Advogato is here to stay
Posted 1 Oct 2006 at 03:01 UTC by advogato
I'd like to give Steven Rainwater a big thank you for agreeing to take over the day to day operations of this site. He's also most likely to be much more responsive to requests for new features and enhancements, especially if they're accompanied by patches. With luck and the help of the community, Advogato may well continue for years to come.
I'd also like this to be something of a formal handoff of the trust metric ideas, to whoever would like to run with them. It boggles my mind that this site exists as proof positive that they are effective (especially the newer diary ratings), but the rest of the world doesn't seem to care. Of course, I could have done a lot more to beat the drum, but with all the problems of spam, abuse, and so on, you'd think there would be more interested in ideas that have the potential to really work.
I'm not going to be the one to fight those battles. But the great thing about free software is that it doesn't have to be done by one person. The ideas are out there, the code is out there, and I'm more than willing to help. All it takes is one person with the motivation to apply the trust metrics and the talent to be able to understand and implement them. I'm not that person, but if you're out there, we should talk.
The transition will happen some time Sunday Oct. 31. There might be a brief period of downtime, but with luck it should be smooth. Of course, any posts made between the cutting of the tarball and the actual DNS switchover will be lost, so just repost if you see the new site come up without them.
I, for one, welcome our new overlord. Let's give Steven all the support and help he needs!
Woo!, posted 1 Oct 2006 at 13:27 UTC by Chicago »
Thank you so much for hosting Advogato all this time and keeping it free, and also for handing it over so we can continue to use it :D. Its unfortunate that Advogato in its simplistic, easy to use guise meant that it was prone to abuse of that nature.
The trust metric, is a good idea. I'll agree that there are issues with this particular implementation (Some techincal limitations - e.g. inactive users are forgotten about and some design - the limitation on only having three levels) but even so, there have been few ideas put forward that have been universally accepted as 'good' ideas.
Butanyways... Woo :D
It's Oct 1, 2006. A memorable Day for your slave badvo. God bless my country! Thank you thank you thank you, all around!
It seems that the new site is up and running. Of course, when things
go this smoothly, that's usually a sign that something really nasty is
about to happen.
Spam blogs, posted 2 Oct 2006 at 00:29 UTC by AlanHorkan »
I'd love to see the trust metric beefed up to help counter spam blogs.
If very low ranked untrusted blogs automatically had the nofollow tag
added it would deter spammers.
much chagrine to report, SAH!
spam report button - only available on accounts listed as 'Observer'.
requires all our efforts - but with enough 'points' - Master (3)
Journeyer (2) Apprentice (1) - where total number of points required can
be determined by experimentation - wheeeeeeeeeeeee! off they go.
this should NOT be possible to do if someone is listed as 'Apprentice'
or above: the Trust Metric's measure should already demonstrate that
somebody, somewhere, trusts them.
This is great news!, posted 2 Oct 2006 at 02:02 UTC by atai »
This is a most welcome development.
My first priority is securing the site and making sure we get any DoS
problems under control. I'm working on that today.
Next I want to fix any problems I've introduced by moving Advogato to
the newer codebase, so if anyone sees anything that looks broken or any
previously existing features that are missing, let me know.
After that, we'll try to deal with the spam issue. We inherited one
feature with the new codebase that may help here; anchors tags are
stripped from the untrusted user's note field. This could be extended to
blog entries as well.
I'll add the nofollows to untrusted user pages and blogs soon. I like it
lkcl's idea too. They do something similar on craigslist that seems to
work pretty well.
I'm sure there are lots of other housekeeping things to think about.
I've already gotten reports on a number of defunct or broken user
accounts that may need deletion.
appearance, posted 2 Oct 2006 at 17:04 UTC by trs80 »
The site appears a bit wider than it used to - has the CSS changed
somewhat, or does it need updating for the newer codebase?
trs80, was it the recentlog page that looked wider? Should be fixed now.
If it was another page, post the URL and I'll take a look.
Because of some differences in how libxml vs libxml2 handle HTML entity
values, there may be some garbage characters showing up here and there
for users with non-ASCII UTF-8 content on their pages. I've written a
function to clean this up but probably haven't applied it everywhere
that's needed. If anyone sees a problem that looks related to UTF-8
rendering let me know.
...you don't know what you've got till it's gone. It's only since the announcement of its possible demise that I've realised how much I appreciate and value Advogato.
