Nodebb as blogging platform

General
  • Hello,
    I have been working on learning to be a full stack web dev. I am currently in the process of learning jovascript and am working through some lessons. I have a portfolio page that I have created with nodejs. It is nothing fancy or crazy. I have been wanting to implement a blog on it to write about my journey and where I am currently and to share snippets of code and how I was able to implement some different things to get them to work. I would like a comments section so that people could even review the code and make suggestions and such.

    My impression is that any good developer wouldn’t try to reinvent the wheel when there are already good options out there. I was wondering what you think of using nodebb as a system for this? Or would it be better to use another system for this type of thing. I have thought about workpress, but as I grow in programming I will probably want a more customizable environment. I know that with enough knowledge you can customize anything.

    So basically I am looking for good recommendations on what software I should use. This software could completely replace my current profile or just be on the backend so I don’t have to create the blogging part from scratch.

    I hope this makes sense and I appreciate any and all feedback. Thank you!

  • @Madchatthew hey - long time no speak ! This might be useful 🙂

    https://sudonix.com/topic/264/ghost-for-blogging-vs-long-posts-on-nodebb?_=1653410593553

    I played with Ghost for a while, but decided it was simply too complex to maintain, so moved all of my blog posts here

    https://sudonix.com/user/phenomlab/blog/1

  • @phenomlab said in Nodebb as blogging platform:

    @Madchatthew hey - long time no speak ! This might be useful 🙂

    https://sudonix.com/topic/264/ghost-for-blogging-vs-long-posts-on-nodebb?_=1653410593553

    I played with Ghost for a while, but decided it was simply too complex to maintain, so moved all of my blog posts here

    https://sudonix.com/user/phenomlab/blog/1

    This is excellent information. It has been awhile. I have been focusing on learning JS. I am really determined to get out of nursing and be a web dev. I wanted to start utilizing Linked in by writing about where I am currently at with coding and the things I am currently working on and putting up code snippets. I had thought about doing all of the in Linked in but thought having a blog and putting those links to the blogs on linkedin. I am hoping by doing that, that maybe someone will throw a job offer my way. I am planning on being very transparent and when I go to polish off my resume, putting that in a blog post and then asking for thoughts and such. I feel I have a long way to go before I can even get a job as a programmer, but that just may be the imposter syndrome. In this way I am hoping that I can keep track of progress and others can see where I am at in my journey.

    So I will go with Nodebb for blogging. I think I am going to have a one page profile page and then have a link right to a blog page to nodebb like you have from my profile page.

    My next question would then be, should I have nodebb be in a subfoler or just use nodebb to do all of it?

  • @Madchatthew my advice here would be to meet NodeBB do it all. I tried the alternative route with ghost and it became too difficult to manage from the theming perspective alone. Ghost is great if you just want a simple blog but doesn’t fare so well if you need to customise it. I managed to get everything to work the way I wanted, but it still took an extensive amount of custom JS code and CSS. Decent themes in ghost are also a little hard to come by, meaning further customisation is also required to get the exact look and feel that you want.

    Finally, there’s the general lack of plugins. Ghost isn’t WordPress, so don’t expect it to be as packed with decent (and some equally awful) plugins out of the gate. Ghost excels when it comes to speed being based on NodeJS instead of PHP meaning that the code itself doesn’t need to be compiled on each page load. However, the lack of plugins and extensibility without coding knowledge can lead to an unfamiliar experience, and frustration if you’re not sure where to start.

    I also found the ghost forums not exactly the greatest of experiences. I identified what I’d easily class as a bug and it was met with something of a mediocre response to say the least. Here’s the post itself

    https://forum.ghost.org/t/unable-to-start-ghost/26383

    Not that I want the “red carpet” treatment (I’m a little old for that 😃) but simple responses like “ghost doctor” aren’t going to help anyone with not much experience. Quite off-putting in my view.

    If you’re looking to expand your horizons by leveraging LinkedIn, feel free to look me up. My profile link is below

    https://www.linkedin.com/in/phenomlab

    More than happy to cross promote you.

