From dirk at haun-online.de Thu Apr 1 13:05:43 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 Apr 2004 20:05:43 +0200 Subject: [geeklog-devel] Request to create new library called lib-account.php In-Reply-To: <40578646.5010004@tonybibbs.com> References: <40578646.5010004@tonybibbs.com> Message-ID: <20040401180543.1666@smtp.haun-online.de> Tony, >Our auth system works the same way that Passport, Project Liberty, etc >does and the only way I could get this to work was to remove all the >functions in public_html/users.php (except for the profile function) and >put them in lib-acccount.php. In this manner I now have access to teh >fucntions I need access to without compromising the way users.php >expects to work. Any chance this could be turned into a generalized solution to allow all sorts of "external" authentication schemes? For example, here's someone looking for an LDAP solution: bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Fri Apr 2 13:15:30 2004 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 2 Apr 2004 20:15:30 +0200 Subject: [geeklog-devel] Geeklog in osvdb.org Message-ID: <20040402181530.2002@smtp.haun-online.de> A new site, called the open source vulnerability database, has been launched: http://www.osvdb.org/ Even though it's a (relatively) new site, they also list old vulnerabilities. Not surprisingly, it also has information on 12 issues with Geeklog: http://www.osvdb.org/searchdb.php? action=search_title&vuln_title=geeklog&Search=Search Some of the entries don't list any details yet, since they are "lacking proper or complete infomation, and is in queue for processing by either a Data Mangler or Moderator." Others do list details. However, they also contain incorrect information. E.g. refers to the file management plugin, and recommends " Upgrade to version 1.3.8-1sr3 or higher, as it has been reported to fix this vulnerability." which is of course not correct. Another example: refers to problems that were found in the forum. *sigh* I guess I have to work my way through those and send in corrections. I'll CC: the list when I do that (which may take a while ...). bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From tony at tonybibbs.com Sat Apr 3 18:52:15 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Sat, 03 Apr 2004 17:52:15 -0600 Subject: [geeklog-devel] Server Move, CVS, mailing lists etc Message-ID: <406F4E2F.4010104@tonybibbs.com> Ok, here is the run down. Tomorrow somtime I will be moving everything on the current server over to the new and improved server (now at 1GB RAM and 5x18GB drives RAID'd). I will then cut the DNS over on Tuesday. During the DNS cut over the server will be moved to the colo and life should begin being much better. Later next week I hope to then move the mailing lists over. My sysadmin assures me that qmail can work with mailmain and that we can convert the archives over so I think we are covered. I'd encourage no CVS activity until I send a follow-up tomorrow letting you all know the move has happened. As an FYI, the server now has a real sysadmin so patches, fixes, etc should be quicker, more reliable. Shoot me any questions. --Tony From tony at tonybibbs.com Sun Apr 4 23:27:19 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Sun, 04 Apr 2004 22:27:19 -0500 Subject: [geeklog-devel] Server update Message-ID: <4070D217.3040006@tonybibbs.com> Ok, moved everything to the improved server so you should notice some difference. I had to reset all your accounts for CVS so you should have en email in your inbox with your new username pw. In case you had something on the old server, it's ip is 192.168.1.4 and your accounts are still active. You have until the end of tomorrow to get everything you want off that box. Also I'm sure anonymous CVS is broken but I will get that nailed down tomorrow at some point. --Tony From tony at tonybibbs.com Mon Apr 5 01:00:14 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Mon, 05 Apr 2004 00:00:14 -0500 Subject: [geeklog-devel] CVSROOT Change Message-ID: <4070E7DE.6070108@tonybibbs.com> The new cvs root is at /var/cvs instead of /usr/cvs/geeklog. This change was needed because of the way we had to partition the drives. --Tony From tony at tonybibbs.com Tue Apr 6 10:27:32 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 06 Apr 2004 09:27:32 -0500 Subject: [geeklog-devel] DNS changes Message-ID: <4072BE54.2080104@tonybibbs.com> I'm making some DNS changes that will effect cvs and project.geeklog.net. This will not effect www.geeklog.net and demo.geeklog.net. This is all happening because I am moving the server to the new colo today. --Tony From niels at creatype.nl Fri Apr 9 06:10:04 2004 From: niels at creatype.nl (Niels Leenheer) Date: Fri, 09 Apr 2004 12:10:04 +0200 Subject: [geeklog-devel] Misc additions Message-ID: <4076767C.6010500@creatype.nl> Hi Guys, I'm finished some additions to Geeklog that are may be useful for a larger installation of Geeklog. Some of these additions are running already on Groklaw and some are scheduled to be added to Groklaw in the nearby future. 1) The ability for logged in users to post as an 'Anonymous Coward'. 