Saving TiddlyWikis online?
1,166 views
Skip to first unread message
Dave Gifford - http://www.giffmex.org/
Apr 22, 2017, 11:45:18 AM4/22/17
to TiddlyWiki
Hi all,
Just trying to understand my options for hosting TiddlyWiki 5's online. I would like to save
a) 10-15 tiddlywikis
b) that I can open and edit and save changes via my Windows laptop or my ipad and have the changes visible to either device
c) that is secure
d) without having to learn about databases
e) preferably, though not necessarily, the ability to permalink tiddlers and share them (view only, not edit)
It looks as thought Tiddlyspot is not very secure, but otherwise meets the other criteria. So I think I want to pass on that option.
Noteself looks promising, I think, but is confusing to me: 1) it says I can save multiple TWs but since the url is always the same, it is not clear how to move from one to the other, and whether saving a new one will also include there all the tiddlers saved to date in the current one. 2) It looks like the only way to sync between devices is to already have a couch database. I assume this means I need to do a whole learning curve re Couch databases to create one. I wouldn't even know where to begin with that. 3) Since the noteself url is always the same, it isn't clear how I would share a tiddler's permalink with others.
I have my own website and could store TiddlyWikis there, and often do. But is there a plugin for setting up online use that I could use to edit and save changes to them when out and about working from my ipad? Some way to host it online but where if I have the username and password, I can edit it? I recall Udo had something that worked like that for TW classic.
Blessings,
Dave
Just trying to understand my options for hosting TiddlyWiki 5's online. I would like to save
a) 10-15 tiddlywikis
b) that I can open and edit and save changes via my Windows laptop or my ipad and have the changes visible to either device
c) that is secure
d) without having to learn about databases
e) preferably, though not necessarily, the ability to permalink tiddlers and share them (view only, not edit)
It looks as thought Tiddlyspot is not very secure, but otherwise meets the other criteria. So I think I want to pass on that option.
Noteself looks promising, I think, but is confusing to me: 1) it says I can save multiple TWs but since the url is always the same, it is not clear how to move from one to the other, and whether saving a new one will also include there all the tiddlers saved to date in the current one. 2) It looks like the only way to sync between devices is to already have a couch database. I assume this means I need to do a whole learning curve re Couch databases to create one. I wouldn't even know where to begin with that. 3) Since the noteself url is always the same, it isn't clear how I would share a tiddler's permalink with others.
I have my own website and could store TiddlyWikis there, and often do. But is there a plugin for setting up online use that I could use to edit and save changes to them when out and about working from my ipad? Some way to host it online but where if I have the username and password, I can edit it? I recall Udo had something that worked like that for TW classic.
Blessings,
Dave
Mark S.
Apr 22, 2017, 12:44:17 PM4/22/17
to TiddlyWiki
When you say "secure", do you mean that you have information that you want to be hidden, or just that you don't want your page to be hacked ?
If you have your own server then you probably also have .htaccess security. You may also have PHP and the ability to run store.php. You can lock down a folder with
.htaccess to prevent people from seeing it unless you give them the username and password. They won't be able to write to your TW, because that's a different password.
I don't know if I'd trust any ad-hoc solution for information that actually needs to stay private. Maybe dropbox. Or use a tool like syncthing to keep your copies in sync on local devices. Unfortunately, syncthing doesn't have an ipad app, but I'm guessing that someone in the I-sphere has made one.
Good luck,
Mark
If you have your own server then you probably also have .htaccess security. You may also have PHP and the ability to run store.php. You can lock down a folder with
.htaccess to prevent people from seeing it unless you give them the username and password. They won't be able to write to your TW, because that's a different password.
I don't know if I'd trust any ad-hoc solution for information that actually needs to stay private. Maybe dropbox. Or use a tool like syncthing to keep your copies in sync on local devices. Unfortunately, syncthing doesn't have an ipad app, but I'm guessing that someone in the I-sphere has made one.
Good luck,
Mark
David Gifford
Apr 22, 2017, 1:41:34 PM4/22/17
to tiddl...@googlegroups.com
Hi Mark
Any stuff I want kept private I keep on my local files and backup in OneDrive.
By secure I just mean 'secure from getting hacked.' TiddlySpot doesn't seem secure in that sense. Even on my site, Wordpress got hacked, and people were telling me that links to my files were showing viagra and cyalis ads. I just want to avoid that kind of thing.
Any stuff I want kept private I keep on my local files and backup in OneDrive.
