Status - update

[jumperalex]

I posted in the plug-in's thread ... but since you asked here (lets not hijack though), when I open the log utility (not the window from the link in the upper right corner) and start to scroll the log will immediately jump back to the top making it impossible to inspect the log.  I do not have this problem in 3.14.3 and others did report it a while back.  I thought I remembered it being solved so I decided to try it again but no go.

 

EDIT: you know, come to think of it ... it MIGHT have been a problem with that plug-in and Simple Features.  "Back Then" I was also using SF but I haven't used it now for a few months but I also didn't both switching back to 3.14.10 either because my stuff worked and I didn't care.  So now that I tried it again, it is with the New UI.  When I get home perhaps I will try 3.14.10 again but without the New UI

[whiteatom]

I'd say the reason that we are doing GUI development pre final release is to ensure the GUI can be effectively changed by a plugin. Given the old is probably hard coded in many places, I'd say a few things are just being variablized and it will be ready to go.

 

Personally, I don't care about the GUI either, but the financial feasibility of UnRAID is obviously critical. The plugin manager is probably the biggest hurdle to open new markets for Tom; it changes the competition from freeNAS and Linux/ZFS to the OTS NAS boxes. Remember the first "home" routers were command line only. Compare that to the user-friendly GUI on and Airport or a Cisco/linksys device now. Given the support for add-ons is a huge selling point for UnRAID, if the GUI for activating them allows Tom for double is market I'd say its an important addition for the newest x.0 version if his flagship product.

 

I've been on the latest RC with my main media sever since b10 and apart from a few bugs in non-essential features and the occasional need to reboot, I have been happy with calling every version I'm running 'final'. Every release has been more stable than something Microsoft would ship. For those really concerned with stability, hang back for a few weeks and see what everyone else says.

 

I know the arguments for "final" software, but we all know that is just a name. It will have bugs and Tom will squash them on his own schedule.  If this want such a niche product where most of us are developers or in the IT industry, this argument would even be noticed as a popular topic on these forums. I'm just happy Tom is back on the forums regularly.

 

My $0.02

[zoggy]

I'd say the reason that we are doing GUI development pre final release is to ensure the GUI can be effectively changed by a plugin. Given the old is probably hard coded in many places, I'd say a few things are just being variablized and it will be ready to go.

 

Personally, I don't care about the GUI either, but the financial feasibility of UnRAID is obviously critical. The plugin manager is probably the biggest hurdle to open new markets for Tom; it changes the competition from freeNAS and Linux/ZFS to the OTS NAS boxes. Remember the first "home" routers were command line only. Compare that to the user-friendly GUI on and Airport or a Cisco/linksys device now. Given the support for add-ons is a huge selling point for UnRAID, if the GUI for activating them allows Tom for double is market I'd say its an important addition for the newest x.0 version if his flagship product.

 

I've been on the latest RC with my main media sever since b10 and apart from a few bugs in non-essential features and the occasional need to reboot, I have been happy with calling every version I'm running 'final'. Every release has been more stable than something Microsoft would ship. For those really concerned with stability, hang back for a few weeks and see what everyone else says.

 

I know the arguments for "final" software, but we all know that is just a name. It will have bugs and Tom will squash them on his own schedule.  If this want such a niche product where most of us are developers or in the IT industry, this argument would even be noticed as a popular topic on these forums. I'm just happy Tom is back on the forums regularly.

 

My $0.02

 

1) you should update your signature to reflect what version you are using.

2) if you want people to respect your opinion you prob shouldnt take jabs at other companies / or at least use a fair comparison. MS produces software that supports far more hardware combinations, also contains far more millions of lines of code..

 

[garycase]

... the comments are not exactly against new design but against adding it last minute to 5.0

 

Exactly.  Fix any remaining issues in the "engine" that drives UnRAID so it's rock-solid stable;  THEN worry about the cosmetics AFTER v5.0 is out.

 

There are plenty of things I'd like to see as part of the basic package --  e-mail notifications;  UPS support;  Joe's pre-clear script -- but clearly they shouldn't impact the v5.0 release.    Nor should a newer, more polished UI.    Get the stable release out first.

 

[nicinabox]

Hey guys, those of you concerned about the UI stuff, check out my post about Boxcar.

 

In short, it's a new management interface in Ruby. Will include a package manager and a cli tool by the same name.

 

I seek to address a lot of the current issues with this (somewhat ambitious) project.

[zoggy]

Hey guys, those of you concerned about the UI stuff, check out my post about Boxcar.

 

In short, it's a new management interface in Ruby. Will include a package manager and a cli tool by the same name.

 

I seek to address a lot of the current issues with this (somewhat ambitious) project.

 

fyi when I hear the word 'Boxcar' I think of the popular notification system - http://boxcar.io/

Looked at your post, looks like it uses stock bootstrap. Looks like you want to code up a drop in replacement that requires ruby.. dunno if requiring yet more libs to run the frontend is going to win over many people.. if ruby was made to be included.. then maybe? If you are just wanting to re-skin the existing functions you might be better off just combing your efforts with SF since it appears to be a bit similar?

[zoggy]

@ ant, you should use a css reset/normalize to make browsers render all elements more consistently and in line with modern standards. There are plenty of them out there, 'normalize.css' is pretty much the standard one that a lot of frameworks use. Then modernizer / shim/shivs are loaded to backport html5 stuff to older browsers if needed. With legacy IE it's just best to force chrome frame upon them.. you dont need admin rights for it. That way you can focus on doing what you want without having to spend countless hours trying to 'fix' browsers with css hacks.

 

normalize.css - https://github.com/necolas/normalize.css

html5boilerplate - http://html5boilerplate.com/

 

 

[nicinabox]

@zoggy Good to know about boxcar.io. I think it's sufficiently different to avoid confusion. You're right-- it is a stock Bootstrap for now. Trust me, it won't stay stock, but for now it's providing a frontend I can test API's against. Part of the installer for Boxcar will grab the necessary packages. So far I haven't had any issues on my box (like the Plex not starting because of a gcc conflict, etc). But you do bring up a good point there: there can be conflicts in this stuff which is why I'm doing a lot of automated and user testing up front.

 

This project is less similar to SF than it seems. It' has 2 major parts: a web app and a command line app which both use the same standardized backend API. This will help majorly to reduce bugs that we see in the existing applications.

 

And this is totally opt in. It's an alternative rather than a "replacement". Folks who are content using SF or the the new official webGui may continue to do so. But, if you're looking for something badass that will really push unraid's usage forward, I have something great coming.

[Mettbrot]

Not just to get back on the topic but also something I am curious about: Since the plugin manager gets the information from the Plugin wiki site, how is it guaranteed that no one edits the site to include malware? (I was updating the ts3server plugin thats when I realized...)

The same thing leeds me to another question. Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

[zoggy]

@Tom - if you want a nicer sickbeard icon, here is just the head. http://zoggy.net/sb/head.png

and for sab, http://sabnzbd.org/icon/sab2_64.png'>http://sabnzbd.org/icon/sab2_64.png (or select something else from: http://sabnzbd.org/icon/ )

[Joe L.]

Not just to get back on the topic but also something I am curious about: Since the plugin manager gets the information from the Plugin wiki site, how is it guaranteed that no one edits the site to include malware? (I was updating the ts3server plugin thats when I realized...)

The same thing leeds me to another question. Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

both valid issues...

[nicinabox]

Not just to get back on the topic but also something I am curious about: Since the plugin manager gets the information from the Plugin wiki site, how is it guaranteed that no one edits the site to include malware? (I was updating the ts3server plugin thats when I realized...)

The same thing leeds me to another question. Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

 

Oohhh that's bad.

[sureguy]

 

The same thing leeds me to another question. Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

 

I don't see how they could do this over the Internet unless you expose the gui to the Internet, which is a terrible idea for a variety of reasons.  Any account that can access the gui on the local network should be password protected.

 

Sent from a phone, sorry for any typos

 

 

[Barziya]

Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

Which brings me to my biggest issue with the v5 GUI:  To this day I browse the Internet without Javascript. (my browser is Pale Moon version 3.6.32 + NoScript plugin). Only for UnRaid I am forced to use a separate Javascript-enabled browser, which honestly annoys me to no end.  I've thought many times that I should probably look into writing my own simple interface to UnRaid when I have a little time on my hands.

 

Any account that can access the gui on the local network should be password protected.

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

 

[speeding_ant]

Which brings me to my biggest issue with the v5 GUI:  To this day I browse the Internet without Javascript. (my browser is Pale Moon version 3.6.32 + NoScript plugin). Only for UnRaid I am forced to use a separate Javascript-enabled browser, which honestly annoys me to no end.  I've thought many times that I should probably look into writing my own simple interface to UnRaid when I have a little time on my hands.

 

You are by far the minority here. While I agree a GUI this simple shouldn't *require* Javascript to run, you must have a terrible existence on the internet without it - as ajax is now used extensively to prevent page reloads on many websites. Eg, Google...

 

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I agree, this is poor design from a security point of view. Let's hope that changes once emhttpd is out of the way.

[Barziya]

You are by far the minority here. While I agree a GUI this simple shouldn't *require* Javascript to run, you must have a terrible existence on the internet without it - as ajax is now used extensively to prevent page reloads on many websites. Eg, Google...

I feel sorry for you.  My browser will run circles around any browser you are using.

 

 

[zoggy]

Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

Which brings me to my biggest issue with the v5 GUI:  To this day I browse the Internet without Javascript. (my browser is Pale Moon version 3.6.32 + NoScript plugin). Only for UnRaid I am forced to use a separate Javascript-enabled browser, which honestly annoys me to no end.  I've thought many times that I should probably look into writing my own simple interface to UnRaid when I have a little time on my hands.

 

Any account that can access the gui on the local network should be password protected.

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I bet you go through a lot of tin foil. If you don't like javascript that's fine.. install noscript and just add a filter to disable it for unraid. No need to be all dramatic about it. All web technologies can be misused sure.. hell you can even fill up someones harddrive with localStorage (html5's answer to cookies) http://feross.org/fill-disk/

 

If you are so concern about what the browser is doing, don't run it with admin rights. I have a friend that thinks he will be hacked if hes online.. so he keeps one machine disconnected from the internet all the time that he has his important stuff. You two should met.

[Barziya]

I bet you go through a lot of tin foil. If you don't like javascript that's fine.. install noscript and just add a filter to disable it for unraid. No need to be all dramatic about it.

You miss the point.

 

[nicinabox]

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I want to clear this up because it's a little misleading. Javascript can't execute anything at the system level without a JS runtime like Node. In the case of unraid, Javascript is safe. It simply can't do anything in that arena.

[zoggy]

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I want to clear this up because it's a little misleading. Javascript can't execute anything at the system level without a JS runtime like Node. In the case of unraid, Javascript is safe. It simply can't do anything in that arena.

 

he's prob just concern about browser exploits and getting nasty things like malware/spyware. which is why hes a bit over zealous about disabling browser plugins? (javascript isn't even a plugin anymore.. as its built into the core of the browser) - and java != javascript. while its not unfounded for him to believe this is an active way to mitigate his security concern.. its not a healthy one (false sense of security). prime example, from today alone: http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/

 

anyways, if you cant 'trust' the website you are going to.. maybe you shouldn't be going there? if you know there could be something bad.. toss that session up in a disposable virtual machine / run the browser + session from a self contained flash drive / live cd / etc. but when do you stop.. what about reading email? viewing pdf's? listening to mp3s? etc.

 

[Barziya]

while its not unfounded for him to believe this is an active way to mitigate his security concern.. its not a healthy one (false sense of security).

You can call it false or whatever, but let me ask you something.  My laptop, (nlite XP Pro SP3), which I use 12 hours a day, hasn't rebooted since October 2012. (I put it in S3-sleep occasionally). What is your uptime?

 

[nicinabox]

while its not unfounded for him to believe this is an active way to mitigate his security concern.. its not a healthy one (false sense of security).

You can call it false or whatever, but let me ask you something.  My laptop, (nlite XP Pro SP3), which I use 12 hours a day, hasn't rebooted since October 2012. (I put it in S3-sleep occasionally). What is your uptime?

 

Waaaaay off topic.

[sureguy]

Since the plugin manager works in the browser and executes system commands (cmd=...) couldn't someone on the internet send bad commands if he knew the ip? Or at least someone on your network?

Which brings me to my biggest issue with the v5 GUI:  To this day I browse the Internet without Javascript. (my browser is Pale Moon version 3.6.32 + NoScript plugin). Only for UnRaid I am forced to use a separate Javascript-enabled browser, which honestly annoys me to no end.  I've thought many times that I should probably look into writing my own simple interface to UnRaid when I have a little time on my hands.

 

Any account that can access the gui on the local network should be password protected.

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I use different browsers for Internet access and internal browsing. Internal browsing is locked down.

 

Sent from a phone, sorry for any typos

 

 

[speeding_ant]

I think what he's getting at is that there is the potential for someone to post a malicious plugin, which has the ability to run anything it wished - as all commands executed via the webGUI are run as root. Javascript has nothing to do with it.

 

There is a distinct lack of security surrounding the webGUI, however it was never designed to be open to the world. If you're in an enterprise network, simple segregate it.

 

So you password protected your gui, so what?  Once you log into the gui, you give right to all the scripts that are running inside the browser to do whatever the hell they want.

 

I want to clear this up because it's a little misleading. Javascript can't execute anything at the system level without a JS runtime like Node. In the case of unraid, Javascript is safe. It simply can't do anything in that arena.

 

Quite right  :-)

[merlyn]

while its not unfounded for him to believe this is an active way to mitigate his security concern.. its not a healthy one (false sense of security).

You can call it false or whatever, but let me ask you something.  My laptop, (nlite XP Pro SP3), which I use 12 hours a day, hasn't rebooted since October 2012. (I put it in S3-sleep occasionally). What is your uptime?

 

If you have honestly not rebooted since october 2012 you no longer have to be careful.  There is a very high percentage chance you already have malware and/or a virus on you system as we speak.

 

How do i know this ?

Simple you did not install any windows updates that required a reboot (which is damn near all of them).

Any webpage, email, jpg, pdf, infected usb device hell damn near anything can infect your machine instantly without you having a clue.

 

Your heart is in the right place but your priorities are a bit messed up.

 

I would tell you to reboot but windows xp will probably blue screen and not start up again if it really has been that long.  No laptop running windows xp can go to sleep that often without a occasional reboot to fix all kinds of OS issues building up.

 

i dare say there is a zero percent chance a xp machine will run that long with a 12 hour a  day use and it going to sleep everyday. 

 

merlyn