1. 25

I just changed my project name made a big update to my readme, and would appreciate some feedback.

This is a web-based (primarily) forum system, not unlike Fossil Forum in that there is a hash-based tree of posts, and the data is to an extent exporatble and also a DAG of sorts.

If you want to see a live demo, the link is in my profile.

  1. 29

    Name is not appealing to me. I guess not my kind of fetish.

    A demo or at least a screenshot would be nice. The website http://www.shitmyself.com/ requires authentication and there is no demo account provided.

    1. 3

      Demo credentials are admin/admin.

    2. 12

      I think a lot of people will miss the point of this, but don’t let it get to you. I miss websites like this, and value them — and the people who would take the time to craft them. A web of small communities, each unique, now gone, replaced with baleful “social networks”. The more people building ‘indieweb’, the better.

      1. 2

        Totally agreed. At the same time, a lot of people actually might get it, so it’s good it was posted here.

        The (rather shitty) name aside, it feels sort of like a web BBS.

        1. 2

          Or like usenet :)

      2. 7

        It looks like you’ve put a whole lot of work into this, and I like the concept, but I couldn’t ever see myself using a project with that name. I would never have a community “powered by Shitmyself”.

        If you just kind of want it to be a meme then that’s okay, but if you want it to be taken seriously as a viable forum software, the name will be an obstacle.

        1. 3

          Thank you for making this. While I don’t really have a usecase for it at the moment, I deeply enjoyed reading document about why you built it. Thank you for your investment of time and energy into this project

          1. 2

            How is portable identity acheived? I see some indication it is by OpenPGP? So for all non-JS users is signing manually via gpg or similar required to post?

            1. 3

              portable identity is achieved by relying on pgp as the authentication method.

              create profile = gen key and post pubkey (text file)

              new post = signed text (in text file)

              vote, reply, change title, change config = tokens in signed text (in text file)

              when you copy these textfiles to a new instance and import it into your relational database, you get a portable account.

              1. 3

                I’m interested as to why OP chose gpg (and all the fragility that comes with parsing its output) over signify/minisign (cf. Latacora indicating avoiding PGP as a whole as best practice); they must have been aware of its existence going by the files in misc/.

                1. 9

                  mainly because

                  it is a stable standard

                  it,s been proven to work

                  it,s supported by just about everyone

                  it,s easy to integrate due to copious tooling

                  it,s accessible to noobs and hackers alike

                  it,s plaintext

                  it,s backwards compatible at least 10 years

                  there are hundreds of toolkits for it

                  it,s reliable

                  i already have experience with it

                  i have a wide range of features to choose from and i can choose to only use the basics

                  maybe just a little bit to annoy anyone who says they have a better solution to all the problems pgp solves and it,s all here in my 200 commit repository

                  1. 1

                    I see. Thank you for your response.

                  2. 1

                    Using OpenPGP does not in any way require gpg.

                    1. 3

                      i use both. one of thw reasons i chose pgp and gpg because of compatibility and wide range of toolkits

                      1. 0

                        OpenPGP does not require gpg, yes. Nonetheless, the README clearly refers to it, as does the code. Nonetheless PGP is still discouraged.

                        1. 3

                          excuse me?

                          discouraged by whom, exactly?

                          someone struggling over the decision whether to make business cards or not? ))

                          1. 3

                            discouraged by whom, exactly?

                            I gave this information in the initial reply: Latacora discourages PGP. See also:

                            Not all of these affect your scenario directly or even indirecty. Seeing PGP is more like a smell like seeing MD5 in a use case that it is technically still useful for.

                            1. 3

                              Here is what I’m getting out of these articles:

                              PGP is a long-lived, still-living, backwards-compatible, audited/hardened, many-featured library/standard with a wide range of features, nearly all optional.

                              There are many pitfalls in implementing truly secure PGP solutions. However, I think that in a low-stakes project like small-scale internet forum, it’s good enough.

                              I think that PGP is a great library which lacks a good interface. There has yet to be built an accessible interface on top of PGP, but I don’t think it is impossible.

                  3. 1

                    This is cool, I have been planning to make a no-js-required forum webapp for a while.