# BBS software?



## willie (Mar 7, 2015)

Would like to get people's thoughts and recommendations on BBS software.  I have some particular preferences/requirements that I'll list, but go ahead and post whatever you think is interesting even if it doesn't fit them.

1) Strongly prefer 100% FOSS software but if proprietary, it should be a one-time purchase rather than recurring or subscription fees.  If FOSS, preferred license is GPL.

2) Should be able to handle a modest traffic load while running on a low end (128mb) vps.  This includes the database (if any) running in the same vps. 

3) prefer a traditionalist UI without too many cutesy javascript or css effects.  It's ok if JS is used for some niceties when available, but the board should be usable even with JS completely disabled.

4) Slight preference that the implementation language not be PHP. 

5) Should support private messages, preferably with encryption

6) (added): should have a reasonable UI for mobile browsers.  I have no idea what this actually means since I don't use a smartphone, but enough people do that I think I have to care about them.

I'm looking at fluxbb (used at forum.lowendspirit.com) and it seems like a possibility, but I'm wondering what else is out there.


----------



## perennate (Mar 7, 2015)

Wikipedia actually has a pretty decent list -- http://en.wikipedia.org/wiki/Comparison_of_Internet_forum_software


----------



## Cloudrck (Mar 7, 2015)

You might be able to get Discourse running on such a VPS, but that seems insanely low for memory in today's age.


----------



## Onra Host (Mar 7, 2015)

I can vouch for fluxbb as I played around with it on a brothers MineCraft forum. Never used anything else though so I can't be of that much help beside saying fluxbb works


----------



## willie (Mar 7, 2015)

Thanks, the wikipedia list was informative and shows almost everything is in php, wow.  The others were in java or perl.  I was hoping for python or maybe something trendy like erlang or haskell. 

Discourse has interesting ideas and I'll probably check out its features to get a sense of what it's doing, but overall it seems like the type of script-heavy bloatware that I wanted to avoid.

The 128mb footprint definitely isn't a hard requirement since bigger vps's are completely affordable these days.  But, running in a small container can be useful, and maybe more importantly, being able to stay small is an indication that the application was programmed cluefully.  128mb was a huge machine not all that long ago.


----------



## MannDude (Mar 7, 2015)

willie said:


> Thanks, the wikipedia list was informative and shows almost everything is in php, wow.  The others were in java or perl.  I was hoping for python or maybe something trendy like erlang or haskell.


http://www.hotscripts.com/category/scripts/python/scripts-programs/discussion-boards/

Unsure if you've checked any of those out, may be worth looking into.


----------



## willie (Mar 7, 2015)

Thanks, MannDude.  Are any stats available about vpsboard: how many messages it has, amount of storage used by the db, etc.?  Why did you pick the rather expensive Invasion instead of a free system?  That's not a criticism, but just wondering what the $$ gets you.


----------



## MannDude (Mar 7, 2015)

willie said:


> Thanks, MannDude.  Are any stats available about vpsboard: how many messages it has, amount of storage used by the db, etc.?  Why did you pick the rather expensive Invasion instead of a free system?  That's not a criticism, but just wondering what the $$ gets you.


The site runs on less than 256MB of RAM... but that's _just_ the forum (nginx/php/mysql). Analytic server, ad-server, mail server, etc are all hosted on different VPSes.

Stats are on the index. About 85,000 posts. Forget the DB size, would have to check or uncompress a backup but I'm thinking it's about 200MB~ or so at last glance.

If I were to start over, I'm not sure I'd choose IPBoard again but I'd probably choose a different commercial product like XenForo, for example. With IPB I get ticket helpdesk support (which is alright) and there is a huge community behind it. It also has some pretty good supported plugins available that expand the functionability.

In my opinion though the admin backend is very cluttered and is such a pain in the ass. Three different addons may be accessed from three totally different areas in the admin area. Sometimes they're under hooks, sometimes they're added as a nav-bar entry and have their own separate settings page, sometimes they're in the community settings under one of those tabs.., etc. It's a mess. But overall, IPB for the end-user is pretty okay. 