By secure I just mean 'secure from getting hacked.' TiddlySpot doesn't seem secure in that sense. Even on my site, Wordpress got hacked, and people were telling me that links to my files were showing viagra and cyalis ads. I just want to avoid that kind of thing.
When you write 'running store.php' it sounds like databases, that sounds complicated and I mentioned I am unfamiliar with. But I will look into it.
Dave
--
You received this message because you are subscribed to a topic in the Google Groups "TiddlyWiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tiddlywiki/OCUp73Bads0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/1b033412-0108-4af7-962b-00992c91ce0a%40googlegroups.com.
--
David Gifford
Christian Reformed World Missions, Mexico City
Christian Reformed World Missions, Mexico City
Message has been deleted
Ste Wilson
Apr 22, 2017, 1:50:45 PM4/22/17
to TiddlyWiki
The database thing is not much more complex than setting up an account at cloudant.
Mark S.
Apr 22, 2017, 3:43:04 PM4/22/17
to TiddlyWiki
Hi Dave,
store.php is just a piece of code written in PHP that allows TW to save to a file server. I think it's the basis for whatever is used at tiddlyspot. You just have to configure it with passwords and a couple settings (I had to increase the maximum allowable file size, I think). There's no database involved though maybe a few head-bangs when initially setting up.
Good luck!
Mark
store.php is just a piece of code written in PHP that allows TW to save to a file server. I think it's the basis for whatever is used at tiddlyspot. You just have to configure it with passwords and a couple settings (I had to increase the maximum allowable file size, I think). There's no database involved though maybe a few head-bangs when initially setting up.
Good luck!
Mark
To unsubscribe from this group and all its topics, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/1b033412-0108-4af7-962b-00992c91ce0a%40googlegroups.com.
Danielo Rodríguez
Apr 24, 2017, 3:14:22 PM4/24/17
to TiddlyWiki
Hello Dave,
Let's see if I can help you with this topic
Noteself looks promising, I think, but is confusing to me:
Sad to hear that. Let's work on it
1) it says I can save multiple TWs but since the url is always the same, it is not clear how to move from one to the other,
Yes, you can have multiple TWs. Each wiki is stored on a separate database so they do not interfere each other. Which wiki is stored on which database is configured through the control panel.
and whether saving a new one will also include there all the tiddlers saved to date in the current one.
You have to manually switch fro one wiki to another and reload the page. Currently there is no way to communicate wikis.
2) It looks like the only way to sync between devices is to already have a couch database.
Yes. There is no web mechanism ATM to communicate a browser peer to peer.
I assume this means I need to do a whole learning curve re Couch databases to create one. I wouldn't even know where to begin with that.
I promise that you don't need to. It's a very straightforward process. It takes less than two minutes. Take a look at this video:
3) Since the noteself url is always the same, it isn't clear how I would share a tiddler's permalink with others.
Currently it is not possible. I'm working on it.
But is there a plugin for setting up online use that I could use to edit and save changes to them when out and about working from my ipad? Some way to host it online but where if I have the username and password, I can edit it? I recall Udo had something that worked like that for TW classic.
Github + gh-pages is a very good place to store wikis due to the nature of tiddlywiki. You can have a wiki stored on Github, where each tiddler is saved as a standalone file. You can then configure and an automatic process for rebuilding and updating your wiki on every file change. I have created a template for this. Take a look at this:
There is a drawback to this approach: If you want to edit the tiddlers online you have to use GitHub's interface and edit tiddlers like they were plain text files. In some scenarios this may be overkill.
I have also created an small web-app to fix this situation, but it is currently on BETA. It has a bug that prevents the creation of new tiddlers (I'm working on it) but it should allow you to edit existing ones and save them back to github. Take a look and let me know what do you think about it:
Hope this helps a bit.
Regards!
David Gifford
Apr 24, 2017, 4:16:48 PM4/24/17
to tiddl...@googlegroups.com
Thanks Danielo, that is a big help. That is the level of hand-holding I needed.
I feel bad now, though, because I DID get my standalones loaded on my own site with the Bidix store.php, and since Saturday have been adding notes to them. But I forgot to come here and let people know I figured it out. So this thread is 'completed' for me.
It does concern me, though, the level of insecurity of the store.php approach. So I will still eventually experiment more with Noteself. But to be honest I do need the ability to link between files and permalink to share with others.
It does concern me, though, the level of insecurity of the store.php approach. So I will still eventually experiment more with Noteself. But to be honest I do need the ability to link between files and permalink to share with others.
Github's approach doesn't sound like it would allow me to edit with the edittoolbar available, which I use extensively. So I probably am better off not investigating that idea any further.
Thanks again for your helpful explanations!
