What's the current status of the ALUG wiki WRT making changes? Regards, Keith ____________ Knowledge is learning something every day. - Wisdom is letting go of something every day. - Zen Saying
"Keith Watson" <keith.watson@kewill.com>
What's the current status of the ALUG wiki WRT making changes?
I believe it's broken, but I don't have time to make a good solution which will fix it and prevent the spam. I will send the source code and test files to anyone who wants to fix it. My current idea is to add a script which lets people edit the main pages on the site in-browser (or copy-paste or scriptedly) and emails patches to me. That will avoid the spam problem, as I can ignore their changes, but will still be fairly quick if I'm getting patches in my preferred form by email. Probably using perl, diff -u and HTMLArea. I'll do it soon, or sooner if you ask me to. Thanks, -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
On Tuesday 04 October 2005 11:54, MJ Ray wrote:
"Keith Watson" <keith.watson@kewill.com>
What's the current status of the ALUG wiki WRT making changes? I believe it's broken, but I don't have time to make a good solution which will fix it and prevent the spam. I will send the source code and test files to anyone who wants to fix it.
One possible solution is to use password protection - A wiki used by another group I'm involved with have an Admin page that requires a login before any edits can be made. So far, we haven't had any problems with spammers. How difficult would it be to implement and use this with the alug wiki ? Regards, Paul. -- From the Klingon book of C: Klingon function calls do not have 'parameters' - they have 'arguments' - and they ALWAYS WIN THEM.
Paul wrote: [SNIP]
One possible solution is to use password protection - A wiki used by another group I'm involved with have an Admin page that requires a login before any edits can be made. So far, we haven't had any problems with spammers.
On which point, can anyone recommend a wiki with such a feature. We want to use one for internal documentation and information sharing. Cheers, Laurie. -- -------------------------------------------------------------------- Laurie Brown laurie@brownowl.com --------------------------------------------------------------------
Hi Laurie On Tuesday 04 October 2005 12:17, Laurie Brown wrote:
One possible solution is to use password protection - A wiki used by another group I'm involved with have an Admin page that requires a login before any edits can be made. So far, we haven't had any problems with spammers.
On which point, can anyone recommend a wiki with such a feature. We want to use one for internal documentation and information sharing.
usemod-wiki is the one used by "the other group". I believe kwiki also has such a feature, but I couldn't get the perl modules to install and gave up on it. (I'm not a big fan of perl at the best of times..) Regards, Paul. -- From the Klingon book of C: Klingon function calls do not have 'parameters' - they have 'arguments' - and they ALWAYS WIN THEM.
Laurie Brown wrote:
Paul wrote:
[SNIP]
One possible solution is to use password protection - A wiki used by another group I'm involved with have an Admin page that requires a login before any edits can be made. So far, we haven't had any problems with spammers.
The Lincolnshire Linux User Group is currently discussing ditching their wiki or password protecting it because of spam. I set up the wiki with phpwiki and never locked the front page which was my first mistake. I've always been dead against requiring registration for wikis, it's too much of a barrier to input IMHO. The web has far too many usernames and passwords floating around as it is. Also, even registration doesn't stop spammers. Until the community comes up with some kind of single sign on or trust system for every web site a person uses and gets it widely adopted, putting usernames and passwords on things which are meant to be public may be a required evil. There are other solutions out there though with varying success and my preference is just making sure our technology is ahead of the spamming scum, but that doesn't always work.
On which point, can anyone recommend a wiki with such a feature. We want to use one for internal documentation and information sharing.
I'd recommend MediaWiki[1] which is the wiki behind wikipedia. I'm currently using three of them, two of which are for internal use only and soon to install a fourth. I don't know if it features password protection for *reading* the wiki on a public web server though, I've just been using http auth. 1. http://mediawiki.org -- Ben "tola" Francis http://hippygeek.co.uk
Paul <bdi-emc@ntlworld.com>
One possible solution is to use password protection [...]
