Ok, sorry, bitter old man coming through: this is Web 2.0, not 1.0. For all the buzzwords, Web 2.0 was defined by the dynamic interactive solicitation of user input as opposed to Web 1.0 being just static HTML. I don't think we've coined a good catchphrase for fat applications implemented in tons of Javascript with only lightweight AJAX calls to the backend.
Nah, this is as 1.0 as you can get, assuming you're not asking for completely unstyled text. Forum scripts with this sort of simplicity were around for decades, with UBB being created in 1996 (and having significantly more features than this software), and basic scripts like WWWBoard dating back to 1995 or earlier.
It was AJAX and processing data via JavaScript that was a web 2.0 thing (for the most part), not just submitting forms in general.
"Web 2.0" came around about 2004ish with Digg and other sites using AJAX. Or at least static content was not the defining factor. There were plenty of forums around in the late 90s with dynamic content.
From what I recall AJAX wasn't for making things faster or for scaling like other siblings posts describe.
How I remember it, it was created for user experience reason. Not having to submit a form and refresh the entire page and cause the page to bounce back to the top of the page, etc.
AJAX (at least when I learned and implemented it) was for updating the user about an action they performed without refreshing the entire universe in front of their eyes, only updating the contents of a div or something else.
The whole web app as a javascript app.js blob idea took the AJAX idea to an extreme. In this extreme it often does slow down page load speeds and negatively effect the user experience when Javascript doesn't work, for whatever reason.
The idea of AJAX/SPA was to provide interactivity and a less technical UI that caters to the average Joe. AJAX/SPA moves some of the computation from the backend to the frontend so the service scales better for millions of users.
This forum is not going to be fast for millions of users (it might not even be for hundreds of simultaneous users) because the server has to render everything again for everyone.
Server side rendering is good for response times, that's why the SPA world went back to it (Google: react ssr). SPA is good for scalability and average Joe UI.
...and AJAX is there so we don't need to do a full page reload all the time. Again, not because of response times.
I'd recommend you to use Argon2 instead of bcrypt for storing password. It has won the Password Hashing Competition last year and is the recommended way to store passwords. Bcrypt is not bad but it could be used with insecure parameters while Argon2 does not have insecure parameters.
The way you create cookies is also insecure, you should be using crypto/rand instead of math/rand AND rather hex.EncodeToString() the result instead of just generating random numbers in the alphanumeric range.
The hex.EncodeToString() point is a nit. Generate 128 bits of randomness, and then encode it however you'd like. The track record of people trying to get "generate random numbers in the alphanumeric range" isn't great; it's an opportunity to reintroduce bias. Start with a random token of sufficient size, then encode.
The Argon2 vs. bcrypt thing is unhelpful. It does not matter what password hash you use, so long as you use a hash designed for password storage (ie: not "salted SHA-2"). Bcrypt is fine. I prefer scrypt, for the obvious hardware tradeoff. I don't recommend Argon2 to people (or tell people to stop using it) because of the library support issues.
But I think it's specifically a bad idea to tell people to switch password hashes from bcrypt (or PBKDF2) to the trendy new hash. The security benefit of "upgrading" from one password hash to another is marginal.
(Obviously, the benefit of switching from "salted" hashes to real password hashes is not).
Interesting.. Looks sleek.. DLang forum [1] is similarly lightweight and it runs as a newsgroup, IIRC. Source code at [2] and previous discussions on HN [3]
The old style forums are showing their age and need to be modernized but not abandoned. See the Archlinux forums based on Fluxbb. It's fast and effective.
The newer ones led by Discourse, Nodebb and Flarum have completely gone in another direction in reinventing how discussion forums should be and perhaps gone too far. They feel strangely 'rootless' and completely lack the 'community feel' of user forums.
This looks promising for something fast, lightweight and easy to deploy.
The UIs on those three should be dialed back (animation, JS), but Discourse is pretty good otherwise.
I've looked at all three:
* Flarum had nausea-inducing animation, and now it overrides natural scroll behavior. (Please never do that to users.)
* NodeBB had some problems when I was using it. If JS is disabled, even the homepage links don't work. Forums should be server-rendered.
* Discourse could be improved by removing most of the animation and Material Design creep (bad for motion accessibility), but other than that, it's the best at the moment. It would also be nice to have easier, full theme customization. Maybe it's in there somewhere, but I haven't found it yet.
I would like to see forum software that has the feel of classic forum software (like Flux), not in PHP, that is server-rendered, with a very minimal default theme (no animation) and minimal JavaScript, and that has many of the modern features of Discourse.
The term "Web 2.0" is an unfortunate choice and as a consequence it has been rarely used correctly. Funny enough I've been to a Web 2.0 Conference about 10 years ago where almost every speaker used it incorrectly.
Web 2.0 has nothing to do with a technical revision or change in the Web. It was used by Tim O'Reilly back in 2004 (and became popular) and refers to the rapid change in the way the web is used, more specifically the switch from static web to user generated content.
