Ben Francis wrote:
I'd recommend MediaWiki[1] which is the wiki behind wikipedia. I'm currently using three of them, two of which are for internal use only and soon to install a fourth. I don't know if it features password protection for *reading* the wiki on a public web server though, I've just been using http auth.
Mediawiki works very well, though it is a large system and it might be a case of using a sledgehammer to crack a nut. I doubt the ALUG wiki would have enough pages to justify using a system on that scale, really!
Having extra user names and passwords is always a pain in the neck but sadly the growth of spamming makes it a necessary evil. Also, I doubt that many ALUGers will be doing much updating on a regular basis, so it won't put upon too many people. Passwords and the like *are* against the spirit of a wiki, but it is probably less annoying for a user to use one than to have to browse a spam-clogged site.
Crazy idea here, probably a million reasons why not to but I'll post it anyway.
Why not have a cyclic secret that is placed in the main list's signature (the one that appears on every main list posting) Surely the only people who have a legitimate interest to modify the wiki are already list members.
If it's a simple matter of checking the bottom of one of the recent main postings I think it's something we could live with that provides less of a barrier than yet another registration form.
A bot isn't going to be clever enough to strip the secret from the list archives, perhaps a human could be but we could conceivably strip it from the archive if that was a concern.
Another option, if we are going to go with usernames/passwords. can we set it up so that the Library uses the same registration database or vice versa...seems silly to duplicate registrations amongst the same group, I am happy to provide whatever is needed from the Library end.
Wayne
Hi Wayne
On Tuesday 04 October 2005 21:26, Wayne Stallwood wrote:
Why not have a cyclic secret that is placed in the main list's signature (the one that appears on every main list posting) Surely the only people who have a legitimate interest to modify the wiki are already list members.
Excellent suggestion in my opinion. Don't know how much effort it would take to implement...
Regards, Paul.
Well I had something pretty kludgy on my mind, like using fortune to generate phrases weekly and then getting one of the local regex masochists to come up with something that extracts a word of suitable length as the secret and then just stuffing that in whatever authentication method is easiest to use with the Wiki.
As I say...pretty kludgy
On Tue, 2005-10-04 at 21:43 +0100, Paul wrote:
Hi Wayne
On Tuesday 04 October 2005 21:26, Wayne Stallwood wrote:
Why not have a cyclic secret that is placed in the main list's signature (the one that appears on every main list posting) Surely the only people who have a legitimate interest to modify the wiki are already list members.
Excellent suggestion in my opinion. Don't know how much effort it would take to implement...
Regards, Paul.
On 04/10/05, Wayne Stallwood ALUGlist@digimatic.plus.com wrote:
Why not have a cyclic secret that is placed in the main list's signature (the one that appears on every main list posting) Surely the only people who have a legitimate interest to modify the wiki are already list members.
Some people may want to update the wiki but aren't on the list?
We have had edits to our (HantsLUG) wiki from the USA and Sweden recently. The people who made those edits made valuable contributions to the site, but they're not on the mailing list.
The way I see it *any* barrier to maintaining a site is a barrier to maintaining the site!
The thing about wikis is anyone can edit at any time from anywhere. I often edit wikis (not just the HantsLUG one, but others too) when I am not logged in. It doesn't make my content any less valid or useful..
Cheers, Al.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Alan Pope alan.pope@gmail.com wrote:
On 04/10/05, Wayne Stallwood ALUGlist@digimatic.plus.com wrote:
Why not have a cyclic secret that is placed in the main list's signature (the one that appears on every main list posting) Surely the only people who have a legitimate interest to modify the wiki are already list members.
Some people may want to update the wiki but aren't on the list?
Undoubtedly true.
We have had edits to our (HantsLUG) wiki from the USA and Sweden recently. The people who made those edits made valuable contributions to the site, but they're not on the mailing list.
Makes sense.
The way I see it *any* barrier to maintaining a site is a barrier to maintaining the site!
