encryption, decryption, and private key exchange
	for inbox:
		client should let server know all the fingerprints of keys it possesses
			anything addressed to these should be included in inbox listing
	for item page:
		server should include plaintext original message accessible to js
		js should check if it can decrypt the text
			if it's decryptable, decrypt and display decrypted text
	for indexing:
		if text has pgp-encrypted message, server should find fingerprint(s) of target keys
			add them to item attributes
	there should be a way to share private keys with existing users
		first idea: put it on the author page
			let user choose a private key from their own keychain
				encrypt the private key text for the target author's public key
	when a private key is detected:
		add it to local keychain

===

Malformed UTF-8 character: \xda\x00 (unexpected non-continuation byte 0x00, immediately after start byte 0xda; need 2 bytes, got 1) in pattern match (m//) at ./config/template/perl/utils.pl line 1333.
Malformed UTF-8 character (fatal) at ./config/template/perl/utils.pl line 1333.

===

inbox for should be regenerated in a timely manner, otherwise the no-js timestamps are incorrect

===

bug: cookieinfo dialog does not work right with cache-mysql theme

===

in render_field.pl
	if item_type is image, and field is item_title
		it should render a thumbnail, but this depends on item_type being one of the columns
		need a way to either not require this, or to hide item_type in the listings while still including it in the queries?
			maybe include it in default item_fields, but hide it in listings by default?
===

database test suite

===

perl -MDBD::mysql -e 'print "DBD::mysql is installed\n";'

===

when there's a new unapproved key
	all approved users should be notified
		so that they can approve

===

allow user to set contact links so that they can be contacted
	phone umber and tel: link
	signal
	telegram
	twitter

===

signal channels workalike
	channels sidebar
	encourage username creationx
	users list

===

resultset dialogs should link to the full page and list total number of items
	need to call SELECT COUNT(*) FROM ($query)
		the challenge here is that GetResultSetAsDialog() doesn't get a copy of the query
			need to pass it in
				sometimes it gets a copy as $flags{'query'}
					we can work with this initially, and then ensure it's passed in elsewhere
						this query sometimes has a LIMIT
							we can just remove it

===

add dialog and script that explains how to verify an item from scratchx
	should display on item pagex
	should have the following commands listed and explained:x
		download /chain.logx
		download /chain_log_verify.txt and save to chain_log_verify.pyx
		run chain_log_verify.pyx
		download the author's public keyx
			verify its hash and that it is in the chain logx
			gpg --importx
		download the item's filex
			verify its hash and that it is in the chain logx
			gpg --verifyx

===

add option to do facebook and twitter style meta tags, like this:
	<!-- Facebook Meta Tags -->
	<meta property="og:url" content="https://ssi.inc">
	<meta property="og:type" content="website">
	<meta property="og:title" content="Safe Superintelligence Inc.">
	<meta property="og:description"
		content="The world's first straight-shot SSI lab, with one goal and one product: a safe superintelligence.">
	<meta property="og:image" content="https://ssi.inc/public/og-preview.jpg">

	<!-- Twitter Meta Tags -->
	<meta name="twitter:card" content="summary_large_image">
	<meta name="twitter:site" content="@ssi">
	<meta property="twitter:domain" content="ssi.inc">
	<meta property="twitter:url" content="https://ssi.inc">
	<meta name="twitter:title" content="Safe Superintelligence Inc.">
	<meta name="twitter:description"
		content="The world's first straight-shot SSI lab, with one goal and one product: a safe superintelligence.">
	<meta name="twitter:image" content="https://ssi.inc/public/og-preview.jpg">

===

failure modes which need to be addressed
	too many processes lock up server
		how to address?
	too many files
		track files in directories
		create alternative stores for cache
	too much space used
		track space used by installation and make visible
	spam/crawler bots hitting the server too much (causing the above)
		another captcha method?
		improve performance of page pre-generation
		limit compute-intensive actions?
		track usage by ip range rather than unique ip?

===

cookie dialog should have these features/information:
	you are signed in as guest
		click here to choose a username
		click here to create a new identity from scratch
		click here to choose an avatar
		click here to complete the puzzle-self-approve process

===

on a fresh install, there's initially an error message about missing chain.log:
	$ bash hike.sh build
	1717812514: Require ./utils.pl...
	grep: /home/dh_kg68r5/pollyanna/html/chain.log: No such file or directory
	tail: cannot open '/home/dh_kg68r5/pollyanna/html/chain.log' for reading: No such file or directory

===

add setting require_approve_to_vote
add setting that requires hashtags/votes to be signed
	these should restrict mass-tagging by crawler bots

===

solution to make message posting happen instantly for the user
	generate dialog with js and inject into page
		in SendMessage()
		needs implementation of GetDialogX2() in js
			add CreateDialog() x
			need CreateItemDialog()
			need GetTimestampWidget()
				basic version x
				with full options
			need GetItemLink()
	send request in background
		SendMessage()
	also store request in localstorage for backup, in case request doesn't go through
		SendMessage()
		need to be able to generate sha1 hash with js

===

what's left to do on modern theme
	alternating table row colors x
	table headers (don't appear at all)
		this is in GetDialogX2() in dialog_builder.pl
	finish template selection algorithm for perl files
		(currently dialog_builder.pl still needs to be copied manually to config/template/perl/
	timestamp widget colorization x
	notification/alert styling x
	beginner/advanced/admin layer colorization x
	table/dialog borders in dark mode x
	what to do with <fieldset> tags?
		probably need to get rid of them, because thye're not styled correctly in dark mode
	figure out why dialogs have a transparent background
	dragging
		activate with pointer doesn't work right
	titlebar buttons
		styling
		make close button work
		make # button work properly

===

Write link should pull a copy of the write page from local storage and replace local dom with it.

===

invite system for pre-vouching

===

ensure that cache and other files are cleaned up regularly
	write script to remove files more than 24 hours ago
		cache
		trim log file
		cache/b/response/*
		log/*.sqlerr

	call script regularly from ...?

===

write form should be updated when session status changes
	this happens, e.g., when auto_register is enabled

===

link items should be handled better
	link url should be accessible from item dialog displayed on any page
	should be a summary created by crawling the link, at least the title
	what else?

===

lowsrc thumbnails are too small, should be bigger
	test in netscape 3 and 4

===

make str_replace() and str_ireplace() consistent and the same implementation other than /i

===

person page should be updated when
	approve label is added
	new author is added

===

GetAvatar() should differentiate between approve and not approve
	it currently does, but once it's cached, it does not change

===

bug `hike refresh` fails if existing module has a syntax error
	even if new version in default/ has been fixed
	workaround: either remove the module in config/
		or hike clean, hike build

===

bug in profile_auto_register:
	public key is not shared until user clicks link on session page

===

jstest1 should not assume that document.frmTest exists
	some browsers do not yet support named forms
		e.g. Ladybird

===

to get a new cookie from a public key,
	the client should send a signed and timestamped request
		a) client signs the request with their private key
		b) server verifies the signature with the client's public key
		c) server sends a challenge to the client
			which the client must sign with their private key
			which the server must verify with the client's public key
		d) server sends a new cookie to the client

===

there should be a clear way to back up an entire server's data
	and there should be an easy way to validate/test that backup

===

changelog should appear immediately on New page after `hike refresh` is run
	changelog should be generated x
		this works ok
	changelog should be indexed
		for some reason this does not work until a reindex is done
		MakeIndex() does not work for some reason (fixed)
			this was because index.pl was not included x
		also, `hike index` does not add the changelog to the index for some reason
			cache/b/indexed/... is created, but the file does not exist in index
				i think it's created before the file is renamed, but then indexing fails because the file was renamed?
			removing this flag and running hike index fixes the issue
				part of the problem is that the cache/b/indexed/... cache contains the file path, but it is not checked whether it is the same
					confirmed this: indexed/... is generated, but the file does not appear in /new.html
						once i remove the indexed/... entry and reindex, it appears on new page
					added IsFileAlreadyIndexed() x
						is sometimes called without $file or $fileHash?
							still not clear what it returns, add debug output
		even though changelog text file is written, a full `hike rebuild` is required for the changelog to appear on new page
	new page should be updated
		MakePage('new') should be called after above works

===

fix duplicate pages being generated every time `page \#foo` is called
	example:
	1704657676.01219
    1704657676.42376 MakePage(tag, notext)
    1704657676.42376 =======================================================
    1704657676.42376
    1704657676.84397 MakePage(label, notext)
    1704657676.84397 =======================================================

===

rename labels_list to label_list ?
	or list_label?
	or list_labels?

===

i think the cause of netscape displaying very small thumbnails is lowsrc= being used
	https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-lowsrc
	we can probably just remove it

===

there should be a warning when 'hike refresh' would update some config items

===

fix 'hike pages' command
	currently prints 0 pages x
	it's using ./pages.pl --queue, and the queue is empty for some reason x
		select * from task; -- returns 0 rows x
	(this seems to happen on dreamhost servers, but not in dev environment) x
	this seems fixed

===

for write form, there should be a checkbox that tells the server not to add anything to the text file
            <br>
            <input type=checkbox>Do not stamp
            <br>
            <span id=spanWriteAdvanced class=advanced></span>

===

there should be a warning for the operator when using cookie-required features
	for example: require_cookie and force_profile (which should be called auto_session)
		these will block users who do not support cookies or have cookie issues

===

refactor all the mentions of opened_dialogs into ReopenDialogs()

===

backtick execute feature

===

refactor GetImageContainer() to use \%file instead of $fileHash as parameter
	allow for old style calls as well?
	currently GetImageContainer2()

===

how to rechain / multiple chain?
	a) get hash of current chain
	b) create new chain with announcement of previous chain's hash as the first item
	c) add all valid items in current chain to new chain
	d) replace current chain with new chain
	e) ???
	f) profit

===

why doesn't php InjectJs() use GetScriptTemplate() ? x
	it actually does!

