Serendipity

www.serendipity-templates.org

mail@garv.in (Garvin Hicking) — Mon, 15 Jun 2009 11:54:03 +0200

Sebastian Spreen contacted us some time ago and offered to help out with a nicer presentation page of Serendipity templates, including some more convenient community features like voting and user-uploads.

His new website Serendipity-Templates.org is a nice addition to spartacus.s9y.org, where only a selection of templates is kept for automatted downloads and generic overviews.

So check out his page and tell him how you like it! The Serendipity team always appreciates the creation of sites dedicated to Serendipity, many thanks to Sebastian!

Nominate Serendipity in SF.Net Community Awards

mail@garv.in (Garvin Hicking) — Thu, 14 May 2009 09:40:03 +0200

The SourceForge.Net Community Choice Award Nominations are now open. Nominate Serendipity! :-)

Serendipity Snapshot: New login hashing

mail@garv.in (Garvin Hicking) — Tue, 17 Feb 2009 14:04:00 +0100

Since quite some time, Serendipity uses old-fashioned md5 hashes to secure your passwords for logins to the backend.

Because mechanisms to crack md5 hashes with rainbow tables or even "dictionary hash"-lookups are getting more and more popular, we have decided to finally take the step to raise the serendipity hashing mechanism to something salted, and more secure (SHA1). Even though md5 hashes are still reasonably(!) safe when you use long, randomized passwords, the old-style hashing is a one-way route to hell.

Serendipity has always been had high tributes to backwards compatibility and ease-of-use and ease-of-upgrading, we have decided to take the "soft" upgrade approach. That means, new Serendipity versions will accept your old MD5 login ONCE, and then will use your user-specified password to create the safer hash and store that to the database.

This will help in hypothetical attack situations, where someone might have gotten hand on your hash values stored inside the database, because he will no longer be able to reverse-engineer your original password.

We could need help from any developer or betatester trying out the new functionality. Upgrading to the latest snapshot (get it from the s9y nightly downloads) with Serendipity 1.5-alpha2 will deploy the necessary database upgrades. Note that the one-time MD5-login is only possible in the first 6 months after you performed the installation of this serendipity version (through a saved timestamp in the database), and after that timespan, you can no longer login with the old password and must reset your password through the Administrator (or manual means, if you are the administrator).

Once you perform the update (do not try this on production blogs currently), everything should continue as usual. If it does not, please report your exact problems here or in the Forums. It is suggested that once you have the new serendipity version you change your password, so that nobody that might have already gotten your old md5 hash can use the reverse-engineered password to login again with the new hash created from the same original password.

Feedback is appreciated. The current mechanism is subject to change and currently more a proof-of-concept - feedback will most definitely lead to improvement. :-)

Serendipity 1.4.1 released

mail@garv.in (Garvin Hicking) — Fri, 16 Jan 2009 11:33:05 +0100

Serendipity 1.4.1 has been released. This is mainly a bugfix release for the updated of the bundled Smarty library, which fixes issues with Serendipity 1.4.

Other small fixes include better antispam checks for pingbacks (they were too strict before), an update to the sql index key creation of the statistics plugin and removal of error messages on open_basedir enabled servers.

You only need to upgrade to Serendipity 1.4.1 if one of the mentioned bugs affect you. Updating is easy and documented online.

Smarty problem with Serendipity 1.4

mail@garv.in (Garvin Hicking) — Tue, 30 Dec 2008 11:15:15 +0100

Due to some feedback on the forums, we were made aware of a bug of the bundled Smarty templating engine that can happen in some PHP environments and lead to PHP warning/error messages.

If this occurs for you, please simply download an updated version of the file bundled-libs/Smarty/libs/Smarty_Compiler.class.php and upload it to your blog directory. Of course we will integrate this update to a future point release of Serendipity.

Serendipity 1.4 released

mail@garv.in (Garvin Hicking) — Mon, 29 Dec 2008 10:43:00 +0100

The Serendipity-Team is proud to provide the final release of Serendipity 1.4, conveniently codenamed "Post-Christmas-Monk-Miles-Moondog".

