Ladies and gentlemen, it’s that phase of the software development life-cycle when the ninjas at Ushahidi share what they have been working on: Ushahidi Version 2.2 code -named Juba. Juba is a city in South Sudan. (We name all our code releases after African cities.)
First off, you shall be seeing more releases in the coming months as we adopt a monthly release routine.
Back to this baby, lots of awesomeness to just want you to dive in and try it out.
Ushahidi 2.2 code – Juba release: What changes
We’ve added some critical security patches to the master code to update the previous 2.1 release of Ushahidi. This has been updated in Juba 2.2 and for all Crowdmap deployments. If you wish to continue using the 2.1 release, please update your Ushahidi platform with this important fix.
The first vulnerability allowed an attacker to modify the intent of your SQL statements. In some situations it could allow unauthorized access to view data in your database or potentially to modify stored data. The second vulnerability allowed an attacker to inject HTML into the web servers response to alter the content to the end user.
We recommend that you update your 2.1 Ushahidi files immediately. (Again, 2.2 and all Crowdmap deployments include the security patch.)
Advisory ID: SA-WEB-2012-001
Security Risk: Critical
Vulnerability: This vulnerability allows an attacker to modify the intent of your SQL statements. In some situations it could allow unauthorized access to view data in your database or potentially to modify stored data. In addition to this, it allows an attacker to inject HTML into the web servers response to alter the content to the end user.
(Credit: We heart xkcd.)
Some of the features to look out for are:
All your maps belong to You
The default map version has been set to OpenStreetMap (OSM). There is a drop-down to select your map under settings. You can also select maps from our friends at Google Maps or Bing.
RiverID is an authentication and identity management system that provides users with a secure central sign-on facility.
With RiverID, your are able to access all the Ushahidi products using one just one username and password. This includes all the Crowdmaps you’ve set up and, when launched, your SwiftRiver streams.
This eliminates the need for multiple passwords per person per Crowdmap deployment. Though, you are free to use as many different passwords as you choose.
Badges are a great way for Ushahidi deployers to award their users. Developers can also find badge image resources to include in their projects. These are badge images in a variety of categories which can be used in Ushahidi or Crowdmap deployments or other services. These badges are broken down into “badge packs”. For example, the “Locations” pack is a simple grouping of badges that follow a travel theme, with badges highlighting landmarks from countries around the world. The “Ushahidi” pack is a group of generic badges that the Ushahidi team has put together. New badge packs are expected soon. If you have a badge wishlist or design idea, contributions from the community and designers are welcome.
How can you use this as an Ushahidi administrator? Deployers of newer versions of the Ushahidi Platform and current users of Crowdmap have access to all of these badges already. Simply log into your admin panel and browse to the Manage-Badges settings page to get started. As an example, you may award the 25 Star badge to a user who has sent in 25 approved reports. This can be a manual process where you assign badges to users or set up Action Triggers to do this automatically. Just experiment with the platform to come up with interesting achievements to award your users. Please check out our badge site for more information.
The admin panel now allows you to set up automated actions on your deployment. We saw a need for this since administrators cannot always be at the helm 24/7. You are now able to set a chain of events into motion when certain conditions that you specify are hit. A few examples could be:
- If someone creates a report in a certain area, email the administrator.
- If a reporter mentions coffee five times, assign them a badge (see above).
- If a report comes in at night (while you’re sleeping), auto approve it and assign it to a specific category.
Currently you can assign actions on reports and checkins, but we are planning to add more options in the future.
Another Notable feature is subscription of Alerts via SMS. This has been made possible through the free and open source SMS gateway – SMSsync.
This is important for users who cannot access the web application to subscribe for alerts for a particular deployment.
By just sending a text message with the keyword “alert” and the location e.g “Alert Nairobi” to the phone number set up on the deployment – you get to receive alerts from the deployment.
In addition, users can unsubscribe from mobile alerts by sending a message with the keyword “off” to the phone number of the deployment they have subscribed to.
NOTE: Currently this feature is active for SMSsync. There is work is in progress for other SMS gateways (e.g. short providers.)
Themes and UX:
In terms of UI/UX, we have increased the number of themes the platform ships with giving you a variety of options to chose from. Jump straight to your back-end, on Addons->Themes tab and check them out.
The login feature for the administrator has been greatly improved on and you can access it easily from the front – end without having to move from the main page
Some additional changes include:
- Adding the option to set the administrator password during the install process
- Public listing of deployment which increases your deployment’s discoverability.
- A new and better light weight text editor.
One significant change on the platform is the moving of the sharing feature into a plugin. The only thing you need to to is activate it from the Addons-Plugins tab. Two plugins have been added the Adsense plugin and the Viddler plugin which now allows for video functionality on your deployment.
We would like to thank the following people for their contribution to the development, pull requests and testing of Juba:
John Etherton, George Chamales, Michael Coates, Olga Werby, Rob Baker, Jaroslav Valuch, Aaron Huslage, Melissa Elliott, Jeannine Lemaire, Mikel Maron, Ajay Kumar, Aashika Damodar and Jess Woodard. We would also like to “our corporate friends” who ran a test exercise in late 2011. And, we’d like to thank all the people who submitted Github Issues or feedback with bugs and feature requests. Ushahidi is our community and our users. Thank you.
Linda and the Dev team
Cartoon image by xkcd licensed under a Creative Commons Attribution 2.5 license