From slord at marelina.com Sat Jan 3 20:35:06 2004 From: slord at marelina.com (Simon Lord) Date: Sat, 3 Jan 2004 20:35:06 -0500 Subject: [geeklog-devel] http://www.groklaw.net/ Message-ID: <39FF6F53-3E56-11D8-A574-003065C030F2@marelina.com> Wow, Groklaw is powered by Geeklog! Sincerely, Simon From geeklog at langfamily.ca Sat Jan 3 20:58:45 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 3 Jan 2004 20:58:45 -0500 Subject: [geeklog-devel] http://www.groklaw.net/ References: <39FF6F53-3E56-11D8-A574-003065C030F2@marelina.com> Message-ID: <003901c3d266$49396060$640a10ac@XPBL2> Yeh - also saw that today. Pretty neat. They are not using the forum. ----- Original Message ----- From: "Simon Lord" To: Sent: Saturday, January 03, 2004 8:35 PM Subject: [geeklog-devel] http://www.groklaw.net/ > Wow, Groklaw is powered by Geeklog! > > > Sincerely, > Simon > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Sun Jan 4 04:22:20 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 Jan 2004 10:22:20 +0100 Subject: [geeklog-devel] http://www.groklaw.net/ In-Reply-To: <39FF6F53-3E56-11D8-A574-003065C030F2@marelina.com> References: <39FF6F53-3E56-11D8-A574-003065C030F2@marelina.com> Message-ID: <20040104092220.21221@smtp.haun-online.de> Simon, >Wow, Groklaw is powered by Geeklog! You should hang around on IRC more often ... LinuxPlanet has an interview with the woman behind the site: She even mentions Geeklog there: "Moving to the website and changing to Geeklog software opened up many possibilities for a large, coordinated group effort." We should have one of those sleazy "costumer statements" pages ;-) bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Sun Jan 4 12:06:31 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 Jan 2004 18:06:31 +0100 Subject: [geeklog-devel] calendar_event.php Message-ID: <20040104170631.8955@smtp.haun-online.de> Funny what you can find during a code review. I didn't know you could call calendar_event.php with a date instead of an event id. If you do, it lists all the events for that date. However, something's missing here: http://www.geeklog.net/calendar_event.php?month=02&day=14&year=2003 Doesn't look like this is used much, if at all :-) bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From pfawcett at smx.pair.com Mon Jan 5 15:59:35 2004 From: pfawcett at smx.pair.com (Pat F) Date: Mon, 5 Jan 2004 15:59:35 -0500 (EST) Subject: [geeklog-devel] pair + geeklog In-Reply-To: <3E2C94A9.4050000@tonybibbs.com> References: <3E2C94A9.4050000@tonybibbs.com> Message-ID: Guys, I've been busy and haven't messed with our Geeklog installer since version 1.3.7sr2 (very bad on my part, I know). It seems to work OK except for this one warning, then error: ... ... Downloading package: geeklog-1.3.8-1sr3...ok Extracting package: geeklog-1.3.8-1sr3....ok Moving files..............................ok Setting directory rights..................ok Creating config.php.......................ok Creating lib-common.php...................ok Creating the Database..................... Warning: main(/path/to/geeklog/system/databases/mysql.class.php): failed to open stream: No such file or directory in /usr/www/users/fawcett/refer/system/lib-database.php on line 111 Fatal error: main(): Failed opening required '/path/to/geeklog/system/databases/mysql.class.php' (include_path='/usr/local/lib/php') in /usr/www/users/fawcett/refer/system/lib-database.php on line 111 Can you please tell me what might be the cause of this error? Thanks, Patrick From tony at tonybibbs.com Mon Jan 5 16:32:08 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Mon, 05 Jan 2004 15:32:08 -0600 Subject: [geeklog-devel] pair + geeklog In-Reply-To: References: <3E2C94A9.4050000@tonybibbs.com> Message-ID: <3FF9D7D8.9060503@tonybibbs.com> It appears that, for some reason, in config.php the $_CONF['path'] isn't set right. Judging by the warnings, it is set to /path/to/geeklog/ (the default) instead of that actual location. Jason, I assume this is something that should be determined automagically, right? Can you send me the source code? We really need to have this in CVS. Dirk, where do you want it...in /etc under geeklog-1.3? --Tony Pat F wrote: > Guys, > > I've been busy and haven't messed with our Geeklog installer since version > 1.3.7sr2 (very bad on my part, I know). It seems to work OK except for > this one warning, then error: > > ... > ... > Downloading package: geeklog-1.3.8-1sr3...ok > Extracting package: geeklog-1.3.8-1sr3....ok > Moving files..............................ok > Setting directory rights..................ok > Creating config.php.......................ok > Creating lib-common.php...................ok > Creating the Database..................... > Warning: main(/path/to/geeklog/system/databases/mysql.class.php): failed > to open stream: No such file or directory in > /usr/www/users/fawcett/refer/system/lib-database.php on line 111 > > Fatal error: main(): Failed opening required > '/path/to/geeklog/system/databases/mysql.class.php' > (include_path='/usr/local/lib/php') in > /usr/www/users/fawcett/refer/system/lib-database.php on line 111 > > > Can you please tell me what might be the cause of this error? > > Thanks, > > Patrick > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From dirk at haun-online.de Mon Jan 5 16:48:27 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 5 Jan 2004 22:48:27 +0100 Subject: [geeklog-devel] pair + geeklog In-Reply-To: <3FF9D7D8.9060503@tonybibbs.com> References: <3FF9D7D8.9060503@tonybibbs.com> Message-ID: <20040105214827.15474@smtp.haun-online.de> >We really need to have this in CVS. Dirk, where do you want >it...in /etc under geeklog-1.3? /etc is currently empty and thus not included in the tarball. I agree that the script should be in CVS, but should it be in the distribution? If the answer is "no", then it should be somewhere outside of /geeklog-1.3 bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From pfawcett at smx.pair.com Mon Jan 5 16:49:11 2004 From: pfawcett at smx.pair.com (Pat F) Date: Mon, 5 Jan 2004 16:49:11 -0500 (EST) Subject: [geeklog-devel] pair + geeklog In-Reply-To: <3FF9D7D8.9060503@tonybibbs.com> References: <3E2C94A9.4050000@tonybibbs.com> <3FF9D7D8.9060503@tonybibbs.com> Message-ID: I found a potential problem, and made sure it was consistant by attempting multiple installs. From my config.php file in /usr/www/users/fawcett/refer I saw that it has $_CONF['path'] declared twice: // +---------------------------------------------------------------------------+ // | (2) Paths | // +---------------------------------------------------------------------------+ // Note for Windows users: It's safe to use the forward slash '/' instead of // the backslash '\' in paths. Make sure each path starts with a drive letter! $_CONF['path'] = '/usr/www/users/fawcett/refer/'; $_CONF['path'] = '/path/to/geeklog/'; // should end in a slash I'm guessing that this causes a problem further down in the installation process. -Patrick On Mon, 5 Jan 2004, Tony Bibbs wrote: > It appears that, for some reason, in config.php the $_CONF['path'] isn't > set right. Judging by the warnings, it is set to /path/to/geeklog/ > (the default) instead of that actual location. > > Jason, I assume this is something that should be determined > automagically, right? Can you send me the source code? We really need > to have this in CVS. Dirk, where do you want it...in /etc under > geeklog-1.3? > > --Tony > > Pat F wrote: > > Guys, > > > > I've been busy and haven't messed with our Geeklog installer since version > > 1.3.7sr2 (very bad on my part, I know). It seems to work OK except for > > this one warning, then error: > > > > ... > > ... > > Downloading package: geeklog-1.3.8-1sr3...ok > > Extracting package: geeklog-1.3.8-1sr3....ok > > Moving files..............................ok > > Setting directory rights..................ok > > Creating config.php.......................ok > > Creating lib-common.php...................ok > > Creating the Database..................... > > Warning: main(/path/to/geeklog/system/databases/mysql.class.php): failed > > to open stream: No such file or directory in > > /usr/www/users/fawcett/refer/system/lib-database.php on line 111 > > > > Fatal error: main(): Failed opening required > > '/path/to/geeklog/system/databases/mysql.class.php' > > (include_path='/usr/local/lib/php') in > > /usr/www/users/fawcett/refer/system/lib-database.php on line 111 > > > > > > Can you please tell me what might be the cause of this error? > > > > Thanks, > > > > Patrick > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://lists.geeklog.net/listinfo/geeklog-devel > > Patrick From tony at tonybibbs.com Wed Jan 7 00:02:54 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 06 Jan 2004 23:02:54 -0600 Subject: [geeklog-devel] Testing of getimage.php Message-ID: <3FFB92FE.3000002@tonybibbs.com> I have committed changes to CVS that use getimage.php. That file allows images outside of a webtree to be viewed (i.e. userphotos, article images). This was added as someone using Geeklog on a restrictive host couldn't use any of the file uploads features because of security restrictions. Instead of writing files to public_html/images, the iamges had to be uploaded to a directory elsewhere. My only real issue with what I have done is security. I'm worried that it may be possible to hack the getstring in a way that may allow access to unrestricted files. Granted I have limited the serving of files to only images and I am check for '..' in the image name for someone that may try using relative paths but I still think it needs someone elses blessing before I'd feel 100% confident. If you get a chance, give it a try. Thanks, --Tony From dirk at haun-online.de Wed Jan 7 13:52:33 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 7 Jan 2004 19:52:33 +0100 Subject: [geeklog-devel] Testing of getimage.php In-Reply-To: <3FFB92FE.3000002@tonybibbs.com> References: <3FFB92FE.3000002@tonybibbs.com> Message-ID: <20040107185233.16762@smtp.haun-online.de> Tony, >My only real issue with what I have done is security. I'm worried that >it may be possible to hack the getstring in a way that may allow access >to unrestricted files. Since you're including lib-common.php in the very first line, which then goes on to include config.php (all with hard-coded