@Friendica Support
As for my knowledge this intended newbee speaks fluently german, englisch and spanisch, tho maybe du/you/tu is a little bit to shy to ask for help .. not sure.
What is your setup and what have you tried till now @Mina to install your #friendica server, maybe we can figure out what's your problem with the installation.
🤔
Q&A profile page options
v.01
@Friendica Support @Tutorial
Hi there!
A question about the different page option settings of accounts (friendica 2024.03)./settings/account/basic
Right now this page want's to merge from a standard personal profile page to kinda community profile page where only specific defined profiles can publish thru it's wall to the rest of the followers.
First thought was to stay as a single profile page, allow mutual friend relations to publish/write to this wall, and change all contacts that do not belong to the inner circle of profiles to followers only. Apparently this setting doesn't work, or doesn't work as expected.
Security and privacy settings in:/settings
Is this a known issue or some kind of misinterpretation of this option?
Next possible option would be to choose to become a public community group page.
This option would imply a continuous attention to change every new contact to followers only, if in fact this would mean that the followers would not be able to publish to the group but receive publications. Also this setting would include the risk of being exposed to unexpected posts into the community of followers whenever the administration of the profile lags behind for some reason.
The option private group looks more promising in this regard and actually would be the same than being a personal profile page that checks new follow requests and than could change the setting to allow mutual friendship to post to the profiles wall or simply define a follower relationship. The [Experimental] notice, that actually exists like lot's of years already is a little bit confusing, or creates a certain reluctance to try this option. How experimental is this still as of now or could we perhaps ask the community to run a general test on all the options of the account settings in general together with a general feed back to sum this up and come to some definite setup, wording and explanations on the matter?
Hi there,
working on moving old friendica sites from a shared hosting to a VPS, I ran into the following problem I can't find a solution for. This actually happens with one 2021.04 instance but not with another (anymore), so I'm crosschecking all the settings but can't find how to solve this. Both sites were installed as 2012.04 from the start:
not working version wrote:
This is Friendica, version 2021.04 that is running at the web location sub.domain.com/var/www/subdomaincom. The database version is 1413/1413, the post update version is 1400/1400.
working version wrote:
This is Friendica, version 2021.04 that is running at the web location sub.domain.com. The database version is 1413/1413, the post update version is 1400/1400.
As visible in the screen, the site also displays the following path on top of the page, and of course calls that URL:sub.domain.com/var/www/subdomaincom
Different intents to fix this by changing or deleting the following settings from the console didn't work out:
system.basepath => /var/www/domaincom
system.urlpath => /var/www/domaincom/Even more astonishing, sending the following setting with the console:/bin/console config system url https://sub.domain.com
.. the site is displayed and works as it should be for a few minutes, and than falls back into the wrong behavior, like if the worker changes something when ever the cron kicks in. In that time span I can log in and even go thru the admin settings but this setting is not available.
Intents to modify the following specifications in local.config.php didn't work out either:
'system.basepath' => '',
'url.basepath' => '',
'system.urlpath'=> '',At least I figured out/ realized that
url. and system. actually shouldn't be used at all as:'config' => [
],
'system' => [
],.. are actually "in charge" of defining that. So now I'm not sure either if those wrong lines somehow made it from local.config.php into the DB and are now part of the problem.
I found this conversation by @Hypolite Petovan on github:
Table config, cat = "system" AND key = "basepath"
and it actually looks like this is exactly te problem but I have no experience at all with mysql over CLI SSH and don't know what commands to use to delete the apparently wrong setting in the DB.
Is there a way to delete entries with bin/console?
I did manage to change some settings from there but couldn't find any hint how to "delete" an entry entirely from there:
/var/www/inversioncom/bin/console config -h
console config - Manage site configuration
Synopsis
bin/console config <category> <key> <value> [-h|--help|-?] [-v]
bin/console config system basepath /
system.basepath <= /
Also, this is a btop from an 18 core machine with 256GB of RAM with the major load being friendica, a secondary load is hubzilla, mastodon, and miskey, but friendica represents more load than the latter three combined, but it also gets more traffic than the latter three combined. But what I am getting at here, you may want to consider dedicating a physical server. I'll grant you it's busier than usual as we've just returned the server to service after three months of downtime, 7 motherbords, three power supplies, and two CPU's later.
[
Not mentioned in the inicial post or answers as of now is the setting of /sites-available/sub.domain.com-le-ssl.conf
sub.domain.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@domain.com
ServerName sub.domain.com
DocumentRoot /var/www/subdomaincom
<Directory /var/www/subdomaincom>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/run/php/phpXy4-fpm.sock|fcgi://localhost"
</FilesMatch>
# DirectoryIndex index.php
ErrorLog ${APACHE_LOG_DIR}/subdomaincom_error.log
CustomLog ${APACHE_LOG_DIR}/subdomaincom_access.log combined
# RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =sub.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subX.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subX.domain.com/privkey.pem
</VirtualHost>
</IfModule>
#houston .. I mean @Friendica Support and @Friendica Developers, we have a problem!