===

<!--
    #todo redo this whole template
    the js should be added with AddAttributeToTag, not hard-coded into the template
        there can also be templates for each js, so that they can be reused elsewhere
            for example, there is also a standalone reset button
-->
<!-- / dialog_controls.template -->

===

read-only mode for non-registered users
	this can be accomplished with require_cookie,
		but voting buttons and reply forms are still shown

===

add document.body.clientWidth and document.documentElement.clientWidth to jstest1.html

===

index.sqlite3 should not always be zipped
	when it is not zipped, demo is much smoother
	also, when zipped, there should not be subdirectories inside zip file
		the zip command flag is -j
	relevant lines:
		my $sizeSqliteZip = -s "$HTMLDIR/index.sqlite3.zip";
		<a href="/index.sqlite3.zip">/index.sqlite3.zip</a> (<span id=sizeSqliteZip></span>) <br>
		{ #without zip

===

feature check for window.event (or whatever it is) before using "event."
	one browser where it causes problems: firefox 2.x (netscape 9)

===

Inbox dialog should have id=
	looks like there is also a bug with colspan= value missing in GetDialogX() in php version

===

`hike refresh` should look for new orphaned config/ files

===

Reference found where even-sized list expected at ./config/template/perl/utils.pl line 2838.

===

1698874799.99864 Deep recursion on subroutine "main::IndexFile" at ./config/template/perl/utils.pl line 2830.
Deep recursion on subroutine "main::IndexTextFile" at /home/wsl/pollyanna/config/template/perl/index_file.pl line 133.
Deep recursion on subroutine "main::AttachLogToItem" at /home/wsl/pollyanna/config/template/perl/index_text_file.pl line 1011.
^C

===

2023-11-01 17:36:37: (mod_fastcgi.c.451) FastCGI-stderr:PHP Fatal error:  Uncaught TypeError: preg_match(): Argument #2 ($subject) must be of type string, array given in /home/wsl/pollyanna/html/post.php:236

===

if (GetConfig('setting/admin/php/post/handle_browser_test') && isset($comment) && $comment) {
	if (preg_match('/(E[0-9]{13})\W+(E[0-9]{13})/', $comment, $browserTestMatches)) { # line 236
		if (isset($browserTestMatches[1]) && isset($browserTestMatches[2])) {
			if ($_GET) {
				$comment .= "\n\n";
				foreach($_GET as $getName => $getValue) {
					if ($getName == 'comment') {
						# skip, it's already added
					}
					else {
						$comment .= $getName . ": " . $getValue . "\n";
					}
				}
				$comment .= "\n\n" . '#BrowserTest';
			}
		}
	}
}

===

how to import images
	background: text is pushed to the other server with a GET request
	this is not possible with most images
	easy alternative:
		request target server to pull it from source server
		concept: pull request
			if
				label = pull
				and there is a url in the item
			then
				pull the url
				and index it
		implementation:
			token_defs.pl:
				add pull token
					do not look at 'verify' for reference, it is an old implementation method

===

refactor idea:
	./default/theme --> ./module
	./default/template --> ./module/default
	./config now overlays ./module/ ???

===

needs to be a procedure to "strip" an html page of its "envelope" of html, head, and opening/closing body tags
	so that it can be included in another page
	look at internet archive for example

===

Dialogs which don't respond to PageMap (missing id=)
Introduction
Chain (listing)

===

Pages which have dialogs without title

===

youtube embed implementation
	a) create token in token_defs.pl
	b) create renderer for the youtube embed
		b1) not sure if this is currently supported

===

AttachLog() procedure
	should do what RunPy does now, attach an item with the log

===

date page should have a comment field which automatically appends date: tag

===

item_type should be called file_type

===

sub-frameworks, configuration modes, or concepts
	pillbox
		static html only
		rolling access.log file
		no javascript
	local friends
		fully dynamic
		custom js and stylesheets
		self-admin with a secret knock

===

if schema fails to build, operator should be notified

===

setting/site_name should be renamed to menu_title

===

add hike.pl to take over if hike.sh doesn't work

===

how to heal from \r ^M extra characters caused by windows?
	bad_interpreter.txt has instructions
	needs automation

===

needs to be a 'paste' page and menu item

===

#todo
	this shouldn't be necessary: GetQueryAsDialog('labels', 'Labels') . # GetLabelsDialog() .

===

config/setting/admin/token/avatar should toggle availability of avatar feature

===

web archive link to current page

===

hypercode v1
	solution page
		problem x
		code x
		run log (if has been run) x
			otherwise "has not been run yet" x
		stats
			run start x
			run finish x
			timestamp x
			(these are fur the run log item)
		better solutions, if exist
		worse solutions, if exist

	problem page
		lists problem at the top (text) x
		if solutions exist x
			solutions listing x
				tag: solution + approved
		if proposed solutions exist
			proposed solutions listing
				tag: solution - approved

	problems listing
		problem (label: problem)
			links to problem page
		best solution
			links to solution page
			solution by

===

allow user to set one or more bitcoin address
	this should require approval

===

fix links so that wget -r gets a useful archive instead of a bunch of extra stuff

===

this needs to be implemented better:
For users with limited network access, reliant on public WiFi service, we engineered capabilities for offline browsing and content preservation, ensuring offline drafts for later submission retained composition and timestamp.

===

checkbox or button for private mode which switches to gmail or gdocs looking design

===

Next to "sign as ilyag" checkbox there should be another one called "sign with cookie"

===

#todo
	if there are pending user keys
		there should be a server-wide notification
			displayed only to already approved users
	pending keys for new usernames should be distinguished from pending keys for existing usernames

===

author/person concept
	if author is approved,x
		the avatar link should go to the person pagex
	if author is not approvedx
		the avatar should go to the author pagex
		AND on the author page, it should say "author is not yet approved"x

===

allowed and supported image file types
	should have a central config
	currently defined several times separately, all marked with #imagetypes tag
		the extra challenge is lighttpd config, which also needs mime types
			(but this isn't really relevant and doesn't need to be included)

===

shortcut command to add admin user
	workaround: insert into ..

===

code actions
	refactor
	generate testcase
	document
	summarize
	run
	normalize
	extract concepts

===

it should be possible to get multiple dialogs in one http request
	idea: /dialog/settings,help,write.html

===

more screenreader testing

===

redo the inconspicuous design feature

===

encode zip files in html to make it more friendly to archivers

===

there should not be orphaned items in item_attribute table

===

there needs to be a way to upgrade an instance using the web ui
	typical process via ssh goes like this:
		git pull
		hike refresh
		hike build

===

demo
====
	with c++, run sample code file, post the output

===

feeds/sync
	read a feed list, save locally
		save to file named after source server
	figure out which items need to be pulled from host

===

how to make it easier to reintegrate an archive?
how to encourage users to make backups?

===

Traditionally, a FILE_ID.DIZ should be "up to 10 lines of text, each line being no more than 45 characters long",
according to v.1.9 of the specification.[3] The concept of .DIZ files was to allow for a concise description of
uploaded files to be automatically applied.
FILE_ID stands for "file identification". DIZ stands for "description in zipfile".[2]

===

improvements in auth
	user should see when they have new keys pending approval
		create query for the keys listing
		add an inbox-like mechanism

===

create topics page
	topics are capitalized hashtags
		topics table should include most recent post under that topic (and possibly more)
	should have two dialogs/paginated resultsets:
		a) capitalized hashtags ( the topics )
		b) all-lowercase hashtags (utility/system)
		c) might as well throw in a calendar?

===

how to make hash-colored lowercase hashtag links in tags dialog?

===

recent items page

===

add link to own profile to each page
	see older builds for implementation

===

raise admin warning if there are sqlerr files (especially if there are many)
	summarize them

===

should be a warning if reply_cart.js is not included while reply cart buttons are present

===

add person_name to item_flat view

===

ballot_time field should reflect ballot time
	(currently  0 for user-applied hashtags)
	workaround: join to item_flat
make person_avatar view

===

there needs to be a script for recovering from accidentally editing config/* in code editor
    there needs to be a warning, like config/* being read-only
        this should automatically be done if .idea directory is present
			if -e .idea chmod -w config/template/*

===

Outbox feature
	Adding
		When Send button is pressed:
			Store hash:content in LocalStorage
				It should contain >> tag to reply item
	/outbox.html
		1) List all the stored things

===

"my name is tag" should by default only work on pubkey items
	this will also restrict self-naming to key-based accounts

===

how to set py files allowed to upload?
	config/setting/admin/python3/enable

===

when navigating away from upload page or write page
	the submit button's caption should be reset
		from "Meditate..." back to "Send" or "Upload"

===

problem: in offline mode or without connection,
	firefox and other browsers cannot save a page
	proposal: add a "save" button which has in-page encoded downloadable file?
		encode it in the html?

