OpenStreetMap
Today I decided to introduce a new format for sharing OpenStreetMap-NextGen development progress with the community. I’ll post weekly/bi-weekly updates highlighting changes and the current project status. Since this is the first update, I’ll cover some recent highlights.
You can subscribe to my diary updates on RSS: link.
New Settings Page (⭐ Highlight)
I’ve begun migrating the settings/preferences section. My goal is to streamline this experience, as I’ve found the current system a bit complex. Surprisingly, many users don’t know it’s possible to change the default editor — I want to make this more obvious.
A new menu on the left of the screenshot (hidden, not yet finished) will provide clear navigation between general, 2FA, OAuth, and other settings.
This page is still work in progress. I intend to add a help text explaining how to contribute to translations and that the translations are made by the community.
This screenshot highlights a new image optimization algorithm, which uses a binary search-like algorithm to find the perfect image optimization configuration in limited amount of steps.
Last Week’s Progress
I am heavily focused on migrating the HTML templates and pages. I believe it is a critical step towards opening up the NextGen codebase to new contributors. Without those (mostly) functional pages, it is difficult to add new features or improvements.
The following templates have been worked on:
/welcome- finished/fixthemap- finished- email base template - finished
- email signup confirm - finished
/settings- work in progress
I have additionally addressed issues that lead to some issues with API endpoints, as well as worked on frontend and backend optimizations. You can see the full breakdown in the repository commits log. I keep my work completely transparent.
OpenStreetMap Website Vulnerability Report
I finally published my OpenStreetMap website vulnerability report. I conducted this security audit while studying the website source code, which was a mandatory step to preserve backwards compatibility.
Some of the highlight findings is a security flaw allowing an attacker to blindly reply to any private message as anybody. Another surprising finding is that the Ruby website stores user authentication tokens in plain text. If an attacker had gained access to the server where these tokens were stored (with just read access), they could have potentially compromised a large number of accounts.
All of the vulnerabilities have already been fixed or are being fixed in the NextGen implementation.
OpenStreetMap NextGen Benchmark 1 of 4: Static and unauthenticated requests
I have recently published the first benchmark of the OpenStreetMap-NG. It focuses on measuring static and unauthenticated requests as this code is fairly stable unlikely to be changed. Future benchmarks will include more realistic scenarios.
I compared the results with the current Ruby website implementation. I faced issues with reproducing deployment scenario on my local machine due to outdated documentation (and since I am a Ruby-noob, I couldn’t fix it myself).
Despite the imperfect benchmarks, I believe the obtained numbers hint at the potential performance gains of NextGen’s codebase.
🦀 Project Sponsors
In my development diaries, I want to include a dedicated section thanking my current project patrons. It’s through their support that I’m able to work full-time on OpenStreetMap-NextGen. Rather than focusing on the amount donated, I want to highlight the individuals themselves — it’s the gesture that is the primary driving factor.
Currently, my work is sponsored by 2 patrons on Liberapay, including one private donor, and one public donor with the mysterious looking username ~1847430.
Thank you to both of you, you made me smile 😋.
If you’d like to join my development sponsors, you can find me on Liberapay or GitHub Sponsors. Currently, all contributions go directly towards the development of OpenStreetMap NextGen.
Disclaimer
Please note that this project is not affiliated with the OpenStreetMap Foundation. It’s the result of my voluntary work and personal choices.
Discussion
Comment from Firefishy on 18 March 2024 at 09:38
A note for readers: This is diary entry is about a private project by NorthCrab, it is not endorsed by the OpenStreetMap Foundation or the OpenStreetMap Operations team. The details here are only by NorthCrab. The details are not necessarily agreed by the groups involved with the running of OpenStreetMap.org.
Comment from Andy Allan on 18 March 2024 at 10:08
I personally put a lot of effort into the DX (Developer Experience) so if you find any outdated documentation, please let us know!
Most of our documentation focusses on setting up developer environments (as opposed to production environments) but I’m always happy to fix any of our documentation if it’s outdated. So please do report your issues at https://github.com/openstreetmap/openstreetmap-website or you can proposed changes there too. Thanks in advance!
Comment from NorthCrab on 18 March 2024 at 10:38
@Firefishy I suppose it’s better to say that thrice than twice 👍
@Andy Allan, here when talking about configuring Phusion Passenger, the link seems to be dead, and there is no other guidance on reproducing that part of the production behavior. When you are at this, could you please check if this section is generally up-to-date? Many steps have been unchanged for 10-11 years and my recent benchmarks show a 2-4x performance gap between local and official deployments. I am not quite sure if such a difference would be purely a result of not using Phusion Passenger, perhaps something else is outdated too?
Comment from rtnf on 22 March 2024 at 03:57
Is there a public demo available yet? I can’t wait to try it out myself.
Comment from NorthCrab on 22 March 2024 at 17:36
@rtnf I am actively working towards that goal. Whenever it’s ready, I’ll make sure to include it in a diary 🙂. It’s really nice to see interest - Thank You!