You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@cocoon.apache.org by Steven Noels <st...@outerthought.org> on 2003/03/14 14:46:51 UTC
[heads-up] wiki abuse: your advice please
Folks,
while briefly checking the Wiki, I was confronted with some apparent
abuse: people uploading attachments which don't have much to do with
Cocoon (possibly just making benefit of the bandwidth we are
sponsoring), people playing around on certain non-Sandbox pages, even to
the extreme of erasing the Main page, and various other not-so-funny
things. I'm very happy to see some people go in and correct, and the new
'restore latest version' feature of JSPWiki sure helps with this.
Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
IP addresses, and was wondering whether (and how) I should block them. I
know this sounds pretty harsh, and that's why I'm polling you guys to
see what you would think would be a fair policy.
I know, thanks to the Power Of Wiki, everybody can come in and make the
Wiki a self-healing thing, but still I'm worried that someone will come
and add image links to some nasty p0rn images, and that this will scare
off our regular community.
Your thoughts, please: what kind of policy would you come up with, or
are willing to live up to?
Thanks,
</Steven>
--
Steven Noels http://outerthought.org/
Outerthought - Open Source, Java & XML Competence Support Center
Read my weblog at http://blogs.cocoondev.org/stevenn/
stevenn at outerthought.org stevenn at apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Andrew Savory <an...@luminas.co.uk>.
On Fri, 14 Mar 2003, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse
>
> Your thoughts, please: what kind of policy would you come up with, or
> are willing to live up to?
Maybe raise the bar slightly so it's less easy to make initial edits - add
username/password auth and make people register before using it? I know
it's not the wiki way, but I'm sure honest contributors won't mind.
While we're discussing it: it would be handy if you could have a "download
this wiki" button, so I could read it offline (while on the road etc).
Dunno if that's possible with JSPWiki?
Reply-to trimmed to cocoon-docs.
Andrew.
--
Andrew Savory Email: andrew@luminas.co.uk
Managing Director Tel: +44 (0)870 741 6658
Luminas Internet Applications Fax: +44 (0)700 598 1135
This is not an official statement or order. Web: www.luminas.co.uk
Re: [heads-up] wiki abuse: your advice please
Posted by Andrew Savory <an...@luminas.co.uk>.
On Fri, 14 Mar 2003, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse
>
> Your thoughts, please: what kind of policy would you come up with, or
> are willing to live up to?
Maybe raise the bar slightly so it's less easy to make initial edits - add
username/password auth and make people register before using it? I know
it's not the wiki way, but I'm sure honest contributors won't mind.
While we're discussing it: it would be handy if you could have a "download
this wiki" button, so I could read it offline (while on the road etc).
Dunno if that's possible with JSPWiki?
Reply-to trimmed to cocoon-docs.
Andrew.
--
Andrew Savory Email: andrew@luminas.co.uk
Managing Director Tel: +44 (0)870 741 6658
Luminas Internet Applications Fax: +44 (0)700 598 1135
This is not an official statement or order. Web: www.luminas.co.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Hussayn Dabbous <da...@saxess.com>.
Hy, Steve;
Would it be technically possible to allow Wiki-modifications
only to people who are registered in the cocoon-doc mailing list?
This would force any potential intruder to first register and
doing this he must leave his anonyous state.
As sideeffect the Wikiname could be set to the email of the author,
if he has no Wikiname yet...
regards, hussayn
Steven Noels wrote:
> Folks,
>
> while briefly checking the Wiki, I was confronted with some apparent
> abuse: people uploading attachments which don't have much to do with
> Cocoon (possibly just making benefit of the bandwidth we are
> sponsoring), people playing around on certain non-Sandbox pages, even to
> the extreme of erasing the Main page, and various other not-so-funny
> things. I'm very happy to see some people go in and correct, and the new
> 'restore latest version' feature of JSPWiki sure helps with this.
>
> Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
> IP addresses, and was wondering whether (and how) I should block them. I
> know this sounds pretty harsh, and that's why I'm polling you guys to
> see what you would think would be a fair policy.
