slidePresenter

Announcing the release of slidePresenter-0.40 (stable).

This is the stable release of slidePresenter-0.4x, based on community review of slidePresenter-0.40-RC-1 (Release Candidate) released on March 12.

All known bugs are fixed in this release. Thanks to the following community members for reporting bugs and/or suggesting improvements:
- Mike: files imported from zip archives are now added in
alphabetical order

Changes to the 0.4x branch will now be limited to bug-fixes, and all feature improvements will be made on the 0.5x branch, starting with items listed in the Project Roadmap

The new version can be downloaded from the Download page. Note that a minor fix made today (formatting user-readable files for easier reading on MS-Windows systems) bumped the latest version number up to 0.41.

Thanks to the slidePresenter community for all bug reports, beta testing, and feature suggestions.

Announcing the release of slidePresenter-0.40-RC-1.

This is a Release Candidate, expected to be fully ready for release as version 0.40 (stable). It includes support for upgrading existing installations from versions 0.3x and below, as well as improved language file handling and various bug-fixes.

As a Release Candidate, this release provides the community with the chance to comment on any final tweaks that may be discovered in the next week. Barring any major flaws, and with all known bugs fixed, this release will be re-branded as slidePresenter-0.40 and released in seven days.

The new version can be downloaded from the following location: http://sourceforge.net/project/showfiles.php?group_id=181580

Thanks to the slidePresenter community for all bug reports, feature requests, and new ideas.

As of this writing a new version of slidePresenter has been released which addresses security concerns mentioned in the July 4, 2007 security alert.  slidePresenter-0.40-beta-2 includes significant changes, specifically the addition of the SLP_SECURITY setting, which accepts values “MoreCautious” and “MoreConvenient”.  “MoreCautious” mode requires the use of command-line scripts for adding and removing slides and presentations, whereas in “MoreConvenient” mode these features are available directly from the Web interface.

As with slidePresesenter-0.40-beta, this release does not provide tools to upgrade from previous versions.  These tools will be made available in the stable release of slidePresenter-0.40.  Subscribers to the slides-announce list will be notified when that version has been released.

In my last post I mentioned that I expected to have a patched release of the slidePresenter-0.30 branch by end of day today. However, the situation turns out to be a little more complex than I thought. I am now hoping to have a stable release of the 0.40 branch to release tomorrow (July 5, 2007).

In case you’re curious, here is a little more detail:

The nature of the problem lies in the fact that the “data” directory is expected to be writable by the web server, and to be located under the web server’s document root. In a shared hosting environment, this is a significant security hole.* *
The simplest fix would involve one of two changes, neither of which happen to be appropriate for slidePresenter: either turning off write privileges to this directory for the web server (which would completely prevent you from moving from one slide to the next, among other things), or move this directory out of the document root (which would prevent the slide images from being displayed). The alternative option, the one I want to implement, is to separate the data directory into two parts: one located above the server’s document root, for the data files that keep track of each presentation’s properties (name, description, current slide, etc.); and another, within the document root for the slide images themselves.

On a new installation, it’s not important that the structure of the data directory has changed since the last release. But for people who are upgrading an existing installation, it matters a great deal. If these users are going to be able to keep their existing presentations through the upgrade, slidePresenter will need to provide a way for them to reorganize their presentation data into the new structure.

It just so happens that this issue of upgrading to a new data structure is the one issue that remained undone in slidePresenter-0.40 when the beta version was released. This means that if I am going to spend the time to write upgrade scripts for a new release of the 0.30 branch, slidePresenter users might be better off if I would instead use that time to write upgrade scripts for the 0.40 branch, then publish a stable release of 0.40, and let users upgrade to that.

Although I would not normally discontinue support for the 0.30 branch until a stable release of the 0.50 branch, it seems in this case to be less work, both for me (avoid coding similar features twice), and for the community (avoid upgrading to 0.34 now — including conversion to a new data structure — and then again to 0.40 — converting to yet another data structure — soon afterward).

Note that this is still a fairly small community, so your concerns carry a lot of weight. If you have specific reasons why you will not be able to upgrade to slidePresenter-0.40 and need a patch for the 0.30 branch, contact me (see the README.txt file in the distribution). I will do my best to help address your specific situation.

** I should point out that this “significant security hole” is also in place in many very popular software packages, including WordPress, which powers this very site. Regardless, I believe it would be irresponsible to continue publishing slidePresenter without doing all I can to eliminate such a vulnerability.