===

it is a general problem that js errors are not trapped and communicated to user
	example: when the meditate message appears on the screen and does not go away
	solution: use try .. catch
		https://www.w3schools.com/js/js_errors.asp

===

first build should display some kind of congratulations message

===

require_once() is still broken on windows/gitbash

===

priority fix
	upload page and uploading files should only be allowed for approved users

===

person page
	combines all authors with the same name
		default: only cross-verified or one-direction verified authors
			optional button to transmit message to all of them
	operator's report of new authors, and what their name is

===

page introduction dialog like on the tags page should get a nice frame for the text inside

===

hike guidb command needs to work on windows too
	on both windows and linux it should install the viewer if possible and necessary
	it works on wsl, but nos sure about how to make it work in gitbash

===

user should see items posted around the same time

===

need a special fix for when config.pl is missing after refresh
	workaround: hike build

===

fix ensure_module() and require_once()
	it's halfway to being converted to use themes
		reason for the conversion is /

===

demo transition from localhost:8000 to hypercode.com
	0) localhost theme differs from hypercode.com theme
		on local server: echo "hypercode chicago" > config/theme
		on remote server: should already be set to this theme

	a) user becomes immersed in the demo experience
		page through all the menu items
		begin smoke testing with different browsers
		begin a roll call thread
		click a few things
		return to the write page
	b) with user's explicit opt-in consent,
		except when the demo smoothness and magic trick requires it not to be?
		when the write form submits a new item, the form targets hypercode.com
	b1) this is done with a selector checkbox
		to be implemented
	c) the lie is that localhost:8000 is entirely static, which may seem like magic because we ran python -m http.server ;)
		the other lie is that we redirected the user to a new server which looks like the old server and without their consent
			make the write page say "you have set your publish node to hypercode.com"
		the alternative is that the localhost theme does not match the hypercode.com theme,
			and the viewer becomes aware of the change,
			although they do not immediately know what it is
	d) the truth is that localhost:8000 is a proxy to hypercode.com
	e) the user is given a link to hypercode.com
	f) the user is given a link to the source code
	g) the user is given a link to the documentation
	h) the user is given a link to the demo
	i) the user is given a link to the demo source code
	j) the user is given a link to the demo documentation

===

1684526148.99190 MakePage(data, 0)
1684526148.99190 =======================================================
1684526148.99190 which: no zip in (/bin:/usr/bin:/mingw64/bin)

===

1684526123.75909 Warning: did not recognize that page type: settings
	workaround: perl pages.pl --settings
		todo: add -M settings handler

===

how to make sqlite3 optional
	reason: ubuntu doesn't come with sqlite3 by default
	windows gitbash also doesn't come with sqlite3

===

how to make git optional
	reason: ubuntu doesn't come with git by default

===

fix lib_heal.pl on windows (gitbash)

===

demo
#reindex tag
	triggers item reindex
	like 'hike reindex' but only for that item (and perhaps dependent items)
	can be used when e.g. 'hike set <token> 1' has been run to enable that token

===

implement per-page-type css and js
	add feature flag css_auto_add_template_by_page_type (ok)
	a) when generating getpageheader, look for
		template/css/page/pagetype.css (ok)
		template/js/page/pagetype.js
	b) if template is found, then:
		add it to the page header (ok)
		inject 2 textareas into the page, css and js
	c) else
		inject 2 textareas into the page default.css and default.js (ok)
	d) if it is an item page, look for these (for each tag):
		template/css/page/item/tagname.css
		template/css/page/item/tagname.js
		* this is complicated by getpageheader/footer not getting the item it for current page?
	e) implement saving of template contents
		to config/template/css/page/pagetype.css in post.php
		to config/template/css/page/pagetype.js in post.php
		in post.php, add argument to return to page

===

there's a bug in include_notext_in_thread_list=0
	i tried to fix it, but have just disabled this setting for now

===

GetItemLink()
GetAuthorLink()
etc should all use RenderLink()
then we can patch in cachebusting easily

===

#brainstorm
some settings should have a "fuzzy" or "best known" setting
for example:
return_to (which page is returned to)
	if only hashtags are applied, return to parent, but if it is a comment, show new item page

===

#brainstorm should it offer different annoyance levels?
	or automatically select 1, 2, 3 on repeated clicks?

===

combined inboxes by validated username/alias

===

link from people card to profiles

===

1) post item which assigns  #keep tag to everything to keep
	this list is taken from existing items with #keep tag
2) remove un#keep things (excluding pubkeys and admin things) and the above new item
3)

===

hike addmenu token/command

===

need a hike edit command for multiline files

===

bad reference to template --> empty dialog -- developer confusion problem
	I had a bad parameter to GetTemplate() and it was hard to figure out the cause
		it should really return a debug dialog, especially if config/debug is on

===

write dialog should tell user when they're logged in with a cookie

===

should be a "logged in as" dialog

===

"operator, please add x feature"
	similar to hike set
		location: operator_please.pl
	is there a config/...x/enable ? set to 1, rebuild frontend
	is there a config/.../x ? set to 1, rebuild frontend

===

#hastitle tag should only apply if title was actually applied to item
	assumed titles e.g. from first line should not result in #hastitle

===

GetWriteForm() should include <form> tag x
	add GetWriteDialog() x
	perhaps <form> should be added by GetWriteDialog,
		otherwise it may result in weirdness for some browsers which assume <form> is a block element

===

cgi-bin
	basics
		postx
		update pagex
		redirectx
			how to redirect?
	languages proof of concept
		perlx
		shx
		pythonx

===

lighttpd and python3_server should not be enabled at the same time
	otherwise it may cause a problem in GetTargetPath()
		add warning in GetTargetPath() x

===

debug output should verify caller matches first word of log
	this is already practically done in WriteLog()

===

event loop on profile page should check for stale "go to profile" link

===

how to hand-verify a puzzle?
	seems to be some kind of issue, probably involving \n

===

fix titles... how to?
	problem: non-ascii titles are gibberished
	they are returned ok by sqlite
		but when being read in via backtick call to sqlite, they're corrupted

===

$itemLongThreshold
	should be about display dimensions, not file length
	so lines and width both should be constrained

===

for recognized clients, http_auth should be bypassed
	location: probably route.php
	look at how cookie works, it should be similar
	clients can be looked up in item_attribute table

===

CACHING CACHING CACHING CACHING CACHING CACHING
	main pages which rarely update should have different timeouts

	after any indexing where new files are added, basic pages like new and chain should be re-cached

	avatar cache only indexed under first theme in list, doesn't update when theme changes

	profile page should be not cached?
		#todo fix setup for this in lighttpd and apache templates
		somehow needs to do a better job of getting rid of old logged in displayed status after logout
			no-cache all profile page things with a username on them #todo
				but still needs a fallback when connection goes away?
			add check to eventloop

	Ensure caches are deleted when a vote occurs

	Add quick way to transition cache to new version without clean-build
		Or possibly fallback to old cache if new cache is missing

===

dev mode with instant updates after code is changed
	keep track of changes
	rebuild frontend pieces as necessary

===

access_log_read.pl
	should be able to parse request in any order, not just when comment is first argument
	add option to add arbitrary argument values (like post.php)

===

option to not add to log but just display in frontend
	model after X-No-Archive header in Usenet/NNTP

===

search
	generate search page based on keyword(s)
	add option in route.php
	add global setting

===

reflect user status in avatar based on user's tags
	1) fix $authorItemAttributes block in GetAvatar()
	2) check for pubkey, approve, vouch tags
	3) display indicator

===

color-code each fingerprint or hash character (0-F) for easier visual identification
	there are at least two ways to do this
		one is to individually use <font color=>
			this is more compatible
		other one is to use contains()
			this saves a lot of space

===

should be able to go straight to editing a query on any view page
	one way to do this is to just put the query into a textarea
		more compatible
	another way to do this is to createElement('textarea')
		makes page look nicer

===

fresh.js should be more persistent
	when a page goes 404, check less frequently, but still check now and then
	gradually reduce frequency of checks after a while
		(see metafilter article)

===

how to thorough cache invalidation basic
	item's page
	item's author's page
	item has parents?
		recurse through each one (only up)
	item's tag's pages
	item has children?
		recurse downwards (only down)
	chain, new, etc.
	grep for other pages and issue warning so that they can be added

===

notify user of anything they may want to see
	highest priority:
		replies to anything they've posted
		mentions
	lower priority:
		anything containing text on the server
	more?
	1) design query author_repliesx
	2) make GetAuthorRepliesDialog()x
	3) make trigger in pages.pl
		basic version: auto generate the dialog when generating author's pagex
	4) in route.php,
		if there's a current author (cookie)x
			check for dialog existencex
				if dialog exists, inject it into pagex
	it would be nice if author had some context what the replies are to
		but this basic version is a good start
	dialog should be re-generated whenever a reply is made where there's an author
	* query should exclude items author has already replied to or voted on
	* add author_key field to query once that's more efficient

===

add recovery from this warning:
	GetItemDetokenedMessage: warning: NO FILE: $messageCacheName =
		a) search for matching file in htmlt/xt
		b) reindex file
		c) look for message again

===

problems found during some testing

a) on mac, setup is a bit broken
	a1) needs a command which does these: hike alog; hike index; ./pages.pl --all
		a1a) hike needs more options to call pages.pl, so that pages.pl doesn't need to be called anymore
	b) item received page needs more instructions on how to refresh the site
	c) hike should offer to run enable_features.sh, or prompt the user to do so
	d) mac-- php is still broken, and ssi is not enabled by default

===

add perl-unicode-string to requirements x

===

who invited you dialog
	list of names with checkboxes
		half the names are actual names
			(do not use accounts whose name is guest)

===

make easier way to have lists in localstorage

===

there's a serious bug with data sanitizing
	reproducing: download all text files from 26-110.com
		some text files are actually image files
			causes an error in the sh-sqlite3 converter
				#ouch
	i think this may have something to do with tcsh

===

dialog controls like Annoy should not be displayed if js/enable is false

===

add support for \n\n===\n\n divider which creates multiple files

===

dig deeper into qdb.us bug causing many duplicated files

===

scores page creation log (listing page)
	create query template
		test query in guidb
	edit pages.pl to add MakeDialog call
		accidentally edited cached pages.pl, but intelij warned me
	add scores to @listingPages in makepage.pl
	add scores dialog to handle_not_found.php
	add to $validViews in handle_not_found.php
	add to @makePages for some reason in pages.pl ??
	remember to rebuild

===

current workflow for adding a new page (could improve)
	add default/theme/thankyou/template/perl/page/thanks.pl
	add default/theme/thankyou/template/html/page/thanks.template
	add to $validMakePageNames in HandleNotFound() handle_not_found.php
	add to @simplePages in MakePage() makepage.pl
	the good news is that it is already automatically generated when ./pages.pl --all is called
		probably from the menu list though?
			#todo it should probably have a list of all available pages somehow
	#todo something like perl/page/simple.pl that is also checked for when a simple pages is generated?

===

add config/setting/admin/list_theme_attribute_concat

===

perl templating feature:
	save stack
	inject line number into every WriteLog() statement

===

rewrite plan for mac
	since regex does not work in lighttpd
	need to rewrite all urls to php handler
		/route.php for regular urls
			/route.php?path=/write.html
		/post.php for write pages
	add setting default/setting/admin/lighttpd/without_rewrite_mac ??

