Advogato is here to stay

Posted 1 Oct 2006 at 03:01 UTC by advogato Share This

I'd like to give Steven Rainwater a big thank you for agreeing to take over the day to day operations of this site. He's also most likely to be much more responsive to requests for new features and enhancements, especially if they're accompanied by patches. With luck and the help of the community, Advogato may well continue for years to come.

I'd also like this to be something of a formal handoff of the trust metric ideas, to whoever would like to run with them. It boggles my mind that this site exists as proof positive that they are effective (especially the newer diary ratings), but the rest of the world doesn't seem to care. Of course, I could have done a lot more to beat the drum, but with all the problems of spam, abuse, and so on, you'd think there would be more interested in ideas that have the potential to really work.

I'm not going to be the one to fight those battles. But the great thing about free software is that it doesn't have to be done by one person. The ideas are out there, the code is out there, and I'm more than willing to help. All it takes is one person with the motivation to apply the trust metrics and the talent to be able to understand and implement them. I'm not that person, but if you're out there, we should talk.

The transition will happen some time Sunday Oct. 31. There might be a brief period of downtime, but with luck it should be smooth. Of course, any posts made between the cutting of the tarball and the actual DNS switchover will be lost, so just repost if you see the new site come up without them.

I, for one, welcome our new overlord. Let's give Steven all the support and help he needs!

Woo!, posted 1 Oct 2006 at 13:27 UTC by Chicago » (Journeyer)

Thank you so much for hosting Advogato all this time and keeping it free, and also for handing it over so we can continue to use it :D. Its unfortunate that Advogato in its simplistic, easy to use guise meant that it was prone to abuse of that nature.

The trust metric, is a good idea. I'll agree that there are issues with this particular implementation (Some techincal limitations - e.g. inactive users are forgotten about and some design - the limitation on only having three levels) but even so, there have been few ideas put forward that have been universally accepted as 'good' ideas.

Butanyways... Woo :D

kudo to our old Emporer with his new clothing, posted 1 Oct 2006 at 15:32 UTC by badvogato » (Master)

It's Oct 1, 2006. A memorable Day for your slave badvo. God bless my country! Thank you thank you thank you, all around!

If you can read this, it worked, posted 1 Oct 2006 at 22:41 UTC by advogato » (Master)

It seems that the new site is up and running. Of course, when things go this smoothly, that's usually a sign that something really nasty is about to happen.

Spam blogs, posted 2 Oct 2006 at 00:29 UTC by AlanHorkan » (Master)

I'd love to see the trust metric beefed up to help counter spam blogs. If very low ranked untrusted blogs automatically had the nofollow tag added it would deter spammers.

spam, spam, spam, spam...., posted 2 Oct 2006 at 01:31 UTC by lkcl » (Master)

much chagrine to report, SAH!

spam report button - only available on accounts listed as 'Observer'.

requires all our efforts - but with enough 'points' - Master (3) Journeyer (2) Apprentice (1) - where total number of points required can be determined by experimentation - wheeeeeeeeeeeee! off they go.

this should NOT be possible to do if someone is listed as 'Apprentice' or above: the Trust Metric's measure should already demonstrate that somebody, somewhere, trusts them.

This is great news!, posted 2 Oct 2006 at 02:02 UTC by atai » (Journeyer)

This is a most welcome development.

Advogato priorities and maintenance issues, posted 2 Oct 2006 at 16:09 UTC by StevenRainwater » (Master)

My first priority is securing the site and making sure we get any DoS problems under control. I'm working on that today.

Next I want to fix any problems I've introduced by moving Advogato to the newer codebase, so if anyone sees anything that looks broken or any previously existing features that are missing, let me know.

After that, we'll try to deal with the spam issue. We inherited one feature with the new codebase that may help here; anchors tags are stripped from the untrusted user's note field. This could be extended to blog entries as well.

I'll add the nofollows to untrusted user pages and blogs soon. I like it lkcl's idea too. They do something similar on craigslist that seems to work pretty well.

I'm sure there are lots of other housekeeping things to think about. I've already gotten reports on a number of defunct or broken user accounts that may need deletion.

appearance, posted 2 Oct 2006 at 17:04 UTC by trs80 » (Apprentice)

The site appears a bit wider than it used to - has the CSS changed somewhat, or does it need updating for the newer codebase?

Re: appearance, posted 2 Oct 2006 at 18:33 UTC by StevenRainwater » (Master)

trs80, was it the recentlog page that looked wider? Should be fixed now. If it was another page, post the URL and I'll take a look.

Minor UTF-8 glitches, posted 2 Oct 2006 at 21:46 UTC by StevenRainwater » (Master)

Because of some differences in how libxml vs libxml2 handle HTML entity values, there may be some garbage characters showing up here and there for users with non-ASCII UTF-8 content on their pages. I've written a function to clean this up but probably haven't applied it everywhere that's needed. If anyone sees a problem that looks related to UTF-8 rendering let me know.

