Web maps in 2025

Posted on: Tuesday 7 January 2025 /
Categories: GPS and mapping, Trackserver

As the developer of the Trackserver WordPress plugin, I have a special interest in web mapping solutions, and in particular those that are not Google Maps 🙂 The landscape has changed quite a bit over the years, and more and more tools have seen the light of day. In this blog post, I want to explore the current landscape and see what it means for Trackserver.

To publish an interactive map on a web page, you need at least these two components:

  • A source (server) for map tiles;
  • A client side Javascript library for rendering the map.

For a long time, there were not many options for either of these. There was only one type of map tiles, called ‘raster tiles’, and you would get them from OpenStreetMap directly or from one of the providers listed on their website. Over time, commercial tile providers like Mapbox, MapTiler and Stadia Maps entered the scene, providing tiles as part of a larger mapping ecosystem. They generally provide access to tiles for free, but with usage limits. That makes sense, because hosting isn’t free.

Client side, there were two options that could be considered mainstream: LeafletJS and Openlayers. Both are still in active development today, or so it seems. Leaflet’s last public release is nearly two years old.1

In 2013, Mapbox came up with a new mapping technology called ‘vector tiles‘. Where raster tiles are just pre-rendered square pictures, containing a visual of a small piece of the map, a vector tile is essentially a machine readable description of geographic data, encoded in binary form. To render it in visual form, you need to provide a style sheet that describes how to style and format different map elements. The rendering is then done on the client side. This became feasible with browser canvas improvements and the arrival of WebGL. Mapbox Vector Tiles (MVT) are the dominant format for this type of tiles.

Vector tiles have some advantages over raster tiles:

  • They’re generally smaller, so more efficient to transport;
  • Beter visual quality, because they can be rendered at any zoom level or screen resolution without pixelation;
  • Flexible, client-side styling – easy changing of how certain elements are drawn;
  • Data-driven (dynamic) styling;
  • Easier interaction with specific map elements, because they are in fact separate elements;
  • Not directly a feature of vector tiles, but because WebGL is generally used to render them, features like 3D maps, hill shading and map rotation become easier to implement.

While Openlayers has had support for vector tiles since 2014, LeafletJS still does not support vector tiles natively. This makes me wonder if Leaflet is slowly starting to lose its relevance. With the adoption of vector tiles, more client side libraries have been developed. Perhaps not surprisingly, it is Mapbox’s own library (Mapbox GL JS) that leads the field of vector tile renderers. For a long time, the client was free and open source software, released under the 3-Clause BSD license, but with the release of v2.0 in December 2020, they moved to a proprietary license. Also, the SDK is taylored to be used with the Mapbox platform, and maybe less suitable for use with other tile sources.

The Mapbox license change led to the creation of a derived version (a fork), called MapLibre GL JS. It is now developed independently, and still released under the 3-Clause BSD license. As of 2025, Openlayers and MapLibre GL JS seem to be the top contenders for rendering vector-based maps. It is also worth mentioning MapTiler and their JS SDK. This is based on MapLibre GL JS, but has extra functionality to work with MapTiler’s platform. While this is not unlike Mapbox GL JS, MapTiler SDK JS is fully open source (BSD license) and it is specifically designed to stay compatible with other tile sources.

So, what does this all mean for Trackserver, if I wanted it to support vector tiles?

First of all, Trackserver is built on LeafletJS and it uses a few plugins for specific functionality, including editing tracks (GeoJSON geometries) in the WordPress backend. Rewriting all of this functionality on top of Openlayers or Maplibre GL JS would not be feasible. I can hardly keep up with PHP versions and browser changes as it stands, and I would much rather spend my time on building new features than on doing a complete rewrite.

Fortunately, there are possible workarounds. Maplibre GL JS can be made to work with Leaflet through a plugin, and there is Tangram, a library for rendering vector data with WebGL, that also works as a Leaflet plugin. If they work well, and which of these is the most stable, compatible and feature-rich remains to be researched and tested.

