M. Dent
If I am creating an addon that uses something like PAYPAL IPN (instant payment notification) which needs to do a 'callback' into the application - is it possible to use something like


either in  myaddon_init()  or just inline in order to have paypal callbacks routed to my-callback-processor()  (assuming my-callback-processor is not in a class)?

Is this the right way to do this?  Is there a different approved/correct way to do this sort of thing?
Mike Macgirvin
There are a number of non-referenced but important doc files which I believe Andrew is trying to fix.
M. Dent
All good, the comment wasn't a complaint as much as  trying to leave breadcrumbs for myself and others who may be looking for stuff.
Andrew Manning
Yeah, right now the best way for developers to find documentation is to manually search the /doc folder in the repo. I assume you are using a sensible IDE that makes this easy. I'm making a lot of progress with the revisions to the online help pages, but unfortunately I can't commit to a completion date. Hopefully I'll finish in this century.

Mario Vavti
ACL for file uploads in /cloud does not work as expected atm. All files uploaded will be public until this is fixed.

The ACL can still be adjusted after the upload.

If you need privacy, make sure to create a private folder and upload your files directly to the private folder.

Alternatively you can checkout this commit 455720ae938126d9a0d3c728beb0a7ba3268a4d0 which is not yet affected by this bug.

M. Dent
@Hubzilla Development+

Is there a single function call to get the xchan_hash for both local and remote users?  It appears from a quick look that get_observer will only return the xchan of remote users.

What I'm looking for is a globally unique identifier by which to store the history of interaction within the app I'm creating.  Does such a thing already exist?  Or do I need to create a custom function to do this?
M. Dent
Ok, nevermind, I found where the observer is set for local users (hint for future: it's in the change_channel function in include/security.php.

That means get_observer_hash should work for both local and remotes to get xchan_hash, correct?
Mike Macgirvin

M. Dent
I'm working on my first add-on - looking at the skeleton addon, I've already been led "astray" a little bit by the whole deprecated "register_hook" vs. using the Zotlabs\Extend\Hook::register() interface...

In digging through things, I see that there are calls for  {addon}_install/uninstall as well as {addon}_load/unload.  I want to make sure I am reading/understanding things properly:

{addon}_install/uninstall is called by the util/addons cli interface and then {addon}_load/unload is called by the admin interface when the addon is "enabled" on the hub.

If this is the case, since my addon creates a couple of custom database tables, it seems that the best place for table creation/destruction is in the install/uninstall functions and the hook creation/destruction is in load/unload.  

Is that about right?
Mike Macgirvin
Very close.

install is called once to install the addon (either from the cli or via the web admin). It calls load as a side effect. We load or unload the plugin more frequently than this, for instance if the plugin modification time changed, we unload it and load it again to make sure we have all the latest callbacks registered. You don't want to destroy or re-create a DB table to do this.

We actually need one more function than we currently provide - a 'disable' function which will uninstall the plugin but not destroy any associated data. This hasn't yet been implemented, so most plugins that create tables never actually delete them.
Andrew Manning
If you look at the Rendezvous add-on you'll find an example of a plugin setting where you let the admin specify whether to delete the custom tables upon uninstall.

M. Dent
I think I've finally figured out one of my "hangups" regarding permissions and how I think things should work from how they actually do work.

For some reason, my brain has put together permissions and "privacy groups" - as if privacy groups should have the ability to administer security settings rather than needing to go into each individual connection and changing settings (which, frankly, is a big pain if I have more than a few conections and want to group their permissions).  

Is there any means or mechanism to group connections into some sort of "permissions groups" - and/or is there an architectural reason that "privacy groups" do not fill this role?  Or is it merely an implementation thing (nobody has picked up the ball)?

One thought would be that the permissions for an individual connection would be determined as follows:


The clear issue is what about connections in multiple privacy groups?  Do we default to "allow", do we default to "deny", or how do we resolve conflicts.  The above "formula" would keep conflicts to a minimum - and if conflicts occur at the "privacy group" level, they could be resolved at the "connection" level.  

The thought is to use 3 "options" per permission category  (NO) (INHERIT) (YES).  The default setting for all of them would be "inherit" - so everything would simply be inherited from the CHANNEL PERMISSION settings.  Then you have "OVERRIDE NO" and "OVERRIDE YES" as options as well.  This could be "hidden" as an advanced feature.  Ultimately, things would work as they do now by default (except maybe you COULD override the inherited values from the CHANNEL SETTINGS).

Anyway, this is really nothing other than thinking out loud and throwing out a discussion starter or a breadcrumb for anyone with time and inclination... perhaps (and likely) the discussion has been hashed, rehashed, rerehashed to death - in which case, I'm sorry - just pat me on the head and point me to the previous discussions.
M. Dent
Ok, I see... still take a bit to wrap my head around everything, but it's starting to beocome clearer.  I had overlooked the Permission Groups feature.  With that - it looks like all the pieces are there to do all the things anyone would want - and overall is probably a little cleaner than combining it with privacy groups.
Mike Macgirvin
It's a complex bit of machinery. I would encourage you to continue looking at it with a critical eye and suggesting improvements.
M. Dent
Thanks for the encouragement - with my posts lately, I fear coming across as "that guy" who simply nit-picks and gives unwanted advice.  That's certainly not my intent - but I can see how it can come across that way.... if it ever feels like that - I apologize in advance.  Patient explanations are very much appreciated but pointers to previous conversations are sufficient and the occasional, "Yeah... I don't have time to explain it right now, but you're definitely missing something important," won't hurt my feelings.
Mario Vavti
I created a new module which might replace /network as the default landing page. See here: /hq

It is very simple and clean and loading quick even on low level hardware. It only loads the latest top level item (instead of many of them in /network) and lets you quickly look through your most common notifications one by one without reloading the page using ajax calls (this works for the most common notifications).

You can make hq your landing page using the Start Page plugin.

Let me know what you think...

@Hubzilla Development+
Mario Vavti
The current behaviour when you go to /hq should be:
  • load the newest top level post - the url remains at /hq
  • open network notifications
  • click a notification
  • the url should look like this /hq/b64.someencodedmid
  • click anothe notification
  • the url should look like this /hq/b64.anotherencodedmid
  • the browser back button brings you to the previous post

This works reliable for me... Not sure why it does not for you...

Any errors in the console maybe?
Haakon Meland Eriksen (Parlementum)
I opened hq when I did not have any notification. I clicked the notification icon anyway and got a white page below the navbar.

I like the general idea of one at a time. :-) I think it would be easier if scrolling up or down or swiping left or right loaded the next or previous item. Going up to notifications feel clunky. It makes sense when you do not want the next or previous item, so keep that and carry on with the good work. :-)
Alexandre Hannud Abdo
Sorry Mario, I ain't running Dev, my tests were done with the widget on the right of Network and Display present in master. Should have noted that before.

M. Dent
Okay, new question - looking through the code for hooks - what is the purpose of the first parameter in registered hooks?

            if(is_callable($hook[1])) {
                $func = $hook[1];
                    $func($a, $data);

$a=0 - and doesn't seem to ever get set to anything else, and it appears that every hook registered will always have $hook[3]=0 since that appears to be the "hook_version" and there is nothing in register_hook() to set the version (I do see that inserted hooks have a parameter for "hook_version", but I'm unclear as to the why's and wherefores of a difference between the two).  

In any event, as far as I can tell, registered hooks will always be called as my_hook(0,$data).  But why the first parameter?  I'm obviously missing something.   ?hints?
Mike Macgirvin
  last edited: Wed, 29 Nov 2017 23:21:52 -0500  

We used to pass the App class as a global ($a) all over the place. Now we use static functions and variables for the base App class and don't need to pass any globals around.

register_hook() is the original interface from many years ago. You can still use it, but $a was deprecated and we've slowly been removing it. We now use Zotlabs\Extend\Hook::register() which defaults to version 1 and functions using it only require 1 parameter.

This was a tough sucker to figure out how to migrate forward without breaking everybody's plugins.

M. Dent
Just under a year ago, @Andrew Manning in a comment mentioned some sort of "chat widget" - just curious if any progress has been made on it?  It'd be nice to have some sort of widget that would at least highlight THAT new messages have come in on a given chat.  I'm working on consolidating to Hubzilla as a communications platform - and the one thing that's a sticking point from moving from MatterMost (slack-like messaging), is that there is no easy place to see a list of "channels" that I'm a member of - or to see if there are new messages on those channels.

It'd also be handy if there were a way to restrict a chat to "this-hub-only" (or maybe it is already?).  No doubt I'm looking in the wrong place, but I haven't found a way to do that yet.

Finally - I remember reading info about how securely chat messages are stored in the database, but I can't find it now.  Even if chat messages arent E2E encrypted - are they in any way secured/obfuscated in the database?
Andrew Manning
Mike is the only one who really understands the core infrastructure well (just being honest), but my guess is that anything propagating using the standard system will be too slow (potentially) for real-time chat. I suppose there's nothing preventing you from using a special real-time hub-to-hub relay, but it feels kind of like we're reinventing the wheel here. Probably the most productive thing you could do is get Hubzilla to do the authentication for WebRTC chat. That would open the door to video chat and all the benefits of WebRTC technology.
Mike Macgirvin
If you look through the addons, there are a number of different chat solutions in various states of (neglected) maintenance.

The built-in chat has been maligned numerous times because it is a simple ajax chat with no federation protocol behind it.  It remains the built-in chat (though you can turn it off if you don't want it), only because it provides chatrooms with access control that are fully compatible and consistent with our other cross-domain access controlled resources. This is our primary feature (the "main thing" is to keep the "main thing" the "main thing") and is really the only reason we have it. You would be welcome to plug in any instant messaging system you want (there appear to be hundreds to choose from), and nobody here will stop you, but these offerings won't really work with our permission system.

Anyway, back to technical details - I'm not certain that providing a federation layer for this weird custom chat is a worthwhile exercise, but interacting with a widget remotely would be low-hanging fruit. To get around CORS you could serve the widget javascript locally and interact with json data served from the remote site or even proxy it through your own server. All you need is a room_id and a valid session to grab the room JSON ("who's here" and any new content).

Probably the most productive thing you could do is get Hubzilla to do the authentication for WebRTC chat.

Absolutely. A few folks have taken a look but haven't seen it through. It's almost trivial to do WebRTC on the open internet, but as soon as you mention STUN,TURN, and ICE to reach behind firewalls the eyes start to glaze.
Andrew Manning
but as soon as you mention STUN,TURN, and ICE to reach behind firewalls the eyes start to glaze.

Haha, so true.
Mario Vavti
  last edited: Wed, 29 Nov 2017 06:26:05 -0500  
I am thinking about changing the behaviour of the Take me home menu button on remote sites.

ATM it brings us to Channel Home. I would like it to bring us to the home hub only. Thus bringing us to our selected landing page (default activity) if loged in.

The downside would be that if we are not loged in anymore at the home hub (which is probably rare), it will just bring us to the login page or respectively the home hub front page.

Any objections?

@Hubzilla Development+
Alexandre Hannud Abdo
Makes a lot of sense to me.
h.ear.t | tobias
This is something I long for as my landing page is /network. If I am not logged in getting the login form is what I'd call expected behaviour.

Anmol Sharma
I can not ping from the Bittorrent Server plugin . Do I need to open some ports for my server?
Andrew Manning
From the readme on the repo page you linked:
On activating the plugin, the server starts on port [6881..6891].

Is that what you need to open? I don't know much about it, but I've been wanting to understand and improve those WebTorrent plugins. Good work was done there, but as usual, the big cool decentralized technology languishes without an existing base of people who practically benefit from it and thus help push the technology forward. Good luck and keep us posted.

neue medienordnung plus
  last edited: Sun, 26 Nov 2017 12:00:44 -0500  
I'm loggedin as admin, but I find no possibility to investigate, how much storage demanded each channel. How can I investigate, how much storage demanded each channel?

= German Edition =
Ich bin angemeldet als Admin auf https://hub.freecommunication.org mit der Version 2.8.1, aber unter "Konten" und "Kanäle" sehe ich keine Möglichkeit, diese Speicherwerte zu ermitteln.

Hat man als Admin die Möglichkeit zu ermitteln, was den Speicherverbrauch auf dem jeweiligen Kanal verursacht?

#Storage @Hubzilla Development+ @Hubzilla Support Forum+ @Deutschsprachige Nutzer+
h.ear.t | tobias
Each channel gets its own dedicated file storage folder inside that folder.
h.ear.t | tobias
Why the for loop?

du -sh *          
1.3M    [data]
1.4M    drafts                                                    
20K     hzkick
4.0K    notebook                                                
8.5M    tobias
h.ear.t | tobias
Depends on what is available. du is on any basic install and just works. ncdu is an additional installation. It is quite a nifty tool though, yes. But a server should only have just as much software installed as it really needs to get the job done. Software that is not installed cannot be used for any exploits and malitious actions.
For a server beauty is simplicity en par with security.