I'm sorry but your forum is all about UGC, and AJAX has nothing to do with Web 2.0.
This. If you want old school, go with 10px Verdana, and pad sparingly. I want information, not negative space dammit! With pine, my email editor in 1995, I could read 40 subject lines on a 640x480 screen. With Gmail (in compact mode) on an MBP retina, I get 36. Progress, indeed. Designers 1, Users 0.
Initially, I thought of adding no style at all, like this blog[1]. But, without a max-width, I found it hard to read. I'd love to hear your suggestions. What content do you think should be put to reduce the whitespace?
Looks like you'll need to start moderating this already, as of an hour ago, at least.
The process of setting up a public sandbox for users to play with seems like it should be easy, but abusive/obscene posts by users make a testing sandbox unusable/NSFW very easily.
I really like this movement of going back to the basics, web 1.0 style web apps/sites.
I do feel however that there can be a compromise, I think we can build our web applications in the 1.0 style and power them up in the 2.0 style, allowing the capability of the client drive the presentation of the application.
I looked into your work - remarkbox and read through all the while hoping/wishing for there would be a self-hosted version that is not prohibitively expensive for a free personal blog. No luck for me. Back to tinkering with self-hosted isso[1] comment system to make it work for me.
https://posativ.org/isso/
Can I ask what (if any) are your future plans with this? And what's the reason you decided to create it? (only to showcase web 1.0 style forums, or ... other reasons too?)
For example are you planning to provide hosting?
Continue developing the open source version and add features like spam protection? Google and FB login?
I'd been working on this on-again off-again for a while after reading Dan Luu's post on page bloat[1].
I'll provide hosting if anyone wants it. That said, ease of deployment was a major consideration right from the start. That's why I chose golang over Django/Rails and decided to offer SQLite as an option to support quick deployment for internal / low traffic sites.
[+] [-] mseebach|8 years ago|reply
And then, of course, there's Web 0.1: https://thedailywtf.com/articles/Web_0_0x2e_1
[+] [-] CM30|8 years ago|reply
It was AJAX and processing data via JavaScript that was a web 2.0 thing (for the most part), not just submitting forms in general.
[+] [-] aaron-lebo|8 years ago|reply
[+] [-] arkh|8 years ago|reply
[+] [-] rhizome|8 years ago|reply
https://www.discogs.com/group/
https://www.discogs.com/group/3
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] candiodari|8 years ago|reply
Funny given that the whole purpose of AJAX/SPA was to reduce response time. That's it's reason for existing.
Turns out it just complicates things ...
[+] [-] aaron-lebo|8 years ago|reply
No, a good car is not evidence that the plane just complicates things, it's evidence that you've got a good car.
[+] [-] foxhop|8 years ago|reply
How I remember it, it was created for user experience reason. Not having to submit a form and refresh the entire page and cause the page to bounce back to the top of the page, etc.
AJAX (at least when I learned and implemented it) was for updating the user about an action they performed without refreshing the entire universe in front of their eyes, only updating the contents of a div or something else.
The whole web app as a javascript app.js blob idea took the AJAX idea to an extreme. In this extreme it often does slow down page load speeds and negatively effect the user experience when Javascript doesn't work, for whatever reason.
[+] [-] elnygren|8 years ago|reply
The idea of AJAX/SPA was to provide interactivity and a less technical UI that caters to the average Joe. AJAX/SPA moves some of the computation from the backend to the frontend so the service scales better for millions of users.
This forum is not going to be fast for millions of users (it might not even be for hundreds of simultaneous users) because the server has to render everything again for everyone.
Server side rendering is good for response times, that's why the SPA world went back to it (Google: react ssr). SPA is good for scalability and average Joe UI.
...and AJAX is there so we don't need to do a full page reload all the time. Again, not because of response times.
[+] [-] hasenj|8 years ago|reply
[+] [-] baby|8 years ago|reply
The way you create cookies is also insecure, you should be using crypto/rand instead of math/rand AND rather hex.EncodeToString() the result instead of just generating random numbers in the alphanumeric range.
[+] [-] tptacek|8 years ago|reply
The hex.EncodeToString() point is a nit. Generate 128 bits of randomness, and then encode it however you'd like. The track record of people trying to get "generate random numbers in the alphanumeric range" isn't great; it's an opportunity to reintroduce bias. Start with a random token of sufficient size, then encode.
The Argon2 vs. bcrypt thing is unhelpful. It does not matter what password hash you use, so long as you use a hash designed for password storage (ie: not "salted SHA-2"). Bcrypt is fine. I prefer scrypt, for the obvious hardware tradeoff. I don't recommend Argon2 to people (or tell people to stop using it) because of the library support issues.
But I think it's specifically a bad idea to tell people to switch password hashes from bcrypt (or PBKDF2) to the trendy new hash. The security benefit of "upgrading" from one password hash to another is marginal.
(Obviously, the benefit of switching from "salted" hashes to real password hashes is not).