>
> I know, thanks to the Power Of Wiki, everybody can come in and make the
> Wiki a self-healing thing, but still I'm worried that someone will come
> and add image links to some nasty p0rn images, and that this will scare
> off our regular community.
>
> Your thoughts, please: what kind of policy would you come up with, or
> are willing to live up to?
>
> Thanks,
>
> </Steven>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Andrew Savory <an...@luminas.co.uk>.
On Fri, 14 Mar 2003, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse
>
> Your thoughts, please: what kind of policy would you come up with, or
> are willing to live up to?
Maybe raise the bar slightly so it's less easy to make initial edits - add
username/password auth and make people register before using it? I know
it's not the wiki way, but I'm sure honest contributors won't mind.
While we're discussing it: it would be handy if you could have a "download
this wiki" button, so I could read it offline (while on the road etc).
Dunno if that's possible with JSPWiki?
Reply-to trimmed to cocoon-docs.
Andrew.
--
Andrew Savory Email: andrew@luminas.co.uk
Managing Director Tel: +44 (0)870 741 6658
Luminas Internet Applications Fax: +44 (0)700 598 1135
This is not an official statement or order. Web: www.luminas.co.uk
Re: [heads-up] wiki abuse: your advice please
Posted by Steven Noels <st...@outerthought.org>.
SAXESS - Hussayn Dabbous wrote:
> what about simply reusing the userlist from the cocoon-dev, cocoon-user,
> cocoon-doc mailing lists and allow write access only to these
> registered users ?
We don't have access to the list of registered email addresses on
cocoon-* lists, and I doubt that will happen any time soon - there's
some privacy issues involved with that, too.
Pier, do you have any opinion about this?
I'm thinking along the lines of adding some container-based
authentication around Edit.jsp, and some smallish webapp so that people
can register an email address (= user name) / password. Does anyone has
something like that laying around? Use cases:
* enter email address -> generated pwd gets send to you
-> address & pwd are stored in db
* you can log into that app
-> change pwd
-> drop your registration data
* that same database is used for container-based authentication around
Edit.jsp
What do you guys think?
</Steven>
--
Steven Noels http://outerthought.org/
Outerthought - Open Source, Java & XML Competence Support Center
Read my weblog at http://blogs.cocoondev.org/stevenn/
stevenn at outerthought.org stevenn at apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: use gmane.org instead of subscribing to the cocoon-lists ???
Posted by SAXESS - Hussayn Dabbous <da...@saxess.com>.
Hy, Martin;
It worked;
Thank you very much for this really usefull
hint ;-)
regards, hussayn
SAXESS - Hussayn Dabbous wrote:
> Hy, Martin;
>
> Thank you for this tip. I will give it an instant
> try. It's a funny coincidence, that we talked about
> newsgroups instead of mailing-lists some days ago...
>
> regards, hussayn
>
> Martin Holz wrote:
>
>> Hello,
>>
>> SAXESS - Hussayn Dabbous <da...@saxess.com> writes:
>>
>>
>>> Hy, all;
>>>
>>> * Is it possible to post mails to the cocoon-lists without
>>> subscribing to them ?
>>>
>>> * Is it possible to subscribe to the cocoon-lists without
>>> actually receiving emails from them ?
>>
>>
>>
>> Don't know, if this is possible if you are directly communicate
>> with the list, but it is possible, if you go through gmane.org.
>>
>> Make news.gmane.org your (secondary) news server and subscribe to
>> gmane.text.xml.cocoon.user. Now you can
>> read and post to this list using the standard news
>> methods. If you post to a list for the first time,
>> you will have to answer a authorization mail.
>> There are some more filters against spamming the
>> mailing lists, but they don't get in the way of normal postings.
>> Martin
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
>> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: use gmane.org instead of subscribing to the cocoon-lists ???
Posted by SAXESS - Hussayn Dabbous <da...@saxess.com>.