It depends. If you issue username/password to individuals, it works but is no longer a wiki in my opinion. If you set one username/password, it doesn't stop spammers, based on past experience. I was using a simple perl wiki (not kwiki - maybe usemod), but I forget which one, it wasn't important enough to me to back it up and my site on www.affs.org.uk was crippled without warning (which seems entirely personal, as Marc who left before still has one) so I can't check now. The ALUG wiki is using phpwiki 1.2 or so, still. Migration may be a good idea if people want to keep it, but I need help for that too. Thanks, -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
On Tue, Oct 04, 2005 at 12:39:26PM +0100, MJ Ray wrote:
Paul <bdi-emc@ntlworld.com>
One possible solution is to use password protection [...]
It depends. If you issue username/password to individuals, it works but is no longer a wiki in my opinion. If you set
I wouldn't call using a browser and then sending patches via email a wiki, although I'm not entirely sure if you meant for this just to be for the main website? or the wiki also? Password protection shouldn't be a problem for most people I would have thought.
usemod), but I forget which one, it wasn't important enough to me to back it up and my site on www.affs.org.uk was crippled without warning (which seems entirely personal, as Marc who left before still has one) so I can't check now.
Why do you have to make a comment like this while knowing that I am one of the sysadmins of www.affs.org.uk? None of the sysadmin team have been informed that your wiki isn't working or that there are/were any problems. It most certainly isn't personal and breaking it was most certainly not intentional.
The ALUG wiki is using phpwiki 1.2 or so, still. Migration may be a good idea if people want to keep it, but I need help for that too.
I quite like Alan Popes suggestions, at least an rss wiki feed would allow me to keep an eye on it, if we had just a few others helping out then I'm sure we would be on top of any spam problems. Thanks Adam -- jabberid = quinophex@jabber.earth.li AFFS || http://www.affs.org.uk/ || Not a filesystem
Pot Adam Bower <adam@thebowery.co.uk> called the Kettle black with:
Why do you have to make a comment like this while knowing that I am one of the sysadmins of www.affs.org.uk? None of the sysadmin team have been informed that your wiki isn't working or that there are/were any problems.
Ask yourself, why did you ever make a public comment about a website that you know I maintain? I didn't have to, but I chose to mention it here. I don't know whether you are still a sysadmin of www.affs.org.uk, because the AFFS "sysadmin team" is not mentioned on Workgroups or Tasks pages (or a web search, even). As for not having "been informed," I don't know the recommended way to contact the sysadmin team, but I emailed webmaster@affs.org.uk months ago about the lost web site, cvs access and related cron error emails every morning. Thanks, -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
On Tue, Oct 04, 2005 at 02:35:37PM +0100, a paranoid android wrote:
Pot Adam Bower <adam@thebowery.co.uk> called the Kettle black with:
Why do you have to make a comment like this while knowing that I am one of the sysadmins of www.affs.org.uk? None of the sysadmin team have been informed that your wiki isn't working or that there are/were any problems.
Ask yourself, why did you ever make a public comment about a website that you know I maintain?
Uh, apples & oranges.
I didn't have to, but I chose to mention it here. I don't know whether you are still a sysadmin of www.affs.org.uk, because the AFFS "sysadmin team" is not mentioned on Workgroups or Tasks pages (or a web search, even). As for not having "been informed," I don't know the recommended way to contact the sysadmin team, but I emailed webmaster@affs.org.uk months ago about the lost web site, cvs access and related cron error emails every morning.
Sorry, so you don't have to mention the problem but you have to attack other people about it in public. You *really* are one of the *nicest* people I have *ever* met (insert sarcasm as appropriate, MJ Ray /may/ have trouble with this one). Adam -- jabberid = quinophex@jabber.earth.li AFFS || http://www.affs.org.uk/ || Not a filesystem
Adam Bower <adam@thebowery.co.uk>
Sorry, so you don't have to mention the problem but you have to attack other people about it in public.
It wasn't an attack. I just mentioned it in explanation. You replied with an absurd complaint that I haven't informed some undocumented team with no published details about the problem.