Other things that 'should be' simple can also become a nightmare. For example, by default the number of last posts shown in the sidebar is 5. You'd think this would be a setting in the admin area, right? Nope. You've got to change the value in the code and it's located at _\admin\applications\forums\sources\classes\forums\class_forums.php _and then you have to change this line:


public function hooks_recentTopics( $topicCount=5, $output=true )

Why there isn't a hook by default to do this in the admin panel? I do not know. Little things like that are annoying.

The live-search in the admin area is horrid too. And I'm not a big fan of the member management either.

IPB4.0 is in beta and looks pretty alright. I've been meaning to download a copy and get it running on the new Raspberry Pi that's sitting on my desk for testing but haven't gotten around to it. I hope they've cleaned the admin area up and fixed some other minor issues I have.


----------



## Kayaba Akihiko (Mar 8, 2015)

MannDude said:


> The site runs on less than 256MB of RAM... but that's _just_ the forum (nginx/php/mysql). Analytic server, ad-server, mail server, etc are all hosted on different VPSes.
> 
> 
> Stats are on the index. About 85,000 posts. Forget the DB size, would have to check or uncompress a backup but I'm thinking it's about 200MB~ or so at last glance.
> ...


I'm curious, why not use something like MyBB?


----------



## MannDude (Mar 8, 2015)

Kayaba Akihiko said:


> I'm curious, why not use something like MyBB?


I didn't really shop around to be honest. Someone was selling an IPB license on LET, someone was selling the vpsboard.com domain on WHT. I bought both.

MyBB looks nice though as well.


----------



## Mid (Mar 8, 2015)

> The site runs on less than 256MB of RAM... but that's _just_ the forum (nginx/php/mysql)


vpsB runs on 256MB vps? that too with php+mysql, hard to believe.


----------



## MannDude (Mar 8, 2015)

Mid said:


> vpsB runs on 256MB vps? that too with php+mysql, hard to believe.




```
total       used       free     shared    buffers     cached
Mem:          1009        742        267          0         14        513
-/+ buffers/cache:        214        795
Swap:         2044         16       2028
```


----------



## willie (Mar 8, 2015)

One impression I had as of a few years ago was that the really large forums all ran VBB, including a lot that had to migrate to VBB from other software.  The other programs (phpBB was one as I remember) became sluggish and/or flaky once the number of messages hit some amount.  I wonder if things are still like that.


----------



## k0nsl (Mar 8, 2015)

This is not something I have noticed. By the way, I recommend phpBB. It also has a good track record when it comes down to security. It can be made to look OK as well, easily extensible and has a large community. At first I hated it, but now I think it's better than most. If I had to pay for a forum software, I think it'd be XenForo. 



willie said:


> [...]  The other programs (phpBB was one as I remember) became sluggish and/or flaky once the number of messages hit some amount.  I wonder if things are still like that.


----------



## willie (Mar 8, 2015)

I can tell you that as of about 5 years ago, switching from phpBB to VBB was a big improvement on a certain board I was on at the time.  It's of course possible that more recent versions of phpBB are better than the old ones so phpBB is good today.  It's probably gotten easier to do this stuff, due to faster computers, more serious databases, and better programmer understanding.  The board that switched to VBB had been incurring significant hosting expenses on a dedicated server that was being strained: the VBB migration eased the pressure that otherwise would have needed even more hardware.  But, that board was maybe a few times the size of vpsboard, fairly large but not truly enormous.  I think today's budget VPS's (especially on SSD) could have handled its traffic load just fine, or more careful coding could have done it fine back in the day.


----------



## blergh (Mar 8, 2015)

Amiexpress?


----------



## willie (Mar 8, 2015)

Hadn't heard of Amiexpress (also called /X) before but just looked it up.  Sounds pretty cool.  It ran on Amigas back in the day, which had maybe 1MB of ram?  Before that there was Usenet, which handled traffic loads that were large for BBS's even by today's standards, on minicomputers of the era that had maybe 1-4MB of ram shared by multiple users, so the Usenet software had to run in maybe a few hundred kilobytes. 