2) The ability for logged in users to automatically hide posts made by Anonymous Cowards 3) The ability for selected moderators to hide comments from public view. This is dependant on a new permission. These moderators are not allowed to delete comments. It basically creates two levels of moderators. Deleting is only allowed by the higher group of moderators. In addition to this, the comments will be kept visible to the user who posted the comment either based on the IP (anon users) or the user id (logged in users). To prevent users from reposting the same comment after they notice it is hidden. 4) The ability to limit the length of comments. In case somebody posts a very large comment this feature will allow readers to show only the first part of the comment. By default this is turned of and it can be turned on in the user preferences. Default values: Full, Small, Medium and Large. The comment display engine will basically check for the length of the comment and chop the rest. Of course it will try to find a convenient place to do this and it will not chop in the middle of a html tag. Also if there are still open tags it will close these tags. A 'Read more...' link is appended to the chopped comment to allow the visitor to read the rest of the comment if needed. This feature is designed to work with 'Flat' and 'Nested' mode. In 'Threaded' mode it will always display the full comment. 5) The addition of tag to the title of each comment. This allows us to link to specific comments using a regular URL. a) The addition of a # link, to each comment, which allows users to simply copy the direct URL to that particular comment, so it can be used in other comments or other websites to link to that particular comment. b) Modification of the return urls after an action is performed on a comment. For example, if a moderator hides a comment, it can return back to the comment that was hidden. c) In 'Threaded mode' clicking on the title of a child comment actually directly links to that comment, instead of the first child of the parent. 6) Addition of a return url to the comment form. This allows a user to continue reading where he left of before making a comment. Now he just returns to the main story page. Since we are using 1.3.8 this is all currently based on that version and not on the latest version of the CVS. But if you are interested in any of these additions I am willing to make a patch against the then current CVS version. Niels niels at creatype.nl From tony at tonybibbs.com Mon Apr 12 10:15:42 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Mon, 12 Apr 2004 09:15:42 -0500 Subject: [geeklog-devel] New Classified Plugin...need help Message-ID: <407AA48E.5040203@tonybibbs.com> Hey, I'm busy developing a new classified plugin. I know one for Geeklog already exists but I needed one that a) can be used to test the GL2 module API 2) can optionally accept payment via paypal 3) shows a real MVCnPHP implementation (again, more geared for GL2) 4) shows how to use the new translator for GL2. I realize this seems GL2 focused and it is but it will implement the 1.3.x API and the 2.x API which will also help module developers in building their own migration path. Note that in the end I do actually need a working classified plugin for www.iowaoutdoors.org so while this is an exercise testing some GL2 features it must work flawlessly in GL 1.3.x as well. If anyone is interested in helping I could use some programming or, at the very least beta testers for this plugin. Please responsd to this list if you are interested. --Tony From dirk at haun-online.de Mon Apr 12 11:08:27 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 12 Apr 2004 17:08:27 +0200 Subject: [geeklog-devel] New Classified Plugin...need help In-Reply-To: <407AA48E.5040203@tonybibbs.com> References: <407AA48E.5040203@tonybibbs.com> Message-ID: <20040412150827.20047@smtp.haun-online.de> Tony, >Hey, I'm busy developing a new classified plugin. I know one for >Geeklog already exists Two, actually. The one that I wrote (my very first plugin :-) and one called zClassifieds (which, I think, is/was a standalone script, now wrapped into Geeklog). bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Mon Apr 12 18:09:05 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 13 Apr 2004 00:09:05 +0200 Subject: [geeklog-devel] Offline Message-ID: <20040412220905.3333@smtp.haun-online.de> As mentioned on IRC, I'll be offline for the rest of the week, attending the ACCU conference, . They have a couple of talks on open source this year (including a keynote by a certain Eric S. Raymond), of which I will try and attend a few (specifically the ones on "Funding open source" and "Choosing the right license"). bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From tony at tonybibbs.com Wed Apr 14 16:05:12 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 14 Apr 2004 15:05:12 -0500 Subject: [geeklog-devel] Offline In-Reply-To: <20040412220905.3333@smtp.haun-online.de> References: <20040412220905.3333@smtp.haun-online.de> Message-ID: <407D9978.8080309@tonybibbs.com> Hope you are having fun out there. A full report is expected... --Tony Dirk Haun wrote: >As mentioned on IRC, I'll be offline for the rest of the week, attending >the ACCU