|↑back Search ←Prev date Next date→ Show only urls||(Click on time to select a line by its url)|
|***||HaraldJoerg has left||[00:50]|
|gac410||Hi all, I've been looking at Item652 and Item710. I can't see how blocking the user after an email failure actually prevents wikispam. Bad domains and userids don't result in SMTP failure, they result in a bounce.||[01:03]|
|FoswikiBot||http://foswiki.org/Tasks/Item652 [ Item652: Register can fail midway and leave the registration half done making re-registration impossible. ] http://foswiki.org/Tasks/Item710 [ Item710: registration failure due to email created topics but loses the password (deferred to 1.1) ]||[01:04]|
|gac410||The only thing I can see this code doing is messing up the first registration on system with misconfigured email.
With email configured correctly I can register bogus users and emails repeatedly. The way to solve that is through confirmation.
|..... (idle for 21mn)|
|Item2196 - same issue.||[01:27]|
|FoswikiBot||http://foswiki.org/Tasks/Item2196 [ Item2196: Email errors not handled well during registration ]||[01:27]|
|.............................. (idle for 2h27mn)|
|gac410||Have you ever heard of the "remove registration after SMTP failure" actually stop a spam / evil registration? I suspect the thinking is bogus, in that bad domains or userids usually cause a bounce, not a SMTP protocol error.||[03:56]|
|pharvey||I agree, sounds dodgy||[03:56]|
|gac410||So the pain that new sites suffer when email doesn't work I think is all bogus thinking.
I'm going to "fix" Item652, Item710 and Item1296 - all complaints about the email fail leaving partial registrations.
|FoswikiBot||http://foswiki.org/Tasks/Item652 [ Item652: Register can fail midway and leave the registration half done making re-registration impossible. ] http://foswiki.org/Tasks/Item710 [ Item710: registration failure due to email created topics but loses the password (deferred to 1.1) ]
..http://foswiki.org/Tasks/Item1296 [ Item1296: Fixing small bug when creating tables ]
|pharvey||can't say I've *ever* considered the mechanism in spam prevention. Spammers are quite sophisticated: they have worked around strikeone, they confirm their confirmation emails, etc.||[03:58]|
|FoswikiBot||http://foswiki.org/Tasks/Item2196 [ Item2196: Email errors not handled well during registration ]||[03:58]|
|gac410||I'll commit onto trunk for now. and see if there is much yelling - if not I'll pull it into 1.1.5||[03:59]|
pharvey getting into WYSIWYG, but most work will probably be tomorrow, busy day today :-)
|GithubBot||[foswiki] foswiki pushed 1 new commit to master: http://git.io/m-_fcQ
[foswiki/master] Item11593: Fix uninitialized variable $bypassGroup - GeorgeClark
|***||GithubBot has left||[04:03]|
|FoswikiBot||http://foswiki.org/Tasks/Item11593 [ Item11593: Uninitialized variable in AntiWikiSpamPlugin ]||[04:03]|
|.... (idle for 15mn)|
|GithubBot||[foswiki] foswiki pushed 1 new commit to master: http://git.io/8ysmzQ
[foswiki/master] Item652: Item710: Item2196: Failed registration - GeorgeClark
|***||GithubBot has left||[04:18]|
|.................. (idle for 1h29mn)|
|gac410 has left||[05:47]|
|.................... (idle for 1h37mn)|
|harlan||Hey, what do I need to configure to get a VirtualHostingContrib going - if I have it installed in fw.dom.ain and I have apache set up to accept foo.org, I'm not seeing where to tell it to map foo.org to FOSWIKI_ROOT/virtualhosts/something||[07:24]|
|pharvey||I've never used VHC :/||[07:33]|
|OK, I've made more progress, and I think I may need to wait for SvenDowideit to show up to ask more questions - right now the virtualhosts-create.sh script is failing because my otherwise new site does not have any content in pub/Main/ to copy over to the new virtual.||[07:47]|
|........... (idle for 52mn)|
|The only subdir I have in pub/ is System, and virtualhost_create.sh wants to copy Main, Sandbox, and Trash from there. Since they don't exist, the script fails.
