using a flat file option would allow the web site to be migrated in one step and at least present a "front end" whilst the wiki was ported or moved. Again, I suggested pmWiki for the same reasons before, but I admit that was perhaps more effort than it was worth to port the content... ;-)
If you need to quickly set up a static copy of the home page use a web scraper such as SiteSucker and install the static copy on an existing server. For the rest you will need MySQL anyways.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 11:10 am
by Selezen
maik wrote:
I haven't yet seen a web application CMS + BB + Wiki stack that you can administer with only a single skill and get a useful set of features. What I'm trying to do is keep the number of different technologies down to not require too many different skills. Apache + PHP + MySQL DB on Linux is pretty much standard (also referred to as LAMP), and the chance of finding someone who is able to deal with these quite high.
Just for reference, gpEasy + myUPB + pmWiki - not a database in sight, all are fully featured implementations of their genre.
maik wrote:
Web servers get hacked every day and I don't want mine on the list just because someone with only passing ideas of running a server securely becomes admin. No offense meant to anyone here, its just that people have different skills and should do what they know best. I don't design web pages nor model oolite ships.
maik wrote:
I only give out named users to people who identify themselves to me. Sorry, my server, my rules. Whoever receives a named user is responsible for what this named user does on the server. So passing it on to someone else means assuming responsibility and violating my trust.
The criteria you specify for allowing people access could severely limit the number of people who would be able to administer it (or who would want to). On a forum like this (designers and C developers, primarily) I think you may find that there are relatively few people with all the required knowledge as well as being happy with releasing their personal information. I'm not criticising your ethic, in fact I agree with it, I just think it will/could limit the "uptake" of candidates.
maik wrote:
If you need to quickly set up a static copy of the home page use a web scraper such as SiteSucker and install the static copy on an existing server. For the rest you will need MySQL anyways.
Doesn't that contradict the point you/we are making about using as few technologies as possible? Why use a dodgy site scraper to make a static site when if a flat file CMS is used, it's even more simple to just restore a backup of the files to a new location? Site scrapers can have problems with scripting and references.

I think I'm being overly protective of the commoonity, to be honest, and I should maybe take a step back. I don't agree with taking the current PHP-only website and re-inventing it with another tier, as that's against the concept I was trying to promote (making things simpler) - making editing simpler shouldn't be done at the expense of making the hosting more complex. Ahruman's current strategy (files held on berlios, can be moved live just by copying them) would work just as well on gpEasy if it needed to, but adding a set of MySQL tables just adds another level of complexity to that one aspect of the site that in my opinion isn't needed for a site as simple as oolite.org. If the database server is "disrupted" in some way, then the whole commoonity goes down, website, wiki and all (forum too, if you get your way and move that over). With a flat file front end if the database falls over, even temporarily, then the commoonity still has the website there to fly the flag and/or report the problems. I've ran admin on several web sites, and my policy of running databaseless front ends for simple sites was always adopted after carrying out risk assessments.

Hacking will happen no matter how many security precautions you take. A database back end is much much more vulnerable due to things like SQL injection. Sites I've administered commercially have been hacked MORE through SQL than in any other way, and it often doesn't matter how many "security precautions" have been taken in the code. Database or otherwise, any site with a file uploader is vulnerable too, and again precautions always seem to be worked around. Of all the CMS systems I've used on my personal website, gpEasy is the only one (thus far) that hasn't been hacked. I don't honestly know why - the last version was hacked every few weeks through the database connection string, even after protection from injection was added.

Re: Oolite.org updated media?