Dave
--
You received this message because you are subscribed to a topic in the Google Groups "TiddlyWiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tiddlywiki/OCUp73Bads0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/bf3529ca-f01b-4dea-83ba-984a87747ae6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Lost Admin
Apr 26, 2017, 10:08:23 AM4/26/17
to tiddl...@googlegroups.com
When you say the insecurity of the store.php approach worries you, what exactly are you worried about?
I agree there are security issues with store.php but I have seen far worse issues in commercial applications.
Personally, I was concerned that store.php uses cleartext passwords in it's configuration file. So, I changed my copy to use a hash of the password (for the technical minded, I used the hash format for Apache Digest Authentication).
Store.php has settings to override the tiddlywiki configured filename and backup directory, I used those to prevent someone from uploading arbitrary files.
There is still an issue of brute force password guessing that I haven't decided how I want to resolve yet.
My last concern isn't store.php itself but configuring PHP securely itself so that you can't run .php files from the directories where the tiddlywiki files are stored. That, however, is a PHP and web server config issue.
On Monday, April 24, 2017 at 4:16:48 PM UTC-4, David Gifford wrote:
It does concern me, though, the level of insecurity of the store.php approach. So I will still eventually experiment more with Noteself. But to be honest I do need the ability to link between files and permalink to share with others.
...
Dave
David Gifford
Apr 26, 2017, 10:14:48 AM4/26/17
to tiddl...@googlegroups.com
Hi lost admin
My concern is the one contained in http://tiddlywiki.com/#Saving%20on%20TiddlySpot, since the store.php is the same process as Tiddlyspot.
Dave
On Wed, Apr 26, 2017 at 9:08 AM, Lost Admin <thelos...@gmail.com> wrote:
When you say the insecurity of the store.php approach worries you, what exactly are you worried about?I agree there are security issues with store.php but I have seen far worse issues in commercial applications.Personally, I was concerned that store.php uses cleartext passwords in it's configuration file. So, I changed my copy to use a hash of the password (for the technical minded, I used the hash format for Apache Digest Authentication).Store.php has settings to override the tiddlywiki configured filename and backup directory, I used those to prevent someone from uploading arbitrary files.
There is still an issue of brute force password guessing that I haven't decided how I want to resolve yet.
On Monday, April 24, 2017 at 4:16:48 PM UTC-4, David Gifford wrote:
It does concern me, though, the level of insecurity of the store.php approach. So I will still eventually experiment more with Noteself. But to be honest I do need the ability to link between files and permalink to share with others.
...Dave
--
You received this message because you are subscribed to a topic in the Google Groups "TiddlyWiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tiddlywiki/OCUp73Bads0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com.
Mark S.
Apr 26, 2017, 11:06:58 AM4/26/17
to TiddlyWiki
Hi Dave,
If you have your own server, you might be able to add SSL. SSL requires a certificate, which used to run $100 a year. Some hosts will let you use a shared one that works for everyone on the machine. Or you can generate your own uncertified one. An uncertified certificate will cause your browser to generate alarming messages but you just add them as a permanent exception to your browser and then you're good to go. An uncertified certificate will encrypt your traffic just as well as a certified one, it's just that your browser doesn't have a chain of trust back to the uncertified one.
You mentioned that your Wordpress account got hacked, and I notice that a lot of people are suggesting .htaccess as a security step for WP. In some systems you can add .htaccess straight from your account control panel. In others, you have to add a .htaccess file directly to the directory you want protected. The .htaccess file gives instructions to the server to not let anyone access files in a directory unless they have the right name and password. When you first attempt to browse a directory with this security on it a pop-up menu will ask for your name and password. After that (if memory serves) your name and password will be stored in cookies on your browser so you don't have to do it over and over again. .htaccess security is not invincible -- on some systems the actual password maximum is only 8 characters. But if coupled with SSL, most hackers aren't going to take the time to brute force it. There's much easier places for them to plant their spam.
HTH
Mark
If you have your own server, you might be able to add SSL. SSL requires a certificate, which used to run $100 a year. Some hosts will let you use a shared one that works for everyone on the machine. Or you can generate your own uncertified one. An uncertified certificate will cause your browser to generate alarming messages but you just add them as a permanent exception to your browser and then you're good to go. An uncertified certificate will encrypt your traffic just as well as a certified one, it's just that your browser doesn't have a chain of trust back to the uncertified one.