You *really* are one of the *nicest* people I have *ever* met
I'm fine, but I don't tolerate fools like you trying to make me look bad with misdirection. I don't see how that you break something that way unintentionally. If nothing else, the errors and growing queues it caused should have been noticed by now. Sleep well, -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
On Tue, Oct 04, 2005 at 06:18:41PM +0100, MJ Ray wrote:
You *really* are one of the *nicest* people I have *ever* met
I'm fine, but I don't tolerate fools like you trying to make me look bad with misdirection. I don't see how that you break something that way unintentionally. If nothing else, the errors and growing queues it caused should have been noticed by now.
I'm the fool? I would just like you to take notice of the point that I am not the one who has still not reported the exact problems so that they can be fixed instead of continuing an argument on (the wrong) public mailing list. *sigh* Final attempt, tell me exactly what the problems are and they will be looked at. Your email to webmaster never arrived on www.affs.org.uk I'm guessing your email is broken. Of course you could have also tried the usual way to report problems with a machine is via an email to root@ as it should forward to the correct person. (which indeed it does). Adam -- jabberid = quinophex@jabber.earth.li AFFS || http://www.affs.org.uk/ || Not a filesystem
Adam Bower <adam@thebowery.co.uk>
I'm the fool? I would just like you to take notice of the point that I am not the one who has still not reported the exact problems so that they can be fixed instead of continuing an argument on (the wrong) public mailing list.
The problems were reported, but I'm sorry if it wasn't exact enough for you. I would like you to notice that you made a public argument out of a side comment on the wrong mailing list. It seems that it's only publicising inaction that brings action. :-(
Final attempt, tell me exactly what the problems are and they will be looked at.
I can't tell you "exactly what the problems are" because I don't know how it was broken. I've suggested some quick fixes on IRC for the symptoms that I can see. HTH.
Your email to webmaster never arrived on www.affs.org.uk I'm guessing your email is broken. [...]
A safe claim, as I probably can't check that now. -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
Anyone else going today? Cheers, Laurie. -- -------------------------------------------------------------------- Laurie Brown laurie@brownowl.com --------------------------------------------------------------------
Laurie Brown <laurie@brownowl.com>
Anyone else going today?
I should be there tomorrow. If you're going today and fancy some hot LUG action, I think there's a Lonix meeting in the evening. -- MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/
If I might ask, do we know whether the spam problem is coming from people, and not bots? Bot protection is much easier than password auth. etc, and if there's uncertainty, it couldn't hurt... ... Law of the Perversity of Nature: You cannot successfully determine beforehand which side of the bread to butter.
On 04/10/05, Ten <runlevelten@gmail.com> wrote:
If I might ask, do we know whether the spam problem is coming from people, and not bots?
Both. On the Hants wiki I did some extensive analysis. We found that yes sometimes they appeared to be slow/manual edits of the wiki with someone pasting in some links part way through the page. On other occasions we'd see a squillion hits on the wiki from one address, which appeared to be reading all the pages - effectively spidering the site. This was often done by some kind of perl script (detected by the user agent field). Later on that same day we would see spam attacks on the same pages but originating from multiple different locations which we suspect are open proxies or compromised machines.
Bot protection is much easier than password auth. etc, and if there's uncertainty, it couldn't hurt...
I'm generally against enforced passwords for wikis. It detracts from the community spirity of a wiki. I prefer that anyone can do a "drive by wiking" without having to remember yet another username/password combination. I am also against systems which involve a mashed up sequence of letters and numbers which need to be entered to change the wiki. These are often difficult to see for sighted people, let alone people with visual difficulties. Is it appropriate to make it more difficult for a poor sighted person to update the wiki than someone with 20/20 vision? I believe not. Just my 2p. Cheers, Al.
On Tue, Oct 04, 2005 at 02:31:12PM +0100, Alan Pope wrote:
I'm generally against enforced passwords for wikis. It detracts from the community spirity of a wiki. I prefer that anyone can do a "drive by wiking" without having to remember yet another username/password combination.