I think SSD's are a game changer for this.  In the hard disk, small ram era a lot of careful code tuning went into using ram caches to greatest advantage.  Now we can just let the database do everything.


----------



## raindog308 (Mar 8, 2015)

willie said:


> Would like to get people's thoughts and recommendations on BBS software.


You might also ask on theadminzone.com, which is a forum for forum admins. Probably your best bet as far asking a question to lots of people administering forums.



willie said:


> Thanks, the wikipedia list was informative and shows almost everything is in php, wow.  The others were in java or perl.  I was hoping for python or maybe something trendy like erlang or haskell.


Valid if you're going to write a lot of extensions but otherwise...not sure why you'd care.



willie said:


> 1) Strongly prefer 100% FOSS software but if proprietary, it should be a one-time purchase rather than recurring or subscription fees.  If FOSS, preferred license is GPL.



As far as commercial software, the big three are vB, IPBoard, and Xenforo. As a user, I don't really care which. I've adminned IPBoard and it was all right - be advised that 4.0 is just now in RC status and so it's going to change a lot in the near term.


All of these can be significantly expensive - you buy the software and then pay every 6-12 months for maintenance. With IPBoard you get some add-ons like anti-spam, etc. valid while you're under maintenance. So there's purchase + maintenance and I think all three vendors incent you keep maintenace by turning off add-on services (such as automated anti-spam) and only allowing customers with support contracts to post in their support forums.



willie said:


> 3) prefer a traditionalist UI without too many cutesy javascript or css effects.  It's ok if JS is used for some niceties when available, but the board should be usable even with JS completely disabled.


Not sure anyone is going to take that on as a design goal. I know none of the big three commercial boards support that (an IPB dev once said in their forums that they do not try to code for a JS-free environment).  It's 2015...the only people I know who code for "always can fallback to JS-free" are people who have to put up government web sites that comply with a bajillion accessibility regulations.



willie said:


> 5) Should support private messages, preferably with encryption


Do any of them do that now? I've never seen that.


Besides, how are you going to do it? Not in Javascript, that's for sure.  So at best you're passing plaintext to the server, which will encrypt it before storage, then unencrypt and pass it via plaintext to the end user (of course, when I say plaintext, I mean the connection is HTTPS but the underlying content is not encrypted).  The only thing you're protecting is someone breaking into the server and stealing it (because the admins can always modify the .php or whatever code to save an unencrypted copy for themselves).  I really am not sure what you're protecting here unless you're worried about someone breaking in and stealing stored PMs.



willie said:


> 6) (added): should have a reasonable UI for mobile browsers.  I have no idea what this actually means since I don't use a smartphone, but enough people do that I think I have to care about them.


This is what I found to be a headache about any board - the presentation part. There's something you want to change and now you have to learn the vendor's CSS, write changes, keep them in place over upgrades, etc. And double the work for mobile skins.


So you decide to just buy a nice third party skin and it looks great, except now you want to tweak that here and there, and then you have to hope that skinner is still around for the next round of upgrades or if they're not, now you need a new skin...it's a headache.


As for the various packages...


I find IPB out of the box to be OK. I find IP.Content to be ridiculous - everyone on their forums constantly says it's difficult to use and hard to understand. If you really want to get into templates and creating your own IP.Content objects then maybe you'd like it, but when I've played with it, it was just way too complicated...if I wanted that, I'd write something myself and there are simpler templating systems out there.

I like MyBB (freevps.us runs it) as a user and it's simple enough as an admin. 


There's also Vanilla (LET as an example of course).

I still run into SMF forums now and then.  phpBB is still around though I don't encounter it much in the wild.