Hy, Martin;
Thank you for this tip. I will give it an instant
try. It's a funny coincidence, that we talked about
newsgroups instead of mailing-lists some days ago...
regards, hussayn
Martin Holz wrote:
> Hello,
>
> SAXESS - Hussayn Dabbous <da...@saxess.com> writes:
>
>
>>Hy, all;
>>
>>* Is it possible to post mails to the cocoon-lists without
>> subscribing to them ?
>>
>>* Is it possible to subscribe to the cocoon-lists without
>> actually receiving emails from them ?
>
>
> Don't know, if this is possible if you are directly communicate
> with the list, but it is possible, if you go through gmane.org.
>
> Make news.gmane.org your (secondary) news server and
> subscribe to gmane.text.xml.cocoon.user. Now you can
> read and post to this list using the standard news
> methods. If you post to a list for the first time,
> you will have to answer a authorization mail.
> There are some more filters against spamming the
> mailing lists, but they don't get in the way of normal
> postings.
>
> Martin
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
--
Dr. Hussayn Dabbous
SAXESS Software Design GmbH
Neuenhöfer Allee 125
50935 Köln
Telefon: +49-221-56011-0
Fax: +49-221-56011-20
E-Mail: dabbous@saxess.com
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: use gmane.org instead of subscribing to the cocoon-lists ???
Posted by Martin Holz <ho...@fiz-chemie.de>.
Hello,
SAXESS - Hussayn Dabbous <da...@saxess.com> writes:
> Hy, all;
>
> * Is it possible to post mails to the cocoon-lists without
> subscribing to them ?
>
> * Is it possible to subscribe to the cocoon-lists without
> actually receiving emails from them ?
Don't know, if this is possible if you are directly communicate
with the list, but it is possible, if you go through gmane.org.
Make news.gmane.org your (secondary) news server and
subscribe to gmane.text.xml.cocoon.user. Now you can
read and post to this list using the standard news
methods. If you post to a list for the first time,
you will have to answer a authorization mail.
There are some more filters against spamming the
mailing lists, but they don't get in the way of normal
postings.
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
use gmane.org instead of subscribing to the cocoon-lists ???
Posted by SAXESS - Hussayn Dabbous <da...@saxess.com>.
Hy, all;
* Is it possible to post mails to the cocoon-lists without
subscribing to them ?
* Is it possible to subscribe to the cocoon-lists without
actually receiving emails from them ?
If one of the questions above can be answered with "yes"
then it is possible to use www.gmane.org as nice newsgroup
frontend to the cocoon mailing lists. That would mean
no more traffic generated by the list mailings on my
mailbox ...
I would instantly switch to newsgroups if this where
possible without loosing the right to post messages ...
anybody can give me a hint ?
regards, hussayn
Martin Holz wrote:
>
> I unsubscribed cocoon-dev and cocoon-user a few weeks ago, when
> I discovered gmane.org.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
--
Dr. Hussayn Dabbous
SAXESS Software Design GmbH
Neuenhöfer Allee 125
50935 Köln
Telefon: +49-221-56011-0
Fax: +49-221-56011-20
E-Mail: dabbous@saxess.com
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Martin Holz <ho...@fiz-chemie.de>.
SAXESS - Hussayn Dabbous <da...@saxess.com> writes:
> what about simply reusing the userlist from the cocoon-dev,
> cocoon-user, cocoon-doc mailing lists and allow write access only to
> these
>
> registered users ?
>
> That should make life easy...
> I think, authors, who are NOT members of one of the mailinglists,
> cant be serious authors, because there is no feedback chain ...
I unsubscribed cocoon-dev and cocoon-user a few weeks ago, when
I discovered gmane.org.
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Niclas Hedhman <ni...@internuscorp.com>.
On Saturday 15 March 2003 16:48, SAXESS - Hussayn Dabbous wrote:
> what about simply reusing the userlist from the cocoon-dev, cocoon-user,
> cocoon-doc mailing lists and allow write access only to these
> registered users ?
>
> That should make life easy...
> I think, authors, who are NOT members of one of the mailinglists,
> cant be serious authors, because there is no feedback chain ...
