[Imc-web] Re: [IMC-Tech] Adding Tags to Articles

Mike Lehman rebelmike at earthlink.net
Mon Jun 11 14:20:50 CDT 2007 

Barry,
Thanks for your thoughts. The problem has been fixed. In general, I 
think we just need to communicate things before we do them (or at least 
afterwards). The lack of trust engendered by on ex-editor has set things 
on edge a bit, so it is especially important that we're all on the same 
page on issues that affect the website.
Mike Lehman

Barry Isralewitz wrote:
> Hello,
>
> On Jun 10, 2007, at 5:38 PM, Mike Lehman wrote:
>
>> Thanks for confirming that it wasn't you, David.
>>
>> We need to have whoever did this take responsibility for it.
>>
>> Then we need to have any such changes to the website approved by 
>> consensus on list here, at a minimum.
>>
>> Otherwise, we have a significant security problem that we need to get 
>> to the bottom of ASAP. This is very inappropriate and if we need to 
>> start over with a complete review of who has site and server 
>> permissions to get to the bottom of it, then that's what we'll need 
>> to do. It would be good to get this resolved, otherwise we're going 
>> to need to have all the Tech people to the next Steering meeting to 
>> make sure that we're all on the same page -- or simply turn things 
>> off until we get that consensus established.
>> Otherwise, we have a significant security problem that we need to get 
>> to the bottom of ASAP. This is very inappropriate and if we need to 
>> start over with a complete review of who has site and server 
>> permissions to get to the bottom of it, then that's what we'll need 
>> to do. It would be good to get this resolved, otherwise we're going 
>> to need to have all the Tech people to the next Steering meeting to 
>> make sure that we're all on the same page -- or simply turn things 
>> off until we get that consensus established.
>
>
>
> Don't know a thing about how you guys are doing web admin, but do I 
> understand correctly that: It is somehow not immediately clear to your 
> web administrators which human made changes to your web site?  If so:
>
>   There seem to be  lots of approaches to engineering in  
> accountability here, starting with a rule that users in the web admin 
> group must always make changes with an account accessible only to 
> them.  Then, anyone who makes changes by  su-ing to a more anonymous, 
> non-single-human admin account (www??) is taking a non-accidental  -- 
> even semi-hostile -- action; and a pointless one, since the su logs 
> will associate these changes with a specific-human's account anyway.
>     For more serious control, is there a reason you can't take the 
> Subversion revision control approach?
> I'm about to start multiple-user web admin on thebikeproject.org.  I 
> was looking into using
> Subversion with some added Perl modules (SVN::Notify::Mirror) which 
> enable a simple post-commit script which can do this simple, useful 
> trick: transfer  changes -- tested on a  non-public test site --  to a 
> public-version production web site, _automatically_ when the 
> web-admin-user commits the changes. Sounds convenient and easy to work 
> with.
> Such an  approach of course contains full logs and versioning, and 
> per-line accountability (via the "svn annotate" command, a.k.a., "svn 
> blame").   "Who changed file X?"  is never a question.
>
> Apologies if I'm missing something here (e.g. maybe Drupal + whatever 
> else you use can't be administered with versionable flat files or 
> something).  Just responding to what sounded like a weird question, 
> not making any conclusions about your admin procedures...since I don't 
> know what they are.
>
> Cheers,
>
> Bary
>
>>
>> Otherwise, we have a significant security problem that we need to get 
>> to the bottom of ASAP. This is very inappropriate and if we need to 
>> start over with a complete review of who has site and server 
>> permissions to get to the bottom of it, then that's what we'll need 
>> to do. It would be good to get this resolved, otherwise we're going 
>> to need to have all the Tech people to the next Steering meeting to 
>> make sure that we're all on the same page -- or simply turn things 
>> off until we get that consensus established.
>>
>> Ever since wayward's (perhaps witting, perhaps unwitting) compromise 
>> of the website's privacy, I know of a number of registered users who 
>> won't use their accounts and prefer to remain anonymous, because her 
