4 years later: let's talk about 2.0

[pegasus]

In my opinion the worse problem with this has nothing to do with license verification or piracy. But with a browser-based cross-site install option like this, an admin unknowingly opens himself up to a man-in-the-middle attack. If this occurs, an upstream party can modify (or completely replace) the incoming XenForo files with a virus or other malicious code.

Any one-click solution, on both the verification and the actual transfer, absolutely needs to use a secure transport. Thankfully the XenForo customer area has one in place, so it's just a question of writing the right curl/fsock code... But since users have brought up the AddOnInstaller mod - this does not use an encrypted connection.

Even if you upload your files the old fashioned way, use SFTP, SCP, or something like that. Use private keys. Avoid using wget from SSH as much as you can. As someone who fell victim to a MITM attack in December, I can tell you the results are not fun at all.

 

[TNCclubman]

Event management system with invite/attend feature
Photo Gallery system (user and site)
Move to a an app with push notifications. (Lets not be Blackberry and miss the boat even further)

 

[Wildcat Media]

For me I would like to see 2.0 as an opportunity to move away from the current style of addon implementation into a more "app" style market with some key points.

1) Addons or styles submitted to the new "App" repository must follow a specific file / folder structure. All addons are checked by staff to ensure they meet this criteria.

Fantastic ideas @Slavik! I am a fan of the "one-touch" system of installing add-ons, and installing software core and add-on updates. This is how WordPress does it. As chaotic as much of their ecosphere seems, the fact that I can update add-ons and the core product easily and quickly makes it very attractive to someone like me who has very limited time. I avoid updating XF as much as I can, specifically the add-ons, since I see so much inconsistency:

• All uploadable files should be in an /upload directory, just like core;
• The .xml install files should be installed in a specific directory, so we can select from a list vs. having to upload or guess at a path on the server;
• The file set should not include a bunch of those _MACOSX folders that are nothing but clutter (please keep that stuff off my server);
• Copyright for any add-on should be located beneath the official XF copyright, never anywhere else...again, gets rid of clutter and poor layout choices.

And I like the idea of a specific "store" to get them from, where the add-ons are approved and the developers held to the highest standards. Something revolutionary like this would, to the best of my knowledge, be a first in forum software, and this "press a button" simplicity would make it very attractive to all.

In my opinion? XF is building a reputation of being the most user-friendly system for visitors, and the admin side is also the easiest to use once you know your way around. Very intuitive except for a few things here and there. Any 2.0 version, aside from large changes to the core (as @Brogan has pointed out numerous times), would also IMHO see huge strides in usability and user-friendliness. I see that as XF's niche, and making it easier and more intuitive for all users would make a great product even better.

 

[Wildcat Media]

P.S. I would like to see PostgreSQL support...phpBB, much as I dislike it, developed it to use multiple database systems.

 

[rainmotorsports]

F

• The file set should not include a bunch of those _MACOSX folders that are nothing but clutter (please keep that stuff off my server);
• Copyright for any add-on should be located beneath the official XF copyright, never anywhere else...again, gets rid of clutter and poor layout choices.

Honestly I can't see expecting every single developer zipping files on Mac OS to try and avoid this. You basically have to hop skip and jump to not do this. Its not a visible file for the developer. Classic Mac OS problem too, if you ever put something on a floppy disk back in the day and stuck it in your pc you would have seen something very similar. In the older and it seems still current file systems for them you have a resource fork and a data fork. In the OS you just see your files like you would in windows. Putting files into a foreign format like a zip is a different story.

As much as we would like to see the copyright there its not possible to control. The ONLY way to do it is to set quality guidelines and then police the hell out of the resource manager. You can either require it to be there or require an allowance for the end user to move it (which doesnt work for some people without the knowledge). However the copyright is place with one of a few methods just like any other line of text in an addon and there is no way to automatically force such a thing.

 

[Wildcat Media]

Honestly I can't see expecting every single developer zipping files on Mac OS to try and avoid this. You basically have to hop skip and jump to not do this. Its not a visible file for the developer. Classic Mac OS problem too, if you ever put something on a floppy disk back in the day and stuck it in your pc you would have seen something very similar. In the older and it seems still current file systems for them you have a resource fork and a data fork. In the OS you just see your files like you would in windows. Putting files into a foreign format like a zip is a different story.

As much as we would like to see the copyright there its not possible to control. The ONLY way to do it is to set quality guidelines and then police the hell out of the resource manager. You can either require it to be there or require an allowance for the end user to move it (which doesnt work for some people without the knowledge). However the copyright is place with one of a few methods just like any other line of text in an addon and there is no way to automatically force such a thing.

For zipping up file sets: if a developer can write something as complex as an add-on, they can just as easily write a simple shell script to clean up that clutter. I would never leave that clutter in a file set myself. Unprofessional.