Some further reading:

Footnotes

  1. With LeafletJS v1.9, released in 2022 and last updated in May 2023, the v1 major version was put into maintenance mode, and some plans for v2 were announced. However, as far as I know, no development on version 2 has been done in the public Github repository and no release date for Leaflet v2 has been planned. ↩︎

Adele in Munich

Posted on: Monday 9 September 2024 /
Categories: Music, Photography

Trackserver v5.0 released

Posted on: Monday 6 February 2023 /
Categories: GPS and mapping, Nerd Stuff, Programming, Trackserver

So… here we are! A new version of my Trackserver WordPress plugin was released! If you don’t know what Trackserver is, please have a look at its dedicated page on this website and the plugin’s details on WordPress.org.

Almost five years have passed since the last major release, and the last minor release, v4.3.2, was more than three years ago. In the first few months after the last release, a lot of work was done on restructuring the plugin, but the job at hand turned out to be bigger than expected, and before I could finish it, life got in the way.

So here’s a small disclaimer: after so much time, and so many failed attempts to release a new version, I decided to just do it: release a new version on WordPress.org, exactly as it currently is on Github. This means that some features, and most notably the upgrade process have not been tested very well. Version 4.3.2 is old, and I have always been running the latest code myself. It also means that not every known issue that may still be present in v5.0 is fixed. If things don’t work for you the way you expect, I apologize. Please open an issue, preferably on Github, and I’ll try to help you as well as I can.

As with every major release, there are a few big changes that deserve some special attention. Here we go.

Universal URL slug for all supported apps

In earlier versions of Trackserver, each supported client app (TrackMe, OruxMaps, etc.) had its own URL slug, which allowed Trackserver to quickly pick a the right protocol to listen for.

Trackserver v5 introduces a new universal slug, that can be used in all supported clients. The server will use different heuristics to pick the correct protocol. This means that all clients have to be reconfigured to use the new slug, which is ‘trackserver’ by default. You can configure the slug in Trackserver’s options.

To illustrate this with an example:

With v4, in TrackMe, you would use https://yourhost/wp/trackme in the ‘URL Header’ setting.

In OruxMaps, you would use https://yourhost/wp/mapmytracks.

With v5, you would use https://yourhost/wp/trackserver in either of them!

Your Trackserver profile in the WordPress backend will display this URL at the top of the page. The old, app-specific URL slugs still work in Trackserver v5.0, so nothing will break right away, but they are marked deprecated in the options page, and they will be removed in a future version.

The universal URL does, however, take two different forms. It is possible to embed authentication credentials in the URL, for apps that do not support a more secure method of authentication, like HTTP POST or HTTP basic authentication. TrackMe, OsmAnd and SendLocation are the known clients that need this. In earlier versions this was already possible (and necessary) for some apps, while for example OsmAnd would normally be configured to send the credentials as URL parameters (?username=abc&password=xyz). In v5, I decided to standardize this on having the credentials in the URL as components, rather than as parameters, although the parameters still work. For named apps, the Trackserver URL would look like this:

https://yourhost/wp/trackserver/<username>/<password>

Either of these methods are inherently insecure, because the credentials will likely be logged in the webserver’s access logs. That’s why Trackserver stopped requiring your WordPress password for these apps a long time ago. And please, please, please.. always use HTTPS!!

And that brings me to the second big change that needs some more explanation.

App passwords

In earlier versions of Trackserver, there were different authentication credentials for different apps:

  • Some apps (OruxMaps, OwnTracks) were considered secure enough to use your WordPress password.
  • For the other apps, each one had a different ‘secret’ in your Trackserver profile.

Apart from the confusion and the hassle of managing all these different secrets, there was the problem of sites that use SSO for logging in to WordPress, in which case users don’t really have WordPress password to use with Trackserver.

In version 5, these app-specific passwords and access keys have been transformed into ‘App Passwords’, and are now app-independent. Existing access keys are automatically converted to App Passwords during the upgrade, and will all be valid for all supported apps, including the apps that worked with your WordPress password before.

Your WordPress password will still work for those apps, but that may change in a future release. Switching to App Passwords is recommended, regardless of the app you use for tracking. The main benefit is an increase in security, because your WordPress password will no longer be necessary for using Trackserver. Trackserver App Passwords can be changed often without impacting WordPress logins. As an added bonus, App Passwords also work in WordPress installs that use SSO mechanisms like OAuth2 for user logins.