  • @phenomlab Thank you very much. I really appreciate it. I will hit you up on linkedin, thank you again. I will make nodebb do it all for me. I know it is very versatile and should be able to set it up the way I want.

    Thank you for your help and you can expect more questions from me now as I get nodebb to bend to my will…heheh

  • @Madchatthew no problems at all. Happy to help.

  • @Madchatthew I’ve just realised that we’re already connected on LinkedIn 😃. I’ve just been stalking your profile… In a nice way of course.

  • @phenomlab yeah I thought we were too, but then I wasn’t sure and was going to check haha. I don’t mind stalkers haha

  • FWIW I’ve used WP, ghosts, and static sites and now I’m considering using ghost as a publishing platform. You are not alone.

  • @qwinter I’ve extensive experience with Ghost, so let me know if you need any help.


  • Nodebb design

    Solved General
    2
    1 Votes
    2 Posts
    45 Views

    @Panda said in Nodebb design:

    One negative is not being so good for SEO as more Server side rendered forums, if web crawlers dont run the JS to read the forum.

    From recollection, Google and Bing have the capability to read and process JS, although it’s not in the same manner as a physical person will consume content on a page. It will be seen as plain text, but will be indexed. However, it’s important to note that Yandex and Baidu will not render JS, although seeing as Google has a 90% share of the content available on the web in terms of indexing, this isn’t something you’ll likely lose sleep over.

    @Panda said in Nodebb design:

    The “write api” is preferred for server-to-server interactions.

    This is mostly based around overall security - you won’t typically want a client machine changing database elements or altering data. This is why you have “client-side” which could be DOM manipulation etc, and “server-side” which performs more complex operations as it can communicate directly with the database whereas the client cannot (and if it can, then you have a serious security flaw). Reading from the API is perfectly acceptable on the client-side, but not being able to write.

    A paradigm here would be something like SNMP. This protocol exists as a UDP (UDP is very efficient, as it is “fire and forget” and does not wait for a response like TCP does) based service which reads performance data from a remote source, thus enabling an application to parse that data for use in a monitoring application. In all cases, SNMP access should be “RO” (Read Only) and not RW (Read Write). It is completely feasible to assume complete control over a firewall for example by having RW access to SNMP and then exposing it to the entire internet with a weak passphrase.

    You wouldn’t do it (at least, I hope you wouldn’t) and the same ethic applies to server-side rendering and the execution of commands.

  • 0 Votes
    1 Posts
    59 Views

    Hi all,

    If you’re coming back here after a short hiatus, then you’ll notice that sudonix has now been upgraded to v3. There’s a lot of things that have changed - including new swatches, and a smart “drawer like” categories selector.

    I’ve also developed new code which has been running in dev for what seemed like a lifetime, but is now actively running here.

    Feel free to wander around and explore the new layout. I hope you enjoy using it as much as I already do.

    Thanks

  • NodeBB v2.4.0

    Solved General
    3
    2 Votes
    3 Posts
    130 Views

    @phenomlab As always…Thank you.

    Worked for me.

  • Link vs Refresh

    Solved Customisation
    20
    8 Votes
    20 Posts
    495 Views

    @pobojmoks Do you see any errors being reported in the console ? At first guess (without seeing the actual code or the site itself), I’d say that this is AJAX callback related

  • 2 Votes
    4 Posts
    201 Views

    @qwinter it’s workable I think, but not perfect - then again, unless you write a specific plugin to perform such a task, what is. As you pointed out, you have versioning of sorts with the historical access to reach post.

  • NodeBB vs Flarum for a non developer

    Solved General
    17
    10 Votes
    17 Posts
    483 Views

    @marusaky That’s really easily done. I think the docs need updating for the latest release. Did you land up on the 18.x train ?

  • 0 Votes
    1 Posts
    135 Views

    bg-min-dark.webp
    It’s a common occurrence in today’s modern world that virtually all organisations have a considerable budget (or a strong focus on) information and cyber security. Often, larger organisations spend millions annually on significant improvements to their security program or framework, yet overlook arguably the most fundamental basics which should be (but are often not) the building blocks of any fortified stronghold.