There have been some larger improvements since the 1.4-beta release, so these are the highlights of this release in short:

(new since 1.4-beta1) References to online plugin documentation have been added (if existing) and the display of the short plugin names has been added to the plugin configuration menus.
(new since 1.4-beta1) Firefox now no longer autoremembers passwords at the wrong places
(new since 1.4-beta1) Added SMF importer
(new since 1.4-beta1) Added a new %parentname% permalink option for category links
(new since 1.4-beta1) Fix to properly, longer (30 days) sstrong>remember the user settings in cookies, like for media insertion
Improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications)
new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.
The Entryproperties plugin now uses the new widget-style configuration option to allow for custom arrangement of the entry-related features of this plugin to your liking.
The bulletproof template has been enabled as the new default template. The frontend imitates the look of Carl Galloways Serendipity 1.0 relaunch template, while the backend is much improved with a fresh, distinct look.
The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very special environments. Other changes include new PostgreSQL ts_vector fulltext search, comment approval-by-mail for the spamblock plugin, better HTTP header status updates for CGI environments. For developers, some API improvements and new variables/parameters have been added. The performance of the entryroperties plugin can be enhanced by new configuration options that let you fiddle with the involved SQL generation.

The complete list of all changes is documented within the docs/NEWS file of the release. This serendipity release is also the first one to include checksums to verify your installation integrity.

Updating is easy and documented online: Just upload the new files onto your web, possibly refresh/purge your browser cache (and if you upgrade from Serendipity older than 1.2, you might need to purge your old cookies), go to the admin panel and you're done. For shared installations, make sure all deployed htmlarea directories are updated with the new files (if not, the old htmlarea will still be there, not Xinha).

Also, the new version contains release checksums. This makes sure that the files you uploaded correspond with the checksums generated through the release. This way, bad FTP uploads will no longer be driving you nuts. If this makes any trouble for you, try to upload the files in BINARY mode in your FTP client.

For the future, Serendipity is still planning on minor and major features. We always keep a close ear to the wishes of our users, some of those that cannot be solved instantly have been documented here: Future of Serendipity. If you're a developer or designer, and want to help in proving that Serendipity is a flexible and easy to use Blogging/CMS-application - your help is needed and appreciated! Speaking of which: Many thanks to all current developers and forum users, especially Don Chambers, YellowLED and Judebert. Your help has been, and is vital to the project.

On behalf of the team: Happy new year and have fun with the release,
Garvin

For 1.4 beta-testers

mail@garv.in (Garvin Hicking) — Sat, 06 Dec 2008 13:19:00 +0100

A bug was reported on the forums that affects current 1.4-beta2 users. When you store custom entry properties for an entry (using the entryproperties plugin) those will not get remembered properly, when you re-edit the entry. We consider this to be a serious bug in the problem, so all 1.4-betatesters using this plugin should fetch an updated 1.4 snapshot.

Since the final 1.4 version will be out in a few days, we do not think this warrants an extra 1.4-beta2 release, as the current Snapshots contain the same files.

Other things that have been added to the current 1.4 release tree include an SMF importer, a fix for remembering cookies longer, a new %parentname% permalink shortcut for category permalinks, adding an autocomplete=off attribute for the password-fields so that Firefox does not store the user password into unrelated password fields, more documentation and ChangeLog links to plugins and yet another fix for properly counting trackback/comment counts.

Serendipity 1.4-beta1 released

mail@garv.in (Garvin Hicking) — Tue, 11 Nov 2008 14:48:00 +0100

The first release candidate for Serendipity 1.4 can now be downloaded.

Serendipity 1.4 mainly addresses improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications) and ships with a new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.

Things that are visually noticeable include a new "widget-style" configuration option for the "Entryproperties"-Plugin, so that you can arrange and enable/disable each feature of that plugin to your own liking. Also you can now configure each sidebar plugin directly from your frontend.

Also, the Bulletproof has now been promted as new default template, imitating the design of the previous default template - but offering a now completely new distinct default look to the admin panel.

The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very special environments. Other changes include new PostgreSQL ts_vector fulltext search, comment approval-by-mail for the spamblock plugin, better HTTP header status updates for CGI environments. For developers, some API improvements and new variables/parameters have been added. The performance of the entryroperties plugin can be enhanced by new configuration options that let you fiddle with the involved SQL generation.

The complete list of all changes is documented within the docs/NEWS file of the release. This serendipity release is also the first one to include checksums to verify your installation integrity.

Also, the new version contains release checksums. This makes sure that the files you uploaded correspond with the checksums generated through the release. This way, bad FTP uploads will no longer be driving you nuts. If this makes any trouble for you, try to upload the files in BINARY mode in your FTP client.

Please report any trouble with this new release candidate on the Serendipity Forums or here on this blog. Even though we find this release quite stable and generally believe it production ready, feedback is much required. If all goes well, the final version will be released in december.

Improvement of Static Page plugin

mail@garv.in (Garvin Hicking) — Wed, 27 Aug 2008 11:04:04 +0200

(Deutsche Übersetzung gibt es auf meinem privaten Blog)

A huge issue of Serendipity's Static Page-Plugin has always been its visual presentation of the editing screen:

Voices have been raised in the past to dust up this interface, which is why I worked on it at the beginning of this week, and committed my changes already to the official plugin repository (staticpage.zip).

