Advertisement:

Author Topic: Suit up!  (Read 32599 times)

Offline Dragooon

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 6,738
  • Gender: Male
  • I'm bIn
    • ShitizGarg on Facebook
    • Dragooon on GitHub
    • dragooon on LinkedIn
    • SMF-Media
Suit up!
« on: June 03, 2014, 11:00:17 AM »
Hello! Time for another update regarding our progress with 2.1.

Change in password hash
Passwords stored in the database are hashed. In the unlikely event that your database gets stolen and the passwords are leaked, the thief cannot see the actual password without cracking the hash. The hash protects the user's password being in plain sight to the attacker and helps protect their online identity on that site, as well as, potentially, other sites.

SMF has been using SHA-1 hash for its passwords from 1.1 to 2.0 and while SHA-1 still has no known weakness, it's a weak hash by today's standard and is susceptible to being cracked via brute force attacks. While this is still a hard task and would probably require GPU farms to be effective on a large scale, it's definitely a threat especially to passwords which are weak, commonly used and/or based on common dictionary words.

With 2.1 the entire hash has been switched to bcrypt. It's a far more secure and strong hash than SHA-1 and is a lot less susceptible to brute force attacks unlike SHA-1. Any forum upgrading from 2.0/1.1 will have their users' passwords upgraded to this hash once they login for the first time on the 2.1 forum and new users will automatically get the bcrypt password.

Likes and Mentions
SMF now has support for grabbing a user's attention simply by mentioning their name using the @username syntax, similar to popular social networking sites such as Facebook and Twitter. This action will send an alert and/or an e-mail depending upon the receiving user's preferences.

Likes also receive some additional features and improvements, with the ability to like a post via AJAX without having to refresh the page as well as permissions for membergroups to allow liking posts or not.

Minimum PHP version bump
With the additional improvements in password hashing as well as other improvements and advancements requiring the use of features such as closures, we've decided to bump the minimum version of PHP to 5.3.8 with 2.1.   SMF 2.1 will not work with versions below that.

Conversion of create_function's lambda style functions to true anonymous closures
SMF has a lot of create_function calls (over 200 in fact) and create_function is a particularly memory hungry function which cannot be optimised by bytecode caches and properly garbage collected. With the recent bump in PHP 5.3, we've decided to take this opportunity and convert all of them to true closures which will have much better support as well as proper support for garbage collection the moment it's out of scope.

BoardIndex optimisation
The BoardIndex receives some love with improvements in the way it's queried, breaking the previously monstrous query into three smaller queries. Also, boards are now explicitly sorted by using a sort cache for all the DB types instead of using a rather inefficient ORDER BY clause for Postgres, SQLite. This also fixes random board ordering in MySQL 5.6+ without impacting the performance.

Karma's gone!
As decided in a poll before, we've completely removed karma which will in turn be made into a separate optional modification for SMF 2.1.

But wait! We've even more!
  • Multiple improvements to the WIP Curve2 theme and its responsive aspect.
  • Linktree automatically hides parent boards if they cannot be seen by the visiting member.
  • jQuery has been updated to 1.11.
  • Multiple bugfixes regarding undefined indexes, unexpected behaviours etc.
  • And several other things I'm probably forgetting here...

That's it for now :), thank you for reading. With every commit, we're nearing a Beta release with the hopes to get one out as soon as possible. As always, all the latest changes, everything I've listed here and more can be seen on our GitHub repository but please be careful, as it's in Alpha stages for now. Feel free to give it a spin but do not use it in a live/production environment, there may be bugs or we may unexpectedly change something which might put your forum into an unusable state.

Regards

Offline Matthew K.

  • SMF Super Hero
  • *******
  • Posts: 12,440
  • Gender: Male
    • matthew.kerle on Facebook
    • @matthew_kerle on Twitter
Re: Suit up!
« Reply #1 on: June 03, 2014, 11:17:36 AM »
Upgrader and installer also now have RTL :P

kat

  • Guest
Re: Suit up!
« Reply #2 on: June 03, 2014, 11:18:06 AM »
Thanks for the update dragooooooooooooooooooooooooooooooooooooon! :)

Offline Dragooon

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 6,738
  • Gender: Male
  • I'm bIn
    • ShitizGarg on Facebook
    • Dragooon on GitHub
    • dragooon on LinkedIn
    • SMF-Media
Re: Suit up!
« Reply #3 on: June 03, 2014, 11:35:05 AM »
Upgrader and installer also now have RTL :P
Well I was bound to miss a few :P, one can always check Github's commit logs to know exactly what went down.