App passwords can be managed in your Trackserver profile. They also have permissions attached to them: ‘read’, ‘write’ and/or ‘delete’. Most apps only create tracks and send location updates, and they would only need ‘write’ permission for that. If you configure an app password with only write permissions, it cannot be used to download your tracks or delete anything, in case it would fall into the wrong hands.

Some apps, like TrackMe for example, have functionality that requires read and/or delete permissions. If you use that functionality, you have to configure an app password with appropriate permissions. But even TrackMe can be used for online tracking with only write permissions.

Other changes

There were also a lot of more or less minor changes, that I should mention here:

  • You can now search / filter tracks with a search box at the top of the tracks list.
  • A bulk action for duplicating tracks was added.
  • The PHP code was restructured in a major way, separating code into different classes in a logical way.
  • Leaflet was updated to version 1.9.3.
  • Experimental support for µlogger.
  • Numerous small changes and fixes, improving usability, robustness and error handling.

A complete list of changes can be found in the changelog.

No changes at all were made in the shortcode or the presentation side of things.

Trackserver v4.0 released

Posted on: Thursday 22 February 2018 /
Categories: GPS and mapping, Nerd Stuff, Programming, Trackserver

After another year of slow development, Trackserver v4.0 was released today. If you don’t know what trackserver is, you can read about it on its dedicated page on this website.

I will update this post later with some more in-depth information and some nice screenshots. For now, I’m afraid I will have to keep it down to the changelog, which you can find below. Where v3.0 was a big update on the front-end, the changes in v4.0 are much more in the back-end. Most of the work has been done in the WordPress admin, a little work was done in client / protocol support for live tracking (geofencing!) and a few minor improvements on the presentation side. Only one new shortcode parameter this time, and no real changes to existing ones.

Version 4.0 is the first version to feature a tangible contribution from someone other than myself. Thanks must go to Dainius Kaupaitis, who contributed a Lithuanian translation.

Here are the changes, plain and simple:

Added

  • A track editor in the WP admin, based on Leaflet.Editable. It allows you to move and delete track points and split tracks.
  • Bulk action for viewing multiple tracks at once in the admin. Editing them also works.
  • Geofencing support, allowing you to hide or drop location updates within certain areas.
  • A proxy for external KML and GPX tracks, to work around CORS restrictions.
  • ‘maxage’ shortcode parameter to impose time-based limit on live tracks.
  • OwnTracks HTTP support, locations request handling only for now.
  • Bulk action for downloading tracks as GPX.
  • A {distance} tag for infobar template, for total track distance in meters.
  • Information about live tracking URLs and howto’s for mobile apps on the user’s Trackserver profile.
  • Information on how to use live tracking in OsmAnd.
  • Lithuanian translation, thanks to Dainius Kaupaitis.
  • PHP coding style checks and automated testing with TravisCI.

Changed

  • Make the ‘infobar’ shortcode attribute accept a string, to override the template set in the user profile.
  • Show a popup on the map with an internationalized message when there are no tracks to display.
  • When a (live) track that is currently shown on the map is no longer present in the server response, show a nice popup, suggesting a page reload.
  • Limit the TrackMe ‘gettriplist’ command to the 25 latest tracks, serve them in reverse order.
  • Increase WP-admin ‘View track’ modal window size to 1024×768.
  • Updated Polyline encoder from Eric McConville to v1.3.
  • Updated Leaflet to version 1.3.1.
  • Updated Leaflet-fullscreen to version 1.0.2.

Fixed

  • In JavaScript, store track information from the server more reliably.
  • Improve HTTP responses around authentication failure.
  • Recalculate the total track distance after merging multiple tracks.
  • Easier access to Leaflet map object from 3rd party JavaScript (issue #9).
  • Handle localized decimal numbers from SendLocation (issue #12).
  • Some minor JavaScript and PHP issues.
  • Many many many PHP coding style fixes.

Panoramas Chamrousse

Posted on: Sunday 18 February 2018 /
Categories: Photography

Last week, I made these two panoramas in Chamrousse, France.

Chamrousse 1700, Arselle lift

 

La Croix, 2250m

 

(360×180 degrees panoramas shot with Google Camera on Android, no tripod, displayed with Pannellum)

1 2 3 27