So this is great news. Steven Rainwater deserves much appreciation.
Excellent, posted 4 Oct 2006 at 01:31 UTC by zanee »
Seems to be working well.. thanks for this.
Okay, there are now rel="nofollow" attributes on all anchor tags in
diary entries posted by observers. There's also a nofollow on the
homepage link specified on the public profile page for observers. I'm
not convinced this will be as effective as simply stripping the anchors
altogether as we're doing on the user notes but we'll see. Once a user
is certified as trusted the nofollows
are removed (or the anchors replaced in the case of the notes field).
Thank you, posted 4 Oct 2006 at 04:37 UTC by slamb »
It's wonderful to see improvements being made to the site again.
Uglier?, posted 4 Oct 2006 at 16:10 UTC by riscgrl »
is it just me, or did the fonts get "uglier" and the titlebars to articles get shortened?
advogato is no longer as easy on the eyes as it was.
reply to self, posted 4 Oct 2006 at 16:39 UTC by riscgrl »
the title bars are back to normal. yay!
I can't detect any difference in appearance in Mozilla seamonkey or
firefox on Linux or Windows. Also checked IE on Windows. I've tried a
few different screen resolutions and font loads. What browser/platform
are you using? Is anyone else seeing a difference in appearance?
Both the new and old site use this font specification in CSS:
font-family: lucida, helvetica, sans-serif;
The only HTML difference is that the original wrapped the article titles
in H2 tags and the current site wraps them in spans with font size of
1.5em and bold.
If you could post a screenshot of what you're seeing that might be handy
re: re: Uglier?, posted 4 Oct 2006 at 17:05 UTC by riscgrl »
For some reason, the titlebars fixed themselves pretty much as soon as I mentioned something.
I'm using mozilla 126.96.36.199 from debian (188.8.131.52-0.2 from unstable).
as for the fonts, it may be "just me", or just a psychological reaction to the titlebars being shortened to the text's length making the fonts look worse.
Everything seems normal now.
Nothing to see here, move along. and THANKS!
re: re: Uglier?, posted 4 Oct 2006 at 17:06 UTC by riscgrl »
For some reason, the titlebars fixed themselves pretty much as soon as I
I'm using mozilla 184.108.40.206 from debian (220.127.116.11-0.2 from unstable).
As for the fonts, it may be "just me", or just a psychological reaction
to the titlebars being shortened to the text's length making the fonts
Everything seems normal now.
Nothing to see here, move along. and THANKS!
Heh, maybe the fonts are okay but it looks like we need a patch to
prevent double-posting of replies. I've added it to the list. :)
Steve, if i know where you live, i'd love to send you moon cakes. This year's Chinese Moon Festival is on Friday 10/6.
Happy Mooning to you and all. Thank you so much.
thanks again. and again. :)
Mmmm... Moon Cakes. Are those anything like Moon Pies? :)
If you really want to send some, here's my office address. Raph didn't
mention the perks that went with the job of maintaining Advogato!
nothing like moon pies in your link. Moon Festival, Moon Lady and Moon
Cakes go a long way back into Chinese history. But this is the first
time i learned from this googled
link that mooncakes were used as encoding devices. I find it hard
Chairman Mao wrote a famous poem in memory of his first wife Yang Kaihui
who was captured by millitary lord at the age of 29, a mother of two
young sons and killed after she refused to denouce her marriage with Mao
Zedong. In Mao's poem, he used expressions from 'the book of song'
which referred to moon folklores. Mao's poem was made into a song. And
people sing it in Yang province's dialect, i believe, most beautiful ...
I lost my wife Yang, you lost your husband Liu,
Yang Liu flies to the highest 9th heaven
( Yangliu refers to literal meaning here 'Poplar and Willow')
Asking Wugang (a Moon dweller) what he's got,
Wugang gives away offerings of osmanthus wine.
Lonely Chang-e (moon lady) dancing with her long silky sleeves,
heavenly sky moves by her spiritual fidelity.
Suddenly hearing news on our victory over aggressive tiger of this world
our tears turn into downpour of rains.
( translation hastily done by sye for the first time ...)
Steve, mooncakes will be on its way. but alas, you probably won't be
able to take a bite before Friday, Moon Festival night. :(
I've added code that should stop replies from being double-posted. Also
the previously mentioned UTF-8 issue seems to have been affecting
article replies too. It might be fixed now. Sye, if you get a
chance, try posting a reply after this with Chinese characters and we'll
see if it works.