===

most requested 404 pages
	record from handle_not_found.php
	create summary page

===

needs to be a separate tagset for item template and classify dialog

===

strip script directory from caller display in debug log to make easier to read

===

refresh templates:
	if file is a perl template, build after removing config

===

zip error: Nothing to do! (try: zip -qr /afs/athena.mit.edu/user/t/h/thankyou/hike/html/image.tmp.zip . -i /afs/athena.mit.edu/user/t/h/thankyou/hike/html/image/)

zip error: Nothing to do! (try: zip -qr /afs/athena.mit.edu/user/t/h/thankyou/hike/html/index.sqlite3.zip.tmp . -i cache/b/index.sqlite3)
Argument "" isn't numeric in numeric ne (!=) at /afs/athena.mit.edu/user/t/h/thankyou/hike/config/template/perl/dialog/stats_table.pl line 29.
tail: cannot open 'html/chain.log' for reading: No such file or directory

===

light/modern buttons shouldn't appear if php is off

===

layers dialog
	on settings page
	with checkboxes for layers
	should not be anything which is affected by layers changes before it

===

calculate hash of text live in js and display below textbox
	add field to form
	add function to populate text field
	add event to textarea

===

page should update when logged in user changes

===

history list
	log pages into cookie or localstorage
		display on page with links

===

when fresh.js detects a change
	it should force-cachebust all pages #basic
		always #mvp
			later: for 5 minutes

===

test results on macos monterey 12.6
	zsh does not have a "source" command
	no php-cgi installed
	no lighttpd, no apache, no web server
		needs python server?

===

clients view

===

orphaned clients

===

hike.sh
	if being run with "source hike.sh"
	and newst line in .bash_history begins with "hike
		run that command again

===

to invite someone you take on that person's tech support

===

color-coded hash output
	color each digit in one of 16 pallette colors?
		need 16-color pallette
			lazy way: hash-randomize

===

clients page
	tag likely bots
		tag associated profiles
			(or none)

===

write form can be submitted using js
	then inject dialog into page

===

how to jump up and down the outline to change reply-to item?

===

fresh.js
	needs to recover when page goes away (404) and subsequently recovers

===

reset button setting should be under php because it depends on it?

===

what needs to be uncached when a new item is indexed?
	new
	chain
	authors
	tags
	entire parent tree
	author of item
	affected authors if in parent tree
	top/ pages for all affected hash tags
	all dialog versions of above
	previous item in chain
	lower priority
		compost
		threads

===

if chain is in use, during rebuild items should be indexed in chain order
	how?
		either defer indexing if previous items are not done yet
			index_queue
			add to queue if parent item is missing, then rerun queue once first pass of indexing is done?
				recursively
		or build list of files based on chain?
			would require organize_files to be on

===

should all-lowercase and/or lowercase hashtags be in the advanced layer?

===

problems with hashtag links
	#duplicatedialogs
	a) dialogs have a hash-based id rather than exact id
		#todo give unique prefix to hashtag-matching items listing dialogs
			it is top_
	b) FetchDialogFromUrl() doesn't know how to check for existing dialog
		should not be called directly, only by FetchDialog()

===

debug snow should re-print the most recently reported progress percentage on every line so that it can be read

===

column headers should feedback sort order and click

===

reply(#) link should not appear if reply/enable is false

===

upload dialog should be separated from paste dialog?

===

handle ^M line breaks as early as possible

===

when a pubkey fails a sanity check, the item template is just blank
	there is also no parse log
		may be nice to give some kind of feedback

===

dialog palette
	pre-populate with dialogs on pagex
	in the event loop, check for new ones just in casex
	put new dialogs into palette when they are injected into pagex
	checkboxes in palette should hide/show dialogs
	palette should also contain advanced/beginner toggle button
	palette should not be affected by advanced/beginner

===

before cleaning db, dump the file to hash mapping in item table
	restore it when rebuilding
		but do not set cache/b/indexed, so that file gets indexed again
			this will allow OrganizeFile() to work properly with RenameFile()

===

organizing files and indexing files should be separate processes

===

loading indicator can be implemented without js #idea
	float it at the top of the page with css
	at the bottom of the page, hide it with !important

===

IndexImageFile() should also use cache/indexed/... to keep track of what's already been indexed
	the same way as IndexTextFile()

===

there should be a command which checks all references to a hash
	paths in html/txt
	any items in database
	fingerprints of users
	fulltext search

===

make it so multiple dialogs can be requested at once!

rss feed link should be at the bottom of the markup
	lynx displays it at the top of the page, which is sub-optimal

===

admin tag should only be applied to pubkey items?

===

#todo
	store preferred dialogs and open them on page load
	store the dialog html in localstorage

===

allow for baking in GetConfig() values at the templating level
	this will save many GetConfig() calls

===

recent pages/views dialog
	make placeholder dialog
	on page load, store location
	dedupe locations in ls
	on event loop and page load
		populate / refresh dialog

===

how to look up author key by fingerprint?
	when i publish an item to another server
		i want that server to also get a copy of the pubkey

===

how to publish an entire cart to another server?
	cart actions
		download as txt
		download as pdf
		download as zip
		publish to : ...

===

profile js to do
	javascript in-browser sanity checks
		datapoints:
			cookie
			localstorage
			what the server says
				they should match up

===

js debug mode toggles should be sticky between pages
	ideally cookie-based or even more resilient?

===

#brainstorm url parameters

===

#todo cachebuster for local dev mode (timestamp in url)

===

record fingerprint checkbox should not be displayed
	if server does not record fingerprint as an option

===

bugs with php/enable=0
	when not logged in, profile dialog has extra empty space
bugs with php/enable=1
	.mp4 and .ogg files are served through route.php
		it doesn't like

===

how to leave controls window when siwtching to light mode
	remove from document tree
	clear document tree and replace with light mode xhr-loaded page
	replace controls dialog  into document tree

===

all scoring tags should be permissioned?
	setting/admin/scoring_tags_are_permissioned
	get them from label_weight table

===

pagehistory
	on page load, record url and title
	if more than one page, display dialog
		dialog has a elements with url and title
	...?

===

if dragging is enabled
	do not try to make floating tooltip
		instead insert it in place
			reason: weird layout bug
				tooltip does not appear at correct position

===

mechanics of overthrow (like remove ops on irc)
	admin removes #admin tags from non-operator admins
	admin triggers overthrow event
	all existing operators are removed
	those who still have at least one #admin tag are re-admined
	record everything that has happened

===

count pageloads
	route.php
		if reloaded 3 times, redo html template

===

need script to clean up old caches and html files
	find html -type f -name *.html -ctime +120 #something like this

===

standardize file path regexes
	# global-search for "file.+ =~"

===

change attribute names to make them sort better
	sha256 --> hash_sha256
	x_timestamp --> timestamp_x

===

author trustworthiness marker
	#vouch tag should also be dagged
		this is not working properly, needs bugfix
	make it reflect in the profile

===

what needs to happen after a new git pull?
	if config/template has changed
	if perl build.sh
	if php or html just rm config/template/html then clean html
	if js ... clean templates clean html

===

do not exclude hashtags from titles?
	it creates meaning loss when the hashtag is part of the message

===

put top parent id into thread dialog
	generate a template for that thread
		replace the thread in templates when served with php

===

put writing settings on write page
	it's missing <form> tag in all instances
		make a GetFormTemplate extension for GetDialogX which wraps form tag around it

===

notifications of new mentions
	mentions should be indexed
		(currently just replaced when html rendered)
	append to author/hash/mentions.txt

===

new/injected dialogs should appear centered in the viewport
	and possibly animate out?

===

mentions
========
pick up author references by fingerprint during indexing
	add to token_defs
		add to mentions.txt under profile/ABCDEF0123456789/mentions.txt
			read mentions.txt with js

===

client-side frontend config
===========================
2 methods
	1) cookie-based
	2) localstorage-based

===

cascade should be ordered by window size
	larger windows up front because it's easier to focus them from bottom up that way
		width + height = size?

===

#lilatom
	color scheme
	collecting recordings

===

MakePage() output
	should be able to output file name determined by feature flags
	parameters can be set in pages.pl call

===

#hotloading
	find config/setting -type f | sort | xargs md5sum | md5sum | cut -d ' ' -f 1 > config/hash_setting
	#diff against stored_config_checksum
		#if different, run appropriate processes
	# if we're in dev mode, then it should be checking default/ as well
		# and then asking if default should override config

===

on mobile devices, the controls panel is largely useless

===

pages not generated by pages.pl --queue when they should be
	search
	bookmark
	data
	desktop
	manual
	manual_advanced
	manual_tokens
	chain
	compost
	deleted
	some item pages (from chain verification table)

===

dragging: Zorder on page load
	determine dialog importance by counting clickable objects inside

===

build/start.sh should create an alias in the shell
	so that you can type $ hike whatever at the cli
		without having to permanently change config

===

there is a bug:
	when php is off
		and access log is parsed
			it doesn't make it onto the chain until rebuild
				until double-rebuild, actually
		also, the post page doesn't have anything on it
	update: something is going wrong to call to IndexFile() from access_log_read.pl
		#IndexFile($addedFilename);
		disabling this call makes it so that rebuild is no longer required
			however, there is a delay in flow, because index.pl and pages.pl must be called after access.pl

===

html 1 mode

===

add automatic de-caching of affected pages
	verify that item_page table is updated correctly
	run through item_page table and delete affected pages

===

add a default text and non-text colors for each theme to reduce the appearance of green for missing colors

===

Sources of developer confusion
==============================
symlinked .pl files in root dir should not be edited

===

TrimUnicodeString()
this is ready to go, but needs to be conditional depending on Unicode::String availability

===

verify that #approve permission chaining actually works
	it does now

===

What's Keeping Website From Being Used?
=======================================
Much confusion
Where to find newest posts??
Search
	xSearch form
	xGet search query
	Fetch results
	Display results
		via access.log (delayed)
		via php
	Search results template page
xRebuild times are long due to generating a page for each item
	Good: Site is fast to come back up
	xNeed: lazy-generate pages with PHP is enabled
		xItem
		xTag
		xAuthor
		xOther
	Need: Avoid generating pages for items with a parent
		Perhaps: Remove permalinks from reply items
	Need: "Site is rebuilding right now" message?
User can't create account from Write or Reply page
	Need: Checkbox to create account in the process of posting
Data export is currently only possible individually (zip files are not generated)
	Need: Generate zip files for each thread, probably on the fly with PHP, if possible
	Need: Generate zip files of forum data:
		By thread (with all dependencies like authors, votes, etc.)
		By date (with all deps)
		By author (with all deps)

