Oooo, neat! I'm happy with the functionality bootstrap.js appears to give us, if we're comfortable with its security. I'm not sure how easy/hard this would be or if it would be overkill, but I wonder if it would be easy to use it with OWASP's Enterprise Security API: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API I suspect that if it wasn't inherently build with ESAPI, Bootstrap.js would essentially need a fork to use ESAPI, which I think is could be another whole project. Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Rocki Hack Sent: Wednesday, June 18, 2014 11:44 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Re: Website & publicity You could use bootstrap.js. It's pure "meta" html and it makes the website "responsive" to your viewing device. Look at the examples: http://getbootstrap.com/getting-started/#examples 2014-06-18 17:35 GMT+02:00 Alain Forget <aforget@xxxxxxx>: Nice; overall, I like it. Clean, simple, and straightforward. We can get fancier/prettier if there's ever someone with the skills, desire, and time to do so. A few suggestions: * Regarding the Home, News, Download, About, Wiki, Forum links: ** They should be left-aligned instead of right-aligned ** The About link should either be the left-most, second left-most (if we keep the Home link), or right-most link. * I would change the text to something like: CipherShed is completely free data encryption software for keeping your data secure and private. Learn how to use CipherShed. [Make the aforementioned sentence a link to the Truecrypt User Guide documentation, our wiki, or whatever will most quickly and easily/painlessly show users what CipherShed is and how to use it. It would be ideal if we could rebrand and re-publish the TrueCrypt User Guide from v.7.1a] CipherShed is available for Windows, Mac, and Linux. [I deliberately ordered them like this because I think (but may be wrong) that this is most common, and ordered by overall OS market share] The CipherShed project is open-source, which means everyone is encouraged to examine how it works and contribute new ideas and improvments. We believe greater participation leads to greater security and usability for everyone. To get involved, check out our mailing list, forum, source code [link to github], or come chat on IRC. For more information about the CipherShed project, please visit our Wiki. Hm, good point, Stephen. Niklas, how hard do you think it would be for us to have a nicely-stylised page like your screenshot without WordPress? Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen R Guglielmo Sent: Wednesday, June 18, 2014 11:32 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Re: Website & publicity On Wed, Jun 18, 2014 at 12:23 AM, Niklas Lemcke - 林樂寬 <compul@xxxxxxxxxxxxxx> wrote: > I did a quick "proof of concept" kind of page, which is only running > locally so far. here's a screen: > https://ciphershed.org/moin_static197/wp_screen_01.png > I believe that looks far more professional and inviting. It runs on WP, > so others can edit, write new status updates, update download links etc. I think that looks good. I'm sort of concerned about security running both a big PHP webapp (WordPress) and a Python app (MoinMoin). Both WordPress [1] and PHP [2] itself have had a history of security issues. I'm not as familiar with MoinMoin/Python, but looking at their site [3], they have a history too. [1] https://en.wikipedia.org/wiki/WordPress#Vulnerabilities [2] https://en.wikipedia.org/wiki/PHP#Security [3] http://moinmo.in/SecurityFixes I dunno, we're supposed to be sticking with a "KISS" philosophy. It makes me feel like we should be using plain old .html files edited with vi. The more complicated things are, the more things that can go wrong.