I'm taken by your idea+offer of protection that you have worked out, if that (and all else fails, lets use passwords).
I am also against systems which involve a mashed up sequence of letters and numbers which need to be entered to change the wiki. These are often difficult to see for sighted people, let alone people with visual difficulties. Is it appropriate to make it more difficult for a poor sighted person to update the wiki than someone with 20/20 vision? I believe not.
ick, that sounds worse than usernames and passwords imho. Thanks Adam -- jabberid = quinophex@jabber.earth.li AFFS || http://www.affs.org.uk/ || Not a filesystem
On Tuesday 04 October 2005 14:31, Alan Pope wrote:
I'm generally against enforced passwords for wikis. It detracts from the community spirity of a wiki. I prefer that anyone can do a "drive by wiking" without having to remember yet another username/password combination. I agree on the general principle here, although I'm not personally averse to the wiki being a list affair..
There are less restrictive methods. Apart from anything else, if a specific referrer/cookie combination were required to edit the wiki (ie you have to go through an unindexed second page which is NOT linked to on the site, URL only on-list) it would be interesting to find out whether in fact somebody was reading through the list before spamming the wiki. Anyway, that's just the sort of tangential silliness that always gets me in trouble, sorry.. :)
I am also against systems which involve a mashed up sequence of letters and numbers which need to be entered to change the wiki. These are often difficult to see for sighted people, let alone people with visual difficulties. Is it appropriate to make it more difficult for a poor sighted person to update the wiki than someone with 20/20 vision? I believe not.
Wait, we could put teh letters and numbers in alt tags! Heh, seriously though, I've got to concur here - there are more disabled web/internet users in Europe than there are British web/internet users in Europe, and if there's part of the world that should have the scruples to respect a platform neutral medium that's there for everyone, and make it accessible, it's the FOSS-using part of it. There's more than one way to fill a bot with cream, though... Anyway, bots aside, I'm beginning to see the advantages of manual despamming, myself. If we want an intelligent and usable wiki, with the freely editable goodness that entails, maybe some of us could pitch in a little bit and make it happen. I could turn my hand to this occasionally(although admittedly not in any really structured or committed way because I have my head in an awful lot of books lately) if needed, and hey, maybe if a couple more people would, the wiki could stay editable. Which would be nice... Either way, there sure is some editing to be done, and forgive me if I'm speaking out of turn, but editing a wiki via email just doesn't feel 'right' to me. Cheers, Ten -- ... The more we disagree, the more chance there is that at least one of us is right.
On 04/10/05, MJ Ray <mjr@phonecoop.coop> wrote:
"Keith Watson" <keith.watson@kewill.com>
What's the current status of the ALUG wiki WRT making changes?
I believe it's broken, but I don't have time to make a good solution which will fix it and prevent the spam. I will send the source code and test files to anyone who wants to fix it.
We (HantsLUG) had a similar issue a while ago. We use usemod wiki which is quite simple but doesn't have much in the way of spam protection. Some of the members of the LUG created some patches [1] which we have applied. These involve checking the content of submissions for "banned words", adding an easy "rollback" function for the admins to undo spam attacks quickly, and looking up contributors hosts/ips in DNSBL to reject their changes. Our patches are by no means a comprehensive anti-spam solution but we have significantly chopped the number of attacks we have. In addition to which a few of us watch changes to the wiki closely via the RSS feed [2] and jump on and squash any spammers pretty quickly. I have assisted WolvesLUG and SurreyLUG in putting the same wiki in place for them. I'd be glad to help ALUG do the same. Cheers, Al. [1] http://hants.lug.org.uk/cgi-bin/wiki.pl?AntiSpam [2] http://hants.lug.org.uk/cgi-bin/wiki.pl?action=rss
participants (8)
-
Adam Bower -
Alan Pope -
Ben Francis -
Keith Watson -
Laurie Brown -
MJ Ray -
Paul -
Ten