M. Dent
Is there a description anywhere of the purpose and function of each of the differing kinds of "config" settings?

  * config
  * xconfig
  * pconfig
  * aconfig
  * abconfig

I think I have a vague understanding from the docs and code - but I'd be interested in knowing what the intended purpose or example "use cases" are for each config type.  Doesn't have to be lengthy and invovled, I just can't seem to find the clear lines between some of them (especially WRT aconfig and abconfig).
M. Dent
Assuming those are correct - Is the difference between xconfig and pconfig that xconfig info is propagated to channel clones, but pconfig is not?  (Is it right to think of xconfig as your "grid profile" used for non-hub-specific settings [or things that are generic enough that they reasonably could be expected to apply to multiple hubs] and pconfig as your "local profile for hub specific settings"?)
Mike Macgirvin
  last edited: Sat, 25 Nov 2017 17:11:26 -0500  
You've mostly got it. A few minor clarifications...

It's all metadata/preference storage to keep from extending the base tables every time we need to store something new. config is *this* server configuration and should not be shared. pconfig (personal config) is for metadata/preferences about the local channel and is propagated to clones. It is heavily used. abconfig data is also shared to your clones since it holds the permissions you've assigned.

xconfig is settings for remote visitors who may not have a local account. This is used to store directory preferences for example - so if you have an adult site we'll always remember that you turned "safe mode" on (or off). Xconfig is not propagated anywhere. There's also sconfig (site metadata) and iconfig (item metadata, which offers a choice on whether or not to propagate it with the item).

aconfig is for something related to your account and isn't specific to any of your channels. This is intended for something like subscription information and there are some service class settings (e.g. free account vs. premium account settings) which use this.

xconfig is rarely used, as are sconfig and aconfig ; and all these are implemented using the same table iirc. I intend to use site config a lot more in the future, so we can remember your site encryption modes and what protocol revision you are using and what additional protocols you have activated so we'll know whether we need to translate Diaspora comments into ActivityPub for your site or vice versa.
Andrew Manning
I added this to my glacial overhaul of the help pages. I'll try to use dev.hubzilla.org to display progress by putting that hub on my "docs" branch. As a result the link below might break at any time:


Andrew Manning
Since there has been only a single request for registration on https://start.hubzilla.org after advertising on http://hubzilla.org, I removed the invitation code requirement during registration and enabled email verification.

@Hubzilla Development+
Anmol Sharma
@Andrew Manning
What backup solution you use for start.hubzilla.org? Loosing the users data is a nightmare. We do keep regular imports of the channels, but I am sure most users of the hub will not do that on regular basis.
Andrew Manning
Currently I'm relying on the DigitalOcean weekly backups. If the site gets more popular and data becomes more important, I can take more frequent snapshots of the hub inbetween the virtual machine snapshots.
neue medienordnung plus
  last edited: Thu, 07 Dec 2017 04:22:34 -0500  
If the site gets more popular and data becomes more important, I can take more frequent snapshots of the hub inbetween the virtual machine snapshots.
@Anmol Sharma
I mean, that correspond to Hubzilla philosophy of de-centrality and Hubzilla concept, that the Hubzilla member are responsible themselves for the availability, for the vitality of Hubzilla infrastructure inherent backups of Hubzilla contacts and other data.

Hubzilla provide one effective and comfortable decentralised solution for high availability of my personal Hubzilla infrastructure - clones of my Hubzilla profiles. I declare all new Hubzilla member, that they have to create at least one clone of they Hubzilla profile for better availability of Hubzilla infrastructure.
Andrew Manning
Can we remove the hard-coded age of 13 for registration? Is there any reason not to make that a config setting that you could perhaps override in .htconfig.php?

@Hubzilla Development+
giac hellvecio
Someone has that spark, the magic one...this one may be 14 or maybe 15 years old, the law says... 13, but if you discriminate those under the 18, then they will have missed a chance...you cut their wings.
Maria Karlsen
  last edited: Sat, 25 Nov 2017 06:14:23 -0500  
When I think about processing data I don't think it's so much about being "mature" or not. It's more about human rights. Google...Facebook... Every child should have the right not to be exposed to heavy tracking unless it's absolutely necessary. Then of course some places are safer than others - like Hubzilla:-)
Hubzilla can probably be safe enough for kids of any age, with a parent guiding and the right settings - but when it comes to hubs anministration you simply have to follow the law.
Mario Vavti
Haha... Kids - the more you forbid them, the sooner they will register...

neue medienordnung plus
I moved files/ folder from location/ hub A. But the copies from moved files/ folder stay on the hub B. Is it correct behavior of Hubzilla? Hubzilla version on both hubs A and B is 2.8.1.

@Hubzilla Development+ @Hubzilla Support Forum+ #deletedObjects #movedObjects
Mike Macgirvin
This seems to be dependent on exactly *how* the files were removed. It works correctly using DAV but failed to sync properly if deleted using the web browser interface.

Should be fixed upstream.

Andrew Manning
  last edited: Thu, 23 Nov 2017 20:31:28 -0500  
What's the deal with the new Articles module? Perusing the code in my food coma, it looks like a cousin to the Cards module?

Edit: Articles.php is identical to the Cards.php file but with "card" replaced by "article".

@Hubzilla Development+
Mike Macgirvin
It's not finished.
Andrew Manning
Can I relegate the file to the git history books then?
Andrew Manning
Well, maybe I can keep it as a deployment method but with a big warning at the top that it's for reference and will be updated if possible.
Haakon Meland Eriksen (Parlementum)
You decide. :-)

@Hubzilla Development+ @Hubzilla Support Forum+ If I upload multiple photos with the JS Uploader I can choose the privacy settings beforehand and the photos get the respective permissions. The containing newly created folder is always "public" though. Is there a reason for this? For privacy reasons it would be nice not to show the Folder name to everybody but just to the connections or groups that also can see the photos.

#JS Uploader #privacy
Andrew Manning
I thought @Mario Vavti removed the JS Uploader addon after he explained that it has been made obsolete by the native support for multiple simultaneous uploads. Mario, is that correct?
Ok, didn't know that. The native uploader can handle multiple simultaneous uploads in the "Files" app, but not in the "Photos" app with me.
Mario Vavti
@Andrew Manning this is in dev branch...

neue medienordnung plus
I browsed the thread start.hubzilla.org erroneously as open hub declared from 19.11.2017 with one Raspberry PI. Can you find one bug here?


Is it a bug or feature, that hubzilla use time of client device in hubzilla timestamps? In my opnion, is it a bug. Please Vote: Bug - yes or no?

#BugOrFeature #timestamp #clientDevice @Hubzilla Development+ @Hubzilla Support Forum+
Alexandre Hannud Abdo
Perhaps it should say '6 months in the future' ;)
Maria Karlsen
What is in your channel settings? (Settings => Channel Settings => Time Zone) You can pick UTC (Other) or any other time zone of your choice.
neue medienordnung plus
  last edited: Tue, 21 Nov 2017 11:33:09 -0500  
My  channel settings was Timezone: Berlin. I tryed with  Timezone: UTC - produced no improvement, no changes for displayed timestamp.

//EDIT: The bug is caused by assumption, that time of client device is correct. If client device time is wrong is time information also buggy.
//EDIT2:  no changes for age of posts.

Andrew Manning
Is it okay if we get rid of the auto-generated "documentation" about the hooks? It looks like Ken Restivo was trying to make something useful here, but what we have is some complicated clojure script that requires something called Leiningen and JVM, and in the end it produces a table that is basically useless as far as I can tell. At least, it doesn't provide more information than a developer would find by searching the source code for "call_hooks".

@Hubzilla Development+
Andrew Manning
If it helped him do something productive then that justifies it, and I'm also grateful for his contributions. I certainly believe that adding function headers and variable descriptions in the formatted comment blocks that Doxygen  parses is helpful per se for others as well. I am still doubtful about what this offers that a developer would not already get from a modern IDE.

In any case, thanks for the feedback. I'll leave the auto-doc stuff alone.
Haakon Meland Eriksen (Parlementum)
Doxygen is very useful when you inherit code. :-)
My main interest in improving Doxygen is providing better inline help in my IDE, so I can hover over a function and read directly what this function does and what a parameter is expected to be. ;-)
I think documentation generated by Doxygen, phpDocumentor etc. is really useful and important. Ours is far from complete and for sure not meant as a general documentation for ordinary members, therefore we also do not ship the generated documentation any more. If someone is interested in it they should know how to generate and use it.