===

Basic calendar view
	templatify it all
	fuzzy date match when creating
	revive event_add page

===

	# action      param           touch_time     priority
	# make_page   author/abc
	# index_file  path/abc.txt
	# read_log    log/access.log
	# find_new_files
	# make_thumb  path/abc.jpg
	# annotate_votes   (vote starts with valid=0, must be annotated)
	#

===

if zip command is missing, data page doesn't generate correctly
	very little operator feedback on cause

===

puzzle solving requires modern js, which locks out older browsers
	workaround: existing puzzle-solved user can vouch for them

===

header-footers
	xabandon idea of detached for now
		xbecause hash sometimes changes unpredictably for now
	xsolidify merging of two files with merging all their header-footers
	ensure there's only one "\n-- \n" (remove the others)

===

when item is deleted and then another resubmit attempt is made, you end up at a 404 page
	would be nice to have some (optional) feedback that that's what happened

===

improve upload.php error feedback page

===

required for usefulness
	new items alerts and view
	more memorable item id's, either shorter hash or words

===

plan for getting rid of progress indicator on pages which are returned to
	meditate... element should get attribute of timestamp tick
	every time eventloop runs, it sets the attribute to timestamp
	when the page navigates away, the eventloop stops ticking
	therefore, if page is returned to, when eventloop starts ticking again, the
		timestamp is a big difference away and can be detected

===

grep apt-get install and synchronize the three different lines
	same for yum and freebsd

===

etag should be generated based on page content, not output html

===

AddAccessKey()
	// this should not only add accesskey= attribute, but also
		figure out what the tag's title should be and set it

===

profile page ... go to profile link should not resubmit profile
	especially when backend is static and it doesn't go to profile

===

detect duplicate id= and form name= and warn
	PutHtmlFile()

===

detect client-server time differences

===

#todo undo vote
===============
	needs to submit another action
		#undo #hashtag ?
	ui -- needs to subtract 1 from counter?

===

need to do something about timed out requests

===

today i realized that w3m on freebsd has glitches with displaying the <hr> tag.
	so <hr> must be somehow removed from all html templates
		while still serving something nice in browsers where hr is a section break

===

allow proof of work by generating html pages

===

profile page is not updated after public key is shared

===

#nn3 netscape 3.04gold {
	js enabled
	a) 'netscape' keyboard doesn't work, returns js error
		on variable hi
	b) js errors when dragging.js is included (due to nested functions)
}

===

#queues pages are not being de-cached
	in php mode
	with lazy enabled
	author page, stats page

===

light mode should not be an option if not supported
	light mode currently relies on php

===

#minor organize default/template/html a little bit
	pages should be in page/
	widget should be in widget/

===

#doc that index.php is not processed by route.php

===

static mode
	finding what you just posted is not obvious
		should be a "recently added" thingy

===

show reply thread subjects below reply items on item page

config token {
	token recognize, but index --> config/ flow doesn't happen
	if config/html (at minimum) is changed, then
		html should be refreshed
			static mode: remind user
			dynamic mode: clear cache
}

===

#accessibility form elements mode {
	keyboard
		some older browsers
			mac ie
			offbyone
			opera 4.0
			ie 2.0
			netscape 3.0
	in these browsers, only form elements are accessible by keyboard
		a links are not accessible to keyboard in these browsers
	proposed alternative: turn links into form elements
}

===

dupe detection plan {
	split files into lines, hash each line
	build index of lines-files
	adopt under oldest
}

===

#todo how to trim entire subthread when trimming item

===

pages.pl {
	listing pages should also generate child listing pages
		e.g. speakers, authors,
		unless ...
	hash-based parameter should be more flexible
		like git's
}

===

clean html leftovers {
	empty subdirs a1/b2/
	author/11BBCCDDEEFF/
}

disabling php should {
	restart the local dev server if running/enabled
	remove html/*.php (or list of php files)
}

===

file_hash vs item_hash in database schema
	make names consistent

===

generate static html {
	config/admin/php/enable=0
	config/admin/js/enable=0
	config/admin/pages/lazy_page_generation=0
	config/admin/expo_mode_edit=0
	./_dev_clean_ALL.sh
	time ./build.sh
	time perl -T ./index.pl --all
	time ./pages.pl --all
}

===

flatten propsx
	find all notext items which assign propsx
		combine all of their entries from config (in the right order)x
			(use config_latest)x
				export to new filex
					archive the sources

===

alt tags for images
	which ones?
	how to generate?

===

if item has #eventlog (?) tag
	focus reply form when page is loaded
		to facilitate fast data entry

===

add a clock js for starting the timeout if eventloop is missing
	this is useful for the 404 page, which doesn't need to have utils.js on it

===

Record what feature is accessed after More/Expand button to decide what to show/hide
	a la ms office 2000/win2000

===

post -->
<-- receipt (received=messageid = thanks button)
--> receipt for receipt

===

GetItemPage() should try to index a file by hashpath
	if item is missing
		search filesystem for hash.txt

===

split gpg from openpgp stuff
	and add enable flags for both

===

/tag/... pages should be sorted by number of that tag applied

===

ensure all js functions
	a) return a value
	b) have a closing comment

===

automatically adjust timestamp highlight threshold
	based on spread of item timestamps
	e.g. if all items are newer than 5 minutes, only bold ones 1 minute or less old

===

xmerge sqlite junk into two layers -- via shell and via dbi
	i think this is done, but could use a double-check
		shell is preferred because DBI is not always available

===

server response message should have adjustable button caption
	goodbye message

===

#accessibility #todo need alternative way to handle http realm for chrome
	chrome does not display it in auth dialog
		other chrome-based browsers also affected

===

If user signs out with cookie and later tries to sign in with localstorage,
	Either sign them out
		or
	Prompt to re-sign in?
		or
	Welcome back message?

===

Being all caps makes html tags stand out more in a sea of text
	implement "older style" html output where all tags and attributes are all-caps

===

Instrument panel

===

test: are there any files under default/ which are not mentioned anywhere in code?

===

improve clean process
	instead of rm, use mv
		create directory trash
			under trash, create dated directory
			move everything in there
	at some point, clean out trash directory
		for example, at the end of build
		or on every update
		clean out a bit at a time, so as to not stall flow
		e.g. find first 1000 files and delete them

===

create "imprint" of shortcut keys so they don't keep changing
	GetAccessKey()

===

attributes should be rewritten back into header-footer
	first, file hashing should not be affeced by header-footer
		this can be done from the shell as well
	then, things like hashtags, timestamp, author name, etc. can be added to it

===

#security #taint
In order to quickly add -T (taint mode) compliance, i've added
some VERY basic sanity checks against these unsafe strings.
The checks should be extended, as they're mostly "not whitespace"
which is however better than nothing.

===

Store current config
	Compare current config to last stored config
		Publish config if changes

===

debug log how to trim top?

===

ARCHITECTURAL PRIORITIES
========================
* decouple initial file pickup into db and full index
* redirect jankiness from profile and post
* pages not expired from cache

===

route.php
	if the html returning indicates it is the pre-generated version
		call HandleNotFound($path, $pathRel)

===

write page:
	if not logged in:
		"other options may be available when you register or sign in"

===

js EventLoop should check if login state has changed and
	immediately burn crrently open page if state changes

===

upgrade etc process
	user posts signed token
	server validates
		changes /index.html to status message
		performs upgrade
		build.sh

===

admin imprint key
	email version
		user enters email which hashes
		server sends one-time auth token to email

===

#burnit token
	note: you can't burn electrons

===

.js files can fall behind in version
	self-check against etag somehow

===

more testing with failed db connection
	fallback solutions

===

cron.lock : change from timestamp-based to timestamp + pid based
	if timestamp is too old, change the pid
	if pid doesn't match self, quit
		check on every loop

===

aliases based on item attributes
	/123 == could be anything
		chain order
		partial title
		etc
		hashtag

===

PROBLEM: sometimes placeholder page is still not replaced
	haven't seen this in a while, unless there's an error in a script i'm editing
		this still should have some kind of fallback

===

PROBLEM: there is a sqlite query call every time a page is hit, even if it exists

===

Prefix all php (and js?) templates with:
	die('removeme');
	then remove the line when building from template

===

de-couple
	indexing of file into intial hash-filename pair
		this can happen fast
	extensive indexing of file
		this can be put off
	this may also help fix bug with file hashes changing

===

useful structural tags
	>>item #addparent <hash>
		add parent to item
	>>item #reparent <hash>
		remove all other parents and attach to <hash>
	>>item #adopt
		sets posting as belonging to author
	>>item #replace [hash]
		if no hash, replace with self
		otherwise replace with item with that hash
			this would mean content is replaced on the page
				with a notice
	>>item #deparent
		make it a top-level thread (no parents)

===

any account tagging v2
	1) create profile
	2) post "verify <profile>" on reddit userpage
	3) >>profile verify https://... (index.pl)
	4) curl reddit profile url, look for confirmation
		use ./once for caching (task?)
	5) add reddit_username attribute to profile

===

reddit account tagging
	(this is already implemented as proof of concept)
	1) "i claim this reddit account http://
	2) >>1 #redditclaim
		look for parent's hash on reddit page
			if present save it in ./once/
			server-signed "#approve"
		else
			message that it failed, and don't try again until this message is removed
			still save it in ./once/
			#denied
	if you want a do-over, you have to remove the once somehow
	reddit url should be normalized to reduce spam options
		remove any extraneous shit
		make it to //www.reddit.com/
		lowercase the whole thing

===

let user save/export/import cookie secret key

===

add option to rotate/trim access.log
	on by default for lighttpd/local
	off by default for apache

===

$$ returns current process id (in both perl and bash)
	make lock file based on this

===

directory listings
	instead of 404 page, there should be index.html in each directory showing its contents

===

for js/debug, add comment to end of each line like so:
	// filename.js : 123
	//alert('DEBUG: hi there');
		==> alert('DEBUG: hi there, filename.js:123');

===

check the status of ssi includes module
	add ssi include for status bar

===

Features would help me
======================
Offline outbox
Offline web app with all content
Recognize URLs
	scrape
	screenshot
	present
Recognize typical date formats

===

queue
=====
create table
DBQueueInsert
DBQueueGet
ProcessQueueItem(...)
php post.php
	insert into queue
	display wait page
	refresh to completed item page when done

===

flush command
	if #approve or #keep
		keep item and all its children, related items, and other dependencies
	otherwise
		archive it

===

#setresourcepassword
	hashes password to htpasswd standard
	uploads hashed password
	server adds to htpasswd
		should not be allowed by default

===

add 404 --> new item to route.php

===

when only mouse click and no scrollbar, no way to move down page
	button to move to end of section
	potentially javascript scrollbars?