[+] [-] deafcalculus|8 years ago|reply
[+] [-] arunc|8 years ago|reply
[1] http://forum.dlang.org/
[2] https://github.com/CyberShadow/DFeed
[3] https://news.ycombinator.com/item?id=3592769
[+] [-] golangnews|8 years ago|reply
[+] [-] patates|8 years ago|reply
[+] [-] ytjohn|8 years ago|reply
[+] [-] bligh____|8 years ago|reply
[+] [-] throw2016|8 years ago|reply
The newer ones led by Discourse, Nodebb and Flarum have completely gone in another direction in reinventing how discussion forums should be and perhaps gone too far. They feel strangely 'rootless' and completely lack the 'community feel' of user forums.
This looks promising for something fast, lightweight and easy to deploy.
[+] [-] JoshMnem|8 years ago|reply
I've looked at all three:
* Flarum had nausea-inducing animation, and now it overrides natural scroll behavior. (Please never do that to users.)
* NodeBB had some problems when I was using it. If JS is disabled, even the homepage links don't work. Forums should be server-rendered.
* Discourse could be improved by removing most of the animation and Material Design creep (bad for motion accessibility), but other than that, it's the best at the moment. It would also be nice to have easier, full theme customization. Maybe it's in there somewhere, but I haven't found it yet.
I would like to see forum software that has the feel of classic forum software (like Flux), not in PHP, that is server-rendered, with a very minimal default theme (no animation) and minimal JavaScript, and that has many of the modern features of Discourse.
[+] [-] z3t4|8 years ago|reply
[+] [-] pjmlp|8 years ago|reply
[+] [-] swlkr|8 years ago|reply
[+] [-] emrekzd|8 years ago|reply
Web 2.0 has nothing to do with a technical revision or change in the Web. It was used by Tim O'Reilly back in 2004 (and became popular) and refers to the rapid change in the way the web is used, more specifically the switch from static web to user generated content.
I'm sorry but your forum is all about UGC, and AJAX has nothing to do with Web 2.0.
[+] [-] binaryapparatus|8 years ago|reply
If it doesn't work well with w3m something is wrong with the site philosophy or execution.
[+] [-] weberc2|8 years ago|reply
Point of clarification: "wrong" according to your moral philosophy about web sites, even if it's one I happen to share.
[+] [-] sitkack|8 years ago|reply
[+] [-] Aardwolf|8 years ago|reply
[+] [-] czep|8 years ago|reply
This. If you want old school, go with 10px Verdana, and pad sparingly. I want information, not negative space dammit! With pine, my email editor in 1995, I could read 40 subject lines on a 640x480 screen. With Gmail (in compact mode) on an MBP retina, I get 36. Progress, indeed. Designers 1, Users 0.
[+] [-] deafcalculus|8 years ago|reply
[1] https://danluu.com/web-bloat/
[+] [-] wybiral|8 years ago|reply
[+] [-] Xeoncross|8 years ago|reply
It relied on BrowserID though so it's no longer working and I was thinking about re-doing it using Go so I'll look at this.
[+] [-] Eyas|8 years ago|reply
The process of setting up a public sandbox for users to play with seems like it should be easy, but abusive/obscene posts by users make a testing sandbox unusable/NSFW very easily.
[+] [-] czep|8 years ago|reply
[+] [-] scrumper|8 years ago|reply
Nice and fast though. Good work.
[+] [-] swlkr|8 years ago|reply
[+] [-] sturmen|8 years ago|reply
edit: I turned on my brain and found the link was on the homepage the whole time.
[+] [-] noughth|8 years ago|reply
[+] [-] deafcalculus|8 years ago|reply
[+] [-] shpx|8 years ago|reply
https://github.com/arclanguage/anarki/blob/master/lib/news.a...
[+] [-] foxhop|8 years ago|reply
I do feel however that there can be a compromise, I think we can build our web applications in the 1.0 style and power them up in the 2.0 style, allowing the capability of the client drive the presentation of the application.
For hints on how I'm doing this for Remarkbox (https://www.remarkbox.com) - please read http://russell.ballestrini.net/capability-driven-presentatio...
[+] [-] reacharavindh|8 years ago|reply
[+] [-] kgthegreat|8 years ago|reply
[1] https://hashnode.com/post/hashnode-looks-pretty-amazing-its-...
[+] [-] pcunite|8 years ago|reply
https://groups.goodoldweb.com/topics?id=67
[+] [-] maxpert|8 years ago|reply
[+] [-] KajMagnus|8 years ago|reply
For example are you planning to provide hosting?
Continue developing the open source version and add features like spam protection? Google and FB login?
[+] [-] deafcalculus|8 years ago|reply
I'll provide hosting if anyone wants it. That said, ease of deployment was a major consideration right from the start. That's why I chose golang over Django/Rails and decided to offer SQLite as an option to support quick deployment for internal / low traffic sites.
[1] https://danluu.com/web-bloat/