We know all about maintainence barriers... so, who other than MJ Ray has access to the website, and can upload changes to the static pages? It appears that we've ended up in the situation of having a defined method of updating the static content of the site, but the method involves knowing how to (at the very minimum) use make, and read the README in the tar ball of the site source, which is not in the most obvious of places.
The thing about wikis is anyone can edit at any time from anywhere. I often edit wikis (not just the HantsLUG one, but others too) when I am not logged in. It doesn't make my content any less valid or useful..
Hmm, well, OK - so, here's a new, slightly sadistic idea... how about having 2 different stages for wiki edits, how about a maintainance section for logged in, trusted users (where the trust is assigned via discussion on the list, maybe), the changes these 'trusted' users make are immediately available in the wiki... changes done anonymously are accessable to all, but are not the default view of the wiki, they go through a 'staging' session...
I'm not aware of a wiki that currently does this, but it seems to me that this would be closer to a CMS than to your usual wiki, and so maybe we could move the rest of the website in to a similar system, and finally seperate the design of the site from the actual content...
If I get some copious spare time in the next couple of weeks I'll knock something up in django[1] to try to address these issues, and give you all a shiny URL to play in to see if it addresses some of the issues that we're thinking of...
(Yes, I know that I no longer live in East Anglia, before anyone helpfully points that out, but I don't believe that ALUGs goals state that you have to live in East Anglia to contribute, or to be a member... if anyone has got an objection with me contributing, though, feel free to bring it up).
Cheers, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Brett Parker iDunno@sommitrealweird.co.uk wrote:
If I get some copious spare time in the next couple of weeks I'll knock something up in django[1] to try to address these issues, and give you all a shiny URL to play in to see if it addresses some of the issues that we're thinking of...
*bother*, and now I shall include the reference that I kinda missed in the first post...
[1] http://www.djangoproject.com/
Cheers, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
On 05/10/05, Brett Parker iDunno@sommitrealweird.co.uk wrote:
We know all about maintainence barriers... so, who other than MJ Ray has access to the website, and can upload changes to the static pages? It appears that we've ended up in the situation of having a defined method of updating the static content of the site, but the method involves knowing how to (at the very minimum) use make, and read the README in the tar ball of the site source, which is not in the most obvious of places.
Our entire site is a wiki. There is *no* static content. Well, there's a couple of locked pages - the voting pages and the LUG finances - which you can understand I'm sure. The front door and every page other than the two I have mentioned are open for edits though. So there really is no overall control from one person. I think at the last count there were about 10 or so people with the "admin" password.
The admin password on our wiki allows you to quickly and easily rollback changes with one click (any user of course can edit out something they don't like - it's just easier for admins). Admins can also maintain the list of banned words and banned hosts. Oh and they can lock and unlock pages and the whole site if it's under sustained attack.
As I mentioned quite a few of us have RSS readers open most of the day and as such most spam doesn't go unnoticed by us for long. Either an admin or a "normal" person (or an admin who has forgotten the admin password and accesses the site like any other joe) can and does undo the damage.
Hmm, well, OK - so, here's a new, slightly sadistic idea... how about having 2 different stages for wiki edits, how about a maintainance section for logged in, trusted users (where the trust is assigned via discussion on the list, maybe), the changes these 'trusted' users make are immediately available in the wiki... changes done anonymously are accessable to all, but are not the default view of the wiki, they go through a 'staging' session...
This is actually not far off what we have in practice. Mr Scripting Dude spams loads of pages with some duff content. A potential visitor could drop by at this point and see the duff content. Within some hours or often minutes (depending on time of day really) the content is reversed. Job done. More visitors come to the site and are oblivious as to what happened.
So in effect us admins watching the site are letting stuff stay ( good content ) and removing tha bad stuff. Ok the odd bit gets through, but it's not much and not often any more. We used to get attacked really regularly, almost daily, and sometimes by different spammers all making multiple changes to the same set of pages. That rarely happens now - not because of the admins, but because of the extra patches - detecting bad words and rejecting content that content..
We even have a patch (which has not been applied for performance reasons) that runs all changes through spamassassin!