Look's like bbcode code doesn't get parsed as code on mastodon.
tupambae.org/display/0ac89072-…
troet.cafe/@bitpickup/11420448…
Looks first of all like a troet.cafe specific circunstance @bitpickup, what code is troet running?
The combination of two audio files might be problematic in general. Actually it's not possible over here to upload more than one video or audio and the replay of any of the two files displayed with timer might not work.
Hi there @islieb? !
This is a post actually directed in part to the @Friendica Support forum page of our free open source software community. I guess you heard the term #friendica already, as you are quite a while in the fedi, beginning with your #diaspora presence a long time ago. Our main coder @Michael Vogel is a fan of yours (if I got that right). I asked him the other day in a FOSDEM element chat, if he considers it possible that you make some drawings for friendica, maybe even for every new version, we have like two o three releases every year.
The idea came up because on this server we decided to use the following comic on the login/welcome page:
Than we came up with this variation for the text as you can see:
It seemed to me that Michael liked the idea to have some drawing by you, so I don't want to let the idea slip away and ask you, as well as the community, what everyone thinks about such an option. There are also the 403, 404, 500 and so on error pages. Well maybe those are more a task for @isfies!, who knows ..
Sumasumarum, any ideas, comments or questions about this proposal @all ?
I guess I'll have to restart my friendica accounts now to calm my conscience.
I was about to try to tease you into open one, as you could handle all of your fedinetworks from there, crossposting to D* and bluesky and so on.
Or even to set you up your own instance, if you have a domain or subdomain name.
Actually I guess you could create things like "Vorpremiere publishing for subscribers" and things like that.
Limiting access to published posts and even images. Not really paywalled, I guess we all hate that, but courtesies like things the commoners are going to see next week, behind the scenes and all that influencer celeb fan stuff you know ..
Not sure if the following has been part of information and discussion around here.
Apparently there are several Nostr relays that bridge, with or without asking for permission, profiles to somewhere else.
In this link there is a csv file with known servers that can be importet into the server blocking list:
codeberg.org/Luukanikos/fedibl…
#fediAdmin
Actually at least over here I also could create a positive list, restricting access to only predefined instances.
That said, the "asking for permission" is if some instance simply mirrors profiles "without asking for permission" each profile or instance it pretends to mirror or duplicate. This in any case is basically about good manners, not technical possibilities.
I didn't dig into some apparent nostr discussion itself but saw the possibility to register a profile for mirroring it. Well, actually the only way this could happen in a correct respectful manner is that a profile follows an account that than interpretates that following as a request or permission to be mirrored.
Not interested in supporting bluesky or disrespectful folks in any way so I guess this list comes kinda preemptive handy.
👍
Hi there,
testing around with the software #castopod, developed by @Castopod :podcasting2: .
In general terms federation with #friendica works, even integration into public forum pages and reshare by those when the castopod profile is followed by the forum page in the first place, as tested with the forum page @podCasts. As of now following from castopod profiles apparently isn't implemented. Also as of now we didn't manage to get the cron job to work at that new instalation on a shared hosting.
What is strange is that a podcast episode publication doesn't embeed the audio player so it can't be reproduced inside the post shown over here on friendica. On mastodon this works, the post displayes a video like screen and reproduces the audio file.
Not sure if this is a specific issue of this friendica instance as it is stil 2023.05 or if this is something the latest versions experience to.
The uploaded audio file was in the format m4a.
This is the link to the original post:
cast.tupambae.com/@bitPickup/p…
Link to a mastodon instance where the post can be seen:
troet.cafe/@bitpickup/11387501…
Link to this site here where the audio is not displayed but only a link:
tupambae.org/display/db58d9ad-…
@utopiArte @Castopod :podcasting2:
The post from castopod is encoded as a "Note" ActivityStream object:
{
"@context": "https://www.w3.org/ns/activitystreams",
"attributedTo": "https://cast.tupambae.com/@bitPickup",
"cc": [
"https://cast.tupambae.com/@bitPickup/followers"
],
"content": "<a href=\"https://cast.tupambae.com/@bitPickup/episodes/cc0-nc\">CC0-NC</a><br/>Moin, moin.\r<br />\r<br />Hier ein erster Vorgeschmack.",
"id": "https://cast.tupambae.com/@bitPickup/posts/d88b27ab-c8c2-461d-9ec6-ac684af2908f",
"published": "2025-01-22T04:00:01+00:00",
"replies": "https://cast.tupambae.com/@bitPickup/posts/d88b27ab-c8c2-461d-9ec6-ac684af2908f/replies",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"type": "Note"
}there is no indication of something that should be played, there is only the link in the text content.
Now, mastodon get the first link it find in post and try tho show a preview, I think using OpenGraph.
Friendica sometimes does it also, I don't know the details and I don't know why it doesn't show a preview for this. I'm pretty sure that it will not show a player anyway.
The point is: there is nothing in that Note object which says "it's a podcast". It's just a note that an episode is published, with a link to it. The fact that mastodon show the player is unrelated from the fact that the note links to a podcast. I'm sure the fact the link is the first thing in the note is a deliberated choice by castopod devs, to take advantage of Mastodon's behavior
I had expected that this would be some kind of activityPub convention of transmitting information about if a video or audio format is part of the content.
Yes there is: attachment property. But then Friendica will shows attachments as icons at the end of the post. Still without a player.
Castopod devs chose to create their ActivityStream object of type 'PodcastEpisode', which you can get requesting the AS version of the episode page
$ curl -s -H Accept:application/activity+json https://cast.tupambae.com/@bitPickup/episodes/cc0-nc | jq .
{
"@context": "https://www.w3.org/ns/activitystreams",
"id": "https://cast.tupambae.com/@bitPickup/episodes/cc0-nc",
"type": "PodcastEpisode",
"published": "2025-01-22T04:00:01+00:00",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://cast.tupambae.com/@bitPickup/followers"
],
"attributedTo": "https://cast.tupambae.com/@bitPickup",
"comments": "https://cast.tupambae.com/@bitPickup/episodes/cc0-nc/comments",
"description": {
"type": "Note",
"mediaType": "text/markdown",
"content": "The basics",
"contentMap": {
"en": "<p>The basics</p>\n<footer><p><a href=\"https://troet.cafe/@bitpickup\">bitPickup contact</a> in the fediVerse</p>\n</footer>"
}
},
"image": {
"type": "Image",
"mediaType": "image/png",
"url": "https://cast.tupambae.com/media/podcasts/bitPickup/cover_feed.png"
},
"audio": {
"id": "https://cast.tupambae.com/audio/@bitPickup/cc0-nc.m4a",
"type": "Audio",
"name": "CC0-NC",
"size": 161445,
"duration": 7.808,
"url": {
"href": "https://cast.tupambae.com/audio/@bitPickup/cc0-nc.m4a",
"type": "Link",
"mediaType": "audio/mp4"
}
}
}But this is not a standard object, and Friendica (and I think many other services) does not know how to display it, failing back to render the "content", losing the link to the audio file.
A note with a link is a reasonable way to post something understandable by everyone.
@Castopod :podcasting2: @utopiArte Mh, quick correction. if the link to the audio file is in an "attachment" property, friendica will show the player. Just as in this post
But from a semantic prospective (acting like I know what it means), the audio file is not attached to the note, but to the episode.
Post of the audio MP3 URL link in BBCode audio brakets[audio][/audio]
@Friendica Support
#fediAdmin #fediVerse #AI #KI
Text for robots.txt to disallow access for known AI crawlers:
User-Agent: GPTBot
User-Agent: ClaudeBot
User-Agent: Claude-Web
User-Agent: CCBot
User-Agent: Applebot-Extended
User-Agent: Facebookbot
User-Agent: Meta-ExternalAgent
User-Agent: diffbot
User-Agent: PerplexityBot
User-Agent: Omgili
User-Agent: Omgilibot
User-Agent: ImagesiftBot
User-Agent: Bytespider
User-Agent: Amazonbot
User-Agent: Youbot
Disallow: /AI / LLM User-Agents: Blocking Guide
Find out how to block your content from being used for AI/LLM training with robots.txt. Created by ex-Google engineer Fili.robotstxt.com
User-agent: AI2Bot
User-agent: Ai2Bot-Dolma
User-agent: Amazonbot
User-agent: anthropic-ai
User-agent: Applebot
User-agent: Applebot-Extended
User-agent: Bytespider
User-agent: CCBot
User-agent: ChatGPT-User
User-agent: Claude-Web
User-agent: ClaudeBot
User-agent: cohere-ai
User-agent: Diffbot
User-agent: DuckAssistBot
User-agent: FacebookBot
User-agent: FriendlyCrawler
User-agent: Google-Extended
User-agent: GoogleOther
User-agent: GoogleOther-Image
User-agent: GoogleOther-Video
User-agent: GPTBot
User-agent: iaskspider/2.0
User-agent: ICC-Crawler
User-agent: ImagesiftBot
User-agent: img2dataset
User-agent: ISSCyberRiskCrawler
User-agent: Kangaroo Bot
User-agent: Meta-ExternalAgent
User-agent: Meta-ExternalFetcher
User-agent: OAI-SearchBot
User-agent: omgili
User-agent: omgilibot
User-agent: PanguBot
User-agent: PerplexityBot
User-agent: PetalBot
User-agent: Scrapy
User-agent: Sidetrade indexer bot
User-agent: Timpibot
User-agent: VelenPublicWebCrawler
User-agent: Webzio-Extended
User-agent: YouBotraw.githubuserc…
jupp, sieht ganz so aus.
Ist von dem site im ersten link.
Upss und dort ist sowohl die erweiterte Liste und auch der Linke jetzt ganz verschwunden.
.. und nun? ..
There are some false positives in that dataset, but I would still recommend it if you really want to err on the side of caution and don’t mind the false positives. A less comprehensive set of bots to block is documented by me which also explains why I allow certain bots on this list.
Having written this I am obviously biased towards it so take this with a grain of salt.
Scrapers I block (and allow), with explanations
Here’s my thought process when deciding whether to block a scraper from seirdy.one, the scrapers I block, the scrapers I allow, and the ways I block them.Seirdy’s Home
Thx for your link and efforts @Seirdy !
All this said, being part of a decentralized web, as pointed out in this toot, our publicly visible interaction lands on other instances and servers of the #fediVerse and can be scrapped there. I wonder if this situation actually might lead, or should lead, to a federation of servers that share the same robots.txt "ideals".
As @Matthias pointed out in his short investigation of the AI matter, this has (in my eyes) already unimagined levels of criminal and without any doubt unethical behavior, not to mention the range of options rouge actors have at hand.
It's evident why for example the elongated immediately closed down access to X's public tweets and I guess other companies did the same for the same reasons. Obviously the very first reason was to protect their advantage about the hoarded data sets to train their AI in the first place. Yet, considering the latest behavior of the new owner of #twitter, nothing less than at least the creation of #AI driven lists of "political" enemies, and not only from all the collected data on his platform, is to be expected. A international political nightmare of epical proportions. Enough material for dystopian books and articles for people like @Cory Doctorow, @Mike Masnick ✅, @Eva Wolfangel, @Taylor Lorenz, @Jeff Jarvis, @Elena Matera, @Gustavo Antúnez 🇺🇾🇦🇷, to mention a few of the #journalim community, more than one #podcast episode by @Tim Pritlove and @linuzifer, or some lifetime legal cases for @Max Schrems are at hand.
What we are facing now is the fact that we need to protect our and our users data and privacy because of the advanced capabilities of #LLM. We basically are forced to consider to change to private/restricted posts and close down our servers as not only the legal jurisdictions are way to scattered over the different countries and ICANN details, but legislation and comprehension by the legislators is simply none existent, as @Anke Domscheit-Berg could probably agree to.
Like to say, it looks like we need to go dark, a fact that will drive us even more into disappearing as people will have less chance to see what we are all about, advancing further the advantages off the already established players in the social web space.
Just like Prof. Dr. Peter Kruse stated in his take about on YT The network is challenging us min 2:42 more than 14 years ago:
"With semantic understanding we'll have the real big brother. Someone is getting the best out of it and the rest will suffer."
I also tried to create something, but I didn't have any information about what agets are used forum.fedimins.net/t/blockiere…
In your Markdown you haven't provided the alt text, but the title. See here: markdownguide.org/basic-syntax…
The alt text has to be between the two []. The text after the image link is the title. We don't support a separate title.
🤔
Implications of access by the user www-data to all friendica folders
Hi there,
the friendica helpers page describes the installation process of friendica as follows:
/help/Install: wrote:
The Linux commands to clone the repository into a directory "mywebsite" would begit clone https://github.com/friendica/friendica.git -b stable mywebsite cd mywebsitebin/composer.phar install --no-devMake sure the folder view/smarty3 exists and is writable by the webserver user, in this case www-data
mkdir -p view/smarty3 chown www-data:www-data view/smarty3 chmod 775 view/smarty3Get the addons by going into your website folder.
cd mywebsite
Clone the addon repository (separately):
git clone https://github.com/friendica/friendica-addons.git -b stable addon
askubuntu.com: wrote:
What is the www-data user?
askubuntu.com/questions/873839…
The web server has to be run under a specific user. That user must exist.If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.
I guess this observation goes both ways, a compromised friendica instalation get's access to all the friendica folders if I choose to first create/activate the www-data user, than create the friendica installation folder structure, than git clone friendica, than create the smarty3 folder and ultimately do the git clone of the addon folder as described here:
tupambae.org/display/0ac89072-…
The order in which the creation of www-data related folders in the above case is described makes all folders and files in the friendica directory belong to www-data.
In the friendica help description first comes the git-clone, than the the smarty3 folder part than the addon git-clone. Actually I guess that last part would make the addon folder belong to www-data too if I run one command after another. Is that intended?
I wonder if this could have some kind of security implications.
I guess www-data is somehow the friendica site and has permissions to do "what ever it wants" (-> "writable by the webserver user") with all the folders in the friendica directories if it's the owner of them.
@utopiArte For a Friendica node to work properly, the web server user (here www-data) needs to have read access to the whole Friendica folder structure and write access to a few important places, including the smarty3 cache folder. The simplest way to achieve this is to grant ownership to the whole Friendica file tree to www-data.
The security implication is that if someone ever gains unauthorized access to www-data, they can indeed do "whatever they want" with your Friendica install, including deleting files, adding malware to Friendica pages, access the whole Friendica database including the user list, the private post and messages.
And if you host multiple websites on the same server, they can also access and tamper with those if their file trees are owned by the same user.
It's a big "if" though, as on Debian-based distribution like Ubuntu, the www-data user doesn't have shell access, meaning that you can't open a remote shell using this user. Any unauthorized access has to go through the actual hosted applications. For example WordPress is a popular unauthorized access vector for malicious actors because it's so popular and people don't always update their software timely.
I don't think Friendica is very secure, but it is a low-profile target and we do act quickly when we receive security reports, even releasing hot fix versions when the scheduled release date is a little to far.
You can make your install marginally more secure by only giving access to the file tree through group permissions and only giving read/traverse rights by default, granting write rights only for the specific locations that need it. This way, in case of a malicious access, it will prevent attackers from inserting malicious code in your Friendica node pages, but that's about it.
> granting write rights only for the specific locations that need it
What folders would that be?
What I have seen so far that would be:
/storage
/view/smarty3
and
/config
but only while installing local.config.php
Something I don't understand is why I do have a few folders in:
/view/smarty/compiled
that belong to the user root.
How is that possible?
How can friendica create folders as and/or for root?
What should I expect to happen if I just delete those folders, or even delete the complete /compiled folder. I guess friendica would start from there to create the folder compiled and subfolders as needed?
I ask because there are those subdirectories belonging strangely to root and one of my issues is that when I switch to the theme FRIO I have no access anymore to the settings of that respective profile, not even to change back to VIER. That renders that profile nearly useless and I'm trying to get around that problem.
@utopiArte That's a good list of exceptions.
Regarding the root-owned folders, it would prevent www-data from reading the cached template files and subsequently display the pages that uses the specific templates in this folder.
You should restore recursive www-data ownership to this or these folders. Please let me know if you need an example of a command line to do so.
I guess to just change all the folders/subfolders and files regardless of their ownership that would be:
rootname@VPShosting:/var/www/html/view/smarty3/# chown -R www-data:www-data compiled
Just checked the settings page of one of the profiles in question and yes, that fixed it.
thx
👍
(again, how could this possibly happen, shouldn't we look for some bug somewhere or do we just assume some quantum entanglement?)
result:
What I don't get is where these ownership settings came from.
They were not even from a specific day or had anything specific in common:
tupambae.org/display/0ac89072-…
Just checked all the 13 of 220 folders that were created as belonging to user and grouprootand that I consider shouldn't exist as owned by root i the folder /smarty3.In general terms speaking I couldn't find a common property.
They refer to posts or replies by three different users.
Most refer to one specific post.
Two create a page:
Not Found
The requested item doesn't exist or has been deleted.
Request: XYZAll were created with the theme VIER.
@utopiArte @Hypolite Petovan this is most likely just some goof while doing something minor that you wouldn't have even connected to this at the time.
No amount of proficiency and watchfulness eliminates user error, it just becomes increasingly obscure.
Even tho there have been some trouble while setting up this installation what calls my attention ist that those folders had kinda random different dates of creation:
drwxr-xr-x 3 root root 4096 Nov 12 04:35 00
drwxr-xr-x 4 root root 4096 Nov 16 02:10 30
drwxr-xr-x 3 root root 4096 Nov 17 19:35 3e
drwxr-xr-x 3 root root 4096 Nov 11 01:57 49
drwxr-xr-x 3 root root 4096 Nov 16 22:25 4e
drwxr-xr-x 3 root root 4096 Nov 11 01:55 59
drwxr-xr-x 3 root root 4096 Nov 14 11:10 90
drwxr-xr-x 3 root root 4096 Nov 21 22:50 a3
drwxr-xr-x 3 root root 4096 Nov 23 00:45 a4
drwxr-xr-x 4 root root 4096 Nov 23 19:15 ae
drwxr-xr-x 3 root root 4096 Nov 23 20:35 b4
drwxr-xr-x 3 root root 4096 Nov 16 00:53 bf
drwxr-xr-x 3 root root 4096 Nov 14 11:10 e2
That's what astonishes me.
My access is only via console SSH to the VPS and that shouldn't create any kind of cross implications with the firefox webbrowser that accesses the friendica installation.
Also apparently the installation itself was created the 8th of November, the first folder apparently the 11th of November so there was no relation to that.
If friendica is able to create a folder and files as root that's kinda scary isn't it?
@utopiArte @Hypolite Petovan it's not able to, and if it was it would be considered a massive linux security bug rather than a friendica bug.
SSH and VPS mean nothing for this situation, you likely just ran something with sudo at some point.
> That's a good list of exceptions.
In theory I could there for run the following commands to set all folders except /storage and /view/smarty3 to root:
set ownership of everything recursively to root:
rootname@VPShosting:/var/www/# chown -R root:root html
set ownership of storage and smarty3 recursively to www-data:
rootname@VPShosting:/var/www/html/# chown -R www-data:www-data storage
rootname@VPShosting:/var/www/html/view/# chown -R www-data:www-data smarty3
The change of ownership wouldn't affect the specific read/write permissions of files and folders and www-data would have only access to the folders needed.
right?
I ended up doing the following:
First I created a backup folder of the existing html folder and subdirectories:
root@VPShosting:/var/www# cp -r html html_01.bak
By default that created a copy with all files and folders owned by root.
Than I changed the ownership of storage and smarty3 to www-data:
root@VPShosting:/var/www/html_01.bak# chown -R www-data:www-data storage
root@VPShosting:/var/www/html_01.bak/view# chown -R www-data:www-data smarty3
Once everything looked "fine" I moved the existing html folder to a new name.
root@VPShosting:/var/www# mv html html_www-data_old
By moving [mv] instead of copying [cp] the ownership of files and folders aren't affected. Than I moved the copy with the new ownership settings into place:
root@VPShosting:/var/www# mv html_01.bak html
Well see how this setup behaves.
