Evaluating ElkArte (as a possible SMF replacement)

[tomreyn]

Hi everyone,

I am grateful to the past and present developers of the SimpleMachines forum software (which this forum runs on) for all the time and energy they spent on it for many years. You did a great job, there.

Presently, however, I am not convinced that SMF is being well maintained. There are critical security bugs in the current stable release which have been made public, addressed to a wide audience of both white and blackhat hackers early this month (two months after they were privately anonunced to the developers, as the person announcing them now states). To date, there is no public reaction to those by SMF, and attempts to discuss these vulnerabilities and possible counter measures are actively prevented on their support forum. While it's perfectly fine for a software which is based on volunteer work to develop slowly, this is not the right way to handle security vulnerabilities, be it a professional or volunteer run project.

Moreover, SMF development seems to have slowed down a lot during the past two years, while there are known issues which really should be addressed (an embedded anti-spam mechanism which works, support for newer versions  of dependencies such as PHP and MySQL, an extension / mod interface which is not patching, a more complete API, and more). While there was (and is?) a major version upgrade in the works for two or three years, it has not yet made it to a production ready release. At the same time, the source code repositories for the current stable release are not open, which is somewhat unusual for an open source software project.

Some of these issues may be better addressed by ElkArte, which forked off SMF a year (?) ago and has since undergone massive code changes. Whether those are, for our needs, to the better or worse I need yet to test. Which is why I'm currently in the process of setting up a test install on the staging site. This should happen once initial bugs (note that I'm testing a beta pre-release) have been sorted out.

If we should decide to go with ElkArte (it is definitely too early to tell at this point), there is an SMF importer available (which I am going to test, too) which has apparently undergone some testing on this migration path before.

So I'm mostly posting this to get some initial feedback on whether this sems like a good or bad idea from your POV, and to see whether I missed some major road blocks.
(Lack of response will not discourage me.)

Thanks,

Tom

[filux]

I support this idea   from other reasons.

SMF has many missing embedded useful features and not so many available mods ... and even when you will find a nice mod then (in our case it's even in most cases) it doesn't work as expected, where Imo half reason of this situation is a bad BSD license.
When many years ago I was an administrator of forum based on "phpbb2 by przemo" and later 2 forums based on on early "phpbb3" then situation with embedded features and with available mods was soooo much better than in current SMF  .

Imo by switching to ElkArte we will get quite a lot nice embedded "features" so we will be more independent from mods:

ElkArte is designed to provide you with all the features you need for a full featured community forum and website right out of the box.
...
    @Mentioning users including notifications
    Likes for posts and topics
    Drafts, including auto save
    OpenID 2.0
    Two modern, responsive themes that look good in any modern browser, smartphone or tablet.
    Integrated video embedding for youtube, vimeo and dailymotion
    Drag and drop ordering in the administration interface
    Drag and drop file attachments
    Improved Anti Spam measures
    Improved password hashing using industry standards
    Bad Behaviour built in
    Automatic combining and minifying of JavaScript and CSS
    Posting by Email
    Ajax previews and responses throughout the user interface
    Utilizes jQuery and Font Awesome
    ...and much more!
...

This list looks really promising .

Imo best moment for switching would be going "live" with 1.1 release ... otherwise if considering "not stable area" then we may also try current SMF 2.1 develop stage as I've read about some features from the list above are meant to be built into SMF 2.1. 

[kagu]

Considering the security vulnerabilities, then we must move ASAP, be either ElkArte or something else.

[filux]

In such cases ASAP mean maybe even a month+ if you want to do this right (all tested & all set & working own theme) and then who knows maybe release 1.1 is so close to finish that it will be possible to jump on release

[GunChleoc]

I have been running phpBB for many years now. It has converters for SmF available:

https://www.phpbb.com/community/viewtopic.php?f=65&t=1641375&start=0

Starting from version 3.1, they have replaced the mod system with an extension system, so adding/removing the features you want has become a lot easier now.

Customizing the style will be the one thing that's fiddly and tome consuming, since you will have to work directly on the .css. We could pick any dark background theme as a starter though and add the theme later.

[tomreyn]

While ElkArte is making a lot of progress over SMF, and the developers are very responsive (I filed a bunch of bug reports and they were taken on within hours), it still shares a lot of properties with SMF which are not that awesome (the ElkArte developers' are not to be blamed for it, it just takes time to improve this large enough piece of code).

Indeed PHPBB might be another option. I haven't followed it lately, but I assume it has a more active community both on the software development and the user side.

Yet another option may be Discourse (Ruby). As well as Flarum, which tries to bring something similar to PHP.