We need a new blogging system

The current blogging system is based on Drupal 5 and heavily hacked up to remove lots of surface area for classes of attacks. However, it doesn't work so much years later. The search functionality is broken. Lots of the admin functionality is broken as well. I've resorted to using raw SQL queries to manage the system. This is less than optimal.

Options I see are:

1. Do nothing and let the blog further degrade.
2. Migrate to a static blog generator like jekyll.
3. Migrate to modern drupal in the debian repos.
4. Use RedTeam's WordPress system for a more secure wordpress installation.
5. Host it somewhere else and let them worry about it, so long as we can get our data out daily.

added blog component::webpages/blog priority::medium replacement resolution::fixed severity::normal status::closed type::project upgrade www-team labels

My personal favorite is static blog generators. But this removes the comment functionality, unless we sign up with a commenting service like disqus, intense debate, or we install a free software package like discourse and use it.

Like it or not, the blog comments have become our forum.

The mailing lists aren't it -- and many people rightly point out that they can use Tor to safely interact with the blog comments whereas getting a usable email address over Tor these days is becoming increasingly hard. And the stackexchange thing isn't a forum either.

So I think dropping the comment section, and not replacing it with something equivalent (even if somewhere else), would be a poor move.

Trac:
Cc: N/A to lunar@torproject.org

FWIW, I use pelican for my blog, I tried a whole bunch like a year and half ago. This one is in Python, and it didn't suck as much as the other Python ones, plus the Extension API for it is really simple (I was able to write a BibTeX to anonbib-ish-thing in a couple hours). There might be better ones now, but the process of searching and trying them was painful to me -- I wouldn't really want to repeat it.

Pelican has a Disqus plugin which comes with it automatically. I tested that out, but it was pretty unusable over Tor, required registration (with an email address) on their site (which was HTTP-only). It was gross, and scripts galore, so I ditched it.

I agree with arma's comment that the blog is the safest way for users to give us feedback, we should try to find something at least as safe/non-privacy-invading to replace it.

Trac:
Cc: lunar@torproject.org to lunar@torproject.org, isis

All in for a static blog generator backed by a revision control system.

The blog is also doing the event calendar. Should that be kept?

What about migration? We need to keep content, but do we also want to migrate comments?

Regarding comments, the main think I can think of here is social: who's taking care of them? Moderation, answering the bulk… Roger is doing a good amount of that for the current blog, but we might want to have more formal roles or processes?

(This is actually the reason why I always disabled comments for TWN posts. I don't want to feel sole responsible with the comments there and piling unmoderated ones are bad from our users point of view.)

I don't think Disqus is an option, otherwise we are going to have the same problem we are currently having with Stack Exchange: we can't trust their data retention policy.

Discourse looks nice from several aspects. That's a Rails app, not the worst to administrate but it needs a maintainer on the sysadmin side. It also have an impressive feature list and so it also needs someone to decide about how to turn all the little knobs.

Replying to lunar:

All in for a static blog generator backed by a revision control system.

Sounds good to me (in theory).

The blog is also doing the event calendar. Should that be kept?

I think an event calendar could be quite useful if we keep it up to date and if we make it findable for our community. It could be something very simple, like a text file we update via git, and point to from the end of the 'upcoming events' section of TWN.

What about migration? We need to keep content, but do we also want to migrate comments?

Unfortunately, my vote is yes. It sure sounds like a pain, but many of the comment sections of more recent posts (where I've put a lot of effort in) are useful resources.

Maybe that means we don't want to migrate, and instead just take static html from the old posts-with-their-comments?

Another option is to go through and extract everything perfectly into stackexchange questions and answers. I'd like that to happen, but I think it needs to be done by the community at their own pace.

Regarding comments, the main think I can think of here is social: who's taking care of them? Moderation, answering the bulk… Roger is doing a good amount of that for the current blog, but we might want to have more formal roles or processes?

I'm basically the sole blog person at this point. And it is a bit weird that we have a blog, we have helpdesk, and we have stackexchange. It seems like about half of the blog things, and an unknown fraction of the helpdesk things, could be resolved by making a good stackexchange entry and just pointing to it each time the issue comes up. But there's remaining value in both even if we do that.

As for more formal roles / processes... that's a tough one. I'd love to have some more volunteers here. But it's not clear that it would be the best use of our (at this moment limited) funding. On the third hand, here I am not doing some of the other just-as-critical things that I could be doing.

(This is actually the reason why I always disabled comments for TWN posts. I don't want to feel sole responsible with the comments there and piling unmoderated ones are bad from our users point of view.)

Makes perfect sense.

I don't think Disqus is an option, otherwise we are going to have the same problem we are currently having with Stack Exchange: we can't trust their data retention policy.

Yeah.

Discourse looks nice from several aspects. That's a Rails app, not the worst to administrate but it needs a maintainer on the sysadmin side. It also have an impressive feature list and so it also needs someone to decide about how to turn all the little knobs.

Haven't looked at it, but am open to it.

Replying to arma:

I'm basically the sole blog person at this point.

I moderate comments and do direct sql to keep the spam down. If you mean by responding to comments, sure. In reality, ain't nobody got time for that. As we've seen with stack exchange, others in the community would be great at moderating and responding to comments.

Trac:
Status: new to accepted
Owner: N/A to phobos

Trac:
Milestone: N/A to 2014 Tor Blog Replacement
Keywords: N/A deleted, blog replacement upgrade added

Happy to report that I've scraped all blog posts and their comments (#10479 (moved)).

Trac:
Username: ultrasandwich

Trac:
Keywords: blog replacement upgrade deleted, blog replacement upgrade www-team added

Other free software alternatives to Disqus:

• Juvia
• comment-it

The blog is currently broken, and increasingly more broken as time progresses.

1. The search engine no longer works.
2. The CAPTCHA module no longer works.
3. A few of the admin views no longer work (like statusreport, search, profile edit)

Trac:
Cc: lunar@torproject.org, isis to lunar@torproject.org, isis, phoul

I think a rational stopgap is to simply upgrade to drupal 7 from the repositories. This gets us at least on modern code, fully functional, and we can then have time to discuss next steps. The process is likely to upgrade to drupal 6 and then 7.

Trac:
Cc: lunar@torproject.org, isis, phoul to lunar@torproject.org, isis, phoul, jens@kubieziel.de

According to Roger, our blog is even more broken now, see #12949 (moved) for fun.

Options are to either just migrate the blog to some 3rd party, or find someone to convert it to modern drupal 7.

I sent an email to tor-www-team to see if we have motivated people to help us out.

Step 1: Get our drupal blog working again. Step 2: migrate the content to jekyll with a nice design. Step 3: migrate the comments to juvia or something with a similarly nice design Step 4: stop worrying about the blog