Posted: Wed Mar 14, 2012 11:38 am
by maik
Selezen wrote:
maik wrote:
I haven't yet seen a web application CMS + BB + Wiki stack that you can administer with only a single skill and get a useful set of features. What I'm trying to do is keep the number of different technologies down to not require too many different skills. Apache + PHP + MySQL DB on Linux is pretty much standard (also referred to as LAMP), and the chance of finding someone who is able to deal with these quite high.
Just for reference, gpEasy + myUPB + pmWiki - not a database in sight, all are fully featured implementations of their genre.
The point is moot, we do not start from scratch but want to carry over what we have.
Selezen wrote:
maik wrote:
Web servers get hacked every day and I don't want mine on the list just because someone with only passing ideas of running a server securely becomes admin. No offense meant to anyone here, its just that people have different skills and should do what they know best. I don't design web pages nor model oolite ships.
maik wrote:
I only give out named users to people who identify themselves to me. Sorry, my server, my rules. Whoever receives a named user is responsible for what this named user does on the server. So passing it on to someone else means assuming responsibility and violating my trust.
The criteria you specify for allowing people access could severely limit the number of people who would be able to administer it (or who would want to). On a forum like this (designers and C developers, primarily) I think you may find that there are relatively few people with all the required knowledge as well as being happy with releasing their personal information. I'm not criticising your ethic, in fact I agree with it, I just think it will/could limit the "uptake" of candidates.
Of course there are only a few. But this lies in the nature of the forum--it is for players, not for admins. There are also only few people who code in Objective-C on this forum.
Selezen wrote:
maik wrote:
If you need to quickly set up a static copy of the home page use a web scraper such as SiteSucker and install the static copy on an existing server. For the rest you will need MySQL anyways.
Doesn't that contradict the point you/we are making about using as few technologies as possible? Why use a dodgy site scraper to make a static site when if a flat file CMS is used, it's even more simple to just restore a backup of the files to a new location? Site scrapers can have problems with scripting and references.
Yes, it is more simple. It just seems that gpEasy requires a few more hoops to jump through to get a copy of the current oolite.org design. Something like textpattern does not place restrictions on the design.
Selezen wrote:
I think I'm being overly protective of the commoonity, to be honest, and I should maybe take a step back. I don't agree with taking the current PHP-only website and re-inventing it with another tier, as that's against the concept I was trying to promote (making things simpler) - making editing simpler shouldn't be done at the expense of making the hosting more complex. Ahruman's current strategy (files held on berlios, can be moved live just by copying them) would work just as well on gpEasy if it needed to, but adding a set of MySQL tables just adds another level of complexity to that one aspect of the site that in my opinion isn't needed for a site as simple as oolite.org.
Fair enough.
Selezen wrote:
If the database server is "disrupted" in some way, then the whole commoonity goes down, website, wiki and all (forum too, if you get your way and move that over).
It's not "if I get my way". The current forum runs on phpBB3 which needs a database. I thought one idea was to centralize web site + wiki + forum to have fewer required maintainers (as well as making the website more accessible).
Selezen wrote:
With a flat file front end if the database falls over, even temporarily, then the commoonity still has the website there to fly the flag and/or report the problems. I've ran admin on several web sites, and my policy of running databaseless front ends for simple sites was always adopted after carrying out risk assessments.
True. The risk of a DB falling over is relatively small though.
Selezen wrote:
Hacking will happen no matter how many security precautions you take. A database back end is much much more vulnerable due to things like SQL injection. Sites I've administered commercially have been hacked MORE through SQL than in any other way, and it often doesn't matter how many "security precautions" have been taken in the code. Database or otherwise, any site with a file uploader is vulnerable too, and again precautions always seem to be worked around. Of all the CMS systems I've used on my personal website, gpEasy is the only one (thus far) that hasn't been hacked. I don't honestly know why - the last version was hacked every few weeks through the database connection string, even after protection from injection was added.
The DB on my site is only accessible from the same machine, not over the internet. The more frequently used web applications are all reasonably secured against SQL injection attacks and malicious file uploading and/or respond to security issues relatively quickly. Add to this that only people from the community can actually upload files. Anyways, I feel relatively good about my server but of course would be happy to learn about holes in its security.

Edit to add: go ahead and make database-less copies of oolite.org, the wiki, and the bb. You will have my undying appreciation if you manage this without losing anything and keeping the same design and I will rest my case.