Technically, the changes are quite minimalistic und quick to implement (2 hours of my life time). But the impact is huge:

Starting as of now, static pages can be created and edited using a customized smarty template, plus a static page can now have custom properties, similar to blog entries.

By default, a template file saved as backend_templates/default_staticpage_backend.tpl is shipped with the plugin, in which the distribution of the input fields is contained. There is a new smarty helper function ({staticpage_input}) that takes care of accessing the usual introspection methods for emitting the default list of data fields.

Own templates can override this template file by putting it in their template subdirectory, so that you can now have your own editing masks depending on the currently used template. This should be a blessing for magazine-like templates such as Mimbo or Hemmingway.

You can also store multiple template files inside this backend_templates directory, so that they all will be available from within the selection dropdown of the interface. For our veterans, the old list-style view is still available, of course.

An example for saving custom fields for static pages is also contained within the default template, but is commented out so that you must manually enable it. All custom fields need to be implemented through usual HTML form elements, and need to save their values inside a serendipity[plugin][custom][XXX][ fieldname. Once entered, the data will be automatically saved inside the serendipity_staticpage_custom database table, and will be available through {$staticpage_custom.XXX} when later being displayed in the frontend.

This way, you can easily add new custom fields for a staticpage which could decide, which CSS-Body-ID to use for rendering the page. Or you could specify, which sidebars you want to see when a certain staticpage is rendered. Or specify a custom header image for each staticpage. Sky's the limit!

This all vastly improves Serendipity's CMS-abilities and even more pushes it into a custom CMS-Framework, where you can manage any kind of customized content.

I hope you like it. :-)

The Future of Serendipity

mail@garv.in (Garvin Hicking) — Sat, 02 Aug 2008 09:08:04 +0200

When I started working on Serendipity about 5 years ago, this happened mainly because of a personal itch to scratch: I wanted to see my personal blogging and CMS-needs fulfilled on my own page.

Since then, development of Serendipity was mostly caused by my personal thoughts of usable features, and of course the wishes of this community. In my oppinion, this has worked out quite well, the features of the past years have been received well by you.

Despite of that, this also means that Serendipity does not have an outlined Feature-Agenda.

The differentiation of Serendipity against other blog engines is quite important to me. Serendipity cannot and willnot be a WordPress-Clone, but fills its own user base: A lean base system with strong expandibility, secure and bugfree code basis and workflows/usage methods close to the user. A 'bottom-up' development process is my favouriteed variant, as a Developer I would never want to push features into the product, that have not been mentioned by users (=non-developers).

For the next Serendipity 1.4 version I am still missing a few new useful functions, which is why I would like to ask the community, which things you currently miss most, or in which places see strong indicators to put work into. Because this is, where I would like to improve things.

Please write down your wishes and ideas for the future of Serendipity. This entry has also been posted on the Serendipity Forums, where it can be easily commented.

Serendipity at FrOsCon 2008

mail@garv.in (Garvin Hicking) — Fri, 11 Jul 2008 13:08:31 +0200

I will be holding a talk about Serendipity's Multi-User and Shared-Install-Capabilites at this year's FrOscon in St. Augustin, Germany.

I'd be happy to meet any of the fellow Serendipity user's at the weekend of 23./24. August 2008. Also have a look at the other very interesting panels at this convention!

Die Sieger des Gewinnspiels zum Serendipity Handbuch

mail@garv.in (Garvin Hicking) — Thu, 19 Jun 2008 10:20:25 +0200

(Announcement of the winners for the german book - this will be the last german entry for some time!)

Das Gewinnspiel zum Serendipity Handbuch: Individuelle Weblogs für Einsteiger und Profis ist nun beendet. Herzlichen Dank an alle Teilnehmer, die mit Interesse und Begeisterung auf das Erscheinen des Buches reagiert haben, und auch vielen Dank für die persönlichen Glückwünsche. Es freut mich sehr zu sehen, dass die neue umfangreiche Dokumentation so angenommen wird, wie ich mir das erhofft habe.

Kommen wir daher direkt zum offiziellen Teil: Die Bekanntgabe der Gewinner!

Als glückliche Gewinner eines Serendipity-Buches wurden ausgelost:

Weitaus schwerer war es, aus den vielen Beiträgen die originellsten zu bestimmen. Letztlich fiel die Wahl auf:

Alle Gewinner möchte ich bitten, mir ihre Post-Anschrift per E-Mail an gh %at% faktor-e.de zukommen zu lassen. Diese werde ich ausschließlich an den Verlag Open Source Press weiterleiten, damit die Bücher den richtigen Weg zu euch finden.

