A small feature release: 

  • Collections now have access to a 'Gallery' template option, which displays child objects as a thumbnail grid below the description. This allows you to use collections to generate an 'article + gallery' pattern for (say) events or travel articles, or can be used as an alternative display format for publications catalogues etc.

A small feature release and polish. The shiny new things are:

  • CSS grid themes: Several new themes are available based on native CSS grid, which removes Bootstrap as a dependency. This makes them both simpler and more lightweight. They are also more refined and precise in terms of spacing and layout. The new themes are Tide (teal), Sand and Sea (blue), Kelp (olive-amber), Canyon (rust stained) and Pond (green). The themes feature a 'night mode' toggle and use image source sets to ensure that thumbnails are crisp when displayed at different resolutions or on high resolution screens.
  • Block template overrides: Copy the internal block templates from modules into the relevant theme/blocks directory and customise them however you like, (eg. copy yourmodule/Block/some-template.html to themes/yourtheme/blocks/some-template.html). The versions internal to the modules provide safe defaults if theme-specific versions are not available.
  • Pagination control has been extracted from the PHP code and placed in a html template.

I've added libvips as a third option for thumbnail generation. It's better than ImageMagick in that it is around 4x faster, and uses 1/10th the memory. It is particularly good if your webserver has more than one core available as it will split the work across multiple threads, whereas ImageMagick won't. Like ImageMagick, it is colour space aware (GD isn't).

In terms of speed and quality, the options are now (best to worst):

  • libvips
  • ImageMagick
  • GD (default)

GD is best avoided (worst quality, and the lack of colour space awareness can make images drab and lifeless) but is set as default because it is widely available on most web hosts, whereas ImageMagick is sometimes available, usually with some configuration, and libvips usually isn't a PHP thing. You'll probably need your own VPS or webserver, or be running Tuskfish on a Docker stack.

To enable it, install libvips-tools on your system and rename ResizeImage-Vips.php to ResizeImage.php (and backup or remove the existing one). Refer to the files's docblock for instructions, and to configure compression and sharpening.

Sharpening is off by default, but I have found a value of 0.5 (light sharpening) works pretty well. It comes at a cost though, forcing a second pass over the image so it noticeably slows thumbnail generation down on pages with a lot of images. However, this is only an issue on first load, as after that you're pulling the thumbnails from the cache.

A SCP story. High quality production. Well worth 15 minutes of your time. Published on DUST | A Rose on Thorne Street.

This is part 3 of the series "Strange anomaly in the deep woods". Story by Dougie Corrado.

A small update to simplify / reduce friction during installation:

  • Change index.php to route from request path only, independent of scheme and host. This avoids the need to manually configure when deploying behind reverse proxy that handles TLS termination.

A minor update that provides a performance boost, file structure reorganisation and security hardening:

  • Optimise database performance: Indexes have been added, which accelerate queries, improve resilience under load, and further reduce the already small hardware requirements of Tuskfish. The indexes are primarily of benefit to sites with large content loads.
  • Modularity has been improved so that new modules can be dropped in or ripped out without modifying other code, which will simplify future development.
  • The SMTP password is now encrypted at rest.

Whenever I think Tuskfish is 'finished' some new ideas will hit me. I do think we are in the endgame now, here is what's planned:

  • Optimise database performance [done]: Add indexes and improve a couple of query issues. This is being tested on my largest production site, which has > 1,000 articles. Page execution times, which were already fast, have been halved, with individual content pages now down to 5-8 ms, while the index page (heaviest) is down to 10-12 ms. Practically speaking, you probably won't notice any difference unless you have a massive site. But halving execution times means your site can handle (nearly) double the number of requests and makes it a lot more resilient under load.
  • Complete modularisation [done]: I would like it to be able to add new functionality by dropping a single directory into the system and not having to touch anything else. It's mostly there but there are still a couple of things you need to manually wire in (module header, templates).
  • Dockerise Tuskfish: Create a Docker Compose stack and Makefile that will let you deploy Tuskfish with a single command. I've done this for a couple of other projects recently. Imagine typing 'make up' and the whole system just builds itself and deploys inclusive of self-updating TLS certificates.

Then, I think I need to go work on something else for a while.

I'm releasing Go2Serve, a static file server written in Go. It's a single binary with simple configuration, no runtime dependencies, and secure defaults out of the box. You can build it and learn how to use it in two minutes.

I built Go2Serve because I wanted something lightweight, performant and safe. Something I could drop onto a Pi or a VPS, point at a directory, and have it serving files over HTTPS in under a minute with near-zero configuration.

Go2Serve serves static files. That's it. No CGI, no reverse proxying, no dynamic content. What it does do, it tries to do well:

  • HTTPS with zero configuration: Pass `--domain example.com` and go2serve handles Let's Encrypt certificates automatically, including renewal. Manual certificates are also supported, with automatic reload every 60 seconds for zero-downtime rotation.
  • Security defaults: Path traversal protection (including via symlinks), `X-Content-Type-Options`, `X-Frame-Options`, `Referrer-Policy`, and optional HSTS and Content-Security-Policy headers. These are on by default, not buried in a config file you have to remember to write.
  • Per-IP rate limiting: Token bucket rate limiting is enabled out of the box, with proxy-aware client IP extraction when you're behind a load balancer.
  • Lightweight: No CGO, no runtime dependencies. The Docker image is built from `scratch` and contains nothing but the binary and CA certificates. Memory footprint is minimal.

Go2Serve ships Docker-first. The supported, cross-platform install path is "make up", which builds a pinned, reproducible Linux image and runs it in a hardened scratch container — identical on Linux, macOS, and Windows (WSL2). Building a native binary (make build-bin, requires Go) is offered as a secondary path for non-Docker hosts. See the README.md!

A minor feature and security hardening release:

  • Add SMTP support via PHPMailer.
  • Add TFISH_EMAIL_URL constant to config.php.
  • Proactive security hardening pass based on sweep by Claude Opus 4.6.