Re: [josm-dev] JOSM layer symbology
On Fri, 25 Feb 2011, PJ Houser wrote: We're using JOSM to edit OSM data but have multiple layers. We have a layer with the target data (up-to-date public domain gov't data), a layer showing erroneous OSM segments (created by a spatial query in ArcMap), the full current OSM layer, and an aerial layer. We would like to change the colors of each layer so it is easier to see which layer is which on the rendering, but right now, we only know how to change inactive vs active layer colors. We'd like to change some basic symbology - like line thickness on each of the layers (but different thicknesses for each layer) and layer color (different for each layer). For GPX this would be easy. Right click in layer list and select these properties. For different OSM layers you have no solution ATM. But if you only want the geometry data, you can convert the data layers to GPX and then use GPX possibilities. Ciao -- http://www.dstoecker.eu/ (PGP key available) ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] Mandatory login for JOSM wiki
On Sat, 26 Feb 2011, Frederik Ramm wrote: with so many JOSM configuration details (list of imagery sources, list of map styles, and presets) now in the JOSM trac/wiki instead of in (either JOSM's or OSM's) SVN, I suggest that we disallow anonymous editing. There's now too much potential to wreak havoc and we wouldn't even know who did it. No, we don't want that really. Anonymous editing is a major part of the JOSM concept till now and most important contributions are anonymous or not logged in and I spent really a lot of time into improving the Trac spamfilter to be a usable tool to find potential issues. Beside this Sebastian and I monitor every change afterwards and check if they are dangerous or spammy. Yes, there will be a time inbetween, when dangerous stuff can be included, But this is a problem with OpenSource in general. Users who Activate everything as soon as they see it will have problems, but any normal user only activating extensions when really needing or wanting them will not have any troubles. The biggest and in my eyes only important issue is the possibility to have malicious plugins and we can't anyway do anything against this without preventing plugins. Ciao -- http://www.dstoecker.eu/ (PGP key available) ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] Netbeans // older josm code?
On Sat, Feb 26, 2011 at 12:45:04AM -0300, Werner Horsch wrote: Question I'm updating an old coded plugin and in order to understand some stuff I need to look to some old way.java file, probably from 2008 How do I find it? You can use svn log -v for this. If you know the directory where file was at that time, you can limit the search by giving an argument, such as svn log -v http://svn.openstreetmap.org/applications/editors/josm/plugins/x | less In the log output, using your favourite pager (less in the above example) you can search for the file name or the approximate date. Then you can do something like this: svn cat -r12345 http://svn.openstreetmap.org/applications/editors/josm/plugins/x/way.java svn update -r12345 plugins/x/way.java (if it exists in your working copy) svn checkout -r12345 plugins/x/way.java (Note that the JOSM core is at http://josm.openstreetmap.de/svn/trunk, but plugins are in the OpenStreetMap Subversion repository.) I suggest that you visit http://subversion.apache.org/docs/ or http://svnbook.red-bean.com/. Best regards, Marko ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] New Tested
On Sat, 26 Feb 2011, Dirk Stöcker wrote: 2. what parts of JOSM will not work as long as the server is down? Every automatism (update-list, plugins-list, style-list, help and start page), and Yahoo download. For all of these users would need to do the manual way - download and install :-) The same as when using JOSM offline. To make it clearer: JOSM accesses following server values: /plugins * collected list of plugins and their meta information /plugin-icons.zip * collected list of plugin icons to make plugin table nicer /styles * collected list of external styles to be used for installation /presets * collected list of external presets to be used for installation - StartupPage and Help as well as their translations for display - Yahoo-WMS-Access-script None of these are criticial infrastructure and all pass through certain layers of security checks, so malcontent must be carefully crafted. The easiest is to write a dangerous plugin (due to bugs in older versions you can produce exceptions (e.g. NPE) with crafted styles/presets as well). Attacking through the web-services itself is much more complicated, as you need to trick Trac as well as the JOSM server checks and JOSM itself. Yes, it is possible, but even if I spend my whole days checking and fixing holes I can't prevent it. Since the time we accessed the web-pages directly to extract information, there have been many improvements and the newest changes again reduce the influence of external hosted contents. It is much easier to have plugins in OSM-SVN than to develop them external, so nearly all of them are in OSM-SVN, where we can have a look at. Now we created a system, which makes adding styles/presets in the wiki much easier than handling them externally, so the number of externally managed content will decrease over time and it is easier to have a look at that stuff. Ciao -- http://www.dstoecker.eu/ (PGP key available)___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] single session authenticatoin
Mikel Maron wrote: Wondering about --D. I assume java is passing that into josm as an environment variable? Could the same be done with a blank login and password? If so, how would that look? No, doesn't work at the moment. But it is actually a nice idea to allow overriding arbitrary preference entries on the command line. I may look into that after next release. Sebastian ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] New Tested
