[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Monday 27 June 2005 8:58 am, Ben Goodger wrote: > Not the DCLUG wiki, please: I can't stand its design, 1. If you have a stylesheet that improves the design, let me know and I'll consider it. Don't just moan, be constructive and provide something you feel is better. All stylesheets must be 100% browser-neutral. 2. My personal bias, as a developer of libraries and middleware, is function over appearance. If something in the site is broken, I'll fix it. If some people just don't like the appearance, I'll need some persuasion. If someone thinks a part of the site is broken when there are actually good reasons why it has been implemented in that way, it will stay as it is until someone comes up with even better reasons for a change. > it won't let me > change my password from something like XFKLJ39857, 3. The real password you were allocated contains lower case as well as capitals and numerals - it is a demonstration of what a good passphrase should be. Naturally, I could have it include non-alphanumerics but that was unnecessary, IMHO. I could also have only allowed login via an SSH key but that too was overkill. :-) 4. The site was originally hosted on a machine where security was an important concern and is now hosted on my server that I share with Simon. i.e. security isn't exactly low on the agenda. I have every reason to suspect that users would choose insecure passwords if they were allowed to change them and I have every reason to believe that most (nay all?) WWW browsers have some form of password saving capability that can at least tie a username to a specific machine, if not a specific user. This, I believe, is adequate but I would resist any lowering of the current barriers. > and it's not > accessible by outsiders. 5. It was available to everyone until very recently. I posted to the list and included the explanation in the Wiki itself. http://www.dcglug.org.uk/wiki/?id=WikiHowto Basically, any open wiki will be spammed to death. Ours was being overrun by massive automated edits that increased the size of some pages 2000%. At one point, 25% of all pages were being obliterated with links to spam and malware sites on a weekly basis. Open wikis simply don't work and I don't have the time to roll back 20 pages a day, every single day. It takes less than a second to spam an entire open wiki but it can take the best part of an hour to roll-back every affected page. At one point, the wiki was being attacked more than once each day. That was enough for me and I instantly closed it down and implemented the current system over the course of the rest of that day. If you have 12hrs every day to repeatedly roll back spammed pages that are re-spammed on an hourly basis, you are welcome to run an open wiki yourself. Keep running it long enough and it'll be spammed to oblivion. I ran a v.v.v.v.quiet message board on another site - it received 3 to 4 genuine posts PER YEAR - but I recently closed that because it was also being spammed daily - sometimes 150 messages per attack!. Obscurity is no protection, to prevent spam the webmaster MUST be pro-active. You either use authentication or close it down, simple. The open approach is abused by the minority and the majority suffer. That's life. It stinks but there is no escape. The list remains open to all - ask Alex how much ongoing work is involved in that. > T'would be better for stuff like this to be > posted on the relevant websites - mozilla support in this instance. I disagree, this list is perfectly adequate. Google indexes the archive very regularly and when I search Google for my own queries, 95% of the top 50 hits are mailing list archives. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpv0pJ3QfKT9.pgp
Description: PGP signature