conference, . > >They have a couple of talks on open source this year (including a keynote >by a certain Eric S. Raymond), of which I will try and attend a few >(specifically the ones on "Funding open source" and "Choosing the right >license"). > >bye, Dirk > > > > From dirk at haun-online.de Mon Apr 19 13:59:57 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 19 Apr 2004 19:59:57 +0200 Subject: [geeklog-devel] ACCU: Open source licenses 101 Message-ID: <20040419175957.18967@smtp.haun-online.de> Tony wanted a full report from the ACCU conference, so here's part 1 ;-) The presentation "Open Source licenses 101" didn't really tell me anything about those licenses that I didn't know already. An interesting point, though, that the presenter made was that in his opinion, the GPL is often chosen for convenience's sake and not because the developers really meant it or have it thought through properly. I brought up the topic of web applications, which we have discussed before: If you modify a web application that is released under the GPL (say, Geeklog), and you only use it to run a website but you don't distribute your modified version, then you don't have to share your modifications. The presenter agreed that this was an oversight in the GPL - mostly because at the time the GPL was written, web applications as such didn't really exist. He wasn't aware of any other open source license that covers this case either. Since the presenter was David Ascher from ActiveState, I asked him (after the talk) about the chances of them porting Komodo to MacOS X. Apparently, they do get that question a lot, but not often enough to make it worthwhile funding the development of such a version. So he didn't exactly say "no", but he made it clear that the chances are slim. Too bad. I guess I have to try running Komodo remotely off of my Linux box. David Ascher mentioned that people seem to be doing it, although it tends to be a bit sluggish. bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From dirk at haun-online.de Mon Apr 19 14:11:10 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 19 Apr 2004 20:11:10 +0200 Subject: [geeklog-devel] ACCU: Funding Open Source Message-ID: <20040419181110.31099@smtp.haun-online.de> ACCU conference report, part 2: The presentation on funding open source development mainly revolved around bounties and EU funds, both of which don't really apply to us (i.e. to Geeklog). There was one interesting idea, though (see below). Bounties: Some organisations are willing to pay for the development of certain open source software. So they specify what has to be written and give the money to the first person or group that comes along and actually implemented it. Mark Shuttleworth is running such a scheme, see . EU funds: There aren't any specific EU funds for developing open source software, but several of the existing funds could be applied to open source developement. The problems are that 1) the funds are only available for new developments and 2) they involve a lot of paper work (to the extend that it is recommended to actually hire someone specifically to do the paperwork). Another interesting concept that was mentioned is that of "sponsoring" the implementation of new features or bug fixes in existing applications. Say that, for example, a person or a group of persons would be willing to pay someone to implement a specific feature and that the result would then be integrated into the application. This could be done by either the actual developers or by some external party. Paying for bugfixes sounds a bit odd at first. However, if you look through our list of open bugs, you'll find a few long-standing but annoying ones. Take, for example, the backslash issue (i.e. backslashes disappear from postings). I have a rough idea what the problem is and I do know that it will require a lot of work (and testing) to fix it. So even though I consider it pretty embarrassing to have such a seemingly trivial bug in our software, I just couldn't persuade myself yet to tackle it. A bit of cash could just be enough to bring myself (or someone else) to finally do it. Surely, this shouldn't become the standard path to get new features or bugfixes into Geeklog. Since all of us developers use Geeklog to run sites of our own, there is enough motivation to continue to develop (and debug) it anyway. But sponsorships could help getting specific features into the software. Food for thought (and open for discussion). bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From vmf at abtech.org Mon Apr 26 11:57:45 2004 From: vmf at abtech.org (Vincent Furia) Date: Mon, 26 Apr 2004 11:57:45 -0400 Subject: [geeklog-devel] GL2 Plugins Message-ID: <408D3179.4030703@abtech.org> I've written up some initial ideas about how GL2 will handle plugins. You can view what is complete so far at: http://vfuria.dyndns.org/GL2PluginAPI.html Comments are welcome and will help Tony and I finish this off so we can move on to other aspects of GL2. Thanks, -Vinny From mike at skinmaster.co.uk Wed Apr 14 03:07:10 2004 From: mike at skinmaster.co.uk (Michael Jervis) Date: Wed, 14 Apr 2004 08:07:10 +0100 Subject: [geeklog-devel] Comment Spam & lib-c*.php Message-ID: Hi, I've been having a lot of comment spam recently and I noticed there is no IP tracking on the comments, making it hard to locate and lock out repeated anonymous comment spam. I've modified my geeklog instance, didn't take much, to log the comment ip address, and display it next to the delete link if you have delete permissions. I think this code should be a feature. Want mine? I was thinking, as I trolled round the code changing things. IMHO lib-custom.php and lib-common.php are the wrong way round. Sort of. I think that your geeklog include path and custom files should be in the same file. lib-custom.php which should be in the public_html. lib-common.php should be in system. This way there are two touch points, config.php and lib-custom.php where users put their stuff. They shouldn't need to edit a 'core' file, lib-common.php themselves. The content of lib-custom.php would never need to change, it's their system specific settings. No more editing of lib-common.php when upgrading etc. It just make things more logical, and better for upgrading IMHO. Just my $0.02. Mike From tony at tonybibbs.com Tue Apr 27 13:30:46 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 27 Apr 2004 12:30:46 -0500 Subject: [geeklog-devel] Re: [geeklog-modules] New Classified Plugin...need help In-Reply-To: <407AA48E.5040203@tonybibbs.com> References: <407AA48E.5040203@tonybibbs.com> Message-ID: <408E98C6.9050404@tonybibbs.com> Could use some beta testers by the end of this week as I should have most of the code done. Please holla if you hear me... --Tony geeklog-modules-admin at lists.geeklog.net wrote: > Hey, I'm busy developing a new classified plugin. I know one for > Geeklog already exists but I needed one that a) can be used to test > the GL2 module API 2) can optionally accept payment via paypal 3) > shows a real MVCnPHP implementation (again, more geared for GL2) 4) > shows how to use the new translator for GL2. > > I realize this seems GL2 focused and it is but it will implement the > 1.3.x API and the 2.x API which will also help module developers in > building their own migration path. Note that in the end I do actually > need a working classified plugin for www.iowaoutdoors.org so while > this is an exercise testing some GL2 features it must work flawlessly > in GL 1.3.x as well. > > If anyone is interested in helping I could use some programming or, at > the very least beta testers for this plugin. Please responsd to this > list if you are interested. > > --Tony > _______________________________________________ > geeklog-modules mailing list > geeklog-modules at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-modules From dirk at haun-online.de Tue Apr 27 13:57:51 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 27 Apr 2004 19:57:51 +0200 Subject: [geeklog-devel] Server upgrade complete Message-ID: <20040427175751.2629@smtp.haun-online.de> geeklog.net has now been upgraded to FreeBSD 4.8 and MySQL 4.0.17. Please report any problems you may encounter. bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From tony at tonybibbs.com Fri Apr 30 18:41:38 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 30 Apr 2004 17:41:38 -0500 Subject: [geeklog-devel] Comment Spam & lib-c*.php In-Reply-To: References: Message-ID: <4092D622.8010004@tonybibbs.com> I don't see a reply to this so here is mine: Sure send your code over for tracking IP's in comments. As for rearranging file locations. We'll be looking at separating lib-common.php into even more libraries (e.g. lib-html.php, etc) but I doubt we swap the location of lib-common.php and lib-custom.php just for support reasons (we'd get flooded with "where is lib-common.php" questions no matter how much we documented and advertised such a change). I agree hindsite your suggestions seems the most logical, however, you must consider the history of those files. lib-custom.php didn't exist for a long time and all there was was lib-common.php. Thanks, --Tony Michael Jervis wrote: >Hi, > >I've been having a lot of comment spam recently and I noticed there is no IP >tracking on the comments, making it hard to locate and lock out repeated >anonymous comment spam. I've modified my geeklog instance, didn't take much, >to log the comment ip address, and display it next to the delete link if you >have delete permissions. > >I think this code should be a feature. Want mine? > >I was thinking, as I trolled round the code changing things. IMHO >lib-custom.php and lib-common.php are the wrong way round. Sort of. > >I think that your geeklog include path and custom files should be in the >same file. lib-custom.php which should be in the public_html. lib-common.php >should be in system. This way there are two touch points, config.php and >lib-custom.php where users put their stuff. They shouldn't need to edit a >'core' file, lib-common.php themselves. > >The content of lib-custom.php would never need to change, it's their system >specific settings. No more editing of lib-common.php when upgrading etc. It >just make things more logical, and better for upgrading IMHO. > >Just my $0.02. > >Mike > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://lists.geeklog.net/listinfo/geeklog-devel > >