Fork me on GitHub

Saturday, January 20, 2024

Blog / News / FlatPress 1.3 “Andante”: First beta version released

FlatPress 1.3 “Andante”: First beta version released

2024-01-20_beta.jpgHi folks, thank you very much for your patience regarding the release of the next FlatPress version. We’ve come a long way, especially the upgrade of the Smarty template engine created a lot of issues.

But the effort was worth it: Today I can proudly announce the start of our first beta test of the upcoming FlatPress 1.3 “Andante”!

The name “Andante” may be seen as a (not entirely serious) allusion to the FlatPress release cycle: We’re not going particularly fast, but steadily we’re going.

Most important improvement of the new version is the PHP 8.1 and 8.2 PHP 8.1, 8.2, and 8.3* compatibility. Also, we added a few helpful plugins and fixed tons of bugs and security issues. And check out all the other improvements like the localized installer!

Please see the Beta 1 release on GitHub to find the detailed change log, a download package and an update package from FlatPress 1.2:

This is a beta version - we strongly recommend not using it in your productive blog yet.
If you want to help testing, please see this topic on the FlatPress support forum.

I explicitly want to thank all the coders, translators and testers who helped creating this new version. FlatPress 1.3 wouldn’t be possible without you! (Cheers, Frank and Matthias! πŸ‘‹)
See the contributors list to learn about all those great people!

All the best,
Arvid

* Update 2024-01-23: In fact, FlatPress 1.3 “Andante” will happily run under PHP up to 8.3 :)

Image: “Beta” by erokism - licensed under CC BY 2.0

Friday, January 6, 2023

Blog / News / Forum: Login with Two Factor Authentication

Forum: Login with Two Factor Authentication

From now on, the FlatPress support forum supports Two Factor Authentication (2FA). (For more information on what’s 2FA, see below.)
Feel free to secure your account!

Activating it is quite easy: Go to the User Control Panel, tab “Two Factor Authentication”. Select “OTP” and hit “Add new key”.

Screenshot of the FlatPress support forum; arrows show the click path to 2FA activation

Your OTP secret and a QR code are being generated. (The QR code basically contains the secret.)
Scan the code with your OTP app or enter the secret manually.

Screenshot of the FlatPress support forum; arrows show the OTP key and the QR code

Read the OTP from your OTP app and enter it in the “OTP key” field. Hit “Register new key”, and 2FA is activated for your account! From now on, you’ll need to enter the current OTP code after giving your username and password.

Of course, you can disable 2FA at any time by simply deleting the registered keys.

What is Two Factor Authentication?

Two Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP) is a great way to protect your user accounts on any platform providing it. It basically means you do not only need your username and password to login, but also a 6-digit code freshly generated every 30 seconds e.g. in the OTP app on your mobile device.
So even if your username and password get stolen (via phishing, keylogging, social engineering, … you name it), your account can still not be accessed without knowing the 6-digit OTP code (which changes every 30 seconds).
This massive increase in security comes with a price, though: Without your OTP generator (i.e., the OTP app on your mobile or any other program capable of generating the code), you will be not able to access your account. But fear not, a good OTP implementation will provide you with static backup codes you can use instead. Of course, nobody else than you should ever get those backup codes, so keep them well :)

2FA is a widely spread standard. Some examples: Amazon offers it, PayPal does, GitHub and Twitter as well. My personal recommendation: Try it, get used to using it, and activate it on any platform that provides it.

What’s a good OTP app?

There may be countless TOTP generators out there. My recommendations are:

  • The password safe KeePass (great for securely managing many different, unique and safe passwords on Windows, Linux and even mobile platforms!) has the OTP plugin KeeTrayTOTP.
  • FreeOTP+ (F-Droid / Google Play Store) is great for Android devices.
  • Apple users may want to take a look at FreeOTP.

More questions?

If you have questions regarding 2FA or want to share opinions or recommendations, please feel free to do so on the FlatPress support forum.

All the best,
Arvid

Sunday, June 26, 2022

Blog / News / Project interna / Latest development news

Latest development news

Old photograph of a man working with a Commodore PET computer. Hi folks,

viewed from the outside, it seems rather quiet around the FlatPress project. But just look at the picture to see how hard we’re actually working behind the scenes! ;)

In fact, things are really moving nicely. In total, we have three active development branches:

Main development

In the master branch, we’re working on “normal” features and bugfixes for the next FlatPress version. Talking about the new Gallery captions plugin, improvements of the Leggero theme and many smaller and bigger bugfixes. Oh, and the cool PhotoSwipe plugin made it into the standard FlatPress package!

For all details, see the current change log.

PHP 8.1 compatibility

We need to make FlatPress working with PHP 8.1 properly. This aim contains two main tasks:

  • Update the Smarty template engine to its current 4.x version.
    This has been done in the Smarty update branch - now we need to make sure everything works fine. If you feel like supporting our project, please help us testing!

  • Change all internal date formattings.
    With the current “%Y-%m-%d” style of the deprecated strftime() function, FlatPress throws ugly warnings under PHP 8.1. We opened issue 92 for that, the development will take place in the strftime branch.

New Admin Area

Honestly, it’s a shame this gem isn’t part of a final FlatPress version yet. Franah built a completely new Admin Area which brings a new fresh touch to working with FlatPress. Also, it’s reponsive, meaning it adapts to your screen size and works flawlessly even on your mobile gizmo.

If you want to take a look into it, please feel free to get it from the Responsive Admin branch. Of course, it also contains all the bugfixes and features from the master branch.

Share your findings and opinion on the new Admin Area on the support forum.

Be part of the development!

You’re warmly invited to grab FlatPress from the described development branches and test the heck out of it.
Simply follow the link to each branch on GitHub, hit the green “Code” button in the upper right, and select “Download ZIP”. Then just install FlatPress on any web server, e.g. in a subdirectory of your blog site. To get rid of it later again, simply delete this subdirectory :)

Report any bugs and glitches or simply let us know what you think about the new features on the support forum.
Also, follow FlatPress on Mastodon or Twitter to stay in touch with the latest progress of your favourite blogging engine.

For any further questions or suggestions, please drop a line in the comments below.

All the best,
Arvid

Image: “HRA computer lab - ~1983” by Blake Patterson - licensed under CC BY 2.0

Tuesday, December 14, 2021

Blog / News / log4shell: FlatPress is not affected

log4shell: FlatPress is not affected

You probably heard of the Log4j vulnerability “Log4Shell” which causes trouble for sysadmins and software developers all over the world currently.

Good news is: FlatPress does not utilize Log4j at all, and thus isn’t affected by this problem.

Stay safe out there!

Saturday, June 19, 2021

Blog / News / Releases / New release: FlatPress 1.2.1

New release: FlatPress 1.2.1

I just released a bugfix release for FlatPress 1.2 β€œLegato”. It solves issue #82 which may have led to a blank page in the admin area. Thanks for reporting!

As a little bonus, 1.2.1 introduces a Dutch translation by Macmee - hartelijk bedankt!

Please see the changelog for a complete list of changes.

Updating from 1.2 to 1.2.1 is very simple, please see the update instructions on the download page.

All the best,
Arvid