As a great philosopher once wrote..., posted 3 Oct 2006 at 15:50 UTC by Rhys » (Journeyer) don't know what you've got till it's gone. It's only since the announcement of its possible demise that I've realised how much I appreciate and value Advogato.

So this is great news. Steven Rainwater deserves much appreciation.

Excellent, posted 4 Oct 2006 at 01:31 UTC by zanee » (Journeyer)

Seems to be working well.. thanks for this.

spammer update, posted 4 Oct 2006 at 03:49 UTC by StevenRainwater » (Master)

Okay, there are now rel="nofollow" attributes on all anchor tags in diary entries posted by observers. There's also a nofollow on the homepage link specified on the public profile page for observers. I'm not convinced this will be as effective as simply stripping the anchors altogether as we're doing on the user notes but we'll see. Once a user is certified as trusted the nofollows are removed (or the anchors replaced in the case of the notes field).

Thank you, posted 4 Oct 2006 at 04:37 UTC by slamb » (Journeyer)

It's wonderful to see improvements being made to the site again.

Uglier?, posted 4 Oct 2006 at 16:10 UTC by riscgrl » (Journeyer)

is it just me, or did the fonts get "uglier" and the titlebars to articles get shortened?

advogato is no longer as easy on the eyes as it was.

reply to self, posted 4 Oct 2006 at 16:39 UTC by riscgrl » (Journeyer)

the title bars are back to normal. yay!

re: Uglier?, posted 4 Oct 2006 at 16:49 UTC by StevenRainwater » (Master)

I can't detect any difference in appearance in Mozilla seamonkey or firefox on Linux or Windows. Also checked IE on Windows. I've tried a few different screen resolutions and font loads. What browser/platform are you using? Is anyone else seeing a difference in appearance?

Both the new and old site use this font specification in CSS: font-family: lucida, helvetica, sans-serif;

The only HTML difference is that the original wrapped the article titles in H2 tags and the current site wraps them in spans with font size of 1.5em and bold.

If you could post a screenshot of what you're seeing that might be handy too.

re: re: Uglier?, posted 4 Oct 2006 at 17:05 UTC by riscgrl » (Journeyer)

For some reason, the titlebars fixed themselves pretty much as soon as I mentioned something. I'm using mozilla from debian ( from unstable).

as for the fonts, it may be "just me", or just a psychological reaction to the titlebars being shortened to the text's length making the fonts look worse. Everything seems normal now.

Nothing to see here, move along. and THANKS!

re: re: Uglier?, posted 4 Oct 2006 at 17:06 UTC by riscgrl » (Journeyer)

For some reason, the titlebars fixed themselves pretty much as soon as I mentioned something. I'm using mozilla from debian ( from unstable).

As for the fonts, it may be "just me", or just a psychological reaction to the titlebars being shortened to the text's length making the fonts look worse. Everything seems normal now.

Nothing to see here, move along. and THANKS!

Double posting, posted 4 Oct 2006 at 18:49 UTC by StevenRainwater » (Master)

Heh, maybe the fonts are okay but it looks like we need a patch to prevent double-posting of replies. I've added it to the list. :)

Moon Cakes for Steven, posted 4 Oct 2006 at 19:29 UTC by sye » (Journeyer)

Steve, if i know where you live, i'd love to send you moon cakes. This year's Chinese Moon Festival is on Friday 10/6.

Happy Mooning to you and all. Thank you so much.

re: Double Posting, posted 4 Oct 2006 at 19:43 UTC by riscgrl » (Journeyer)


thanks again. and again. :)

Moon Cakes?, posted 4 Oct 2006 at 23:22 UTC by StevenRainwater » (Master)

Mmmm... Moon Cakes. Are those anything like Moon Pies? :) If you really want to send some, here's my office address. Raph didn't mention the perks that went with the job of maintaining Advogato!

Moon Festival, Moon Cakes, Moon Lady and Mao , posted 5 Oct 2006 at 03:47 UTC by sye » (Journeyer)

nothing like moon pies in your link. Moon Festival, Moon Lady and Moon Cakes go a long way back into Chinese history. But this is the first time i learned from this googled link that mooncakes were used as encoding devices. I find it hard to believe!

Chairman Mao wrote a famous poem in memory of his first wife Yang Kaihui who was captured by millitary lord at the age of 29, a mother of two young sons and killed after she refused to denouce her marriage with Mao Zedong. In Mao's poem, he used expressions from 'the book of song' which referred to moon folklores. Mao's poem was made into a song. And people sing it in Yang province's dialect, i believe, most beautiful ...

I lost my wife Yang, you lost your husband Liu,  
Yang Liu flies to the highest 9th heaven 
( Yangliu refers to literal meaning here 'Poplar and Willow') 
Asking Wugang (a Moon dweller) what he's got, 
Wugang gives away offerings of osmanthus wine.
Lonely Chang-e (moon lady) dancing with her long silky sleeves, 
heavenly sky moves by her spiritual fidelity.
Suddenly hearing news on our victory over aggressive tiger of this world 
our tears turn into downpour of rains.

