Sean Middleditch

OK, I’ve bitched about this enough, it’s time I did something about it.

I’ve started reading the WebDAV specs to see about writing my own lite-weight server for exporting arbitrary system directories over WebDAV.

Getting a basic system in place will be easy. I mean, hell, we’re talking a basic HTTP server. ~_^ Parsing various other commands really just needs one to read in the request body, parse it in libxml2 with validation, and build up a request information data set.

The two hard parts will be properties and locking. Locking might be possible using mandatory file-system locks (most UNIXes have them - they can cause performance to suffer, but if you want locking, you have to deal with that fact), so all I’d really have to do is keep the daemon lock database and lock id management. Alternatively, I might just turn locking off - no other remote file system mandates them, WebDAV has them more due to its intended role (distributed authoring vs being a file system), they really aren’t necessary. If people want to not screw up their files, their apps should either implement locking or they just shouldn’t access the same file simultaneously, same as you do on the local filesystem or NFS or CIFS.

Properties are another story. We can get some hard-coded properties in without too much trouble, I think. Other properties we can programatically guess or pull from the filesystem. The ideal solution would probably use extended attributes. That might be a “post 1.0″ feature, though.

I suppose there is a third “hard” part, and that’s authentication. I, beyond any doubt, want GSSAPI authentication. I’m guessing I can use the negotiate auth extension and GSSAPI directly, and then basic auth with PAM otherwise.

Will also need SSL support, of course, although stunnel can take care of my needs during initial development.

I’ve done some more Kerberos work, trying to get the vaunted single sign-on. No go. ::sigh:: I’m not sure if the problem is on the server side or client side. Supposedly Fedora Core 3’s Firefox and Mozilla support negotiateauth, but it isn’t working. Sadly, gnome-vfs does not support it at all, yet, so I’m screwed there.

I’ve also worked on getting a WebDAV file store. I have this running, now. It authenticates using Kerberos (alas, you must enter your password to logint to the server), but it has to use a separate DAV disk, and not the user’s home directory, because there is no alternative at the moment. ::sigh again::

I’ve also gotten a trial SSL cert from FreeSSL. No idea if that’s good or bad, really - I just know that the certificate is working, and it’s only $29.99 for a certificate that lasts a year, which is a good deal cheaper than any other certificate authority I know of that’s actually supported by real user’s browsers. (If it’s not supported by said browsers, one might as well use a self-signed cert.)

In any event, I at least now have a file share accessible from the Outside(tm). I’m hoping to axe the stupid Samba shares, because Samba is just a pain in the ass and isn’t any better than DAV for my needs. Window can access DAV repos, so the other household members can live with the new solution.

Still, though, there are things I want to improve, had I the means:
- Ability to get, for a reasonable cost, multiple certified SSLs certificates for several different sub-domains, such as mail.awesomeplay.com and disk.awesomeplay.com.
- Ability to actually use said certificates, since you need separate IPs for each, due to how SSL works in relation to HTTP based virtual hosts.
- Negotiate Auth to work in both my browser and gnome-vfs and every other bloody DAV client library/program in existance, so I can log in to my system once, and have access to all my network resources, end of story.
- WebDAV server capable of managing the files in $HOME. I don’t care about the locking stuff, it’s no different than me having two SFTP connections or Samba connections and munging with the same file at once, so don’t give me that “WebDAV needs peculiar locking” crap. Just do what I tell you, which is serve files in $HOME.
- Easy way to get the Windows client authentication to the Kerberos database.

Like, totally Wikisome, man!

Wikisome is the new wiki code I wrote yesterday. Not bad. The only thing it’s really missing right now is revision tracking. Something it has but doesn’t have a UI for is the ACL system.

It could also use a tad bit better integration with the rest of the site, but that’s coming. Unfortunately, the rest of the AWeMUD site is written in a completely stupid brain-dead “object oriented” manner. Why was it written that way? Because it could be. Which is a horrible reason to do something. The Wikisome code makes far, far more sense for a PHP application. Someday I’ll get around to converting the rest of the AweMUD site. (Which basically means, user authentication, forums, bug tracking, etc.) ::sigh::

Anyways… Wikisome. Once my rate of code change decreases somewhat, I’ll put up a release on the site. It is intended for super-easy integration with an existing site (even with the craptastic AweMUD.net infrastructure, it took a couple minutes at most) and Just Works(tm). Damn I’m good. ~_^

I added a Wiki to the AweMUD site, located at http://www.awemud.net/wiki/. It is using the WikkaWiki codebase.