paths), it would overwrite whatever path was passed in the URL. So that shouldn't be a problem. The only issue would come up if someone doesn't have the $_CONF['path_images'] defined in their config.php (e.g. because they were using an old copy). But that would probably be noticed before any hacking attempts ... >and I am check for '..' in the image name for someone that >may try using relative paths That certainly can't hurt. >If you get a chance, give it a try. Haven't tried it yet, the above were just thoughts after looking at the source. bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From vmf at abtech.org Wed Jan 7 23:41:31 2004 From: vmf at abtech.org (Vincent Furia) Date: Wed, 07 Jan 2004 23:41:31 -0500 Subject: [geeklog-devel] Testing of getimage.php In-Reply-To: <20040107185233.16762@smtp.haun-online.de> References: <3FFB92FE.3000002@tonybibbs.com> <20040107185233.16762@smtp.haun-online.de> Message-ID: <3FFCDF7B.2030308@abtech.org> Tony, I'd recommend using the php function "basename()" on the $image variable. That way there will be no way to sneek a path in... Also, check to see if those $_CONF variables are empty. If not I could see that causing some problems in the future. Also, for future reference, rather than checking for ".." in a pathname you can use the "realpath()" function to resolve "..", ".", and symbolic links to the actual path to a file. Hope this helps. -Vinny Dirk Haun wrote: >Tony, > > > >>My only real issue with what I have done is security. I'm worried that >>it may be possible to hack the getstring in a way that may allow access >>to unrestricted files. >> >> > >Since you're including lib-common.php in the very first line, which then >goes on to include config.php (all with hard-coded paths), it would >overwrite whatever path was passed in the URL. So that shouldn't be a problem. > >The only issue would come up if someone doesn't have the >$_CONF['path_images'] defined in their config.php (e.g. because they were >using an old copy). But that would probably be noticed before any hacking >attempts ... > > > > >>and I am check for '..' in the image name for someone that >>may try using relative paths >> >> > >That certainly can't hurt. > > > > >>If you get a chance, give it a try. >> >> > >Haven't tried it yet, the above were just thoughts after looking at the >source. > >bye, Dirk > > > > From tony at tonybibbs.com Thu Jan 8 09:21:40 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 08 Jan 2004 08:21:40 -0600 Subject: [geeklog-devel] Testing of getimage.php In-Reply-To: <3FFCDF7B.2030308@abtech.org> References: <3FFB92FE.3000002@tonybibbs.com> <20040107185233.16762@smtp.haun-online.de> <3FFCDF7B.2030308@abtech.org> Message-ID: <3FFD6774.5040403@tonybibbs.com> Good ideas, I'll put those in. Hey, I'm not sure where the module API stuff for GL2 is but could you update me where we left off? --Tony Vincent Furia wrote: > Tony, > > I'd recommend using the php function "basename()" on the $image > variable. That way there will be no way to sneek a path in... Also, > check to see if those $_CONF variables are empty. If not I could see > that causing some problems in the future. Also, for future reference, > rather than checking for ".." in a pathname you can use the "realpath()" > function to resolve "..", ".", and symbolic links to the actual path to > a file. > > Hope this helps. > > -Vinny > > Dirk Haun wrote: > >> Tony, >> >> >> >>> My only real issue with what I have done is security. I'm worried >>> that it may be possible to hack the getstring in a way that may allow >>> access to unrestricted files. >>> >> >> >> Since you're including lib-common.php in the very first line, which then >> goes on to include config.php (all with hard-coded paths), it would >> overwrite whatever path was passed in the URL. So that shouldn't be a >> problem. >> >> The only issue would come up if someone doesn't have the >> $_CONF['path_images'] defined in their config.php (e.g. because they were >> using an old copy). But that would probably be noticed before any hacking >> attempts ... >> >> >> >> >>> and I am check for '..' in the image name for someone that may try >>> using relative paths >>> >> >> >> That certainly can't hurt. >> >> >> >> >>> If you get a chance, give it a try. >>> >> >> >> Haven't tried it yet, the above were just thoughts after looking at the >> source. >> >> bye, Dirk >> >> >> >> > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Thu Jan 8 09:57:44 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 08 Jan 2004 08:57:44 -0600 Subject: [geeklog-devel] Feature Idea... Message-ID: <3FFD6FE8.8090804@tonybibbs.com> OK, Iowa Outdoors is reaching critical mass. It is to the point where it consume a lot of my personal time outside of work, working on GL, spending time with the family and, of course, hunting and fishing. My biggest problem now is managing submissions. I get some submissions multiple times and I also get emails asking my "why didn't my submission show up" despite the hints submit.php gives and the entries in the FAQ. What I am proposing is that users be able to see items they have submitted while still in the queue. Complimenting this I'd like to see a generic email sent out when submission are deleted and if you are in an editor when you do the delete (as opposed to moderation.php) I'd like to be able to select a delete reason from a pre-determined list or be able to hand enter a custom reason. I'll add this to the feature request on the project site but I wanted to bring this up for discussion. Thoughts or ideas? --Tony From dirk at haun-online.de Thu Jan 8 14:24:32 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 8 Jan 2004 20:24:32 +0100 Subject: [geeklog-devel] Feature Idea... In-Reply-To: <3FFD6FE8.8090804@tonybibbs.com> References: <3FFD6FE8.8090804@tonybibbs.com> Message-ID: <20040108192432.4264@smtp.haun-online.de> Tony wrote: >What I am proposing is that users be able to see items they have >submitted while still in the queue. Complimenting this I'd like to see >a generic email sent out when submission are deleted and if you are in >an editor when you do the delete (as opposed to moderation.php) I'd like >to be able to select a delete reason from a pre-determined list or be >able to hand enter a custom reason. I like that idea. Silently deleting a submission (without an email being sent out) should still be possible, though. "Make it so" ;-) bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From robg at macosxhints.com Thu Jan 8 15:39:21 2004 From: robg at macosxhints.com (Rob Griffiths) Date: Thu, 8 Jan 2004 12:39:21 -0800 Subject: [geeklog-devel] Feature Idea... In-Reply-To: <20040108192432.4264@smtp.haun-online.de> References: <3FFD6FE8.8090804@tonybibbs.com> <20040108192432.4264@smtp.haun-online.de> Message-ID: On Jan 8, 2004, at 11:24 AM, Dirk Haun wrote: > Tony wrote: > >> What I am proposing is that users be able to see items they have >> submitted while still in the queue. Complimenting this I'd like to >> see >> a generic email sent out when submission are deleted and if you are in >> an editor when you do the delete (as opposed to moderation.php) I'd >> like >> to be able to select a delete reason from a pre-determined list or be >> able to hand enter a custom reason. > > I like that idea. Silently deleting a submission (without an email > being > sent out) should still be possible, though. i'm not necessarily as concerned that they can still see it in the queue (how about if they can just send a query form to the database, or if their submitted articles show up on their profile page??) ... what i would like to see is: - email sent when they submit the story, potentially showing the article's position in the queue ("Thank you for your submission; it's currently the 125th item in the queue.") - email send when deleted, but allowing a checkbox for reasons; i.e. "duplicate" or "irrelevant" etc. not sure exactly how this should work, but I usually delete stuff because it's a duplicate or because it's just plain stupid, so those two should be options :). On a longer-term bigger-picture item, what I want to do is be able to add assistant editors who do NOT have any publication rights. I want them to review and edit stories, check for duplicates, indicate "delete" or "publish," and then submit them to me. At that point, i have a submission queue that just requires my final approval over "yea" or "nay" on each story, and I shouldn't have any editing work to do (assuming I have good assistants). As assistants earn "trust," they can get publishing rights. I thought about faking this by just forcing the "draft" flag on everyone other than my user ID, but I'm not sure that captures all the possible scenarios (couldn't they still delete from the queue?). -rob. From tony at tonybibbs.com Thu Jan 8 17:57:56 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 08 Jan 2004 16:57:56 -0600 Subject: [geeklog-devel] Feature Idea... In-Reply-To: References: <3FFD6FE8.8090804@tonybibbs.com> <20040108192432.4264@smtp.haun-online.de> Message-ID: <3FFDE074.8000400@tonybibbs.com> Rob, I can see why you want the email sent. Your second item about tying a reason to a deleted submission was one I already mentioned. You longer term stuff makes sense but is more work so I will combine your ideas and mine into one feature request and the additional stuff in a seperate one. --Tony Rob Griffiths wrote: > On Jan 8, 2004, at 11:24 AM, Dirk Haun wrote: > >> Tony wrote: >> >>> What I am proposing is that users be able to see items they have >>> submitted while still in the queue. Complimenting this I'd like to see >>> a generic email sent out when submission are deleted and if you are in >>> an editor when you do the delete (as opposed to moderation.php) I'd like >>> to be able to select a delete reason from a pre-determined list or be >>> able to hand enter a custom reason. >> >> >> I like that idea. Silently deleting a submission (without an email being >> sent out) should still be possible, though. > > > i'm not necessarily as concerned that they can still see it in the queue > (how about if they can just send a query form to the database, or if > their submitted articles show up on their profile page??) ... what i > would like to see is: > > - email sent when they submit the story, potentially showing the > article's position in the queue ("Thank you for your submission; it's > currently the 125th item in the queue.") > - email send when deleted, but allowing a checkbox for reasons; i.e. > "duplicate" or "irrelevant" etc. not sure exactly how this should work, > but I usually delete stuff because it's a duplicate or because it's just > plain stupid, so those two should be options :). > > On a longer-term bigger-picture item, what I want to do is be able to > add assistant editors who do NOT have any publication rights. I want > them to review and edit stories, check for duplicates, indicate "delete" > or "publish," and then submit them to me. At that point, i have a > submission queue that just requires my final approval over "yea" or > "nay" on each story, and I shouldn't have any editing work to do > (assuming I have good assistants). As assistants earn "trust," they can > get publishing rights. I thought about faking this by just forcing the > "draft" flag on everyone other than my user ID, but I'm not sure that > captures all the possible scenarios (couldn't they still delete from the > queue?). > > -rob. > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Thu Jan 8 22:23:45 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 08 Jan 2004 21:23:45 -0600 Subject: [geeklog-devel] project.geeklog.net updated to Gforge 3.21 Message-ID: <3FFE1EC1.2040808@tonybibbs.com> Just an FYI that I have updated Gforge to version 3.21. FWIW, it is a bit of a pain to upgrade Gforge. Anyway, report any problems you may have. --Tony From tony at tonybibbs.com Fri Jan 9 09:30:18 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 09 Jan 2004 08:30:18 -0600 Subject: [geeklog-devel] MySQL issues on www.geeklog.net Message-ID: <3FFEBAFA.9060607@tonybibbs.com> Our Pair hosted site, www.geeklog.net, is down complaining with a MySQL error "too many connections". Please advise. --Tony From dirk at haun-online.de Sun Jan 11 14:13:29 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 11 Jan 2004 20:13:29 +0100 Subject: [geeklog-devel] Testing of getimage.php In-Reply-To: <3FFB92FE.3000002@tonybibbs.com> References: <3FFB92FE.3000002@tonybibbs.com> Message-ID: <20040111191329.28615@smtp.haun-online.de> >I have committed changes to CVS that use getimage.php. That file allows >images outside of a webtree to be viewed (i.e. userphotos, article >images). I've played a bit with it (userphotos only) and noticed a few minor things: In "show" mode, getimage.php could display a proper error message. Otherwise, it should at least send a "404 Not Found" header when the image does not exist (added both). The calls to header() (in the download class) don't need to end in a "\n", so I removed them. In Mozilla, right-clicking on the userphoto and selecting "View Image" from the context menu prompts a dialog to download the image. This is because of the "Content-Disposition:" header sent by the download class. For an actual download, that is correct, but for an image? I guess this could be an option, but I left it as it is. Looks good -- http://www.haun-online.de/ http://www.macosx-faq.de/ From dirk at haun-online.de Tue Jan 13 15:26:24 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 13 Jan 2004 21:26:24 +0100 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <4004503C.5050700@tonybibbs.com> References: <4004503C.5050700@tonybibbs.com> Message-ID: <20040113202624.858@smtp.haun-online.de> (moving this to the list from private email) Tony wrote: >Have we considered the possibility of stripping calls to certain php >functions? I know we turn PHP off by default and have documented how >enabled PHP could be stupid (especially considering most GL logins don't >occur over SSL). Specifically, exec(), system() and some of the >filesystem methods should probably be removed or, at the very least, >generated emails to the GL admin when they are found. I can't see how you would do this (reliably) without adding a PHP parser to Geeklog. There is a feature request that suggests limiting PHP to only call certain functions (prefixed with phpstatic_): Looks like the intention was to make it similar to PHP blocks. >Just thinking of ways to be more proactive security-wise with this. >Personally I hate seeing PHP in static pages...but I grudgingly conceded >considering users seem to insist on having it. I guess an option in the static pages' config.php to disable PHP altogether can't hurt ... bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From tony at tonybibbs.com Tue Jan 13 16:29:19 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 13 Jan 2004 15:29:19 -0600 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <20040113202624.858@smtp.haun-online.de> References: <4004503C.5050700@tonybibbs.com> <20040113202624.858@smtp.haun-online.de> Message-ID: <4004632F.7000809@tonybibbs.com> > I can't see how you would do this (reliably) without adding a PHP > parser to Geeklog. Actually the best way to prevent this is when you save the static page. So, what I am thinking is you would have something like this in the static pages config file: $_SP_CONF['illegal_php_functions'] = array('exec','system','chmod','chown','copy','delete','chgrp','fileperms','fileowner','fopen',etc); Then we would scan the static page db fields for any of those. Note you would have to be bit careful when doing this as you want to find instances of 'delete (' and 'delete(' not just 'delete'. When any of those are encountered it should log the user and the page ID. If you want to get ultra paranoid, you could also check it at the static page execution level too. I assume that static pages execute php just like COM_siteHeader() does so in that case you have some code like this: ob_start(); eval( '?>' . $tmp ); $retval = ob_get_contents(); ob_end_clean(); So you could apply the check on $tmp prior to the call to eval(). --Tony Dirk Haun wrote: > (moving this to the list from private email) > > Tony wrote: > > >>Have we considered the possibility of stripping calls to certain php >>functions? I know we turn PHP off by default and have documented how >>enabled PHP could be stupid (especially considering most GL logins don't >>occur over SSL). Specifically, exec(), system() and some of the >>filesystem methods should probably be removed or, at the very least, >>generated emails to the GL admin when they are found. > > > > > There is a feature request that suggests limiting PHP to only call > certain functions (prefixed with phpstatic_): > func=detail&aid=83&group_id=6&atid=108> > > Looks like the intention was to make it similar to PHP blocks. > > > >>Just thinking of ways to be more proactive security-wise with this. >>Personally I hate seeing PHP in static pages...but I grudgingly conceded >>considering users seem to insist on having it. > > > I guess an option in the static pages' config.php to disable PHP > altogether can't hurt ... > > bye, Dirk > > From dirk at haun-online.de Tue Jan 13 16:53:52 2004 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 13 Jan 2004 22:53:52 +0100 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <4004632F.7000809@tonybibbs.com> References: <4004632F.7000809@tonybibbs.com> Message-ID: <20040113215352.31425@smtp.haun-online.de> Tony wrote: >Then we would scan the static page db fields for any of those. Note you >would have to be bit careful when doing this as you want to find >instances of 'delete (' and 'delete(' not just 'delete'. So we would also catch echo "You can't use delete() in static pages."; There may also be less-than-obvious ways to bury those "dangerous" PHP statements in a static page and still have them executed. >When any of >those are encountered it should log the user and the page ID. So the first thing to do when you hijack a static page is to delete the error.log from it. I guess a security audit of the plugin is in order, but, as I said before, I don't think you can reliably catch all cases. bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From tony at tonybibbs.com Tue Jan 13 17:47:40 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 13 Jan 2004 16:47:40 -0600 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <20040113215352.31425@smtp.haun-online.de> References: <4004632F.7000809@tonybibbs.com> <20040113215352.31425@smtp.haun-online.de> Message-ID: <4004758C.1030403@tonybibbs.com> Dirk Haun wrote: > echo "You can't use delete() in static pages."; Yeah, but that is no different, IMHO, than the censorship filters we have now to catch 'bad' words. If users are using thigns like 'delete()' in the static page then they would simply go to the config and remove it if they really need it. Point is we would be erroring on the side of security yet allowing users a way to remove this checking altogether. > > So the first thing to do when you hijack a static page is to delete the > error.log from it. > LOL, I suppose. IMHO, you don't even have to prevent the use of any PHP functions that may be questionable. Maybe the first place to start is to proactively log when a page is saved by saying "hey, someone just saved a static page and we think it had things like delete() and chgrp() in it". > > I guess a security audit of the plugin is in order, but, as I said > before, I don't think you can reliably catch all cases. > Maybe, I'm not dinging the thing...I'm just bringing back to light issues we should consider. Again, the secure way to handle this is to not have PHP in static pages to begin with but given we now endorse this possiblity we should consider ways to harden especially considering that we are becoming more and more popular with blackhats. Which reminds me, do we have that bozo doing SQL injection attempts on GL.net still? --Tony From tony at tonybibbs.com Tue Jan 13 17:50:06 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 13 Jan 2004 16:50:06 -0600 Subject: [geeklog-devel] Offline Message-ID: <4004761E.2040203@tonybibbs.com> I will be offline for an out of town wedding until Tuesday of next week. Chow, --Tony From dirk at haun-online.de Wed Jan 14 02:00:04 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 14 Jan 2004 08:00:04 +0100 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <4004758C.1030403@tonybibbs.com> References: <4004758C.1030403@tonybibbs.com> Message-ID: <20040114070004.14120@smtp.haun-online.de> Tony wrote: >Maybe, I'm not dinging the thing...I'm just bringing back to light >issues we should consider. np, I was just playing the Devil's Advocate. >Again, the secure way to handle this is to >not have PHP in static pages to begin with but given we now endorse this >possiblity we should consider ways to harden especially considering that >we are becoming more and more popular with blackhats. Yep. An option to switch off PHP from the config file would be a start. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From vmf at abtech.org Wed Jan 14 12:59:05 2004 From: vmf at abtech.org (Vincent Furia) Date: Wed, 14 Jan 2004 12:59:05 -0500 Subject: [geeklog-devel] Theme'd Comments: Theme Fix Message-ID: <40058369.7080909@abtech.org> Dirk, Just was looking into CVS (and playing around with upcoming 1.3.9 features) and noticed that at least in the clean theme my comment theming is broken. You need to make the following changes to the clean theme: clean/comment/thread.thtml clean/comment/comment.thtml replace "margin-left" with "padding-left" change "{indent}" to "{indent}px" It looks like this problem exists in the other themes as well, though I didn't investigate very closely. -Vinny From dirk at haun-online.de Wed Jan 14 13:16:39 2004 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 14 Jan 2004 19:16:39 +0100 Subject: [geeklog-devel] PHP in Static Pages In-Reply-To: <20040114070004.14120@smtp.haun-online.de> References: <20040114070004.14120@smtp.haun-online.de> Message-ID: <20040114181639.5401@smtp.haun-online.de> I wrote: >An option to switch off PHP from the config file would be a start. Done (see CVS). If you set $_SP_CONF['allow_php'] = 0; in the static pages' config.php file, PHP in static pages will not be executed any more. I've also removed the 'staticpages.PHP' permission from the Static Page Admin group for fresh installs. You will have to enable it first. I wonder if I should go ahead and change the install script to remove that permission when upgrading to 1.3.9. On the one hand, it may p*ss off a few of our users, but on the other hands, there are probably a lot of users who will never use PHP in a static page anyway, and so there's no real use leaving it activated ... bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From vmf at abtech.org Wed Jan 14 15:46:48 2004 From: vmf at abtech.org (Vincent Furia) Date: Wed, 14 Jan 2004 15:46:48 -0500 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories Message-ID: <4005AAB8.4040001@abtech.org> I wrote this against the current CVS version of geeklog-1.3. I've tested it pretty well on linux. I doubt it will work under Windows with IIS since it uses the same methodology as Staticpages. Like staticpages, it is keyed on the $_CONF['url_rewrite'] variable. Let me know if there are any questions. I'd also like to add the recommendation that the "start_readmore_anchortag" and "end_readmore_anchortag" be available to the template regardless of whether there is more text to read. The "readmore_link" should still only be available if there is a story body. In any case, it should be possible for there to be a link to go directly to the article page, even for articles that have no comments and no body (so the article page can still be crawled by search engines). -Vinny Index: lib-common.php =================================================================== RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v retrieving revision 1.274 diff -u -r1.274 lib-common.php --- lib-common.php 13 Jan 2004 20:00:40 -0000 1.274 +++ lib-common.php 14 Jan 2004 20:32:52 -0000 @@ -487,11 +487,11 @@ $numwords = sizeof( explode( ' ', $A['bodytext'] )); $article->set_var( 'readmore_words', $numwords ); - $article->set_var( 'readmore_link', '' . $LANG01[2] + $article->set_var( 'readmore_link', '' . $LANG01[2] . ' (' . $numwords . ' ' . $LANG01[62] . ') ' ); $article->set_var( 'start_readmore_anchortag', '' ); $article->set_var( 'end_readmore_anchortag', '' ); } Index: article.php =================================================================== RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/article.php,v retrieving revision 1.39 diff -u -r1.39 article.php --- article.php 12 Dec 2003 21:58:10 -0000 1.39 +++ article.php 14 Jan 2004 20:32:52 -0000 @@ -54,11 +54,11 @@ // MAIN +COM_setArgNames (array ('story')); +$story = COM_applyFilter ( COM_getArgument ('story') ); if (isset ($HTTP_POST_VARS['story'])) { $story = COM_applyFilter($HTTP_POST_VARS['story']); -} else { - $story = COM_applyFilter($HTTP_GET_VARS['story']); -} +} if (empty ($story)) { echo COM_refresh ($_CONF['site_url'] . '/index.php'); exit(); -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rewrite.diff URL: From dirk at haun-online.de Fri Jan 16 02:46:37 2004 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 16 Jan 2004 08:46:37 +0100 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <4005AAB8.4040001@abtech.org> References: <4005AAB8.4040001@abtech.org> Message-ID: <20040116074637.15368@smtp.haun-online.de> Vincent Furia wrote: >I wrote this against the current CVS version of geeklog-1.3. I've >tested it pretty well on linux. Thanks, Vinny. I seem to remember that Tom Willet and yourself where doing tests like that on gplugs.sf.net. So you have evidence that these URLs are more likely to be picked up by Google et al.? >I doubt it will work under Windows with >IIS since it uses the same methodology as Staticpages. I wonder if that problem still exists - the last time someone looked into this was almost a year ago. Does anyone have access to a current version of IIS + PHP to test it out? bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From vmf at abtech.org Fri Jan 16 13:37:54 2004 From: vmf at abtech.org (Vincent Furia) Date: Fri, 16 Jan 2004 13:37:54 -0500 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <20040116074637.15368@smtp.haun-online.de> References: <4005AAB8.4040001@abtech.org> <20040116074637.15368@smtp.haun-online.de> Message-ID: <40082F82.30009@abtech.org> Dirk Haun wrote: >Vincent Furia wrote: > > > >>I wrote this against the current CVS version of geeklog-1.3. I've >>tested it pretty well on linux. >> >> > >Thanks, Vinny. I seem to remember that Tom Willet and yourself where >doing tests like that on gplugs.sf.net. So you have evidence that these >URLs are more likely to be picked up by Google et al.? > > > > The changed URLs seemed to improve the ability of search engines to pick up the story URLs. Also Tom's story index page seemed to help a little bit as well. The two items combined saw the best (observed) results. Due to the nature of search engines though, a truly scientific test is beyond the means of the resources I have available. Sum Up: I think it works. Another thing that would help is have links (somehow) from stories that don't have comments or story bodies. Currently those stories don't (can't) link to the article page so getting a search spider to fix that is difficult. Tom's fix (mentioned above) alleviates this somewhat. >>I doubt it will work under Windows with >>IIS since it uses the same methodology as Staticpages. >> >> > >I wonder if that problem still exists - the last time someone looked into >this was almost a year ago. Does anyone have access to a current version >of IIS + PHP to test it out? > > > Beats me, I've never run IIS. Any takers to solve this? We need to know if the $PATH_INFO environmental variable gets filled in correctly. Thanks, Vinny From dirk at haun-online.de Fri Jan 16 18:08:52 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 17 Jan 2004 00:08:52 +0100 Subject: [geeklog-devel] access.log Message-ID: <20040116230852.21770@smtp.haun-online.de> I'd like to propose that we re-think the use of the access.log file. Currently, it is pretty much useless (open yours and see for yourself), as all it lists are session ids and date stamps about someone logging out. Since the session id has been gone from the gl_sessions table by then, this information doesn't really help with anything. Now, I don't want us to log when people are logging in and out, as there is no reason to collect that information (and especially not in a file). Geeklog currently stores the last time someone logged in, for the legitimate reason of trying to keep track if an account is (still) in use. (On a side note, I'd like to see some "housekeeping" tools being developed as addon-ons making use of that information, e.g. to weed out unused accounts after some time.) Back to access.log: When trying to access one of the admin pages without being an admin, you are told that this attempt had been logged. However, in almost all cases, it hasn't - I've only recently added this to CVS, after someone pointed it out in the forums. Since the error.log tends to be clogged with lots of messages, it would be hard to find any access violations in all that noise. So I'd suggest we use the access.log for that instead. To save on code, COM_accessLog could be extended to automatically log the IP, user id (and name?) of the user that caused the violation in addtion to the time stamp it's already adding automatically. So what should be logged? - Any attempts at accessing the admin pages without proper authentication (just what we already claim we're logging) - Attempts at doing something the user doesn't have proper permissions to, e.g. trying to access a story without the proper permissions, or an admin doing something they are not allowed to do (e.g. a Group Admin trying to edit the Root group). - Failed login attempts, to see if someone is trying to hack accounts - anything else? What I want to avoid, though, is to collect too much (detailed) information or to give users the impression that they are being spied on. Comments? bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From vmf at abtech.org Sat Jan 17 00:26:37 2004 From: vmf at abtech.org (Vincent Furia) Date: Sat, 17 Jan 2004 00:26:37 -0500 Subject: [geeklog-devel] access.log In-Reply-To: <20040116230852.21770@smtp.haun-online.de> References: <20040116230852.21770@smtp.haun-online.de> Message-ID: <4008C78D.5010103@abtech.org> Dirk Haun wrote: >I'd like to propose that we re-think the use of the access.log file. >Currently, it is pretty much useless (open yours and see for yourself), >as all it lists are session ids and date stamps about someone logging >out. Since the session id has been gone