For copyright, that is template based, isn't it? If so, it's easy enough to have all copyright notices appear in the same place. I've had to manually do that for add-ons already. I shouldn't have to.

 

[rainmotorsports]

For copyright, that is template based, isn't it? If so, it's easy enough to have all copyright notices appear in the same place. I've had to manually do that for add-ons already. I shouldn't have to.

Its however the developer wishes to do it. You can put it in the template yes or you can hook an existing location or location in your template via code:

if ($hookName == 'footer_in_copyright') { }

Which easy enough for the smarter folks to change the hook location, possibly in violation of the developers wishes.

At some point it ends up rendering to template but it doesn't mean your going to see anything in the actual template. You can hook it on to a rendered template in code without having an actual location in the templates at all by appending or prepending an entire template that exists already. Depends on how silly you want to get I suppose?

Its easy enough for the developer to do it, not for Xenforo to force having it in the desired location. All you can have is rules and policing. Nothing has to identify a line of text from a copyright. While many developers use a similar location its not like the div's class or identifier is always the same.

 

[Chris D]

My Add-on Builder add-on builds an add-on and ZIPs it up automatically with those crap files and folders removed. More developers should use it.

 

[Alpha1]

I don't see the point of the xml uploader. the file package should just include the xml in the install folder.

 

[raytrails]

My Add-on Builder add-on builds an add-on and ...

You lost me there

 

[Chris D]

I have an add-on.

It's name is "Add-on Builder".

It builds add-ons. It collects up all of the files that belong to the add-on, arranges them into the correct directories, creates the XML file and packages it all up into a ZIP file. One function of it is that it attempts to remove any hidden, or OS specific files before creating the ZIP.

 

[Rob]

... IPB 4.0 has been delayed because 1.3 was released first and with cool new features... they got scared

On their original announcement they said it was going to be released "later 2013"... after 1.3 HYS threads they changed their mind and now say it will be ready Q2 2014.

Don't get me wrong here, I think this thread is warranted and it would be reasonable to assume that the devs will already be considering a 2.0 branch.

However, as for IPB... Do you truly think you can read minds? Do you honestly believe that IPB has now begun following xF around like a love sick puppy, waiting on development releases? Do you believe IPB release schedules are really tied to xF's? Can you predict the future?

I would hope that any 2.0 release begin to move away from Zend and it's huge bloat.

 

[AdamD]

It's being actively developed and improved, that's good enough for me. heh

 

[Davyc]

There are two sides to this coin; those who soak up change and want more (admins) and those who want stability, continuity and simplicity (end users/your clients).

Step outside of the box for a minute as an admin and look at what your clients use in your forum and how they use it. Anything that adds to your clients use of your site in a way that doesn't require much in the way of a learning curve is good - anything that requires them to re-think everything they have learned (depending on their level of technology expertise) needs to be looked at very carefully.

My upcoming site is geared towards people of all ages and all levels of technological knowledge - but, I am inclined to believe that what I will be offering will suit people of a more mature age (I have to appear to be PC here lol) and as a group they are reluctant to embrace huge changes; I know this from past experience where turning on their Laptop/PC has often been seen to be a struggle. So loads of bells and whistles for them is wasted.

For me personally, bring it on; I love change and soak up technology like a sponge and look to the future and what it brings - and I'm 60 this year lol

 

[Forsaken]

There are two sides to this coin; those who soak up change and want more (admins) and those who want stability, continuity and simplicity (end users/your clients).

Step outside of the box for a minute as an admin and look at what your clients use in your forum and how they use it. Anything that adds to your clients use of your site in a way that doesn't require much in the way of a learning curve is good - anything that requires them to re-think everything they have learned (depending on their level of technology expertise) needs to be looked at very carefully.

My upcoming site is geared towards people of all ages and all levels of technological knowledge - but, I am inclined to believe that what I will be offering will suit people of a more mature age (I have to appear to be PC here lol) and as a group they are reluctant to embrace huge changes; I know this from past experience where turning on their Laptop/PC has often been seen to be a struggle. So loads of bells and whistles for them is wasted.

For me personally, bring it on; I love change and soak up technology like a sponge and look to the future and what it brings - and I'm 60 this year lol

While people are inclined to change, they're also inclined to convenience. Learning XenForo comes with a slight curve (as would any system) however once you learn it it is often more consistent, and more convenient to use than the competition.

 

[Davyc]

Absolutely spot on Forsaken - the learning curve for XF is not an uphill climb, rather a gentle amble up a slight slope, both for admins and end users. Consistency is vital and although there have been changes in XF (natural progression) they are not taxing for end users to get to grips with; quite the opposite, everything is clearer and much easier to work out. That alone is a massive positive plus for XF over the others.