( translation hastily done by sye for the first time ...)

Steve, mooncakes will be on its way. but alas, you probably won't be able to take a bite before Friday, Moon Festival night. :(

Double posts, article replies, and spammers, posted 6 Oct 2006 at 00:17 UTC by StevenRainwater » (Master)

I've added code that should stop replies from being double-posted. Also the previously mentioned UTF-8 issue seems to have been affecting article replies too. It might be fixed now. Sye, if you get a chance, try posting a reply after this with Chinese characters and we'll see if it works.

On the spam front, we seem to have at least two major of groups spammers. One is an SEO firm located in New Delhi, India. They're dumb enough that they're connecting from their own IPs and even using their real email addresses in account profiles. The other group is better at hiding their identity so far - they connect from random IPs in China and Korea. The latter group also seems to have gained access to couple of older trusted advogato user's accounts (possibly by guessing weak passwords?) and are using them certify their growing mass of spam accounts. Quite a few bad accounts are certified at apprentice level and I've seen at least two that have reached journeyer level. That's likely to create a problems for us since the new safeguards only work on observer accounts. Hmmm...

Speaking of spammers, posted 6 Oct 2006 at 16:00 UTC by StevenRainwater » (Master)

One of our spammers has coveniently provided us with some sample data to work with this morning. I'm considering implementing lkcl's idea of adding a [spam] button to the blog roll and/or profile pages of observer accounts.

The spam button would be visible only to trusted users.

Clicking it would add 1 to 3 points (depending on the clicker's certification level) to an observer's "spam ranking".

When an observer's spam rank exceeds, say, 10 points, the account is automatically deleted.

It takes multiple trusted users in agreement to delete an account as spam. And any single trusted user can prevent the deletion by certifying the account to a higher level than observer, removing the spam ranking altogether. I think that should prevent abuse of the feature.


mark as deleted, posted 8 Oct 2006 at 20:54 UTC by lkcl » (Master)

don't delete the account - mark it as deleted.

then, check all accounts linked to it - via the certification - in a group.

you might want to go only one degree away from the 'spam' account, rather than going any further - and especially taking into account any accounts that have been marked 'deleted'.

make the account that is marked as deleted appear, to the user logging in, that 'everything is hunky dory'.

that should fool them, if they log in manually, into believing that the account is still active, and everything's still ok.

this will trick them into continuing to certify other bad accounts, etc. etc.

and you get more of a chance to identify those bad accounts.

overall, be a complete sneaky bastard.

New features, posted 10 Oct 2006 at 23:58 UTC by slamb » (Journeyer)

Thanks for the new features! I've been making use of them. It's nice to see the spammers deleted. Two nits:

  • The "Forgot my password" thing might make more sense as a separate button. I checked it once already by mistake, as it's where a "Remember me on this computer" sort of checkbox usually is.

  • The "mark as spam" thing also would make more sense as a button, for a different reason. RFC 2616 section 9.1.1 says:

    In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval.

    That's definitely not true for this URL, so a POST would make more sense.

    This would matter if, say, Google tried again at their Web Accelerator. Or if someone did a wget --recursive with a login cookie.

Re: Nits, posted 11 Oct 2006 at 14:14 UTC by StevenRainwater » (Master)

Slamb, you're right on the spam reporting link needing to be a POST rather than a GET. It was faster to get it working as a GET and I figured I'd have to do some tweaks to it anyway once we found the bugs. It will become a POST in the next rev of the code later this week.

I'll take a look at what's involved in tweaking the layout of the password reminder. It should be possible. That feature was added to the code at least a year ago based on a patch someone sent me.

Regarding nutella's recent log glitch: Remember that whether or not lkcl's diary appears in the recent log is not based on his certification level but on the interest certification of his diary by you and those you've certified. Those numbers go up and down all the time as you certify people and they rank diaries.

If you look at recentlog without the ?thresh=3 modifier, can you see lkcl's diary entry? If so, what's his score? I was seeing a score just fractionally higher than 3 a week ago but then it dropped below 3 and vanished (for me at least) this week. I set a higher interest level for his diary and it came back again (for me). If you or someone you've certified ranked his diary lower than 3, it's probably just fallen below the visibility threshold for you too. Try going to lkcl's page and ranking his diary at 5 or 10 and see if that fixes the problem for you.

oi!, posted 12 Oct 2006 at 18:53 UTC by lkcl » (Master)

i like my diary to be boring, thank you!

Thanks, posted 13 Oct 2006 at 00:41 UTC by cdfrey » (Journeyer)

Just adding my thanks to Steve Rainwater for keeping Advogato alive!

Tough luck lkcl!, posted 13 Oct 2006 at 00:54 UTC by nutella » (Master)

You are now back on the bus (with a tasty 5.0 interest level).

Thanks for the fix Steven, and thanks also for keeping Advogato running.

Thanks, posted 13 Oct 2006 at 10:31 UTC by salmoni » (Master)


Thanks for your efforts. They really are much appreciated.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page