On the spam front, we seem to have at least two major of groups
spammers. One is an SEO firm located in New Delhi, India. They're dumb
enough that they're connecting from their own IPs and even using their
real email addresses in account profiles. The other group is better at
hiding their identity so far - they connect from random IPs in China and
The latter group also seems to have gained access to couple of older trusted
advogato user's accounts (possibly by guessing weak passwords?) and are
using them certify their growing mass of spam accounts. Quite a few
bad accounts are certified at apprentice level and I've seen at
least two that have reached journeyer level. That's likely to
create a problems for us since the new safeguards only work on
observer accounts. Hmmm...
One of our spammers has coveniently provided us with some sample data to
work with this morning. I'm considering implementing lkcl's idea of
adding a [spam] button to the blog roll and/or profile pages of observer
The spam button would be visible only to trusted users.
Clicking it would add 1 to 3 points (depending on the clicker's
certification level) to an observer's "spam ranking".
When an observer's spam rank exceeds, say, 10 points, the account is
It takes multiple trusted users in agreement to delete an account as
spam. And any single trusted user can prevent the deletion by certifying
the account to a higher level than observer, removing the spam ranking
altogether. I think that should prevent abuse of the feature.
mark as deleted, posted 8 Oct 2006 at 20:54 UTC by lkcl »
don't delete the account - mark it as deleted.
then, check all accounts linked to it - via the certification - in a group.
you might want to go only one degree away from the 'spam' account, rather than going any further - and especially taking into account any accounts that have been marked 'deleted'.
make the account that is marked as deleted appear, to the user logging in, that 'everything is hunky dory'.
that should fool them, if they log in manually, into believing that the account is still active, and everything's still ok.
this will trick them into continuing to certify other bad accounts, etc. etc.
and you get more of a chance to identify those bad accounts.
overall, be a complete sneaky bastard.
New features, posted 10 Oct 2006 at 23:58 UTC by slamb »
Thanks for the new features! I've been making use of them. It's nice to see the spammers
deleted. Two nits:
The "Forgot my password" thing might make more sense as a separate button. I
checked it once already by mistake, as it's where a "Remember me on this computer" sort of
checkbox usually is.
The "mark as spam" thing also would make more sense as a button, for a different
reason. RFC 2616 section 9.1.1 says:
In particular, the convention has been established that the GET and HEAD
methods SHOULD NOT have the significance of taking an action other than retrieval.
That's definitely not true for this URL, so a POST would make more sense.
This would matter if, say, Google tried again at their Web Accelerator. Or if someone did
wget --recursive with a login cookie.
Slamb, you're right on the spam reporting link needing to be a POST
a GET. It was faster to get it working as a GET and I figured I'd have
to do some tweaks to it anyway once we found the bugs. It will become a
POST in the next rev of the code later this week.
I'll take a look at what's involved in tweaking the layout of the
password reminder. It should be possible. That feature was added to the
code at least a year ago based on a patch someone sent me.
recent log glitch: Remember that whether or not lkcl's diary appears
in the recent log is not based on his certification level but on the
interest certification of his diary by you and those you've certified.
Those numbers go up and down all the time as you certify people and they
If you look at recentlog
without the ?thresh=3 modifier, can you see lkcl's diary entry? If
so, what's his score? I was seeing a score
just fractionally higher than 3 a week ago but then it dropped below 3
and vanished (for me at least) this week. I set a higher interest level
for his diary and it came back again (for me). If you or someone you've
certified ranked his diary lower than 3,
it's probably just fallen below the visibility threshold for you too.
Try going to lkcl's page and ranking his diary at 5 or 10 and see if that
fixes the problem for you.
oi!, posted 12 Oct 2006 at 18:53 UTC by lkcl »
i like my diary to be boring, thank you!
Thanks, posted 13 Oct 2006 at 00:41 UTC by cdfrey »
Just adding my thanks to Steve Rainwater for keeping Advogato alive!
You are now back on the bus (with a tasty 5.0 interest level).
for the fix Steven, and thanks also for keeping Advogato running.
Thanks, posted 13 Oct 2006 at 10:31 UTC by salmoni »
Thanks for your efforts. They really are much appreciated.