from the gl_sessions table by >then, this information doesn't really help with anything. > > > I agree, let's get rid of that logging. I always wondered why the session ids were logged on log out. >Now, I don't want us to log when people are logging in and out, as there >is no reason to collect that information (and especially not in a file). >Geeklog currently stores the last time someone logged in, for the >legitimate reason of trying to keep track if an account is (still) in use. > >(On a side note, I'd like to see some "housekeeping" tools being >developed as addon-ons making use of that information, e.g. to weed out >unused accounts after some time.) > >Back to access.log: When trying to access one of the admin pages without >being an admin, you are told that this attempt had been logged. However, >in almost all cases, it hasn't - I've only recently added this to CVS, >after someone pointed it out in the forums. > >Since the error.log tends to be clogged with lots of messages, it would >be hard to find any access violations in all that noise. So I'd suggest >we use the access.log for that instead. > > > This makes sense. In fact, someone not familar with Geeklog would probably look in access.log for access violations first in any case. >To save on code, COM_accessLog could be extended to automatically log the >IP, user id (and name?) of the user that caused the violation in addtion >to the time stamp it's already adding automatically. > >So what should be logged? > >- Any attempts at accessing the admin pages without proper authentication > (just what we already claim we're logging) >- Attempts at doing something the user doesn't have proper permissions >to, e.g. > trying to access a story without the proper permissions, or an > admin doing something they are not allowed to do (e.g. a Group Admin > trying to edit the Root group). >- Failed login attempts, to see if someone is trying to hack accounts > > Another tangent: In the future, if we kept track of how many failed login attempts since last succesfull login, we could do some pretty cool stuff (like lock and possibly send email to the affected person and admin that a login has failed three times on an account). >- anything else? > >What I want to avoid, though, is to collect too much (detailed) >information or to give users the impression that they are being spied on. > >Comments? > > > Sounds good to me Dirk. >bye, Dirk > > > > bye... Vinny From dirk at haun-online.de Sat Jan 17 08:14:07 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 17 Jan 2004 14:14:07 +0100 Subject: [geeklog-devel] access.log In-Reply-To: <4008C78D.5010103@abtech.org> References: <4008C78D.5010103@abtech.org> Message-ID: <20040117131407.27326@smtp.haun-online.de> Vincent wrote: >Another tangent: In the future, if we kept track of how many failed >login attempts since last succesfull login, we could do some pretty cool >stuff (like lock and possibly send email to the affected person and >admin that a login has failed three times on an account). Good point. Actually, we probably shouldn't start logging failed login attempts until they've exceeded a certain number (say, 3) - everyone mistypes their password once in a while ... Blocking an account after a certain amount of failed login attempts just calls for misuse, but sending an email (to the user at least) sounds like a good idea. bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From geeklog at langfamily.ca Sat Jan 17 11:37:09 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 17 Jan 2004 11:37:09 -0500 Subject: [geeklog-devel] access.log References: <4008C78D.5010103@abtech.org> <20040117131407.27326@smtp.haun-online.de> Message-ID: <001901c3dd18$26e855e0$640a10ac@XPBL2> I think these are good ideas. As developers we often use COM_errorLOG for debugging output and I think that is become a problem and often leaves spurious non-error related outout in that log which can only confuse a user. I've introduced a notification.log file with glMessenger and maybe we should have a debug.log file. The logic would check for the existance of the file and if not there doNothing() else logEntry(). In my case, I also wrote a small block that I only see so I can tail the notification log and watch my site activity. During debugging, having a Centerblock doing a tail on the debug.log file may be handy. If I knew there was a standard COM_debugLog(), then I'd convert any of my code to use that. ----- Original Message ----- From: "Dirk Haun" To: Sent: Saturday, January 17, 2004 8:14 AM Subject: Re: [geeklog-devel] access.log > Vincent wrote: > > >Another tangent: In the future, if we kept track of how many failed > >login attempts since last succesfull login, we could do some pretty cool > >stuff (like lock and possibly send email to the affected person and > >admin that a login has failed three times on an account). > > Good point. Actually, we probably shouldn't start logging failed login > attempts until they've exceeded a certain number (say, 3) - everyone > mistypes their password once in a while ... > > Blocking an account after a certain amount of failed login attempts just > calls for misuse, but sending an email (to the user at least) sounds like > a good idea. > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel From tony at tonybibbs.com Tue Jan 20 11:34:10 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 20 Jan 2004 10:34:10 -0600 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <20040116074637.15368@smtp.haun-online.de> References: <4005AAB8.4040001@abtech.org> <20040116074637.15368@smtp.haun-online.de> Message-ID: <400D5882.8070506@tonybibbs.com> Note that a real test under windows would include the use of apache with php.exe and under IIS as an ISAPI filter. I failed to test both way back when I first developed the code and my suspicion is it may have worked as an ISAPI and not as an .exe though I have nothing to back that up with. I'd like to see someone test this as well, I don't have the means to retest this right now. --Tony Dirk Haun wrote: > Vincent Furia wrote: > > >>I wrote this against the current CVS version of geeklog-1.3. I've >>tested it pretty well on linux. > > > Thanks, Vinny. I seem to remember that Tom Willet and yourself where > doing tests like that on gplugs.sf.net. So you have evidence that these > URLs are more likely to be picked up by Google et al.? > > > >>I doubt it will work under Windows with >>IIS since it uses the same methodology as Staticpages. > > > I wonder if that problem still exists - the last time someone looked into > this was almost a year ago. Does anyone have access to a current version > of IIS + PHP to test it out? > > bye, Dirk > > From dirk at haun-online.de Thu Jan 22 17:31:25 2004 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 22 Jan 2004 23:31:25 +0100 Subject: [geeklog-devel] Long URLs Message-ID: <20040122223125.23511@smtp.haun-online.de> Apple has an RSS generator for their iTunes Music Store at It lets you create RSS feeds for the overall Top 10 and lots of other customizable feeds. The URL for the first feed I selected was 98 characters long, but Geeklog only accepts 96 - ouch. New item on my to-do list: Upgrade all URLs to at least 128 characters (URLs in events have 128, everything else just 96) ... bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Fri Jan 23 03:37:01 2004 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 23 Jan 2004 09:37:01 +0100 Subject: [geeklog-devel] New forum moderators Message-ID: <20040123083701.8859@smtp.haun-online.de> As you may have seen, we had a few spamming attempts on geeklog.net. First in the comments (which have since been closed for anonymous posts) and now in the forums. Since closing the forums for anonymous users would probably alienate a lot of potential new users, we've opted for adding more forum moderators instead. So please welcome Vinny (Vincent Furia) and Turias (Sebastian Celis) who will be helping Tony, Blaine, Dwight, and myself in the ongoing struggle against spam. On a side note: Blaine, forum feature request: Make adding moderators to multiple forums easier. Locating a user in a list of 6000+ entries, selecting the options, wait, wait again, and then doing that repeatedly for 9 forums can be a bit of a pain ... bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From tony at tonybibbs.com Fri Jan 23 09:48:55 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Fri, 23 Jan 2004 08:48:55 -0600 Subject: [geeklog-devel] New forum moderators In-Reply-To: <20040123083701.8859@smtp.haun-online.de> References: <20040123083701.8859@smtp.haun-online.de> Message-ID: <40113457.3010103@tonybibbs.com> Funny you say that, I just asked Blaine about this a week or so ago and his new RC candidate addresses forum moderation. I had the same problem when I went in to try and divy out moderation rights on Iowa Outdoors. --Tony Dirk Haun wrote: > As you may have seen, we had a few spamming attempts on geeklog.net. > First in the comments (which have since been closed for anonymous posts) > and now in the forums. Since closing the forums for anonymous users would > probably alienate a lot of potential new users, we've opted for adding > more forum moderators instead. > > So please welcome Vinny (Vincent Furia) and Turias (Sebastian Celis) who > will be helping Tony, Blaine, Dwight, and myself in the ongoing struggle > against spam. > > > On a side note: Blaine, forum feature request: Make adding moderators to > multiple forums easier. Locating a user in a list of 6000+ entries, > selecting the options, wait, wait again, and then doing that repeatedly > for 9 forums can be a bit of a pain ... > > bye, Dirk > > From geeklog at langfamily.ca Sat Jan 24 20:07:55 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sat, 24 Jan 2004 20:07:55 -0500 Subject: [geeklog-devel] New block on geeklog.net Message-ID: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> If you are in the development group on geeklog.net you will notice a new block called quickstats. I added it to show some high level information of the activity on the site. I noticed this morning that we had over 600 downloads in the last 24 hours and wanted to know what files were popular. This block now show the top 5 downloads as well as the total over the past 24hr window. It's adding 2-3 seconds to refresh the page now and I've added a couple indexes but it still has a lot of records to crunch thru to calculate counts. SELECT count(*) AS downloads,downloads.lid, filedetail.title FROM {$_FM_TABLES['filemgmt_history']} downloads, {$_FM_TABLES['filemgmt_filedetail']} filedetail WHERE filedetail.lid = downloads.lid AND unix_timestamp(downloads.date ) + 86400 > unix_timestamp( ) GROUP BY lid ORDER BY downloads DESC LIMIT 5" Maybe someone can suggest a better SQL statement. I have indexes on lid (both tables) and date. If we can't make it run any faster and you want to disable it, then I can enable it just for myself. Blaine -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris_s_franklin at yahoo.com Sat Jan 24 22:33:09 2004 From: chris_s_franklin at yahoo.com (Chris Franklin) Date: Sat, 24 Jan 2004 19:33:09 -0800 Subject: [geeklog-devel] New block on geeklog.net In-Reply-To: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> Message-ID: Blaine - Doesn't geeklog have a page caching mechanism? This can be implemented many different ways but a simple way (to avoid using cron tabs) would be to store the uri, cached uri, and validUntil timestamp. Then have a component/object/function/whatever that you ask for the page. If the cached version is valid, it passes that back, if not, it requests the dynamic page and stores it (overwriting the cached page), then returns the cached page uri. I've implemented page caching on multiple sites for site-global data that doesn't need to be real-time - it's quite easy and performance gains are huge. Regards, -C -----Original Message----- From: geeklog-devel-admin at lists.geeklog.net [mailto:geeklog-devel-admin at lists.geeklog.net]On Behalf Of Blaine Lang Sent: Saturday, January 24, 2004 5:08 PM To: geeklog-devel at lists.geeklog.net Subject: [geeklog-devel] New block on geeklog.net If you are in the development group on geeklog.net you will notice a new block called quickstats. I added it to show some high level information of the activity on the site. I noticed this morning that we had over 600 downloads in the last 24 hours and wanted to know what files were popular. This block now show the top 5 downloads as well as the total over the past 24hr window. It's adding 2-3 seconds to refresh the page now and I've added a couple indexes but it still has a lot of records to crunch thru to calculate counts. SELECT count(*) AS downloads,downloads.lid, filedetail.title FROM {$_FM_TABLES['filemgmt_history']} downloads, {$_FM_TABLES['filemgmt_filedetail']} filedetail WHERE filedetail.lid = downloads.lid AND unix_timestamp(downloads.date ) + 86400 > unix_timestamp( ) GROUP BY lid ORDER BY downloads DESC LIMIT 5" Maybe someone can suggest a better SQL statement. I have indexes on lid (both tables) and date. If we can't make it run any faster and you want to disable it, then I can enable it just for myself. Blaine -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun Jan 25 04:41:17 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 25 Jan 2004 10:41:17 +0100 Subject: [geeklog-devel] New block on geeklog.net In-Reply-To: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> References: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> Message-ID: <20040125094117.6827@smtp.haun-online.de> Blaine wrote: >It's adding 2-3 seconds to refresh the page now and I've added a couple >indexes but it still has a lot of records to crunch thru to calculate counts. Ah, so that's why the site felt so slow. I was beginning to wonder ... I was shocked to see the first line read Geeklog 1.3.8-1 (155) but on closer inspection, that does link to 1.3.8-1sr3, so it's only cutting off the file name. However, number 5 on the list is Geeklog 1.3.8 (9) and that is indeed what it says, i.e. 9 people have downloaded the original 1.3.8 tarball within the last 24 hours. Looks like it's really time for some housecleaning in the downloads area ... Btw, when you go to the FAQ, , the contents of the block are displayed in italics. Looks like some of the FAQ style information is "leaking" into the rest of the site (I've seen this happening with other pages, too). bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From dirk at haun-online.de Sun Jan 25 05:29:08 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 25 Jan 2004 11:29:08 +0100 Subject: [geeklog-devel] Geeklog downloads house cleaning Message-ID: <20040125102908.24741@smtp.haun-online.de> Here are the final scores for the old Geeklog releases that I just removed from the download area: Geeklog 1.3.7sr1 19575 Geeklog 1.3.7sr2 6789 Geeklog 1.3.8 7388 Geeklog 1.3.8-1 7909 Geeklog 1.3.8-1sr1 922 Geeklog 1.3.8-1sr2 6625 Geeklog 1.3.8-1sr3 6266 (still there, of course) 1.3.8-1sr1 was only out for 48 hours, hence the low number of downloads. And the release candidates: Geeklog 1.3.8rc1 2171 Geeklog 1.3.8rc2 1926 I have kept all the upgrade archives (even the old ones) and moved them to an "Updates" sub-category. So now, when you click on our "Download" link (from the Resources block), you are taken to which lists only one file. Blaine, links to removed downloads cause an SQL error. Any chance the plugin could catch these and redirect to /filemgmt/index.php instead? Try bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From geeklog at langfamily.ca Sun Jan 25 11:23:10 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 25 Jan 2004 11:23:10 -0500 Subject: [geeklog-devel] New block on geeklog.net References: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> <20040125094117.6827@smtp.haun-online.de> Message-ID: <002301c3e35f$8642f840$640a10ac@XPBL2> I was also thinking, maybe have a script that would remove old download history records. - those records for files that are no longer online I'm using the tag and I bet they have a css style change for that. I do store the total downloads for a file but I don't see any other way to determine the total over the last 24 hours without reading all the download records. Just looking, we have nearly 143,000 downloadhistory records dating back to Sept 25 2002 when it was installed. Maybe keeping only the last 6 months would be a good idea. Should do a little pruning ? ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, January 25, 2004 4:41 AM Subject: Re: [geeklog-devel] New block on geeklog.net > Blaine wrote: > > >It's adding 2-3 seconds to refresh the page now and I've added a couple > >indexes but it still has a lot of records to crunch thru to calculate counts. > > Ah, so that's why the site felt so slow. I was beginning to wonder ... > > I was shocked to see the first line read > > Geeklog 1.3.8-1 (155) > > but on closer inspection, that does link to 1.3.8-1sr3, so it's only > cutting off the file name. However, number 5 on the list is > > Geeklog 1.3.8 (9) > > and that is indeed what it says, i.e. 9 people have downloaded the > original 1.3.8 tarball within the last 24 hours. Looks like it's really > time for some housecleaning in the downloads area ... > > > Btw, when you go to the FAQ, , the > contents of the block are displayed in italics. Looks like some of the > FAQ style information is "leaking" into the rest of the site (I've seen > this happening with other pages, too). > > bye, Dirk > > -- > http://www.haun-online.de/ > http://www.macosx-faq.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From geeklog at langfamily.ca Sun Jan 25 11:24:53 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 25 Jan 2004 11:24:53 -0500 Subject: [geeklog-devel] Geeklog downloads house cleaning References: <20040125102908.24741@smtp.haun-online.de> Message-ID: <003301c3e35f$c31f9110$640a10ac@XPBL2> I'll add a patch to catch that today. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, January 25, 2004 5:29 AM Subject: [geeklog-devel] Geeklog downloads house cleaning > Here are the final scores for the old Geeklog releases that I just > removed from the download area: > > Geeklog 1.3.7sr1 19575 > Geeklog 1.3.7sr2 6789 > Geeklog 1.3.8 7388 > Geeklog 1.3.8-1 7909 > Geeklog 1.3.8-1sr1 922 > Geeklog 1.3.8-1sr2 6625 > Geeklog 1.3.8-1sr3 6266 (still there, of course) > > 1.3.8-1sr1 was only out for 48 hours, hence the low number of downloads. > > > And the release candidates: > > Geeklog 1.3.8rc1 2171 > Geeklog 1.3.8rc2 1926 > > > I have kept all the upgrade archives (even the old ones) and moved them > to an "Updates" sub-category. So now, when you click on our "Download" > link (from the Resources block), you are taken to www.geeklog.net/filemgmt/viewcat.php?cid=8> which lists only one file. > > > Blaine, links to removed downloads cause an SQL error. Any chance the > plugin could catch these and redirect to /filemgmt/index.php instead? > > Try > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From geeklog at langfamily.ca Sun Jan 25 11:46:17 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 25 Jan 2004 11:46:17 -0500 Subject: [geeklog-devel] Geeklog downloads house cleaning References: <20040125102908.24741@smtp.haun-online.de> Message-ID: <004701c3e362$c087eee0$640a10ac@XPBL2> Dirk wrote >> Blaine, links to removed downloads cause an SQL error. Any chance the plugin could catch these and redirect to /filemgmt/index.php instead? Ok, I've added this fix for visit.php (download) and singlefile.php (filedetail). No error and no message, just a silent redirect. ----- Original Message ----- From: "Dirk Haun" To: Sent: Sunday, January 25, 2004 5:29 AM Subject: [geeklog-devel] Geeklog downloads house cleaning > Here are the final scores for the old Geeklog releases that I just > removed from the download area: > > Geeklog 1.3.7sr1 19575 > Geeklog 1.3.7sr2 6789 > Geeklog 1.3.8 7388 > Geeklog 1.3.8-1 7909 > Geeklog 1.3.8-1sr1 922 > Geeklog 1.3.8-1sr2 6625 > Geeklog 1.3.8-1sr3 6266 (still there, of course) > > 1.3.8-1sr1 was only out for 48 hours, hence the low number of downloads. > > > And the release candidates: > > Geeklog 1.3.8rc1 2171 > Geeklog 1.3.8rc2 1926 > > > I have kept all the upgrade archives (even the old ones) and moved them > to an "Updates" sub-category. So now, when you click on our "Download" > link (from the Resources block), you are taken to www.geeklog.net/filemgmt/viewcat.php?cid=8> which lists only one file. > > > Blaine, links to removed downloads cause an SQL error. Any chance the > plugin could catch these and redirect to /filemgmt/index.php instead? > > Try > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://mypod.