>
> as a small benefit we even could associate the emailadress to all
> the wikiauthors, who have NO wiki name ;-)
Small problem, you don't have any credentials associated with your
subscription. Need to tie in a password with your subscription, or I can
misuse it by pretending to be someone else.
But in principal, I agree.
Niclas
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by SAXESS - Hussayn Dabbous <da...@saxess.com>.
what about simply reusing the userlist from the cocoon-dev, cocoon-user,
cocoon-doc mailing lists and allow write access only to these
registered users ?
That should make life easy...
I think, authors, who are NOT members of one of the mailinglists,
cant be serious authors, because there is no feedback chain ...
as a small benefit we even could associate the emailadress to all
the wikiauthors, who have NO wiki name ;-)
regards, hussayn
Niclas Hedhman wrote:
> On Friday 14 March 2003 21:46, Steven Noels wrote:
>
>>Your thoughts, please: what kind of policy would you come up with, or
>>are willing to live up to?
>
>
> IP address blocking is no good. A lot of people have dynamic IPs (either by
> dial-up or ADSL).
>
> I favour a simple self-registration, with email address as user name (so that
> the community can bombard the intruder with hate mail - just kidding).
>
> Niclas
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
--
Dr. Hussayn Dabbous
SAXESS Software Design GmbH
Neuenhöfer Allee 125
50935 Köln
Telefon: +49-221-56011-0
Fax: +49-221-56011-20
E-Mail: dabbous@saxess.com
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Scherler <th...@wyona.org>.
Niclas Hedhman wrote:
>I favour a simple self-registration, with email address as user name (so that
>the community can bombard the intruder with hate mail - just kidding).
>
>
Having a valid wiki name is not enough! I think we have to enter a
password as well!
...but this would be against wiki design principles [1]:
*Open* - Should a page be found to be incomplete or poorly organized,
any reader can edit it as they see fit.
The suggestion of Hussayn is a nice thought: if you subscribed to the
mailing list (dev|user|cvs) then you can write - otherwise you have to
subscribe to the list.
[#1]http://c2.com/cgi/wiki?WikiDesignPrinciples
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Niclas Hedhman <ni...@internuscorp.com>.
On Friday 14 March 2003 21:46, Steven Noels wrote:
> Your thoughts, please: what kind of policy would you come up with, or
> are willing to live up to?
IP address blocking is no good. A lot of people have dynamic IPs (either by
dial-up or ADSL).
I favour a simple self-registration, with email address as user name (so that
the community can bombard the intruder with hate mail - just kidding).
Niclas
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org
Re: [heads-up] wiki abuse: your advice please
Posted by Niclas Hedhman <ni...@internuscorp.com>.
On Saturday 15 March 2003 18:29, Matt Sergeant wrote:
> On Friday, Mar 14, 2003, at 13:46 Europe/London, Steven Noels wrote:
> > while briefly checking the Wiki, I was confronted with some apparent
> > abuse: people uploading attachments which don't have much to do with
> > Cocoon (possibly just making benefit of the bandwidth we are
> > sponsoring), people playing around on certain non-Sandbox pages, even
> > to the extreme of erasing the Main page, and various other
> > not-so-funny things. I'm very happy to see some people go in and
> > correct, and the new 'restore latest version' feature of JSPWiki sure
> > helps with this.
> >
> > Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
> > IP addresses, and was wondering whether (and how) I should block them.
> > I know this sounds pretty harsh, and that's why I'm polling you guys
> > to see what you would think would be a fair policy.
>
> FYI, when people do this on the Apache AxKit Wiki, I block their IP at
> our firewall. Harsh, but fair. And no complaints so far.
If I have malicious intent, I just dial-up an ISP and go ahead with it. Your
remedy is not effective.
I have proposed a simple login instead... Just make you accountable is a great
deterent.
RE: [heads-up] wiki abuse: your advice please
Posted by Reinhard Pötz <re...@gmx.net>.