I’m not particularly fond of it, but it has some clear advantages. Namely, it’s the only simple PHP based Wiki I could find that both uses MySQL and intelligently prefixes the table names. Every other PHP based Wiki I found either wanted no DB and prefered to just write files all over (hello insecurity) or wanted to create tons of tables in the one and only database SourceForge provides, using such unambiguous and creative table names as ‘name’ or ‘login’. ::sigh::

In any event, I think I rather like the idea of a Wiki, now that I’ve played around with one. I have some gripes with the syntax of WikkaWiki, however. For example, the way it automatically turns any StudlyCaps (WikiName) into a link. Not good at all for a site that has names like AweMUD on it and references to C++ classes like EntityManager. Doesn’t help that the obvious link names I’d like to use, such as Scriptix, are not WikiNames.

There’s also some more complex stuff I’d like to do with a wiki, mainly to turn it into a true content management system with wiki-simplicity. So, I started writing my own. ^_^

Now, I haven’t gotten to the interesting bit yet. So far all I’ve done is write the formatting code. This I split into its own module, however, since I’d like to use it else-where. Potential places include updated forum software for AweMUD or the KANAR site and this blog. My code isn’t quite as advanced as some wikis out there (no tables, for example) but it does the main things I personally need it to - simple formatting, linking, and code and quote blocks.

Now, my idea for how to structure the wiki, while not in any way brand new, seems to be relatively rare. First off, I plan on having sub-pages. So we might have the wiki page AweMUD, and the sub-page AweMUD/Features. Each page will have an ACL regarding who can edit it (or even see it). The ACL will allow you to say “use parent privileges” which will be the only default ACL entry for new pages. So if AweMUD says only elanthis can edit it, then when AweMUD/Features access is checked, it’ll see use AweMUD’s list and see that only elanthis can edit. When a top-level page says “use parent privileges” then the wiki default of “all can read, none can edit” will be used. The site admin will always have editing capabilities.

What will make this interesting, I think, will be that I plan on having a standard “include sub-page” tag in the wiki. So a manager can layout some framework pages (like the AweMUD page) and give access to the sub-pages to subordinates. Those sub-pages will be included in-line on the AweMUD page as the manager specified, however. For a site like AweMUD, I have little to no use of this feature. For the KANAR site, however, this could be immensely useful.

An example on the KANAR site would be the game resources page. It is just an introduction text (”This is blah blah.”) followed by a list of PDF documents (uploaded in a document manager that lets the user organize the documents and provide summaries and other meta-data). Currently, only the web-designers can edit the page. The content manager only have access to the document manager for the page. So they can add and remove the PDF files, but not change the introduction text. We do not want to give the content manager access to the whole page. We would like them to be able to update the intro text. With the wiki idea, the resources page would have access for only the web editors to edit it. It would just be a title, an inclusion tag for GameResources/Introduction, and a tag for ListDocuments:GameResources. Now, the GameResources/Introduction page would have an ACL letting the content managers edit the sub-page. Therefor, they can edit *part* of the document, while the web masters can edit the entire freakin page.

Yes, this is indentical to what a lot of CMS codebases do. There is nothing revolutionary here. The only difference is, my system is way, way, way simpler, and has code that doesn’t give me goosebumps when I try to read it. Most PHP coders are so damn sloppy…

One other thing about my wiki code that I plan on “fixing” is the whole WikiName business. I’ll let the users name the page whatever they want (using a list of allowed character, which *will* include spaces), and there will be *no* auto-linking. It’s not a lot of effort to just put the page name in [[ ]] now, is it?

Lot of work to do this next week. My boss is off on vacation for a week and half, so I’m pretty much responsible for everything at the Township. Fun fun. I’m reaaally hoping nothing breaks…

Also have several contract jobs to work on, including the KANAR web site to finish off. I’m fairly sure I can manage them all this week, given that I have no school and only have work three days this week.

