ryanlee's blog

I've added a new commenting policy to combat our OpenID-based spammers. It's a whitelist based on FOAF. There will be more about it in this space as development moves forward, so stay tuned if you'd like to know how to be placed on the whitelist.

As for specifics, the whitelist implementation is a Drupal module that reads a list of OpenIDs from an externally generated set every hour. The user's OpenID is checked against the whitelist at login time, and matches are allowed to proceed with account creation, commenting, etc.

Potential improvements:

• a UI for settings
  
• better database transaction flow, particularly for error handling
• viewable whitelist

Feel free to contact me if you're interested in the module portion of this equation for use with your own openid.module (again, it does none of the whitelist generation).

I've upgraded the Drupal installation so we can use the OpenID module. A few things learned in the process:

• The Drupal upgrade path requires incremental steps; to go from one minor version to another two numbers way means upgrading through every intermediate minor version until reaching the target. Earlier versions fail to be useful in 'knowing' which data model version the system is at, so an upgrade meant importing / guessing / dropping and repeating the cycle until I hit on the right one, which in itself was not an easy state to assess.
• The module administration page loads every module, which can cause memory issues resulting in a blank page. Removing unnecessary, unused modules helps.
• The JanRain OpenID 1.2.0 pear installation fails to install itself properly, requiring the moving of directories post-install.
• The OpenID module does not respect settings on account creation. I wrote some code to fix this.

But we're now at the latest Drupal version; and more on OpenID later.

Addendum: And apparently I needed to enable the legacy module. Thanks to those who pointed out the symptoms. 'I' in this case is solely Ryan, not Tim, Dan, or anybody else; send any of your issues with the upgrade my way.

Due to an overwhelming signal-noise ratio in the wrong direction, I've disabled all anonymous commenting. We've tried to use spam auto-classification, but the volume is so large and diverse that eventually everything looks like it might be spam, and it's back to square one.

Thanks for your direct participation and input; from now on, we'll be looking for alternatives to continuing these conversations across the web.

• Had to change the login system very slightly (from 'name' to 'username') to avoid conflict with anonymous comment XHTML id attributes
• Had to change input format to 'filtered html' as default so commenting doesn't come in without cleaning (invalid XHTML was arriving)
• Turned off XHTML id attributes on tip list items, seemed gratuitous
• Wrapped comments form for validation

I have a sneaking suspicion that Tim's first post is going to have a number of unpredictable effects, which of course won't stop me from trying to predict some worst case scenarios.

First, is our machine ready to handle the load of a bunch of blogs and technorati and Slashdot and digg and everybody else linking to him all at once? I don't think I'm underestimating the power of Sir Tim's name to attract attention amongst the tech savvy nor their power to cause a massive cascading effect that could just knock us straight off the web at its peak(s).

Are we ready for malicious attacks on our net space?

Are we prepared for any bandwidth issues? I imagine most people are going to want to subscribe to at least Tim's RSS feed, if not the DIG feed.

After experimenting with em and Danny on cross posting here, it seems one consequence of a poorly written Blogger API client in Drupal is the creation of stray nodes. I'm not sure how to track random pages that have no other context. Let me know, I guess, and I'll hunt them down from the admin logs and remove them.

The DIG URL has changed to dig.csail.mit.edu and will no longer redirect to its previous location.

The files composing Breadcrumbs have been added to the CSAIL AFS Subversion repository, in /2006/01/breadcrumbs, with a branches / tags/ trunk scheme. The content being served can be found at file:///usr/local/digblog. Please login and run sudo svn update on that working copy if you want to see your changes published.

The file:///usr/share/drupal copy is for catching Debian updates to Drupal.

The original entry, now completely out of date:

The files composing Breadcrumbs have been added to a Subversion repository, file:///usr/local/repo/drupaldig/. The content being served can be found at file:///usr/share/drupal/. Please keep the canonical working copy up to date if you make any changes. You may want to refrain from checking out a remote copy, Subversion does not deal well with remote work in modes other than HTTP, which we have not made available on the host machine (which I have avoided naming directly).

I published the WordPress plugin, blogger-api-client, over at the WordPress Plugin Repository. See the trunk for the latest version of the code.

The plugin re-posts select WordPress entries to any service that implements the Blogger API.

Some of my notes on experiences at ISWC2005 in Galway, Ireland.

SIMILE was associated with part of the End User Semantic Web Interaction Workshop by way of Fresnel and with David Huynh's paper talk on Piggy Bank. As Eric had responsilibities as metadata chair for the conference, we were also behind the scenes running a conference-enhanced version of Semantic Bank. Having widespread exposure across a workshop, a highly anticipated paper talk, and particularly plenary sessions increased the visibility of our work and our persons; people were telling me how great Piggy Bank was, and I wasn't sure how they knew I was part of SIMILE.

We ran a contest to further promote the conference bank. The contest was a bit of a last minute plan and, in any future scenarios similar to a raffle, we should probably put in more advance planning for determining rules and winners.

The top two issues I heard at ISWC concerning our work were 1) whether or not the conference bank was queryable (yes, but not really - you would need to reverse engineer David's querying system to get to the subset of RDF you wanted, and it's grounded in faceted browsing, not the more free-form SPARQL) and 2) how hard it was to get Piggy Bank running. I watched a number of people struggle through the process who likely would have given up without some guidance from me. Probably the greatest benefit would come from cutting the Google Maps step out of the initialization wizard and/or fixing it so the link to acquiring a key is not modal.

There was further confusion on how to properly tag things in the bank (part of the contest rules), and it became clear that, in certain environments, Piggy Bank cost more than it was worth, even with an iPod Nano at stake. The hurdle to tag one paper seemed to be quite high.

We have much food for thought for the next round of enhancements.

Extra: an extremely small selection of some of my photos on Flickr from Galway and all Flickr photos tagged iswc2005.