(Yes, I know that I no longer live in East Anglia, before anyone helpfully points that out, but I don't believe that ALUGs goals state that you have to live in East Anglia to contribute, or to be a member... if anyone has got an objection with me contributing, though, feel free to bring it up).
I don't live in Anglia either, but my geographic location didn't stop me helping Surrey LUG and Wolves. Once an acceptable solution is found to a problem that affects quite a few LUGs, it makes sense to share it.
Our solution works for us and some other LUGs. You don't have to use it of course, and a LUG the size of Anglia clearly has some considerable creative minds who can probably come up with a better system than us, but until you do, ours is there for the taking.
Again, I'll gladly offer my assistance where it may be required.
Cheers, Al.
Brett Parker iDunno@sommitrealweird.co.uk
[...] so, who other than MJ Ray has access to the website, and can upload changes to the static pages?
OTTOMH only Darren Casey and Jonathan McDowell right now (the job list page needs an update too). Alessio Damato can update his own pages, but not other ones.
I've acknowledged there are problems and outlined how I intend to improve matters. If there are lurking masses of page maintainers out there, please shout out now and let's work on it together. Don't be deterred by Brett flaming me after an earlier arguement.
I'll work on that whether or not people want to take up Al's offer of migration (which I think would be my preferred choice), Wayne's library login or mailing list cookie ideas or Brett's CMS. Just let me know what needs sending to who. I'm unhappy with the Mediawiki idea: it doesn't use wiki markup and it's complicated. I rarely see good sites using it without lots of customisation. Sorry Ben.
Thanks to all for the ideas so far,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MJ Ray mjr@phonecoop.coop wrote:
Brett Parker iDunno@sommitrealweird.co.uk
[...] so, who other than MJ Ray has access to the website, and can upload changes to the static pages?
OTTOMH only Darren Casey and Jonathan McDowell right now (the job list page needs an update too). Alessio Damato can update his own pages, but not other ones.
I wasn't aware Noodles had access... I'm not sure that he is, either.
I've acknowledged there are problems and outlined how I intend to improve matters. If there are lurking masses of page maintainers out there, please shout out now and let's work on it together. Don't be deterred by Brett flaming me after an earlier arguement.
*YAWN* - I wasn't flaming you, it was "just a passing comment".
Thanks,
- -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno@sommitrealweird.co.uk
On Wed, Oct 05, 2005 at 08:44:06AM +0100, Brett Parker wrote:
MJ Ray mjr@phonecoop.coop wrote:
Brett Parker iDunno@sommitrealweird.co.uk
[...] so, who other than MJ Ray has access to the website, and can upload changes to the static pages?
OTTOMH only Darren Casey and Jonathan McDowell right now (the job list page needs an update too). Alessio Damato can update his own pages, but not other ones.
I wasn't aware Noodles had access... I'm not sure that he is, either.
You don't have to know everything you know. :P
I've only had it for a few weeks and am only really looking after the Norwich event pages (which should be up to date now - let me know if anything is missing).
J.
On Tue, Oct 04, 2005 at 11:47:39PM +0100, Alan Pope wrote:
We have had edits to our (HantsLUG) wiki from the USA and Sweden recently. The people who made those edits made valuable contributions to the site, but they're not on the mailing list.
I figure a 2 (or is this 3?) tier-system of having approved users with username/password who can do what they want. Then having "approved" users who have made (for example) 3 edits in the past that have been approved by a moderator (have a moderation feed via rss?) and work out who they are by cookies or hostname etc. Then have "unapproved" users who are welcome to edit the wiki but have to give an email address when editing, these edits will then be approved via the moderators using rss (if they so wish, the exact mechanism could be via a webpage and email too) then if the moderators recognise the email address, person, valid contribution etc. then they can whitelist further edits from this user?
You are then avoiding having to have any passwords (which are a pain to remember) but just using an email address to authenticate the user, which in this situation is *more* than good enough. If a user then "turned rogue" you just remove their email address from the list of users able to make edits.
Adam
-
Adam Bower -
Alan Pope -
Brett Parker -
Dave Briggs -
Jonathan McDowell -
MJ Ray -
Paul -
Wayne Stallwood