I should even be able to get a good deal of AweMUD work in. Good news. I’m been slowly working on the ruleset code for AweMUD, alternating that work with my Scriptix2 work. I might have some sort of usable demo of Scriptix2 ready in a couple weeks, finally.

Just finished up the November KANAR event. Not bad at all. Definitely one of the best events I’ve had.

There really wasn’t a whole lot of interest going on. Which is kind of a good things. I was often a bit bored, but never actually without soemthing to do. Most of the goodness of the event was due just to good role playing and having good old fashioned fun.

The most interesting point in time was probably having myself and four other members of baronial guard get hit with an ignorance toxin while out training. Five guards, including the lieutenant, having the intelligence of a five year old is not good. I, Sean, had an absolute *blast* playing that out. My character, on the other hand, is going to be mortified and embarrassed for the rest of his life, I think.

Thinking about getting DomainKeys support setup on my mail server.

I am a fan of SPF. It does exactly what it was intended to do, and does it well. It _does_ have the issue regarding mail forwarders and mailing lists, however. The issue is solvable in several ways (I dislike SRS, there are alternatives) but it is likely going to be a long time before most hosts on the ‘Net are using them.

DomainKeys seems to solve the same problem SPF does. It allows domain owners to verify their mail. It does so in a way that does not break with forwarders. DomainKeys *does* have the issue that mail can only be send from mail servers the domain owners actually own, or at least trust and have some ability to administrate. All out-going mail from the domain must be signed, so the private key(s) need to be on all sending servers.

Now, I’m a huge proponent of authenticated SMTP gateways. There is no reason why every domain owner with their own MTA shouldn’t be allowing their roaming users to connect to the MTA using encrypted and authenticated SMTP to send their mail. This solves the problem entirely. Therefor, I don’t feel that the trusted servers issue is all that big of a problem for DomainKeys.

Now, the only problem is that there doesn’t seem to be an Exim-friendly DomainKeys implementation at the moment. I’m assuming it’ll be a part of Exiscan in the future. Hopefully the near future. ;-)

Something I’ve been thinking about is putting a simplistic built-in web server in AweMUD. This web server could, for starts, just provide simple statistics. Down the road it could do things like provide simple administration services, or maybe even OLC.

However, the thought kind of scares me. For one, we had the XML-RPC system that never went anywhere. Lots of code and infrastructure and too much work to hook it up to anything useful. I feel that a plain HTTP server is just as likely to be unused.

Furthermore, we do have the AweMUD Control Interface code in place. We could just provide some PHP scripts that talk to that to provide any sort of statistics or whatever that we want. OLC can be added to that without too much fuss as well, I think, if I genericize the existing OLC interface a bit. It would certainly be interesting to see how well that works out.

The last real KANAR event of the year (the last three day event, and the last event I’m bothering to attend) is this weekend. Hopefully it’ll be fun, because it’s going to be several months until the events start back up again.

We have some serious practice due on Friday to get our unit into combat shape. Formations, orders, care, war games, formations, etc. Fun fun. Also have to work on training the newer guards in the very basics of survival in such a harsh land. More fun.

Katie will be coming out, at least for Saturday. Hopefully she has a fun time. She’d have *more* fun if she came all three days (hint hint ~_^ ) but real life is getting in the way. Hate it when that happens. Must admit, though, real life always comes before the game. Too many KANAR players don’t seem to realize that little truth, unfortunately.

A quick way to get rid of the Advogato spam we’ve all been seeing lately is to just block posts to the advertised sites. Mostly I’ve seen constant reference to this toptentshirts.com. If a post contains a link to that site, block it.

Go ahead and just make a dynamic list of sites that cannot be linked to. It’s really simple - spam is 100% pointless if it isn’t capable of directing users to the advertised sites. Thus, the absolute best criteria to use to stop spam is to block links to those sites.

SpamAssassin has been doing something similar along with the SpamCop spamvertised sites DNSRTBL (DNS Real Time Block Lists) and it has been working absolutely great for us at my work. Any spam that does get through and is detected (be it by other filters, by users forwarding it to a special address, whatever) gets picked apart for links which can then be reported. It works great.