> From: Matt Sergeant [mailto:matt@sergeant.org]
> On Friday, Mar 14, 2003, at 13:46 Europe/London, Steven Noels wrote:
>
> > while briefly checking the Wiki, I was confronted with some apparent
> > abuse: people uploading attachments which don't have much
> to do with
> > Cocoon (possibly just making benefit of the bandwidth we are
> > sponsoring), people playing around on certain non-Sandbox
> pages, even
> > to the extreme of erasing the Main page, and various other
> > not-so-funny things. I'm very happy to see some people go in and
> > correct, and the new 'restore latest version' feature of
> JSPWiki sure
> > helps with this.
> >
> > Nevertheless, I'm annoyed a bit by the lack of adult
> behaviour by some
> > IP addresses, and was wondering whether (and how) I should
> block them.
> > I know this sounds pretty harsh, and that's why I'm polling
> you guys
> > to see what you would think would be a fair policy.
>
> FYI, when people do this on the Apache AxKit Wiki, I block
> their IP at
> our firewall. Harsh, but fair. And no complaints so far.
>
This only helps to some point because (at least in Europe) many people
use dial-in connections with changing IP adresses. A second problem
arises with "enforced" proxies. My cable provider installed a proxy and
I have to use it for all HTTP connections whether I like it or not.
Just some thoughts ...
Reinhard
Re: [heads-up] wiki abuse: your advice please
Posted by Matt Sergeant <ma...@sergeant.org>.
On Friday, Mar 14, 2003, at 13:46 Europe/London, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse: people uploading attachments which don't have much to do with
> Cocoon (possibly just making benefit of the bandwidth we are
> sponsoring), people playing around on certain non-Sandbox pages, even
> to the extreme of erasing the Main page, and various other
> not-so-funny things. I'm very happy to see some people go in and
> correct, and the new 'restore latest version' feature of JSPWiki sure
> helps with this.
>
> Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
> IP addresses, and was wondering whether (and how) I should block them.
> I know this sounds pretty harsh, and that's why I'm polling you guys
> to see what you would think would be a fair policy.
FYI, when people do this on the Apache AxKit Wiki, I block their IP at
our firewall. Harsh, but fair. And no complaints so far.
Matt.
Re: [heads-up] wiki abuse: your advice please
Posted by Matt Sergeant <ma...@sergeant.org>.
On Friday, Mar 14, 2003, at 13:46 Europe/London, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse: people uploading attachments which don't have much to do with
> Cocoon (possibly just making benefit of the bandwidth we are
> sponsoring), people playing around on certain non-Sandbox pages, even
> to the extreme of erasing the Main page, and various other
> not-so-funny things. I'm very happy to see some people go in and
> correct, and the new 'restore latest version' feature of JSPWiki sure
> helps with this.
>
> Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
> IP addresses, and was wondering whether (and how) I should block them.
> I know this sounds pretty harsh, and that's why I'm polling you guys
> to see what you would think would be a fair policy.
FYI, when people do this on the Apache AxKit Wiki, I block their IP at
our firewall. Harsh, but fair. And no complaints so far.
Matt.
Re: [heads-up] wiki abuse: your advice please
Posted by Matt Sergeant <ma...@sergeant.org>.
On Friday, Mar 14, 2003, at 13:46 Europe/London, Steven Noels wrote:
> while briefly checking the Wiki, I was confronted with some apparent
> abuse: people uploading attachments which don't have much to do with
> Cocoon (possibly just making benefit of the bandwidth we are
> sponsoring), people playing around on certain non-Sandbox pages, even
> to the extreme of erasing the Main page, and various other
> not-so-funny things. I'm very happy to see some people go in and
> correct, and the new 'restore latest version' feature of JSPWiki sure
> helps with this.
>
> Nevertheless, I'm annoyed a bit by the lack of adult behaviour by some
> IP addresses, and was wondering whether (and how) I should block them.
> I know this sounds pretty harsh, and that's why I'm polling you guys
> to see what you would think would be a fair policy.
FYI, when people do this on the Apache AxKit Wiki, I block their IP at
our firewall. Harsh, but fair. And no complaints so far.
Matt.
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org