Offline radu81

  • Jr. Member
  • **
  • Posts: 315
  • Gender: Male
Re: Suit up!
« Reply #4 on: June 03, 2014, 12:16:31 PM »
great news, thanks for the updates!
sorry for my bad english

Offline CountryLady

  • Jr. Member
  • **
  • Posts: 178
  • Gender: Female
    • OurCountryHaven
Re: Suit up!
« Reply #5 on: June 03, 2014, 01:41:19 PM »

Fantastic News~! Many "Thanks" to ALL involved. This is really exciting.

Those with the know-how 8) to do this, please keep up this awesome work.

Thanks for posting this Dragooon. :D

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,743
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Suit up!
« Reply #6 on: June 03, 2014, 05:54:30 PM »
Good job :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Online vbgamer45

  • Support Member of the Month
  • SMF Super Hero
  • *
  • Posts: 19,133
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Suit up!
« Reply #7 on: June 03, 2014, 06:02:23 PM »
Thanks for the update! I really enjoy the mentions system and use it on my boards.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Suit up!
« Reply #8 on: June 03, 2014, 06:08:53 PM »
Nice work. Question: is it possible for a user to completely switch off the likes and mentions notifications?* I know some people like them, but others just find them a nuisance.

*Meaning so they never show up on the forum interface at all.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,434
    • Arantor on GitHub
Re: Suit up!
« Reply #9 on: June 03, 2014, 06:10:07 PM »
I believe likes can be turned off, not so sure about mentions. Given that they tie into the alerts system and a bunch of other stuff also ties into the alerts system...
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Suit up!
« Reply #10 on: June 03, 2014, 06:17:39 PM »
K. Well my 2c is that it'd be cool to have a user option to mindlessly clear all mentions with one click. I find it a PITA when I have to manually go through and deal with each one.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,434
    • Arantor on GitHub
Re: Suit up!
« Reply #11 on: June 03, 2014, 06:18:27 PM »
You should be able to turn off getting alerts for mentions if you don't care :P
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Suit up!
« Reply #12 on: June 03, 2014, 06:20:18 PM »
Oh goody. Elk didn't have that last I checked. :D

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,434
    • Arantor on GitHub
Re: Suit up!
« Reply #13 on: June 03, 2014, 06:21:04 PM »
That's because Elk's system is totally different from SMF's.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Suit up!
« Reply #14 on: June 03, 2014, 06:23:39 PM »
Well since they're determined to be better, I expect they'll have to put it on their to-do list now.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,434
    • Arantor on GitHub
Re: Suit up!
« Reply #15 on: June 03, 2014, 06:25:22 PM »
Yeah, I chose to stop development before I finished building it. Long story. Dragooon is doing awesome work now though.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline NanoSector

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 10,438
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: Suit up!
« Reply #16 on: June 04, 2014, 01:52:57 AM »
You should be able to turn off getting alerts for mentions if you don't care :P
Wouldn't that kind of defeat the entire point? :P

Nice work, thanks for the update.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Suit up!
« Reply #17 on: June 04, 2014, 02:19:12 AM »
Yeah, I want it to defeat the whole point. :D

Offline Antes

  • Evil Black Cat
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,622
  • Gender: Male
  • Black cat rulz!
    • Antes on GitHub
    • merta on LinkedIn
    • @antesistan on Twitter
    • MMOBrowser
Re: Suit up!
« Reply #18 on: June 04, 2014, 02:29:40 AM »
Thanks for the update! :)
I left SMF team not SMF, I'm open for new projects.

Active Project(s): [ SimpleDesk ] # [ Lunarfall ] # [ CoreStore ]

Past Project(s): [ ezPortal ]

Offline 4Kstore

  • SMF Hero
  • ******
  • Posts: 4,295
  • Gender: Male
    • agustintari on Facebook
    • @agustintarifa on Twitter
    • SSIMPLE TEAM PAGE
Re: Suit up!
« Reply #19 on: June 04, 2014, 02:54:55 AM »
Nice update! thanks for all
¡¡NEW MOD: Sparkles User Names!!!