How to fix?
other than create empty directories in the top-level pub/ dir (which may be the right answer)
|...... (idle for 25mn)|
|harlan finds http://foswiki.org/Tasks/Item9958||[09:05]|
|....... (idle for 34mn)|
|What do folks do these days todeal with the problem of spammers registering themselves on public FW instances and then "polluting" the site?||[09:39]|
|Just in case, if I'm using the VirtualHostContrib plugin, where do I set the RedirectUrl thing for each virtual?
And s/RedirectUrl thing/PermittedRedirectHostUrls/
|pharvey||harlan: I wrote up http://foswiki.org/Support/BestPracticeTip26 to deal with spam registrations on a public site; you can also make it so that only an administrator approves new users, we have that written up somewhere||[09:48]|
|harlan||thanks - I'll check that out!||[09:49]|
|pharvey||it involves changing the confirmation email template so that those confirmation emails are only sent to the foswiki admin email address||[09:50]|
|harlan||I don't see the confirmation email thing listed on that page - am I just tired?||[09:52]|
|pharvey||My so-called 8MBit/sec HSDPA+ mobile connection feels like an 28.8kbps modem||[09:53]|
|harlan||Thanks - should I add a link to that page from PracticeTip26?||[10:03]|
|pharvey||harlan, yes thanks! I'm updating Faq12 to mention BestPracticeTip26
also, I think we need to update Faq12 with "upgrade-safe" instructions: you shouldn't modify existing .tmpl files we ship with Foswiki, they might get overwritten on upgrade; better to * Set SKIN = myregistration, pattern in Main.SitePreferences and create your own myregistration.registerconfirm.tmpl in templates/
|harlan||Agreed. I updated Tip26.
We're looking at sending things like the registration requests to an RT instance to help make sure they are handled.
|pharvey||that sounds cool||[10:08]|
|harlan||I hope so - it's an idea I got from Julian De Marchi, who is helping us out a bit.
I'm looking forward to seeing how the virtualhost thing works out - I know I want some sites with open registration, some closed, some public view, some restricted view.
and I want upgrades to be easy.
|pharvey||indeed. I've learnt that the hard way :)
if you end up customizing registerconfirm using a skin cover, rather than hacking-in-place, please update Faq12 if you can spare the time
|harlan||this may be someothing I try and find somebody other than me to work on, as I'm just way too busy right now.
another thing on my wish list is a way to "share" *some* user registrations across sites, so folks have an easier time updating passwords or emails.
... or email addresses.
I know that sometimes that's a good idea, sometimes not.
|pharvey||I guess it's posisble, if you delegate identity management to some external thing outside of Foswiki||[10:16]|
|harlan||that would be easier. But then there is the home-page issue too.||[10:16]|
|pharvey||If it were me, I'd just make it one big fat list of users, but I only have a few hundred users :)||[10:17]|
|harlan||There are cases where users for site A should not be on site B, for example.
That gets more interesting if one site has "restricted content" or the user list is "private".
|pharvey||Don't forget, the WikiUserName can be seperate to their login||[10:19]|
|pharvey||so even if you had one giant .htpaswd with everybody in it, doesn't mean they are visible with a UserTopic or must have privileges just because they are auth'd
I think there's a NewUserPlugin which helps ease environments where you have a login but not necessarily a user topic
to create user topics on demand
|harlan||ah, ok. But in that case we'd have to be careful of FirstLast being in some sites, and if a different person tried to create that registration topic for a different virtual site...
To take a step back, I'm curious if it would be good to have another step in the registration, where the creator does get an email with some sort of validation URL/cookie, and until they "follow" that trail the registration does not progress to the Moderator's queue.
|pharvey||harlan: you can make them register a login-name, rather than a WikiUser name. IIRC NewUserPlugin lets your new users get an automatically assigned WikiUserName
(Though, I've never used it, so I could be completely wrong).
right; we have no moderator queue. Faq12 fakes one by redirecting that confirmation email.