Frederik Ramm wrote: Hi, Dirk Stöcker wrote: Please note also, that this week a new server infrastructure has been established. JOSM mappaint styles, mapcss styles and JOSM presets can now be made in the JOSM Trac wiki pages. Assuming there was some catastrophic server failure, and further assuming that you are not personally available to fix things - 1. will anyone else in the world be able to re-create the trac setup that you have created? Are any of the core JOSM developers involved? I know that I'm not and to me it looks like quite a maze! How long would it take someone to create the required infrastructure? Is there documentation? (Don't say yes, in trac ;) Are there backups that include all the config files etc.? I don't think it is that bad. :) As Dirk said, the magic is contained in 2 single files: The cronjob and the trac plugin. 2. what parts of JOSM will not work as long as the server is down? JOSM runs just fine without the josm.openstreetmap.de server. Dirk listed most of the server dependent services, let me add that it can't update the list of available wms/tms urls and the bug report system won't be able to redirect to trac, obviously. All files loaded from a remote server are cached locally for 7 days. (But it keeps the old copy if update fails.) There are 3 exceptions to this rule: * plugin update is always on demand * list of users that agreed to the CT is cached only 2 hours * wiki help content (including message of the day) isn't cached at all So basically no functionality accesses the server, unless it is absolutely necessary. (Yes, we could distribute the wiki help, but this also means you get outdated information and the size of josm-*.jar increases.) In addition, everything can be done manually (plugin installation, adding presets, styles and imagery urls). Sebastian ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] Mandatory login for JOSM wiki
Dirk Stöcker wrote: The biggest and in my eyes only important issue is the possibility to have malicious plugins and we can't anyway do anything against this without preventing plugins. Yes we can: (1) Make clear whether a plugin is from openstreetmap svn or an external binary (e.g. move external plugins to a 2nd tab in the preferences or remove them from the public list altogether). (2) Introduce nightly builds for plugins and allow to ping the server for an intermediate build. I think measure (1) can be done in a weaker form right now (short note in the plugin description), but we should keep our environment as open as possible. Measure (2) isn't necessary for security reasons in my opinion, but would improve the plugin work flow in general. In fact, only 2 out of all 65 plugins are external at the moment. However, many svn plugins have been external in the past and got integrated later. I guess the main reason is, that josm changes too often and as plugin author it is hard to keep up with that. (Core developers care for plugins that are in svn.) It seems to me, there are two main reasons for authors to add external plugins: On the one hand some people are too shy to ask for a svn account and like to build in their own familiar environment. On the other hand there are developers that would be capable of adding their sources to svn, but prefer not to do so for some reason (e.g. git fetishists or control freaks). I guess we can live without the second kind but there is no reason to be unkind to beginners. Sebastian ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] Mandatory login for JOSM wiki
On Sat, 26 Feb 2011, Sebastian Klein wrote: Dirk Stöcker wrote: The biggest and in my eyes only important issue is the possibility to have malicious plugins and we can't anyway do anything against this without preventing plugins. Yes we can: (1) Make clear whether a plugin is from openstreetmap svn or an external binary (e.g. move external plugins to a 2nd tab in the preferences or remove them from the public list altogether). (2) Introduce nightly builds for plugins and allow to ping the server for an intermediate build. I think measure (1) can be done in a weaker form right now (short note in the plugin description), but we should keep our environment as open as possible. Measure (2) isn't necessary for security reasons in my opinion, but would improve the plugin work flow in general. Well, you assume that OSM-SVN is much better than external plugins. I doubt that. If I'm willing I think I'm able to craft code in a way, so that brief review will not find the malicious parts. So even the storage of code in OSM-SVN will not really be safe. This is the major reason, why my rules for JOSM-SVN are more strict (I need to trust the contributor). I think the major reason, why we have nearly no external plugins: - automatic translation - automatic version management for older versions - automatic updates in case of JOSM changes Most plugins started external and after the first issues with version changes we convinced authors to use SVN in future :-) So instead of forbidding (which I never like) I try to provide additional features as encouragement and it seems this works good. I don't think it necessary to get stricter rules at all. In case we have trouble, we may change our policy, but as long as everything is fine we should be as open as possible. For example our bug tracker does not need registration, which is very seldom nowadays. This means we have to care a lot more about SPAM and also it means we get a lot of reports, which don't help us a lot, as questions aren't answered, but it means also that we get a large number of very helpful reports. So the same for plugins. Our open policy caused a lot of plugins introducing new features and attracted new developers. I don't want to change this without a real reason. Ciao -- http://www.dstoecker.eu/ (PGP key available)___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] New Tested
On Sat, 26 Feb 2011, Sebastian Klein wrote: JOSM runs just fine without the josm.openstreetmap.de server. Dirk listed most of the server dependent services, let me add that it can't update the list of available wms/tms urls Ooops, forgot that one. Probably because I never had trouble with it yet. * wiki help content (including message of the day) isn't cached at all Hah, here you are wrong. The MOTD is cached, but it uses a different cache than the other files :-) BTW: For JOSM we have nearly no attacks which aren't automatic SPAM. Maybe one or twice a month real persons try to get some strange stuff into the wiki/tickets. I care for the spam filtering on the main Trac website as well and there the situation is much different (human based attacks every day). Both sites are approximately equal when looking a the real usage. Best I still like the ones uploading a picture to a wiki page stating You have been hacked. Really the work of a hacker, isn't it :-) Ciao -- http://www.dstoecker.eu/ (PGP key available) ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
[josm-dev] Unable to checkout all JOSM plugins (fails on smed)
I'm trying to checkout the all JOSM plugins, but it keeps failing in the smed directory: Error: In directory 'C:\devel\josm\plugins\smed\plugs\oseam\src\images' Error: Can't open file Error: 'C:\devel\josm\plugins\smed\plugs\oseam\src\images\.svn\tmp\text-base\tower.png.svn-base': Error: The system cannot find the file specified. Someone mentioned this on the Help OSM site [1], but no satisfactory answer was given. Any ideas why? I of course can get around this (unless I want to use smed, which I don't), but it's annoying and seems like something's corrupt. Thanks, -Josh [1]: http://help.openstreetmap.org/questions/2778/svn-download-fails ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev