[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Change Whonix forum software to discourse

i would like to suggest to change this smf forum style , because its really simple as it calls itself also its just make u feel u r in the old ages of the forums (about 2009 or so).

so i have got an idea of changing it to another open source free one called discourse

link:- http://www.discourse.org/

it has been used by ubuntu as an example and it looks new.

also if u have any other types rather than it , then its ok to share them.

Edit by Patrick:
changed title

+1
I liked that’s suggestion, It’s will make forum very nice and easy

  • impressive feature list
  • relies heavily on javascript
  • looks awful without javascript
  • probably unusable without javascript

A popular user, “similar” to Whonix:
http://discourse.ubuntu.com/

Welcome to discourse.ubuntu.com, here’s what this site is about:
http://discourse.ubuntu.com/t/welcome-to-discourse-ubuntu-com-heres-what-this-site-is-about/1215

our new discussion platform, a place where you can hang out and talk about Ubuntu.
Ask Ubuntu, the Ubuntu Forums, and project mailing lists are where we do our tech support. We recommend those sites for questions about how to configure and use Ubuntu. This is a place where you can share screenshots, talk about your favorite desktops and tools, and generally hang out with your Ubuntu friends in a friendly, relaxed environment.

So I am not sure it’s meant to be and/or capable to replace a tech support forum.

Now that Whonix smfforum is all set up…

Especially worry, that we still have proper categories.

Other users of discourse:

This one looks nice with categories.

Maybe useful plugins:




https://github.com/discourse/discourse-alert ?

more… https://meta.discourse.org/c/extensibility/plugin

- relies heavily on javascript - looks awful without javascript - probably unusable without javascript

yeah it looks major thing because many users going to enable “noscript” when they enter to our website/forum.

so maybe we use other suggestion which u also produce it on the table:-

https://www.whonix.org/forum/index.php/topic,1919.0.html

I am inclined to switch Whonix support forum to discourse.

Looks like there is an importer from smfforum to discourse:

Wordpress integration seems very nice. And I am also eager to see how it works as mailing list.

This goes towards my vision to an older blog post “Future Goals for Whonix’s Website”:

Also supports rss:
https://meta.discourse.org/latest.rss

TODO

A rough plan.

[b]hi … :wink:

discourse its very simple

if he succeeds transfer DB smf to Discourse, “this is an achievement 8)”

and …

if there is a “demo database smf” i will try to move them discourse …

will try to convert the database here. ;D
http://192.241.251.56

wait your suggestions … ::)[/b]

We’re migrated! (more or less…)

Please post bugs here: Discourse bug report thread

2 Likes

Hey @Patrick, I’m curious – what are your thoughts on Discourse after 3 years of use?

My org is looking at using Discourse, but I saw a huge red flag when skimming their install guide, which included the command:

wget -qO- https://get.docker.com/ | sh

^ After seeing a project say that, I’m tempted to discount any claims that they “take security very seriously” as mere security theater.

I’d very much like to hear the perspective of the security-focused Whonix team on the security (and other aspects) of self-hosting Discourse.

Michael Altfield:

Hey @Patrick, I’m curious – what are your thoughts on Discourse after 3 years of use?

  • usability: awesome
  • stability: good
  • antispam: awesome
  • javascript dependency: bad for security related project
  • security: no opinion

My org is looking at using Discourse, but I saw a huge red flag when skimming their install guide, which included the command:

wget -qO- https://get.docker.com/ | sh

Really bad indeed.

Many if not most popular webapps are similar to that. If you choose to
only use these with best security practices, you’ll be severely limiting
usability, thereby productivity, thereby the overall success.

There would be a command which makes it partially more secure.

curl --remote-name --tlsv1.2 --proto =https --location --remote-name https://get.docker.com/

Could be simplified if someone wanted to help getting scurl-download
into Debian.

^ After seeing a project say that, I’m tempted to discount any claims that they “take security very seriously” as mere security theater.

I’d very much like to hear the perspective of the security-focused Whonix team on the security (and other aspects) of self-hosting Discourse.

Package manager security, file verification security and other auxiliary
attack vectors such as clock related security issues are not on the
radar of many even security focused projects. For example hardened
gentoo goes serious about enabling security hardening compile flags but
then is sloppy about package manager security.

https://bugs.gentoo.org/show_bug.cgi?id=539954

1 Like