Foswiki really does leave you on your own to create a nice moderation workflow. :/
|harlan||Support.AskAQuestion does not have 1.1.4 as a choice for FW version.
but when I go to the next apge (QuestionAUTIINC0) I can fix it there.
|jayen||pharvey: i'm trying to run the selenium tests on the wysiwyg plugin and i'm getting some errors. can you help?
|pharvey||harlan: I think I fixed it (now is a SEARCH of all foswiki releases)||[11:03]|
|harlan||cool - thanks pharvey !
|pharvey||jayen: the Selenium tests assume a vanilla Foswiki environment... and also that you've configured a username & password, did you do that?
pharvey can't remember if the tests give you an obvious error message
|harlan||The "ask a question" page recommends "subscribing" to the created topic - where does one do this?||[11:06]|
|pharvey||hmm, I think actually we have a script which auto-subscribes you
harlan: but (embarassingly) it could be we lost the subscribe button since we ditched FoswikiSiteSkin
|pharvey||nope, no such script seems to be happening for Support web.
ah, foswiki.org has SubscribePlugin disabled
that's right, we had huge performance problems in Tasks web
And I'm almost surprised that the Notification topic doesn't get screwed up by folks who typo.
|FoswikiBot||http://foswiki.org/Tasks/Item11326 [ Item11326: Tasks web is extremely slow under some conditions ]||[11:12]|
'k, it's after 0300 here - I htink I'll fall asleep. thanks, pharvey
|.............................. (idle for 2h28mn)|
|............. (idle for 1h1mn)|
|Ok, slowly narrowing in on the problem: I have enabled the plugin (NatEdit), but it is not showing up in the list of installed plugins. What have I missed?||[14:43]|
|..... (idle for 23mn)|
|Babar||the list of installed plugins = System/InstalledPlugins?||[15:06]|
|chestnut||@Babar: Exactly, but I just solved that one: It shows up when the NatEdit skin is included.||[15:08]|
|chestnut||Thanks for your help, though!||[15:09]|
|...... (idle for 29mn)|
|............................................. (idle for 3h41mn)|
|GithubBot||[foswiki] foswiki pushed 3 new commits to Release01x01: http://git.io/A4eA0A
[foswiki/Release01x01] Item11591: More validations - GeorgeClark
[foswiki/Release01x01] Item652: Item710: Item2196: Failed registration - GeorgeClark
[foswiki/Release01x01] Item11383: Remove unneeded REVARG - GeorgeClark
|***||GithubBot has left||[19:19]|
|FoswikiBot||http://foswiki.org/Tasks/Item11591 [ Item11591: Don't try to view invalid rev ]
http://foswiki.org/Tasks/Item652 [ Item652: Register can fail midway and leave the registration half done making re-registration impossible. ] http://foswiki.org/Tasks/Item710 [ Item710: registration failure due to email created topics but loses the password (deferred to 1.1) ]
..http://foswiki.org/Tasks/Item2196 [ Item2196: Email errors not handled well during registration ]
http://foswiki.org/Tasks/Item11383 [ Item11383: General documentation task for 1.1.5 release ]
|GithubBot||[foswiki] foswiki pushed 1 new commit to master: http://git.io/X7hmFA
[foswiki/master] Item11383: Remove unneeded REVARG - GeorgeClark
|***||GithubBot has left||[19:20]|
|Babar||gac410: impasse? Speaking French now are we?||[19:23]|
|Babar||(I know it's also valid in English, but people usually tend to call it more a dead end then an impasse :))||[19:23]|
|gac410||I knew as soon as I gave up, I'd figure it out :D||[19:23]|
|Babar||yeah, it's often the cas
when you hit "Send" and just made a fool of yourself, you get the facepalm moment.
oh, and did you figure out the logrotate bug?
Babar has to work on logrorate at work on monday, so... maybe I could give it a go too
|Babar||but last time I checked, it looksed pretty ok||[19:28]|
|gac410||It was error handling. Rotate would stop if a record had an invalid timestamp. (An embedded newline would cause that on the "next" record)
debug and error however would never rotate as lots of the records are multiline - anyway all better now. Tested on trunk.foswiki.org
To trigger a rotate, "touch" the log file with a "-t" from the previous month.
Thats a lot easier than waiting another 30 days :D
|NelsonC||Hello everyone. Is it possible to have sections within a single page that only certain groups have read access to? For example, if I have a page for a person, Bob, can there be "public" information that everyone can see and edit and also a part of that page that only Bob (and admins) can see and edit?||[19:32]|
|gac410||The only way I know of is to %INCLUDE% the section from a topic that is view restricted.
Otherwise too many ways around it - raw view wouldn't hide anything.
|NelsonC||Ah that makes sense. Thanks||[19:34]|
|.................................................. (idle for 4h5mn)|
|***||HaraldJoerg has left||[23:39]|
|↑back Search ←Prev date Next date→ Show only urls||(Click on time to select a line by its url)|