===

light mode
	checkboxes for each option
		see #lightmode
		in debug mode, comments and whitespace should not be stripped
			even though js will be on page?
	when light mode page is opened
		light mode is enabled, but not saved
		"enable light mode" button
	checkboxes for
		remove clock
		replace emoji
		replace links with buttons
	strip js+css+htmlcomments

===

if light mode default
	welcome page
		welcome to so and sos
		please choose
			pretty mode
			lightweight mode

===

top menu should be refreshed based on settings
	hide some pages if they're not possible
		e.g. profile, settings
	add links to tags which have >x items

===

index page should trim long items regardless of #toolong

===

top of item should also link to item, not just bottom

===

how to colapse an item

===

on profile page
	put "logged in state" value on page load into page
		then check if value is same as value determined by js
			if different, take some action (change shown state, and/or reload page?)

===

"singleton" tags like #motd

===

tables should regrow if they are missing
	currently ./build.sh is required after ./clean

===

/my_bookmarks.php
	returns all my votes based on cookie
		as list of txt urls?
		or?
	allows pulling from another site

===

xIf Item is being deleted, all its actions should be undone
	xMost db entries should already have a source item field

===

in netscape 3, light mode sometimes turns off without asking

===

move/copy update buton to operator dialog
	move/copy backend piece from post.php to route.php

===

xde-emoji for accessibility mode x

===

#mean hashtag
	[x] hide mean people

===

#BUG #security image filenames are not shell-escaped before update.pl (?) is called
	reproduce: try an image with an ` in the name

===

wherever file counts are done with find
	cache it so that not recounting every time

===

allow aliasing of ??

===

#bigtodo: remove dependencies on external pm modules

===

Testing Results July 17 2020
============================
ie6 "sign as undefined" on reply form
konq too

===

w3m reports redirect loop when logging in

===

list of voted items is not cleared when logging out
	bug or not
		should this list be re-downlaoded on login
		and somehow updated?

===

something to validate chain.log
	validate hashes
	validate that all timestamps are in order
	see if items still exist
		what to do about missing items?

===

handle 414 errors (request too long)
	happens when write.html is used without js
		and long text is submitted
			lighttpd has longer limits than apache, it seems
				at least the apache dreamhost uses

===

feature: export current config

===

upgrade.pl
==========
	0. dump current schema
	1. upgrade
	2. dump new schema
	3. compare new schema to previous schema
	4. if exact match, rename index.sqlite3

===

styles to add
=============
	borg
	bor
	reddit
	lobster

===

"my name is" should follow similar rules as title: in terms of timestamp priority
	perhaps there should be a combined item_attribute table?

===

#BUG footers are lost when rebuilding
	Problem: organize_file overwrites existing file which has footer-signature with one which does not
	xSolution: Only rename file to hashed-path if larger file not already there
	Problem: organize_files is implemented 3 times in 3 differnet places
	Solution: Switch everything to OrganizeFies()

===

fix config/admin/accept_404_url_text

===

add heic files support to image upload

===

multiple image selection and upload

===

paste image from clipboard

===

when changing versions
	see which configs are changing from being the default to not being the default anymore

===

Priorities
===============================
page rebuilding by php
allows building and updating without pre-building all the html
fast page updates with perl (fix targeting in index.pl and update.pl)
#bug long comments no longer sent via post!

===

Need a timer to reset submit buttons from "Meditate" back to initial state
	When user navigates Back to page they submitted from

===

Image exif strip

===

Create .nfo for image

===

auto urls from title

===

move some config/default settings to system/ tree

===

/admin ==> /tag/admin.html (if exists)

===

hide/disable with note unavailable features
	e.g. gui registration with js=0 and php=0
	light mode without php

===

make clean.sh safer
	maybe change to clean.pl for easier writing
	first, use find to select all the files which need to be deleted
	then, double-check that they're in proper directory
	then, delete each one

===

#moderator

===

"paste a lot of text" form
	method=post
	"warning: this method is less reliable, but allows more text"

===

profile page
	without js
		should not say anything about pgp
	without php
		shouldn't say cookies
	without js or php
		should show message that profiles are only available using pgp

===

new comments since last visit
	store in localstorage: page key, last visit
	highlight new comments

===

When displaying thread, OP's top-replies should be sorted first

===

make #config token not sensitive to whitespace differences

===

detect client-side advanced mode
	flip class=beginner nodes to hidden by default during page pre-process
		eliminate page jump

===

import rss

===

make setting to prefer post over get when possible
	this will help avoid tripping up dreamhost's mod_security when sharing pubkey

===

address possibility of mismatch between cookie and localstorage

===

custom 401 page

===

when replying to public key, replyto should be author's fingerprint, not item's hash

===

Profile page
	if js
		somehow check if logged-in state has changed
			because when returning to cached page, old values preserved

===

Provide cookieless sessions via url prefix
	example.com/abcdefghi/tag/agree.html

===

.nfo support for non-txt files, which cannot have ""\n-- \n" footer-signature

===

Include relevant library repos in lib/
	Include only necessary files
	But also the .git/config file
	And also import script from lib/ to template/

===

Stream of vouched items

===

Parametrized item output
	Sorting / Filtering
	RSS

===

SQL Query Log

===

GetButtonTemplate?

===

Allow tags:
<i></i>
<b></b>

===

Installer
	For techies
	For regulars
		should come with a setup device

===

Tag permissions system
	partially done, can work with #approve and #admin

===

Setup modes (collection of config presets)
	Forum, public
	Forum, private
	Weblog

===

Register from any page without leaving page

===

If you are looking for the $_FILES['error'] code explanations, be sure to read:

===

Handling File Uploads - Error Messages Explained
http://www.php.net/manual/en/features.file-upload.errors.php

===

25 sparticvs at popebp dot com ¶7 years ago
	A note of security: Don't ever trust $_FILES["image"]["type"].
	It takes whatever is sent from the browser, so don't trust this for the image type.
	I recommend using finfo_open (http://www.php.net/manual/en/function.finfo-open.php) to verify the MIME type of a file.
	It will parse the MAGIC in the file and return it's type...this can be trusted
	(you can also use the "file" program on Unix, but I would refrain from ever making a System call with your PHP code...that's just asking for problems).

===

Reply form
==========
	add WriteSubmit() call
	refactor for WriteSubmit() to be called with form reference
	add write.js to page conditional on replies enabled

===

janitor role
============

===

content packs
=============
	questions (multiple languages)
	little prince

===

facebook login
==============
	facebook developer account
	registered facebook app
	facebook js sdk
	enter redirect url in dashboard
		need redirect url
	check login status on client-side
	receive redirect
		check against local id
			hash-based?

twilio integration
==================

===

"fingerprint me" token

===

For an item page with a reply box
	Move the voting/response hash tag buttons to the reply form
		Or to a separate page/dialog
			Should be a "dialogs" dialog
				This feature already exists for open dialogs, but not for common ones (for the item)
					Currently this is accomplished only with beginner/advanced layers

===

During overthrow, automatically re-vouch previous admin
	I think continuity is expected by most

===

Make it so that all 500 bajillion index pages aren't rewritten at once
	especially every time there's an update
		when 'index' goes through, increase priority of each page by 1*(page_no/total_pages)

===

move all html templates under template/html

===

in php, if debug is enabled, save WriteLog() when passing server message WriteIndexPage

===

Give update.pl a parameter which looks up in page_item and only does those

===

Automatic filtering of problematic items
	.txt with binary in it ;
	very large files
	many hashtags
		perhaps use `file`

===

Replace #pubkey items with author page
	No need to have 2 pages for each pubkey

===

admin/organize_files should not be in IndexTextFile... somewhere else, not there

===

separate out rewrite stuff
	xmove rewrite config to separate webserver config file elements
	rewrite .html links to .php if rewrite is off
		xpost.html to post.php
		what else?

