discourse integration - Change Whonix forum software to discourse

- relies heavily on javascript - looks awful without javascript - probably unusable without javascript

yeah it looks major thing because many users going to enable “noscript” when they enter to our website/forum.

so maybe we use other suggestion which u also produce it on the table:-

I am inclined to switch Whonix support forum to discourse.

Looks like there is an importer from smfforum to discourse:
https://meta.discourse.org/t/importer-for-simple-machines-2-forums/17656

Wordpress integration seems very nice. And I am also eager to see how it works as mailing list.

This goes towards my vision to an older blog post “Future Goals for Whonix’s Website”:

Also supports rss:
https://meta.discourse.org/latest.rss

TODO

A rough plan.

[b]hi … :wink:

discourse its very simple

if he succeeds transfer DB smf to Discourse, “this is an achievement 8)”

and …

if there is a “demo database smf” i will try to move them discourse …

will try to convert the database here. ;D
http://192.241.251.56

wait your suggestions … ::)[/b]

We’re migrated! (more or less…)

Please post bugs here: Discourse bug report thread

2 Likes

https://meta.discourse.org/t/wp-discourse-disfunctional-shows-only-start-the-discussion-at/36016

Hey @Patrick, I’m curious – what are your thoughts on Discourse after 3 years of use?

My org is looking at using Discourse, but I saw a huge red flag when skimming their install guide, which included the command:

wget -qO- https://get.docker.com/ | sh

^ After seeing a project say that, I’m tempted to discount any claims that they “take security very seriously” as mere security theater.

I’d very much like to hear the perspective of the security-focused Whonix team on the security (and other aspects) of self-hosting Discourse.

Michael Altfield:

Hey @Patrick, I’m curious – what are your thoughts on Discourse after 3 years of use?

  • usability: awesome
  • stability: good
  • antispam: awesome
  • javascript dependency: bad for security related project
  • security: no opinion

My org is looking at using Discourse, but I saw a huge red flag when skimming their install guide, which included the command:

wget -qO- https://get.docker.com/ | sh

Really bad indeed.

Many if not most popular webapps are similar to that. If you choose to
only use these with best security practices, you’ll be severely limiting
usability, thereby productivity, thereby the overall success.

There would be a command which makes it partially more secure.

curl --remote-name --tlsv1.2 --proto =https --location --remote-name https://get.docker.com/

Could be simplified if someone wanted to help getting scurl-download
into Debian.

^ After seeing a project say that, I’m tempted to discount any claims that they “take security very seriously” as mere security theater.

I’d very much like to hear the perspective of the security-focused Whonix team on the security (and other aspects) of self-hosting Discourse.

Package manager security, file verification security and other auxiliary
attack vectors such as clock related security issues are not on the
radar of many even security focused projects. For example hardened
gentoo goes serious about enabling security hardening compile flags but
then is sloppy about package manager security.

https://bugs.gentoo.org/show_bug.cgi?id=539954

1 Like

Should enable allow_username_in_share_links once that becomes available in the stable version of discourse.

disable you mean?

Should uncheck / remove / disable allow_username_in_share_links once that becomes available in the stable version of discourse so username isn’t added to the link when using the forum’s “share a link” feature.

1 Like

Going to use this forum thread for general forum related updates.


Forums software has been updated just now.

Forums software has been updated just now.

Forums software has been updated.

1 Like