Install an extension from Panopticon

[vinespie]

Hello everyone,

The idea would be to be able to install an extension on one or more sites registered in Panopticon.
The user could provide the URL of the extension to install.

[nikosdion]

The reason this is not implemented is that it's incredibly dangerous.

First of all, you have to make sure that the sites are compatible with the extension. This might seem obvious, but can you really confirm that besides having the same Joomla! and PHP version they also have the correct database type, database server version, PHP configuration, PHP extensions installed, and that any other installed third party extensions (which might differ on each site) won't be a problem? Having seen the results of people using this feature on a different Service That Shall Not Be Named – please don't name it, we all know which one it is, and they are litigious arseholes – I am not convinced that users can be trusted to do these basic checks.

Beyond that, I have seen some extensions which fail to install miserably unless installed by using the Upload and Install method only, as they abuse the post-installation message to trigger an AJAX call which completes the installation. Yes, sure, these also fail when you try to install them with the Joomla CLI. The thing is, I hate being blamed for other people's shady bullcrap.

This is the second time someone asks for this today. Look. I am going to add that feature, BUT there are two implementation caveats:

• It will be disabled by default. The language in the switch to turn it off will be sufficiently scary.
• Even when turned on, it will come with a warning that this might break your site for reasons outside our control.

Does that sound fair enough?

[vinespie]

Yes, I agree it can be dangerous.
Going further, a simple update of an extension as currently available can potentially break the site. This feature is already available. Unless I'm mistaken, there is no warning message.

I don't see a problem with this feature not being activated by default and it seems normal to protect yourself with warnings.
Maybe add an Akeeba backup before updating the extension...

[nikosdion]

People do understand the risks of updating an extension. It's something they do a heck of a lot more than installing new extensions, they have had their fair share of failures and just… get it. This is why I never had to put a warning. If someone comes to complain everyone will be “wtf, dude, that's common sense; your bloody computer works the same way!”

People do not understand the risks of installing an extension, though. I know because I have been on the receiving ends of complaints both for things I've done (not a lot, and not very frequently, as I am being very careful) and for things I have nothing to do with (just because people think that somehow, magically, Admin Tools Professional could affect extension installation even though it's never been the case). Basically, people will blame anyone and anything upon installation except use their common sense about the extension's requirements, their server configuration, and whether the extension is doing something that might seem a bit… off.

Moreover, if you try to install an extension across multiple sites it is possible that on some sites it's an update, on some sites it's a clean installation. Some extensions may cause some breakage or unexpected operation until you configure them properly for the site – Admin Tools Professional, as well as other security and SEO tools will definitely fall into that category.

Finally, there are some cases where extension developers give you special instructions for installation or update. For example, going from Akeeba Backup 8 to Akeeba Backup 9 requires an additional migration step. If you do a mass install and you forgot about this needed step you might end up breaking something on your sites, which is why we've been telling our users to do the installation one site at a time.

Bonus subject: security. If I cannot find a good way to ensure this feature is secure enough, I won't implement it. Remote code installation (which comes with remote code execution, since we have a post-installation script in both Joomla! and WordPress) needs to be very tightly controlled, or it's an Alaska-sized security hole. This is not a concern with updates since it's your site pulling the code package from a source your ostensibly trust, not us pushing the code package to it via the API. That's a huge difference.

[vinespie]

Perhaps it is only necessary to offer installation from a URL (and not by sending a package), this URL having previously been added to a white list on the site to be monitored. It's an idea... I don't have a vision of the technical constraints of this project.

In any case, congratulations for your work.

[nikosdion]

This is actually a very interesting idea. That would definitely fit the bill of what could be enabled by default. Upload and Install could be something that you can optionally enable in two places: the connector on the site itself, and the Panopticon installation. This would solve the problem I was having about some sites not needing this feature and not wanting to accept the risk that comes with it.

See, that's why I love discussing ideas! 😉

[nikosdion]

Tracking with #346