===

place to enter private key into textbox
	just like show private key link
	but also with a button
	it used to be that way, so id_create or id_current may have the code

===

deleted items page
	add explanation:
	X items are deleted. Here are their IDs and comments on them

===

some html templates
	like controls
		onclick, onchange, etc. events should be separated out
			so that they are not printed when config/admin/js/enable is 0

===

assigning someone a tagset should allow them to assign all the tags in the tagset

===

local save
	autosave to localstorage
	autosave to cookie
	save draft button

===

mosaic doesn't understand relative redirects
	location: header must include full url
		protocol
		://
		self-host
		:port if not default
		/rest of the url

===

rate limiting is partially implemented, needs re-testing
	by ip
	by action type

===

for one-liner items, create new template which displays larger text

===

no-js php server-side profiles
	add link to profile on profile.html page
	add "this is you" message to author page
user's own id should be identified anywhere it is displayed
	in unique color and with "(this is you)"

===

Image Support Enhancements
==========================
	indexing of files into database
		rename if organize_files
		index dimensions
	embed in html or <img> tag, etc.
		css size
		link to original
	upload capability
		how to create image
			o link to existing url (site will download)
			xupload via upload form
				for registered users, link is displayed?
	how to insert picture into post?
		perhaps >>
size stuff may not be as important if
	on pages, display standardized image (standard dimensions)
	link to original image (not necessary)
images should be rotated properly
	when exif tags specify rotation, it should be saved properly in thumbnails

===

research .user.ini (php settings for apache)

===

remove external js file dependencies from 404 page
	404 page should only be 1 request

===

Anytime using rewrite to add attributes to a tag
	If tag has no attributes, have to replace <tag> instead of "<tag "

===

make textareas nowrap in netscape 4, currently annoying

===

#featurebug
create profile with local key
close browser (cookies lost)
open browser again, go to profile page
	expected: handle and fingerprint populated
	actual: handle is populated, but fingerprint is not

===

For js browsers, make the .txt link expand into a textarea instead of going to txt file

===

curl template
pgp command template

===

Make a chart comparing to other systems
	Started

===

Move css from default.css into theme
	Except for certain things

===

Facilitate removal of votes by ip address of voterx
	Record IP address (obfuscated) when voting happensx
	Add functionality to remove all votes by IP address

===

When returning to a form with a button which turns to "please wait" when clicked
	xThe button's caption should already be reset, ideally (via document/body.onunload?)
		Or should be reset as soon as possible
		{ // add this to top of page
			<script>
				<!--
				if (document.createElement && document.innerHTML) {
					var styleHideDialogs = document.createElement('style');
					styleHideDialogs.setAttribute('type', 'text/css');
					styleHideDialogs.setAttribute('id', 'styleHideDialogs');
					styleHideDialogs.innerHTML = '.dialog { display: none !important; }';
					document.getElementsByTagName('head')[0].appendChild(styleHideDialogs);
				}
				// -->
			</script>
		}
		{ // add this to OnLoadEverything() (or as a function in dragging)
			if (window.getElementById && window.getElementById('styleHideDialogs') && window.getElementById('styleHideDialogs').remove) {
				window.getElementById('styleHideDialogs').remove();
			}
		}
		{ // add this in RestoreDialogPosition()

			if (el.style.display == 'none') {
				el.style.display = 'inline-block';
			}
		}

===

Need to connect instances without introducing a bunch of spam
	Need to store hash of message's hash without signature?

===

Many pages crash in Mosaic 3.0 Win
	caused by headers added by php
	turning off php solves the crashes

===

Alternate auth method: http-auth

===

On profile page, the page intro should reflect logged in status
	You are signed in as Anonyomus
	You are not signed in
	etc

===

(checkmark) this text has been verified via vouch-web

===

red tag links should also be red without css
	<font color=red>

===

access.pl:
	vote2.html
	event.html handlers are broken

===

HASHTAG VOTES SHOULD APPLY TO PARENT ITEMS
If item is a reply
	If contains hashtag
		Hashtag vote applies to parent
Implementation:
	Stupid way
		1. Index and store all hash tags for given file_hash
		2. Integrate into item_view page if it's top-level
	Smarter way
		1. Create a view which does it automatically for parent-level items
	3.

===

Views
	Outputs: html listing, rss, zip, pdf, epub, docx, rtf, txt

===

Trigger for change in theme setting
	Basically schedule everything to be re-generated

===

default/menu/default=read,write,settings,...
default/menu/advanced=events,compost,...
default/menu/voter=compost

===

Make vouching easier and more visible
	Add vouch button which does correct thing to user profiles
	Display user's vouch status when displaying post
	Potentially hide non-vouched posts as a feature

===

Pages which have lists of posts should also have a zip file
	xAuthor page
	Tags page

===

Dillo
	<form> requires action=
	<font> cannot contain <table>

===

RSS
	Fix hard-coded host in URLs
	put fingerprint into author field
	Add date field

===

xProfile refactor
	xCookie-auth should work for non-JS browsers
	xFactor out nuJS code into separate template
	xSet cookie via server after private key is set locally

===

Space-wrap long strings in topics list
	??

===

Setting for large font size
	Default on "mobile"

===

Allow vouching by non-admin users
	Establish vouch chain

===

Add timestamp to session cookie
	To allow time limit for cookie validity
		This will also require rewriting the cookie now and then

===

Bug: There's a duplicate <a name=maincontent> on home page

===

Problem
=======
Whole install can be clobbered by setting a value on a directory
#dupe

===

Safe mode:
	If any kind of error occurs
		Rename txt dir
			Create new blank txt dir
				Avoid adding anything to it, but maybe one small message on what just happened?
				Provide zip file of previous directory?
					Maybe just on the first try, as this can cause an error as well

===

Side-quest
==========
Report bug to lighttpd team
	Bug is that directory listings cause JS error in NN3 and other pre-=== browsers
		There's probably no huge need to use that operator there
			Maybe investigate if anything else would cause error?
				Submit patch?
	Update: reported, and they said wontfix. maybe try again?

===

Render everything in doc/ as items
	List them under /help.html

===

Content-Length can cause problem
	If full page fails to download, browser may return error
	Typically sent with static html files
	How to disable it?

===

Rename "beginner" to "hint" or something even better

===

<script language="JavaScript1.3">
	this is some kind of nn4 thing, i think?
	#ToResearch

===

Resolve issues with missing modules. Add everything to lib/ dir

===

#IE4 has too many redirect dialogs when Enter is pressed to sign in

===

Create token which allows a new item to "overwrite" an item
	Perhaps only admin or original author?

===

Warning when write content becomes close to too long for GET

===

Summarize >1k points
Only display points if > 1k

===

Split config/admin/debug into log file and stdout

===

Last seen for new user is not updated correctly

===

Update last-seen times with ping

===

Check for public key on server and re-upload if missing

===

Vacuum old items
	Items older than 1 day
		And don't have following tags:
			keep
			admin
			vouch

===

Implement client-side hide/show of class=admin elements x
	Determine admin state by reading variable or array which is embedded in html pages

===

Event page
	Add end date fields
		or duration?
			for advanced users
	Add latlong selector
	Pre-select date that makes sense
	Form submit target needs update/templating
	Create Event button needs Please wait
	Target form to php if php enabled

===

Events Page
	Split into Current, Upcoming, Past events
	Fix no-js display of dates in future (currently just 01:00

===

getElementById() polyfill for netscape
	until better alternative

===

Add simple index page for txt/

===

Put infobox with all of the item's attributes on item details page

===

PubKeyShare() should not change the current page, if possible
	Make it submit in the background

===

Make an archive of 88x31 browser buttons and display ones which test OK

===

Item page :
	Reply box title should be "Re: parent's title" (if there is one)
		xAll the way up to root comment

===

"New Items" page for items not processed yet
	added to by post.php

===

select * from item_flat
where (',' || item_flat.labels_list || ',')  not like '%,vote,%'
and (',' || item_flat.labels_list || ',')  not like '%,keep,%'
and (',' || item_flat.labels_list || ',')  not like '%,accept,%'
and (',' || item_flat.labels_list || ',')  not like '%,pubkey,%'
and (',' || item_flat.labels_list || ',')  not like '%,reply,%';

===

Add number of unprocessed text files to stats page

===

After rebuild/upgrade, have setting which notifies
	This server was recently rebuilt, still updating
		Remove message when update = 0

===

Archiving
	Select entries
		older than X seconds
		Not voted on by anyone
		Not part of a thread
	Add to zip file
	Remove from tree

===

Handling text file removal
	Find deleted files via git
	Remove item page
	Rebuild all associated pages

===

Add one-click Bump button to top menu
	#todo rename Reprint button to Bump?

===

Write page -- client-side save of preferences
	Checkbox already exists

===

User keys should also be voteable on?
	should be able to tag/vote on fingerprints as well is item hashes #todo
	Isn't that what vouch does?
		But also perhaps friend and flag and all that too?

===

"Message the Admin(s)" link
	which posts to inbox of all the admins

===

Prefill reply box with >>
	Optionally by default?
	Because NN 1.22 does not seem to support <input type=hidden>

===

setcontent/abcde/abcd2
setcontent/{hash of 404 url}/{hash of content}

===

cleanup stale items
	items with 0 children
		older than x days
	items older than y days
		and no "keep" votes
	what else?
what else to clean up?

===

Arrange files into subdirs by author key
Rename them to title.txt, where appropriate

===

Crypt::OpenPGP

===

Use item_page table to remove/rebuild all pages containing deleted item

===

JS-driven global new items indicator

===

Instead of index db being stored under version hash
	Store it under md5(all schema creation statements)
		Then it doesn't have to change unless schema changes

===

Fix bug in progress indicator (debug output)

===

DATA page
Zip files
	Multiple zip files
		config
		text files
		pubkeys
	Refresh with update

===

Generate json sets in /author/friends.json /votes.json and so on
	For consumption by client
		But also how to when nojs?

===

If an exact line more than 5 words long is matched in any other files [>>]
	(create a reference link)

===

If item has no parents
	Generate a full thread page

===

When updating item's touch status
	If item has parents, traverse them and update them all
	Update the top level thread page too

===

Display warning if message is signed, but there is no public key to verify

===

Cut up event_add.template
	So that the dropdowns are individually generated
		Then put sane presets into them

===

shortlink/foobar/sha1
	added to .htaccess
	added to lighttpd config

===

xNon-JS voting links redirect
	xShould redirect to page vote came from
		And include anchor to item being voted on

===

How to recover from out of space errors?

===

How to recover from broken perl script errors?

===

Add ability to type in item hash
	autocomplete with js
		when returned items is 1, display item below
		when 0, tell user to stop typing

===

add pdf export for devices that prefer it

===

addalias/5questions/abcdef0123456789

===

Take stuff that is not PGP-related out of crypto.js

===

default/admin/require_token_for_indexing

===

Fill in zipfile(s) in update.pl

===

Allow profiles to claim client ids
	Items with fingerprint are then assigned to said profile

===

Automatically friend server and operator on account creation
	default/admin/auto_friend_admin
	default/admin/auto_friend_server

===

Import for QDB data
	voter_id
	item
	votes
	vote_caption

===

If item is just one line
	And item has replies
		And item has no spaces
			And item looks like URL in other ways
				Like ends with .html
				Contains /
				Especially 2/2/40.html
			But not if ends in .png?
				For now?
Then
	create url alias pointing to all replies to item

===

Update pages for parent items recursively

===

Web server handler for potential 404:
	sha(url string)
		check for item
			return or redirect to item's page

===

Log each script's runtime and output in timestamped logs

===

In Queue index pages, votes/replies should include parent message in a box

===

With SSI calculate user's fingerprint and direct them to /fp/abcdef

===

Import data from FB, G+, IG, etc.