You mentioned that your Wordpress account got hacked, and I notice that a lot of people are suggesting .htaccess as a security step for WP. In some systems you can add .htaccess straight from your account control panel. In others, you have to add a .htaccess file directly to the directory you want protected. The .htaccess file gives instructions to the server to not let anyone access files in a directory unless they have the right name and password. When you first attempt to browse a directory with this security on it a pop-up menu will ask for your name and password. After that (if memory serves) your name and password will be stored in cookies on your browser so you don't have to do it over and over again. .htaccess security is not invincible -- on some systems the actual password maximum is only 8 characters. But if coupled with SSL, most hackers aren't going to take the time to brute force it. There's much easier places for them to plant their spam.
HTH
Mark
On Wednesday, April 26, 2017 at 7:14:48 AM UTC-7, David Gifford wrote:
Hi lost adminMy concern is the one contained in http://tiddlywiki.com/#Saving%20on%20TiddlySpot, since the store.php is the same process as Tiddlyspot.Dave
On Wed, Apr 26, 2017 at 9:08 AM, Lost Admin <thelos...@gmail.com> wrote:
When you say the insecurity of the store.php approach worries you, what exactly are you worried about?I agree there are security issues with store.php but I have seen far worse issues in commercial applications.Personally, I was concerned that store.php uses cleartext passwords in it's configuration file. So, I changed my copy to use a hash of the password (for the technical minded, I used the hash format for Apache Digest Authentication).Store.php has settings to override the tiddlywiki configured filename and backup directory, I used those to prevent someone from uploading arbitrary files.There is still an issue of brute force password guessing that I haven't decided how I want to resolve yet.
On Monday, April 24, 2017 at 4:16:48 PM UTC-4, David Gifford wrote:It does concern me, though, the level of insecurity of the store.php approach. So I will still eventually experiment more with Noteself. But to be honest I do need the ability to link between files and permalink to share with others.
...Dave
--
You received this message because you are subscribed to a topic in the Google Groups "TiddlyWiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tiddlywiki/OCUp73Bads0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com.
David Gifford
Apr 26, 2017, 11:27:30 AM4/26/17
to tiddl...@googlegroups.com
Thanks Mark! Very helpful information. Gonna bookmark this.
To unsubscribe from this group and all its topics, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/a3f22134-533b-4254-b607-64eb08201c9c%40googlegroups.com.
Lost Admin
Apr 26, 2017, 1:23:14 PM4/26/17
to TiddlyWiki
Startcom uses something similar to the traditional ssl certificate request/validate/get approach.
LetsEncrypt is fully automated but you need to have control over the server that the certificate will be used on (to run the agent).
Arlen Beiler
Apr 26, 2017, 1:36:33 PM4/26/17
to TiddlyWiki
Or just host your standalone files on Dropbox and use https://twcloud.github.io/tw5-dropbox/ to access them. That is another option.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/2b846f3d-0b06-4f1d-9f4a-7b5f4d82b483%40googlegroups.com.
Mark S.
Apr 26, 2017, 2:43:46 PM4/26/17
to TiddlyWiki
Is your app going to ask for access to the entire dropbox ?
Thanks,
Mark
Thanks,
Mark
On Wednesday, April 26, 2017 at 10:36:33 AM UTC-7, Arlen Beiler wrote:
Or just host your standalone files on Dropbox and use https://twcloud.github.io/tw5-dropbox/ to access them. That is another option.
On Wed, Apr 26, 2017 at 1:23 PM, Lost Admin <thelos...@gmail.com> wrote:
For free certificates, you can have a look at both LetsEncrypt (https://letsencrypt.org/) and Startcom (https://www.startcomca.com/) which used to be StartSSL.Startcom uses something similar to the traditional ssl certificate request/validate/get approach.LetsEncrypt is fully automated but you need to have control over the server that the certificate will be used on (to run the agent).
On Wednesday, April 26, 2017 at 11:06:58 AM UTC-4, Mark S. wrote:Hi Dave,
If you have your own server, you might be able to add SSL. SSL requires a certificate, which used to run $100 a year. Some hosts will let you use a shared one that works for everyone on the machine. Or you can generate your own uncertified one. An uncertified certificate will cause your browser to generate alarming messages but you just add them as a permanent exception to your browser and then you're good to go. An uncertified certificate will encrypt your traffic just as well as a certified one, it's just that your browser doesn't have a chain of trust back to the uncertified one.
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
Arlen Beiler
Apr 26, 2017, 7:17:39 PM4/26/17
to TiddlyWiki
@Mark, Yes. So if that's a problem please look elsewhere. But I am assuming that is what most people want. I am working on a version that requests app folder access if desired.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscribe@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/7bc8e9f8-9f2b-4436-8c63-8872e096fca6%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages