Re: Comment system, take two and a half
On 5/29/2012 9:35 AM, Rich Bowen wrote: > In my view of this, comments should *not* be considered a permanent > part of the document. Either they get incorporated into the document > itself, or they get flushed. I really don't want to see comments > sticking around forever on a doc. I consider them to be more of a > means of contributing to the doc effort. Big +1 to this. -- Daniel Ruggeri
Re: Comment system, take two and a half
On May 29, 2012, at 5:04 AM, Graham Leggett wrote: > On 29 May 2012, at 8:50 AM, Daniel Gruno wrote: > >>> Each branch different, 2.2 & 2.4 have some big differences between >>> them in various areas. My 2 cents anyway. >> What I'm perhaps more curious to get sorted out is whether we should >> consider the trunk and the 2.4 documentation separate entities, or >> whether they should be linked, comment-wise. Currently, they are pretty >> much identical, but in the future it may be a good idea to keep them >> separate as we move towards 2.5/2.6. > > My gut feel is that trunk shouldn't have comments at all - trunk is fluid, > and changes without warning. Comments are very likely to get stale and become > more of a problem than a help. I've come around to thinking that they should be separate. I think it'll be useful to have comments on trunk, but, particularly on trunk, there needs to be no expectation that comments will stick around for any time at all. In my view of this, comments should *not* be considered a permanent part of the document. Either they get incorporated into the document itself, or they get flushed. I really don't want to see comments sticking around forever on a doc. I consider them to be more of a means of contributing to the doc effort. -- Rich Bowen rbo...@rcbowen.com :: @rbowen rbo...@apache.org
Re: Comment system, take two and a half
On 29 May 2012, at 8:50 AM, Daniel Gruno wrote: >> Each branch different, 2.2 & 2.4 have some big differences between >> them in various areas. My 2 cents anyway. > What I'm perhaps more curious to get sorted out is whether we should > consider the trunk and the 2.4 documentation separate entities, or > whether they should be linked, comment-wise. Currently, they are pretty > much identical, but in the future it may be a good idea to keep them > separate as we move towards 2.5/2.6. My gut feel is that trunk shouldn't have comments at all - trunk is fluid, and changes without warning. Comments are very likely to get stale and become more of a problem than a help. Regards, Graham --
Re: Comment system, take two and a half
On 05/28/2012 09:38 PM, Gregg Smith wrote: > Each branch different, 2.2 & 2.4 have some big differences between > them in various areas. My 2 cents anyway. What I'm perhaps more curious to get sorted out is whether we should consider the trunk and the 2.4 documentation separate entities, or whether they should be linked, comment-wise. Currently, they are pretty much identical, but in the future it may be a good idea to keep them separate as we move towards 2.5/2.6. With regards, Daniel.
Re: Comment system, take two and a half
On 5/27/2012 3:20 PM, Daniel Gruno wrote: We could insist that all comments be made in English unless they are related to a specific translations, and as long as we keep the translations up to date with the suggestions and delete comments as they are implemented, there shouldn't be much clutter. 1 comment system, should request they be in English. Examples posted will benefit everyone this way. And if they post in some other language, people can always use one of the online translators on them. - When this moves to 2.4 and possibly 2.2, should we keep each branch separate, or should we unify it? That is, should f.x. core.html show the same comments for 2.2, 2.4 and trunk combined, or should they be kept separate? Each branch different, 2.2 & 2.4 have some big differences between them in various areas. My 2 cents anyway. Regards Gregg
Re: Comment system, take two and a half
Most of the kinks in the new comment system have now been sorted, as has most of the question on the actual implementation of it. However, a few questions remain, that I'd like some input on if possible: - Should we keep the various translations separate, or should it be one unified commentary? i.e. should the French pages separate comments from the English pages, or should they all just roll with the same comments? We could insist that all comments be made in English unless they are related to a specific translations, and as long as we keep the translations up to date with the suggestions and delete comments as they are implemented, there shouldn't be much clutter. - When this moves to 2.4 and possibly 2.2, should we keep each branch separate, or should we unify it? That is, should f.x. core.html show the same comments for 2.2, 2.4 and trunk combined, or should they be kept separate? I'm leaning towards the latter myself, as a lot of pages really have changed quite a bit, and it'd become confusing if someone is suddenly commenting on a 2.2 issue and it shows up in the 2.4 docs. Any input would be greatly appreciated. With regards, Daniel. On 05/23/2012 08:07 PM, Daniel Gruno wrote: > Since people have begun talking about the idea of hosting/using this > system within the ASF, I've added some more kinks to the system now. > > Those of you who have created an account (or those who create one and > let me know) will now see a "moderate" link when they are viewing > comments while logged in. This will take them to a new moderator site, > where it's possible to track the latest activity, delete threads and > track specific origins (origin tracking only applies to posts made after > I revamped the moderator system, so old posts can't be tracked). > > An origin is basically a digest of an IP address (to both preserve the > privacy policy and get rid of any trouble with IPv4/IPv6 mingling), and > it allows you to either ban an origin from posting, view and delete any > comments made by that origin or simply nuke everything ever posted by > that origin. You can also opt in or out of receiving email notifications > when a new post is being made (and opting in/out on a specific page is > in the works). If you like, you can also register new sites to be used > with the comment system. > > If you want to test out the features, be my guest and spam away on the > trunk pages, so you can nuke your own origin to bits :) > > If this moves to infra, the plan is to use the committer IDs as your new > login, so all committers essentially become moderators, but will still > have to opt in in order to receive email notifications of new posts on > the site (unless it's a reply to their own post, in which case they'll > get a reply anyway) > > With regards, > Daniel. > > - > To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org > For additional commands, e-mail: docs-h...@httpd.apache.org >
Comment system, take two and a half
Since people have begun talking about the idea of hosting/using this system within the ASF, I've added some more kinks to the system now. Those of you who have created an account (or those who create one and let me know) will now see a "moderate" link when they are viewing comments while logged in. This will take them to a new moderator site, where it's possible to track the latest activity, delete threads and track specific origins (origin tracking only applies to posts made after I revamped the moderator system, so old posts can't be tracked). An origin is basically a digest of an IP address (to both preserve the privacy policy and get rid of any trouble with IPv4/IPv6 mingling), and it allows you to either ban an origin from posting, view and delete any comments made by that origin or simply nuke everything ever posted by that origin. You can also opt in or out of receiving email notifications when a new post is being made (and opting in/out on a specific page is in the works). If you like, you can also register new sites to be used with the comment system. If you want to test out the features, be my guest and spam away on the trunk pages, so you can nuke your own origin to bits :) If this moves to infra, the plan is to use the committer IDs as your new login, so all committers essentially become moderators, but will still have to opt in in order to receive email notifications of new posts on the site (unless it's a reply to their own post, in which case they'll get a reply anyway) With regards, Daniel.
Re: Comment system, take two
On 05/23/2012 09:15 AM, Tony Stevenson wrote: > I said running php on the main webservers would very likely with a no, I didnt say it would do that. If the service doesnt have to run on the same vhost as the main httpd.a.o site then we could run the service elsewhere in our infrastructure. Sorry, yes, what I meant to say was that hosting on httpd.a.o would likely be a no, which is completely fine, as it doesn't need to be hosted in any specific location. I've talked to Joe this morning about the possibility of setting up a place within the Apache space for hosting it in the future, once the remaining kinks have been sorted out. I'll keep people apprised of how this progresses. I've also updated the wiki entry on the comments proposal ( http://wiki.apache.org/httpd/DocsCommentSystem ) to reflect the changes going on. Last but not least, I've rolled out the system to the entire trunk (so there's no more "comments disabled" notices), so let's see how things work out :) With regards, Daniel.
Re: Comment system, take two
Daniel Gruno wrote on Wed, May 23, 2012 at 04:47:10AM +0200: > On 05/22/2012 11:25 PM, Rainer Jung wrote: > > I like it. > > > > +1 > > > > Concerning production readyness, some points come to mind: > > > > - Did you pay attention on escaping problematic input? I saw some > > escaping, but didn't thoroughly test it. We don't want XSS and such. > Yes, because the text is inserted using Document.CreateTextNode, all > that is injected is pure text - HTML tags and the likes should not be > possible to inject in any way other than as pure text. Special tags like > <, >, \ etc are escaped in advance, but this is just so it will display > the characters and not make them invisible. No HTML should be injectable. > > > - Is there some safety against brute force password hacking for the > > registered people, especially the moderators? E.g. locking accounts > > after a few wrong passwords. > > > Yup, more than 5 bad attempts will start making it difficult for you to > try logging in. > > - Since we want to host it later inside ASF infra: what are the infra > > requirements? It seems the server part is written in Lua? Is it based > > on httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar? > > > Gee, what gave it away? ;) > Right now it's written in Lua yes (should anyone be interested in the > source code, I'd be happy to provide a link to it), and run on 2.4.2 > with mod_pLua (a distant cousin to mod_lua that offers me a bit more > flexibility as well as access to POST data*hint hint*). One of the nice > things about writing it in Lua is that it is quite easy to port it to > other languages such as php or perl, should this be needed. The scripts > themselves are quite small, since most of the work is done via JavaScript. > > I have already asked Tony if we could host this on httpd.a.o, and the > answer was a kind no since it would require enabling php or mod_plua for > the site, which would either (in the case of plua) be something new and > untested or (in the case of php) bloat up the server. So, while we get > all that sorted out, I'm more than happy to host it myself. I said running php on the main webservers would very likely with a no, I didnt say it would do that. If the service doesnt have to run on the same vhost as the main httpd.a.o site then we could run the service elsewhere in our infrastructure. > > Having said that, it would indeed be nice if we could find somewhere on > infra where this could be hosted, so we could also share the tool with > other sites wishing to incorporate comments in their system. > > > Thanks! > > > > Rainer > > > > - > > To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org > > For additional commands, e-mail: docs-h...@httpd.apache.org > > > With regards, > Daniel. > -- Cheers, Tony --- Tony Stevenson t...@pc-tony.com // pct...@apache.org // t...@caret.cam.ac.uk GPG: 1024D/51047D66 http://blog.pc-tony.com --- signature.asc Description: Digital signature
Re: Comment system, take two
On 05/22/2012 11:25 PM, Rainer Jung wrote: > I like it. > > +1 > > Concerning production readyness, some points come to mind: > > - Did you pay attention on escaping problematic input? I saw some > escaping, but didn't thoroughly test it. We don't want XSS and such. Yes, because the text is inserted using Document.CreateTextNode, all that is injected is pure text - HTML tags and the likes should not be possible to inject in any way other than as pure text. Special tags like <, >, \ etc are escaped in advance, but this is just so it will display the characters and not make them invisible. No HTML should be injectable. > - Is there some safety against brute force password hacking for the > registered people, especially the moderators? E.g. locking accounts > after a few wrong passwords. > Yup, more than 5 bad attempts will start making it difficult for you to try logging in. > - Since we want to host it later inside ASF infra: what are the infra > requirements? It seems the server part is written in Lua? Is it based > on httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar? > Gee, what gave it away? ;) Right now it's written in Lua yes (should anyone be interested in the source code, I'd be happy to provide a link to it), and run on 2.4.2 with mod_pLua (a distant cousin to mod_lua that offers me a bit more flexibility as well as access to POST data*hint hint*). One of the nice things about writing it in Lua is that it is quite easy to port it to other languages such as php or perl, should this be needed. The scripts themselves are quite small, since most of the work is done via JavaScript. I have already asked Tony if we could host this on httpd.a.o, and the answer was a kind no since it would require enabling php or mod_plua for the site, which would either (in the case of plua) be something new and untested or (in the case of php) bloat up the server. So, while we get all that sorted out, I'm more than happy to host it myself. Having said that, it would indeed be nice if we could find somewhere on infra where this could be hosted, so we could also share the tool with other sites wishing to incorporate comments in their system. > Thanks! > > Rainer > > - > To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org > For additional commands, e-mail: docs-h...@httpd.apache.org > With regards, Daniel.
Re: Comment system, take two
=== Sorry, sent again, because I forgot the docs list === On 21.05.2012 23:04, Daniel Gruno wrote: In light of recent concerns about the Disqus system, I've taken it upon myself to figure out an alternative we can use for adding comments to our pages. And so, through the better half of a day, I worked on creating a new system that is without any evil tracking mechanisms of any sort except for what people themselves will allow - that is, only information that is willingly entered will be stored, no IPs or such. Great! The result (thus far) can be seen at a small test page I made for the http project at http://c.apaste.info/httpd.html - feel free to give it a test spin and see what you like. I like it. +1 Concerning production readyness, some points come to mind: - Did you pay attention on escaping problematic input? I saw some escaping, but didn't thoroughly test it. We don't want XSS and such. - Is there some safety against brute force password hacking for the registered people, especially the moderators? E.g. locking accounts after a few wrong passwords. - Since we want to host it later inside ASF infra: what are the infra requirements? It seems the server part is written in Lua? Is it based on httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar? Thanks! Rainer
Re: Comment system, take two
On 21.05.2012 23:04, Daniel Gruno wrote: In light of recent concerns about the Disqus system, I've taken it upon myself to figure out an alternative we can use for adding comments to our pages. And so, through the better half of a day, I worked on creating a new system that is without any evil tracking mechanisms of any sort except for what people themselves will allow - that is, only information that is willingly entered will be stored, no IPs or such. Great! The result (thus far) can be seen at a small test page I made for the http project at http://c.apaste.info/httpd.html - feel free to give it a test spin and see what you like. I like it. +1 Concerning production readyness, some points come to mind: - Did you pay attention on escaping problematic input? I saw some escaping, but didn't thoroughly test it. We don't want XSS and such. - Is there some safety against brute force password hacking for the registered people, especially the moderators? E.g. locking accounts after a few wrong passwords. - Since we want to host it later inside ASF infra: what are the infra requirements? It seems the server part is written in Lua? Is it based on httpd 2.4 with mod_lua, or just Lua in CGI scripts or similar? Thanks! Rainer
Re: Comment system, take two
On 2012 5 21 17:04, "Daniel Gruno" wrote: > > In light of recent concerns about the Disqus system, I've taken it upon > myself to figure out an alternative we can use for adding comments to > our pages. And so, through the better half of a day, I worked on > creating a new system that is without any evil tracking mechanisms of > any sort except for what people themselves will allow - that is, only > information that is willingly entered will be stored, no IPs or such. > > The result (thus far) can be seen at a small test page I made for the > http project at http://c.apaste.info/httpd.html - feel free to give it a > test spin and see what you like. > Very cool, Daniel. Thanks for this work. +1 to moving forward to testing it in some portion of the trunk docs.
Comment system, take two
In light of recent concerns about the Disqus system, I've taken it upon myself to figure out an alternative we can use for adding comments to our pages. And so, through the better half of a day, I worked on creating a new system that is without any evil tracking mechanisms of any sort except for what people themselves will allow - that is, only information that is willingly entered will be stored, no IPs or such. The result (thus far) can be seen at a small test page I made for the http project at http://c.apaste.info/httpd.html - feel free to give it a test spin and see what you like. Quick primer: Click on "add a comment" to add a comment, or click on "reply" to add a reply to an existing comment. You can use the "log in" link to the far right to create a permanent account which will save you the trouble of having to type your name/email whenever you want to make a new comment. People that register an account can also be added as moderators/admins, and thus delete posts as they see fit. Furthermore, moderators receive notifications when a new comment has been made on a page, and can thus quickly react if something needs deleting. There is a small touring test in action when you submit a comment, so automated spamming should not be a huge problem. So, basically the same stuff as we had with Disqus, albeit on a smaller, less fancy scale and without a big disclaimer. If there are no objections, I intend to try this commentary system out on a portion of the trunk tomorrow, and then we'll wrap up with some Q&A on the ML to get the last few things sorted out, and finally vote on the matter sometime soon. Should any committer wish to become a moderator (not that there's a whole lot to do), just reply on the ML and you'll get added if you've created an account. With regards, Daniel.