    We’ve spent so much time concentrating on the virtual aspect of security and all that it encompasses, but seem to have lost sight of what should arguably be the first item on the list – physical security. It doesn’t matter how much money and effort you plough into designing and securing your estate when you consider how vulnerable and easily negated the program or framework is if you neglect the physical element. Modern cyber crime has evolved, and it’s the general consensus these days that the traditional perimeter as entry point is rapidly losing its appeal from the accessibility versus yield perspective. Today’s discerning criminal is much more inclined to go for a softer and predictable target in the form of users themselves rather than spend hours on reconnaissance and black box probing looking for backdoors or other associated weak points in a network or associated infrastructure.

    Physical vs virtual

    So does this mean you should be focusing your efforts on the physical elements solely, and ignoring the perimeter altogether ? Absolutely not – doing so would be commercial suicide. However, the physical element should not be neglected either, but instead factored into any security design at the outset instead of being an afterthought. I’ve worked for a variety of organisations over my career – each of them with differing views and attitudes to risk concerning physical security. From the banking and finance sector to manufacturing, they all have common weaknesses. Weaknesses that should, in fact, have been eliminated from the outset rather than being a part of the everyday activity. Take this as an example. In order to qualify for buildings and contents insurance, business with office space need to ensure that they have effective measures in place to secure that particular area. In most cases, modern security mechanisms dictate that proximity card readers are deployed at main entrances, rendering access impossible (when the locking mechanism is enforced) without a programmed access card or token. But how “impossible” is that access in reality ?

    Organisations often take an entire floor of a building, or at least a subset of it. This means that any doors dividing floors or areas occupied by other tenants must be secured against unauthorised access. Quite often, these floors have more than one exit point for a variety of health and safety / fire regulation reasons, and it’s this particular scenario that often goes unnoticed, or unintentionally overlooked. Human nature dictates that it’s quicker to take the side exit when leaving the building rather than the main entrance, and the last employee leaving (in an ideal world) has the responsibility of ensuring that the door is locked behind them when they leave. However, the reality is often the case instead where the door is held open by a fire extinguisher for example. Whilst this facilitates effective and easy access during the day, it has a significant impact to your physical security if that same door remains open and unattended all night. I’ve seen this particular offence repeatedly committed over months – not days or weeks – in most organisations I’ve worked for. In fact, this exact situation allowed thieves to steal a laptop left on the desk in an office of a finance firm I previously worked at.

    Theft in general is mostly based around opportunity. As a paradigm, you could leave a £20 note / $20 bill on your desk and see how long it remained there before it went missing. I’m not implying here that anyone in particular is a thief, but again, it’s about opportunity. The same process can be aligned to Information security. It’s commonplace to secure information systems with passwords, least privilege access, locked server rooms, and all the other usual mechanisms, but what about the physical elements ? It’s not just door locks. It’s anything else that could be classed as sensitive, such as printed documents left on copiers long since forgotten and unloved, personally identifiable information left out on desks, misplaced smartphones, or even keys to restricted areas such as usually locked doors or cupboards. That 30 second window could be all that would be required to trigger a breach of security – and even worse, of information classed as sensitive. Not only could your insurance refuse to pay out if you could not demonstrate beyond reasonable doubt that you had the basic physical security measures in place, but (in the EU) you would have to notify the regulator (in this case, the ICO) that information had been stolen. Not only would it be of significant embarrassment to any firm that a “chancer” was able to casually stroll in and take anything they wanted unchallenged, but significant in terms of the severity of such an information breach – and the resultant fines imposed by the ICO or SEC (from the regulatory perspective – in this case, GDPR) – at €20m or 4% of annual global (yes, global) turnover (if you were part of a larger organisation, then that is actually 4% of the parent entity turnover – not just your firm) – whichever is the highest. Of equal significance is the need to notify the ICO within 72 hours of a discovered breach. In the event of electronic systems, you could gain intelligence about what was taken from a centralised logging system (if you have one – that’s another horror story altogether if you don’t and you are breached) from the “electronic” angle of any breach via traditional cyber channels, but do you know exactly what information has taken residence on desks ? Simple answer ? No.

    It’s for this very reason that several firms operate a “clean desk” policy. Not just for aesthetic reasons, but for information security reasons. Paper shredders are a great invention, but they lack AI and machine learning to wheel themselves around your office looking for sensitive hard copy (printed) data to destroy in order for you to remain compliant with your information security policy (now there’s an invention…).

    But how secure are these “unbreakable” locks ? Despite the furore around physical security in the form of smart locks, thieves seem to be able to bypass these “security measures” with little effort. Here’s a short video courtesy of ABC news detailing just how easy it was (and still is in some cases) to gain access to hotel rooms using cheap technology, tools, and “how-to” articles from YouTube.

    Surveillance systems aren’t exempt either. As an example, a camera system can be rendered useless with a can of spray paint or even something as simple as a grocery bag if it’s in full view. Admittedly, this would require some previous reconnaissance to determine the camera locations before committing any offence, but it’s certainly a viable prospect of that system is not monitored regularly. Additionally, (in the UK at least) the usage of CCTV in a commercial setting requires a written visible notice to be displayed informing those affected that they are in fact being recorded (along with an impact assessment around the usage), and is also subject to various other controls around privacy, usage, security, and retention periods.

    Unbreakable locks ?

    Then there’s the “unbreakable” door lock. Tapplock advertised their “unbreakable smart lock” only to find that it was vulnerable to the most basic of all forced entry – the screwdriver. Have a look at this article courtesy of “The Register”. In all seriousness, there aren’t that many locks that cannot be effectively bypassed. Now, I know what you’re thinking. If the lock cannot be effectively opened, then how do you gain entry ? It’s much simpler than you think. For a great demonstration, we’ll hand over to a scene from “RED” that shows exactly how this would work. The lock itself may have pass-code that “…changes every 6 hours…” and is “unbreakable”, but that doesn’t extend to the material that holds both the door and the access panel for the lock itself.

    And so onto the actual point. Unless your “unbreakable” door lock is housed within fortified brick or concrete walls and impervious to drills, oxy-acetylene cutting equipment, and proximity explosive charges (ok, that’s a little over the top…), it should not be classed as “secure”. Some of the best examples I’ve seen are a metal door housed in a plasterboard / false wall. Personally, if I wanted access to the room that badly, I’d go through the wall with the nearest fire extinguisher rather than fiddle with the lock itself. All it takes is to tap on the wall, and you’ll know for sure if it’s hollow just by the sound it makes. Finally, there’s the even more ridiculous – where you have a reinforced door lock with a viewing pane (of course, glass). Why bother with the lock when you can simply shatter the glass, put your hand through, and unlock the door ?

    Conclusion

    There’s always a variety of reasons as to why you wouldn’t build your comms room out of brick or concrete – mostly attributed to building and landlord regulations in premises that businesses occupy. Arguably, if you wanted to build something like this, and occupied the ground floor, then yes, you could indeed carry out this work if it was permitted. Most data centres that are truly secure are patrolled 24 x 7 by security, are located underground, or within heavily fortified surroundings. Here is an example of one of the most physically secure data centres in the world.

    https://www.identiv.com/resources/blog/the-worlds-most-secure-buildings-bahnhof-data-center

    Virtually all physical security aspects eventually circle back to two common topics – budget, and attitude to risk. The real question here is what value you place on your data – particularly if you are a custodian of it, but the data relates to others. Leaking data because of exceptionally weak security practices in today’s modern age is an unfortunate risk – one that you cannot afford to overlook.

    What are your thoughts around physical security ?

  • 0 Votes
    3 Posts
    184 Views

    @justoverclock yes, completely understand that. It’s a haven for criminal gangs and literally everything is on the table. Drugs, weapons, money laundering, cyber attacks for rent, and even murder for hire.

    Nothing it seems is off limits. The dark web is truly a place where the only limitation is the amount you are prepared to spend.