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From geeklog at langfamily.ca Sun Jan 25 11:49:22 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 25 Jan 2004 11:49:22 -0500 Subject: [geeklog-devel] Upgrade of forum on geeklog.net Message-ID: <005001c3e363$2eebab10$640a10ac@XPBL2> I will be installing the latest 2.3RC3 forum code on geeklog.net today. Well actually in the next hour. Most of the bugs should now be worked out but would like to test it for a week on geeklog.net. I'll make a backup of the files first if for any reason we need to go back. I'll post a new topic in the forum once complete. Blaine -------------- next part -------------- An HTML attachment was scrubbed... URL: From geeklog at langfamily.ca Sun Jan 25 19:21:44 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Sun, 25 Jan 2004 19:21:44 -0500 Subject: [geeklog-devel] New block on geeklog.net References: <001401c3e2df$aa3d8a10$640a10ac@XPBL2> <20040125094117.6827@smtp.haun-online.de> Message-ID: <00de01c3e3a2$60996aa0$640a10ac@XPBL2> I deleted download history from before July of last year and the page refreshes with the block enabled are now 2 seconds and more acceptable. We don't loose the total downloads just the individual download records. Maybe we only need the last month even. Blaine From vmf at abtech.org Mon Jan 26 16:29:38 2004 From: vmf at abtech.org (Vincent Furia) Date: Mon, 26 Jan 2004 16:29:38 -0500 Subject: [geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates In-Reply-To: <20040126200248.27539@smtp.haun-online.de> References: <20040126200248.27539@smtp.haun-online.de> Message-ID: <401586C2.1080300@abtech.org> Dirk, How much longer do you plan on support 1.3.7? I know you had discussed earlier that this may be the last security fix. If so you might want to mention that in the article or at least as a comment to the article so people can start upgrading (or planning to upgrade) to 1.3.8. On that same note what is the progress with 1.3.9. Are there any areas where you could use help getting the release out. I know you mailed a summary of things needed for 1.3.9 a couple months ago, what is the status of those? Thanks, Vinny geeklog-announce-admin at lists.geeklog.net wrote: >Security updates for Geeklog 1.3.8-1sr3 and 1.3.7sr4 are available for >download now, addressing a variety of security issues. Please see > > http://www.geeklog.net/article.php?story=20040126141531711 > >for details. We suggest you upgrade your site(s) at your earliest convenience. > >bye, Dirk > > > > From dirk at haun-online.de Mon Jan 26 17:08:02 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 26 Jan 2004 23:08:02 +0100 Subject: [geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates In-Reply-To: <401586C2.1080300@abtech.org> References: <401586C2.1080300@abtech.org> Message-ID: <20040126220802.9220@smtp.haun-online.de> Vinny, >How much longer do you plan on support 1.3.7? I would prefer to drop it sooner rather than later (getting some of the new fixes into the old code was a bit of a pain). If it weren't for me running a 1.3.7 site myself ... Once 1.3.9 is finally out, that will certainly be the end of the 1.3.7 support. >On that same note what is the progress with 1.3.9. Are there any areas >where you could use help getting the release out. I know you mailed a >summary of things needed for 1.3.9 a couple months ago, what is the >status of those? Good question. There's that tedious bit of work of having to review each and every parameter that's passed in a POST or GET and applying COM_applyFilter to it. I've already decided to leave the admin/*.php files for later. The files in public_html are mostly done, although usersettings.php and calendar.php are only half done and I haven't even started on the search (i.e. actually the search class, as search.php doesn't include much code any more). And while reviewing the code, I keep finding little oddities and bugs (two of which are fixed in today's security release). E.g. when deleting a user, we leave quite a few things orphaned, i.e. with an owner_id that doesn't exist any more (links, events, blocks, ...). I also have an ever-increasing list of tiny "it would be extremely nice to have" things - I guess I just have to cut short that list and try to get through with the above. bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/ From dirk at haun-online.de Mon Jan 26 17:13:57 2004 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 26 Jan 2004 23:13:57 +0100 Subject: [geeklog-devel] Group Admin revisited Message-ID: <20040126221357.22111@smtp.haun-online.de> In the wake of bug #135 (Group Admin can become Root - fixed with the latest security release), I'd like to discuss the idea behind how Group Admin works at the moment. Samuel Stone, who found the above bug, wrote: >There is another issue. While the Root access >problem is solved, I can not limit permission on other items if I give >that person Users Admin permission. > >For example, I give him User Admin but not Plugin Admin. He can still >change his own user permission to include Plugin Admin. > >I think the logic is to hide all the non-permitted check boxes for the >Users admin. My first reaction was "okay, so maybe we need two sorts of Group Admins". But the more I think about it, the more Sam's suggestion makes sense. Is there any reason why a Group Admin should be able to assign someone to a group in which he himself is not a member? I can't think of one. Tony? Anyone? bye, Dirk -- http://www.haun-online.de/ http://www.macosx-faq.de/ From geeklog at langfamily.ca Mon Jan 26 17:51:38 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Mon, 26 Jan 2004 17:51:38 -0500 Subject: [geeklog-devel] Group Admin revisited References: <20040126221357.22111@smtp.haun-online.de> Message-ID: <001b01c3e45e$f5135710$640a10ac@XPBL2> If it performed that way - only able to assign members to groups he/she belonged to - it may actually be more useful. Blaine ----- Original Message ----- From: "Dirk Haun" To: Sent: Monday, January 26, 2004 5:13 PM Subject: [geeklog-devel] Group Admin revisited > In the wake of bug #135 (Group Admin can become Root - fixed with the > latest security release), I'd like to discuss the idea behind how Group > Admin works at the moment. > > Samuel Stone, who found the above bug, wrote: > > >There is another issue. While the Root access > >problem is solved, I can not limit permission on other items if I give > >that person Users Admin permission. > > > >For example, I give him User Admin but not Plugin Admin. He can still > >change his own user permission to include Plugin Admin. > > > >I think the logic is to hide all the non-permitted check boxes for the > >Users admin. > > My first reaction was "okay, so maybe we need two sorts of Group Admins". > But the more I think about it, the more Sam's suggestion makes sense. > > Is there any reason why a Group Admin should be able to assign someone to > a group in which he himself is not a member? I can't think of one. Tony? > Anyone? > > bye, Dirk > > > -- > http://www.haun-online.de/ > http://www.macosx-faq.de/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel > From geeklog at langfamily.ca Mon Jan 26 17:56:29 2004 From: geeklog at langfamily.ca (Blaine Lang) Date: Mon, 26 Jan 2004 17:56:29 -0500 Subject: [geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates References: <401586C2.1080300@abtech.org> <20040126220802.9220@smtp.haun-online.de> Message-ID: <002901c3e45f$a2b39510$640a10ac@XPBL2> Dirk wrote: >> There's that tedious bit of work of having to review each and every parameter that's passed in a POST or GET and applying COM_applyFilter to it. I've already decided to leave the admin/*.php files for later. And while reviewing the code, I keep finding little oddities and bugs (two of which are fixed in today's security release). --- Sounds a lot like my experience with the current Forum Plugin version. I also only added the GET and POST filter checks to the public scripts. And every time I went back into a program, I'd find other things to change. It seems the more I changed the more little new bugs also appeared. Just a lot of features and combinations to test. From tony at tonybibbs.com Tue Jan 27 15:01:29 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 27 Jan 2004 14:01:29 -0600 Subject: [geeklog-devel] Dumb question but.... Message-ID: <4016C399.5020902@tonybibbs.com> Can anyone tell me how www.geeklog.net is able to figure out how many anonymous users are using the site? I ask because I don't think it is immediately obvious using only the session table: mysql> select count(*) from sessions where uid = 1; +----------+ | count(*) | +----------+ | 1 | +----------+ 1 row in set (0.00 sec) That is from my session database on Iowa Outdoors and, granted it is possible to have only 1 record but highly unlikely consider the traffic I get. I have also ran that query at peak intervals and I always get 1. I'd like to show this information on my site but the solution, which I am guessing is trivial, isn't so obvious to me. --Tony From tony at tonybibbs.com Wed Jan 28 13:32:00 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 28 Jan 2004 12:32:00 -0600 Subject: [geeklog-devel] Groklaw Message-ID: <40180020.8000700@tonybibbs.com> I can't hardly go a day anymore before someone in my circle of techies mentions something about Groklaw.net running Geeklog. I too am pretty excited about it but I think we should their popularity and those of other Geeklog sites to talk about scaling issues. I know masosxhints.com does a lot of traffic as does groklaw.net and I'm interested how they have managed to scale Geeklog. Groklaw has been /.'d a few times and is always up when I visit it. Now, having authored my fair share of GL, I find this pleasantly surprising but I'd like ot know what they are doing. Are they simply using beefy boxes and ISP's with fat pipes or are there some other things under the hood. Any of you have an answers to this? --Tony From robg at macosxhints.com Wed Jan 28 20:50:48 2004 From: robg at macosxhints.com (Rob Griffiths) Date: Wed, 28 Jan 2004 17:50:48 -0800 Subject: [geeklog-devel] Groklaw In-Reply-To: <40180020.8000700@tonybibbs.com> References: <40180020.8000700@tonybibbs.com> Message-ID: <8FDE71D7-51FD-11D8-B5AF-000A9599CF26@macosxhints.com> On Jan 28, 2004, at 10:32 AM, Tony Bibbs wrote: > their popularity and those of other Geeklog sites to talk about > scaling issues. I know masosxhints.com does a lot of traffic as does > groklaw.net and I'm interested how they have Don't forget about MacFixIt, probably the king of volume at the moment. macosxhints.com is doing about 7gb to 8gb a day, with 1,000,000+ page views a month, and we haven't had any problems with Geeklog keeping pace -- pages still load lightning quick. According to my config guy, he just "tweaked" php.ini and mysql.conf a bit, and made sure that the pconnect was disabled. In addition, we threw a really big hardware box at it -- a dual Xeon machine with 2gb of RAM, and it's a dedicated server just for hints and the forum site (and a few very tiny family sites). We're still running 1.37 (all security updates applied, I think), though I have 1.38 running locally and hope to get it online Someday Really Soon Now. > know what they are doing. Are they simply using beefy boxes and ISP's > with fat pipes or are there some other things under the hood. Any of > you have an answers to this? Our ISP (ev1.net) definitely has fat pipes, and provides a lot of bandwidth (1.2 terabytes), which is very nice. They seem to have one of the faster net connections I've seen (I've had four hosts in three years with macosxhints, mainly due to outgrowing all the prior providers). I think we'll be with ev1.net for a while -- until I can find a similar host offering dual XServes, so I can finally host on what I write about :). If you want, I can probably get the php.ini and mysql.cnf files for you to look at... -rob. From tony at tonybibbs.com Wed Jan 28 21:06:20 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 28 Jan 2004 20:06:20 -0600 Subject: [geeklog-devel] Groklaw In-Reply-To: <8FDE71D7-51FD-11D8-B5AF-000A9599CF26@macosxhints.com> References: <40180020.8000700@tonybibbs.com> <8FDE71D7-51FD-11D8-B5AF-000A9599CF26@macosxhints.com> Message-ID: <40186A9C.8010308@tonybibbs.com> Sure send them over, i'd be interested to see what you have. Let me know which version of the MySQL conf file yours is based on (three or so ship with the distro). Need to catch up with Marc sometime soon...haven't seen him in a while if you run into him maybe mention this thread. Oh, and 7-8Gb...wow. I'm poised to break the 3GB mark this month. Nice to keep things in perspective. --Tony Rob Griffiths wrote: > On Jan 28, 2004, at 10:32 AM, Tony Bibbs wrote: > >> their popularity and those of other Geeklog sites to talk about >> scaling issues. I know masosxhints.com does a lot of traffic as does >> groklaw.net and I'm interested how they have > > > Don't forget about MacFixIt, probably the king of volume at the moment. > macosxhints.com is doing about 7gb to 8gb a day, with 1,000,000+ page > views a month, and we haven't had any problems with Geeklog keeping pace > -- pages still load lightning quick. > > According to my config guy, he just "tweaked" php.ini and mysql.conf a > bit, and made sure that the pconnect was disabled. In addition, we > threw a really big hardware box at it -- a dual Xeon machine with 2gb of > RAM, and it's a dedicated server just for hints and the forum site (and > a few very tiny family sites). We're still running 1.37 (all security > updates applied, I think), though I have 1.38 running locally and hope > to get it online Someday Really Soon Now. > >> know what they are doing. Are they simply using beefy boxes and ISP's >> with fat pipes or are there some other things under the hood. Any of >> you have an answers to this? > > > Our ISP (ev1.net) definitely has fat pipes, and provides a lot of > bandwidth (1.2 terabytes), which is very nice. They seem to have one of > the faster net connections I've seen (I've had four hosts in three years > with macosxhints, mainly due to outgrowing all the prior providers). I > think we'll be with ev1.net for a while -- until I can find a similar > host offering dual XServes, so I can finally host on what I write about :). > > If you want, I can probably get the php.ini and mysql.cnf files for you > to look at... > > -rob. > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://lists.geeklog.net/listinfo/geeklog-devel -- +-------------------+--------------------------------------------------+ |Tony Bibbs |[R]egardless of what you may think of our penal | |tony at tonybibbs.com |system, the fact is that every man in jail is one | | |less potential fisherman to clutter up your | | |favorite pool or pond. --Ed Zern | +-------------------+--------------------------------------------------+ From tony at tonybibbs.com Wed Jan 28 21:10:46 2004 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 28 Jan 2004 20:10:46 -0600 Subject: [geeklog-devel] Server changes coming... Message-ID: <40186BA6.4090503@tonybibbs.com> I am busy getting the current server that hosts CVS and project.geeklog.net upgraded and moved to a colo. In doing this I think we should at least consider if we don't want to move CVS and the project site to Pair. I only mention this because we have a dedicated server for www.geeklog.net and it seems to make sense to have it all on one server (until the MySQL instance dies). Any thoughts? Also, if we decide to leave things as they are I will have to move CVS and the project site to a temporary server (along with iowaoutdoors.org). This server is a dual pentium pro with only 256MB RAM so there may be a noticeable difference in performance. This is only needed until I can get Gentoo installed on the server and get it moved over to my colo where I can move everything back to it. --Tony +-------------------+--------------------------------------------------+ |Tony Bibbs |[R]egardless of what you may think of our penal | |tony at tonybibbs.com |system, the fact is that every man in jail is one | | |less potential fisherman to clutter up your | | |favorite pool or pond. --Ed Zern | +-------------------+--------------------------------------------------+ From dirk at haun-online.de Fri Jan 30 14:07:56 2004 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 30 Jan 2004 20:07:56 +0100 Subject: [geeklog-devel] Server changes coming... In-Reply-To: <40186BA6.4090503@tonybibbs.com> References: <40186BA6.4090503@tonybibbs.com> Message-ID: <20040130190756.19124@smtp.haun-online.de> Tony, >In doing this I think >we should at least consider if we don't want to move CVS and the project >site to Pair. I only mention this because we have a dedicated server >for www.geeklog.net and it seems to make sense to have it all on one >server (until the MySQL instance dies). Any thoughts? Err, can we even do this? For one, we don't have root access on that server and the project site would need postgres installed to run. Similar issues with CVS. >Also, if we decide to leave things as they are I will have to move CVS >and the project site to a temporary server Any idea for how long? bye, Dirk -- http://www.haun-online.de/ http://mypod.de/ From dirk at haun-online.de Sat Jan 31 09:16:48 2004 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 31 Jan 2004 15:16:48 +0100 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <4005AAB8.4040001@abtech.org> References: <4005AAB8.4040001@abtech.org> Message-ID: <20040131141648.2471@smtp.haun-online.de> Vinny, >I wrote this against the current CVS version of geeklog-1.3. [...] Like >staticpages, it is keyed on the $_CONF['url_rewrite'] variable. I've integrated these patches into CVS now. Thanks! I played around with it and noticed that the URL rewriting has one drawback: It's not flexible enough to handle varying parameters, e.g. http://www.geeklog.net/article.php/20031228224244779/print http://www.geeklog.net/article.php/20031228224244779/Gallery where the first one would be a link to the printer-friendly version (i.e. &mode=print without rewriting) and the second one highlighting the word "Gallery" when being returned from a search (i.e. &query=Gallery without rewriting). So at the moment, we have a mixture of both rewritten and normal links. Not really a problem, but it looks a bit odd. >I'd also like to add the recommendation that the >"start_readmore_anchortag" and "end_readmore_anchortag" be available to >the template regardless of whether there is more text to read. I've introduced an {article_url} variable now that you could use for a "link to this story" link (as seen on many news sites). Wouldn't that accomplish the same result? bye, Dirk -- http://www.haun-online.de/ http://www.haun.info/ From vmf at abtech.org Sat Jan 31 11:02:16 2004 From: vmf at abtech.org (Vincent Furia) Date: Sat, 31 Jan 2004 11:02:16 -0500 Subject: [geeklog-devel] Search Engine Friendly URLs for Stories In-Reply-To: <20040131141648.2471@smtp.haun-online.de> References: <4005AAB8.4040001@abtech.org> <20040131141648.2471@smtp.haun-online.de> Message-ID: <401BD188.90707@abtech.org> Dirk Haun wrote: >Vinny, > > > >>I wrote this against the current CVS version of geeklog-1.3. [...] Like >>staticpages, it is keyed on the $_CONF['url_rewrite'] variable. >> >> > >I've integrated these patches into CVS now. Thanks! > >I played around with it and noticed that the URL rewriting has one >drawback: It's not flexible enough to handle varying parameters, e.g. > > http://www.geeklog.net/article.php/20031228224244779/print > http://www.geeklog.net/article.php/20031228224244779/Gallery > >where the first one would be a link to the printer-friendly version (i.e. >&mode=print without rewriting) and the second one highlighting the word >"Gallery" when being returned from a search (i.e. &query=Gallery without >rewriting). > >So at the moment, we have a mixture of both rewritten and normal links. >Not really a problem, but it looks a bit odd. > > > > I'll try a couple things, I might be able to figure something out. >>I'd also like to add the recommendation that the >>"start_readmore_anchortag" and "end_readmore_anchortag" be available to >>the template regardless of whether there is more text to read. >> >> > >I've introduced an {article_url} variable now that you could use for a >"link to this story" link (as seen on many news sites). Wouldn't that >accomplish the same result? > > > That's works great Dirk. I look forward to having it. Thanks, Vinny