----------



## willie (Mar 8, 2015)

Thanks for the informative post.  Yeah I don't know of bbs'es currently doing encrypted PM so I've figured on maybe coding it myself, which is why I cared what the implementation language is.  No it wouldn't use JS.  Yes it would take plaintext over SSL so it would only protect stored messages.  PM me if you want the details, it's a bit too off-topic for this thread.  Note that JS crypto may be worth another look by now: some of the problems in that article have been remedied by more recent browsers.


----------



## MannDude (Mar 8, 2015)

willie said:


> Thanks for the informative post.  Yeah I don't know of bbs'es currently doing encrypted PM so I've figured on maybe coding it myself, which is why I cared what the implementation language is.  No it wouldn't use JS.  Yes it would take plaintext over SSL so it would only protect stored messages.  PM me if you want the details, it's a bit too off-topic for this thread.  Note that JS crypto may be worth another look by now: some of the problems in that article have been remedied by more recent browsers.


PM crypto is a pretty neat idea and if it was something that could be made to work with IPB _and_ work on old messages as well as new ones, that would amazing. I'd love to have that for vpsB.


----------



## willie (Mar 8, 2015)

Yes it can work with old messages.  It could probably be added to IPB but I couldn't see doing it for free given that IPB is proprietary.  If IPB or anyone else wants to hire me to add it to IPB, we can talk .  Main issue with old messages is after encryption, the plaintext might conceivably still be retrievable from the hard drive via data recovery, old backups, etc.  New messages would never be written to the hard drive unencrypted.


----------



## raindog308 (Mar 8, 2015)

Imagine you and I are PMing on an IPB board.  Is your goal


You and I can send PMs and no one but us can read them
There is one encryption key for all PMs to protect against data breaches
The problem with #1 is communicating the shared secret.  Of course, we can use existing technology to send encrypted messages (GPG works just fine regardless of text transmission medium).  Also, how do I know the admin isn't silently slurping up passwords?  I don't and can't.

I see #2 as a benefit though this means the secret must be entered at some point (i.e., you can't store it on the server, so...apache/nginx module?)  Might be easiest to do in the database (if MySQL, et al. support per-column encryption).

I realize we're getting off track


----------



## willie (Mar 8, 2015)

Raindog: the idea is that you and I trust the admin and the board software is operating properly.  In this situation, we can exchange PM's using normal board features and without having to mess with external applications like GPG, and nobody but us can read the messages.  In particular, if someone else gets control of the server at a later date, they can't read the stored messages.  It's true that the admin could potentially modify the software to get access to our messages the next time we log in.  There could even be an admin-level feature to do this in the event of a LE investigation or the like, but it would capture only from specific accounts named in the investigation, rather than from all the pm's on the whole board. 

The encryption protects us from leaving an "exhaust" of readable pm's.  Like there was a board I was on for a while, then moved on from years ago, but my old PM's on it are still potentially retrievable, which doesn't seem good.


----------



## Vega (Mar 9, 2015)

willie said:


> snippet


Paid: First choice IPB(Community is great).

-IPB 3.X is still great

-IPB 4 is coming as well soon.

I have been using IPB for awhile now. I came from Vbulletin actually to IPB and they are amazing.

Second choice...Burning Board.

(It's Xenforo but with more use/feature basically).

Free:

Check out SMF and Mybb and Elkarte(Which is a SMF fork).


----------



## libro22 (Mar 9, 2015)

I had my own fair share of experience with MyBB. It can handle massive traffic load of 8,000 - 13,000 users, at least 100 active at a given time with fairly low resource usage (even shared can handle it, though to be honest I own that server so I can't compare with the resource limit standards of regular companies). The backend UI is very clean and efficient. I think the latest version is a massive change in comparison to the old 1.6 I used before.

The only problem I had with it was spam. Once it started, you'll have headache cleaning, filtering and preventing it. Plugins did help.. but not so much. But don't take my word for it completely, others might have a more extensive experience on dealing spam with it.

I would have suggested PunBB but their development is no longer existent, I think.

Edit: Oh hey FluxBB is indeed a fork of the old PunBB


----------