Serendipity-Handbuch

mail@garv.in (Garvin Hicking) — Wed, 04 Jun 2008 11:20:27 +0200

(Announcement for the german book. English users have to please stay patient for a possible translation!)

Nach beinahe einem Jahr harter Arbeit kann nun die umfassende Dokumentation zu Serendipity sowohl online wie auch beim netten Buchhändler um die Ecke bestellt werden:

Serendipity: Individuelle Weblogs
für Einsteiger und Profis
(ISBN 978-3-937514-54-3, Amazon).

Das Buch behandelt auf 750 Seiten sowohl die ersten Schritte mit Serendipity (inklusive Installation und Bedienungsanleitung) als auch die Benutzung von Plugins, Templates und einer sehr ausführlichen API-Dokumentation. Ein gutes Schlagwortregister hilft zudem beim täglichen Nachschlagen.

Ein Probekapitel sowie das vollständige Inhaltsverzeichnis kann unter dem oben angegebenen Link eingesehen werden.

Kurzum, ein Buch dass sich jeder deutschsprachige Serendipity-Enthusiast einmal ansehen sollte. Leser des Buches sind natürlich herzlich eingeladen, ihre Meinung oder konstruktive Kritik zu dem Buch im Serendipity-Forum, mir persönlich oder als Amazon-Rezension mitzuteilen.

Zur Feier der Veröffentlichung gibt es ein Gewinnspiel mit 5 Exemplaren des Buches, die uns vom Verlag Open Source Press zur Verfügung gestellt werden. Um ein solches Exemplar kostenlos zu ergattern, könnt ihr folgendes tun:

Bloggen.

Wenn ihr ein eigenes Blog habt, erstellt einfach einen Beitrag bei dem ihr bitte folgenden Link einbaut:

<a href="http://blog.s9y.org/archives/195-Serendipity-Handbuch.html">
Serendipity-Handbuch
</a>

Dadurch wird, falls in eurem Blog aktiviert, auch automatisch ein Trackback gesetzt. Falls das nicht klappt und ihr eure URL hier nicht sofort seht, hinterlasst bitte hier im Blog einen Kommentar mit eurer URL (ohne HTML-Code, hier ist nur BBCode zugelassen).
Kreativ sein.

In eurem Artikel könnt ihr die folgenden zwei Fragen beantworten. Wer kein Blog besitzt, kann die Fragen auch gerne hier als Kommentar beantworten:

Aus welchem Grund sollte man sich das Buch eigentlich kaufen, wenn man es nicht gerade gewinnt?

Was gefällt euch am besten an Serendipity?
Gewinnen.

Der Einsendeschluss ist am 18.06.2008, der Rechtsweg ist ausgeschlossen. 3 Gewinner werden zufällig ausgelost, 2 Gewinner werden anhand der subjektiv originellsten Antworten auf die Fragen entschieden. Die Gewinner werden hier im Blog angekündigt und gebeten, mir ihre Post-Adresse per E-Mail zuzusenden. Teilnahme per Pseudonym ist vollkommen okay, eure Postdaten werden ausschließlich an den Verlag zur Versendung der Gewinne weitergegeben und danach wieder gelöscht.

Viel Spaß und Erfolg,
Garvin Hicking

Netmirror.org Outage, Spartacus affected.

mail@garv.in (Garvin Hicking) — Fri, 16 May 2008 16:33:42 +0200

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.

Serendipity 1.3.1 released

mail@garv.in (Garvin Hicking) — Tue, 22 Apr 2008 10:37:00 +0200

Serendipity 1.3.1 has been released. This is a bugfix and security related release, basically adressing a potential XSS issue within the Top Referrers plugin as well as hypothetical XSS issues with the installer.

This release also adresses some basic PostgreSQL8 related problems, because implicit type casts have been removed from this version, causing breakage with several Serendipity core features. The fix for this is only partial and will still happen in (less common) functions of Serendipity. There is no ultimate solution to this because implicit type casts are required for certain entryproperty operations. Maybe the PostgreSQL8 team will think about if implicit type casts are not also quite helpful. ;-)

The only new feature addition is the exposition of a new smarty {serendipity_getImageSize} function.

This upgrade is recommended for users that use the Top Referrers plugin and new installations of Serendipity. Many thanks to Hanno Böck, once again, for reporting (and fixing) the two XSS issues (CVE-2008-1385 and CVE-2008-1386)!

You can find the new release on the s9y.org download page. Upgrade by simply uploading the deflated archive files to your webspace.