News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

FTP to SFTP?

Started by kawajax, June 08, 2014, 02:45:30 PM

Previous topic - Next topic

Arantor

If only someone hadn't already figured all this out, including writing a zip parsing library that didn't require dumping all the files to the file system but left them accessible as strings, so they could be passed to an upgraded FTP library for the purposes of uploading all of these things. I live in hope that such things will one day come to pass. ;)

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

But it's an interesting point that none of this is theoretical, even in the wider SMF ecosystem.

It's pretty much only phpBB and SMF that primarily rely on file edits these days; phpBB finally caught up with where SMF was 10 years ago when it finally got around to including Automod. But everyone else left SMF behind; I find it *extremely* interesting to note that XenForo and IPB don't do raw edits, not even of the templates, which makes it significantly more reliable.

Kindred

But the. How do mods edit the core functionality?

Don't say hooks...   Because hooks are great, and should be used when possible... But sometimes changing the code is the only way to accomplish the modification.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

In XF's case, hooks and the fact you can do all kinds of neat class loading to extend behaviours easily. And their templates are in the DB, but there is a kind of soft find/replace done prior to template compilation, rather than a hard find/replace like SMF does.

In practice you don't generally *need* to touch the raw code and there are literally hundreds of plugins that don't require edits. Heck, the upgraded search backend - that integrates ElasticSearch - is an editless plugin, as is their resource manager (what they use for their mod site)

Of course, this assumes the application was built properly in the first place with extensibility in mind.

Kindred

Right... So possible for 3.0 with the complete rewrite in mind, but unlikely to happen in the existing 2.x infrastructure...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

I was having this discussion when smCore was still in gestation. The only person who ever gave me a credible argument against removing file edits was Unknown, and then it was all about providing bug fix packages, which is literally the only use case that *should* be file edit only but then you'd have a faster release cycle to deal with that kind of thing anyway ;)

None of these issues are new. None of the solutions are new either. More importantly, neither is the general resistance to the idea of doing it anyway. That's just as strong as ever.

margarett

#27
In this case I would also be very resistant because I, like Kindred and probably most others, don't really understand how can you get to PackMan's flexibility without file edits.

I have to say, this issue with the security attached to PackMan and theme editor is not something I'm too concerned... For all cases you need a broken admin account and, when that happens, all bets are off already...

Of course, if there's a safer way to do the same thing, it should be checked ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Kindred

well, no, Bruno, What I believe Arantor just said is that -- if the mod uploads its own files, then they are uploaded with the owner being php...
which means a 444 chmod file is chwoned by the system, not the user and thus could actually still be modified by another php scipt.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

The sorts of trouble you can get into with packman and the theme editor CANNOT BE ACHIEVED in other forum systems. Did I mention already that what happened with Avast could not have happened in other forum systems, even if the admin account was compromised?

By forcing you to upload the files yourself, ownership is set to you not to the system. This is why in Wedge's plugin manager, 1) file edits are prevented and 2) the plugin manager actually performs uploads over FTP for you ensuring you get proper ownership.

As far as flexibility goes, it is not a regular complaint with XF mod authors. Template edits can be done safely with a find/replace that doesn't actually modify the template, and the vast bulk of classes can be overloaded with what even amounts to a subtle form of mixin which means extending virtually any behaviour is not difficult. There are a few specific exceptions but these are limited only to places where classes are manually instantiated rather than through the various proper load behaviours.

I can't speak for IPB with too much depth; the only IPB stuff I've installed are the official add-ons but they all follow the same pattern: upload the files manually, run stuff to activate them. But the parts of their ACP dedicated to add-ons all talk about hooks and registering plugins that are pre-existing files.

Kindred

So -- in general I disagree with the FIRST part of what was done on wedge...   I think that file edits are a key point in flexibility of modding (and yes, we've already been over the issue with modders' code in general)

the second part is what would make it more secure though -- using FTP the correct way - and IMO, that is where the current PakMan is lacking.

not sure about that description of XF... I'd have to look into it more.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

WHY are they a key point in flexibility? Because the current code is so labyrinthine that you don't have any choice but to do so.