>> actions/inactions, whether intentional or not, have compromised what 
>> our users have come to expect. This is yet another incident that's 
>> suggestive of less than fully ethical or competent web administration 
>> on our part and we need to get this sorted out and the bad actors 
>> locked out before it does further damage.
>> Mike Lehman
>>
>> David Gehrig wrote:
>>> Mike, don't know who put them up, but it's not me.
>>>
>>> We've already had a problem with someone deciding to hang
>>> something on UCIMC that exposed IP addresses to the public.
>>> We should discuss this on Wednesday. My view is that IP
>>> addresses shouldn't be exposed outside the site, and they
>>> should only be exposed to the Web folks to the minimum
>>> degree possible to fight spammers.
>>>
>>> The trade-off, of course, is that we don't want to
>>> ghetto-ize ourselves either by locking ourselves out of
>>> major services.
>>>
>>> Either way, I've changed a setting to turn off the
>>> google link and not to display the logos.
>>>
>>> On 6/10/07, Mike Lehman <rebelmike at earthlink.net 
>>> <mailto:rebelmike at earthlink.net>> wrote:
>>>> Doing a little research, I came across these links:
>>>> http://digg.com/privacy
>>>> http://www.bit-tech.net/columns/2006/06/03/web_2_privacy/1
>>>>
>>>> del-icio.us is associated with Yahoo, which has long been infamous for
>>>> its exploitation of user data through web beacons:
>>>> http://del.icio.us/help/privacy
>>>>
>>>> technorati
>>>> http://technorati.com/about/privacy.html
>>>>
>>>> The Google thing seems associated with the Google blog mechanism. 
>>>> Google
>>>> has some big issues with privacy, too, and providing a direct link from
>>>> an IMC seems problematic.
>>>>
>>>> Interesting comments on the issue as a whole:
>>>> http://www.readwriteweb.com/archives/openyou_the_limits_of_privacy.php
>>>>
>>>> All in all, this makes the IMC site seem to look like a blog, even
>>>> though we've got consensus that IMC is NOT a blog. Having these tags on
>>>> the site will tend to encourage blog-type behavior, something which
>>>> we've been struggling with  lately, even though we've explicitly
>>>> rejected blogging as part of the main news site.
>>>>
>>>> Note that I do not object to setting up a separate UC IMC blog, if some
>>>> members feel we need it. But I think that making the IMC news page look
>>>> like a blog is a mistake.
>>>> Mike Lehman
>>>>
>>>> Mike Lehman wrote:
>>>> > I see that we suddenly have a variety of Google, Digg, 
>>>> Technorati, etc
>>>> > tags added to articles on the website. I have a several concerns 
>>>> about
>>>> > these.
>>>> >
>>>> > 1. They all seem to require user registration and this will 
>>>> presumably
>>>> > compromise the privacy of those who use them on our site.
>>>> >
>>>> > 2.Having them on IMC makes us a party to their marketing efforts. 
>>>> This
>>>> > seems to be a questionable policy for an IMC to engage in.
>>>> >
>>>> > 3. Does the software involved in these report or log IPs in any
>>>> > fashion? I presume they do, given Google record on this.
>>>> >
>>>> > Since most internet users can presumably use the regular Google
>>>> > search, I question the need for these additions, particularly so if
>>>> > they raise privacy concerns as they seem to.
>>>> > Mike Lehman
>>>> > _______________________________________________
>>>> > IMC-Tech mailing list
>>>> > IMC-Tech at lists.ucimc.org <mailto:IMC-Tech at lists.ucimc.org>
>>>> > http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>>>> >
>>>>
>>>> _______________________________________________
>>>> IMC-Tech mailing list
>>>> IMC-Tech at lists.ucimc.org <mailto:IMC-Tech at lists.ucimc.org>
>>>> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>>>>
>>> _______________________________________________
>>> IMC-Tech mailing list
>>> IMC-Tech at lists.ucimc.org <mailto:IMC-Tech at lists.ucimc.org>
>>> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>>>
>>
>> _______________________________________________
>> IMC-Tech mailing list
>> IMC-Tech at lists.ucimc.org <mailto:IMC-Tech at lists.ucimc.org>
>> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>
> -- 
> Barry Isralewitz   Theoretical and Computational Biophysics Group, UIUC 
> Beckman 3043   Office Phone: (217) 244-1612  Home Phone: (217) 337-6364
> email: barryi at ks.uiuc.edu      http://www.ks.uiuc.edu/~barryi 
> <http://www.ks.uiuc.edu/%7Ebarryi>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>

More information about the IMC-Web mailing list