In any case I'll have the old version at hand to change to it if necessary.
@utopiArte security implications are minor, mostly because they can only edit the thing they've already hacked into.
But if that's a particular concern, you should be able to make the entire directory read-only as I don't believe friendica edits any of those files after initial setup (since all the edits are in database, or a separate storage folder if you're using the folder storage backend)
The writable in your quoted instructions is for the setup process while logged in under that user, so of course it'll need write to be able to download files and install them in the webserver directory. But there's no indication that it's needing write past that.
I just tried to display /.well-known/host-meta as described in:
/help/Install wrote:
Verify the "host-meta" page is working
Friendica should respond automatically to important addresses under the /.well-known/ rewrite path. One critical URL would look like, for example: example.com/.well-known/host-m…
It must be visible to the public and must respond with an XML file that is automatically customized to your site.
Instead of displaying the xml file my browser (firefox) just downloaded it.
I'm used to get this page displayed.
Any idea what this could be?
The page /.well-known/ itself is "not found".
/.well-known/ path is a virtual path and as such we only support specific endpoints like /.well-known/host-meta, /.well-known/nodeinfo and /.well-known/webfinger to name a few.
Can't publish public when mentioning forum pages
@Friendica Support
Hi there,
not sure if this is a bug or just that I'm missing some idea/rule functionality.
Platform Info: 2023.05 - stable | VIER | firefox
Friendica Version: 2023.05 - stableTheme: VIER
Browser: firefox
Friendica Source: gitHub
PHP version: 8.1.2-1ubuntu2.14
SQL version: MySQL / MariaDB
memory_limit 256M
4 Core CPU, 8 GB Ram with 300GB NVME Disk
I didn't have a look at gitHub
Short bug description:
When I try to publish publicly a post addressing two forum pages of this server, gimped and tutorial (tutorial is an account created with this profile), I get a restricted post and I don't understand why.Details of the buggy behavior:
I publish the post as public but it gets displayed as private, only visible for the forum page gimped that actually figures twice in the information card of the lock icon.Also, I can't pin the post to my profile.
See image gif in screenshots spoiler
¿Possible to reproduce, if so how:
This is the code of the post, it happens every time I try:(somehow friendica alters the tags in this code)
#newHere #neuHier #hola
[img=https://friendica.nz/photo/preview/1024/113218]Gif scene of the movie "The Martian".
The lonely main actor is sitting on a stone on the inhabited planet he was left on alone.
A text reads:
"First day in the diaspora of the fediVerse .."
The astronaut is depicted how he opens the solar panels of his equipment, presses a big button on it and the hashtags #hola, #neuHier and #newHere appear.
In the last scene he sits again on his stone and the text: ".. wait .." is displayed.
In the first scene that reads the text about the first day in the fediVerse the probably oldest logo of the fediVerse is displayed at the bottom left of the scene. At the horizon on the right the actual logo of the the fediVerse rises behind the landscape.
In the last scene, while our hero is awaiting the outcome of his intent to make contact with the outside world, the old Federated Social Web logo appears in front of the sun.[/img]
#[url=https://tupambae.org/search?tag=fediVerse]fediVerse[/url] #[url=https://tupambae.org/search?tag=fediHelp]fediHelp[/url] #[url=https://tupambae.org/search?tag=fediTips]fediTips[/url] #[url=https://tupambae.org/search?tag=gimp]gimp[/url] #[url=https://tupambae.org/search?tag=gimped]gimped[/url]
@ gimped@tupambae.org @[url=https://tupambae.org/profile/tutorial]Tutorial[/url]Expected result:
¿what should be the correct behavior?¿what did you expect?
Being posted public, shared by the forum pages publicly and being able to pin it to my profile.
Screenshots:
update:
this error happened again in this very post.
I had to separate the @ of the @ gimped@tupambae.org handle to be able to publish this to the helpers forum.
That gimped profile has become the administration profile because accidentally I used the same email address of the admin profile and actually locked the original admin profile out of the administration access by trying to change the email for gimped but being changed in that process to the admin profile, an error occurred twice already (profile change "on the fly" to a previous profile. That profile change error is an issue that was posted years ago as bug report on github and I experienced it several times already, once as mentioned now and once updating the profile pic of the tutorial forum page. That avatar is actually right now the one displayed in this utopiarte profile as I didn't changed it yet waiting to publish that bug research report as there is definitely something wrong with this avatar registry or location as it doesn't figure in any photo gallery.
Here the screen of this very same post that went out "restricted" and figures as only visible to gimped.
Links to the bugresearch I'm working on with respect to the avatar profile change issue that happend and is mentioned above.
Note: The following link is a reply in a post to gather in general info about bugs or unexpected behavior so over all this might look a little bit confusing as it is a work in progress to be able from there to created a comprehensive bug report.
I'm leaving these links here for the sake of documentation.
Change of profile while uploading avatar issue:
tupambae.org/display/0ac89072-…
Change of profile while trying to fix email address issue of the page gimped:
tupambae.org/display/0ac89072-…
status relation with gimped forum
It's an independend page, created by the admin page in the moderation panel adding a new user. Unintentionally the admin email was used to do so.
Status:
You are mutual friends with gimped
not hidden nor notifictions set
learning question
Why is it that the following "reshares" are public, I'm able to pin them and show up on the respective profile stream of that forum page:
aus.social/@radicalxstitch/111…
tupambae.org/display/0ac89072-…
The forum page (permaculture) was created by this profile contrary to the "gimped" forum above which is an "independent" account. The tutorial forum page mentioned above also was created by this profile here but isn't followed by this profile.
Tried to publish a comment from the gimped forum as a comment here.
Apparently that comment didn't make it to this post.
Here is the content:
As of now, this forum page is set as:
Private Forum
[Experimental]Requires manual approval of contact requests.
Maybe that has something to do with it?
In the profile page there are "public" posts by a mastodon profile that figures as "Mutual friendship" in the contacts list, same as the friendica utopiarte profile whose posts figure as "private message" to this forum page.
frio theme - Service Unavailable
Hi there @Friendica Support
just changed on this profile to FRIO as VIER seems to basically not perform the basic functions.
When I try to go to the settings page I get a "Service Unavailable" page.
What should I do?
friendica 2023.05 - firefox
tupambae.org/admin/themes/frio
Service Unavailable
unable to create directory /var/www/html/view/smarty3/compiled/90/4f/52
Exception thrown in /var/www/html/src/Core/Renderer.php:90
Stack trace:
#0 /var/www/html/view/theme/frio/config.php(199): Friendica\Core\Renderer::replaceMacros()
#1 /var/www/html/view/theme/frio/config.php(141): frio_form()
#2 /var/www/html/src/Module/Admin/Themes/Embed.php(89): theme_admin()
#3 /var/www/html/src/BaseModule.php(244): Friendica\Module\Admin\Themes\Embed->content()
#4 /var/www/html/src/App.php(703): Friendica\BaseModule->run()
#5 /var/www/html/index.php(52): Friendica\App->runFrontend()
#6 {main}
Update:
Correct CHMOD settings for smarty3, subfolders and their users
Correct CMOD settings for smarty3, subfolders and their users
Hi there @Friendica Support ,
this question is related to this help request:
frio theme - Service Unavailable
tupambae.org/display/0ac89072-…I had a look at the smarty CHMOD settings and found the following:
drwxrwxr-x 3 www-data www-data 4096 Nov 8 20:23 smarty3
If I'm not wrong that's CMOD 775 (rwx|rwx|r-x) (?)In the installation process the commands to create the smarty folders were:
www-data@VPShosting:~/html$ mkdir -p view/smarty3
www-data@VPShosting:~/html$ chmod 775 view/smarty3
see:
squeet.me/display/962c3e10-156…
tupambae.org/display/0ac89072-…
--
I looked into the subfolders and found:rootname@VPShosting:/var/www/html/view/smarty3# ls -l
drwxr-xr-x 222 www-data www-data 4096 Nov 25 17:20 compiled => CMOD 755 (rwx|r-x|r-x) (?)
--
The folder "compiled" has a long list of sub-folders apparently each having 2 more steps of sub-folders.rootname@VPShosting:/var/www/html/view/smarty3/compiled# ls -l
total 880I found two types of folders, some few created on different dates strangely belonging to the user root instead of www-data, here two examples and how those two types of subfolders look like.
I guess the folders owned by root are wrong?
--------------------
drwxr-xr-x 3 root root 4096 Nov 12 04:35 00
-
rootname@VPShosting:/var/www/html/view/smarty3/compiled/00# ls -l
drwxr-xr-x 3 root root 4096 Nov 12 04:35 d4 => CMOD 755 (rwx|r-x|r-x) (?)rootname@VPShosting:/var/www/html/view/smarty3/compiled/00/d4# ls -l
drwxr-xr-x 2 root root 4096 Nov 12 04:35 ec => CMOD 755 (rwx|r-x|r-x) (?)rootname@VPShosting:/var/www/html/view/smarty3/compiled/00/d4/ec# ls -l
-rw-r--r-- 1 root root 675 Nov 12 04:35 00d4eca105abd94437094f3d4409477acb55526a_2.string.php => CMOD 644 (rw-|r--|r--) (?)
--------------------
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:25 01
-
rootname@VPShosting:/var/www/html/view/smarty3/compiled/01# ls -l
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:25 97 => CMOD 755 (rwx|r-x|r-x) (?)rootname@VPShosting:/var/www/html/view/smarty3/compiled/01/97# ls -l
drwxr-xr-x 2 www-data www-data 4096 Nov 22 20:25 f2 => CMOD 755 (rwx|r-x|r-x) (?)rootname@VPShosting:/var/www/html/view/smarty3/compiled/01/97/f2# ls -l
-rw-r--r-- 1 www-data www-data 6140 Nov 22 20:25 0197f2d4b23957a898d38870d6c6a3775da487ff_2.file.group_side.tpl.php => CMOD 644 (rw-|r--|r--) (?)
¿Hi there @Friendica Developers, can you please take the theme VIER immediately out of the branches stable and RC!
It doesn't even display the [abstract] bbCode properly and right now literally I have no clue how many hours of my life I spend the last month documenting bugs that might be just because that theme doesn't work.
My mind is raging and I just jumped out of the window, lucky me that I live on ground level so every thing is fine as of now, but please, this is disheartening!
thx
tupambae.org/display/0ac89072-…
/jesuisatires sarcasm mode on
> I've got 2600+ users, but I myself will find something else to use and as a result it won't be maintained
Sounds like a terrible hostage situation you are threatening with Nanook.
Profiles like this one?
Playing online slot gambling is increasingly popular in Indonesia. However, with so many online slot gambling agents available, it is important to choose an agent that is trusted and can provide an optimal gaming experience. One of the trusted online slot gambling agents that can be an option is broslot88. This agent offers various types of online slot games with high quality graphics and sound, as well as modern features that make the playing experience more enjoyable.
Translated with www.DeepL.com/Translator (free version)
As stated before, fork the deprecated theme, or even better both, make a themes addon out of it and be happy.
random post import from new followed diaspora profile
(update: post that didn't federate till now to the helpers forum, just added the dev forum)
friendica 2023.05
@Friendica Support @Friendica Developers
Hi there,
not a real problem but I find it strange and in any case worrisome as in the end this adds to the DB without any direct request.
I just followed a profile that has like over a decade of existence in the fediVerse with tons of posts. I actually searched and researched for some of them and like just by the way a few more posts of that profile popped up in my network stream.
It doesn't look like there is any kind of pattern to it at all.
(except that they all end with "4860008dbc6c"?)
randomly "imported" posts
https://tupambae.org/display/c575fc50a042013327474860008dbc6c
https://tupambae.org/display/745d3860a1f4013327484860008dbc6c
https://tupambae.org/display/938cab108bba013271c64860008dbc6cI did search for some D* posts from this "brand new server" to import reshare/save them:
posts searched
https://pod.geraspora.de/posts/14245146
https://pod.geraspora.de/posts/0ac890724556bf5a713e18e506721528
https://diaspora-fr.org/posts/50b2e8882bd91579Also it looks like these posts have in common that bitpickup@framasphere.org, a D* server and there for profile that doesn't exist anymore reshared them, unlikely that this has something to do with it.
utzer wrote:
Rarely also when new contact is added.
I guess this is the point here.
Right now I'm in a working rush as this server juste started as it should, have a back log on the merge report and actually am anxious to do what I actually wanted to with this domain, so right now I can't.
If I stumble over it again I will come back to this, other wise when I have some time I'll try to recreate the "bug".
#bugBookmarkShare some screenshot of a post if you like, you can remove name and post body, just the date time part is needed to understand.
I did have look at gitHub
Short bug bescription:
a overall summary of the issue
¡What doesn't work is that
¿Possible to reproduce, if so how:
- step one to reproduce the problem
- step two
- step three
Details of the buggy behaviour:
When I
Expected result
¿what should be the correct behavior:
Screenshots:
Platform Info:
Friendica Version:2023.05 - stable
Friendica Source:gitHub
PHP version:8.1.2-1ubuntu2.14
SQL version:MySQL / MariaDB
memory_limit 256M
Mina
in reply to utopiArte • • •That's sweet of you!
I followed the instructions on
friendi.ca/resources/installat…
word for word, i.e.
1. uploaded the directories (including addons)
2. renamed the .htaccess-dist to .htaccess (it's an Apache server)
3. Created a database and had the details at hand.
4. Went to friendica.penkagram.me in order to start the installer.
and what happened was:
The installer didn't start, but went redirecting me into
[url]/index.php/install/install/install/…
1/?
@helpers
Installation – friendica
friendi.caMina
in reply to Mina • • •until finally the browser told me "redirection error".
I then tested with some arbitrary PHP file if PHP worked. It did (in the root directory and the friendica subdirectory).
Then I tried stuff that was recommended in the forum (where I also found people told to become developers if they had problems), like entering database details into config files, some changes in .htaccess, but, alas, to no avail.
2/?
@helpers
Mina
in reply to Mina • • •I managed to break it, so that now I get a Error 500 when trying to access the page.
So:
I am going to delete everything, start over from scratch, and if that doesn't work, try it with git.
If you have any idea, what might have gone wrong, that would be nice. If not, never mind.
3/3
@helpers
utopiArte
in reply to Mina • • •@Mina
Not sure what is the actual state of the art of the installer is. Last I "heard" and experienced is that it was broken and that the best way to install is thru the console commands detailed in the helpers page:
/help/Install#Option+B%3A+Run+the+automatic+install+script
tupambae.org/help/Install#Opti…
And yes, it's recommendable to use the git install form, that way you will be able to easily update the installation.
Mina
in reply to utopiArte • • •