As of 15:30 PM Eastern Time, July 4, 2007, all existing versions of
slidePresenter were found to contain a security flaw in which certain
server-executable files may be written by an attacker having
write-access to the web server. Although no known flaws in
slidePresenter provide that access, I have no way of confirming the same
is true of all other services running on a web server.

Therefore, all archived versions of slidePresenter are being pulled from
the download site at sourceforge.net until this vulnerability has been
patched.

Existing slidePresenter users in shared hosting environments are
encouraged to discontinue use of slidePresenter until a patched version
can be installed.

I expect to have a patched version for the slidePresenter-0.30 branch
released by end of day on July 4, 2007. Users of previous versions will
be encouraged to upgrade to that patched 0.30 release.

Subscribers to the slides-announce list will be notified when patched
versions have been released.

This is a security alert regarding slidePresenter-0.40-beta.

As released, slidePresenter-0.40-beta contains a security flaw in which certain server-executable .php files may be overwritten by an attacker having write-access to the web server. Although no known flaws in slidePresenter provide that access, I have no way of confirming the same is true of all other services running on your web server.

Therefore, all users of slidePresenter-0.40-beta are encouraged to discontinue its use and revert to the latest stable version (slidePresenter-0.33) until this vulnerability has been patched. To prevent further distribution of the vulnerable code, slidePresenter-0.40-beta has been removed from the download site at sourceforge.net; all other previously released versions are still available.

Subscribers to the slides-announce list will be notified when a patched version has been released.

A few moments ago I posted slidePresenter-0.40-beta to Sourceforge. Check out the demo and download it now for the latest slidePresenter features.

I’m really excited about this release, as it offers a great new feature to slide presenters: a virtual “laser pointer” for pointing out particular areas of a slide. Even better than a laser pointer, you can draw circles, squares, and straight lines (as well as the usual spot) in any of four colors. With this feature, I believe slidePresenter is moving up to become the full-featured slideshow broadcast software people need, while remaining lightweight, offering a simple installation for presenters, and requiring zero installation for viewers.

slidePresenter-0.40-beta also provides these features, as called for in the Project Roadmap:

• Thorough re-write of data management code (required for cursor indicaors feature, and database back-end option in version 0.60)
• “Slide x of y” display to indicate how far along the presentation is, in the View interface
• Degrade gracefully if Javascript is not enabled (essentially, explain to the user that Javascript is required, instead of just breaking without explanation)

What’s missing from this release — the reason it’s only released as “beta” — is the capability of upgrading existing presentation files from earlier versions. This feature will be added with the production relase of slidePresenter-0.40. Users who are subscribed to the slides-announce list will be updated as soon as the new version is released.

slidePresenter-0.40 is scheduled for release by June 21, to include a completely re-written data management API.  This improvement in the back-end code, while making little visible difference in the style and functionality of slidePresenter, is essential in moving forward to more flexible data management options, including the option for a traditional database back-end (say, MySQL or PostgreSQL) in version 0.60.  It’s also required to support the more complex data requirements involved in the “cursor indicators” feature scheduled for version 0.40.

You can see more about the future of slidePresenter in the Project Roadmap.

Today slidePresenter saw its 700th download. I’ll count this as a milestone worth celebrating.

With the release of slidePresenter-0.30 on March 30th, slidePresenter is starting to show the features it should have as an intentionally lightweight live slideshow broadcasting tool. An improved delivery interface now includes controls for jumping to any slide, and the presentation editing interface now provides the option of importing slides from files located on the server (instead of requiring you to upload and import in one shot).

Next up will be features to allow the presenter to mark up the slides and have those markings appear on the viewers’ side. This will give you a way to highlight specific parts of a slide, as you might do with a pointer in a face-to-face presentation. A quick proof-of-concept mock-up is available for the curious, though at this point it only draws the shapes and doesn’t illustrate the broadcast of those markings to viewers. The actual feature will support several shapes and let you adjust line weight and color.

Expect this feature in slidePresenter-0.40.

As a followup to the real-time upload progress meter, I’ve been working on a feature that’s much more at the heart of the matter: allowing users to avoid large file uploads over http altogether. I first thought that this would best be handled by having a command-line script to import files which exist on the server, but file permission issues soon make that into a bit of a mess.

The better solution is to use the Web-based interface to import files that are on the server. It’s less error-prone, makes better use of existing code, and more consistent for the user.

This feature is in testing now and should debut in the release of slidePresenter 0.30 later this week.