===

Add setting to ignore plain URL messages if they are an exact match for a file
	This means no unintentional hit counting via hastext tag

===

If file is submitted via plain URL, make (optionally) a token noting that
	location:
		php version: route.php
		perl version: access_log_read.pl

===

Event listing
	Chronological
	Clear dates
	Grouped by month
	All future/current events

===

Connect users
	Using >> replies for user registration posts
	And/or usernames??
		Any user mentioned can vote to remove the post.

===

user expiration

===

link pub-key txt and post from profile

===

Colorize item hashes
	Possibly make "short" hashes 12 chars (6+6 for fg/bg color0

===

[propose edit] button

===

Re-enable hashtag links

===

todo events page should have link to add to
	google calendar
	outlook
	apple
	yahoo
	yandex?
	what others?

===

record referring sites
	generate registry

===

whenever a new pubkey is posted
	messages that have "begin signed" header
		and are not attached to an existing pubkey
			should be re-checked

===

user page should show all replies
	local client should log visited time and highlight new replies

===

fix the remaining duplicate tags (?)

===

From openpgp.js docs:
	The dist/compat/openpgp.min.js bundle also works with Internet Explorer 11 and old versions of Safari.
Ensure that this (and the non-min version) is the version that is in the templates

===

Make JS load more tolerable on slower connections
	* minify the js (and test)
	* https://stackoverflow.com/questions/20014933/progress-of-loading-external-js-file

===

** Fix the bug with messages by new users not being processed correctly **
	This happens if the message is indexed before the public key

===

Adjust avatars: number of asterisks should reflect
	number of votes/replies/responses the author has attracted
		* anon = 1+
		* anon * = 16+
		** anon * = 128+
		** anon ** = 1024+

===

Generate client hash in JS for added fingerprinting

===

Review feed.pl
	Fix rss.txt

===

Add verification that default/ is consistent with repository
	Warn otherwise (settings should be in config/)

===

Auto-generate server key if one does not exist
	Store its id in config/admin/server_key_id

===

Ensure that maincontent tags are present at the right place on all pages
	<main id=maincontent><a name=maincontent></a>

===

If logged in
	Periodically check for public key on current server
		If doesn't exist, resubmit

===

SERVER MESSAGE SIGNING
======================
Does server.key.txt exist?
	No:
		generate gen-key-script
		Generate key with gpg --unattended
	Yes:
		Sign message with it

===

Other filetypes that can be supported
	latex
	pdf
	txt
	doc
	xls
	and so on

===

Consider changing background color based on time of day?

===

FEEDBACK FROM L.F.
==================
it might be helpful to have the tags right on the home page, so that it's not landing on a jumble of messages. +
2) Submit items via URL without any additional prefix x
	* e.g. http://qdb.us/text.goes.here x
	* test if spaces work in GTr +
3) Set up short URLs to accept input (for live version)
4) Make UI smaller
5) Make links for voting so that form submission not required

===

Consider changing background color based on time of day?

===

FEEDBACK FROM L.F.
==================
it might be helpful to have the tags right on the home page, so that it's not landing on a jumble of messages.
Other things can be used to categorize these textboxes and give them more meaning to the user, such as titles, dates, etc.
It might be somewhat counter-intuitive to have the pages going from 14-0 on the top, maybe consider adding a "go back" alongside/instead of these.
xUnderlining 'publicly and right now' may be confused as a hyperlink, maybe can be left un-underlined. but if you want to emphasize this consider bold or italics
xAlso, as a personal preference I think the ellipse around the numbers can be removed or made into a rectangle
And consider adding a title/informative header to the page in general, to give more context to what this page is.
	It could be something like "hike.qdb.us" on the very top, a very short description underneath it, and then tabs (home, write, tags, manual) go underneath that

===

Add to specifications:
	items are always 0-9a-f{40} (lowercase)
	authors are always 0-9A-F{16} (uppercase)
	csrf is always 0-9a-f{32}
	until better specifications are arrived at
	consider an odd-numbered hash of some kind for uniqueness? +
	  e.g sha1 with one char removed or added or something +

===

test mode: remove random characters from scripts when embedding them in page

===

How to make things easier???
	More flow can be achieved with more one-click actions
	Most common tags should be one-clickable for JS users
	  And possibly for non-JS users, just make them links
	  Logged in users should vote as themselves by default
		 Make sure this is very, very clear, possibly with a second confirmation
			[ interesting        v ] [ funny ] [ spam ] [ ... ] --> goes to /abcd.html#vote
			| Vote as Anonymous    |
			| Vote without signing |

===

Somehow handle cleanup of old .html files

===

Fix Tags page so that correct counts are displayed +

===

Add roles directory
	Add roles/admin and roles/moderator
		Add support for having multiple public keys in here as text file

===

Add client-side handling of HTTP 431 messages when submitting something new

===

Function to add file to index and update affected pages

===

Untagged page = all untagged posts
 - make it easier to vote on this one

===

No pubkey and/or bad sig should result in big red warning on page/listing +

===

Front-end signature checks/indicators in input boxes +

===

js fallback for saving via "more options" link on write-small.template

===

When private key is pasted into [restore] textarea,
	automatically check it for presence of private key
	  restore if it validates

===

Add a message that appears the first time someone is posting something, like on HN

===

[Admin] has assigned a weight of [100] to [ABC]
abc can assign a weight of up to 100 to anyone else?

===

Entertaining stats page
	top voter + top tags = top tags by voter
	top voters
	top used tags
	  add to profile page
	number of voters
	number of vote records
	busiest days?

===

rebuilding everything twice is a good way of maintaining integrity

===

forgot to add conversions to user pages

===

mod_security can interfere with some signed posts #known

===

curl
	add to tree
		add timestamp

===

textarea onchange
	begins with header?
		verify with openpgp
			green if valid

===

Validate signed input on Write page
	textarea onchange
		begins with header?
			verify signature with opengpg
				green if valid

===

Link target encryption key with parent id key using gpg --list-keys
	This way "Encrypted message for ..." is linked to the correct profile

===

Feeds list
	OPML
Make post.html redirect to next drop from access.pl, which will contain any newly-added posts as a list.
	If there is only one post, automatically redirect to it
	Otherwise, "is this one of your posts?"
	Create IndexLogLine() in index.pl
	Create IndexParentLine() in index.pl

===

Add support for linking sister sites
	Add list of sites in config(?)
	Add page
	List them all on page
	Add menu item for page

===

Cookie auth via secret URL per public key, encrypted for that key

===

Add CSRF token to reply form

===

Add support for messages with multiple ENC_TOs
	(enc_to is a pgp/gpg setting for what key the message is encrypted for)
	Add loop
	Limit to 5? 10?
	List all of them on details page
	Add support for public key included inside signed message

===

Voting links cause crash in Mosaic 2.0 and 1.0

===

Generate version page for each version mentioned in changelog
	code for this already exists, and is actually commented out

===

textart is jacked on bromite
	need to do more testing on bromite browser (android, installable from f-droid)
	partial workaround is request desktop site
	actual solution is viewport modes for textart items

===

echochamber for votes
	votes which are detected to be questionable should not be counted for stats

===

#todo #meta standardize on configKey vs configName
	should probably be Key?

===

#meta #todo strip metadata and write images into compatible format.
already done for gif, but now need to replace original image and change its hash.

===

#meta #todo need even better keyboard which ie3 and nn2 can use.
	plan:
		make server-side handler for keypress
		keep track of user's text in url
		target from keyboard to write dialog
			button pressed -> targed to large frame up top -> new write page reloads with textarea prefilled

===

have an alternative to lighttpd (which takes longer) for when it is missing
	possible fallbacks:
		apache
		file:// url instructions
		python3 -m http.server
make sure everything under default/ has a trailing \n

===

on write page some javascript shows up in light mode

===

textarea for replying should have an accesskey

===

#todo needs to be more indication of how the score is composed

===

#todo
	/image.html should be reprinted after new image is uploaded
		location: IndexImageFile()

===

profile.html should redirect to referring page logging in
	url retains original parameters like btnBegin=...
		this doesn't always happen

===

Welcome page should look different for a logged in user?
	Logged in user should know they are logged in on any page

===

#todo date page should display date used
	workaround: look at url

===

list clients associated with cookie and author on profile page?

===

Message Hash should be consistent across messages with the same text.

===

threads dialog should collapse other threads not under current one by default?
	so it is less busy
	suggested by user study participant

===

when logged in with cookie but no private key, the welcome page should reflect this
	(like on profile page)

===

route.php should be able to individually generate pages like browser test and manual should be
	currently it's all done with one call to GetSystemPages(), which is kind of slow

===

enable logging of anonymized client id?
	this is already done with client: header and client_id attribute

===

#todo page titles have issues
	some page titles are lowercase
	item pages are titled with the item's hash instead of item's title
	non-ascii titles are mistranslated

===

when user logs in, their welcome page changes, and this triggers a "page updated" notification
	probably should not happen on the welcome page,
		as it is confusing and doesn't help the user,
		who is waiting for their proof-of-work puzzle to complete

===

geographical address book

===

>>a39d161b2df8676ba80ade79bf223712191088bd

because i did not remember the url character code for \n, i could not post an actual reply, but i was still able to reference an item.

i think all item references should add that item as a child.

===

Archive dialog should be moved to a separate module out of default/template/perl/get_read_page.pl
	This is complicated by needing to check the file count,
		which I guess can be passed in, as it's only true/false
		search for GetArchiveDialog

===

when running as user, `hike stop` should not try to kill other users' processes (like port 80)

===

detect if server is fresh built and nothing indexed yet and inform user

===