SimpleDesk was almost totally converted to hooks for Wedge, the only sticking point was the attachments system which was entirely a kludge effort in the first place to limit support issues. Had I taken the better travelled path, that would also be a non issue. Or if the attachments system were not so explicitly tied to topics and allowed access from other subsystems cleanly.

You're also missing a great amount of the other benefits of decoupling edits. How many times have you dealt with users that have broken forums or partially broken forums because of bad edits? If you have a design that allows for extending the system without edits, not only does that problem basically go away, but you get improved ruggedness out of it. Bad plugin? Rename the folder and it won't be loaded. Heck even WP is better about this than SMF is and much as I hate to defend the monstrosity of WP, that's basically how they do it too... not hacking up core code.

There is a reason phpBB and SMF are the only major platforms still doing this, while everyone else has moved onto more elegant, more stable and more refined methods of doing this stuff.

margarett

And this comes in line to what I pointed above: most of us have no idea how can the same or similar mod flexibility be achieved without file edits ;)

And another problem is that PackMan is 10+ years old. And it was great when I first started in SMF, not having to perform file edits by hand! Still is :) So now it is what it is... But this discussion is great for future version ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Arantor

And to be honest, I can't be bothered to explain all the mechanics of how it should work because I feel like I'd be wasting my time, because there is no way I will be around for SMF 3.0. I'll need something before 2020.

Kindred

pessimist...   we can get it done by 2019 :P
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

And then you remember that XenForo got to their first public release in a year from scratch - with two developers.

Kindred

yes...   I know.   and I have said this before --   creating a software from the start is actually EASIER than updating versions and having to support existing version(s) and community

If we had 2 developers working full time on SMF 3.0 and not doing anything else (like providing support or fielding security questions on the existing platform), I'd bet we could have a release by the end of next year, fairly easily.   If we could afford to pay developers, we might do as well... but without switching to a paid model (which SMF will never do) we can't compete on that sort of timeline.

We can, however, build and support a good, free product
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

And why do you think I'm advocating 3.0 as a from scratch build? Building 3.0 using 2.x as a basis is insane at this point.

Also note that Kier and Mike don't generally field questions themselves, that's what the rest of the moderator team and community do. That's because they know how to work together and communicate with each other and raise things that are possible dev concerns to the devs without the devs having to basically figure it out for themselves as has historically been the case here.

Kindred

Arantor....  you seem to be under the impression that you are arguing something here?

It has been our intention to scratch build 3.0 for 2 years now...

Actually, our support team is usually pretty good these days about answering or flagging things for more knowledgeable folks. Although that has not historically been the case, the current team is good about it and you are one of the devs who felt the need to answer almost every support topic is you    :P :P :P
I appreciate your passion, but you tend to try to do everything when you get into something. :D
Not necessarily a bad trait, but it can lead to burnout.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Yes, I'm arguing a point that you still don't seem to be getting :(

Two guys built XF from scratch in a year. Quite a few more people haven't been able to get from 2.0 to 2.1 (which is a smaller job) in *three* years. Call me skeptical but I don't see that group of people being able to get a from scratch thing built any time this side of 2020, knowing as I do how this group operates. 2.0 wasn't a from scratch thing and that took 5 years. And there's still a lot of strange oddities left behind even now because of 1.1's structure.

Of course I tried to answer every support topic. How else would I know what the weaknesses of the software are when even the support team could not tell me what the common support issues were when I asked?

How else would I know what the limitations of the package manager were if I'd never made packages? How else would I know what's illogical about the admin panel if I hadn't tried to explain it to other people? Rubber duck debugging works for many things, including illogical UI.

I'd have been more willing to let the team contribute if I felt I could trust them. But we all know by now that I'm a terrible person anyway, so there's that too.

Advertisement: